A Novel Chaos-Based Color Image Encryption Scheme Using Bit-Level Permutation

Abstract

To ensure the security of digital images during transmission and storage, an efficient and secure chaos-based color image encryption scheme using bit-level permutation is proposed. Our proposed image encryption algorithm belongs to symmetric cryptography. Here, we process three color components simultaneously instead of individually, and consider the correlation between them. We propose a novel bit-level permutation algorithm that contains three parts: a plain-image related rows and columns substitution, a pixel-level roll shift part, and a bit-level cyclic shift part. In the plain-related rows and columns substitution part, we involve the plain-image information to generate a control sequence by using a skew tent system. This process ensures that the correlation between three color components can be totally broken, and our cryptosystem has enough plain-image sensitivity to resist the differential attack. In the pixel-level roll shift part and bit-level cyclic shift part, we have a fully bit-level permutation controlled by two sequences using a Rucklidge system. The simulation and some common security analyses are given. Test results show that our proposed scheme has good security performance and a speed advantage compared to other works.

1. Introduction

Color images, as a kind of multimedia format, have become the most important information carrier in digital communication, increasing the convenience of daily life. The security problem of color images in transmission and cloud storage should not be ignored; therefore, digital image encryption has become an important research topic in the field of multimedia network communication.

There are different features between image and text structure data, such as high redundancy, strong correlation among adjacent pixels, etc. Thus, many traditional text structure encryption schemes result in poor performance on image encryption [1]. Therefore, many encryption algorithms designed for image features have been proposed [2]. Previously, an image encryption scheme only used special transformation matrices (e.g., Arnold map, magic cube transformation, etc.) to change the position of pixels in the plain image, but these schemes did not meet Kerckhoffs’s principle. According to Kerckhoffs’ principle, a modern cryptosystem should make all details public knowledge, as the system security only depends on the key. These schemes are also unable to resist statistical attacks and known plaintext attacks [3].

According to Shannon’s theory [4], a good encryption system should contain two processes: permutation and diffusion. There are two types of permutation methods: one is the pixel-level permutation, which only changes the pixels’ positions; the other is the bit-level permutation, which not only changes the positions, but also changes the values of the pixels. The diffusion process is a necessary step in ensuring the plaintext and security key are fully diffused.

Many fields have found the chaotic phenomenon since Lorenz [5] proposed the chaos theory, including medicine, biology, chemistry, astronomy, physics, etc. As a result of its many good properties, such as sensitivity to initial values and parameters, randomness, ergodicity, etc., chaotic systems are suitable for designing an image cryptosystem belonging to symmetric cryptography. Since the first chaotic image encryption scheme was proposed by Matthews [6], a large number of image encryption algorithms based on chaos theory have been put forward [7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33].

There are two mainstream research directions. One direction is pixel image encryption [7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,29,30,31,32], which for some applications, must be transported in pixel form, e.g., remote sensing images. The other direction is encryption on a compressed image, e.g., image applications on the internet [23,24,25,26,27,28,29]. In [1], a plain image-related encryption method was given; this scheme performed well for resisting a differential attack. However, this scheme has an obvious shortcoming—it hides the quantization value generated by the plain image in two pixels of the cipher image. It can cause security problems and information loss. Patidar et al. [3] presented a substitution–diffusion-based image cipher using chaotic standard and logistic maps. Lee et al. [7] proposed image encryption based on a lightweight chaotic system and simple arithmetic operation to achieve high encryption speed. Ullah et al. [8] designed a scheme for image encryption using a chaotic system and S-box. Devaraj et al. [9] designed a dynamic S-box using a modified standard map, and then proposed a color image encryption scheme using this dynamic S-box. Although this scheme has good security performance, its encryption efficiency is not fast enough. Guesmi et al. [10] used chaos theory, a DNA sequence operation, and hash function SHA-2 to design an image encryption scheme. This scheme takes advantage of the parallel features of DNA computing. However, the DNA encoding process and hash function increase the computational complexity.

Hu et al. [11] proposed a bit-level permutation strategy using a dynamic lookup table, and then provided an image encryption algorithm based on their theory. This scheme reduces bit-level permutation computational complexity using a look-up table. Hu et al. [12] defined a novel DNA sequence operation, and then they proposed an image cryptosystem based on chaotic map and this operation. The image DNA encoding and decoding processes are achieved through DSP (Digital Signal Processor), thereby improving the efficiency of those processes. Li et al. [13] proposed an image encryption scheme based on a chaotic tent map. This scheme has a weak plaintext sensitivity for resisting a differential attack.

