Cryptanalysis of a New Color Image Encryption Using Combination of the 1D Chaotic Map

Abstract

Security of image communication is more and more important in many applications such as the transmission of military and medical images. To meet the requirement, a new color image encryption algorithm using a new one-dimension (1D) chaotic map was proposed recently, which can resist various attacks because the range of the new chaotic map is larger than that of the previous ones. In our study, the security of the new original method is analyzed and a novel attack method is proposed. It is demonstrated that the scheme is not secure under chosen-plaintext attack, by which the encrypted image can be successfully converted into the corresponding plaintext image without any error.

1. Introduction

Encryption of color image is a critical issue for confidentiality and security. Lots of encryption methods [1,2,3,4,5,6,7,8] using chaotic maps have been proposed for the excellent properties such as ergodicity and sensitivity to initial condition and control parameters. However, some cryptanalysis articles in [9,10,11,12,13,14] have verified the vulnerability of common chaotic encryption methods based on the permutation-diffusion structure. Hence, chaotic image encryption algorithms [15,16], combined with other special technologies, such as DNA, information entropy etc., have been nearly introduced. For example, the sensitivity mechanism is built up utilizing the information entropy of the plain-image in [16]. Cryptanalysis works have been correspondingly proposed in [17,18] to evaluate the security of image cryptosystems, which can improve the security of the existing cryptosystems. For example, Li et al. attacked the chaotic image encryption algorithm based on information entropy in [18].

Recently, some more chaotic image encryption algorithms based on Latin square have been designed [19,20,21] due to the cryptography property of Latin square. But Hu et al., found out an algebraic weakness in [22] and the chaotic image cipher is broken by chosen-plaintext attack with chosen ciphertext attack. In addition, Ge et al. in [23] found out the defect of the feedback image encryption algorithm with compound chaotic stream cipher based on perturbation and attacked the algorithm.

In [24], the image block encryption algorithm achieves high security level where three different chaotic maps are utilized respectively for controlling pixel shuffling, blocking size, and value encryption. However, Ma found out that there are some critical security defects in [25] and derive the secret key with a chosen plaintext attack.

Most cryptanalysis works have mainly focused on single round of permutation–diffusion image ciphers. However, most encryption schemes are based on multiple rounds of permutation-diffusion [26,27,28,29,30,31,32]. In [29], two rounds of permutation and pixel adaptive diffusion was proposed. In [32], an improved chaotic image encryption method using Latin square based on two rounds of permutation–diffusion was proposed, which has weak security defects. However, Ming Li et al. find out the equivalent key streams and attacked the scheme in [33] and attacked the scheme.

However, most chaotic maps, used in generating the security key in encryption process, are multi-dimensional, which cause high level computation complexity. Recently, some 1D chaotic map encryption algorithms have been proposed in [34,35,36] which have lower computation complexity for software/hardware implementations. In [37] a new 1D chaotic map model is proposed where a new 1D chaotic map is made by using the classic chaotic map such as logistic, sine and Chebyshev maps. A bifurcation property of the chaotic map and the Lyapunov exponent, in addition to information entropy evaluation are much better than the classic chaotic system.

Aiming at [37], Hui Wang et al., found out an algebraic weakness of the cryptosystem in [38] and attacked its equivalent cryptographic scheme by chosen plaintext attack. The authors acquire the rotation factor by constructing two special functions and attack permutation with the methods in [39,40] which have high computation complexity. In this paper, a novel attack method to directly crack the original encryption scheme in [37] is proposed. The proposed method attacks the factor and diffusion using the properties of bit-level Xor and attacks permutation with a new scheme which has lower computation.

This paper organizes as follows. Section 2 overviews the new encryption method. Security of the scheme is analyzed and the attack scheme by chosen plaintext images is presented in Section 3. The simulation experiments to verify the proposed method are presented in Section 4. Conclusions are provided in Section 5.

