#### Abstract

In this paper, we have presented a new permutation-substitution image encryption architecture using chaotic maps and Tompkins-Paige algorithm. The proposed encryption system includes two major parts, chaotic pixels permutation and chaotic pixels substitution. A logistic map is used to generate a bit sequence, which is used to generate pseudorandom numbers in Tompkins-Paige algorithm, in 2D permutation phase. Pixel substitution phase includes two process, the tent pseudorandom image (TPRI) generator and modulo addition operation. All parts of the proposed chaotic encryption system are simulated. Uniformity of the histogram of the proposed encrypted image is justified using the chi-square test, which is less than (255, 0.05). The vertical, horizontal, and diagonal correlation coefficients, as well as their average and RMS values for the proposed encrypted image are calculated that is about 13% less than previous researches. To quantify the difference between the encrypted image and the corresponding plain-image, three measures are used. These are MAE, NPCR, and UACI, which are improved in our proposed system considerably. NPCR of our proposed system is exactly the ideal value of this criterion. The key space of our proposed method is large enough to protect the system against any Brute-force and statistical attacks.

#### 1. Introduction

In any communication system, including satellite and internet, it is almost impossible to prevent unauthorized people from eavesdropping. When information is broadcasted from a satellite or transmitted through the internet, there is a risk of information interception. Security of image and video data has become increasingly important for many applications including video conferencing, secure facsimile, medical and military applications. Two main groups of technologies have been developed for this purpose. The first group is content protection through encryption, for which a key is required for proper decryption of the data. The second group is digital watermarking, which aims to embed a message into the multimedia data. These two technologies could be used complementary to each other [1, 2].

In secured communications using encryption, which is the focus of the present work, the information under consideration is converted from the intelligible form to an unintelligible structure using certain operations at the transmitter. Data encryption is mainly scrambling the content of data, such as text, image, audio, and video to make the data unreadable, invisible or incomprehensible during transmission. The unintelligible or encrypted form of the information is then transmitted through the insecure channel, that is, internet, to the destination. At the intended recipient side, however, the information is again converted back to an understandable form using decryption operation and thus the information is conveyed securely. It should be noted that the same keys guide both these encryption and decryption operations. Such encryption system is grouped under private key cryptography [1, 3].

In particular, an image-scrambling scheme transforms an image into another unintelligible image, based on keys only known to the senders and the receivers. The fundamental techniques to encrypt a block of pixels are substitution and permutation. Substitution replaces a pixel with another one; permutation changes the sequence of the pixels in a block to make them unreadable.

In recent years, chaotic maps have been employed for image encryption. Most chaotic image encryptions (or encryption systems) use the permutation-substitution architecture. These two processes are repeated for several rounds, to obtain the final encrypted image. For example, in [4], Fridrich suggested a chaotic image encryption method composed of permutation and substitution. All the pixels are moved using a 2D chaotic map. The new pixels moved to the current position are taken as a permutation of the original pixels. In the substitution process, the pixel values are altered sequentially. Chen et al. employed a three-dimensional (3D) Arnold cat map [5] and a 3D Baker map [6] in the permutation stage. Guan et al. used a 2D cat map for pixel position permutation and the discretized Chenโs chaotic system for pixel value masking [7]. Lian et al. [8] used a chaotic standard map in the permutation stage and a quantized logistic map in the substitution stage. The parameters of these two chaotic maps are determined by a key stream generated in each round. Mao et. al. construct a new image encryption scheme based on the extended chaotic Baker map [6]. Zhang et al. first permute the pixels of images with discrete exponential chaotic map, and then use โโXOR plus modโโ operation for substitution [9]. Gao et al. present the image encryption algorithm based on a new nonlinear chaotic algorithm using a power function and a tangent function instead of a linear function. It also uses a chaotic sequence generated by a nonlinear chaotic algorithm to encrypt image data using XOR operation [10]. Zhou et al. propose a parallel image encryption algorithm using discretized kolmogorov flow map. All the pixels are first permuted with a discretized chaotic map and then encrypted under the cipher block chain mode [11].