Souyah et al. [14] proposed an image cryptosystem combining cellular automata and weighted histogram. They used one random position pixel from the plain image to store the weighted histogram value, ensuring that the encryption scheme has a relationship with the plain image. In [15], the author proposed a novel color image cryptosystem that combines compression and encryption, and this system uses the discrete cosine transformation dictionary to represent the color image. Then, the encryption and compression are achieved using a hyper chaotic system. In [16], the simulated annealing algorithm was used to obtain the optimal pseudorandom sequences, and then based on this theory, they designed an image encryption scheme. In [17], an image encryption algorithm was designed using chaos theory and they proposed a ranks interweaving method. This scheme has good encryption efficiency, but its security keys have a strong inner relation; therefore, the key space of this cryptosystem is not as large as declared. Li et al. [20] proposed a plaintext-related image encryption scheme by designing reversible permutation and security key generation algorithms. Zhu et al. [21] proposed a new compound homogeneous hyper chaotic system, and used this proposed chaotic system to design an image encryption algorithm. Ye et al. [22] proposed an image encryption scheme by using a quaternion discrete fractional Hartley transform and an improved pixel adaptive diffusion method. In [23], the authors used block compressive sensing and singular value decomposition embedding to balance the security, compression, and robustness. In [24], an image encryption scheme is proposed using a 2D multiple parameter fractional discrete Fourier transform and 3D Arnold transform. You et al. [25] proposed a parallel image encryption scheme implemented in OpenCL. Ouyang et al. [26] proposed a method of impulsive synchronization of coupled delayed neural networks with actuator saturation, and designed an image encryption scheme using this method. In [27], the authors proposed a compressed sensing strategy based on a semi-tensor product and designed a visual security image encryption scheme. In [28], an image encryption scheme is proposed using compressive sensing and random numbers insertion. Zhang et al. [29] proposed a plaintext-related image encryption scheme by using a perceptron-like network. In [30], the authors proposed a color image encryption scheme based on a two dimensional nonlinear coupled map lattices system. Arpacı et al. [31] gave an image cryptosystem via a modified Chua’s circuit. Khan et al. [33] proposed an image encryption scheme based on Lorenz, Gingerbreadman chaotic map, and S₈ permutation.

Due to color images containing red, green, and blue color components, there is a correlation among color components. Therefore, the color image encryption algorithm does not simply encrypt each color component, because it needs to destroy the correlation among the components. Furthermore, a good color image encryption scheme should consume less time than the summation of encrypting each color component; therefore, our proposed method considers the correlation among three color-components and bit-level permutated them at the same time, resulting in higher efficiency. The main contributions of this work are as follows: (1) a cross-color-components bit-level permutation method is presented; (2) a fast and secure color image encryption scheme is proposed, and (3) some common security analyses and comparisons are given.

The organization of this paper is as follows: In Section 2, the detailed descriptions of encryption and decryption algorithms are given. In Section 3, the simulation results of our proposed scheme, some common security analyses, and a comparison are given. In the last section, the conclusions of this paper are provided.

2. Proposed Scheme

In our proposed scheme, the image cryptosystem includes two parts: bit-level permutation and diffusion. There are two types of chaotic systems in these processes. The skew tent system, which is given in Equation (1), is used to generate two substitute control sequences which are employed in plain-related substitution. The Rucklidge system, which is given in Equation (2), is used to generate pixels’ positions shift control sequences and bit cycle shift control sequences which are employed in bit-level permutation. In addition, the Rucklidge system generates the security keys for encryption or decryption.

Remark: In our proposed scheme, we use a skew tent map and Rucklidge system to control the encryption process; other chaotic systems can also be extended in our scheme, and the only difference is the size of the key space.

The skew tent map [34] is given by:

$$t_{n+1} = \{\begin{array}{ll}{t}_n/p\hfill & t_n\in \left(0,p\right)\hfill \\ \left(1-t_n\right)\left(1-p\right)\hfill & t_n\in \left[p,1\right)\hfill \end{array}$$

(1)

where p is the parameter of the skew tent system. When $p\in \left(0,0.5\right)\cup \left(0.5,1\right)$, the system can generate a chaotic sequence $t_n\in \left(0,1\right)$.

The Rucklidge system [35] is given by:

$$\{\begin{array}{l}\dot{x} = -ax+by-yz\hfill \\ \dot{y} = x\hfill \\ \dot{z} = y^2-z\hfill \end{array}$$

(2)

where a and b are system parameters. When a = 2 and b = 7.7, the system enters into chaos and Figure 1 shows its attractors.

2.1. Encryption Scheme

In this scheme, we used the traditional encryption architecture: permutation and diffusion. The permutation process contains three parts: plain-image related rows and columns substitution, pixel-level roll shift, and bit-level cyclic shift. Figure 2 shows the process of the encryption scheme. This process is described as follows:

(1) Input an RGB color plain image and the security keys into the encryption scheme. We assume that the size of the inputted image is M × N × 3. Then the encryption process begins.

Note, inputted security keys are defined as $\mathit{k}\mathbf{1}, \mathit{k}\mathbf{2},\dots ,\mathit{k}\mathbf{9}\in \left(0,1\right)$, which are used to generate parameters and initial values of the skew tent map and Rucklidge systems. To avoid a weak key problem, we required each input key to be 15 decimal places.

(2) Reshape the inputted color image from a 3D to 2D matrix, and denote it as PI.

$$\mathit{P}\mathit{I} = \left[Red Green Blue\right]$$

(3)

where Red, Green, and Blue are color components. PI is an M × 3N matrix.

(3) Add all values of matrix PI, and denote the summation as SUM.

$$\mathit{S}\mathit{U}\mathit{M} = {\sum }_{j = 1}^{3N}{\sum }_{i = 1}^M\mathit{P}\mathit{I}\left(i,j\right).$$

(4)

(4) The system parameter and initial condition of the skew tent map are generated by Equations (5) and (6), respectively.

$$\mathit{p} = mod\left(\mathit{k}\mathbf{1}\times \mathit{k}\mathbf{2}\times \mathit{k}\mathbf{3}\times \mathit{S}\mathit{U}\mathit{M}+\mathit{k}\mathbf{4}+\mathit{k}\mathbf{5}, 1\right)$$

(5)

$${\mathit{t}}_{\mathbf{0}} = mod\left(\mathit{k}\mathbf{6}\times \mathit{k}\mathbf{7}\times \mathit{k}\mathbf{8}\times \mathit{S}\mathit{U}\mathit{M}+\mathit{k}\mathbf{9}+\mathit{k}\mathbf{1}, 1\right)$$

(6)

where mod (a,1) means the decimal fraction from a, and k1, k2,…, k9 are the inputted keys (similarly hereinafter).