2. Review of the Original Scheme

Before encryption divides the color image with size M × N, this needs to be encrypted, into three grayscale images according to trichromatic theory. Then, link the grayscale images into another grayscale image with size M × 3N. The sequence $S=\left\{s_1,s_2,...s_{M\times 3N}\right\}$ is produced by reshaping the last gray image, and the length of which is M × 3N.

The flow diagram of the 1D chaotic encryption scheme is shown in Figure 1. In permutation phase, X, which is a chaotic sequence, is acquired by iterating the new chaotic system M × 3 N+N₀ times and discarding the former N₀ elements. The new chaotic map in [37] is defined by the following equation:

$$x_{n+1}=F_{chaos}\left(u,x_n\right)\times 2^k-floor\left(F_{chaos}\left(u,x_n\right)\times 2^k\right)$$

(1)

where $F_{chaos}\left(u,x_n\right)$ is one of 1D chaotic maps as logistic, sine and Chebyshev maps. $x_n$ is the output chaotic sequence. $u\in (0,10]$ and $k\in \left[8,20\right]$ are the initial values. The parameters of u, k and N₀ are utilized as the security key. The permutation position vector $X\prime =\{x{\prime }_1,x{\prime }_2,...x{\prime }_{M\times 3N}\}$ is acquired by sorting vector S in ascending order. The image pixel vector P, which is permuted, is acquired by the equation of $P\left(i\right)=S\left(X\prime \left(i\right)\right)$.

In the diffusion phase, the diffused image pixel sequence C is acquired by the following equation:

$$C(i)=\mathrm{mod}(P(i)+D(i),256)\oplus C(i-1)$$

(2)

where $C(0)$ is $P\left(M\times 3N\right)$ and D is the diffusion sequence which is obtained by Equation (3):

$$D(i)=\mathrm{mod}(floor(X(i)\times {10}^{14}),256)$$

(3)

The new cipher sequence of C’ is acquired after C is rotated to the left by the quantity of lp which is used as the security key, too. The eventual cipher image is obtained by reshaping C’ into RGB images.

3. Chosen-Plaintext Attack

The attack scheme is proposed in this part. Compared with other chaotic encryption algorithms, the rotation step is added in [37]. The rotation amount lp is used as the security key. If lp can be acquired, the permutation and diffusion steps can be attacked by imitating the attack method in [17]. Hence, the proposed attack method can be divided into two phases. In the first phase, we find the rotating amount of lp and the diffusion matrix D by shifting the Xor operations. In the second phase, we attack the permutation with some special plaintext images by imitating the attack method in [17]. We denote the original image I and the corresponding encrypted image C_I.

3.1. The First Phase of Attack

The two special properties of the Xor operator are utilized and the properties are given as below.

Property 1 

$\alpha \oplus \alpha =0$

Property 2 

If $\alpha \oplus \beta =\lambda$, $\alpha =\lambda \oplus \beta$

where $\alpha ,\beta ,\gamma$ are positive integers.

The process for find out lp and D is conducted as the following steps.

Step 1: Choose a plaintext color image Z of size $M\times N$, the elements of which are all zero-pixel values. Z can be expressed as below.

$$Z={\left[\begin{array}{cccc}\left(0\right)\left(0\right)\left(0\right)& \left(0\right)\left(0\right)\left(0\right)& \cdots & \left(0\right)\left(0\right)\left(0\right)\\ \left(0\right)\left(0\right)\left(0\right)& \left(0\right)\left(0\right)\left(0\right)& \cdots & \left(0\right)\left(0\right)\left(0\right)\\ \cdots & \cdots & \cdots & \cdots \\ \left(0\right)\left(0\right)\left(0\right)& \left(0\right)\left(0\right)\left(0\right)& \cdots & \left(0\right)\left(0\right)\left(0\right)\end{array}\right]}_{M\times N}$$

(4)

