## Abstract

During the past decades, chaos-based permutation-diffusion type image cipher has been widely investigated to meet the increasing demand for real-time secure image transmission over public networks. However, the existing researches almost exclusively focus on the improvements of the permutation and diffusion methods independently, without consideration of cooperation between the two processes. In this paper, an improved permutation-diffusion type image cipher with a chaotic orbit perturbing mechanism is proposed. In the permutation stage, pixels in the plain image are shuffled with a pixel-swapping mechanism, and the pseudorandom locations are generated by chaotic logistic map iteration. Furthermore, a plain pixel related chaotic orbit perturbing mechanism is introduced. As a result, a tiny change in plain image will be spread out during the confusion process, and hence an effective diffusion effect is introduced. By using a reverse direction diffusion method, the introduced diffusion effect will be further diffused to the whole cipher image within one overall encryption round. Simulation results and extensive cryptanalysis justify that the proposed scheme has a satisfactory security with a low computational complexity, which renders it a good candidate for real-time secure image storage and distribution applications.

© 2013 Optical Society of America

## 1. Introduction

With the dramatic development of communication technology, more and more multimedia applications have been used in all aspects of society due to their easy-understanding and attractive presentations characteristics. Consequently, secure transmission and distribution of multimedia contents have become one of the most critical issues. However, traditional block ciphers such as Triple-DES and AES are found unfit for multimedia information characterized with some intrinsic features such as high pixel correlation and redundancy [1]. Since 1990s, many researchers have noticed that the fundamental features of chaotic systems such as ergodicity, mixing property, sensitivity to initial conditions/system parameters, etc. can be considered analogous to some ideal cryptographic properties for image encryption.

In 1998, permutation-diffusion architecture for image encryption had been firstly proposed by Fridrich [2], as shown in Fig. 1.Under this structure, the plain image is firstly permutated by a two-dimensional area-preserving chaotic map, such as cat map, baker map and standard map, so as to erase the high correlation between adjacent pixels. Considering the diffusion stage, pixel values are modified sequentially using pseudorandom key stream produced by a certain one-dimensional chaotic map. This architecture forms the basis of a number of chaos-based image cryptosystem proposed subsequently [3–23]. In [3], Lian et al. employed a modified standard map in the confusion procedure to achieve large key space in confusion stage, while a logistic map is adopted for diffusion. The parameters of these two chaotic maps are determined by a key stream generated in each round. This algorithm is improved in [4], Wong et al. introduce an ‘add-and-shift’ operation that can produce certain diffusion effect in the permutation procedure, and the purpose is to reduce the workload of the time-consuming diffusion procedure. In [5], Xiang et al. proposed a selective gray-level image encryption scheme, in which only 50% of the whole image data is encrypted, and therefore the encryption time is reduced. In [6], Wang et al. proposed a chaos-based image encryption algorithm with variable control parameters with the purpose of resisting known/chosen plaintext attacks. In [7], a lightweight table lookup and swapping technique was proposed to address the efficiency problem encountered by substitution-diffusion type chaos-based image cryptosystems. In [8], Fu et al. proposed an improved diffusion strategy named bidirectional diffusion and introduce a plain-text orbit turbulence mechanism into the diffusion. By using this strategy, the spreading process can be significantly accelerated and hence the same level of security can be achieved with fewer overall encryption rounds. In [9, 10], the 2-D chaotic cat map and baker map are generalized to 3-D for designing a real-time secure symmetric encryption scheme. The two approaches employ the 3-D map to shuffle the positions of image pixels and use another chaotic map to confuse the relationship between the cipher-image and plain-image. In order to achieve larger key space and overcome the weak security in one-dimensional chaotic system, hyper chaotic systems were employed for image encryption in [11–13], multi chaotic systems or coupled nonlinear chaotic map were used in [14–18], while in [19, 20], spatial chaos maps are employed. In [21], Tong proposed an illuminating bilateral-diffusion image encryption scheme based on dynamical compound chaotic function and LFSR, which can produce more avalanche effect and more large key space. In [22–24], researchers improved the permutation procedure from the pixel level to bit level. As a result, permutations at bit level not only change the position of a pixel but also alter its value.

As discussed above, most of the existing works focus on improvement of permutation or diffusion strategies independently, without consideration of cooperation between the two procedures. The confusion and diffusion performance completely depend on the permutation and the diffusion procedure themselves, respectively. The improvements on permutation cannot been introduced to the diffusion stage to further impose its effect and catalyze the spreading performance. Therefore, 3-4 overall rounds are generally required to achieve the satisfactory level of security. Besides, the key streams used in confusion and diffusion processes are solely determined by the secret key. The same key streams may be used to encrypt different plain images if the secret key remains unchanged. Therefore, opponents may crack the key stream by known plain-text or chosen plain-text attacks, i.e., by encrypting some special plain-image (plain-image with identical pixel values) and then comparing them with the corresponding cipher-image [25–27].