(5) Iterate Equation (1) under the system parameter and initial condition generated in Step 4, and then denote the iteration sequence (without the first 200 iterations) as T. Take the first M elements of T to generate a new sequence X1 (Equation (7)). Then, take the repeated numbers away from X1 and append the absent elements to the end for generating the rows’ substitute control sequence X. In the same way, take the M + 1 to M + 3N elements to generate a new sequence Y1 (Equation (8)). Then, take the repeated numbers away from Y1 and append the absent elements to the end for generating the columns’ substitute control sequence Y.

$$\mathit{X}\mathbf{1} = mod\left(fix\left(T\left(1:M\right)+100\right)\times {10}^{10},M\right)+1$$

(7)

$$\mathit{Y}\mathbf{1} = mod\left(fix\left(T\left(M+1:M+3N\right)+100\right)\times {10}^{10},3N\right)+1$$

(8)

where mod (a, b) represents the remainder obtained on a/b, fix (a) represents the integer part of a, and T(a:b) means take the a to the b elements of T (similarly hereinafter).

(6) Partition matrix P into row vectors and denote them as ${\mathit{R}}_t$, where t = 1, 2, …, M. Substitute the row vectors under X sequence controlling as in Equation (9).

$${\mathit{R}}_{X_i}\leftrightarrow {\mathit{R}}_{X_{M-i+1} } , i = 1,2,\dots ,\frac{M}{2}$$

(9)

(7) Repartition the row substituted matrix into column vectors and denote them as ${\mathit{C}}_t$, where t = 1, 2, …, 3N. Substitute the column vectors under Y sequence controlling as in Equation (10).

$${\mathit{C}}_{Y_i}\leftrightarrow {\mathit{C}}_{Y_{3N-i+1} } , i = 1,2,\dots ,\frac{3N}{2}$$

(10)

(8) The initial conditions of the Rucklidge system are generated by Equations (11)–(13).

$${\mathit{x}}_{\mathbf{0}} = \left(mod\left(\left(k\mathbf{1}+k\mathbf{2}\times 2\right)\times {10}^5,22\right)-11\right)\times k\mathbf{3}+\mathbf{k}4$$

(11)

$${\mathit{y}}_{\mathbf{0}} = \left(mod\left(\left(\mathit{k}\mathbf{4}\times 4+\mathit{k}\mathbf{5}\times 5\right)\times {10}^5,12\right)-6\right)\times \mathit{k}\mathbf{6}+\mathit{k}\mathbf{7}$$

(12)

$${\mathit{z}}_{\mathbf{0}} = \left(mod\left(\left(\mathit{k}\mathbf{6}\times 6+\mathit{k}\mathbf{7}\times 7\right)\times {10}^5,16\right)+1\right)\times \mathit{k}\mathbf{8}+\mathit{k}\mathbf{9}$$

(13)

(9) Under the initial conditions generated in Step 8, iterate Equation (2) through a 0.002 step size 4th-order Runge–Kutta method. There are three sequences gained from this iteration. Discard the first 800 iterations to eliminate the transitional state, and denote the three sequences as XS, YS, and ZS, respectively. Here, the transitional state—some states before the chaos system goes stable—may cause the bad randomness seen in the generation sequences for the cryptosystem.

(10) Generate rows’ and columns’ pixel-level roll shifting control sequences by Equations (14) and (15), respectively.

$$\mathit{P}\mathit{S}{\mathit{R}}_{\mathit{i}} = mod\left(fix\left(\mathit{X}{\mathit{S}}_{\mathit{i}}+100\right)\times {10}^{10},3N\right), i = 1,2,\dots ,M$$

(14)

$$\mathit{P}\mathit{S}{\mathit{C}}_{\mathit{i}} = mod\left(fix\left(\mathit{Y}{\mathit{S}}_{\mathit{i}}+100\right)\times {10}^{10},M\right), i = 1,2,\dots , 3N$$

(15)

(11) Generate rows’ and columns’ bit-level cyclic shifting control sequences by Equations (16) and (17), respectively.

$$\mathit{B}\mathit{S}{\mathit{R}}_{\mathit{i}} = mod\left(fix\left(\mathit{Z}\mathit{S}\left(1:M\right)+100\right)\times {10}^{10},8\right), i = 1,2,\dots ,M$$

(16)

$$\mathit{B}\mathit{S}{\mathit{C}}_{\mathit{i}} = mod\left(fix\left(\mathit{Z}\mathit{S}\left(M+1:M+N\right)+100\right)\times {10}^{10},8\right), i = 1,2,\dots ,3N$$

(17)

(12) Partition the matrix generated in Step 7 into column vectors, and denote them as $\mathit{P}{\mathit{C}}_{\mathit{i}}\left(j\right)$. Then, roll shift the pixels’ position as in Equation (18).

$$\mathit{P}{\mathit{C}}_{\mathit{i}}\left(j\right)\leftrightarrow \mathit{P}{\mathit{C}}_{\mathit{i}}\left(mod\left(j-\mathit{P}\mathit{S}{\mathit{C}}_{\mathit{i}},M\right)\right)$$

(18)

where i = 1, 2, …, 3N, and j = 1, 2, …, M.

