#### Abstract

A recently proposed secure image encryption scheme has drawn attention to the limited security offered by chaos-based image encryption schemes (mainly due to their relatively small key space) proposing a highly robust approach, based on Rubik's cube principle. This paper aims to study a newly designed image cryptosystem that uses the Rubik's cube principle in conjunction with a digital chaotic cipher. Thus, the original image is shuffled on Rubik's cube principle (due to its proven confusion properties), and then XOR operator is applied to rows and columns of the scrambled image using a chaos-based cipher (due to its proven diffusion properties). Finally, the experimental results and security analysis show that the newly proposed image encryption scheme not only can achieve good encryption and perfect hiding ability but also can resist any cryptanalytic attacks (e.g., exhaustive attack, differential attack, statistical attack, etc.).

#### 1. Introduction

In secure communication, image encryption schemes transform clear images into unintelligible others. The fundamental techniques used to encrypt a block of pixels are substitution and permutation.

Recent years’ battle focuses on designing of highly robust encryption schemes (i.e., which provide good confusion and diffusion properties, to ensure coveted security factor), either using peculiar pixel shuffling methods [1–4], or using innovative digital chaos-based ciphers [5–25], or by making justified compositions between these different pixel shuffling and ciphering techniques [26, 27].

In this paper, we take advantage of results enforced in our past research articles [1, 28] (i.e., with images encryption schemes and chaotic ciphers generation), in order to design and analyze a new secure image encryption algorithm (based, in principle, on classic permutation-substitution architecture).

The rest of this paper is organized as follows. Section 2 presents the design of image cryptosystem (based on Rubik’s cube principle and chaotic cipher). Section 3 makes detailed and comprehensive security assessments on the proposed scheme, while presenting experimental results. Finally, Section 4 concludes the work carried out.

#### 2. Modified Rubik’s Cube Image Encryption Algorithm

As the title suggests, this work is based on a previous work about images encryption algorithm, which at its turn is founded on Rubik’s cube principle [1], but with slightly different approaches:(1) on pixels’ shuffling procedure:(a) rows and columns are alternatively shuffled (i.e., a row followed by a column, at a time),(b) each row’s and column’s circular-shifting direction and number of steps is derived from their intrinsic properties, using different modulo operators;(2) on pixels’ ciphering procedure:(a) maintaining the rule of alternating rows and columns, the shuffled image is doubly ciphered, using two different ciphering matrices,(b) ciphering matrices are built using bitstreams generated by chaotic systems, in conjunction with a multilevel discretization method [28].

In the following three subsections, we will describe the new modified encryption procedure.

##### 2.1. Encryption Algorithm

With representing the pixels values matrix of an 8-bit gray level scale image of the size , the steps of newly proposed encryption algorithm are as follows.(1) Randomly generate , number of iterations, and , , rows’ and columns’ modulo operators; initialize to zero. (2) For , (a) compute the sum of all elements in row (b) compute modulo of (c) compute modulo 2 of (d) if is right circular-shifted, with steps; else, if is left circular-shifted, with steps(e) compute the sum of all elements in column (f) compute modulo of (g) compute modulo 2 of (h) if column is up circular shifted, with steps; else, if column is down circular shifted, with steps.(3) Increment ; if , go to the previous step; else, go to the next step. Steps (2)-(3) will modify matrix , generating a newly one denoted as (i.e., with horizontal and vertical pixels shuffled). (4) Compute ciphering matrices and (5) For , (a) cipher row (b) cipher column Step (5) will modify the matrix , generating a newly one denoted as (i.e., representing the pixels values matrix of the encrypted image).

