Abstract

In the past few years, several encryption algorithms based on chaotic systems have been proposed as means to protect digital images against cryptographic attacks. These encryption algorithms typically use relatively small key spaces and thus offer limited security, especially if they are one-dimensional. In this paper, we proposed a novel image encryption algorithm based on Rubik's cube principle. The original image is scrambled using the principle of Rubik's cube. Then, XOR operator is applied to rows and columns of the scrambled image using two secret keys. Finally, the experimental results and security analysis show that the proposed image encryption scheme not only can achieve good encryption and perfect hiding ability but also can resist exhaustive attack, statistical attack, and differential attack.

1. Introduction

The end of the 20th century was marked by an extraordinary technical revolution from analog to numerical as documents and equipments became increasingly used in various domains. However, the advantages of the digital revolution were not achieved without drawbacks such as illegal copying and distribution of digital multimedia documents. To meet this challenge, researchers were motivated more than ever to protect multimedia documents with new and efficient document protection techniques. In this context, different techniques have been introduced such as encryption and digital watermarking. The first one consists in transforming multimedia documents using an algorithm to make it unreadable to anyone except for the legitimate users. The second one consists of embedding digital watermarks into multimedia documents to guarantee the ownership and the integrity of the digital multimedia contents.

The protection of images is of particular interest in this paper. Traditional image encryption algorithms such as private key encryption standards (DES and AES), public key standards such as Rivest Shamir Adleman (RSA), and the family of elliptic-curve-based encryption (ECC), as well as the international data encryption algorithm (IDEA), may not be the most desirable candidates for image encryption, especially for fast and real-time communication applications. In recent years, several encryption schemes have been proposed [112]. These encryption schemes can be classified into different categories such as value transformation [14], pixels position permutation [58], and chaotic systems [912].

In the first category, Liu et al. [1] presented an image encryption scheme based on iterative random phase encoding in gyrator transform domains. A two-dimensional chaotic mapping is employed to generate many random data for iterative random phase encoding. In [2], a color image encryption method using discrete fractional random transform (DFRNT) and the Arnold transform (AT) in the intensity-hue-saturation (IHS) color space has been proposed. Each color space component is then encrypted independently with different approaches. In [3], an image encryption algorithm based on Arnold transform and gyrator transform has been proposed. The amplitude and phase of the gyrator transform are separated into several subimages, which are scrambled using the Arnold transform. The parameters of gyrator transforms and separating scheme serve as the key of the encryption method. Tao et al. [4] proposed an image encryption algorithm based on fractional Fourier transform (FRFT) and which can be applied to the double or more image encryptions. The encrypted image is obtained by the summation of different orders of inverse discrete fractional Fourier transform (IDFRFT) of the interpolated subimages. The whole transform orders of the utilized FRFT are used as the secret keys for the decryption of each subimage.

In the second category, Zunino [5] use Peano-Hilbert curves as pixels position permutation to destroy the spatial autocorrelation of an image. Zhang and Liu [6] proposed image encryption scheme based on permutation-diffusion architecture and skew tent map system. In the proposed scheme, the P-box is chosen as the same size of original image, which shuffles the positions of pixels totally. To enhance the security, the keystream in the diffusion step depends on both the key and original image. Zhao and Chen [7] proposed to used ergodic matrices for scrambling and encryption of digital images. The authors analyzed the isomorphism relationship between ergodic matrices and permutation. Zhu et al. [8] proposed an innovative permutation method to confuse and diffuse the gray-scale image at the bitlevel, which changes the position of the pixel and modifies its value. This algorithm uses also the Arnold cat map to permute the bits and the logistic map to further encrypt the permuted image.

In the third category, Huang and Nien [9] proposed a novel pixel shuffling method for color image encryption which used chaotic sequences generated by chaotic systems as encryption codes. In [10], the two-dimensional chaotic cat map has been generalized to three-dimensional one and then was used to design a fast and secure symmetric image encryption scheme. This scheme employs the 3D cat map to shuffle the positions and the values of image pixels. Wang et al. [11] presented an image encryption algorithm based on simple Perceptron and using a high-dimensional chaotic system in order to produce three sets of pseudorandom sequence. Then to generate weight of each neuron of perceptron as well as a set of input signal, a nonlinear strategy is adopted. Recently, a new image encryption algorithm combining permutation and diffusion was proposed by Wang et al. [12]. The original image is partitioned into blocks and a spatiotemporal chaotic system is then employed to generate the pseudorandom sequence used for diffusing and shuffling these blocks.

