Abstract
This paper presents a new image encryption solution using the chaotic Josephus matrix. It extends the conventional Josephus traversing to a matrix form and proposes a treatment to improve the randomness of this matrix by mixing chaotic maps. It also derives the corresponding encryption primitives controlled by the chaotic Josephus matrix. In this way, it builds up an image encryption system with very high sensitivities in both encryption key and input image. Our simulation results demonstrate that an encrypted image of using this method is very randomlike, that is, a uniformlike pixel histogram and very low correlations in adjacent pixels. The design idea of this method is also applicable to data encryption of other types, like audio and video.
1. Introduction
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (referred to as a cipher) to make the encrypted information (referred to as ciphertext) unreadable to anyone except those authorized users with special knowledge (referred to as a key) [1]. Encryption has been long used by militaries and governments to facilitate secret communications. Since the digital revolution in the 1980s, the demands of digital encryption in various applications have quickly increased because digital storage and communication are widely used. Encryption is now commonly used in protecting information within many types of civilian systems, like personal emails and patient documents.
Digital image is a major data type of two dimensions. Although a digital image can be extracted in order and becomes a onedimensional data, its distinctive characteristics make conventional ciphers developed for one dimensional data unsuitable [2], for example, those based on Data Encryption Standard (DES) [3] and Advanced Encryption Standard (AES) [4]. As a result, digital image encryption has become an attractive research area in the past decade [5–11].
The chaotic map is considered a wise choice for data encryption because of its ergodicity, mixing property, high sensitivity to the initial conditions, high deterministic properties, high unpredictable random behaviors, and so forth [2, 5, 9, 12–15]. However, the chaotic encryption method is criticized for its vulnerability to attacks via certain basin structures [16], its low efficiency for encrypting the whole image [2], its deteriorated randomness property from its use of the finite precision with fixedpoint arithmetic [17], and nonuniform distribution of the chaos sequence [18].
In computer science [19] and mathematics [20], the Josephus problem is a theoretical problem related to a certain countingout game. If the countingout order is recorded as a sequence, a Josephus traversing is obtained because all elements in the game are traversed without repetition. The Josephus traversing has already been used in data encryption field for years. The Josephus traversing is simple to realize and fast to compute, but previous attempts focused more or less on the scrambling purposes [21, 22]. However, scrambling based encryption is vulnerable to statistical attack, ciphertextonly attack, and known plaintext attack [23] because it never changes pixel values.
In order to achieve higher security level, many recent efforts adopt the hybrid idea to use one encryption system to suppress disadvantages of another system while keeping advantages unchanged. For example, [24] incorporates the chaotic map to DES; [25, 26] combine the chaotic map into conventional transform domain encryption; [27, 28] add chaotic map to Sudoku puzzles for encryption. In this paper, we develop a new image encryption method by combining the ideas of the chaotic map, the Josephus traversing sequence, and conventional substitution and transposition ciphers. The remainder of the paper is organized as follows: in Section 2, the Josephus permutation and the Logistic chaotic map are briefly reviewed; in Section 3, the CJPM and its generator are given; in Section 4, the proposed image encryption method based on CJPM is fully discussed including its flowchart and functions for each part; in Section 5, simulation results are shown and various security analyses are applied; in Section 6, the paper is concluded.
2. Preliminary
2.1. Josephus Permutation
The Josephus permutation or Josephus problem is well known in computer science and mathematics. It is named after Flavius Josephus, a Jewish historian lived in the 1st century. It is a theoretical problem related to a certain countingout game that works by having people standing in a circle, with consecutive tags from 1 to . Starting at predetermined person, you count around the circle. Once you reach the th person, take them out of the circle and have the members to close the circle. Then repeat the process, until only one person is left. That person wins the game. If we record the tags of people who have been taken out at each round as a sequence, then this sequence is a permutation of a natural number sequence and is called Josephus permutation sequence.