In this regard, an improved permutation-diffusion type image cryptosystem with a chaotic orbit perturbing mechanism is presented in this paper. The proposed image cryptosystem can significantly improve the efficiency of the permutation-diffusion type image cipher without downgrading the security by employing innovations in three aspects. (1) Orbit perturbing mechanism is further developed in the present paper. Different from Fu’s algorithm in [8], orbit parameters of the chaotic map will be perturbed continuously by the previous processed pixel value both in permutation and diffusion procedures. Therefore, any slight change in a plain image can be introduced to the chaotic map iteration and then result in avalanche effect in the key stream generation. Even using the same secret key, different key stream elements will be generated when ciphering different plain images and bring about totally different cipher images in both confusion and diffusion stages. (2) Pixel-swapping based confusion approach is proposed as a replacement of the traditional permutation techniques. In this confusion strategy, each pixel will be swapped with another one located after it, whose position is determined by an orbit perturbing chaotic map. Therefore, the difference in the plain images will affect the subsequent swapping process by exerting its effect in key stream generation, and thus bring about different confused images. (3) Diffusion is implemented in reverse direction (from the lower-right corner to the upper-left corner) in our cryptosystem, and the chaotic perturbing mechanism is also applied. In coordination with pixel-swapping based confusion strategy, the diffusion effect produced in the confusion stage can be introduced to the diffusion module and will be further diffused to the whole cipher image within one overall encryption round. The efficiency of the permutation-diffusion type image cryptosystem is thus remarkably improved. Experiment results demonstrate that the proposed encryption scheme has a high level of security and fast encryption speed for practical secure image applications.

The remaining of this paper is organized as follows. The proposed cryptosystem based on orbit perturbing chaotic map, pixel-swapping based confusion and reverse direction diffusion will be described in detail in Section 2. Simulation results, the effectiveness and efficiency of the proposed scheme are reported in Section 3. Detailed security analyses of the cryptosystem are carried out in Section 4. Finally, conclusions are drawn in the last section.

## 2. The proposed image cryptosystem

#### 2.1 Plain pixel related chaotic orbit perturbing

### 2.1.1 The orbit perturbing mechanism

Traditionally, the control parameters of employed chaotic maps are fixed in permutation and diffusion procedures, and hence the same key stream will be produced when encrypting different plaintexts. The opponents can crack the cryptosystem by using known plain-text and chosen plain-text attacks. To further enhance the security, the key stream elements used for different plain texts should better be distinct. In this regard, plain pixel related chaotic orbit perturbing mechanism is proposed, in which orbit parameters of the chaotic map will be perturbed continuously by the previous processed pixel value throughout the encryption round.

Chaotic logistic map is applied in our image cryptosystem, as defined by

where*μ*and

*x*are the parameter and state value, respectively. If one chooses

_{n}*μ*∈[3.57, 4], the system is chaotic. The initial value

*x*and

_{0}*μ*can be combined as the confusion key. In our scheme, the parameter

*μ*will be perturbed continuously by the previous processed (permutated or diffused) plain pixel, according to:where

*L*is the grey value of the previous processed pixel, and △ is the basic perturbation unit. According to the IEEE floating-point standard [28], the computational precision of the 64-bit double-precision number is about 10

^{−15}, so we adapt this number as the basic perturbation step. The purpose for adapting “±” is to prevent the orbit

*μ*from running out of the chaotic region. We prefer the orbit value increasing progressively during the encryption process, and that means, if

*μ*<4, the orbit perturbing is implemented according to:otherwise the orbit perturbing formula will change toIf

*μ*is decreased to less than 3.57, the perturbing operation will go back to Eq. (3).

### 2.1.2 Statistical analysis of chaotic map with orbit perturbing mechanism

Pseudorandom numbers used for cryptographic applications have to meet much stronger requirements than for other applications. It is crucial that the key stream should be as long as the message, unpredictable, and never reused, thus preventing two different messages encrypted with the same portion of the key stream being intercepted or generated by an attacker [29]. In this section, two sets of statistical tests are implemented to determine whether or not the key streams generated by the proposed chaotic orbit perturbing mechanism are suitable for cryptographic usage. The first one is the National Institute of Standards and Technology (NIST) test suite [30], whereas the other one is the autocorrelation and cross-correlation measurements.