There are however some other chaotic image encryption systems with different structures. For example, Pisarchik and Zanin suggested an algorithm to convert image pixels to chaotic maps coupled to form a chaotic map lattice. The encrypted image is obtained by iterating the chaotic map lattice with secret system parameters and number of cycles [12]. Pareek et al. extended the concept of their text encryption to image encryption by using two logistic maps and a key [13].

In this paper, a new permutation-substitution architecture using chaotic maps and Tompkins-Paige algorithm is proposed. Our designed technique for speech scrambling [14] is extended to two-dimensional (2D) permutation and is applied to image permutation [15]. We have improved our work by using chaotic maps and adding a substitution part to an image encryption system. In the permutation phase, a logistic map is used to generate a bit sequence, which is used to generate Pseudorandom numbers in Tompkins-Paige algorithm. A tent map is also used in the substitution phase to product a Pseudorandom image that is used to mix it with the permuted image. The permutation and substitution operations need two different keys, *Key*-*P* and *Key-S*, respectively. Satisfactory security performance of the proposed system is achieved in only one round and therefore the total encryption time is short .

The paper is organized as follows. In Section 2, principles of chaotic cryptography including chaotic maps and chaotic encryption are introduced. The proposed chaotic encryption systems using logistic random bit sequence generator, Tompkins-Paige algorithm, and tent Pseudorandom image generator are described in Section 3. In Section 4, simulation results of the proposed image encryption systems are presented. Finally, the security analysis is explained in Section 5.

#### 2. Principle of Chaotic Cryptography

The word cryptography refers to the science of keeping secrecy of information exchanged between a sender and a receiver over an insecure channel. The objective is achieved by data encryption so that only individuals who have the key can decrypt it. The key , in a typical encryption system, determines the transformation from the set of all possible samples, to the set of all possible permuted samples. An encryption system is a finite set of transformations from a finite sample space onto a permuted sample space . It means that each of the transformations in must be reversible, so that if a sample is transformed into the permuted sample by transformation *t*, , then the sample *m* is , where is the inverse transform of [16, 17].

In practice, we need to transmit a reasonable amount of information, which requires a large sample space and that in turn implies a large number of keys. The distribution of a large number of keys is liable to cause horrendous management problems. In a practical system, a cryptanalyst will have to worry about time and facilities. Often, the time taken to solve a permuted sample will be of utmost importance. It is quite likely that the samples need to be secret for a limited period of time, referred to as required cover time. Thus, it is certainly possible for a theoretically insecure system to provide adequate practical security [1]. If we set the cryptanalyst a task requiring a large amount of storage, or sufficiently large number of operations, then we may regard our system as practically secure.

With the desirable properties of ergodicity and high sensitivity to initial conditions and control parameters, chaotic maps are suitable for various data encryption schemes. In particular, chaotic maps are easy to be implemented using microprocessors or personal computers. Therefore, chaotic encryption systems generally have high speed with low cost, which makes them better candidates than many traditional ciphers for multimedia data encryption. There are two types of chaotic encryption systems: chaotic stream encryption systems, and chaotic block encryption systems. In chaotic stream encryption systems, a key stream is produced by a chaotic map, which is used to encrypt a plain-text bit by bit. A chaotic block encryption system, on the other hand, transforms a plain-text block by block with some chaotic maps [8].

##### 2.1. Chaotic Maps

In this subsection, we consider nonlinear and chaotic one-dimensional maps *f* :*, *where *.* The set is . The one-dimensional dynamical system can be defined by a difference equation similar to
where the variable *k* stands for time. A dynamical system consists of a set of possible states, together with a deterministic rule, which means that the present state can be determined uniquely from the past states. The orbit of under is the set of points , where and means times iterating of the function . The starting point for the orbit is called the initial value of the orbit. A chaotic orbit is one that forever continues to experience the unstable behavior that an orbit exhibits near a source, but that is not itself fixed or periodic [18]. Two well known one-dimensional chaotic maps are tent and logistic maps.

