#### Abstract

In this paper, the security analysis of a bit-level image chaotic encryption algorithm based on the 1D chaotic map is proposed. The original image chaotic encryption algorithm includes bit-level permutation encryption, diffusion encryption, and linear transform. Deciphering of it can be divided into two stages. First, bit-level permutation encryption, diffusion encryption, and linear transform can be simplified into bit-level equivalent permutation encryption and equivalent diffusion encryption, which is a key breakthrough point of cryptanalysis. Second, the chaotic sequence generated by this algorithm is independent of the plaintext image. Therefore, the equivalent diffusion key and the equivalent permutation key can be obtained by chosen-plaintext attack, respectively. Theoretical analysis and numerical simulation experiment results verify the effectiveness of the analytical method. Finally, some suggestions are proposed to promote the security of the original image chaotic encryption algorithm.

#### 1. Introduction

With the rapid development of network technology, a large amount of multimedia information, such as image, voice, text, and video, needs to be transmitted through the Internet. Therefore, the security problem becomes an important research subject and attracts more and more attention. Because of some intrinsic properties of images, for example, bulk data capacity, high redundancy, and strong correlation of two adjacent pixels, traditional text encryption algorithms such as AES and DES, which have higher time complicity, are not suitable for image encryption [1]. Because chaos is pseudo-random, ergodic, and highly sensitive to initial values and control parameters, these characteristics can achieve good confusion and diffusion effects and can meet the basic requirements of cryptography. Therefore, many image encryption algorithms have been proposed based on the chaotic map in recent years [1–20].

In 1997, the first image chaotic encryption algorithm based on the permutation-diffusion structure is proposed in [2]. Thereafter, a symmetric image encryption algorithm based on 3D chaotic cat map is presented in [1]. In 2007, a new image encryption algorithm based on the permutation-diffusion structure is proposed in [3]. In [4], a novel image encryption algorithm based on the skew tent chaotic map and classic permutation-diffusion structure is proposed. To enhance the security of the image chaotic encryption algorithm, some bit-level image chaotic encryption algorithms are proposed in [5–8]. In addition, many image encryption schemes based on constructing new chaotic maps are also proposed in [9–13]. An image chaotic encryption algorithm based on CHHCS and LBP is proposed in [14], where CHHCS is used to scramble the plaintext image, while LBP is considered to diffuse the scrambled image in order to change the values of all pixels. In [15], a color image encryption algorithm is proposed based on cellular automata and hyperchaotic system; the main contribution is the application of the hyperchaotic system and nonuniform cellular automata for robust keys. An image encryption algorithm utilizing the principles of the Josephus problem and the filtering technology is developed in [16]. Moreover, some typical image encryption algorithms based on the chaotic S-box are proposed in [17–20].

Note that the chaotic encryption schemes proposed in [1–4, 6–15, 20] adopt the classical permutation-diffusion two-stage encryption structure; security test metrics are mainly limited to histogram, correlation analysis, differential analysis, key sensitivity test, and so on, which are not enough to guarantee cryptosystem security. In [21–32], the cryptanalysis literature studies point that many chaotic encryption algorithms have some intrinsic security weaknesses, which are not robust against chosen-plaintext attack, chosen-ciphertext attack, and conquer attack. In addition, the chaotic encryption algorithm proposed in [5] adopts permutation-only structure; however, permutation-only is vulnerable to chosen-plaintext attack given in [33–36]; for example, according to the chosen-plaintext attack, one can obtain equivalent permutation keys by choosing several pairs of plaintext-ciphertext images and then recovering the corresponding original plaintext image.

This paper re-evaluates the security of a bit-level image encryption algorithm based on the 1D chaotic map proposed in [37]. The algorithm adopts a permutation encryption-diffusion encryption-linear transform structure. In the permutation encryption stage, 1D chaotic sequence is generated by the improved logistic map, and its corresponding index sequence is used to scramble the plaintext image. In the diffusion encryption stage, 1D diffusion sequence is utilized to diffuse the scrambled image. In the linear transform stage, the ciphertext encrypted by diffusion is rotated to the right. The authors also give the statistical test results of key space, histogram, correlation of two adjacent pixels, and key sensitivity and claim that the algorithm is secure. However, the cryptanalysis results in this paper show that the algorithm has three security vulnerabilities as follows:(1)The three-stage structure for the permutation encryption-diffusion encryption-linear transform of the original encryption algorithm can be simplified to an equivalent permutation encryption-equivalent diffusion encryption two-stage structure(2)The generated chaotic sequence is independent of the plaintext image(3)There is no ciphertext feedback mechanism in the algorithm