The encrypted image C_Z is obtained from the encryption method above. Divide Z into three images according to RGB theory. The sequence of C’ corresponding to C_Z is acquired by linking the three grayscale images and the length of that is $M\times 3N$. Denote the obtained sequence C after the diffusion. The diffusion equation corresponding to Z can be expressed according to Property 1, as below:

$$C(i)=D(i)\oplus C(i-1)$$

(5)

Obtain the pixel sequence C according to Equation (5) as below:

$$\begin{array}{ll}C=& \{D\left(1\right)\oplus C\left(0\right),D\left(2\right)\oplus C\left(1\right),D\left(3\right)\oplus C\left(2\right),...,D\left(M*3N-1\right)\oplus C\left(M*3N-2\right),\\ & D\left(M*3N\right)\oplus C\left(M*3N-1\right)\}\end{array}$$

(6)

where D remains unchanged in the encryption process. C’ is obtained by rotating C by the quantity of lp to the left as the follow sequence:

$$\begin{array}{l}C\prime =\{D\left(lp+1\right)\oplus C\left(lp\right),D\left(lp+2\right)\oplus C\left(lp+1\right),...,D\left(M*3N-1\right)\oplus C\left(M*3N-2\right),\\ D\left(M*3N\right)\oplus C\left(M*3N-1\right),D1\oplus C0,D2\oplus C1,\dots ,D\left(lp\right)\oplus C\left(lp-1\right)\}\end{array}$$

(7)

C” is obtained by rotating C’ once to the left as the following sequence:

$$\begin{array}{l}C\prime \prime =\{D\left(lp+2\right)\oplus C\left(lp+1\right),D\left(lp+3\right)\oplus C\left(lp+2\right),...,D\left(M*3N\right)\oplus C\left(M*3N-1\right),\\ D1\oplus C0,D2\oplus C1,D3\oplus C2,\dots ,D\left(lp+1\right)\oplus C\left(lp\right)\}\end{array}$$

(8)

G is acquired according to Property 2 by the equation $G(i)=C\prime (i)\oplus C\prime \prime (i)$ and given as below:

$$\begin{array}{l}G=\{D\left(lp+2\right),D\left(lp+3\right),\dots ,D\left(M*3N\right),D\left(1\right)\oplus C\left(0\right)\oplus D\left(M*3N\right)\oplus C\left(M*3N-1\right),\\ D\left(2\right),D\left(3\right),\dots ,D\left(lp+1\right)\}\end{array}$$

(9)

$D\left(i\right)$ is acquired where $i\in \left[2,M*3N\right]$ but $D\left(1\right)$ remains unknown.

Step 2: Choose a plaintext color image Q with all k pixel values and the size of which is $M\times N$. Q can be expressed as below.

$$Q={\left[\begin{array}{cccc}\left(k\right)\left(k\right)\left(k\right)& \left(k\right)\left(k\right)\left(k\right)& \cdots & \left(k\right)\left(k\right)\left(k\right)\\ \left(k\right)\left(k\right)\left(k\right)& \left(k\right)\left(k\right)\left(k\right)& \cdots & \left(k\right)\left(k\right)\left(k\right)\\ \cdots & \cdots & \cdots & \cdots \\ \left(k\right)\left(k\right)\left(k\right)& \left(k\right)\left(k\right)\left(k\right)& \cdots & \left(k\right)\left(k\right)\left(k\right)\end{array}\right]}_{M\times N}$$

(10)

The encrypted image C_Q is obtained from the encryption system above. Divide Q into three images according to RGB theory. The sequence of C_q’ corresponding to C_Q is acquired by linking the three gray scale images and the length of that is $M\times 3N$. Then we denote the obtained sequence C_q after the diffusion. The diffusion equation corresponding to Q can be expressed as follows:

$$C_q(i)=\mathrm{mod}(k+D(i),256)\oplus C_q(i-1)$$

(11)