The iterative relation of the tent map is given by [18].

where is the initial condition and is the control parameter. The tent map is chaotic if is in the range of and . Figure 1(a) shows a sample return map of a tent map.

**(a)**

**(b)**

Logistic map is a one-dimensional quadratic map defined by

where is the control parameter, and is the initial condition. The control parameter should be taken in the range of to keep the logistic map chaotic. Figure 1(b) shows a sample return map of a logistic map.

The logistic equation involves two multiplications and one subtraction per iteration, while the tent equation includes one division and on average one subtraction. Meanwhile, the tent map has better chaotic behavior than the logistic map. As mentioned above, the range of control parameter () of the tent map is about twice the range of the logistic map. However, hardware implementation of the logistic map is simpler. We have used both these in our proposed system to improve security.

##### 2.2. Chaotic Encryption Scheme

Due to the tight relationship between chaos and cryptography, the use of chaotic maps to construct an encryption system has been widely investigated [19]. There are three typical ways of using chaos in an image encryption.

()Using chaos as a source to generate Pseudorandom bits with desired statistical properties to realize a secret permutation operation [6, 7, 20]. ()Using chaos as a source to generate Pseudorandom pixels with desired statistical properties to realize a secret substitution operation [5, 21โ23]. ()Using two chaotic maps in both permutation and substitution [8, 11, 12].The fundamental techniques to encrypt a block of symbols are confusion and diffusion. Confusion can make ambiguous the relationship between the plain-text and the cipher-text. Diffusion can spread the change throughout the whole cipher-text. Substitution, which replaces a symbol with another one, is the simplest type of confusion, and permutation that changes the sequence of the symbols in the block is the simplest method of diffusion. These techniques together are still the foundations of encryption [3].

###### 2.2.1. Chaotic Permutation

In designing private key cryptographic techniques, permutation methods are considered as important building blocks in conjunction with Pseudorandom sequence generators for selecting a specific permutation key. First, a *Key-P* is entered as a binary number equivalent to the given key. Then, a 1Dimentional chaotic map generates a random bit-string. Subsequently, a permutation matrix for the system is calculated.

A permutation matrix is an identity matrix with the rows and columns interchanged. It has a single in each row and column; all the other elements are . For example,

Any vector is multiplied by the permutation matrix in order to rearrange its elements. For example from 1-2-3-4 to 4-1-3-2 as shown in

For simplicity, the matrix could be expressed as a 4-element vector as shown in

Therefore, the permutation matrix of the elements could be expressed as an -element vector for simplicity (2.7), where [16]*. *

Each element in the vector shows the new position of each element in the permuted vector. The elements of the vector are rearranged in a new order according to โs in the simplified permutation matrix, . Practically, the element at the th position is moved to the position, respectively. By permutation on a set of elements, ,

where for (as an example: ifโโ then ).

###### 2.2.2. Chaotic Substitution

In cryptography, a substitution cipher is a method of encryption by which blocks of plain text are replaced with cipher-text according to a regular system; the blocks may be single or several letters. The receiver deciphers the text by performing an inverse substitution. Substitution ciphers can be compared with permutation ciphers. In a permutation cipher, the blocks of the plain-text are rearranged in a different and usually quite complex order, but the blocks themselves are left unchanged. By contrast, in a substitution cipher, the blocks of the plain-text are retained in the same sequence as in the cipher-text, but the blocks themselves are altered.

A permutation-only encrypted system is insecure against attacks [24]. To improve the security, substitution process is added to the encryption system. The substitution could be one of simple operations such as XOR, XNOR, shift, Add, and/ or a combination of these simple operations. Chaotic map is used as generation of Pseudorandom image for substitution. Actually, chaotic image with a size equal to plain-image is generated. All pixels of permuted image and new chaotic image are combined with modular addition. Substitute operation decreases the correlation between blocks or samples in text and makes its histogram uniform.

