#### Abstract

The popularization of 5G and the development of cloud computing further promote the application of images. The storage of images in an untrusted environment has a great risk of privacy leakage. This paper outlines a design for a lightweight image encryption algorithm based on a message-passing algorithm with a chaotic external message. The message-passing (MP) algorithm allows simple messages to be passed locally for the solution to a global problem, which causes the interaction among adjacent pixels without additional space cost. This chaotic system can generate high pseudorandom sequences with high speed performance. A two-dimensional logistic map is utilized as a pseudorandom sequence generator to yield the external message sets of edge pixels. The external message can affect edge pixels, and then adjacent pixels interact with each other to produce an encrypted image. A MATLAB simulation shows the cipher-image performs fairly uniform distribution and has acceptable information entropy of 7.996749. The proposed algorithm reduces correlation coefficients from plain-image 1 to its cipher-image 0, which covers all of the plain-image characters with high computational efficiency (speed = 18.200374 Mbit/s). Theoretical analyses and experimental results prove the proposed algorithm’s persistence to various existing attacks with low cost.

#### 1. Introduction

##### 1.1. Background

The rapid development of networking promotes multimedia communication and transmission. As one of the most important data carriers, multimedia contains large amounts of visual information and rich content. Multimedia plays important role and has widespread applications [1–4] in many scenarios. However, multimedia data are vulnerable to interception and modification during transmission on public communication channels. Additionally, mobile devices are vulnerable to theft and loss due to their small size in a public environment. In particular, mobile devices, such as mobile phones and tablets, integrate computing and storage. It is difficult to guarantee the security of personal information by relying solely on access control. Therefore, the loss of mobile devices has serious security risks of privacy leakage [5, 6]. In recent years, many interesting image encryption algorithms have been proposed based on various theories, such as Advanced Encryption Standard (AES) [7, 8], DNA coding [9, 10], discrete cosine transform (DCT) [11, 12], and Arnold transform [13–16]. These schemes require large computational cost that mobile terminals cannot afford. Due to the high parallelism of DNA molecules, some researchers have combined DNA technology to design highly efficient and secure encryption schemes [9, 10]. However, DNA coding takes a substantial amount of time, and many devices do not have a high level of parallelism. Therefore, the encryption scheme based on DNA coding is difficult to be widely used in most scenarios. DCT performs an efficient energy compaction and separability property when images have a high correlation between adjacent pixels. In [12], DCT is used for blocks’ transformation to lower pixel correlation in the frequency domain. But DCT is a lossy coding scheme. Singh et al. [15] utilized a fractional Hartley transform combined with an Arnold transform to encrypt images in the frequency domain. The Arnold transform is used for pixel scrambling in image encryption studies. Its drawback is that the width and height of the original image must be identical, which limits its application scenarios to a large extent. Furthermore, the image encryption algorithm needs to have extremely high computational efficiency to reduce the impact on the user experience. Ideally, the user should have no perception of the encryption/decryption process. There is a great body of studies on chaotic systems [17–19] because of their many excellent intrinsic properties, such as ergodicity, pseudorandomness, fast computational speed, and high sensitivity. The image encryption algorithm combined with a chaotic system can yield high randomness, high key sensitivity, and fast computational speed. Parvaz and Zarebnia [17] define a combination chaotic system by using Logistic, Sine, and Tent systems and analyze its chaotic properties. And they applied the new chaotic system to design an image encryption algorithm, which is proved to be secure and practical. A two-dimensional logistic map contains features, such as less periodic windows in bifurcation diagrams and a larger range of parameters for chaotic behaviors, which is more suitable for cryptography. Furthermore, an image encryption algorithm based on a two-dimensional logistic map and DNA sequence operations is proposed in [19]. In the paper, a two-dimensional logistic map is utilized as the pseudorandom generator to get the external message of edge pixels. The pseudorandom sequences participate in the calculation of edge pixels and spread to the whole image with message-passing (MP) algorithm, which guarantees the randomness and low pixel correlation of cipher-images.