### (1) NIST Test

The NIST Test Suite is a statistical package consisting of 16 tests that were developed to test the randomness of (arbitrarily long) binary sequences produce by either hardware or software based random or pseudorandom number generators. For each statistical test, a set of *P*-*values* (corresponding to the set of sequences) is produced. For a fixed significance level, a certain percentage of *P*-*values* are expected to indicate failure. For example, if the significance level is chosen to be 0.01 (i.e., *α* = 0.01), then about 1% of the sequences are expected to fail. A sequence passes a statistical test whenever the P-value ≥*α* and fails otherwise. For each statistical test, the proportion of sequences that pass is computed and analyzed accordingly. Given the empirical results for a particular statistical test, compute the proportion of sequences that pass. For example, if 1000 binary sequences were tested (samples: *m* = 1000), *α* = 0.01 (the significance level), and 996 binary sequences had *P*-*values* ≥0.01, then the proportion is 996/1000 = 0.9960. The range of acceptable proportions is defined as,

*m*= 1000 and significance

*α*= 0.01, so the confidence interval is

In our simulation, 1000 binary streams are produced by the proposed key stream generation
strategy and the conventional method, respectively, using 1000 pairs of randomly selected
control parameters (*x _{0}*,

*μ*). The length of each bit stream is 100,000. The test results are listed in Table 1.

It is obvious that, for each statistical test item, the proportion of the binary sequences produced by the proposed orbit perturbing mechanism falls inside the confidence interval in Eq. (6) and is more satisfactory than that of the conventional scheme.

### (2) Autocorrelation and cross-correlation

Autocorrelation and cross-correlation are two important measurements of randomness for binary sequences. For a truly random series, the autocorrelation and cross-correlation are *δ* function and zero, respectively. The autocorrelation coefficients at lag *k* for a series *x*_{0}, *x*_{1}, …,*x _{N}*

_{-1}is described as:

The cross-correlation coefficients at lag *k* for series *x*(*i*) and *y*(*i*) is given by:

*x*(

*i*) and

*y*(

*i*), respectively.

The autocorrelation of the key stream elements generated by the proposed key stream generation
mechanism with the parameter (*x _{0}* = 0.3,

*μ*= 3.997) is shown in Fig. 2(a).Its cross-correlation with another key stream sequences generated with the parameter (

*x*= 0.3,

_{0}*μ*= 3.99700000000001) is shown in Fig. 2(b). It is obvious that the autocorrelation and cross-correlation performance of the key stream elements generated by orbit perturbing logistic map is very close to that of a truly random source, thus the security of the key stream cipher are well guaranteed.

From the two tests, we can draw the conclusion that key stream generator based on orbit perturbing mechanism possesses excellent randomness property, and thus be suitable for cryptographic applications.

#### 2.2 Image permutation using pixel swapping strategy

### 2.2.1 Traditional permutation techniques

In traditional image ciphers, image pixels are generally shuffled by a two-dimensional area-preserving chaotic map, without any change in their values in permutation stage. Three types of chaotic maps: cat map, baker map and the standard map are usually adopted. Their discretized versions are given by Eqs. (9)–(11), respectively.

*p*,

*q*,

*K*and

*n*(

_{j}*j*= 1, 2, …,

*t*-1) are control parameters for permutation,

*N*is the image width or height of the square image, (

*x*,

*y*) and (

*x*

_{i}_{+1},

*y*

_{i}_{+1}) is the original and the permutated pixel position of the image, respectively. All pixels are scanned sequentially from the upper-left corner to the lower-right corner to produce the confused image.

As can be seen from Eqs. (9)–(11), the confused image totally depends on the control parameters of the selected chaotic map. Therefore, difference between plain images will be moved to a new position rather than spread out. So the duty of spreading the difference entirely relies on the diffusion procedure, which is the highest cost of the cryptosystem.

### 2.2.2 Pixel-swapping based permutation strategy

In this section, pixel swapping confusion approach is proposed, which can effectively diffuse a slight change in the plain image. In the proposed image confusion mechanism, the plain image and the confused image with the size of *M* × *N* are viewed as one-dimensional arrays, and thereby pixels are represented by *P* = {*P*(0), *P*(1), …, *P*(*M* × *N*-1) and *C* = {*C*(0), *C*(1), …, *C*(*M* × *N*-1) from the upper-left corner to the lower-right corner, respectively. Each pixel in the plain image will be swapped with another pixel located after it, and the pseudorandom position is determined by a chaotic logistic map whose orbit is perturbed according to the plain pixel. Suppose *X* is the current pixel position, *X*′ is the position of the corresponding swapping pixel, *X*′ is calculated according to

*k*(

_{c}*X*) is the current confusion key stream element. In our image cryptosystem,

*k*(

_{c}*X*) is produced according to:where

*floor*(

*x*) returns the value nearest integers less than or equal to

*x*, mod(

*x*,

*y*) returns the remainder after division,

*x*(

*n*) is the current state of the orbit-perturbing chaotic logistic map. Then pixel swapping operation will be implemented by the following steps:

Then *P*(*X*’) is swapped to location *X* and it will become *C*(*X*). As all pixel swapping operations are performed forward, and hence *C*(*X*) cannot be changed again, so *C*(*X*) will be the resultant pixel value of confused image. However, after *P*(*X*) is swapped to *X*’ as the new value of *P*(*X*’), it may be swapped again with another pixel in the subsequent swapping operations. Therefore, *P*(*X*) cannot be viewed as *C*(*X*’) and *C*(*X*’) will be produced when pixel swapping operation is implemented to location *X*’. Pixel swapping operation will be performed from the first to the last pixel and the confused image is produced finally.