#### 3. Design of a Chaotic Image Encryption System

The block diagram of the proposed chaotic image encryption system is illustrated in Figure 2. This system includes two major units, chaotic pixels permutation unit and chaotic pixels substitution unit. Two different dynamical systems, that is, logistic and tent maps are also considered to generate a more complicated key and consequently a highly secure encryption system. In this paper, logistic map is used as a Pseudorandom bit generator while tent map is utilized to generate a Pseudorandom image generator. Pixels of a plain-image are rearranged by the permutation unit. The permutation unit uses a chaotic bit generator and Tompkins-Paige algorithm, to implement a and image permutation. The pixels of the permutated image are then changed in the chaotic pixels substitution unit. The substitution unit is used for the modular addition of the permuted image with a Pseudorandom image. A key that is used for the encryption system includes *Key-P* and *Key*-*S*. *Key-P* is used as the initial value and control parameter of a logistic map, which is utilized to generate random bit sequences. *Key-S* is applied to the tent map, as an initial value and the control parameter. Tent map is used to generate a Pseudorandom image. More details of each unit are explained in the following sections.

##### 3.1. Chaotic Pixel Permutation Unit

It is assumed that pixels are expected to be permuted. The number of possible permutations for pixels is , however not all permutations can be used. The Hamming distance is the number of elements moved by the permutation. The more number of elements moved by the permutation, the larger the Hamming distance. Meanwhile, permutation matrixes that are close to any circularly shifted versions of the identity order produce a permuted sample of high closeness to the original sample. Since typically, we might wish to have a choice of about permutation matrixes, the number of key bit, , should be selected such that . In the encryption system, the number of pixels to be permuted is assumed to be , since the image size . Therefore, the number of all possible permutations is [25, 26].

There are three steps in the design of the permutation subsystem, which are explained as follows. First, a *โbit* key is entered as a binary number equivalent to the given sub key *Key*-*P*. It is used as the initial value (*โbits*) and control parameter (*โbits*) of a logistic random bit generator. Then, a random bit string is generated. Subsequently, integer Pseudorandom numbers are calculated according to its range and Tompkins-Paige algorithm. Finally, Tompkins-Paige algorithm is applied to provide a permutation matrix for permutation of the pixels.

The block diagram of the system is illustrated in Figure 3. Three subsections, logistic random bit sequence (LRBS) generator, Pseudorandom number calculator, and Tompkins-Paige algorithm perform pixel permutation. An LRBS generator is needed as a first stage of the permutation matrix generator. An initial key is used as an initial value and control parameter of the logistic map. A bit-string is generated by LRBS and the integer Pseudorandom numbers are calculated by (3.1). The Tompkins-Paige algorithm is used to generate the target permutation matrix, which is obtained from repetition of some simple permutations.

Chaotic pixel permutation is used as the target permutation matrix to implement 1D and 2D image permutation [27].

###### 3.1.1. Logistic Random Bit Sequence (LRBS) Generator

Generation of the chaotic random bit sequence is done as follows [28]. An appropriate chaotic map is selected. The logistic map is general and simple as mentioned in Section 2. The probability density function of logistic is not uniform, but by introducing a proper threshold level, the output of the bit sequence becomes uniform. The control parameter and initial value of the map is determined. Then, a real value is generated by each iteration, which is converted into a bit by a single level threshold function. The threshold value is calculated using a computer simulation. Different values are considered and the occurrence of and is examined. The threshold is selected to 0.6 such that the probability of frequencies of () and frequencies of () is approximately equal. A sample histogram of a logistic map with and is shown in Figure 4. The initial *โbit *Key*- * contains a โ*bit* initial value and a โbit control parameter. A string of *bits*, is generated in iterations of LRBS. If the real output of logistic map in the specific iteration is less than , the output bit of LRBS is *,* otherwise it is .