The security of image encryption has been extensively studied. Almost some encryption schemes based on permutation had already been found insecure against the ciphertext-only and known/chosen-plaintext attacks, due to the high information redundancy, and it is quite understandable since the secret permutations can be recovered by comparing the plaintexts and the permuted ciphertexts. Generally, chaos-based image encryption algorithms are used more often than others but require high computational cost. Moreover, a chaos system is defined on real numbers while the cryptosystems are defined on finite sets of integers. One-dimensional chaotic cryptosystems are limited by their small key spaces and weak security in [1, 13].

In this paper, we present a novel image encryption algorithm based on the principle of Rubik's cube. First-, in order to scramble the pixels of gray-scale original image the principle of Rubik's cube is deployed which only changes the position of the pixels. Using two random secret keys, the bitwise XOR is applied into the odd rows and columns. Then, the bitwise XOR is also applied to even rows and columns using the flipped secret keys. These steps can be repeated while the number of iteration is not reached. Numerical simulation has been performed to test the validity and the security of the proposed encryption algorithm.

The remaining of this paper is organized as follows. Section 2 describes the proposed image encryption algorithm based on Rubik's cube principle. Experimental results and security analysis are presented in Section 3. Finally, we conclude in Section 4.

2. Rubik's Cube Image Encryption

In this section, the proposed encryption algorithm based on Rubik's cube principle is described along with the decryption algorithm.

2.1. Rubik's Cube Based Encryption Algorithm

Let 𝐼𝑜 represent an 𝛼-bit gray scale image of the size 𝑀×𝑁. Here, 𝖨𝑜 represent the pixels values matrix of image 𝐼𝑜. The steps of encryption algorithm are as follows: (1)Generate randomly two vectors 𝐾𝑅 and 𝐾𝐶 of length 𝑀 and 𝑁, respectively. Element 𝐾𝑅(𝑖) and 𝐾𝐶(𝑗) Each take a random value of the set 𝒜={0,1,2,,2𝛼1}. Note that both 𝐾𝑅 and 𝐾𝐶 must not have constant values. (2) Determine the number of iterations, ITERmax, and initialize the counter ITER at 0.(3) Increment the counter by one: ITER=ITER+1. (4) For each row 𝑖 of image 𝐼𝑜, (a)compute the sum of all elements in the row 𝑖, this sum is denoted by 𝛼(𝑖)𝛼(𝑖)=𝑁𝑗=1𝖨𝑜(𝑖,𝑗),𝑖=1,2,,𝑀,(1)(b)compute modulo 2 of 𝛼(𝑖), denoted by 𝑀𝛼(𝑖),(c)row 𝑖 is left, or right, circular-shifted by 𝐾𝑅(𝑖) positions (image pixels are moved 𝐾𝑅(𝑖) positions to the left or right direction, and the first pixel moves in last pixel.), according to the following:if𝑀𝛼(𝑖)=0rightcircularshiftelseleftcircularshift.(2)(5)For each column 𝑗 of image 𝐼𝑜, (a)compute the sum of all elements in the column 𝑗, this sum is denoted by 𝛽(𝑗), 𝛽(𝑗)=𝑀𝑖=1𝖨𝑜(𝑖,𝑗),𝑗=1,2,,𝑁,(3)(b)compute modulo 2 of 𝛽(𝑗), denoted by 𝑀𝛽(𝑗).(c)column 𝑗 is down, or up, circular-shifted by 𝐾𝐶(𝑖) positions, according to the following:if𝑀𝛽(𝑗)=0upcircularshiftelsedowncircularshift.(4)