Obviously, if there is a tiny change in the plain image, the modification will be transferred to the chaotic map iteration, and hence result in a different key stream *k _{c}*(

*X*). Then, the subsequent pixel swapping process will be wholly influenced according to Eqs. (12)–(15). Finally, the tiny change will result in totally different confused image.

### 2.2.3 Simulation results of pixel swapping strategy

Besides the traditional measurements of confusion effect such as correlation coefficients and operating time, two criteria, *NPCR* (number of pixels change rate) and *UACI* (unified average changing intensity), are utilized to measure the influence of one pixel change in plain image on the entire cipher image. Supposed that *P*_{1}(*i*, *j*) and *P*_{2}(*i*, *j*) be the (*i*, *j*)th pixel of two images *P*_{1} and *P*_{2}, respectively, *NPCR* is defined as

*W*and

*H*are the width and length of

*P*

_{1}and

*P*

_{2}and

*D*(

*i*,

*j*) is

*UACI* is defined as

Table 2 lists the experimental results
of proposed pixel-swapping approach and traditional permutation strategies mentioned in
section 2.2.1, using the standard 256 grayscale Lena image of size 512 × 512. The
consumption time is measured by running the standard C program in our computing platform, a
personal computer with an Intel(R) Core(TM) i5 CPU (2.27GHZ), 2GB memory and 320GB hard-disk
capacity. The permutation key is (*x _{0}* = 0.3,

*μ*= 3.997).

(1) Speed performance. One can see from Table 2, correlation coefficients for horizontal, vertical, and diagonal adjacent pixels after 1 round pixel swapping are better than that of applying 3 rounds cat map, baker map and standard map, whereas the corresponding confusion time are 9.2ms, 12ms, 120ms and 200ms respectively. The confusion efficiency is much more satisfactory.

(2) Difference spreading effect. To illustrate this property, different types of permutation mechanisms are implemented to a pair of test images; one is the standard Lena image, whereas another is the slightly modified version obtained by changing the lower-right pixel value from 108 to 109. As shown in Table 2, 68.43% pixels of the confused images are different after 1 round pixel swapping confusion. In contrast, difference between plain images will move to a new position rather than diffusing when applying the traditional permutation techniques. The difference ratio between the confused images after any rounds permutation will remain at 3.8147e-006, the outcome of 1/ (512*512). Analogously, the *UACI* performance is 14.82% after 1 confusion process, whereas the value is 1.4960e-008 for conventional permutation strategy, the outcome of 1/ (512*512*255).

Moreover, to clearly demonstrate the spreading effect of proposed confusion strategy, the confused images produced by the proposed permutation strategy and 3 rounds cat map are shown in Fig. 3. Figures 3(a) and 3(b) are the standard Lena and its modified version, respectively. Figures 3(c) and 3(d) are the confused images after 1 round pixel swapping confusion, whereas Figs. 3(f) and 3(g) are the permutated images applying 3 rounds cat map, respectively. Figure 3(e) is the differential image between Figs. 3(c) and 3(d). It is obvious that one tiny difference in the plain image has lead to large mounts of different pixels in the confused image, which implies that an impressive spreading effect can be obtained by the proposed confusion strategy. On the other hand, as there is no difference spreading effect when using cat map, there is only one different pixel between Figs. 3(f) and 3(g), and the differential image is shown in Fig. 3(h). Here to notice that pixel values of the differential images are the absolute difference between corresponding pixels of the comparable images.

In order to further testify the *NPCR* and *UACI* effect of the proposed pixel swapping confusion strategy, five modified versions of lena image produced by changing the last bit of the upper left corner pixel and the other four randomly selected pixels are then permutated. The *NPCR* and *UACI* between the resultant images to the confused lena image are 94.03% and 20.32%, 37.83% and 8.19%, 43.78% and 9.49%, 79.06% and 17.12%, 38.62% and 8.40%, respectively. An average *NPCR* of 58.72% and *UACI* of 12.70% can be obtained. As the difference in the confused image will be firstly transferred to the logistic map iteration in the reverse direction diffusion procedure, even one tiny difference will result in totally different key stream for diffusion, and hence the diffusion effect can be guaranteed. This viewpoint will be described in detail in Section 2.3.