###### 3.1.2. Pseudorandom Number Generator

Let be the th output bit of the LRBS, which is generated according to the initial key, *Key-P. * integer Pseudorandom numbers, โs are calculated using these โs*, *as shown in [26]

where
denotes the floor of . Since the number of permuted pixels is equal to the image size, integers and *bits * are required. It is obvious that the maximum value of every is , *. *

###### 3.1.3. Tompkins-Paige Algorithm

Tompkins-Paige algorithm gives a one-to-one correspondence between the integers and the permutation. As an example, the simple permutation of nine elements of *order * and *degree * is shown in the second row. The last elements are disturbed and an end-around shift of elements to the left are performed

Therefore, the simple permutation of *order * and *degree * is generally defined as shown in the matrix [26]

In the above example, , , and .

In this example, the target permutation of these elements can be obtained through compounding simple permutations of *orders * to , and for each order an associated degree. In each simple permutation, degree should be less than its order. In General, the target permutation on elements is the result of compounding simple permutations with order of to and degree of , where is less than the corresponding order in each simple permutation.

In this paper, the Tompkins-Paige algorithm is applied to elements with order of to and degree of . Finally, the permutation matrix of the elements is expressed in a elements vector [27].

As mentioned earlier, is the number of pixels, to be permuted and 's are calculated using (3.1), where, .

###### 3.1.4. Chaotic Pixel Permutation

The main idea behind the present work is that an image can be viewed as an arrangement of 2D pixels [29]. The intelligible information present in an image is due to the correlations among the pixels in a given arrangement. This perceivable information can be reduced by decreasing the correlation among the pixels using certain random permutation techniques.

The image can be seen as a array of pixels, each with gray scales. In pixel permutation techniques the pixels taken from the image are permuted with the key chosen from the key space. There are two options in permutation process: row permutation or column permutation.

In row permutation, according to Figure 3, the *Key-P* is used to generate the permutation matrix. The pixels of all rows are rearranged with respect to the permutation matrix/vector, as explained in Section 2.2.1. The result of these permutations is discussed in Section 4.

In column permutation, the pixels of all columns are rearranged with respect to the permutation matrix/vector according to the *Key-P*. The result of these permutations is also presented in Section 4.

###### 3.1.5. Chaotic Pixel Permutation

We extend the basic concept of Chaotic pixel permutation in order to design a permutation method. Here row and column permutation are applied simultaneously. In the permutation of the image, the permutation matrix of the rows and columns could be either identical, using the identical *Key-P*, or different, using the dissimilar *Key-P*.

In identical permutation approach, the pixels of all rows are first rearranged, with respect to the permutation matrix/vector and the pixels of all columns are then rearranged with respect to the same permutation matrix/vector. The encrypted images that appear as a random noisy image are shown in Section 4.

In a different permutation approach, the pixels of all rows are first rearranged, with respect to the first permutation matrix/vector and the pixels of all columns are then rearranged, with respect to the second permutation matrix/vector. The encrypted images that appear as a random noisy image are also shown in Section 4.

##### 3.2. Chaotic Pixel Substitution Unit

In the permutation part of the system, pixel positions are displaced without changing their gray level values. Hence, the histogram of the permuted image is similar to the histogram of the plain-image. The permuted image however cannot resist against "statistical" and โknown plain textโ attacks [6]. To improve the security of the proposed encryption system, its histogram needs to approximate the uniform distribution. This improvement is done using a substitution scheme, shown in Figure 5.

There are two main subunits in the substitution unit, tent Pseudorandom image generator and modulo addition. A *โbits* key (*Key-S*) is entered to the tent map, โ*bits* as an initial value of the map and the remaining bits as the control parameter. Tent map is used to generate a Pseudorandom image. In each iteration of the tent map, a Pseudorandom number between to is generated. For each image, 16โ384 iterations are required. Since a gray-scale image is selected, the Pseudorandom number should be linearly transformed to the range of . Then, the permuted image is modularly added with random image pixel-wise in mod . The substitution procedure decreases a correlation between pixels and makes the histogram more uniform.

