Differential cryptanalysis of image cipher using block-based scrambling and image filtering
Feng Yu, Xinhui Gong, Hanpeng Li, Xiaohong Zhao, Shihong Wang∗
School of Sciences, Beijing University of Posts and Telecommunications, Beijing 100876, China
Abstract
Recently, an image encryption algorithm using block-based scrambling and image filtering has been proposed by Hua et al. In this paper, we analyze the security problems of the encryption algorithm in detail and break the encryption by a codebook attack. We construct an linear relation between plain-images and cipher-images by differential cryptanalysis. With this linear relation, we build a codebook containing (M × N + 1) pairs of plain- images and cipher-images, where M × N is the size of images. The proposed codebook attack indicates that the encryption scheme is insecure. To resist the codebook attack, an improved algorithm is proposed. Experimental results show that the improved algorithm not only inherits the merits of the original scheme, but also has stronger security against the differential cryptanalysis.
Keywords: Differential cryptanalysis, Codebook attack, Image filtering, Image encryption, Block-based scrambling
2018 MSC: 00-01, 99-00
1. Introduction
With the rapid development of computer networks and communication technology, protecting digital image transmission and storage in open network environment has become more and more important [6]. To cope with this problem, a number of image encryption algorithms have been proposed in recent years, especially chaos-based
5 algorithms [2, 1, 30, 17, 26, 20]. Chaotic dynamics is suitable for cryptography due to its properties, such as pseudo randomness, ergodicity, sensitivity to initial values and control parameters. Since Matthews [25] proposed a chaos- based cipher, chaos-based cryptography has developed into a new branch of cryptography. Since Fridrich [13] first applied permutation-diffusion structure in design of image encryption, image encryption has been developing these years [5, 4, 3, 21, 27]. Chaos-based image encryption schemes utilizing various approaches have been proposed,
10 such as improved diffusion [31], variant keystream generation [8], bit-level permutation [9, 22] and plaintext-related permutation [12, 10].
However, some of the proposed schemes have been shown to be insecure. Li et al. point out that any permutation- only image encryption methods are unable to resist known/chosen plaintext attacks and only O(logL(MN)) known/chosen plain-images can break the ciphers [23], where M × N is the size of images and L the number
∗Corresponding author
Email address: shwang@bupt.edu.cn (Shihong Wang)
Preprint submitted to Journal of LATEX Templates January 1, 2019
arXiv:1812.11693v1 [cs.CR] 31 Dec 2018
15 of different pixel values. Li et al. break a diffusion-only image cipher with only one or two known plain-images [24]. Solak et al. analyze Fridrich’s encryption algorithm by a chosen-ciphertext attack [29], but the analysis method is useless while the algorithm has enough rounds of encryption. In Ref. [11], Chen et al. analyze a medical image encryption algorithm [14] by using differential cryptanalysis. 17 chosen plain-images can reveal equivalent permu- tation key for 1-round and 2-round encryption. They propose a novel analysis method called double differential
20 cryptanalysis comparison breaking multi-round encryption with 16N2 + 1 chosen plain-images, where N2 is the size of the images. Basing on differential cryptanalysis, in Ref. [7] Chen et al. propose a codebook attack under chosen-ciphertext conditions and totally break multi-round cryptosystem [33].
Recently, Hua et al. propose an image cipher using block-based scrambling and image filtering (IC-BSIF) [18], which is also permutation-diffusion type. It is well known that filtering is a common method in image processing and 25 selecting appropriate filtering can deblur images. In Ref. [18], IC-BSIF has been evaluated by all kinds of analysis methods. However, we find it insecure. We can construct a linear relation between plain-images and cipher-images
by differential cryptanalysis and break the cryptosystem by a codebook attack.
The rest of the paper is organized as follows. Section 2 briefly describes the original image encryption algorithm.
In Sect.3, we give some derivation of preparatory formulas. In Sect.4, we analyze IC-BSIF by using differential 30 cryptanalysis and construct a linear relation between plain-images and cipher-images. In Sect.5, based on the linear relation, we propose a codebook attack and simulation results verify our theoretical analysis. In Sect.6, we give an
improved approach to enhance the security and the last section summarizes the paper.