Based on the aforementioned security vulnerabilities, the equivalent permutation encryption-equivalent diffusion encryption parts of the image chaotic encryption algorithm proposed in [37] can be cracked separately by the divide-and-conquer strategy. Furthermore, the equivalent diffusion key and the equivalent permutation key can be obtained by chosen-plaintext attack.

The rest of the paper is organized as follows. Section 2 briefly introduces the image chaotic encryption algorithm under study. Section 3 presents the security analysis. Section 4 gives the numerical simulation experiments. Section 5 proposes some suggestions for improvement. Section 6 concludes the paper.

#### 2. Description of the Original Encryption Algorithm

In [37], the original encryption algorithm adopts the permutation encryption-diffusion encryption-linear transform three-stage structure. It consists of secret key selection, bit-plane decomposition, permutation encryption, diffusion encryption, linear transform, and bit-plane composition, as shown in Figure 1. In Figure 1, are secret key parameters, is a 2D plaintext image, is a 1D bit-plane decomposition sequence of , is a 1D index sequence corresponding to the improved logistic map, is a 1D diffusion sequence corresponding to the improved logistic map, is a 1D permutation encryption sequence of , is a 1D diffusion encryption sequence of , is a 1D linear transform sequence of , and the corresponding ciphertext image of is defined by . Note that , , and are denoted by a decimal number, and , , , , and are denoted by a binary number, where , , , the size of the 2D plaintext image is , is the height, and is the width, respectively.

The detailed principle of the chaotic encryption algorithm given by Figure 1 can be described as follows:(1)Choose the secret key parameters: according to Figure 1, the chaotic encryption algorithm includes six secret key parameters , where are initial values and control parameters of the improved logistic map, is a disturb parameter, and is the number of circle shifts to the right.(2)Generate the 1D index sequence and the 1D diffusion sequence by using the chaotic sequence: first, obtain the 1D chaotic sequence by adopting the improved logistic map , where , , and mod denotes module operation. Then, obtain the 1D index sequence and the 1D diffusion sequence corresponding to [37].(3)Encrypt the image by using the original encryption algorithm: the encrypted object may be a color image or a grayscale image [37]. For the sake of analysis, here, a plaintext grayscale image of size resolution is taken as an example to indicate the encryption process. Suppose that denotes the 2D plaintext grayscale image, hereinafter referred to as the 2D plaintext image. The steps for the original encryption algorithm are shown as follows: Step 1: bit-plane decomposition: first, convert the 2D plaintext image into a 1D sequence by scanning it from left to right and up to down. Second, according to the bit-plane decomposition method, the pixel of can be represented as 8 bit planes, and then is obtained [38]. Finally, transform into the 1D sequence with binary form. Note that the relationship between and is defined as where . Take a plaintext image of size resolution as an example, and the bit-plane decomposition process is shown in Figure 2. Step 2: bit-level permutation encryption: in Figure 1, scramble by using 1D index sequence and obtain the corresponding 1D permutation encryption sequence , given by where . Step 3: bit-level diffusion encryption: in Figure 1, diffuse by utilizing 1D diffusion sequence and obtain the corresponding 1D diffusion encryption sequence as where and denotes the bitwise XOR operation. Step 4: linear transform: obtain 1D linear transform sequence by circle shifting to the right with step , given by where and . Step 5: bit-plane composition: it is the inverse process of the bit-plane decomposition. Convert the 1D linear transform sequence with binary form into a 2D ciphertext image with decimal form by utilizing the bit-plane composition method.(4)Decrypt the image by using the original decryption algorithm: decryption is the inverse of encryption. The plaintext image is recovered from the 2D ciphertext image . Note that the detail relevant statistical test analysis of the original encryption algorithm can be referred from Tables 1–8 of Section 5.2 proposed in [37].