It is clear that three parameters are involved in the Josephus problem, namely, the initial total number of persons in a circle , the starting position in the circle , and the counting period . Therefore, a Josephus permutation sequence can be denoted as follows, where denotes the Josephus permutation according to the set of parameters , , and . A Josephus permutation sequence can be easily implemented by linked lists and dynamic arrays. Algorithm 1 describes a

For example, It is clear that compared with the length natural number sequence, a Josephus permutation sequence changes a lot, especially considering that none of the two neighbor numbers is consecutive; for a fixed length , different pairs of give distinct Josephus permutation sequences. However, it is weak in that ’s very first several elements divulge the parameter of counting period ; the difference between two s may disclose the difference between their starting positions; for example, the difference between the two first elements of s in (3) and (4) is 3, which is the difference of their parameters of starting positions. Therefore, it is not completely random for a Josephus permutation sequence.
2.2. Chaotic Logistic Map
The Logistic map is a polynomial mapping of degree two. It was introduced by the biologist Robet May in 1976 [31]. The Logistic map is written as (5), where symbol is used to denote the Logistic map; and represents the population at year and hence represents the initial population at year ; is a positive number and represents the combined rate for reproduction and starvation [32]. This map is often cited as an example of how complex chaotic behaviors can arise from a very simple nonlinear dynamic equation. Consider
The Logistic map has been well studied. The plots of the first few iterations of the Logistic map and its bifurcation diagram are shown in Figure 1. It is well known that when (approximately), the Logistic map has chaotic behaviors for most values, but there are still certain isolated ranges of that show nonchaotic behavior; for example, , which corresponds to a big gap in its bifurcation diagram.
(a)
(b)
In reality, the Logistic sequence is controlled by a set of parameters of , where are parameters in the Logistic map, is the length of sequence, and denotes the number of thrownaway samples. Therefore, a Logistic sequence can be denoted as (6). Based on this logistic sequence of length , sorted sequence can be obtained by sorting in the ascending order. It is certain that is a permutation of the original . Therefore, and satisfy (7), where is a permutation mapping sequence and denotes sequence element index. Consider
For example, if , then and are shown in (8) and (9), respectively. Correspondingly, the permutation sequence is determined as (10).
3. Chaotic Josephus Permutation Matrix (CJPM)
3.1. Chaotic Josephus Permutation Sequence (CJPS)
From previous sections, it is clear that the Josephus permutation sequence and the chaotic permutation sequence are obtained from different mechanisms. The Josephus permutation sequence is easy to obtain but not completely randomlike, while the chaotic permutation sequence is randomlike but requires a large amount of computations for maintaining accuracy. It is desirable that a permutation sequence be randomlike and only costs moderate computations.
In order to achieve the above objective, the new Josephus permutation sequence based on a chaotic permutation sequence is defined, whose initial positions on the circle are not consecutive numbers like those in the conventional Josephus problem. This new problem can be restated as follows: people with numbered tags stand in a circle (these numbers together form a permutation sequence according to sorting a chaotic sequence); starting at predetermined person, you count around the circle until you reach the th person; take him out of the circle and have the members to close the circle and record his tag number; repeat the process, until only one person is left. If we record the tags of people who have been taken out of the circle as a sequence, then a chaotic Josephus permutation sequence is obtained.
It is noticeable that the chaotic Josephus problem has parameters for both the chaotic Logistic map and for the conventional Josephus problem. In other words, a chaotic Josephus permutation sequence is determined by (11), where parameters have the same meanings as in (1), and are parameters in the Logistic map, and determines the number of thrownaway samples in the chaotic Logistic sequence. Consider
In the conventional Josephus problem (controlled by parameters ; see (1)), a natural number sequence 1 to is used to denote the tags for people standing in the circle, while a permutated sequence (controlled by parameters ; see (6)) is used in the chaotic Josephus problem as the tags. In order to match the sequence lengths of and , is the condition that has to be satisfied. The conventional Josephus problem and the chaotic Josephus problem for are illustrated in Figure 2.