#### 2.3 Image diffusion in reverse direction

In the diffusion stage, pixel values are modified sequentially to confuse the relationship between cipher image and the plain image. The cipher-pixel value is calculated according to

where*p*(

*n*),

*k*(

*n*),

*c*(

*n*),

*c*(

*n*-1) are the current operated pixel, key stream element, output cipher-pixel, the previous cipher-pixel, respectively. To cipher the first pixel,

*c*(−1) has to be set as a seed. In the proposed scheme, chaotic logistic map with another combination of secret key (

*x*,

_{0}^{′}*μ′*) is used as generation of the key stream for diffusion, and the orbit-perturbing mechanism is also adopted in this stage. The key stream elements

*k*(

*n*) is calculated bywhere

*x*(

*n*) is the current state of the chaotic map and

*Grey*is the grey-level of the plain image.

An efficient diffusion procedure should spread out the difference as early as possible so as to get better diffusion effect. In the present paper, image diffusion operation is performed in reverse direction (from the lower-right corner to the upper-left corner). The purpose is to introduce the difference produced in the confusion stage at the beginning of the diffusion procedure, and spread out it to the whole cipher image in the first encryption round.

The difference of the spreading effect between the diffusion process in normal direction and
reverse direction is depicted in Figs. 4 and 5.Assuming that there is only one different pixel between the two plain images at the
lower-right corner, then the difference will spread to a larger scale from
(*x’*, *y’*) to the last pixel after the pixel
swapping confusion using orbit perturbing chaotic map. As shown in Fig. 4, diffusion implemented in normal direction will spread the difference
from (*x’*, *y’*) to all the subsequent pixels
again, but cannot scatter the difference to a wider range. In contrast, when diffusion is
implemented in reverse direction, the difference can be introduced at the beginning of the
diffusion module. By affecting the key stream generation through the orbit perturbing
mechanism, the difference can be spread out to the whole cipher image in the first encryption
round, as illustrated by Fig. 5. Therefore, collaborated
with pixel-swapping based confusion approach and orbit perturbing mechanism, diffusion
operation in reverse direction can remarkably accelerate the spreading process, and hence the
required encryption rounds can be reduced while keeping the security level.

#### 2.4 The proposed image cryptosystem

The overall architecture of the proposed encryption cryptosystem is shown in Fig. 6.

The operation procedures of the proposed cryptosystem are described as follows:

**Step 1**: Perform one round pixel swapping.

- (1) Iterate Eq. (1) with (
*x*,_{0}*μ*) for*N*_{0}times continuously to avoid the harmful effect of transitional procedure, where*N*_{0}is a constant. - (2) Modify the orbit of the logistic map by the previous confused pixel according to orbit perturbing mechanism. For the first perturbing operation, initial value
*c*(−1) has to be set as a seed. - (3) Iterate the orbit-perturbed chaotic map once, and get the key stream elements for current confusion process according to Eq. (13).
- (5) Go back to (2) until all pixels are confused.

**Step 2**: Perform one round diffusion in reverse direction.

- (1) Iterate Eq. (1) with (
*x*,_{0}*μ*) for*N*_{0}times continuously to avoid the harmful effect of transitional procedure, where*N*_{0}is a constant as used in Step 1. - (2) Modify the orbit of the logistic map according to the proposed orbit perturbing mechanism. For the first perturbing operation, initial value
*c*(−1) set in Step 1 is employed as a seed. - (3) Iterate the chaotic map once, and get the key stream elements for current diffusion according to Eq. (20).
- (4) Calculate the ciphered pixel value according to Eq. (19).
- (5) Go back to (2) until all pixels are diffused.

**Step 3**: Repeat the above steps *n* times to satisfy the security requirements.

## 3. Simulation Results

Three kinds of tests have been carried out with different plain images and numbers of encryption rounds to demonstrate the effectiveness and efficiency of the proposed image cryptosystem. The encryption time is measured by running the standard C program on our simulation platform as described before and the compile environment is Code Blocks 10.05.

(1) Lena image and its five modified versions are encrypted by the proposed image cryptosystem to test the spreading effect of the different pixel changes in the same plain image on the entire cipher image. These modified versions are produced by changing the last bit of the corresponding randomly selected pixels in the original Lena image, and are represented by lena_d0, lena_d1… lena_d4, respectively. The simulation results are listed in Table 3.

(2) The proposed image encryption is implemented to five standard test images and their modified version obtained by altering the last bit of the pixel at the lower right corner. The purpose is to analyze the spreading effect of one pixel change in the same position of different plain images on the entire cipher image. The results are listed in Table 4.

From the above two simulation results, one can see that to achieve a satisfactory security level such as *NPCR* > 99.60% and *UACI* > 33.4%, only one overall round is required no matter the testing images are used. It is fully vindicated that our scheme has steady secure performance in only one encryption round.