#### 3. Cryptanalysis

##### 3.1. Analysis of Equivalent Permutation Encryption-Equivalent Diffusion Encryption

According to Figure 1, the chaotic encryption algorithm adopts the permutation encryption-diffusion encryption-linear transform three-stage structure, which can be simplified into its corresponding equivalent permutation encryption-equivalent diffusion encryption two-stage structure. From equation (4), one gets the diagram of linear transform between and , as shown in Figure 3.

From Figure 3, one gets

According to equation (5), its general iterative form is given bywhere and .

From equation (6), one gets the relationship between coordinate before linear transform and coordinate after linear transform as

Note that when , .

In the image chaotic encryption algorithm, permutation encryption-diffusion encryption is a general two-stage encryption algorithm. However, the algorithm, as shown in Figure 1, is a permutation encryption-diffusion encryption-linear transform three-stage structure. For the sake of cryptanalysis, according to equations (2) and (3) with equations (6) and (7), one can simplify the three-stage structure of Figure 1 to its corresponding equivalent permutation encryption-equivalent diffusion encryption two-stage structure, as shown in Figure 4.

In Figure 4, represents the 1D equivalent index sequence by shifting to the right of size , represents the 1D equivalent diffusion sequence through rotating to the right of size , represents the 1D sequence obtained by equivalent permutation encryption of with , represents the 1D sequence obtained by equivalent diffusion encryption of with , , , and are denoted by a decimal number, and , , , and are denoted by a binary number, where , , and .

Proposition 1. *Equivalent permutation encryption-equivalent diffusion encryption two-stage structure, as shown in Figure 4, is equivalent to the permutation encryption-diffusion encryption-linear transform three-stage structure as shown in Figure 1.*

*Proof. *The equivalence is proved by comparing the three-level encryption as shown in Figure 1 with the two-level encryption as shown in Figure 4.(1)From Figure 1 and equations (6) and (7), the result of the permutation encryption-diffusion encryption-linear transform is given by(2)According to Figure 4 and equation (2), the result of equivalent permutation encryption is given bySimilarly, from Figure 4 with equation (9), the result of diffusion encryption is given byComparing equation (8) with (10), it can be seen that the results of the permutation encryption-diffusion encryption-linear transformation three-level structure are equal to those of the equivalent permutation encryption-equivalent diffusion encryption two-level structure. The proof is completed.

According to Figure 4, is the 1D equivalent index sequence expressed in the decimal number, and is the 1D equivalent diffusion sequence expressed in the binary number. Therefore, the problem of deciphering key parameters in the original chaotic encryption algorithm can be solved by chosen-plaintext attack and transforming it into solving the 1D equivalent index sequence and the 1D equivalent diffusion sequence .

##### 3.2. Deciphering 1D Equivalent Diffusion Sequence

According to chosen-plaintext attack, first, choose a full zero 2D plaintext image as , and its corresponding 2D ciphertext image is denoted by . Then, using the obtained as a known condition, one further gets the corresponding 1D equivalent diffusion sequence . In addition, the attack complexity contains data complexity and time complexity. Therefore, the data complexity of the proposed deciphering 1D equivalent diffusion sequence is .

The specific approach for deciphering the 1D equivalent diffusion sequence is as follows:(1)Choose a full zero 2-D plaintext image as ; its corresponding 1D bit-plane decomposition sequence is . According to chosen-plaintext attack, one obtains a 2D ciphertext image corresponding to , and its corresponding 1D bit-plane decomposition sequence is . Then, one further gets the 1D ciphertext sequence corresponding to such that where and are denoted by the decimal number and , , and are denoted by the binary number, respectively.(2)According to equation (10), one has where is denoted by the decimal number. Since all pixels of are zero, the corresponding 1D bit-plane decomposition sequence satisfies . After performing equivalent permutation encryption operation, also holds.(3)According to equations (11) and (12) with , one gets the 1D equivalent diffusion sequence , given bywhere and is denoted by the binary number.

##### 3.3. Deciphering 1D Equivalent Index Sequence

After deciphering the 1D equivalent diffusion sequence , the original equivalent permutation encryption-equivalent diffusion encryption two-stage structure is simplified to the equivalent permutation-only encryption one-stage structure. On this basis, one can further choose plaintext images as , obtain the corresponding ciphertext images as , and decipher the 1D equivalent index sequence by using both 2D plaintext images and the corresponding 2D ciphertext images . Therefore, the corresponding data complexity of deciphering the 1D equivalent index sequence is .