(a) Conventional Josephus problem
(b) Chaotic Josephus problem
Therefore, the new Josephus permutation sequence can be denoted as a composed function of a conventional Josephus permutation sequence and a chaotic permutation sequence :
For example, if in (2) and in (10) are preknown, is obtained as (13) shows by using (12). Similarly, (14)–(16) can be also obtained. Consider
Compared to the previous conventional Josephus permutation sequence (see (2)–(4)), the chaotic Josephus permutation sequences (see (12)–(15)) are more randomlike because the difference between its very first elements is not related to its counting period anymore; the difference between two s, which are only different in their starting positions, is no longer equal to the difference of their starting positions; slight perturbations in chaotic map parameters lead to big changes in resulting s; two neighbor elements in may or may not be consecutive. Therefore, the chaotic Josephus permutation sequence is more randomlike than the conventional Josephus permutation sequence.
3.2. Chaotic Josephus Permutation Matrix (CJPM)
Based on chaotic Josephus permutation sequence(s), a chaotic Josephus permutation matrix can be generated via various ways. Among these methods, Algorithm 2 illustrates a straightforward method to obtain a CJPM via a CJPS by rearranging CJPS elements to a matrix.

It is noticeable that Algorithm 2 is equivalent to rearranging a sequence of elements into a matrix following the order illustrated in Figure 3.
Therefore, a CJPM is determined by the same set of parameters controlling a CJPS. In order to emphasize the matrix property, the parameter in CJPS is replaced by two parameters of height and width , where . Similarly, a CJPM is uniquely determined by a set of parameters as for a CJPS. Mathematically, this claim can be denoted as
Figure 4 illustrates various CJPMs via Algorithm 2 according to different parameter sets. It is clear that CJPM is very sensitive to its parameters and small changes in the parameter set lead to distinct CJPMs.
(a) 
(b) 
(c) 
(d) 
(e) 
(f) 
4. Image Encryption Algorithm Based on CJPM
In 1949, Claude Shannon, the father of “Information Theory,” proposed that confusion and diffusion are two properties of the operation of a secure cipher, where the term confusion refers to making the relationship between the encryption key and the ciphertext a very complex and developed one [33], and the term diffusion refers to the property that the redundancy in the statistics of the plaintext is “dissipated” in the statistics of the ciphertext [33]. In other words, for a secure cipher, it has to have good confusion and diffusion properties: different ciphertexts are desired to have similar statistics; any slight change in a plaintext is desired to lead to big difference in its ciphertext. The image encryption algorithm based on CJPM is proposed in this section to meet these two criteria.
4.1. Flowchart of Image Encryption Algorithm Based on CJPM
Since the CJPM is parametric and randomlike, it can be used for image encryption directly. However, considering the requirements from confusion and diffusion properties, the encryption procedure can be described as Figure 5 shows. The plaintext image is first sent to the CJPM generator, which is a preparation stage for generating a CJPM for future use. Later, this CJPM is used as a reference matrix to permute and substitute image pixels for each image block in the stages of pixel permutation and pixel substitution, respectively. The decryption procedure is simply to reverse the encryption procedure.
4.2. Key Schedule
It is clear that the CJPM is the core of the cipher and thus key is related to the used CJPM reference matrix . Initial key is composed of parameters , where is used in CJPM generator for obtaining plaintextdependent parameter used in the Logistic map; are used as the parameter in (1) and the parameter in (6). The functions of each part of the initial key are shown in Figure 6.
The output encryption key is composed of , all of which are directly required for determining a CJPM according to (17). Among these parameters, , and are restricted to integers; , and are decimals. More specifically, and should be positive integers smaller than the plaintext image size; and should be positive integers below the product of ; should be a number in between ; is an arbitrary point on plain with weight and is a nonnegative integer.
4.3. CJPM Generator
In order to enhance the resistance to differential attacks, the CJPM generator used in Figure 5 is designed to be plaintext dependent. Recall that a CJPM is determined by a set of parameters shown in (17). In the CJPM generator for image encryption, only the parameter is not directly given by the initial key but by the plaintext and a reference point controlling the weight in calculating the center of gravity. Once is generated, it is stored in the encryption key. The whole procedure of translating the initial key to a plaintextdependent CJPM matrix and encryption key is shown in Figure 7.