MP [20–22] is an interesting idea for performing complicated calculations using simple and commonly distributed hardware. Simple messages are passed locally among simple processors whose operations yield a solution for a global problem. Therefore, MP algorithms are widely used in various fields. The message-passing approach is intuitively appealing and suited to non-Gaussian models and nonlinear. Local impact on the global is an important feature to describe the scrambling of a cipher-image. Inspired by the idea, we discover a new application based on MP for high diffusion in the image encryption files. In this paper, as a prior message, the current pixel carries out mathematical calculations with an external message, whose result is stored in the current coordinate as a posterior message. The posterior message is passed to adjacent pixels as an external message for a new round of calculations. As the message passes to all pixels, we get the final cipher-image. The process of a message passing is based on the interaction among adjacent pixels of the image and accomplishes ciphertext security delivery. Therefore, there are no additional space costs, which realize secure image encryption with low space cost.

##### 1.2. Contribution and Organization

A lightweight image encryption algorithm based on MP [20–22] and a chaotic map are proposed for content protection. A message-passing algorithm allows simple messages to be passed locally and leads to the solution of a global problem. Local impact on the global is an important feature to describe the scrambling of a cipher-image. The paper applies MP to scramble the image at the diffusion stage. Each pixel is viewed as the node of the network, and all nodes constitute the image. Two valid passing paths are chosen: one proceeds from the coordinate (1, 1) to (*M*, *N*) through a rightward and downward path, called forward propagation [23, 24]. The other proceeds from the coordinate (*M*, *N*) to (1, 1) by a leftward and upward path, called backpropagation [24–26]. Chaotic sequences can affect edge pixels, and then adjacent pixels interact with each other to realize the image encryption. The cipher-image is subject to the strict control of the two-dimensional logistic map. Therefore, the initial parameters of a two-dimensional logistic map are regarded as the security key for resistance against key sensitivity attacks. The major contributions of the proposed scheme are as follows:(1)We design a lightweight image encryption algorithm based on MP and two-dimensional logistic chaotic map, which has a high level of security with small space cost and high running performance.(2)We introduce MP to the image encryption field to yield a notable scrambling effect. Message passing yields an interaction among adjacent pixels without additional space consumption. Two valid passing paths are set to guarantee the scrambling effect associated with each pixel of the image.(3)MP allows the external message to affect edge pixels and then spread across the image. Based on this feature, we design a novel diffusion method that chaotic system is used to control the external message of MP. The security of the proposed algorithm relies heavily on a two-dimensional logistic map, which has initial parameters that are reserved as the security key. Hence, the proposed algorithm has a highly chaotic property and strong robustness against key sensitivity analysis.

The remaining sections of the paper are organized as follows. In Section 2, the preliminary proposed algorithm is introduced. In Section 3, the encryption and decryption algorithms are described. Section 4 provides simulation results and security analysis from a MATLAB platform. Finally, conclusions are drawn in Section 5.

#### 2. Preliminary

##### 2.1. Message Passing

The message-passing algorithm [20] can do complicated calculations by using simple and commonly distributed hardware. Simple messages are passed locally among simple processors to provide a solution to a global problem. As an example, consider the complex calculation of counting the number of soldiers in a line who communicate single integers to the two adjacent soldiers and add one to a number. The rule includes three steps as follows: Step 1. If you are the front soldier in the line, say the number “one” to the soldier behind you Step 2. If you are the rearmost soldier in the line, say the number “one” to the soldier in front of you Step 3. If a soldier ahead of or behind you says a number to you, add one to it, and say the new number to the soldier on the other side

Its abstract model is given in Figure 1.