The specific approach for deciphering the 1D equivalent index sequence is as follows:(1)Choose 2D plaintext images , obtain the corresponding 1D bit-plane decomposition sequence , and get the 2D ciphertext images corresponding to . Then, by using , the 1D ciphertext sequence can be finally determined.(2)On the basis of acquiring , , and , according to equation (10), corresponding is obtained by where denotes the inverse operation of and is denoted by the binary number.(3)According to , one gets the 1D equivalent index sequence aswhere and is denoted by the decimal number.

#### 4. Numerical Simulation Experiments

In our numerical simulation experiments, grayscale images of Lena, Baboon, and Pepper and RGB color images of Lena, Baboon, and Pepper are taken as six examples, where the size of the images is . The secret keys are set as , , , , , and . Simulation experiments are operated on MATLAB R2017a running on the desktop computer with Intel(R) Core(TM) i7-7700 CPU @3.60 GHz, 16 GB RAM, and the operation system is Windows 7.

**(a)**

**(b)**

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

**(h)**

**(i)**

**(j)**

**(k)**

**(l)**

**(m)**

**(n)**

**(o)**

**(p)**

**(q)**

**(r)**

**(s)**

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

**(h)**

**(i)**

**(j)**

**(k)**

**(l)**

**(m)**

**(n)**

**(o)**

##### 4.1. Breaking Results for Grayscale Images Using Chosen-Plaintext Attack

(1)According to chosen-plaintext attack, choose a full zero 2D plaintext image , and the corresponding ciphertext image is , as shown in Figure 5. Based on and , one obtains their corresponding 1D bit-plane decomposition sequences and , respectively, and gets the 1D ciphertext sequence corresponding to . Then, according to equations (11)–(13), one further deciphers the 1D equivalent diffusion sequence , given by(2)Let . According to chosen-plaintext attack, by choosing 19 special 2D plaintext images , one obtains the corresponding 1D bit-plane decomposition sequences , 2D ciphertext images , and , respectively. Moreover, in our numerical simulation experiments, 2D images with the size of resolution are adopted to represent 1D sequences and , as shown in Figure 6. After obtaining , , and , from equation (14), the 1D sequences can be deciphered as Based on obtained , according to equation (15), the 1D equivalent diffusion sequence can also be deciphered, which is given by(3)By utilizing the deciphered 1D equivalent diffusion sequence and the 1D equivalent index sequence , the plaintext grayscale images can be recovered, as shown in Figure 7. Note that Figures 7(e), 7(j), and 7(o) show that the original plaintext grayscale images and the recovered plaintext grayscale images are equal, concluding that the proposed attack scheme is effective.

##### 4.2. Breaking Results for RGB Color Images Using Chosen-Plaintext Attack

Similarly, according to the proposed attack method in Sections 3.2 and 3.3, the breaking experiments are carried on the RGB color images of Lena, Baboon, and Pepper with the size of . Note that, as for the RGB color images of the same size, the number of plaintext images and the corresponding ciphertext images required to crack the permutation-only process is because the total size of RGB color images is . Hence, according to chosen-plaintext attack, one reveals the recovered RGB color images, as shown in Figure 8. Note that Figures 8(e), 8(j), and 8(o) show that the original plaintext RGB color images and the recovered plaintext RGB color images are equal.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

**(h)**

**(i)**

**(j)**

**(k)**

**(l)**

**(m)**

**(n)**

**(o)**

##### 4.3. A Simple Numerical Example

In order to demonstrate the effectiveness of the cryptanalysis, one provides a simple numerical example.