(13) Denote the new column vectors generated in the previous step as $\mathit{B}{\mathit{C}}_{\mathit{i}}$. Then, cyclic shift all elements in the column vector to the left direction under the control sequence $\mathit{B}\mathit{S}{\mathit{C}}_{\mathit{i}}$ as in Equation (19).

$$\mathit{B}{\mathit{C}}_{\mathit{i}} = \mathit{B}{\mathit{C}}_{\mathit{i}}\ll \mathit{B}\mathit{S}{\mathit{C}}_{\mathit{i}}, i = 1, 2, \dots , 3N$$

(19)

(14) Repartition the matrix generated in the previous step into row vectors, and denote them as $\mathit{P}{\mathit{R}}_{\mathit{i}}\left(j\right)$. Then, roll shift the pixels’ position as Equation (20).

$$\mathit{P}{\mathit{R}}_{\mathit{i}}\left(j\right)\leftrightarrow \mathit{P}{\mathit{R}}_{\mathit{i}}\left(mod\left(j-\mathit{P}\mathit{S}{\mathit{R}}_{\mathit{i}},3N\right)\right)$$

(20)

where i = 1, 2, …, M, and j = 1, 2, …, 3N.

(15) Denote the new row vectors generated in the previous step as $\mathit{B}{\mathit{R}}_{\mathit{i}}$. Then, cyclic shift all elements in the row vector to the left direction under the control sequence $\mathit{B}\mathit{S}{\mathit{R}}_{\mathit{i}}$ as in Equation (21).

$$\mathit{B}{\mathit{R}}_{\mathit{i}} = \mathit{B}{\mathit{R}}_{\mathit{i}}\ll \mathit{B}\mathit{S}{\mathit{R}}_{\mathit{i}}, i = 1, 2, \dots , M.$$

(21)

(16) Generate key sequences from the iteration sequences generated in Step 9, as in Equations (22)–(25).

$$\mathit{K}{\mathit{S}}_{\mathbf{1}} = mod\left(fix\left(\left(\mathit{X}\mathit{S}+100\right)\times {10}^{10}\right),2^8\right)$$

(22)

$$\mathit{K}{\mathit{S}}_{\mathbf{2}} = mod\left(fix\left(\left(\mathit{Y}\mathit{S}+100\right)\times {10}^{10}\right),2^8\right)$$

(23)

$$\mathit{K}{\mathit{S}}_{\mathbf{3}} = mod\left(fix\left(\left(\mathit{Z}\mathit{S}+100\right)\times {10}^{10}\right),2^8\right)$$

(24)

$$\mathit{K}\mathit{E}\mathit{Y} = [\mathit{K}{\mathit{S}}_{\mathbf{1}} \mathit{K}{\mathit{S}}_{\mathbf{2}} \mathit{K}{\mathit{S}}_{\mathbf{3}}]$$

(25)

(17) Partition KEY into 3N vectors with M elements, and denote them as$\mathit{K}{\mathit{V}}_{\mathit{i}}$. Then, partition the matrix generated in Step 15 into column vectors, and denote them as$\mathit{E}{\mathit{C}}_{\mathit{i}}$, where$i = 1, 2, \dots , 3N$.

(18) Encrypt column vectors using Equation (26).

$$\mathit{C}{\mathit{I}}_{\mathit{i}} = \{\begin{array}{cc}\mathit{E}{\mathit{C}}_{\mathit{i}}⨁\mathit{K}{\mathit{V}}_{\mathit{i}}& i = 1\\ \mathit{E}{\mathit{C}}_{\mathit{i}}⨁\mathit{K}{\mathit{V}}_{\mathit{i}}⨁\mathit{C}{\mathit{I}}_{\mathit{i}-\mathbf{1}}& i = 2,3,\dots ,3N\end{array}$$

(26)

(19) Reshape the result of Step 18 into an M × N × 3 matrix. Finish the encryption process by outputting the cipher image.

2.2. Decryption Scheme

In our proposed image cryptosystem, the decryption scheme is the inverse process of encryption. The process of decryption is shown in Figure 3, and a detailed description is as follows:

(1) Input a cipher image and the security keys into the decryption scheme. We assume the size of the inputted cipher image is M × N × 3. Then the encryption process begins.

(2) Change the inputted image from a 3D matrix into a 2D matrix, and denote it as D.

$$\mathit{D} = \left[Red Green Blue\right]$$

(27)

where Red, Green, and Blue are color components. D is an M × 3N matrix.

(3) The initial conditions of the Rucklidge system are generated using Equations (28)–(30).

$${\mathit{x}}_{\mathbf{0}} = \left(mod\left(\left(\mathit{k}\mathbf{1}+\mathit{k}\mathbf{2}\times 2\right)\times {10}^5,22\right)-11\right)\times \mathit{k}\mathbf{3}+\mathit{k}\mathbf{4})$$

(28)

$${\mathit{y}}_{\mathbf{0}} = \left(mod\left(\left(\mathit{k}\mathbf{4}\times 4+\mathit{k}\mathbf{5}\times 5\right)\times {10}^5,12\right)-6\right)\times \mathit{k}\mathbf{6}+\mathit{k}\mathbf{7}$$

(29)

$${\mathit{z}}_{\mathbf{0}} = \left(mod\left(\left(\mathit{k}\mathbf{6}\times 6+\mathit{k}\mathbf{7}\times 7\right)\times {10}^5,16\right)+1\right)\times \mathit{k}\mathbf{8}+\mathit{k}\mathbf{9}$$

(30)

(4) Under the initial conditions generated in Step 3, iterate Equation (2) through a 0.002 step size 4th-order Runge–Kutta method. There are three sequences gained from this iteration. Discard the first 800 iterations to eliminate the transitional state, and denote the sequences as XS, YS, and ZS, respectively.