###### 3.2.1. Tent Pseudorandom Image (TPRI) Generator

There are two options to generate a chaotic Pseudorandom image. A chaotic random generator along with a simple threshold detector similar to Section 3.1 could be utilized. Afterward, every โ*bits* stream should be converted to a gray scale of a pixel. As a second option, a chaotic random generator along with a linear transform may be used. The transformer is employed to convert a real range of to an integer range of linearly. It is completed by introducing threshold levels. As the latter seems to be faster, modification of chaotic random generator has been done as follows:

*Key-S*. Each of them is defined with โ

*bits*and a simple linear transformation.(3) Real values of chaotic sequences are generated by iterations of the map: where is the image size. (4) 255 threshold levels in the range [) are defined and a gray scale of pixels from through 255 are attributed to them, respectively.

TPRI output seems to be a noisy image and its histogram is uniform.

###### 3.2.2. Modulo Addition for Chaotic Pixel Substitution

It is desirable to decrease intelligibility of the encryption image. That is achievable with a substitute operation such that the final histogram becomes uniform and correlation between pixels is reduced. The permuted image could therefore be mixed with a noise image, TPRI. Modulo addition/subtraction is more suitable than XOR/XNOR operation. In this research, modulo additions are performed. At the encryption side, the permuted image, called *PIM*, is added modularly with the TRPI Image, called *TIM*, pixel wise to generate the encrypted image, called *EIM*. This is shown in

where and are the coordinates of the pixels in the range of .

In the decryption side, to recover the encrypted image, the same TRPI Image should be modularly subtracted from the encrypted image in mod . After that, the product image will be depermuted to retrieve a plain image. The simulation of the proposed encryption system is investigated in Section 4.

#### 4. Simulation of the Chaotic Image Encryption System

The proposed chaotic image encryption along with individual permutation and substitution has been simulated using MATLAB tools. In order to verify the exact operation of the proposed encryption system, and according to the process map of the system, that is, Figures 2, 3, and 5, the proposed chaotic image encryption has been coded and simulated. A Lena image with gray scales is used as a plain-image. The results obtained by the Lena gray scales image are demonstrated.

The proposed encryption system includes two major units, chaotic pixels permutation unit and chaotic pixels substitution unit. Three processes called logistic random bit sequence (LRBS) generator, Pseudorandom number calculator, and Tompkins-Paige algorithm are used to perform the pixel permutations.

First, the logistic map to generate a string of bits uses a *Key-P* with โ*bits*. Since the chaotic range of the initial parameter is about , โ*bits* of *Key-P* are used as an initial value. โ*bits* are considered as a control parameter. Then integer Pseudorandom numbers, degree, are calculated and used as the degree of permutation. The Tompkins-Paige algorithm is then used to find the target permutation by multiplication of simple permutations. A sample of identity and permutation matrix of a sample key is presented in Figure 6.

**(a)**

**(b)**

Subsequently, as shown in Figure 5 and explained in Section 3.2, *Key-S* (*โbits)* is entered as an input variable to the system, 64โ*bits* as an initial value of the map and 64โ*bits* as the control parameter. A Pseudorandom image of size with gray scales is generated using the tent map. The pixels of the Pseudorandom image are then modularly added with the pixels of permutated image of the previous phase to generate the final encrypted image.

Afterward, an image with gray scales (Figure 7) is used as a plain-image and applied to the proposed encryption system. The output of each stage is shown next. The results of row and column permutation unit are shown in Figures 8 and 9, respectively.

**(a)**

**(b)**

In Figure 10, the result of the permutation of plain-image is illustrated, where the permutation matrixes of the rows and columns are identical using the identical *Key-P*โs. Figure 11 shows another permutation with different permutation matrixes, using different* Key-P*โs. The encrypted images of Figures 10 and 11 approximate Pseudorandom noisy images.