Suppose that a plaintext grayscale image of size is set as an example, which is denoted by . Then, one obtains the corresponding ciphertext image represented by through utilizing the original encryption algorithm. Moreover, let and be

Suppose that is unknown, and represents the recovered plaintext grayscale image from the ciphertext image . The steps for obtaining by using the proposed chosen-plaintext attack scheme are given as follows:(1)According to chosen-plaintext attack, choose a full zero plaintext image as , and the corresponding ciphertext image is , which are given by Then, based on equations (19) and (20), one gets their corresponding 1D bit-plane decomposition sequences and , respectively, and gets the 1D ciphertext sequence corresponding to . Then, according to equations (11)–(13), one further deciphers the 1D equivalent diffusion sequence , which is denoted by(2)Given . According to chosen-plaintext attack, by choosing 5 special 2D plaintext images , one obtains the corresponding 1D bit-plane decomposition sequences , 2D ciphertext images , and 1D ciphertext sequences , respectively. Besides, the mathematical expressions of and are represented by(3)Based on equations (21) and (22), one deciphers the 1D sequences as(4)According to equations (15) and (24), one reveals the 1D equivalent index sequence , given by(5)First, by using the obtained 1D equivalent diffusion sequence , rediffuse the 1D diffusion sequence corresponding to the ciphertext image . The 1D equivalent permutation encryption sequence is deciphered as Then, rescramble by utilizing the 1D equivalent index sequence , and the 1D bit-plane decomposition sequence is given by

Finally, according to the bit-plane composition principle, is converted into 2D plaintext image , that is, one recovered plaintext grayscale image from the ciphertext image is

According to equations (19) and (28), one obtains that . Therefore, the proposed chosen-plaintext attack scheme has been verified through the above examples.

##### 4.4. Attack Complexity and Time

According to above analysis, as for the grayscale images with the size of , one gets that deciphering the 1D equivalent diffusion sequence and the 1D equivalent index sequence only require plaintext images and the corresponding ciphertext images without any known keys. Therefore, the total data complexity is , which represents a logarithmic level complexity. Moreover, the breaking time is 12.18 seconds by utilizing our proposed schemes. As for the RGB color images with the size of , the total data complexity is . Besides, the breaking time is 40.3 seconds by utilizing our proposed schemes, respectively. Consequently, the experiment results show that the cracking method is both effective and efficient, where it has lower running time and attack complexity.

#### 5. Suggestions for Improvement

According to the security defects of the original image chaotic encryption algorithm, the suggestions for improvement are given as follows:(1)In the permutation encryption structure, one can construct the combination of key stream parameters and the characters of the plaintext image, such as all pixels’ sum, average, and hash value of the plaintext information, where the equivalent permutation keys can be avoided.(2)In the diffusion encryption structure, one could add some nonlinear diffusion encryption techniques such as S-box and ciphertext feedback mechanism to enhance the combination of plaintext, keys, and ciphertext and further promote the security of the original encryption algorithm. Moreover, one can suggest building the combination of the circle shift parameter and the diffusion encryption results to avoid the equivalent diffusion keys.(3)One can suggest that the multiple-round encryption algorithm is proposed to improve the security based on the higher efficiency.(4)One can check the randomness of chaotic sequences. The periods of chaotic sequences obtained by iterating the logistic map in the digital computer are rigorously analysed in [39] and further lead to the dynamic degradation of chaotic maps. Moreover, the randomness of chaotic sequences affects the security of the encryption algorithm. Therefore, it is necessary to check the randomness of chaotic sequences from the perspective of cryptanalysis.

#### 6. Conclusions

In this paper, the chaotic cryptosystem with the three-level structure of permutation encryption, diffusion encryption, and linear transformation is analysed. Simplifying the three-level encryption structure of a chaotic cipher into the two-level encryption structure of equivalent permutation encryption and equivalent diffusion encryption is the key point to solve the security analysis problem. In addition, because the chaotic cipher algorithm belongs to an open-loop structure and lacks the ciphertext feedback mechanism, the generated chaotic sequence has nothing to do with the plaintext image, so the equivalent key method can be used to decipher it. The results of theoretical analysis and numerical simulation show that, as for the grayscale images and RGB color images of size , by utilizing the chosen-plaintext attack method, the equivalent diffusion key and equivalent permutation key can be obtained by choosing only and plaintext images and the corresponding ciphertext images; thus, the original algorithm can be deciphered successfully. Finally, some suggestions are presented to improve the security of the original image chaotic encryption algorithm. Furthermore, the paper sets up a good example framework for security analysis of bit-level chaotic cryptosystems.

#### Data Availability

The data and code used to support the findings of this study are available from the corresponding author upon request.

#### Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

#### Acknowledgments

This work was supported by the National Key Research and Development Program of China (no. 2016YFB0800401) and the National Natural Science Foundation of China (nos. 61532020 and 61671161).