##### 2.2. Decryption Algorithm

With representing the pixels values matrix of an 8-bit gray level scale encrypted image of size , with the correct key , the original image is recovered as follows.(1) Compute ciphering matrices and (2) For ,(a) decipher row (b) decipher column

Step (2) will modify matrix , generating a newly one denoted as (i.e., representing the pixels values matrix of the deciphered image). (3) Initialize to zero.(4) For , (a) compute the sum of all elements in column (b) compute modulo of (c) compute modulo 2 of (d) if column is up circular shifted, with steps; else, if column is down circular shifted, with steps,(e) compute the sum of all elements in row (f) compute modulo of (g) compute modulo 2 of (h) if is right circular shifted, with steps; else, if is left circular shifted, with steps.(5) Increment ; if , go to the previous step; else, the decryption process is done. Steps (4)-(5) will modify the matrix , generating a new one denoted as (i.e., representing the pixels values matrix of the deshuffled image ~ the original image).

##### 2.3. Ciphering Matrices Computation

Given any chaotic map (e.g., a tent map (17), denoted as ), using random sequences of real numbers generated by its orbits in conjunction with a multilevel discretization method [28] (e.g., with four thresholds, i.e., 2-bit encoding of each interval), resulted di-bits are spread into two separate files (i.e., “,” containing di-bit’s first bit; resp., “,” containing di-bit’s second bit). Consider di-bit pairs have been generated (i.e., 2.097.152 bits were written in each file), this number being, as seen, directly proportional to the image dimensions.

’s initial seeding points were and .

Under the previous circumstances, ciphering matrices are computed as follows.(1) Open and read “” and “” files; initialize a temporary counter to zero.(2) Initialize and , where (3) For , for ,(a) take eight consecutive bits from each file (b) update and (c) update the temporary counter Steps (1)–(3) will produce the ciphering matrices.

#### 3. Experimental Results

In order to assess the efficiency and security of the newly resulted image encryption algorithm, various analyses were conducted (e.g., statistical, strength against some cryptographic attacks, etc.). This section deals with the presentation of tests and observations over the results achieved (performances).

##### 3.1. Visual Testing

The purpose of visual testing is to highlight presence of similarities between plain-image and shuffled and (or) ciphered image (i.e., if the scrambled and (or) ciphered image does or does not contain any features of the plain-image).

Visual testing was performed on the pixels, 8-bit, gray-level, Lena standard test image. Figure 1 depicts the test image (a), along with its shuffled (b) and ciphered (c) versions. By comparing them, one can say that there is no perceptual similarity (i.e., no visual information can be observed in processed versions of plain-image).

**(a)**

**(b)**

**(c)**

##### 3.2. Security Assessment by Statistical Analysis

The main two statistical analyses, generally performed when it comes to showcase confusion and diffusion properties of an image shuffling and (or) ciphering algorithm, are the histograms analysis and analysis of the correlation coefficient between adjacent pixels. [1, 2, 5–8, 26].

###### 3.2.1. Histogram Analysis

Histogram analysis depicts pixels’ distribution within an image, by representing their number relative to each intensity level. Figure 2 represents histograms of original (a), shuffled (b), and ciphered (c) images. As expected, although a superior diffusion effect is achieved through pixels’ shuffling procedure, image histogram is not modified thus making it vulnerable to statistical attacks. But after algorithm’s second phase (i.e., ciphering procedure) completion, the histogram gains a uniform distribution, meaningfully different than the one of original image (which contains large sharp rises followed by sharp declines), and thus with no statistical similarity in appearance, resulted image does not provide any clue for statistical attacks.

**(a)**

**(b)**

**(c)**

###### 3.2.2. Adjacent Pixels Correlation Coefficients

It is well known that, generally in plain-images, any arbitrarily chosen pixel is strongly correlated with its adjacent pixels (either they are diagonally, vertically, or horizontally oriented) [3, 9]. Figure 3 shows the correlation distributions of the horizontal adjacent pixels for the original (a), shuffled (b), and encrypted images (c), while the correlation distributions of the vertically and diagonally adjacent pixels are shown in Figure 4, respectively, Figure 5. At the same time, all the correlation coefficient values (computed over 10.000 pairs of adjacent pixels, randomly selected, for each of the testing directions) are summarized in Table 1. It can be easily noticed that neighboring pixels in the original image are highly correlated; that is, correlation coefficient values are too high, very close to one. In contrary, in cases of shuffled and encrypted images, those values are close to zero, meaning that all neighboring pixels considered in tests are weakly correlated, which is the expected result [4, 10–12, 29].