2. Description of IC-BSIF
The architecture of the original image encryption algorithm IC-BSIF is shown in Fig.1. In Fig.1, P and C are 35 plain-image and its cipher-image, respectively. The encryption process has four modules: block-based scrambling, image rotation, image normalization and image filtering; S(i), R(i), N(i) and C(i) are the output images of four implementation modules, respectively, where i is the ith round, i=1,2,3,4. Sub-key k(i) generates a scrambling box O(i) for block-based scrambling, a random matrix Q(i) for image normalization and a 3 × 3 matrix M (i) for image filtering. In this paper, a uppercase letter stands for an image or a matrix and a lowercase letter a pixel of the
40 image or an element of the matrix, for example, an plain-image P and a pixel value p(x, y) at the position (x, y). To better understand cryptanalysis in Section 3, we will introduce block-based scrambling, image rotation, image normalization and image filtering in detail, and how to generate O(i), Q(i) and M(i) refers to the original algorithm
[18].
Block-based scrambling. This is a block-based permutation process and is designed to weakness the strong
45 correlation between the neighboring pixels of plain-images. For an image of size M × N, the block size L can be calculated by
√√
L = min{⌊ M⌋,⌊ N⌋} (1)
The block-based scrambling is performed within range L2 × L2. The image of size L2 × L2 is divided into L2 blocks and each block is of the size L × L. All pixels in a block can be permutated by using a scrambling Latin box
2
50
Figure 1: The encryption process of IC-BSIF
O(i) of size L × L. In cryptanalysis, only permutation operation cannot resist differential cryptanalysis.
Image rotation. For a plain-image of size M × N , because the block-based scrambling only shuffles its pixel positions within range L2 × L2 randomly, the rest pixels still locate at the unchanged positions. To shuffle all the pixel position totally, the original algorithm takes image rotation by 90◦ clockwise after the block-based scrambling. Through four rounds encryption, the image is rotated by 360◦. In cryptanalysis, only rotation operation cannot
resist differential cryptanalysis.
Image normalization. The normalization operation to the rotated image R(i) using a random matrix Q(i) is
defined as
n(i)(x, y) = [r(i)(x, y) + q(i)(x, y)] mod F (2)
where F denotes the grayscale level of the image. F = 256 if the pixels of images are represented by 8 bits. In this paper, we take F = 256.
Image filtering. The image filtering can change the pixel values randomly and spread little change of the plain-image to the entire pixels of the output image to achieve the diffusion effect. A mask matrix W (i) of size 3 × 3 is used to filter the normalized image. As shown in Fig.2, the 2-dimensional (2D) filtering operation of n(i)(x,y) is defined as
c(i)(x, y) = [ w(i)(j1, j2)c(i)(x + j1 − 3, y + j2 − 3) + w(i)(3, 3)n(i)(x, y)] mod F (3) j1 ,j2 ∈{1,2,3}∩(j1 ,j2 )̸=(3,3)
where w(i)(3,3) = 1 and other elements of W(i) are produced by the sub-key k(i). The inverse operation of image filtering is written as
n(i)(x, y) = [c(i)(x, y) − w(i)(j1, j2)c(i)(x + j1 − 3, y + j2 − 3))] mod F. (4) j1 ,j2 ∈{1,2,3}∩(j1 ,j2 )̸=(3,3)
Here two points must be emphasized. (i) The upper and left adjacent pixels are introduced to diffuse and confuse the current pixel n(i)(x,y) in Fig.2. Therefore, the filtering operation begins from the upper and left pixels of an image while its inverse operation does from the lower and right pixels. (ii) For the border pixels of an image in the leftmost column and the uppermost row, filtering operations need two expanded columns and two expanded rows, respectively. Taking the rightmost and lowermost border pixels as the expanded border pixels in the leftmost column and uppermost row, this strategy of expanding border pixels not only masks all pixels, but also ensures the inverse filtering operations.
55
60
3
65
Figure 2: An example of filtering operation and its inverse operation. Omit all superscript symbols of Eqs. (3) and (4).