(5) Generate key sequences from the iteration sequences generated in the previous step using Equations (31)–(34).

$$\mathit{K}{\mathit{S}}_{\mathbf{1}} = mod\left(fix\left(\left(\mathit{X}\mathit{S}+100\right)\times {10}^{10}\right),2^8\right)$$

(31)

$$\mathit{K}{\mathit{S}}_{\mathbf{2}} = mod\left(fix\left(\left(\mathit{Y}\mathit{S}+100\right)\times {10}^{10}\right),2^8\right)$$

(32)

$$\mathit{K}{\mathit{S}}_{\mathbf{3}} = mod\left(fix\left(\left(\mathit{Z}\mathit{S}+100\right)\times {10}^{10}\right),2^8\right)$$

(33)

$$\mathit{K}\mathit{E}\mathit{Y} = [\mathit{K}{\mathit{S}}_{\mathbf{1}} \mathit{K}{\mathit{S}}_{\mathbf{2}} \mathit{K}{\mathit{S}}_{\mathbf{3}}]$$

(34)

(6) Partition KEY into 3N vectors with M elements, and denote them as$\mathit{K}{\mathit{V}}_{\mathit{i}}$. Then, partition the matrix D generated from Step 2 into column vectors, and denote them as$\mathit{D}{\mathit{C}}_{\mathit{i}}$, where$i = 1, 2, \dots , 3N$.

(7) Decrypt column vectors as in Equation (35).

$$\mathit{D}{\mathit{I}}_{\mathit{i}} = \{\begin{array}{cc}\mathit{D}{\mathit{C}}_{\mathit{i}}⨁\mathit{K}{\mathit{V}}_{\mathit{i}}⨁\mathit{D}{\mathit{I}}_{\mathit{i}-\mathbf{1}}& i = 2,3,\dots ,3N\\ \mathit{D}{\mathit{C}}_{\mathit{i}}⨁\mathit{K}{\mathit{V}}_{\mathit{i}}& i = 1\end{array}$$

(35)

(8) From the iteration sequences generated in Step 4, generate rows’ and columns’ pixel-level roll shifting control sequences using Equations (36) and (37), respectively.

$$\mathit{P}\mathit{S}{\mathit{R}}_{\mathit{i}} = mod\left(fix\left(\mathit{X}{\mathit{S}}_{\mathit{i}}+100\right)\times {10}^{10},3N\right), i = 1,2,\dots ,M$$

(36)

$$\mathit{P}\mathit{S}{\mathit{C}}_{\mathit{i}} = mod\left(fix\left(\mathit{Y}{\mathit{S}}_{\mathit{i}}+100\right)\times {10}^{10},M\right), i = 1,2,\dots , 3N$$

(37)

(9) Generate rows’ and columns’ bit-level cyclic shifting control sequences using Equations (38) and (39), respectively.

$$\mathit{B}\mathit{S}{\mathit{R}}_{\mathit{i}} = mod\left(fix\left(\mathit{Z}\mathit{S}\left(1:M\right)+100\right)\times {10}^{10},8\right), i = 1,2,\dots ,M$$

(38)

$$\mathit{B}\mathit{S}{\mathit{C}}_{\mathit{i}} = mod\left(fix\left(\mathit{Z}\mathit{S}\left(M+1:M+N\right)+100\right)\times {10}^{10},8\right), i = 1,2,\dots ,3N$$

(39)

(10) Repartition the matrix generated from Step 7 into row vectors, and denote them as $DB{R}_i$. Then, cyclic shift all elements in the row vector to the right direction under the control sequence $BS{R}_i$ as in Equation (40).

$$\mathit{D}\mathit{B}{\mathit{R}}_{\mathit{i}} = \mathit{D}\mathit{B}{\mathit{R}}_{\mathit{i}}\gg \mathit{B}\mathit{S}{\mathit{R}}_{\mathit{i}}, i = 1, 2, \dots , M$$

(40)

(11) Denote the new row vectors generated in the previous step as $DP{R}_i\left(j\right)$. Then, roll shift the pixels position as in Equation (41).

$$\mathit{D}\mathit{P}{\mathit{R}}_{\mathit{i}}\left(j\right)\leftrightarrow \mathit{D}\mathit{P}{\mathit{R}}_{\mathit{i}}\left(mod\left(j+\mathit{P}\mathit{S}{\mathit{R}}_{\mathit{i}},3N\right)\right)$$

(41)

where i = 1, 2, …, M, and j = 1, 2, …, 3N.