Steps 4 and 5 above will create a scrambled image, denoted by 𝐼SCR. (6) Using vector 𝐾𝐶, the bitwise XOR operator is applied to each row of scrambled image 𝐼SCR using the following expressions:𝖨1(2𝑖1,𝑗)=𝖨SCR(2𝑖1,𝑗)𝐾𝐶𝖨(𝑗),1(2𝑖,𝑗)=𝖨SCR𝐾(2𝑖,𝑗)rot180𝐶,(𝑗)(5) where and rot180(𝐾𝐶) represent the bitwise XOR operator and the flipping of vector 𝐾𝐶 from left to right, respectively. (7)Using vector 𝐾𝑅, the bitwise XOR operator is applied to each column of image 𝐼1 using the following formulas:𝖨ENC(𝑖,2𝑗1)=𝖨1(𝑖,2𝑗1)𝐾𝑅𝖨(𝑗),ENC(𝑖,2𝑗)=𝖨1𝐾(𝑖,2𝑗)rot180𝑅.(𝑗)(6) with rot180(𝐾𝑅) indicating the left to right flip of vector 𝐾𝑅. (8)If ITER=ITERmax, then encrypted image 𝐼ENC is created and encryption process is done; otherwise, the algorithm branches to step 3.

Vectors 𝐾𝑅, 𝐾𝐶 and the max iteration number ITERmax are considered as secret keys in the proposed encryption algorithm. However, to obtain a fast encryption algorithm it is preferable to set ITERmax=1 (single iteration). Conversely, if ITERMAX>1, then the algorithm is more secure because the key space is larger than for ITERMAX=1. Nevertheless, in the simulations presented in Section 3, the number of iterations ITERmax was set to one.

2.2. Rubik's Cube Decryption Algorithm

The decrypted image, 𝐼𝑜, is recovered from the encrypted image, 𝐼ENC, and the secret keys, 𝐾𝑅, 𝐾𝐶, and ITERmax as follows in the following. (1)Initialize ITER=0. (2)Increment the counter by one: ITER=ITER+1. (3)The bitwise XOR operation is applied on vector 𝐾𝑅 and each column of the encrypted image 𝐼ENC as follows:𝖨1(𝑖,2𝑗1)=𝖨ENC(𝑖,2𝑗1)𝐾𝑅𝖨(𝑗),1(𝑖,2𝑗)=𝖨ENC𝐾(𝑖,2𝑗)rot180𝑅,(𝑗)(7)(4)Then, using the 𝐾𝐶 vector, the bitwise XOR operator is applied to each row of image 𝐼1:𝖨SCR(2𝑖1,𝑗)=𝖨1(2𝑖1,𝑗)𝐾𝐶𝖨(𝑗),SCR(2𝑖,𝑗)=𝖨1𝐾(2𝑖,𝑗)rot180𝐶.(𝑗)(8)(5)For each column 𝑗 of the scrambled image 𝐼SCR, (a)compute the sum of all elements in that column 𝑗, denoted as 𝛽SCR(𝑗): 𝛽SCR(𝑗)=𝑀𝑖=1𝖨SCR(𝑖,𝑗),𝑗=1,2,,𝑁,(9)(b)compute modulo 2 of 𝛽SCR(𝑗), denoted by 𝑀𝛽SCR(𝑗), (c)column 𝑗 is down, or up, circular-shifted by 𝐾𝐶(𝑖) positions according to the following:if𝑀𝛽SCR(𝑗)=0upcircularshiftelsedowncircularshift.(10)(6) For each row 𝑖 of scrambled image 𝐼SCR, (a)compute the sum of all elements in row 𝑖, this sum is denoted by 𝛼SCR(𝑖): 𝛼SCR(𝑖)=𝑁𝑗=1𝖨SCR(𝑖,𝑗),𝑖=1,2,,𝑀,(11)(b)compute modulo 2 of 𝛼SCR(𝑗), denoted by 𝑀𝛼SCR(𝑗), (c)row 𝑖 is then left, or right, circular-shifted by 𝐾𝑅(𝑖) according to the following:if𝑀𝛼SCR(𝑗)=0rightcircularshiftelseleftcircularshift.(12)(7)If ITER=ITERmax, then image 𝐼ENC is decrypted and the decryption process is done; otherwise, the algorithm branches back to step 2.

3. Experimental Results

In this section, we present the tests that were conducted to assess the efficiency and security of the proposed image encryption algorithm. These tests involve visual testing and security analysis.