**(a)**

**(b)**

**(c)**

**(a)**

**(b)**

**(c)**

**(a)**

**(b)**

**(c)**

Overall, results are with an order of better magnitude, compared with results of other proposed algorithms, as proven in [13–16].

##### 3.3. Security Assessment by Differential Analysis

Differential cryptanalysis assumes that the attacker is able to create small changes in the input plain-image and examine outputs (i.e., original image’s processed versions). In doing this, shuffling and (or) encryption key(s) and (or) the meaningful relationship between original images and its shuffled or encrypted versions can be derived. Therefore, a desirable property of the proposed modified algorithm is to be sensitive to the small changes in plain-image. Thus, the differential attack can actually lose its efficiency and become practically useless, if one small change in the original image can cause a significant change in its processed versions.

Security assessment by differential analysis is based on three measures: NPCR (number of pixels change rate), UACI (unified average changing intensity), and MAE (i.e., mean absolute error). In order to approach the performances of ideal image encryption algorithms, MAE and NPCR must be as large as possible (i.e., close to unity, at least for NPCR), while UACI values must be around 33% [1, 2, 5, 7].

NPCR, UACI, and MAE values, summarized in Table 2, demonstrate that swiftly changes in the original image will result in negligible changes in its shuffled and encrypted versions and also that choosing higher values of , , and will result in higher values of these coefficients, thus a better strength against any differential cryptanalysis.

Overall, results are, on average, about % (in case of UACI), % (in case of NPCR), and over 42.89% (in case of MAE) better, compared with results of other proposed algorithms [13–16] for the following test conditions: , , . Similar results, especially in terms of NPCR’s value, are proven in [1, 5].

##### 3.4. Security Assessment by Entropy Analysis

An algorithm for encryption of images should give a ciphered image having equiprobable gray levels (i.e., the entropy of this ciphered image should be, at least theoretically, equal to 8 bits, for gray-scale images of 256 levels). Actually, in practice, the resulted entropy is smaller than the ideal one. The smaller the resulted entropy, the greater the degree of predictability, a fact which threatens encryption system’s security.

Computing the entropy value of the encrypted image, which is very close to the ideal value of 8 Sh (more accurately 7.9992 Sh, much more closer than values resulted under different algorithms [21–23, 30]), we can say that the proposed encryption algorithm is highly robust against entropy attacks.

##### 3.5. Security Assessment by Key Analysis

This security assessment targets the key space and sensibility.

###### 3.5.1. Key Sensibility

In order to approach the performances of an ideal image encryption algorithm, the proposed one should have high sensibility to encryption key (i.e., any small change in the key should lead to a significant change in the shuffled and encrypted or deshuffled and decrypted images).

For the newly proposed scheme the encryption key is . Various tests were performed in order to highlight the impact of key changes in the image deshuffling and decryption processes. Results are presented in Figures 6, 7, and 8. Clearly, deshuffling and (or) decryption using wrong key does not succeed.

**(a)**

**(b)**

**(c)**

**(a)**

**(b)**

**(a)**

**(b)**

**(c)**

###### 3.5.2. Key Space

A large key space is very important for an encryption algorithm to repel the brute-force attack. In theory, the proposed scheme can accommodate an infinite key space, taking into account , , and ; but, due to actual computational limitations, , , and key elements are restrained to 64-bit representation, and, at first sight, the key space size is 2^{192}. Furthermore, the two seed points of the chaotic generator (viz., and ), with precision, extend the key space by 10^{30}. Therefore, a total 10^{88} key space is large enough to face an exhaustive attack [6, 17–20, 27].

##### 3.6. Security Assessment by Different Attacks

Few attacks, such as cropping and additive noise, can be performed by an attacker who intercepts encrypted image, in order to modify it so that, after decryption, the legitimate user cannot understand and (or) use the original message (i.e., in our case, the image).