3. The preparatory work
Proposition 1. Define E(ai) = (ai +q) mod F , i = 0, 1, 2. A differential equality is constructed by the following expression E((a1 + a2 − a0) mod F) = (E(a1) + E(a2) − E(a0)) mod F.
70
Proof.
Proof.
4. Differential cryptanalysis
E((a1 +a2 −a0) mod F) =
= ((a1 +q)+(a2 +q)−(a0 +q)) mod F
= (E(a1) + E(a2) − E(a0)) mod F
nn
E((ai−(n−1)a0)modF) = i=1
(ai −(n−1)a0 +q) mod F i=1
n
((ai +q)−(n−1)(a0 +q)) mod F
i=1 n
( E(ai) − (n − 1)E(a0)) mod F i=1
= =
(a1 +a2 −a0 +q) mod F
Proposition 2. According to Propositon 1, a generally differential equality is constructed by the following expression E((ni=1 ai − (n − 1)a0) mod F) = (ni=1 E(ai) − (n − 1)E(a0)) mod F.
In this section, first we construct theoretically an linear relation between plain-images and cipher-images for the original algorithm by using differential cryptanalysis, then we give simulation results of gray images.
4.1. Differential cryptanalysis of one-round encryption algorithm
First considering one-round encryption, we take three plain-images Pi, i = 0, 1, 2. The four specific operations, block-based scrambling, image rotation, image normalization and image filtering, have been defined as
S(1) = Es(P(1)), R(1) = Er(S(1)), N(1) = En(R(1)), C(1) = Ef(N(1)),i = 0,1,2. (5) iiiiiiii
Block-based scrambling. Assume that the pixel at (x,y) is mapped to (x1,y1) through block-based scram- bling, we write this transformation by the following expression
Es(pi(x, y)) = s(1)(x1, y1), i = 0, 1, 2. (6) i
4
We construct an input differential and calculate their output differential expressed by the following forms
∆p(x, y) = [p1(x, y) ± p2(x, y)] mod F (7a)
∆s(1)(x ,y )=[s(1)(x ,y )±s(1)(x ,y )]modF (7b) 11111211
Taking the differential ∆p(x,y) as the input, due to the characteristic of permutation operation, we get the following equality:
Es(∆p(x, y)) = ∆s(1)(x1, y1) (8) Therefore, through block-based scrambling we construct the differential equality of two images expressed by
E((P ±P)modF)=(S(1)±S(1))modF (9) s1212
Image rotation. Same as block-based scrambling, given any images, the rotation operation cannot change the relative position of a fixed pixel of these images, thus we have the following equality:
E ((S(1) ± S(1)) mod F) = (R(1) ± R(1)) mod F (10) r1212
Combining Eqs.(9) and (10), we obtain the following differential equality:
E(E((P ±P)modF))=(R(1)±R(1))modF (11)
rs12 12
Image normalization using the matrix Q. Image normalization of the original algorithm is the modular
addition operation of Eq.(2). Due to Proposition 1, we have the following form
E ((R(1)+R(1)−R(1))modF)=(N(1)+N(1)−N(1))modF (12)
n120 120
75 Especially, in Eq.(12) we choose three images as the input of modular addition operation for eliminating the unknown matrix Q(1) of Eq. (2).