As shown in Figure 1, MP [20] has a local impact on the global, which is an important feature to yield the scrambling of the cipher-image. We introduce MP into image encryption for scrambling and define edge pixels as a set of pixels whose coordinates or or or in the image. To adapt to the bidimensionality of an image, this paper extends definitions of forward propagation [23, 24] and backpropagation [24–26] for a low correlation coefficient. Forward propagation proceeds from the coordinate to on a rightward and downward path while backpropagation proceeds from the coordinate to on a leftward and upward path. Based on the abstract model of message passing presented in Figure 1, we provide two-dimensional definitions of forward propagation and backpropagation of MP in the image below. Forward propagation is defined as follows:where the *M* × *N* image Mp is calculated to be Mp′ by forward propagation. The function ExF returns the computed result of the external message. Efr of size 1 × *N* and Efc of size *M* × 1 represent forward external message sets. The coordinate (*i*, *j*) proceeds from (1, 1) to (*M*, *N*). Backpropagation is defined as follows:where the *M* × *N* image Mp is calculated to be Mp′ by backpropagation. The function ExF returns the computed result of the external message. Ebr of size 1 × *N* and Ebc of size *M* × 1 represent back external message sets. The coordinate (*i*, *j*) proceeds from (1, 1) to (*M*, *N*).

##### 2.2. Two-Dimensional Logistic Map

A two-dimensional logistic map [19, 27] contains many features, such as less periodic windows in bifurcation diagrams and a larger range of parameters for chaotic behaviors, which is more suitable for cryptography. As a nonlinear recursive algorithm, a two-dimensional logistic map is defined as follows:where , , , and are control parameters. When , , , and , the system can generate outstanding pseudonumbers in the region (0, 1].

##### 2.3. Substitution Box

Substitution box (S-box) [8, 28] is an important nonlinear tool in cryptography. S-box is created by using a form of modulus mathematics that is called Rijndael’s Galois field. Its arithmetic has special properties that ensure values do not exceed 2^{8}, which keeps everything within a byte and is great for computers [16]. As a lookup table, S-box generally divides each number into its most and least significant nibble (4 bits). The least significant nibble identifies the column, and the most significant nibble defines the row to use in Table 1.

#### 3. Encryption and Decryption

The encryption approach consists of three stages, including external message generation, forward propagation, and backpropagation. The overall architecture of the proposed cryptosystem is shown in Figure 2. External message generation is constructed by a two-dimensional logistic map [19, 27], whose initial parameters are taken as the security key of the proposed cryptosystem. External message generation is utilized to generate external message sets to encrypt the edges of the image. Forward propagation [23, 24] is introduced to scramble the image from front to back. When a certain pixel is altered, all the pixels behind it change. Backpropagation [24–26] is able to scramble the image from back to front. When a certain pixel is altered, all the pixels before it change too. The combination of forward propagation and backpropagation provides the cryptosystem with a significant feature that a variation in one pixel can affect the whole image, which ensures the proposed method could resist against multiple advanced attack methods, e.g., differential attack and chosen-plaintext attack, etc. In this paper, forward propagation and backpropagation as defined in equations (1) and (2) are described in Figures 3 and 4, respectively, where Efr, Efc, Ebr, and Ebc, respectively, represent external message along four directions.

##### 3.1. Encryption Approach

The proposed algorithm takes the initial parameters of a two-dimensional logistic map as a security key. Two pairs of initial parameters and are substituted into equation (3), and then after iterating equation (3) for *M* and *N* times, respectively, the cryptosystem obtains four chaos sequences that participate in computations of forward propagation shown in Figure 3 and backpropagation shown in Figure 4. The detailed encryption steps are as follows:(1)Substituting two pairs of initial parameters and into equation (3) and iterating them for *N* + *m* and *M* + *m* times, respectively. Discarding the former *m* values to avoid harmful effects. Four chaos sequences, including *X*_{1} of size *N*, *Y*_{1} of size *N*, *X*_{2} of size *M*, and *Y*_{2} of size *M*, are obtained, and they range from 0 to 1.(2)Executing equation (4) to transform chaos sequences into external message sets Efr of size *N*, Efc of size *M*, Ebr of size *N*, and Ebc of size *M*:(3)Defining the function ExF in equations (1) and (2) as follows: where the function *S* substitutes the value of the current argument [28] according to Table 1.(4)Substituting the plain-image *P* into Mp and executing equation (1) from coordinate to through forward propagation produce the image .(5)Substituting the image into Mp and executing equation (2) from coordinate (*M*, *N*) to (1, 1) through backpropagation produce the final cipher-image *C*.