The following two subsections aim to analyze proposed scheme’s performances against such attacks.

###### 3.6.1. Additive Noise Attack

An additive noise attack consists in adding random noise to the intercepted encrypted image. Two types of noises are considered: salt and pepper noise and speckle noise. To measure robustness of the proposed image encryption scheme against these attacks, MSE measure is used.

Figures 9 and 10 illustrate decrypted images, in cases where their encrypted version was attacked by salt and pepper noise with 0.0001 densities (a) and by speckle noise with 0.0001 variance (b), but under different test conditions.

**(a)**

**(b)**

**(c)**

**(a)**

**(b)**

**(c)**

As expected, due to the fact that each column’s and row’s intrinsic properties were used to compute the number of their circular shifts, the proposed image encryption scheme has no immunity to this kind of attacks, statement strengthened by MSE measure’s values (2.515 · 10^{3} in Figure 9(a) and 2.372 · 10^{3} in Figure 9(b), resp., 5.599 · 10^{3} in Figure 10(a) and 5.697 · 10^{3} in Figure 10(b)).

###### 3.6.2. Cropping Attacks

Cropping attacks consist of modifying the intercepted encrypted image by deleting one, or several of its areas. To measure robustness of proposed encryption scheme against this kind of attacks, MSE measure is used also.

Figures 9 and 10 illustrate decrypted image, in cases where their encrypted version was attacked by cropping one 1/8 of its area (c).

Same problem is raised by the shuffling procedure mode of operation, and proposed image encryption scheme cannot handle such type of attacks, statement strengthened by MSE measure’s values (3.031 · 10^{3} in Figure 9(c) and 6.043 · 10^{3} in Figure 10(c)).

From the previous results, we can conclude that random noise attacks, seriously affect decrypted images. As a proposal, if it is known that the proposed encryption scheme will be used within a communication system susceptible to perturbations, algorithms (or systems) to ensure data integrity should be used, as the one shown in [31].

##### 3.7. Speed Test

Another important matter taken into account when new image encryption techniques are proposed is the actual algorithm execution speed.

Regardless of and variations, shuffling time is of 0.2158 s while the deshuffling time is of 0.1987 s. Obviously, these timings are increasing proportionally with number of iterations. With an actual ciphering time of 0.1826 s and a deciphering time of 0.1701 s, proposed scheme’s encryption and decryption speeds are smaller than 0.40 s (more accurately, 0.3984 s and 0.3688 s). Achieved speed is superior, in comparison with those of other algorithms [1, 5, 13–16].

The speed test was performed on the pixels, 8-bit, gray-level, Lena standard test image.

All the previous results (i.e., numerical results presented in the entire Section 3) were generated with proposed encryption algorithm’s scripts for (de)shuffling and (de)ciphering written on MATLAB 7.3.0 and ran on an Intel Pentium Dual CPU T3200 @ 2.00 GHz personal computer.

#### 4. Conclusions

This work develops novel permutation—substitution image encryption architecture, based on Rubik’s cube principle and digital chaotic cipher.

The proposed encryption system includes two major parts, chaotic pixels substitution (in order to achieve desired diffusion factor) and Rubik’s cube, principle based, pixels permutation (in order to achieve desired confusion factor).

Different keys were used for shuffling and ciphering procedures, and while a tent map was used to generate image’s ciphering matrices, each row’s and column’s intrinsic properties were used to compute the number of their circular shifts.

Comprehensive experimental tests have been carried out, and numerical analyses have shown robustness of the proposed algorithm against several cryptanalytic attacks. Likewise, the performance assessment tests attest that the proposed image encryption scheme is fast and highly secure. Although a much smaller key space is used, but still large enough to face against exhaustive attack, with a smaller key size, the proposed encryption scheme presents better results, compared to those of previously proposed ones.

As future work, an actual implementation on FPGA (focused on the optimization of proposed algorithm, for parallel computing) as well as the investigation of lossless image compression and (or) noise protection schemes (i.e., taking into consideration shortcoming of “how to use” proposal [31]) is concerned.