Image filtering. By using differential cryptanalysis, the filtering operation of Eq.(3) is transformed to ∆c(i)(x, y) = [ w(i)(j1, j2)∆c(i)(x + j1 − 3, y + j2 − 3) + ∆n(i)(x, y)] mod F (13)
j1 ,j2 ∈{1,2,3}∩(j1 ,j2 )̸=(3,3)
where∆n(i)(x,y)=n(i)(x,y)−n(i)(x,y)modF and∆c(i)(x+j −3,y+j −3)=c(i)(x+j −3,y+j −3)−
12 12112
c(i)(x + j − 3,y + j − 3) mod F. Based on the equation above, we can obtain E (∆n(i)(1,1)) = E (n(i)(1,1)) −
212 ff1
E (n(i)(1,1)) mod F, further acquire E (∆n(i)(x,y)) = E (n(i)(x,y)) − E (n(i)(x,y)) mod F, x = 1,2,…,M,
f2ff1f2
y = 1, 2, …, N . Therefor for the filtering operation, we have the following linear relationship:
E ((N(1) − N(1)) mod F) = (E (N(1)) − E (N(1))) mod F (14) f12 f1f2
Considering one-round encryption, through block-based scrambling, image rotation, image normalization, and image filtering, we have the following differential relationship for the three image P0,P1,P2
E(E(E(E((P +P −P)modF))))=(C(1)+C(1)−C(1))modF (15) fnrs120 120
5
80
85
Although IC-BSIF undergoes four rounds of encryption, and the sub-key of each round is different, our differential analysis of Eq.(15) is still effective. Considering four-round encryption, Eq.(15) is expanded to the following form
E((P1 + P2 − P0) mod F) = (E(P1) + E(P2) − E(P0)) mod F = (C1 + C2 − C0) mod F (16)
where E denotes all the encryption operations of IC-BSIF.
Given any three plain-images, we can build Eq. (16) about the plain-images and the corresponding cipher-images.
Eq.(16) presents a good linear relation. Next, we will verify Eq.(16) by using simulation experiments.
Choose three plain-images of size 512 × 512, Lena , Baboon and a blank image. Encrypt Plena, Pbaboon and
Pzero by using the original algorithm, and obtain the corresponding cipher-images Clean, Cbaboon and Czero, shown
in Fig. 3. To test Eq.(16), we calculate a differential image ∆P = (Plena + Pbaboon − Pzero) mod F and then
encrypt it. The plain-image ∆P and its cipher-image ∆C are shown in Fig. 3. We compute the differential of the ′′′
90
Select a blank cipher-image all pixel values of which are zero and M × N cipher-images with only a nonzero pixel c(i−1)M+j(i,j) = 1, i = 1,2,…,M, j = 1,2,…,N. Through decryption machine, we get the corresponding pairs of cipher-image/plain-image, i.e., C0 and P0 , Cn and Pn , n = 1, 2, …, M × N . These pairs of cipher-image/plain-image are used for building a codebook and recovering any plain-images.
For given any cipher-image C, we first transform C into the following form
M×N
C = kn · Cn (17)
n=1
4.2. Differential cryptanalysis of IC-BSIF and simulation experiments
threecipher-images∆C =(Clena+Cbaboon−Czero)modFandcompare∆C and∆C.Wefindthat∆C =∆C. The simulation results confirm our theoretical analysis: Given any three plain-images, we can build a differential relation between the three plain-images and their cipher-images.
5. Codebook attack
5.1. Theoretical analysis
where kn ∈ [0, 255].
Figure 3: Simulation results for testing Eq.(16)
6
We further transform the above expression into the following form
M×N M×N
C= kn·Cn−( kn−1)·C0 (18)
n=1 n=1
and based on the differential cryptanalysis of Eq.(16) and Proposition 2, we naturally recover the plain-image
expressed by the form
95 5.2. Simulation results
M×N M×N
P= kn·Pn−( kn−1)·P0 mod F (19)
n=1 n=1
Without loss of generality, we choose a image size of 64 × 64 as an example to represent the codebook attack. Algorithms 1 and 2 are two pseudocodes illustrating how to build the codebook and recover the plain-image. In Fig.4, we observe the plain-image Lena, the corresponding cipher-image and the recovered image by using the codebook attack.
Algorithm 1 Construct the codebook
Input: image size M × N , a blank image with all-zero pixels and M × N images with only a nonzero pixel value
“1”.
Output: M × N + 1 decrypted images. Construct codebook Pcb (M × N + 1 pairs of cipher-image/plain-image).
1: 2: 3: 4: 5: 6: 7: 8: 9:
C=zeros(M∗N+1,M,N) fori=1→M do
forj=1→N do
C (j + ((i − 1) ∗ M ), i, j ) = 1
end for end for
fori=1→M×N+1do
P (i, :, 🙂 = decypt(C(i, :, :))
end for
Figure 4: Results of the codebook attack. Lena, its cipher-image and the recovered image by the codebook attack proposed.