A plaintext is considered as an object of pixels where its upperleft corner pixel is the reference point located at . Correspondingly, pixels next to it along and directions are and , respectively. The center of gravity of this plaintext is calculated via (18), where denotes the th pixel intensity value and and denote the location of the th pixel in the image with respect to the upperleft corner. Once the center of gravity is obtained, the initial value of Logistic map is also determined via (19), where is the arc tangent function and is the sine function. It is easy to verify that the range of (19) is , which satisfies restrictions for the initial value in the Logistic map. Finally, all required parameters for a CJPM, that is, , are obtained and thus a CJPM is generated. Meanwhile, the used parameters are stored as the encryption key, which can be used in the decryption process. Consider
It is worth noting that the plaintextdependent CJPM generator guarantees that the proposed cipher has good diffusion property: any slight changes in plaintext lead to big difference in ciphertext. This is because the resulting CJPM matrix is dependent on the parameter and the parameter is dependent on the center of gravity for the plaintext, while the center of the plaintext gravity alters for any slight change in plaintext. Furthermore, this is the parameter in the chaotic map, and thus any slight change in initial value leads to a completely different trajectory as the bifurcation diagram in Figure 1 shows. Consequently, a completely different CJPM is obtained as the reference matrix. Eventually, this new reference matrix leads to a distinct ciphertext. It can be demonstrated that without preknowing the reference point’s coordinate and its weight , there is no way to slightly change plaintext image pixels so that its gravity center is unchanged.
4.4. Pixel Substitution
Pixel substitution refers to the process of changing pixel values. From the point of view of statistics, this process is to change the statistics of a plaintext image, so that the statistics of resulting ciphertext image is completely different. Moreover, it is desired that different ciphertext images have similar statistics, which implies that ciphertext images tell little information about keys and plaintext images. As a result, the confusion property is achieved.
The proposed pixel substitution block is shown in Figure 8, where symbol and denotes the number of bits supported by the format of the plaintext image. For example, if plaintext is an 8bit gray image, then ; if plaintext is a binary image, then . It can be noticed that the reference CJPM is first to convert to , whose format is compatible with the format of the plaintext image; later and are added over the space of ; finally the encrypted image is obtained.
Because elements in a CJPM matrix are uniformly distributed on integer set , after “Mod” operation, still has a uniformlike distribution for its elements on . As a result, when this is used to randomly shift the pixel value in plaintext, the resulting pixel value in ciphertext has an equal opportunity to be any value on . As a result, a uniformlike histogram is achieved in the ciphertext.
Pixel substitution results based on CJPMs are shown in Figure 9. It is clear that histograms before and after pixel substitution are very different and ciphertext histograms are very flat compared to plaintext ones. It is also noticeable that as the size of the reference CJPM increases the ciphertext has a better encryption quality from the point view of human visual inspection.
(a) Original image
(b) 32by32
(c) 64by64
(d) 128by128
(e) Histogram of (a)
(f) Histogram of (b)
(g) Histogram of (c)
(h) Histogram of (d)
4.5. Pixel Permutation
Pixel permutation refers to the process scrambling the positions of pixels in plaintext to disguise information contained in an image. Denote an image before and after pixel permutation as and , respectively. Assume the way of indexing image pixels is the same as the order to rearrange elements in a CJPM as Figure 3 shows. Then the pixel permutation process can be mathematically defined as a permutation between domain and range : , , where is the total number of pixels in the image. As we mentioned in previous sections, a CJPM is generated from a CJPS, which is a permutation sequence. Therefore, a CJPM can be directly used for pixel permutation that is given a CJPM , and its pixel permutation can be defined as .
For example, Figure 10 illustrates pixel permutation results of the “Tufts” logo image for different CJPMs. It is clear that pixels are well shuffled within the image block. As long as the size of CJPM/processing image block increases, the resulting shuffled image looks better and better. When the block size reaches to or over 128by128, pixels in the plaintext are almost evenly shuffled.