##### 3.2. Decryption Approach

The proposed cryptosystem has an excellent feature in that the majority of encryption/decryption steps are the same. Therefore, the proposed cryptosystem is easy to implement in various platforms with low costs. The detailed decryption steps are given as follows:(1)By executing steps (1–3) in Section 3.1, external message sets Efr, Efc, Ebr, and Ebc are obtained.(2)Substituting the final cipher-image *C* into Mp and executing equation (2) from coordinate (1, 1) to implement the converse of backpropagation and the image is obtained.(3)Substituting the image into Mp and executing equation (1) from the coordinate to implement the converse of forward propagation. Thus, the decryption process is complete, and the plain-image *P* is obtained.

#### 4. Security Analysis

The adversary may attempt various attack methods to break up encryption algorithms. In order to verify the security of the proposed cryptosystem, we simulate multiple attack methods to conduct security analysis from many aspects, including statistical analysis, sensitivity analysis, key space analysis, information entropy, chosen-plaintext attack, time, and space costs. Color image is composed of red, green, and blue channels. The proposed cryptosystem is implemented in three color channels to ensure the security of color images. For convenient comparison and analysis, standard grayscale images 256 × 256 Lena and 512 × 512 Peppers from the SIPI image database are used for the experiment. The simulations are implemented in MATLAB R2015b on a computer with a 2.30 GHz Intel Core i3 CPU and 4 GB of RAM. For good chaotic characteristics, the cryptosystem sets the control parameters of the two-dimensional logistic map as , , , and . The two-dimensional logistic map discards the former *m* = 100 values to avoid the harmful effects of initial generations. We input the security keys , , , and and encrypt 256 × 256 Lena and 512 × 512 Peppers. Plain-images and their cipher-images are presented in Figure 5.

**(a)**

**(b)**

**(c)**

**(d)**

##### 4.1. Statistical Analysis

###### 4.1.1. Histogram

The histogram [19, 29] represents the distribution of the pixel values of an image. For visual images, the distribution of their pixel values shows an obvious rule. A statistical attack is a common method to find statistical clues to break the cryptosystem. A secure cryptosystem can make the cipher-image have a uniform frequency distribution and provide as little statistical information as possible. We compare the distribution of the pixel values between the plain-image and cipher-image. Figure 6 shows that plain-images contain a large amount of statistical information while cipher-images have a fairly uniform distribution over the interval .

**(a)**

**(b)**

**(c)**

**(d)**

###### 4.1.2. Correlation Coefficients

Due to the intrinsic features of the image, adjacent pixels perform high correlation. The correlation coefficient [29, 30] is a numerical measure to evaluate the statistical relationship between two variables. The high correlation means attackers could try to infer adjacent pixel values based on probability theory. An excellent image encryption algorithm can reduce the correlation of adjacent pixels and provide a smaller correlation coefficient. We randomly choose 5,000 pairs of adjacent pixels from plain-images and cipher-images along horizontal, vertical, and diagonal directions for a correlation test. The correlation coefficient is defined as follows:where *x* and *y* are pixel values of adjacent pixels. The parameter is the total number of pixels. *E* (*x*) is mathematical expectations and *D*(*x*) is the variance of *x*. Cov (*x*, *y*) is the covariance and *r*_{xy} is the correlation coefficient. Figure 7 shows the correlation distribution of Lena and its cipher-image along three directions. The correlation distribution of the plain-image is highly concentrated, while that of the cipher-image is random. It reveals that the high correlation of the image is obviously reduced. We calculate the correlation coefficients of plain-images and cipher-images according to equation (6). Table 2 reports that the correlation coefficients of plain-images are close to 1, while those of cipher-images are close to 0. Table 3 shows a comparison of correlation coefficients for the proposed scheme and other schemes from three directions for the image Lena. The proposed cryptosystem covers up all the plain-image characteristics and has confusion properties.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

###### 4.1.3. Mean Absolute Error

In statistics, mean absolute error (MAE) [31, 32] is a measure of the difference between two continuous variables. Here, MAE is a measure to assess the error between the plain-image *P* and the cipher-image *C*. A enough large MAE means more secure encryption effects. The definition of MAE is given bywhere *M* × *N* is the size of the image. The results of MAE are reported in Table 4.