100 6. Improvements of IC-BSIF
Using differential cryptanalysis, we construct a linear relation between plain-images and cipher-images for IC- BSIF. Based on Eq.(16), we can break IC-BSIF by the codebook attack. To resist differential cryptanalysis, we introduce image random rotations that are controlled by both plain-images and intermediate images in IC-BSIF. The improved approach is shown in Fig. 5. The block-based scrambling and image random rotation make up a
7
Algorithm 2 Codebook attack
Input: cipher-image C, the grayscale F, and codebook Pcb
Output: plain-image P
1: 2: 3: 4: 5: 6: 7: 8: 9:
10: 11:
tmpImg = zeros(M,N) num=0 fori=1→M do
forj=1→N do
if C(i,j)= 0 then
tmpImg = tmpImg + C(i, j) ∗ (Pcb((i − 1) ∗ M + j, :, :))
num = num + C(i, j); end if
end for end for
P= mod(tmpImg−(num−1)∗Pcb(M∗N+1,:,:),F)
105 group. In this group the scrambling and rotation operations have been alternately carried out four times. Then all modules including image normalization and image filtering are executed sequentially m rounds, m ≥ 3.
In the original algorithm, the image rotation is a regular rotation, i.e, 90 degrees clockwise. Through four times of rotation, the image is a return to original state. Here we propose image rotation controlled by a random index (α1, α2, α3, α4). The angle of rotation of the ith time is equal to (αi − αi−1) × 90 degrees, where α0 = 0. Rotate
110 the image clockwise if the angle of rotation is greater than zero; otherwise, rotate counterclockwise. For example, (α1, α2, α3, α4) = (2, 4, 3, 1). For the first rotation, the image is rotated by 180 degrees clockwise; for the third time, rotate 90 degrees counterclockwise. The random index is related to the plain-image P, intermediate images C(i),i = 1, 2, …, m−1 and the subkey k(i). We calculate the sum of pixel value of C(i), and take (k(i) ⊕2β ×sum(C(i−1)))/232 as the initial value of logistic map x0, i = 1,2,…,m, C(0) = P, β ∈ N is set according to the size of images, here
115 β = 0. A chaotic sequence is produced by the form xn+1 = 4.0 × xn × (1 − xn), and by taking a segment with n = 101, 102, 103, 104, and sorting the four variables a random index (α1, α2, α3, α4) is generated.
In Figs. 6 and 7, we present the simulation results of the improved algorithm by using differential analysis. Same
as in Fig.3, we encrypt four plain-images, Plena, Pbaboon, Pzero and ∆P = (Plena + Pbaboon − Pzero) mod F by using
the improved algorithm, and obtain the corresponding cipher-images Clean, Cbaboon, Czero and C∆P , respectively.
′
= ∆C − C∆P mod F , which are shown in Fig. 6. We observe that ∆C ̸= C∆P and ∆C illustrates random characteristic well. Compared with the original algorithm, the improved approach resist the differential cryptanalysis of Eq.(16). Because the image rotation controlled by a random index is introduced, the efficiency of the improved algorithm decreases about 20%
for four-round encryption (m = 4) and increases about 20% for three-round encryption (m = 3).
125 Let’s see the differential results for three-round encryption. Encrypt two images, lena and a changed lena with
the last two pixels exchanged, and compute the differentials of cipher-images, ∆C(i) = C(i) − C(i) mod F, Lena changed
i = 1, 2, 3, shown in Fig. 7. The results demonstrate that the randomness of differential images increases while the
120 We calculate the differential image ∆C = (Clena + Cbaboon − Czero) mod F , and ∆C ′
8
130
135
number of encryption rounds increases and the improved system has a good randomness with m ≥ 3.
We continue to do statistical test by National Institute of Standards an Technology (NIST) SP800-22 Statistical Test Suite [28, 15]. The significance level α is set as 0.01 and the number of binary sequences s is set as 120. We choose 120 images from BOWS-2 image database and encrypt them by the improved algorithm. The cipher-images obtained are then decomposed into binary sequences. All the images are of size 512 × 512, thus the length of a binary sequence is 512 × 512 × 8 = 2097152. The results show that 120 cipher-images encrypted by the improved
algorithm can pass all the 15 sub-tests.