Following this, we can obtain the pixel sequence of C_q according to Equation (5), as below:

$$\begin{array}{l}{C}_q=\{\mathrm{mod}(k+D\left(1\right),256)\oplus C_q\left(0\right),\mathrm{mod}(k+D\left(2\right),256)\oplus C_q\left(1\right),...,\\ \mathrm{mod}(k+D\left(M*3N\right),256)\oplus C_q\left(M*3N-1\right)\}\end{array}$$

(12)

where D remains unchanged in the encryption process. C’ is obtained by rotating C by the quantity of lp to the left as the following sequence:

$$\begin{array}{l}{C}_q\prime =\{\mathrm{mod}(k+D\left(lp+1\right),256)\oplus C_q\left(lp\right),\mathrm{mod}(k+D\left(lp+2\right),256)\oplus C_q\left(lp+1\right),...,\\ \mathrm{mod}(k+D\left(M*3N-1\right),256)\oplus C_q\left(M*3N-2\right),\mathrm{mod}(k+D\left(M*3N\right),256)\oplus \\ C_q\left(M*3N-1\right),\mathrm{mod}(k+D\left(1\right),256)\oplus C\left(0\right),\mathrm{mod}(k+D2\left(lp+1\right),256)\oplus C_q\left(1\right),\\ \dots ,\mathrm{mod}(k+D\left(lp\right),256)\oplus C_q\left(lp-1\right)\}\end{array}$$

(13)

$C_q\prime \prime$ is obtained by rotating C’ once to the left as the following sequence:

$$\begin{array}{l}{C}_q\prime \prime =\{\mathrm{mod}(k+D\left(lp+2\right),256)\oplus C_q\left(lp+1\right),\mathrm{mod}(k+D\left(lp+3\right),256)\oplus C_q\left(lp+2\right),...,\\ \mathrm{mod}(k+D\left(M*3N\right),256)\oplus C_q\left(M*3N-1\right),\mathrm{mod}(k+D\left(1\right),256)\oplus C_q\left(0\right),\\ \mathrm{mod}(k+D\left(2\right),256)\oplus C1,\mathrm{mod}(k+D\left(3\right),256)\oplus C\left(2\right),\dots ,\\ \mathrm{mod}(k+D\left(lp+1\right),256)\oplus C_q\left(lp\right)\}\end{array}$$

(14)

$G_q$ is acquired according to the Equation $G_q(i)=C_q\prime (i)\oplus C_q\prime \prime (i)$ and is given below:

$$\begin{array}{l}{G}_q=\{\mathrm{mod}(k+D\left(lp+2\right),256),\mathrm{mod}(k+D\left(lp+3\right),256),\dots ,\mathrm{mod}(k+D\left(M*3N\right),256),\\ \mathrm{mod}(k+D\left(1\right)\oplus C_q\left(0\right),256)\oplus \mathrm{mod}(k+D\left(M*3N\right),256)\oplus C_q\left(M*3N-1\right),256),\\ \mathrm{mod}(k+D\left(2\right),256),\mathrm{mod}(k+D\left(3\right),256),\dots ,\mathrm{mod}(k+D\left(lp+1\right),256\}\end{array}$$

(15)

Compared with Equation (9), we can’t directly get $D\left(i\right)$ from Equation (15), but $D\left(i\right)$ can be acquired except $D\left(1\right)$ by $D=\mathrm{mod}(G_q-k,256)$.

Step 3: W of size $M\times 3N$ is obtained by $W(i)=\mathrm{mod}(G_q(i)-G(i),256)$ as below:

$$W=\{k,k,\dots ,k,p,k,k,\dots ,k\}$$

(16)

where

$$\begin{array}{ll}p=& \mathrm{mod}(k+D\left(1\right)\oplus C_q\left(0\right),256)\oplus \mathrm{mod}(k+D\left(M*3N\right),256)\oplus C_q\left(M*3N-1\right)\\ & -D\left(1\right)\oplus C\left(0\right)\oplus D\left(M*3N\right)\oplus C(M*3N-1)\end{array}$$

lp can be obtained according to the position of p in W by the following equation:

$$lp=M\times 3N-Po{s}_p$$

(17)

where $Po{s}_p$ is the position of p.

