#### Abstract

Cellular automata (CA) are simple models of computation which exhibit fascinatingly complex behavior. Due to the universality of CA model, it has been widely applied in traditional cryptography and image processing. The aim of this paper is to present a new image encryption scheme based on balanced two-dimensional cellular automata. In this scheme, a random image with the same size of the plain image to be encrypted is first generated by a pseudo-random number generator with a seed. Then, the random image is evoluted alternately with two balanced two-dimensional CA rules. At last, the cipher image is obtained by operating bitwise XOR on the final evolution image and the plain image. This proposed scheme possesses some advantages such as very large key space, high randomness, complex cryptographic structure, and pretty fast encryption/decryption speed. Simulation results obtained from some classical images at the USC-SIPI database demonstrate the strong performance of the proposed image encryption scheme.

#### 1. Introduction

Nowadays images are widely used in multimedia applications. These images often contain private or confidential information and sometimes they are associated with financial interests. Security thus becomes increasingly important in the communication and storage of these images. In order to guarantee security, we need process images with the help of cryptography. The purpose of cryptography is to hide the content of messages by encrypting them, so as to make them unrecognizable unless decrypted by someone who has been given a special decryption key. There are several conventional encryption methods which are often used to encrypt common messages or texts, but these traditional cryptographic algorithms do not fit image encryption because of the different characteristics between digital data and image data. The notion of “image encryption” is aiming toward the emerging cryptographic technologies and applications on images. Image encryption has applications in many fields such as internet communication, multimedia systems, medical imaging, telemedicine, and military communication. However, images have intrinsic characteristics like bulk data capacity and high redundancy, as well as real-time requirement. Encryption on images has its own special requirements.

Cellular automaton (CA) is a good candidate for image cryptosystems because of its inherent properties like parallelism, homogeneity, and unpredictability, as well as it is being easily implemented in both software and hardware systems. Ever since Wolfram studied the first secret key process based on cellular automata [1], many researchers had explored variant cryptology based on them [2–5]. In recent years, CA especially has been used widely for image cryptography, including image scrambling [6], watermarking [7], secret image sharing [8–11], image encryption [12–18], and image security system [19–21]. In addition, CA has been applied in the field of image processing [22], including image coding [23] and image segmentation [24]. Other methods also have been researched for image encryption [25–27].

In the first beginning, some researchers designed image encryption schemes with one-dimensional (1D) CA [17, 18]. Because the image is a two-dimensional array of pixels instead of a one-dimensional digital data, two-dimensional (2D) cellular automata will be more suitable to be applied for image encryption. So later, some people introduced two-dimensional CA in the application of image encryption. But many of them used Von Neumann neighborhood [12, 13, 19, 20], or incomplete Moore neighborhood [14], instead of Moore neighborhood, which influenced the capacity of key space. In this paper, a new image encryption method is proposed based on balanced two-dimensional cellular automata with complete Moore neighborhood. Firstly, we use 2D cellular automata with complete Moore neighborhood which is easy to get larger key space. Secondly, we use balanced CA rules which are helpful to generate cipher images with higher randomness. Thirdly, we choose several rows from the initial random image to generate the sequence which controls the order of two balanced CA rules with different radius, which enhances the complexity of our encryption scheme. Furthermore, the encryption/decryption algorithms with their properties are tested and analyzed. Results show that this image encryption is lossless and has a good statistical performance.

This paper is organized as follows. Some background knowledge of 2D CA is described in Section 2. The proposed image encryption/decryption method is presented in Section 3. Simulation results are given in Section 4. The key space analysis and other security analysis are shown in Section 5. Finally, some conclusions are presented in Section 6.

#### 2. 2D Cellular Automata

A *cellular automaton* is a discrete dynamical system that consists of an arrangement of basic components called cells together with a transition local rule [1]. The cells have a finite number of states that are updated synchronously according to the specified local rule. Configuration consists of all the states of cells at time . Since image is made up of pixels specified by two-dimensional plane coordinates, we take a two-dimensional CA as example in a concrete description. is the underlying space of the two dimensional CA. The cells are arranged in the form of a square lattice structure. The intersections of squares form the cells of the automaton. We can use to specify every cell whose state is assumed to be or and whose neighborhood is the set of nine cells , , , and . The neighborhood is the so-called * Moore neighborhood* which is formed by the specified cell with its eight nearest neighbors. We denote the state of cell by . Then, the nine cells are arranged in in such a way as
Hence, can be expressed in equations as follows: where means the 8-bit binary representation of , , and . is called a *radius-**1 neighborhood local rule*. For convenience, we represent the local rule by , which is called the *Wolfram number* of . For example, represents a 128-bit hexadecimal number, that is, 512-bit binary number, combined by 16 copies of the same hexadecimal number together. If there are 256 0s and 256 1s in the 512-bit binary representation of , we call a *balanced CA local rule*. If we consider the CA rule and the plain text as an information source, the amount of information is the increased uncertainty of ciphertext generated by the information source, that is, entropy. It can be proved that the ciphertext generated by the balanced CA rules has a bigger entropy than that generated by the unbalanced CA rules. The balanced CA rules are better rules to generate ciphertext with maximal entropy. So in the proposed image security system, we use balanced CA rules to encrypt images.