(a) Original image
(b) 32by32
(c) 64by32
(d) 64by64
(e) 64by128
(f) 128by128
(g) 256by128
(h) 256by256
It is clear that images after pixel permutation look very different from the plaintext image. It is also worth noting that a CJPM also depends on a set of parameters besides the size and that any change in other parameters will lead to a completely different permutated image.
5. Simulation Results and Security Analysis
An excellent encryption method should be both robust and effective. Robustness means that the cipher should be applicable to any plaintext image written in a supported format. Effectiveness implies that the cipher is able to generate eligible ciphertext images, which hide information from possible intruders.
In this section, we focus on discussing the performance of the CJPM based image cipher described in Section 4. It is worth noting that all following computer simulations are run under MATLAB 2010a and Windows XP environment with Core 2 Quad 2.6 GHz processors.
5.1. Histogram Analysis
Histogram analysis is one of the most straightforward evaluations for ciphertext quality for it directly analyzes the pixel distribution of a ciphertext image.
Figure 11 illustrates image encryption results for various plaintext images: image “113” is a binary handwriting scanned image selected from ICDAR 2009 database; image “Lena” is a commonly used image of gray type; image “5.1.13” and “testpat.1k” are used to mimic the possible complex patterns in plaintext and they are both selected from USCSIPI database. It is worth noting that the used CJPM is at size of 256by256.
It is clear that no matter what histogram a plaintext image has, the histogram of its ciphertext image is flat, which implies that the pixel distribution is almost uniform. Complex patterns and large homogenous regions in plaintext images are completely unintelligible and become randomlike in ciphertext images. These results imply that the proposed image encryption method based on CJPM is robust and effective for various image formats and contents.
5.2. Adjacent Pixel Autocorrelation (APAC) Analysis
High correlations of adjacent pixels can be utilized to carry out cryptanalysis. Therefore, a secure encryption algorithm should break the high correlation relationship between adjacent pixels.
In statistics, the autocorrelation of a random process describes the correlation between values of the process at different points in time, as a function of the two times or of the time difference. The autocorrelation coefficient is defined in (20), where is the time difference, is the mean value defined by (21), and is the standard deviation defined by (22); the definition of mathematical expectation is given in (23): The closer to zero this coefficient is, the weaker the relationship two different time functions have. Specifically, in adjacent pixel correlation test, we let be the image pixel sequence and let be 1; that is, compare to the adjacent pixel sequence.
Based on the reference direction, there are three ways of extracting a twodimensional image to a onedimensional sequence and they are the horizontal adjacent correlation coefficient, the vertical adjacent correlation coefficient, and the diagonal adjacent correlation coefficient.
“Lena” image in the 2nd column of Figure 11 is used as the test plaintext image because its APAC is widely reported by other encryption methods. Peer comparison results of the proposed CJPM cipher and cited encryption methods on APAC are shown in Table 1 (best results are bolded).
In addition, Figure 12 shows the result of randomly selected 1024 pairs of two adjacent pixels from the plaintext and the ciphertext along horizontal, vertical, and diagonal directions, where  and axes denote the intensity values of a randomly selected pixel and its adjacent pixel, respectively. It is clear that after applying the CJPM based image cipher, the high correlations between adjacent pixels in plaintext are broken.
5.3. Plaintext Sensitivity Analysis
In order to test the resistance of the cipher to differential attacks, plaintext sensitivity analysis is required for a secure cipher. In differential attacks, an adversary attempts to extract meaningful relationship between a plaintext image and its ciphertext image by making a slight change, usually only one pixel, in the plaintext image while encrypting the plaintext image with the same encryption key. By comparing the change in ciphertext images, the encryption key might be cracked and furthermore the information contained in ciphertext might be leaked.