Step 4: C can be obtained by rotating C’ to the right lp times. $D(1)$ can be obtained by:

$$C(1)=D(1)\oplus C(0)$$

(18)

The permuted matrix P corresponding to the original can be obtained by:

$$P(i)=\mathrm{mod}(C_I(i)\oplus C_I(i-1)-D(i),256)$$

(19)

Now we discuss if we can get lp by the two special plains where one is with all k₁ pixel values and the other is with all k₂ pixel values according to Equations (12) and (13).

$$\begin{array}{l}W\prime =\{\mathrm{mod}(k_2-k_1,256),\mathrm{mod}(k_2-k_1,256),\dots ,\mathrm{mod}(k_2-k_1,256),p\prime ,\mathrm{mod}(k_2-k_1,256),\dots ,\\ \mathrm{mod}(k_2-k_1,256\}\end{array}$$

(20)

where

$$\begin{array}{l}p\prime =\mathrm{mod}(k_2-k_1+D\left(1\right),256)\oplus C_q\left(0\right)\oplus \mathrm{mod}(k_2-k_1+D\left(M*3N\right),256)\oplus C_q\left(M*3N-1\right)\\ -D\left(1\right)\oplus C\left(0\right)\oplus D\left(M*3N\right)\oplus C\left(M*3N-1\right)\end{array}$$

We can get lp from Equation (20) since all the pixel values of $W\prime$ except $p\prime$ are the same. The above steps can be expressed as in Algorithm 1. Since the rotation amount lp and the diffusion matrix D have been obtained, the permuted image $P_I$ can be acquired by Algorithm 1.

Algorithm 1 Obtain the Rotation Amount lp and the Diffusion Matrix D

1: Set the plain image Z

2: Obtain the encrypted image pixel sequence C’ after the reshape Cz

3: Obtain the sequence C”

4: $G(i)\leftarrow C\prime (i)\oplus C\prime \prime (i)$

5: $D\leftarrow GexceptD(1)$

6: Set the plain image Z

7: Obtain the encrypted image pixel sequence $C_q\prime$ after the reshape Cz

8: Obtain the sequence $C_q\prime \prime$

9: $G_q(i)\leftarrow C_q\prime (i)\oplus C_q\prime \prime (i)$

10: $lp\leftarrow W(i)=\mathrm{mod}(G_q(i)-G(i),256)$

11: $C\leftarrow lp,C\prime$

12: $D(1)\leftarrow C(1)=D(1)\oplus C(0)$

3.2. The Second Phase of Attack

In the following description m, n and $\mu$ are all positive integers. The plaintext sequences need to be divided into block. S, R and U represent the plaintext sequence in one division. The process of attacking permutation is as follows.

Step 1: Consider a plain sequence S and set it:

$$S=\left[S\left\{0\right\},S\left\{1\right\},\dots ,S\left\{i\right\}\dots S\left\{\Omega -1\right\}\right]2\le \Omega \le 256$$

(21)

where $S\left\{i\right\}={\left[i,i,\dots i\right]}_{l_1}$ , $l_1=M\times 3N/\Omega$ and call $S\left\{i\right\}$ first order sub-block. Convert S into the R, G and B color image with the size of $M\times N$ and the permutation sequence $P_S$ corresponding to S can be obtained after the first phase.

Step 2: Choose pixel $P_S\left(j\right)$. If $P_S\left(j\right)=m$, the pixel in S corresponding to $P_S\left(j\right)$ would be one pixel which is in $S\left\{m\right\}$. Register the position of j in Set $INDEX\left\{m\right\}$. All the pixels of $P_S$ would be registered in one set.