We denote
as the radius- neighborhood of the cell . Note that there are 25 cells in every cell's radius-2 neighborhood, and the number of independent variables of local rule achieves 2^{25}. Then, the set of local rules would contain
elements. Similar to radius-1 neighborhood local rule, we represent the radius-2 neighborhood local rule by
For example,
represents a 8388608-bit hexadecimal number, that is, 33554432-bit binary number, combined by 262144 copies of the same hexadecimal number
together. If exactly half of these 33554432 binary numbers are , is also a balanced CA local rule. A radius- neighborhood local rule can be similarly represented if .

Suppose that the original configuration is at time , and the states of cells, say, in the radius-1 neighborhood of a cell whose state is are . If we operate the rule on , the state of the cell will change to be at time . All cells’ states can be obtained in the same way. We put the states together to obtain configuration which can be considered as the result of the global transformation acting on . We can write . Sometimes, we simply write . Furthermore, , , , can be generated in succession.

#### 3. The Proposed Image Encryption and Decryption Scheme

Because every image is finite while is infinite, we must deal with this contradiction by applying two dimensional CA. If we consider the image to be on a topological anchor ring, that is, the right border of the image laps the left one and the top border superposes the bottom one, then every pixel has nine neighbors (including itself) in its neighborhood in the image.

Without loss of generality, we take black-and-white binary image with height and width to illustrate how to encrypt image by applying the proposed CA approach. Let black represent 1 and let white represent 0 in a black-and-white binary image . Each row of image can be considered as a 0-1 binary string of length .

Our proposed image encryption/decryption scheme is a kind of stream cipher. In our image encryption scheme, the sender Alice and the receiver Bob agree on some necessary information in the beginning: a selected balanced radius-1 neighborhood local rule , a selected balanced radius-2 neighborhood local rule , a seed(*seed*) which is used to generate pseudo-random numbers, a subpermutation of , where , , . In other words, Alice should transmit , , *seed*, and to Bob through secret channel before she sends cipher images. Alice generates an original random binary image with the same size as the plain image by a pseudo-random number generator (PRNG) with *seed*. Denote the th row of by , where . will be a binary string of length . We concatenate the strings one by one, then we get a binary string of length , denoted by , that is, . Here can be considered as a control sequence to determine whether or is being used in the encryption process. Suppose
where is 0 or 1, , and the short vertical lines are used to facilitate observation. The proposed image encryption/decryption scheme is described as follows.

##### 3.1. The Image Encryption Algorithm

*Step 1. *Alice generates by a PRNG with seed. Let and be the configuration at time .

*Step 2. *Alice gets after the sequential local rules acting on successively, that is, . Then let ; that is, operate XOR on and .

*Step 3. *Let . If , go to Step 2; else, go to Step 4.

*Step 4. *Alice obtains the cipher-image through the operation of XOR on and .

*Step 5. *Alice sends to Bob.

##### 3.2. The Image Decryption Algorithm

*Step 1. *Bob gets by the PRNG with seed that he has obtained through the secret channel from Alice. And then he gets from and ; that is, he knows
Let .

*Step 2. *Bob gets after the sequential local rules acting on successively, and then he gets .

*Step 3. *Let . If , go to Step 2; else, go to Step 4.

*Step 4. *Bob easily recovers the original secret black-and-white binary image through the operation of XOR on and because .

#### 4. Simulation Experiments

As an example, we take the classic gray-scale image “Lena” with size , as the plain image to show our algorithm. Here, . The gray scale of each pixel in the image is between 0 and 255. In order to use our algorithm, we represent each pixel’s gray scale in the binary number system. For example, let be the gray scale of the pixel in the th row and th column and , where or 1, . Then, we regard “Lena” image as composition of 8 layers. Each layer is a black-and-white image of size . And the pixel located in the th row and th column of the th layer is black if and white if . In other words, the th layer consists of all the pixels with value 0 or 1 that equals to the th bit of the binary representation of each pixel of “Lena” image.