(3) The proposed image encryption is used to cipher Lena image and its modified version obtained by changing the lower-right pixel value from 108 to 109, in comparison with Fu’s bidirectional diffusion algorithm [8] and Zhang’s image cipher in [24]. The experiment results are listed in Table 5.

As can be seen from Table 5, only one overall round is required to obtain a satisfactory security level when using the proposed scheme or Fu’s algorithm, whereas the consumption time is 16.2ms and 72ms, respectively. On the other hand, at least two rounds encryption have to be performed when using Zhang’s encryption scheme, and the corresponding encryption time is 68ms. Compared with Fu’s and Zhang’s algorithm, approximately three-quarter of the consumption time can be reduced. This is because the difference between plain images can remarkably spread out in the confusion phase, and the spreading effect can be transferred to the diffusion module and catalyzes the spreading performance of the diffusion stage in the first encryption round. However, two rounds sub-diffusion operations are required when using Fu’s and Zhang’s encryption algorithms and hence more time is needed due to the time-consuming property of the diffusion process. Besides, since three sine operations are needed for one pixel encryption and hence the consumption time of Fu’s algorithm is much longer due to the calculation complexity. With such a encryption speed, the proposed image cryptosystem can be used in real-time secure applications over public networks.

## 4. Security analysis

#### 4.1 Key sensitivity test

A good cryptosystem should be sensitive to the secure key which guarantees the security against the brute-force attack to some extent. The key sensitivity of a cryptosystem can be observed in two aspects: (i) completely different cipher images should be produced when slightly different keys are used to encrypt the same plain image; (ii) the cipher image cannot be correctly decrypted even though there is only tiny difference between the encryption and decryption keys.

To evaluate the key sensitivity of the first case, the encryption is carried out at first to
obtain a cipher image with a randomly chosen key. Then a slight change 10^{−15}
is introduced to one of the parameters with all others remain unchanged, and repeat the
encryption process. The corresponding cipher images and differential images are shown in Fig. 7.The differences between the corresponding cipher images are computed and given in Table 6.The results obviously show that the cipher images exhibit no similarity one
another and there is no significant correlation that could be observed from the differential
images.

In addition, decryption using keys with slight change 3 × 10^{−16} are also
performed in order to evaluate the key sensitivity of the second case. The deciphering images
are shown in Fig. 8.The differences between wrong deciphering images to the plain image Fig. 8(b) are 99.60%, 99.62%, 99.61% and 99.60%, respectively.

The above two tests indicate that the proposed image encryption scheme is highly sensitive to the key. Even an almost perfect guess of the key does not reveal any valuable information about the cryptosystem and hence differential attack would become inefficient and practically useless.

#### 4.2 Key space analysis

The key space is the total number of different keys that can be used in a cryptosystem. For an effective cryptosystem, key space should be large enough to make brute-force attack infeasible. In the proposed scheme, the keys consist of the initial values (*x _{0}*,

*x*), and the control parameters (

_{0}′*μ*,

*μ′*), where (

*x*,

_{0}*x*)∈(0,1) and (

_{0}′*μ*,

*μ′*)∈[3.57, 4]. According to the IEEE floating-point standard [28], the computational precision of the 64-bit double-precision number is about 10

^{−15}. Due to the fact that (

*x*,

_{0}*x*) can be any one among those 10

_{0}′^{15}possible values and (

*μ*,

*μ′*) can be any one of (4−3.57) × 10

^{15}possible values, the total key space of the proposed scheme is

#### 4.3 Statistical analysis

### 4.3.1 Histogram analysis

Histogram of an image shows the distribution of the pixel values by plotting the number of pixels at each grayscale level. The histogram of an effectively ciphered image should be uniform and is significantly different from that of the plain image so as to prevent the attacker from obtaining any useful statistical information.

The histograms of the plain image and its cipher image produced by the proposed cryptosystem are shown in Figs. 9(b) and 9(d), respectively. It is obvious that the histograms of the encrypted image are uniformly distributed and quite different from that of the plain image, which implies that the redundancy of the plain image is successfully hidden after the encryption and consequently does not provide any clue to apply statistical attacks.

### 4.3.2 Correlation of adjacent pixels

For an ordinary image with meaningful visual content, each pixel is highly correlated with its
adjacent pixels in horizontal, vertical and diagonal direction. An effective encryption should
produce a cipher image with sufficiently low correlation between the adjacent pixels. To test
this, 3000 pairs of adjacent pixels of the plain image and the cipher image are randomly
selected from the horizontal, vertical and diagonal direction, respectively. The correlation
coefficient *r _{xy}* of each pair are calculated according to the
following three formulas:

*x*and

_{i}*y*are gray-level values of the

_{i}*ith*pair of the selected adjacent pixels, and

*N*represents the total number of the samples. The correlation coefficients of adjacent pixels in the plain and its cipher image are listed in Table 7. Moreover, the correlation of two horizontally adjacent pixels in the plain and the encrypted image are shown in Figs. 10(a) and 10(b), respectively. Both the calculated correlation coefficients and the figures can substantiate that the strong correlation among neighboring pixels of a plain image can be decorrelated by using the proposed cryptosystem effectively.