We also check the randomness of differential cipher-images. Same as in Sect.4.2, we encrypt the three plain-
′
images using the improved algorithm, and obtain cipher-image ∆C and the differential image ∆C . Then, we ′′ ′
compute the differential image ∆C = ∆C − ∆C mod F . The test results show that the differential cipher-image ′′ ′′′
∆C of the improved algorithm can pass all the 15 sub-tests, whereas ∆C of IC-BSIF does not due to ∆C = ∆C. This demonstrates that the improved approach can resist the differential cryptanalysis proposed by us.
Figure 5: The encryption process of the improved algorithm
Figure 6: Differential analysis of the improved algorithm for Plena, Pbaboon, Pzero and ∆P = (Plena +Pbaboon −Pzero) mod F. (a) ′
Figure 7: Differential analysis of the improved algorithm for lena (a) and the changed lena (b) with the last two pixels exchanged. (b)-(d) The differential cipher-images of lena and the changed lena from 1 to 3 encryption rounds.
C∆P. (b)∆C. (c)∆C =∆C−C∆P modF.
9
140 7. Conclusion
This paper analyzes an image encryption algorithm using block-based scrambling and image filtering. We con- struct a linear relation between plain-images and cipher-images by differential cryptanalysis, although the encryption process is complex and nonlinear. Based on the linear relation, we build a codebook that contains (M × N + 1) pairs of plain-images and cipher-images, where M × N is the size of images. The proposed differential cryptanalysis
145 and the codebook attack can be applied in analyzing a medical image encryption algorithm [19]. Enhancing the security of image encryption algorithms has been a challenge and we hope our analysis method will promote the research of image encryption to some extent.
References References
150 [1]
[2]
[3]
[4]
[5]
160 [6] [7]
[8]
165 [9]
[10]
[11]
A. A. A. El-Latif, L. Li, X. Niu, A new image encryption scheme based on cyclic elliptic curve and chaotic system, Multimedia Tools & Applications 70 (2014) 1559–1584.
C. Adams, S. Tavares, The structured design of cryptographically good s-boxes, Journal of Cryptology 3 (1990) 27–41.
J. Ahmad, M. A. Khan, S. O. Hwang, J. S. Khan, A compression sensing and noise-tolerant image encryption scheme based on chaotic maps and orthogonal matrices, Neural Computing & Applications 28 (2016) 1–15.
S. Amina, F. K. Mohamed, An efficient and secure chaotic cipher algorithm for image content preservation, Communications in Nonlinear Science & Numerical Simulation 60 (2017) 12–32.
A. Belazi, A. A. A. El-Latif, S. Belghith, A novel image encryption scheme based on substitution-permutation network and chaos, Signal Processing 128 (2016) 155–170.
J. Katz, Y. Lindell, Introduction to Modern Cryptography, 2007.
L. Chen, B. Ma, X. Zhao, S. Wang, Differential cryptanalysis of a novel image encryption algorithm based on chaos and line map, Nonlinear Dynamics 87 (2016) 1–11.
X. Chen, C. J. Hu, Adaptive medical image encryption algorithm based on multiple chaotic mapping, Saudi Journal of Biological Sciences 24 (2017) 1821–1827.
C. Cao, K. Sun, W. Liu, A novel bit-level image encryption algorithm based on 2d-licm hyperchaotic map, Signal Processing 143 (2017) 122–133.
J. Chen, Z. L. Zhu, L. B. Zhang, Y. Zhang, B. Q. Yang, Exploiting self-adaptive permutationdiffusion and dna random encoding for secure and efficient image encryption, Signal Processing 142 (2018) 340–353.
L. Chen, S. Wang, Differential cryptanalysis of a medical image cryptosystem with multiple rounds, Pergamon Press, Inc., 2015.
155
170
10
175 [14]
C. Fu, W. H. Meng, Y. F. Zhan, Z. L. Zhu, F. C. Lau, C. K. Tse, H. F. Ma, An efficient and secure medical image protection scheme based on chaotic maps., Computers in Biology & Medicine 43 (2013) 1000–1010.