Suppose Alice and Bob both agree on the balanced radius-1 neighborhood local rule and balanced radius-2 neighborhood local rule being respectively. Of course they can choose other appropriate balanced CA rules as they want.

Alice generates a random gray-scale image with the same size of “Lena” image by the PRNG with seed. is also considered as composition of 8 layers. Each layer consists of all the pixels with value 0 or 1 that equals to the th bit of the binary representation of each pixel of image . For each layer of plain image , this system uses one corresponding layer of to encrypt it.

Figure 1 is “Lena,” the original gray-scale image encrypted by using our algorithm. And the encryption result is shown in Figure 2. After deciphering the cipher image by performing the process of decryption with the help of random image , Bob can get the recovered image which is identical to the original “Lena” image in Figure 1.

#### 5. Security Analysis

A good encryption scheme should be robust against all kinds of attacks that are already known, and key space should be large enough to make brute-force attack infeasible. In this section, some security analyses such as key space analysis, statistical analysis, and confusion analysis, have been performed on the proposed image encryption scheme to show that the proposed scheme is secured against the most common attacks.

##### 5.1. Key Space Analysis

Key space should be large enough to be robust against the unpredicted attacks. In our encryption scheme, we only need at most byte memory to store the sequential local rules , which can be realized easily in practice. If the eavesdropper Charlie wants to break this scheme by brute force, he must contend with searching through all subpermutations of , all possible balanced radius-1 neighborhood local rules and all possible balanced radius-2 neighborhood local rules. By counting arguments, we can know that the number of all subpermutations of is where is the base of natural logarithm.

Hence, the volume of security key of our encryption scheme is approximately

The volume of security key of the scheme that we proposed is much larger than 256, which is the volume of security key introduced in [14]. And it is also larger than 10^{9536}, , and 10^{14775} which are the lower bounds of the volume of security key introduced in [12], [19], and [20], respectively. In addition, it is larger than the volume of security key introduced in [16–18]. This makes the algorithm robust against unpredicted attacks.

##### 5.2. Statistical Analysis

An encryption algorithm should be robust against statistical attacks. For testing it, statistical analysis such as image histogram and correlation coefficient of images has been conducted. In order to get the better statistical performance, we use the balanced CA rules instead of common CA rules in our proposed image encryption scheme.

###### 5.2.1. Histogram Analysis

Image histogram is used to show the number of pixels per gray level. In general, more uniformed histogram results in less statistical attacks. The encrypted results are shown in Figure 3. Frame (a) is the original image and frame (c) is its histogram. Frame (b) is the encrypted image and frame (d) is the corresponding histogram of it.

It is clearly shown in Figure 3 that the histogram of the encrypted image is almost uniform regardless of the original image and is significantly different from that of the original image, so statistical attacks will become very difficult.

###### 5.2.2. Correlation Coefficients

In a digital image pixels are not independent and their relevance is great. This may indicate that a large area of the image has similar gray-scale value. For example, in a common television digital image, the correlation coefficient of adjacent pixels may reach 0.9; that is, the relevance (which means information redundancy) is very big. The smaller the relevance, the better is the encryption effect and the higher is the security.

We show the fact that the relevance between plain images and cipher images is very small in two ways.

First we repeat the encryption scheme 16 times using the plain-image “Lena.” Each time a different random image is generated for the encryption scheme. We calculate the correlation coefficients between the plain-image and the ciphered-image . Here, we use the formulae in [21]: where are the gray-scale values of all the pixels in the images , are the gray-scale values of all the pixels in the images , and is total number of pixels of or . can vary between −1 and 1, so . If is near 1, we will conclude that and are correlated and if is near 0, we will conclude that there is a trivial correlation between and . All the correlation coefficients are calculated and listed in Table 1 as below.

Second, we test horizontal, vertical, and diagonal correlations for the plain-image and cipher-image after the encryption process. A number of 4096 random pairs of horizontally, vertically, and diagonally adjacent pixels have been tested. Numerical results are shown in Table 2.

Correlation coefficients in the table are between −1 and 1. It is a fact that the closer the coefficients are to zero, the smaller the correlation between pixels is. The results show that the correlation coefficients of the encrypted image are close to zero, so correlation between pixels of the encrypted image is very small. This indicates little possibility of prediction and high security.