(12) Partition the matrix generated in the previous step into column vectors and denote them as $\mathit{D}\mathit{B}{\mathit{C}}_{\mathit{i}}$. Then, cyclic shift all elements in the column vector to the right direction under the control sequence $\mathit{B}\mathit{S}{\mathit{C}}_{\mathit{i}}$ as in Equation (42).

$$\mathit{D}\mathit{B}{\mathit{C}}_{\mathit{i}} = \mathit{D}\mathit{B}{\mathit{C}}_{\mathit{i}}\gg \mathit{B}\mathit{S}{\mathit{C}}_{\mathit{i}}, i = 1, 2, \dots , 3N$$

(42)

(13) Denote the new column vectors generated in the previous step as $\mathit{D}\mathit{P}{\mathit{C}}_{\mathit{i}}\left(j\right)$. Then, roll shift the pixels position as in Equation (43).

$$\mathit{D}\mathit{P}{\mathit{C}}_{\mathit{i}}\left(j\right)\leftrightarrow \mathit{D}\mathit{P}{\mathit{C}}_{\mathit{i}}\left(mod\left(j+\mathit{P}\mathit{S}{\mathit{C}}_{\mathit{i}},M\right)\right)$$

(43)

where i = 1, 2, …, 3N, and j = 1, 2, …, M.

(14) Add all values of matrix DP generated in the previous step, and denote the summation as SUM.

$$\mathit{S}\mathit{U}\mathit{M} = {\sum }_{j = 1}^{3N}{\sum }_{i = 1}^M\mathit{D}\mathit{P}\left(i,j\right).$$

(44)

(15) The system parameter and initial condition of the skew tent map are generated using Equations (45) and (46), respectively.

$$\mathit{p} = mod\left(\mathit{k}\mathbf{1}\times \mathit{k}\mathbf{2}\times \mathit{k}\mathbf{3}\times \mathit{S}\mathit{U}\mathit{M}+\mathit{k}\mathbf{4}+\mathit{k}\mathbf{5},1\right)$$

(45)

$${\mathit{t}}_{\mathbf{0}} = mod\left(\mathit{k}\mathbf{6}\times \mathit{k}\mathbf{7}\times \mathit{k}\mathbf{8}\times \mathit{S}\mathit{U}\mathit{M}+\mathit{k}\mathbf{9}+\mathit{k}\mathbf{1},1\right)$$

(46)

(16) Iterate Equation (1) under the system parameter and initial condition generated in Step 15, and denote the iteration sequence (without the first 200 iterations) as T. Take the first M elements of T to generate a new sequence X1 as in Equation (47). Then, take the repeated numbers away from X1, and append the absent elements to the end for generating the rows’ substitute control sequence X. In the same way, take the M + 1 to M + 3N elements to generate a new sequence Y1 as in Equation (48). Then, take the repeated numbers from Y1 and append the absent elements to the end for generating the columns’ substitute control sequence Y.

$$\mathit{X}\mathbf{1} = mod\left(fix\left(T\left(1:M\right)+100\right)\times {10}^{10},M\right)+1$$

(47)

$$\mathit{Y}\mathbf{1} = mod\left(fix\left(T\left(M+1:M+3N\right)+100\right)\times {10}^{10},3N\right)+1$$

(48)

(17) Partition matrix DP generated in Step 13 into column vectors, and denote them as $\mathit{C}{\mathit{C}}_{\mathit{t}}$, where t = 1, 2, …, 3N. Substitute the column vectors under Y sequence controlling as in Equation (49).

$$\mathit{C}{\mathit{C}}_{Y_i}\leftrightarrow \mathit{C}{\mathit{C}}_{Y_{3N-i+1} }, i = 1,2,\dots ,\frac{3N}{2}$$

(49)

(18) Repartition the column substituted matrix into row vectors, and denote them as $\mathit{R}{\mathit{R}}_{\mathit{t}}$, where t = 1, 2, …, M. Substitute the row vectors under X sequence controlling as in Equation (50).

$$\mathit{R}{\mathit{R}}_{X_i}\leftrightarrow \mathit{R}{\mathit{R}}_{X_{M-i+1} }, i = 1,2,\dots ,\frac{M}{2}$$

(50)

(19) Reshape the result of Step 18 into an M × N × 3 matrix. Output the plain image, and the decryption process is finished.

3. Simulation and Security Analysis

Our proposed scheme is evaluated by software simulation in this section, and the software environment was MATLAB 2015b in MacOS High Sierra (10.13.1). The system parameters of the Rucklidge system, given by Equation (2), were a = 2 and b = 7.7, and the security inputted keys were k1 = 0.596345821685246, k2 = 0.521468245214562, k3 = 0.987412563548541, k4 = 0.536958542152365, k5 = 0.987452153255425, k6 = 0.665489221351221, k7 = 0.145851325412545, k8 = 0.325632541251254, and k9 = 0.285696325412524. The test images were 512 × 512 × 3-pixel RGB color images, and the simulation results are shown in Figure 4. Furthermore, many commonly used security analyses are given in the following subsections.

3.1. Key Space Analysis

In our proposed scheme, the chaotic parameter and initial data are generated by the nine input keys k1,…, k9; therefore, the real keys of our proposed image encryption algorithm are those chaotic parameters and initial data. There are a chaotic parameter $\mathrm{p}\in \left(0,0.5\right)\cup \left(0.5,1\right)$ and initial data $t_0\in \left(0,1\right)$ of the skew tent map, and three initial data $x_0\in \left(-11,11\right)$, $y_0\in \left(-6,6\right)$, and $z_0\in \left(1,17\right)$ for the Rucklidge system. If we suppose that the change step of keys is${10}^{-15}$, which is limited by computer accuracy, then the key space can be calculated as $\mathrm{S} = {\left({10}^{15}\right)}^2\times 2.2\times {10}^{16}\times 1.2\times {10}^{16}\times 1.6\times {10}^{16} = 4.224\times {10}^{78}\approx 2^{261}$. For a cryptosystem to resist the brute-force attack, the key space needs to be at least $2^{100}$[2,19]. Therefore, our proposed cryptosystem has a large enough key space to resist the brute-force attack.