### 4.3.3 Information entropy

Entropy is a significant property that reflects the randomness and the unpredictability of an information source, which was firstly proposed by Shannon in 1949 [31]. The entropy *H*(*s*) of a message source *s* is defined by the following formula:

*s*is the source,

*N*is the number of bits to represent the symbol

*s*, and

_{i}*P*(

*s*) is the probability of the symbol

_{i}*s*. For a truly random source consists of 2

_{i}*symbols, the entropy is*

^{N}*N*. Therefore, for a secure cryptosystem, the entropy of the cipher image with 256 gray level should ideally be 8.

Five 256 grayscale test images with size 512 × 512 are encrypted and the information entropies are then calculated, as listed in Table 8.It is obvious that the entropies of the cipher images are very close to the theoretical value of 8, which means that information leakage in the encryption procedure is negligible and the proposed algorithm is secure against entropy analysis.

## 5. Conclusions

In this paper, an improved permutation-diffusion type image cryptosystem with a chaotic orbit perturbing mechanism is proposed to promote the efficiency of the most widely used permutation-diffusion type image cryptosystem. Compared with the conventional image cipher, key stream elements used in our encryption are generated by a plain pixel related orbit perturbing mechanism, with the purpose to introduce the different in plain image to the chaotic iteration and bring about avalanche effect to the encryption process. A novel pixel swapping confusion strategy is proposed as a replacement of the tradition permutation techniques, which can spread a tiny difference in the plain image to a larger scale in confused images. Besides, diffusion is implemented in reverse direction in conjunction with pixel swapping operation, so as to introduce the difference at the beginning of the diffusion module and spread to the whole cipher image in the first encryption round. Simulation results and numerical analysis have shown that the *NPCR*, *UACI*, and information entropy of the proposed scheme are better than those of the conventional image cryptosystems. All these results justify the superior security and computational efficiency of our encryption.

## Acknowledgments

This work was supported by the National Natural Science Foundation of China (Nos. 61271350, 61374178, 61202085), the Fundamental Research Funds for the Central Universities (No. N120504005), the Liaoning Provincial Natural Science Foundation of China(No. 201202076), the Specialized Research Fund for the Doctoral Program of Higher Education(No. 20120042120010) and the Ph.D. Start-up Foundation of Liaoning Province, China (Nos. 20111001, 20121001, 20121002).

## References and links

**1. **S. Li, G. Chen, and X. Zheng, “Chaos-based encryption for digital images and videos,” in *Multimedia Security Handbook* (CRC Press, 2005), Chap. 4.

**2. **J. Fridrich, “Symmetric ciphers based on two-dimensional chaotic maps,” Int. J. Bifurcat. Chaos **8**(6), 1259–1284 (1998). [CrossRef]

**3. **S. G. Lian, J. S. Sun, and Z. Q. Wang, “A block cipher based on a suitable use of chaotic standard map,” Chaos Solitons Fractals **26**(1), 117–129 (2005). [CrossRef]

**4. **K. W. Wong, B. S. H. Kwok, and W. S. Law, “A fast image encryption scheme based on chaotic standard map,” Phys. Lett. A **372**(15), 2645–2652 (2008). [CrossRef]

**5. **T. Xiang, K. W. Wong, and X. F. Liao, “Selective image encryption using a spatiotemporal chaotic system,” Chaos **17**(2), 023115 (2007). [CrossRef] [PubMed]

**6. **Y. Wang, K. W. Wong, X. F. Liao, T. Xiang, and G. R. Chen, “A chaos-based image encryption algorithm with variable control parameters,” Chaos Solitons Fractals **41**(4), 1773–1783 (2009). [CrossRef]

**7. **K. W. Wong, B. S. H. Kwok, and C. H. Yuen, “An efficient diffusion approach for chaos-based image encryption,” Chaos Solitons Fractals **41**(5), 2652–2663 (2009). [CrossRef]

**8. **C. Fu, J. J. Chen, H. Zou, W. H. Meng, Y. F. Zhan, and Y. W. Yu, “A chaos-based digital image encryption scheme with an improved diffusion strategy,” Opt. Express **20**(3), 2363–2378 (2012). [CrossRef] [PubMed]

**9. **Y. B. Mao, G. R. Chen, and S. G. Lian, “A novel fast image encryption scheme based on 3D chaotic baker maps,” Int. J. Bifurcat. Chaos **14**(10), 3613–3624 (2004). [CrossRef]