3.1. Visual Testing

For visual testing, four gray-scale images of size 256×256 pixels were used. Figure 1 depicts these test images—lena, black, baboon and checkerboard—as well as the images encrypted using the proposed Rubik's cube algorithm. From this figure, one can see that there is no perceptual similarity between original images and their encrypted counterparts.

The encrypted image should greatly differ from its original form. In general, two difference measures are used to quantify this requirement. The first measure is the number of pixels change rate (NPCR), which indicate the percentage of different pixels between two images. The second one is the unified average changing intensity (UACI), which measures the average intensity of differences in pixels between two images [10]. Let 𝖨𝑜(𝑖,𝑗) and 𝖨ENC(𝑖,𝑗) be the pixels values of original and encrypted images, 𝐼𝑜 and 𝐼ENC, at the 𝑖th pixel row and 𝑗th pixel column, respectively. Equations (13) and (15) give the mathematical expressions of the NPCR and UACI measures:NPCR=𝑀𝑖=1𝑁𝑗=1𝖣(𝑖,𝑗)𝑀×𝑁×100%,(13)with𝖣(𝑖,𝑗)=0if𝖨𝑜(𝑖,𝑗)=𝖨ENC(𝑖,𝑗),1otherwise.(14)UACI=𝑀𝑁𝑖=1𝑗=1||𝖨𝑜(𝑖,𝑗)𝖨ENC||(𝑖,𝑗)×255100%.𝑀×𝑁(15)

To approach the performances of an ideal image encryption algorithm, NPCR values must be as large as possible and UACI values must be around 33%. Table 1 gives the NPCR and UACI values for the original images and their encrypted versions. The values are very close to unity for the NPCR measure. The UACI values are also appropriate. The high percentage values of the NPCR measure indicate that the pixels positions have been randomly changed.

Furthermore, the UACI values show that almost all pixel gray-scale values of encrypted image have been changed from their values in the original images, making the original and encrypted image pixels more difficult to discriminate. It iss also observed that the UACI values for the case of the black and the checkerboard images are larger than those of the other images. This is due to the fact that all the pixels values of the black and checkerboard images are at the extremity of pixels values range, that is, 0 for the black pixels and 255 for the white pixels, leading to a large absolute difference between the original and encrypted images.

3.2. Security Analysis

Security is a major issue in cryptology. A good image encryption scheme should resist various attacks such as known plain text attack, cipher-text-only attack, statistical analysis attack, and brute-force attacks. In this section, a security analysis on the proposed image encryption algorithm is done. The security assessment has been done on key space analysis and statistical analysis.

3.2.1. Key Space Analysis

A secure image encryption scheme must have a large key space in order to make brute-force attack practically (computationally) infeasible. In theory, the proposed algorithm can accommodate an infinite key space. However, the encryption key used in our scheme is composed of the (𝐾𝑅,𝐾𝐶,ITERmax) triplet. For an 𝛼-bit gray-scale image 𝐼𝑜 of size 𝑀×𝑁 pixels, the vectors 𝐾𝑅 and 𝐾𝐶 can take 2𝑀𝛼 and 2𝑁𝛼 possible values, respectively. If we consider that both vectors must not have constant values, and the key space size is 2𝛼(𝑀+𝑁)×ITERmax22𝛼 keys, one can see that the size of the key space can be expanded when the number of iteration ITERmax is increased. For instance, for an 8-bits, scale gray image of size 256×256 pixels and ITERmax=1. The key space size is equal to 24096216101233; this key space is large enough to resist exhaustive attack and it is larger than the key space size of the image encryption algorithms proposed in [1, 9, 10, 1416].