3.2. Differential Attack

The plaintext sensitivity is an indicator to show whether an image cryptosystem can resist a differential attack. We measure plaintext sensitivity by quantizing the difference between images that are generated by encrypting two plain images with a one-bit difference. There are two indictors to measure the difference between images: number of pixels change rate (NPCR) and unified average changing intensity (UACI) [9,10,11,12,13].

NPCR and UACI are given by:

$$\mathrm{NPCR} = \frac{{\sum }_{i = 1}^M{\sum }_{j = 1}^{N}D\left(i,j\right)}{M\times N}\times 100\%$$

(51)

$$D\left(i,j\right) = \{\begin{array}{c}0,C_1\left(i,j\right) = C_2\left(i,j\right);\\ 1,C_1\left(i,j\right)\ne C_2\left(i,j\right).\end{array}$$

(52)

$$\mathrm{UACI} = \frac{1}{M\times N}\left({\sum }_{i = 1}^M{\sum }_{j = 1}^N\frac{\left| C_1\left(i,j\right)-C_2\left(i,j\right)\right|}{255}\right)\times 100\%$$

(53)

where $C_1\left(i,j\right)$ and$C_2\left(i,j\right)$ are cipher images that are generated from two plain-images that have only a one-pixel difference. M and N are the height and width of each image color component, respectively.

We obtain a new image by changing the one-bit pixel value in any one color component of the plain image, and then encrypt these two images. The NPCR reflects the percentage of different values of two pixels, which are selected in the same location and same color component of two cipher images. The UACI is the average intensity of the difference between two pixels which are in the same position of two cipher images.

In this section, we randomly change the one-bit value of a pixel in any one color component, and then calculate NPCR and UACI in the red, green, and blue color components, separately. The NPCR and UACI results are shown in

Table 1. The results of number of pixels change rate (NPCR) and unified average changing intensity (UACI).

Images	Red		Green		Blue
	NPCR (%)	UACI (%)	NPCR (%)	UACI (%)	NPCR (%)	UACI (%)
Lena	99.6052	33.4025	99.6120	33.4428	99.6303	33.5029
Baboon	99.6174	33.3923	99.6117	33.3923	99.6166	33.5534
Pepper	99.6098	33.4131	99.6106	33.4946	99.6322	33.4067
Airplane	99.6170	33.4704	99.6136	33.4304	99.6075	33.5222
[30]	99.6097	33.5012	99.6218	33.4414	99.5947	33.4535
[31]	99.6012	33.4459	99.6002	33.4129	99.6174	33.4681
[32]	99.61	31.12	99.61	30.23	99.61	29.74

. According to the results of the NPCR and UACI, our proposed cryptosystem has enough plaintext sensitivity to resist the differential attack.

3.3. Statistical Analysis

3.3.1. Histogram Analysis

It is important to ensure that the cipher image shows the uniform distribution in histogram analysis, or it is not able to resist the statistical attack. In this section, we test three group histograms: histograms of image pepper, whole black image, whole white image, and their corresponding cipher images. The test results are shown in Figure 5. The histogram analysis results showed that the proposed cryptosystem has an outstanding diffusion property and statistical attack resistance.

3.3.2. Correlation Coefficient

The correlation coefficient of adjacent pixels in the cipher image is an important indictor to judge the performance of an image encryption scheme. Adjacent pixels in a plain image always have a strong correlation; therefore, image encryption processes must destroy this correlation [14,15,16].

The correlation coefficient is given by:

$$r_{ab} = \frac{\mathrm{cov}\left(a,b\right)}{\sqrt{\mathrm{D}\left(a\right)\mathrm{D}\left(b\right)}}$$

(54)

where a and b represent color values of adjacent pixels, and

$$\mathrm{E}\left(a\right) = \frac{1}{N}{\sum }_{i = 1}^N{a}_i$$

(55)

$$\mathrm{D}\left(a\right) = \frac{1}{N}{\sum }_{i = 1}^N{\left(a_i-\mathrm{E}\left(a\right)\right)}^2,$$

(56)

$$\mathrm{cov}\left(a,b\right) = \frac{1}{N}{\sum }_{i = 1}^N\left(a_i-\mathrm{E}\left(a\right)\right)\left(b_i-\mathrm{E}\left(b\right)\right).$$

(57)

In this test, 10,000 pairs of adjacent pixels were randomly selected in the cipher image.

Table 2. Correlation coefficients.