###### 4.1.4. Root Mean Squared Error

In statistics, root mean squared error (RMSE) [32] reflects the average squared difference between the estimated values and what is estimated, which corresponds to the expected value of the squared error loss. RMSE is a measure to quantify the difference between the plain-image *P* and the cipher-image *C*. The definition of RMSE is given by

The larger the RMSE value, the better the encryption security. The results of the RMSE are reported in Table 4. The experiment results show the significant difference between plain-images and corresponding cipher-images, which indicates strong resistance against statistical attacks.

##### 4.2. Sensitivity Analysis

###### 4.2.1. Differential Attack

A differential attack [33–35] is an effective method to break up a cryptosystem that aims to input some slightly different plain-images and compare differences of their cipher-images for attack clues. To quantify the influence of a slight change on the cipher-image, two common parameters, including the number of pixels change rate (NPCR) and unified average changing intensity (UACI), are used to measure the differences between two cipher-images. NPCR and UACI are defined as follows:where *M *× *N* is the size of cipher-images C and . . NPCR reflects the difference in the number of different pixel values between the two images. And UACI reflects the difference of pixel intensity between two images. For two images with complete randomness, and . Table 5 reports simulation results for a 1-bit change in plain-images for different pixels.

We add a random pixel value for two standard images to 1 and compute the results of NPCR and UACI for 1,000 times. The mean values are shown in Table 6. Table 7 reports the comparison of NPCR and UACI for the proposed scheme and other schemes in the image Lena. Results are very close to ideal values. The simulation demonstrates an excellent ability to resist differential attacks.

###### 4.2.2. Key Sensitivity Test

The key sensitivity test [10, 30] checks the sensitivity of the cryptosystem to the security key. The test method includes two aspects. One encrypts the plain-image with the security key and decrypts the corresponding cipher-image with a key that is wrong by a 1-bit change in the security key, as seen in Table 8 and Figure 8. The other encrypts images by two keys that differ by only 1 bit and measures the differences between their cipher-images using NPCR and UACI. Table 9 reports the average NPCR and UACI between two cipher-images when the security key is added error *x*_{1} + 10^{−12}. The results show that a slight change in the security key can cause significant differences, and the cryptosystem passes the key sensitivity test.

**(a)**

**(b)**

**(c)**

**(d)**

##### 4.3. Key Space Analysis

A brute-force attack means that attackers try all possible security keys through an exhaustive key search until the correct one is found. A secure cryptosystem would have enough key space to defend against a brute-force attack. The proposed algorithm takes two pairs of initial parameters, and , from the two-dimensional logistic map as the security key. The design provides a flexible size for the key space to meet requirements for all levels of security. The simulation employs a 10^{48}-bit security key, which is larger than 2^{128} [36, 37]. It provides enough key space to resist all kinds of brute-force attack. Thus, the proposed cryptosystem is suitable for privacy protection of photos in multiple terminal devices.

##### 4.4. Information Entropy

Information entropy [8, 38] quantifies the amount of information in a stochastic source. As an important mathematical parameter, it is used to evaluate the consistent distribution of pixel values. When the probability of each gray value of the image is equal, the information entropy of the image is the maximum. The definition of information entropy is given as follows:where *p* (*s*_{i}) represents the probability of the symbol *s*_{i}. The ideal information entropy is for a 2^{8}-bit stochastic source. Therefore, the information entropy of cipher-images encrypted by a good cryptosystem should be close to 8 for grayscale images or a channel of color images. The calculation of information entropy for cipher-images Figure 5(a)–5(d) is presented in Table 10. Information entropy is related to the size of the image. Table 11 reports the comparison of average entropy between the proposed scheme and other schemes for 512 × 512 images. The results reveal the uncertainty and degree of ambiguity in the cipher-image.