Step3: Consider a plain sequence R of size $M\times 3N$ and divide it into $\Omega$ first order blocks $R(i),i=0,1,...,\Omega$. Divide each block into $\Omega$ second order blocks $R\left\{i\right\}\left\{j\right\}j=0,1,...,\Omega$ and set:

$$R\left\{i\right\}\left\{j\right\}={\left[j,j,\dots j\right]}_{l_2},l_2=M\times 3N/\Omega ^2$$

(22)

The permutation sequence $P_R$ corresponding to R can be obtained after the first phase.

Step 4: Choose pixel $P_R(t)t\in Index\left\{m\right\}$. If $P_S\left(t\right)=n$, the pixel in R corresponding to $P_R\left(t\right)$ would be one pixel which is in $R\left\{m\right\}\left\{n\right\}$. Register the position of t in set $Index\left\{m\right\}\left\{n\right\}$. All the pixels of $P_R\left(t\right)$ would be registered in one second order set. If l₂ = 1, each $Index\left\{m\right\}\left\{n\right\}$ would include only one element and we can get all the corresponding permuted positions corresponding the elements in $R$. If l₂ > 1, repeat Step 3, 4 until the element quantity of l = 1 and get the position matrix X’. The number of times of divisions is f and $f=\mathrm{ceil}\left({\log }_{\Omega }\left(M\times 3N\right)\right)$. The permutation attack process can be expressed as in Algorithm 2.

Algorithm 2 Permutation Attack

1: the plain sequence S from the first division and encrypt S

2: $P_S\leftarrow \mathrm{the}\mathrm{first}\mathrm{phase}$

3: $INDEX\left\{m\right\}\leftarrow check{P}_S$

4: set the plain sequence R from the second division and encrypt R

5: $P_R$ from the first phase

6: $INDEX\left\{m\right\}\left\{n\right\}\leftarrow check{P}_R$

7: repeat further division until the element quantity l = 1

8: $INDEX\left\{m\right\}\left\{n\right\}\cdots \left\{\mu \right\}\leftarrow \mathrm{check}\mathrm{the}\mathrm{last}\mathrm{permuted}\mathrm{matrix}$

For clarity of the relationship of f, $\Omega$ and image size, some values of f are shown as

Table 1. Values of f according to image size and $\Omega$.

Image Size	$\Omega =256$	$\Omega =128$	$\Omega =64$	$\Omega =32$	$\Omega =16$	$\Omega =8$
$256\times 256$	3	3	3	4	5	6
$512\times 512$	3	3	3	4	5	6
$1024\times 1024$	3	3	4	4	5	7

. f ascends when $\Omega$ descends and image size ascends according to Table 1.

If the size of I is $256\times 256$ and $\Omega =256$, $f=3$. At the first time of division the plaintext sequence S can be set as:

$$S={\left[{\left(00\cdots 0\right)}_{256\times 3}{\left(11\cdots 1\right)}_{256\times 3}{\left(22\cdots 2\right)}_{256\times 3}\cdots {\left(255255\cdots 255\right)}_{256\times 3}\right]}_{256\times 256\times 3}$$

(23)

At the second time of division the plaintext sequence R can be set as:

$$R={\left[\left(000\right)\left(111\right)\cdots \left(255\right)\left(000\right)\left(111\right)\cdots \left(255\right)\cdots \left(000\right)\left(111\right)\cdots \left(255\right)\right]}_{256\times 256\times 3}$$

(24)

At the third time of division the plaintext sequence R can be set as:

$$U={\left[\left(012\right)\left(012\right)\cdots \left(012\right)\right]}_{256\times 256\times 3}$$

(25)

In the above sequences the right subscripts represent the length of the vectors.

Convert S, R and U into a color image, respectively, as shown in Figure 2a–c where most of the images of Figure 2a, b is white.

Obviously, we can recover the corresponding original image I according to the above two phases.