Images	Horizontal			Vertical			Diagonal
	Red	Green	Blue	Red	Green	Blue	Red	Green	Blue
Lena	−0.0022	0.0057	0.00007	0.0009	−0.0041	0.00004	0.0013	0.0017	0.0104
Baboon	0.0049	−0.0026	0.0068	0.0006	−0.0100	0.0038	0.0021	0.0147	−0.0040
Pepper	0.0038	0.0014	−0.0094	−0.0026	0.0038	0.0035	−0.0187	0.0058	0.0035
Airplane	0.0006	0.0023	0.0009	0.0013	0.0010	−0.0017	0.0016	−0.0057	0.0083
[21]	0.0112	−0.0039	0.0373	0.0118	−0.0156	0.0153	−0.0095	0.0193	0.0373
[30]	0.0013	0.0032	0.0020	0.0047	−0.0005	0.0094	0.00232	0.0048	0.0040
[31]	0.0127	−0.0338	0.0221	−0.0584	−0.0029	0.0196	−0.0633	−0.0558	−0.0167
[32]	−0.0164	−0.0071	0.0053	0.0630	−0.02911	0.0015	−0.0460	−0.0371	−0.0115

shows the results of the correlation coefficient calculation, and Figure 6 shows the distribution of pepper.

3.4. Key Sensitivity Analysis

An image cryptosystem requires a good key sensitivity to ensure the key and plaintext are fully confused. There are nine security keys in our scheme, and the change step of each key is ${10}^{-15}$. In this section, we encrypt the plain-image pepper by some keys that only change ${10}^{-15}$, and calculate the NPCR and UACI to assess the difference between ciphers. Therefore, we encrypt the plain-image pepper using the keys, which were assigned at the beginning of Section 3, and we denote the cipher image as C1. We then encrypt the plain-image pepper two times with the modified keys $\mathrm{k}{1}^{\prime }= \mathrm{k}1+{10}^{-15}$ and $\mathrm{k}{2}^{\prime }= \mathrm{k}2+{10}^{-15}$, and we denote the two generated ciphers as C2 and C3, respectively. The test results are shown in Figure 7, and the NPCR and UACI between ciphers generated by different keys are shown in

Table 3. Results of NPCR and UACI between ciphers.

Ciphers	Red		Green		Blue
	NPCR (%)	UACI (%)	NPCR (%)	UACI (%)	NPCR (%)	UACI (%)
C1 and C2	99.6029	33.4676	99.5995	33.5168	99.6029	33.5368
C1 and C3	99.6223	33.4970	99.6120	33.5514	99.6075	33.4839

. The results clearly show that the proposed image cryptosystem has enough key sensitivity and has an exhaustive attack resistance.

3.5. Information Entropy Analysis

Here, we use the information entropy to indicate the uncertainty degree of a cipher image [9,22], and the information entropy is calculated by:

$$\mathrm{H}\left(\mathrm{s}\right)={\sum }_{i=0}^{2^L-1}P\left(s_i\right)lo{g}_2\frac{1}{P\left(s_i\right)},$$

(58)

where L is the bit depth of each color component of the image, e.g., L = 8 for one color component of a 24-bit RGB color image, and $P\left(s_i\right)$ is the probability of$s_i$. The ideal information entropy of an 8-bit color component is $H\left(s\right) = 8$ bits. The entropy test of each color component is shown in

Table 4. The entropy test of each color component.

Color Channels	Lena	Baboon	Pepper	Airplane	Ref. [21]	Ref. [30]	Ref. [31]	Ref. [8]
Red	7.999279	7.999238	7.999353	7.999306	7.90302	7.99171	7.9949	7.9913
Green	7.999264	7.999280	7.999222	7.999357	7.90238	7.99121	7.9945	7.9949
Blue	7.999353	7.999299	7.999283	7.999357	7.90157	7.99117	7.9941	7.9889

. According to the test results, our entropies of each color component were close to 8, which is the ideal case for an 8-bit image. Therefore, this cryptosystem performs well for resisting an entropy attack.

3.6. Speed Analysis and Comparisons

All of the simulations and tests in this paper were implemented in MATLAB R2015b on a MacBook with Intel® Core i7, CPU 1.4GHz, and 16GB memory, and the software was run on macOS. The speed analysis results are shown in

Table 5. Speed test results.

Image Size (Pixels)	Image Size (MB)	Mean Time (s)	Mean Speed (MB/s)
256 × 256	0.187	0.0820	2.280
512 × 512	0.750	0.3239	2.315
1024 × 1024	3.000	1.2878	2.329

, and the comparison with others are shown in

Table 6. Speed comparisons.

Image Size (Pixels)	Our Work (s)	Ref. [21]	Ref. [9]	Ref. [31]	Ref. [8]
256 × 256	0.0820	-	-	-	0.4071
512 × 512	0.3239	1.5323	5.9585	0.62	1.5619
1024 × 1024	1.2878	-	-	-	6.8324

. From tests and comparisons, our method has good encryption speed performance.

4. Conclusions

In this paper, we proposed an efficiency and secure color image encryption scheme based on a chaotic system. The proposed cryptosystem contains two parts: bit-level permutation and diffusion. The bit-level permutation algorithm contains three parts: A plain-image related rows and columns substitution, a pixel-level roll shift part, and a bit-level cyclic shift part. In the plain-related rows and columns substitution part, we involved the plain-image information to generate a control sequence by using a skew tent system. This part ensures that the correlation between the three color-components is broken, and our cryptosystem has enough plain-image sensitivity to resist the differential attack. In the pixel-level roll shift part and bit-level cyclic shift part, we produced a fully bit-level permutation controlled by two sequences using a Rucklidge system. In this paper, we considered the correlation between the three color-components; thus, we processed the three color-components simultaneously, and not individually, in permutation and diffusion. Finally, the results of the security analyses and comparisons showed that our proposed scheme not only has good security performance, but also has a speed advantage compared to other works.