Although there are other measures [34, 35] to evaluate the resistance of plaintext attacks, two classic measures are the Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) [5]. The NPCR is used to measure the percentage of the number of pixels changed in ciphertext after making a slight change in plaintext. Therefore, the theoretical greatest upperbound of the NPCR is 100%. The UACI is used to measure the averaged intensity change for pixels in ciphertext images after making a slight change in a plaintext image. It is demonstrable that the UACI of an ideal cipher for 8bit gray images is about 0.3346 [36].
Suppose ciphertext images before and after one pixel change in a plaintext image are and , respectively; the pixel values at grid in and are denoted as and ; a bipolar array is defined as (24), then the NPCR and UACI can be mathematically defined as (25) and (26), respectively, where symbol denotes the total number of pixels in the ciphertext, symbol denotes the largest supported pixel value compatible with the ciphertext image format, and is the absolute value function. Consider
Table 2 shows the NPCR and UACI results for one pixel change in the “Lena” image. It is clear that, for CJPMs at various sizes, the proposed cipher has good performances in both the NPCR and UACI analyses. Simulation results fit the expectations of the ideal cipher very well.
Figure 13 shows a differential attack on “Lena” image while keeping the encryption key unchanged. It is noticeable that the difference between two plaintext images is the pixel on Lena’s nose. However, the ciphertext images are so different that the image of their difference is still randomlike. As a result, the one pixel change in the plaintext image is “dissipated” in ciphertext. From this point view, this plaintext sensitivity is closely related to the diffusion property of a cipher. In other words, it is reasonable to claim that a cipher has good NPCR and UACI results if it has good diffusion properties.
5.4. Key Space Analysis
The encryption key in the proposed image encryption method using CPJM is composed of a set of parameters , where is an arbitrary point on plain; is a nonnegative decimal; and should be positive integers smaller than the plaintext image size; and should be positive integers below the product of ; should be a number in between ; and is a nonnegative integer. Therefore, theoretically, the key space of the proposed cipher is infinitely large.
Because the chaotic Logistic map is used as the trigger for pseudorandom sequences, the proposed cipher has high key sensitivities as well. The results of key sensitivity analysis are shown in Figure 14, where the set of parameters written in parenthesis is the used key. It is clear that unless the correct decryption key is applied, a ciphertext image cannot be restored.
(a) Encrypted image (1, 1, 128, 128, 1, 1, 4, 0)
(b) Decrypted image (1, 1, 128, 128, 1, 1, 4, 0)
(c) Decrypted image (1, 1, 128, 128, 1, 2, 4, 0)
(d) Decrypted image (1, 1, 128, 128, 1, 1, 3.9999, 0)
6. Conclusion
In this paper, we discussed the generation of a chaotic Josephus permutation matrix by using the conventional Josephus permutation sequences and the logistic chaotic map. The proposed CJPM is parametric and is uniquely dependent on the set of parameters, which is sufficiently large to provide a secure size of key space. As another heritage from the chaotic Logistic map, the CJPM is highly sensitive to its initial values (parameters). Any slight change in parameters leads to significant differences in resulting CJPM. Simulation results show that the ciphertext image is randomlike from the perspective of human visual inspection; the encryption quality is almost independent of the plaintext image; the proposed encryption method is able to encrypt plaintext images with large homogeneous regions to secure ciphertext images; histogram analysis also shows that different ciphertext images tend to have the uniform distribution on ; adjacent pixel correlation analysis shows that neighbor pixels in ciphertext have lower correlations than many existing encryption methods; the proposed cipher is highly sensitive to encryption key and plaintext; experimental UACI results of the proposed cipher are very close to those of the ideal one.
The proposed cipher can be used for various image types, for example, binary images, 8bit gray images, 16bit gray images, RBG images, and so forth. The same encryption idea may also be applied to audio, video, or other types of digital formats.
Conflict of Interests
The authors declare that there is no conflict of interests regarding the publication of this paper.
Acknowledgments
This work was supported by the Scientific Research Fund of Hunan Provincial Education Department under Grant (no. 12B023). It is also supported by the National Natural Science Foundation of China (nos. 61204039 and 61106029) and Scientific Research Foundation for Returned Scholars, Ministry of Human Resources, and Social Security of the People’s Republic of China.