4. Experiments and Analysis

A series of simulation experiments have been carried out to verify our attacking scheme with an Intel(R) Core(TM) i5-5300 CPU 2.39 GHz and 8 GB memory capacity. MALTAB R2016b is used for the experiments. Five standard images with the size of $256\times 256$ are chosen in the experiments including ‘Baboon’, ‘Soccer’, ‘Pepper’, ‘Lena’, and ‘Monarch as shown in Figure 3a1–e1. The corresponding encrypted images are shown in Figure 3(a2,b2,c2,d2,e2). We attack the lp and diffusion using the steps in the first phase in Section 3. The retrieved permutation-diffusion images and retrieved permutation-only images are obtained as in Figure 3(a3,b3,c3,d3,e3) and Figure 3(a4,b4,c4,d4,e4), respectively. After attacking permutation in the second phase in Section 3, the restored images are obtained which have been shown in Figure 3(a5,b5,c5,d5,e5). Figure 3(a5,b5,c5,d5,e5) coincides with the original images, compared with Figure 2(a1,b1,c1,d1,e1). The recovery performance evaluation can also be made by root mean square error (RMSE). Denoting the original image I and the recovered image I’, RMSE defined as below.

$$RMSE=\sqrt{{\displaystyle \sum _{j=1}^n{\displaystyle \sum _{i=1}^m{\left(I(i,j)-I\prime (i,j)\right)}^2}}}$$

(26)

In all the experiments, the values of RMSE are all zeros which mean the recovered images are all the same as the corresponding original images. In other words, the original images are accurately recovered. Therefore, the attack results demonstrate the effectiveness of the cryptanalysis.

The running times of the proposed scheme and Chen’s scheme in terms of attacking lp and diffusion and attacking permutation are shown in

Table 2. Execution time (seconds).

Image Size	Image	The Proposed Scheme			Chen’s Scheme
		Attack lp and Diffusion	Attack Permutation	Total Time	Attack lp and Diffusion	Attack Permutation	Total Time
$256\times 256$	Lena	1.2386	2.7358	3.9744	1.2173	3.8253	5.0426
	Baboon	1.0537	2.8356	3.8893	1.1562	3.9376	5.0938
	Pepper	0.9697	2.9121	3.8818	1.0127	4.5862	5.5989
Average time		1.0873	2.8278	3.9151	1.1287	4.1164	5.2451
$512\times 512$	Lena	1.5413	10.0327	11.574	1.7135	13.7236	15.4371
	Baboon	1.6331	11.7731	13.4062	1.5233	13.1027	14.626
	Pepper	1.6975	10.9173	12.6148	1.5872	14.3379	15.9251
Average time		1.6240	10.9077	12.5317	1.6080	13.7214	15.3294
$1024\times 1024$	Lena	2.5136	32.4377	34.9513	2.4759	47.7536	50.2295
	Baboon	2.7572	35.7728	38.53	2.8364	58.5927	61.4291
	Pepper	2.6673	39.8154	42.4827	2.6581	56.3619	59.02
Average time		2.6460	36.0086	38.6546	2.6568	54.2361	56.8929

. The images are chosen in different sizes including $256\times 256$, $512\times 512$ and $1024\times 1024$. From Table 2, the average running time of attacking the amount of lp and diffusion in two schemes is almost the same. But the average running time of attacking permutation in the proposed method is less than that in Chen’s scheme. The total average running time of the proposed method attacking the encrypted images of size $256\times 256$ is 3.9151 s which is 1.33 s less than that of Chen’s scheme. The difference values of attacking the encrypted the images with size $512\times 512$ and $1024\times 1024$ are about 2.80 s and 18.2 s, respectively. Therefore, the cryptanalysis speed of the proposed method is better than the existing scheme.

5. Conclusions

This paper attacks a new color image encryption algorithm combining a few the 1D chaotic maps which has been recently proposed in [37]. The encryption process depends on the linear-nonlinear-linear structure of the encryption algorithm. The vulnerability of this algorithm is revealed, and the attacking scheme is developed by the chosen plaintext attack in Section 3, based on the security weakness. Experimental results demonstrate the attack scheme of this paper can completely collapse the encryption algorithm and has low computation complexity.