**10. **G. R. Chen, Y. B. Mao, and C. K. Chui, “A symmetric image encryption scheme based on 3D chaotic cat maps,” Chaos Solitons Fractals **21**(3), 749–761 (2004). [CrossRef]

**11. **F. Y. Sun, S. T. Liu, and Z. W. Lu, “Image encryption using high-dimension chaotic system,” Chin. Phys. **16**(12), 3616–3623 (2007). [CrossRef]

**12. **C. X. Zhu, “A novel image encryption scheme based on improved hyper chaotic sequences,” Opt. Commun. **285**(1), 29–37 (2012). [CrossRef]

**13. **T. G. Gao and Z. Q. Chen, “A new image encryption algorithm based on hyper-chaos,” Phys. Lett. A **372**(4), 394–400 (2008). [CrossRef]

**14. **S. Behnia, A. Akhshani, H. Mahmodi, and A. Akhavan, “A novel algorithm for image encryption based on mixture of chaotic maps,” Chaos Solitons Fractals **35**(2), 408–419 (2008). [CrossRef]

**15. **A. N. Pisarchik and M. Zanin, “Image encryption with chaotically coupled chaotic maps,” Physica D **237**(20), 2638–2648 (2008). [CrossRef]

**16. **C. K. Huang and H. H. Nien, “Multi chaotic systems based pixel shuffle for image encryption,” Opt. Commun. **282**(11), 2123–2127 (2009). [CrossRef]

**17. **S. Mazloom and A. M. Eftekhari-Moghadam, “Color image encryption based on Coupled Nonlinear Chaotic Map,” Chaos Solitons Fractals **42**(3), 1745–1754 (2009). [CrossRef]

**18. **R. Rhouma, S. Meherzi, and S. Belghith, “OCML-based colour image encryption,” Chaos Solitons Fractals **40**(1), 309–318 (2009). [CrossRef]

**19. **F. Y. Sun, S. T. Liu, Z. Q. Li, and Z. W. Lu, “A novel image encryption scheme based on spatial chaos map,” Chaos Solitons Fractals **38**(3), 631–640 (2008). [CrossRef]

**20. **S. T. Liu and F. Y. Sun, “Spatial chaos-based image encryption design,” Sci. China, Ser. G **52**(2), 177–183 (2009). [CrossRef]

**21. **X. J. Tong, “The novel bilateral - diffusion image encryption algorithm with dynamical compound chaos,” J. Syst. Software **85**(4), 850–858 (2012). [CrossRef]

**22. **C. Fu, B. B. Lin, Y. S. Miao, X. Liu, and J. J. Chen, “A novel chaos-based bit-level permutation scheme for digital image encryption,” Opt. Commun. **284**(23), 5415–5423 (2011). [CrossRef]

**23. **Z. L. Zhu, W. Zhang, K. W. Wong, and H. Yu, “A chaos-based symmetric image encryption scheme using a bit-level permutation,” Inf. Sci. **181**(6), 1171–1186 (2011). [CrossRef]

**24. **W. Zhang, K. W. Wong, H. Yu, and Z. L. Zhu, “An image encryption scheme using lightweight bit-level confusion and cascade cross circular diffusion,” Opt. Commun. **285**(9), 2343–2354 (2012). [CrossRef]

**25. **Y. Wang, K. W. Wong, X. F. Liao, T. Xiang, and G. R. Chen, “A chaos-based image encryption algorithm with variable control parameters,” Chaos Solitons Fractals **41**(4), 1773–1783 (2009). [CrossRef]

**26. **Y. Wang, X. F. Liao, T. Xiang, K.-W. Wong, and D. Yang, “Cryptanalysis and improvement on a block cryptosystem based on iteration a chaotic map,” Phys. Lett. A **363**(4), 277–281 (2007). [CrossRef]

**27. **J. Wei, X. F. Liao, K. W. Wong, and T. Zhou, “Cryptanalysis of a cryptosystem using multiple one-dimensional chaotic maps,” Commun. Nonlinear Sci. Numer. Simul. **12**(5), 814–822 (2007). [CrossRef]

**28. **IEEE Computer Society, “IEEE standard for binary floating-point arithmetic,” ANSI/IEEE std. 754–1985 (1985).

**29. **G. Alvarez and S. Li, “Some basic cryptographic requirements for chaos-based cryptosystems,” Int. J. Bifurcat. Chaos **16**(8), 2129–2151 (2006). [CrossRef]

**30. **A statistical test suite for random and pseudorandom number generators for cryptographic applications, Special Publication 800–22 Rev 1a, 2010, http://www.nist.gov.

**31. **C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J. **28**(4), 656–715 (1949). [CrossRef]