A *โbits* key is then entered to the tent map, *bits* as an initial value of the map and *bits* as the control parameter. Tent map is used to generate a Pseudorandom image. In each iteration of the tent map, a Pseudorandom number between to is generated. The Pseudorandom number should be linearly transformed to a range of , since a gray scale image is desired. Then, the permuted image is modularly added with Pseudorandom image pixel-wise in mod . Figure 12 illustrates an example of a tent Pseudorandom image with gray scales and its histogram. It is similar to a noisy image.

**(a)**

**(b)**

Finally, the permuted image is modularly added with the TRPI Image pixel-wise in mod . The results of the modularly addition stage and its histogram are depicted in Figure 13. The final histogram clearly appears uniform.

**(a)**

**(b)**

#### 5. Security Analysis

In this section, the performance of the proposed chaotic image encryption system is analyzed. The security analysis presented in this section is based on the performance of only one round of operation of the proposed encryption system including a permutation and a substitution. However, to improve the security of the proposed algorithm, more than one iteration can be applied with different keys. The first criterion for this security analysis is the chi-square test of histogram of each encrypted image. The second criterion is the correlation coefficients of pixels in the encrypted image in the vertical, horizontal, and diagonal directions. The third criterion is the difference between each encrypted and corresponding plain-image, which is measured by mean absolute difference, number of pixel change rate, and unified average changing intensity. The fourth criterion in this security analysis is key space.

##### 5.1. Histogram

The histogram of the plain-image is illustrated in Figure 7. The histograms of all permuted images shown in Figures 8 to 11 are similar to the histogram of the plain-image. The histogram of the encryption system has to approximate the uniform distribution. The result of the encryption system and its histogram are illustrated in Figure 13. The histogram is approximated by a uniform distribution. The uniformity is justified by the chi-square test [30] in

where is the number of gray levels (), is the observed occurrence frequencies of each gray level (0โ255), and the expected occurrence frequency of each gray level is . Assuming a significant level of . Chi-square value for the final encrypted image of the proposed system is , .This implies that the null hypothesis is not rejected and the distribution of the encrypted histogram is uniform, [30].

##### 5.2. Correlation Coefficient

The proposed chaotic image encryption system should be resistant to statistical attacks. Correlation coefficients of pixels in the encrypted image should be as low as possible [12, 31]. Horizontal, vertical, and diagonal correlation coefficients () of two adjacent pixels can be calculated using the following equations:

where and are gray-scale values of two adjacent pixels in the image and denotes the expectation operator shown in

About a thousand pairs of two adjacent (in vertical, horizontal, and diagonal direction) pixels are randomly selected from the encrypted image, and the correlation coefficients are calculated, respectively. The results are shown in Table 1. It is clear that the correlation coefficients of the proposed encrypted image (Figure 13) in all three directions are smaller than the correlation coefficients of the proposed permuted image (Figure 7). Correlation coefficients of tent Pseudorandom image (Figure 12) are also small.

Meanwhile, the correlation coefficients of the proposed methods (Table 1: column 5, Table 2: column 6) are compared with results of four other papers [6, 9, 10, 32], which are shown in Table 2. As shown, the average correlation coefficient of the proposed system is less than all of the other methods.

##### 5.3. Difference between Encrypted and Plain-Images

The encrypted image should be significantly different to the original one. To quantify this requirement, three measures are used: mean absolute error (MAE), the number of pixel change rate (NPCR), and unified average changing intensity (UACI) [1, 30].

The performance of each stage of the difference between permuted/encrypted and plain-images is measured by the mean absolute error (MAE) criterion in

where *, *size of image, is equal to *.* The parameters and are gray-scale values of pixels in plain and encrypted images, respectively. The larger the MAE value, the better the encryption security. According to the selected key, the results are shown in Table 3. It is illustrated that MAE of the proposed column permutated image is about , while the MAE for row permuted image and permuted image are about . The MAE of proposed encrypted image is about that is percent more than MAE of row and permutation. It is obvious that substitution and permutation are more secure than only-permutation encryption systems.