3.2.2. Key Sensibility

Encryption algorithms should also have high sensibility to encryption key: this means that any small change in the key should lead to a significant change in the encrypted, or decrypted, image. We performed two tests to illustrate the key sensibility of our scheme. The first one shows the impact of a key change in the image encryption process. Here, the original image, 𝐼𝑜, is encrypted using the key 𝐾1=(𝐾𝑅,𝐾𝐶,ITERmax), where 𝐾𝑅, 𝐾𝐶, and ITERMAX are randomly generated. Then, the same image, that is, 𝐼𝑜, is encrypted using another key 𝐾2 which differs only from the first key, 𝐾1, in the least significant bit, that is, 𝐾2=(K𝑅,𝐾𝐶,ITERmax+1). This experiment is repeated 100 times using different key pairs 𝐾1 and 𝐾2 (still only differing by the least significant bit). Table 2 represents the mean and the standard deviation of the NPCR values between the encrypted image with key 𝐾1 and the encrypted image using the key 𝐾2 using 100 different key pairs. One can see from Table 2 that the mean values of NPCR are close to 100%, which means that image encrypted by the key 𝐾1 differs significantly from the one encrypted by key 𝐾2. Moreover, standard deviation values are very small: this indicates that the NPCR values are clustered closely around the mean.

Figure 2 represents the original images, their encrypted images using two different keys 𝐾1 and 𝐾2 and the image difference between the encrypted images, respectively. As mentioned earlier, keys 𝐾1 and 𝐾2 differ only by one bit.

The second test consists of measuring the key sensibility in the image decryption process. Let original image 𝐼𝑜 be encrypted using the key 𝐾1=(𝐾𝑅,𝐾𝐶,ITERMAX), where 𝐾𝑅, 𝐾𝐶, and ITERMAX are again randomly generated, to give the encrypted image 𝐼ENC. This image is decrypted separately using the keys 𝐾1 and 𝐾2; these keys always differ by only one bit in the least significant bit location. Figure 3 illustrates the original image, the encrypted image 𝐼ENC with key 𝐾1, the decrypted image of 𝐼ENC using correct key 𝐾1, and the decrypted image of 𝐼ENC using the wrong key 𝐾2. It is clear from this figure that decryption using a wrong key does not succeed.

3.3. Statistical Analysis

In a paper published in 1949 [17], Shannon stated that “It is possible to solve many kinds of ciphers by statistical analysis.” Consequently, he suggested two methods based on confusion and diffusion in order to counteract powerful attacks based on statistical analysis. In the present paper, statistical analysis has been performed to demonstrate the superior confusion and diffusion properties of the proposed encryption algorithm against statistical attacks. This is done by performing two series of tests: histograms analysis of the encrypted images and the correlations computation of the adjacent pixels in encrypted images.

Figure 4 represents the histograms of the original and the encrypted images illustrated previously in Figure 1. One can see those the histograms of the encrypted images are almost uniform and are significantly different from that of the four original images. For instance, the histogram of original image Checkerboard shows as expected only two values: 0 and 255; however, the histogram of the encrypted Checkerboard image is fairly uniform. Therefore, the proposed image encryption algorithm responds well to the diffusion properties: it does not provide information that can be exploited for attacks based on statistical analysis of the encrypted image.

The other statistical test consists of computing the correlation between adjacent pixels [10]. It is obvious that an arbitrarily chosen pixel in an image is generally strongly correlated with adjacent pixels, and its in either horizontal, vertical or diagonal directions. However, a secure image encryption algorithm must produce an encrypted image having low correlation between adjacent pixels. This correlation test consists of randomly selecting 𝑁 pairs of adjacent pixels (vertical, horizontal, and diagonal) from the original and the encrypted images separately. Then, the correlation coefficient of each pair is calculated using  (19)1𝐸(𝑥)=𝑁𝑁𝑖=1𝑥𝑖,1(16)𝐷(𝑥)=𝑁𝑁𝑖=1𝑥𝑖𝐸(𝑥)2,1(17)cov(𝑥,𝑦)=𝑁𝑁𝑖=1𝑥𝑖𝑦𝐸(𝑥)𝑖,𝛾𝐸(𝑦)(18)𝑥𝑦=cov(𝑥,𝑦)𝐷(𝑥)𝐷(𝑦)with𝐷(𝑥)0,𝐷(𝑦)0,(19) where 𝑥𝑖 and 𝑦𝑖 are the grayscale values of two adjacent pixels, 𝑁 is the number of pairs (𝑥𝑖,𝑦𝑖), and 𝐸(𝑥) and 𝐸(𝑦), are respectively, the mean values of 𝑥𝑖 and 𝑦𝑖.