##### 4.5. Ciphertext and Plaintext Attack

In cryptography, the ciphertext and plaintext attacks are common methods to cryptanalyze a cryptosystem. Adversaries deploy specific attack approaches based on different scenarios and assumptions. According to adversary’s knowledge, the ciphertext and plaintext attacks could be divided into ciphertext-only attack, known-plaintext attack, and chosen-plaintext attack [9]. Ciphertext-only attack assumes that an adversary only could obtain a set of ciphertexts. Known-plaintext attack assumes that an adversary could obtain a set of plaintexts and corresponding ciphertexts. And chosen-plaintext attack assumes that an adversary could access arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. Obviously, chosen-plaintext attack provides the most information for adversaries among three attack assumptions. If the cryptosystem is able to defend the chosen-plaintext attack, it is also believed to resist against the other two attacks.

In the proposed cryptosystem, we apply the two-dimensional logistic map to generate the chaotic sequences as the external message, which cannot be recovered by means of chosen-plaintext images. Moreover, the novelty of the proposed algorithm is that we introduce MP to the image encryption process for a notable scrambling effect. As shown in equations (1) and (2), forward propagation and backpropagation allow the external message to affect edge pixels and then spread across the image. Therefore, the encryption result of every byte is affected by the contents of the previous bytes. The experimental results in Section 4.2.1 show high sensitivity of the proposed method to plain-images, which ensures the cryptosystem could resist against the chosen-plaintext attack.

##### 4.6. Time and Space Cost

In the encryption algorithm based on chaotic sequences, a large amount of computation time is spent on multiplication for multiple rounds [39–41]. In this phase, the time complexity of the proposed algorithm is *O* (2 ×*m* + 2 × *M* + 2 × *N*). In the encryption/decryption phase, forward propagation and backpropagation need to execute *M* × *N* times. Considering the lack of high parallelism in mobile devices, the time complexity is *O* (2 × *M* × *N*). Thus, the time complexity of the cryptosystem is *O* (2 × *M* × *N* + *M* + *N* + *m*). The encryption process is simulated for 512 × 512 images 1000 times and gets the total time as 109.887853 s. Thus, the real encryption speed is 18.20037 Mbit/s. The cryptosystem performs with high encryption efficiency and is acceptable for mobile phone users. Table 12 compares the encryption efficiency with different encryption algorithms and displays a fast running performance for the proposed cryptosystem.

In terms of space cost, the proposed algorithm needs *O* (*M* + *N*) to store external message sets produced by a two-dimensional logistic map. In the encryption/decryption phase, message passing is conducted inside the image and does not have an extra space cost. However, the S-box occupies 256 bytes for nonlinear substitution. Thus, the space complexity of the cryptosystem is *O* (*M* + *N* + 256), which is applicable to mobile phones.

#### 5. Conclusion

This paper demonstrates a lightweight image encryption algorithm based on message passing and a two-logistic map with low time and space costs. Compared to the *M* × *N* space cost of traditional chaotic algorithms, the proposed algorithm only requires *M* + *N* bytes to store external message sets from a two-dimensional logistic map, which is utilized as a pseudorandom generator to yield the external message sets of edge pixels. The external message sets affect edge pixels, and then adjacent pixels interact with each other to realize the image encryption. Message passing provides a novel approach for scrambling pixels inside an image without additional space costs. The simulation shows the cipher-image performs fairly uniform distribution with correlation coefficients close to 0, an acceptable information entropy of 7.996749 with a high computational efficiency (speed = 18.200374 Mbit/s). Additionally, the cryptosystem provides a flexible size for the key space to meet requirements for all levels of security. The experiment proves that the algorithm can resist key sensitivity analysis even if the key space is large enough. The cryptosystem can resist various attack techniques, including statistical attack, differential attack, known-plaintext attack, and brute-force attack with low time and space overheads. Thus, we demonstrate that the proposed algorithm can resist various existing attacks with low time and space cost.

#### Data Availability

Our experimental data come from an open-source database.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest regarding the publication of this article.

#### Acknowledgments

The work was supported by the Wuhan Frontier Program of Application Foundation (no. 2018010401011295) and the National Natural Science Foundation of China (no. U1936122).