The NPCR is the percentage of corresponding pixels with different gray levels in two images. Let and be the gray level of the pixels at the th row and th column of two images. The NPCR of these two images is defined in

where is defined as

Another measure, UACI, is defined as the average intensity difference in a gray level of corresponding pixels and is defined as

Considering two Pseudorandom images, the expected value of NPCR is found to be . The proposed method is evaluated using this criterion and NPCR of Figure 13 is . In the case of two Pseudorandom images, the expected value of UACI can be computed as , assuming each gray level is coded with 8โ*bits*. The proposed method is evaluated using this criterion too and UACI of image in Figure 13 is .

As shown in Table 4 our proposed method with difference to the expected value of NPCR is improved compared to the other reported methods. It also shows that, our method has advantage with respect to UACI criteria, with a difference of about to its expected value.

##### 5.4. Key Space Analysis

Key space should be sufficiently large to make brute-force attack infeasible. Key space is the total number of different keys that can be used in the encryption system. The keys of the proposed system in this paper consist of permutation key,* Key-P *โ*bits,* and substitution key,* Key*-*S *โ*bits*. Each key includes initial value and control parameter of corresponding chaotic maps. Only *โbits* are used as parameter of logistic map, since the chaotic range of logistic map is about of a chaotic range of tent map. The total key length is โ*bits*, which contain three equal *โbits* plus *โbits*. Therefore, the key space is , that is, . It is shown that, the key space is large enough to resist the proposed system against any brute-force attack. Comparison of the key length in our proposed method with the others is shown in Table 5.

It is possible to increase the number of bits for total key in hardware implementation. However, by increasing the key length, volume of hardware is increased and consequently speed of the system is decreased. With respect to the speed of the todayโs computers, the key space size should be more than in order to avoid brute-force attacks [33].

#### 6. Conclusion

In this paper, we presented a new permutation-substitution image encryption architecture using chaotic maps and Tompkins-Paige algorithm. The proposed encryption system included two major parts, chaotic pixels permutation and chaotic pixels substitution. A logistic map was used to generate a bit sequence, which was in turn used to generate Pseudorandom numbers in Tompkins-Paige algorithm, in pixel permutation phase. Pixel substitution phase, included two processes, the tent Pseudorandom image (TPRI) generator and modulo addition operation. A tent map was used to produce a Pseudorandom image that was mixed with the permuted image.

The permutation and substitution operations needed two different keys, *Key-P* and *Key-S*, respectively. The total key length was โ*bits*. Therefore, the key space was , that is, , which was large enough to protect the system against any brute-force attacks.

The image was a array of pixels, each with gray scales. The permutation was designed by permutation of rows and columns simultaneously. To improve security of the proposed encryption system, the histogram needed to become uniform. This was achieved by pixel substitution. There were two main parts for pixel substitution here, tent Pseudorandom image generator and modulo addition operation. A *Key-S* was entered in to the tent map to generate a Pseudorandom image with uniform histogram. Subsequently, pixels of permuted image were modularly added to pixels of random image with uniform distortion.

All parts of the proposed chaotic encryption system were simulated using a computer code. The histogram of the encrypted image was approximated a uniform distribution. The uniformity was justified by the chi-square test. Chi-square value shows that the distribution of the histogram of the encrypted image is uniform. The vertical, horizontal, and diagonal correlation coefficients, as well as their average and RMS values for the proposed encrypted image were calculated. The individual values and their average and RMS values of correlation coefficients were lower than the corresponding values from previous research by a factor between to . Therefore, the proposed encryption system was resistant against any statistical attack.

To quantify the difference between encrypted image and corresponding plain-image, three measures were used: mean absolute error (MAE), number of pixel change rate (NPCR), and unified average changing intensity (UACI). It was concluded that the NPCR and UACI criteria of the proposed system were satisfactory when compared to other research results as was the security performance of the proposed system. All these results were obtained in only one round of encryption process.

#### Acknowledgment

The authors would like to thank Dr. Mehrnaz Shoushtarian, for her useful comments and suggestions.