Table 3 gives the correlation coefficient values of adjacent pixels in the horizontal, vertical, and diagonal directions of the original images and their encrypted versions. It is clear that for the original images, the coefficient correlation values are very high (close to one) contrary to those observed for the encrypted images. This confirms that adjacent pixels in the original images are strongly correlated. However, for the encrypted images, those values are close to zero, which means that the adjacent pixels (horizontal, vertical and diagonal directions) are very weakly correlated. Figure 5 illustrates the correlation distributions of the horizontal adjacent pixels of the original images and the corresponding encrypted images using the proposed algorithm. One can see from Figure 5 that adjacent pixels in encrypted images are indeed very weakly correlated.

3.4. Entropy Analysis

The concept of entropy analysis for image encryption algorithm was introduced by Edward [18]. For gray-scale images of 256 levels, if each level of gray is assumed to be equiprobable, then the entropy of this image will be theoretically equal to 8 Sh (or bits). Ideally, an algorithm for encryption of images should give an encrypted image having equiprobable gray levels. Table 4 gives the entropy values of the four original images and those of their encrypted versions.

From those entropy values, we note that the entropy values of original images are far from ideal value of entropy since information sources are highly redundant and thus rarely generate uniformly distributed random messages. On the other hand, the entropy values of the encrypted images are very close to the ideal value of 8 Sh, which means that the proposed encryption algorithm is highly robust against entropy attacks.

Table 5 gives a comparison of the entropy values for encrypted image Lena with various image encryption algorithms.

3.5. Analysis against Attacks

An attacker who intercepts encrypted image can easily modify it, while the legitimate user can receive it and decrypt it successfully. This is the principle of attacks in image encryption; these attacks can include additive noise, filtering, rotation and cropping, and so forth.

3.5.1. Additive Noise

To verify the performance of the proposed encrypted algorithm against additive noise attacks, we considered two types of noises: salt and pepper noise and speckle noise. An additive noise attack consists in adding random noise to the intercepted encrypted image. Then, the noisy encrypted image will be decrypted. To measure the robustness of the proposed image encryption algorithm against this attack, mean squared error (MSE) measures are used.

Table 6 gives the MSE values between original images and their decrypted ones under the salt and pepper noise with different noise density values and the speckle noise with different variances.

Figures 6 and 7 illustrate the decrypted images: their encrypted version has been attacked separately by salt & pepper noise with 0.05 density and by speckle noise of variance 0.05. From these results, we can conclude that random noise attacks seriously affect decrypted images.

3.5.2. Analysis against Cropping Attacks

The cropping attacks consist of modifying the intercepted encrypted image by deleting one or several areas of the image. Table 7 gives the MSE values between original images and the decrypted and cropped images either in their center or on the image sides with parameter values equal to 1/8. This one indicates the fraction of the encrypted image that has been cropped. Figure 8 represents the encrypted images cropped in the center and their decrypted versions. From these results, we can conclude that the proposed image encryption algorithm resists to this attack lightly.

3.6. Speed Test

Apart from security considerations, another important consideration in the design of image encryption techniques is the actual algorithm execution speed, particularly for real-time applications. The proposed encryption algorithm is indeed very fast compared to other algorithms [10]. Our experimental results show that the average speed for encryption and for decryption is of around 0.9 Mb/s (megabits per second). The peak speed can reach up to 2.2 Mb/s on personnel computer equipped with an AMD Athlon processor with clock speed of 2.70 GHz, 1 GB (gigabytes) of RAM memory and 160 GB hard-disk capacity.

Table 8 illustrates the performance of the proposed algorithm using original image Lena with different sizes ranging from 64×64 to 1024×1024 pixels. The proposed algorithm was written using the MATLAB software platform.

4. Conclusion

In this paper, a novel image encryption algorithm is proposed. This algorithm is based on the principle of Rubik's cube to permute image pixels. To confuse the relationship between original and encrypted images, the XOR operator is applied to odd rows and columns of image using a key. The same key is flipped and applied to even rows and columns of image. Experimental tests have been carried out with detailed numerical analysis which demonstrates the robustness of the proposed algorithm against several types of attacks such as statistical and differential attacks (visual testing). Moreover, performance assessment tests demonstrate that the proposed image encryption algorithm is highly secure. It is also capable of fast encryption/decryption which is suitable for real-time Internet encryption and transmission applications.