180 [16]
X. Ge, B. Lu, F. Liu, X. Luo, Cryptanalyzing an image encryption algorithm with compound chaotic stream cipher based on perturbation, Nonlinear Dynamics 90 (2017) 1–10.
185
[17] X. Huang, Image encryption algorithm using chaotic chebyshev generator, Nonlinear Dynamics 67 (2012) 2411–2417.
[18] Z. Hua, Y. Zhou, Design of image cipher using block-based scrambling and image filtering, Elsevier Science Inc., 2017.
[19] Z. Hua, S. Yi, Y. Zhou, Medical image encryption using high-speed scrambling and pixel adaptive diffusion, Signal Processing 144 (2017) 134–144.
[20] W. Y. Ji, H. Kim, An image encryption scheme with a pseudorandom permutation based on chaotic maps, Communications in Nonlinear Science & Numerical Simulation 15 (2010) 3998–4006.
190 [21]
M. Khan, A novel image encryption scheme based on multiple chaotic s-boxes, Nonlinear Dynamics 82 (2015) 527–533.
195
200
[22] Y. Li, C. Wang, H. Chen, A hyper-chaos-based image encryption algorithm using pixel-level permutation and bit-level permutation, Optics & Lasers in Engineering 90 (2017) 238–246.
[23] S. Li, C. Li, G. Chen, N. G. Bourbakis, K. T. Lo, A general quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks, Signal Processing Image Communication 23 (2008) 212–223.
[24] C. Li, Y. Liu, T. Xie, M. Z. Q. Chen, Breaking a novel image encryption scheme based on improved hyperchaotic sequences, Nonlinear Dynamics 73 (2013) 2083–2089.
[25] R. Matthews, On the derivation of a chaotic encryption algorithm, Cryptologia 8 (1989) 29–41.
[26] N. K. Pareek, V. Patidar, K. K. Sud, Image encryption using chaotic logistic map, Image & Vision Computing 24 (2006) 926–934.
[27] P. Ping, F. Xu, Y. Mao, Z. Wang, Designing permutation-substitution image encryption networks with henon map, Neurocomputing 283 (2018) 53–63.
[12] C. Cao, K. Sun, W. Liu, A novel bit-level image encryption algorithm based on 2d-licm hyperchaotic map, Signal Processing 143 (2017) 122–123.
[13] J. Fridrich, Image encryption based on chaotic maps, in: IEEE International Conference on Systems, Man, and Cybernetics, 1997. Computational Cybernetics and Simulation, 1997, pp. 1105–1110 vol.2.
[15] P. Fabio, R. Riccardo, S. Gianluca, On statistical tests for randomness included in the nist sp800-22 test suite and based on the binomial distribution, IEEE Transactions on Information Forensics & Security 7 (2012) 491–505.
11
[28]
[29]
[30]
210 [31]
[32]
[33]
A. Rukhin, J. Soto, J. Nechvatal, S. Miles, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, A. Heckert, A statistical test suite for random and pseudorandom number generators for cryptographic applications, Applied Physics Letters 22 (2015) 1645–179.
E. SOLAK, O. T. YILDIZ, Cryptanalysis of fridrich’s chaotic image encryption, International Journal of Bifurcation & Chaos 20 (2010) 1405–1413.
X. Tong, M. Cui, Image encryption scheme based on 3d baker with dynamical compound chaotic sequence cipher generator, Signal Processing 89 (2009) 480–491.
L. Y. Zhang, Y. Liu, F. Pareschi, Y. Zhang, K. W. Wong, R. Rovatti, G. Setti, On the security of a class of diffusion mechanisms for image encryption, IEEE Transactions on Cybernetics PP (2015) 1–13.
X. Zhang, W. Nie, Y. Ma, Q. Tian, Cryptanalysis and improvement of an image encryption algorithm based on hyper-chaotic system and dynamic s-box, Multimedia Tools & Applications 76 (2017) 1–19.
G. Zhou, D. Zhang, Y. Liu, Y. Yuan, Q. Liu, A novel image encryption algorithm based on chaos and line map, Neurocomputing 169 (2015) 150–157.
205
215
12