In order to see it more clearly, we show the correlation of two horizontally, vertically, and diagonally adjacent pixels in the original image and the encrypted image in Figure 4. Note that to be more explicit, only 600, instead of 4096, points are drawn in each frame.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

##### 5.3. Confusion Analysis

In Shannon's original definitions, confusion refers to making the relationship between the ciphertext and the private key as complex and involved as possible. An excellent encryption algorithm should be sensitive to small changes in key. In other words, a slight change in the key can cause very different results. For example, in the experiment simulation, we use and to encrypt the plain-images. Then we make a very slight modification, for example, changing the first bit of the Wolfram number of to its complement to get . In order to prove that the very small change can lead to a large difference, we perform two simulations as follows.

(1) Encrypt three classical images at the USC-SIPI database [28] with key CA rules and , and , respectively, while the subpermutation is the same. Here “Lena,” “House,” and “Pepper” are used as examples. The correlation coefficients between each pair of encrypted images are calculated in Table 3, which shows that a small change of key can lead to very different results.

In order to give a clearer quantitive illustration, we introduce two indexes NPCR and UACI for further analysis.

*(**I) NPCR Analysis. *In this analysis, a image “Lena” is chosen and encrypted by using and to get . Then, it is encrypted once again by using and to get . Label the gray-scale values of the pixels at grid in and by and , respectively. Define the “difference array,” , which is a binary array, with the same size as images and . And is determined by and , namely,

The number of pixels change rate (NPCR) is defined as where and are the width and height of or .

For two independent random images, the expected value of NPCR is , where is the number of bits used to represent one pixel of the image. For 8-bit per pixel gray-scale random images, .

*(**II) UACI Analysis. *The unified average changing intensity (UACI) is defined as
where and are the width and height of or . The UACI measures the average intensity of the differences between the two cipher images. For two random images, the expected value of UACI is
where is the number of bits used to represent one pixel of the image. For two 8-bit per pixel random gray-scale images, the expected value of UACI is .

In our study, we encrypt the plain-image “Lena” with key CA rules and . Then, we encrypt the plain-image “Lena” once again with key CA rules and . and only differ in the first bit. Finally, the encrypted images are compared. We measure NPCR and UACI of the two cipher images with only one bit difference in key rules and the results are given in Table 4.

As you see in Table 4, the NPCR and UACI values of the scheme are very near to the ideal values 99.6094% and 33.4635%, respectively. Based on these findings, we conclude that our method is safe and our system is secured.

(2) After encrypting the plain-image with key rules and as mentioned above, we make a very slight modification, for example, changing the first bit of the Wolfram number of to its complement to get . Then, if we use and to decrypt the ciphered image, the decryption should not succeed. Table 5 confirms our findings. In it, frame (a) is the plain image. Frame (b) is the cipher-image encrypted with rules and . Frames (c) and (d) show the decrypted images from frame (b) with key rules and , and , respectively. It is clear that the image encrypted by and cannot be correctly decrypted by using and . Since there is only one bit difference between the two keys, the results show the high key sensitivity of the proposed CA encryption scheme.

##### 5.4. Information Entropy

Entropy is one of the important features for randomness. The information entropy is defined as follows: where is the th gray value for an level gray image. The closer an entropy rate is to eight, the less is the possibility of predictability and the higher is the security level. As specified in Table 6, entropy of the encrypted images is very close to 8, and it indicates that this algorithm is robust against entropy attack.

#### 6. Conclusion

In this paper, a new image encryption/decryption scheme is proposed based on balanced two-dimensional CA. If Alice wants to transmit a secret image with height and width to Bob, they need agree on a subpermutation , a balanced radius-1 neighborhood local rule , a balanced radius-2 neighborhood local rule , and a seed. Then, Alice generates a random image by a PNRG with the seed and evolutes it times by alternatively using rules and according to the sub-permution and . After each evolution, a bitwise XOR will be operated on and the evoluted result to get . At last, Alice sends to Bob as the cipher-image. The decryption process is similar.

The scheme proposed in this paper possesses the characteristics of convenient realization, very large number of security keys, pretty fast encryption speed, and low cost. Theoretical analysis and simulated experiment show that the scheme has the confusion property and excellent performance against statistical attacks.

Cellular automata are simple models of computation which exhibit fascinatingly complex behavior. They have captured the attention of several generations of researchers, leading to an extensive body of work. For example, John Conway's Game of Life is actually a two-dimensional CA with special local rule. Due to the universality of CA model, it can be more widely used in cryptography and image processing, and that will be our future work.

#### Acknowledgments

The authors would like to thank the anonymous reviewers for their careful reading of the paper and valuable suggestions and comments that have helped a lot to improve the quality of the paper. This work was supported by RPGE, NSFC-61021062, and the Natural Science Foundation of the Jiangsu Higher Education Institutions of China (13KJB110018).