Image encryption algorithm using chaotic maps and cellular automata

Nowadays, some encryption schemes are not sensitive enough to plain-image, which leads to poor robustness and the scheme is vulnerability to attacks. By employing chaotic maps and cellular automata (CA), a novel image encryption algorithm is presented in this work to increase the sensitivity to plain-image and improve the security. Firstly, initial values of the two-dimensional Logistic-Sine-coupling map (2D-LSCM) and the Logistic-Sine-Cosine map (LSC) are calculated by the SHA-256 hash value of original image, and the process of diffusion is conducted next. Secondly, the key matrices are produced by iterating chaotic map in the process of permutation. The diffused image is scrambled by the index matrices, which are produced by sorting every row or column of the key matrices. Finally, the previous scrambled image is transformed into cipher-image by using CA. The experimental results and theoretical analysis prove that the proposed scheme owns good security as it can effectively resist a variety of attacks.


Introduction
With computer science and technology developing rapidly, a mass of digital images are transmitted on the internet, which may be leaked due to the non-secure channels and lead to significant threat to information security. Therefore, image encryption before transmitting the information to the receiver is an efficient way to protect individual privacy and social safety. The digital images can be converted to binary data and encrypted with Advanced Encryption Standard (AES). However, the high correlation between adjacent pixels may still be kept after encrypting a digital image without considering the property of digital images. Chaotic maps own some special features, i.e., high sensitivity to the initial conditions, unpredictable, ergodicity etc., which have been widely implemented on image encryption [1][2][3]. Moreover, coupled chaotic map is a new system which can be acquired by conducting combination using onedimensional (1D) chaotic maps. Thus, coupled chaotic map has more complex chaotic behaviour than its seed maps [4]. In this algorithm, coupled chaotic maps are adopted to produce chaotic sequences with an excellent pseudo-randomness.
Cellular automata (CA) is a typical discrete system [5]. In addition, a method of random sequence generation based on CA is proposed in [6], which is further used for image encryption [7]. There are mainly two CA-based image encryption methods, one is that the CA can be used to produce pseudo random numbers and the other is that the CA is utilized to encrypt the image in bit-level. Specifically, in [8], a key matrix is built using pseudo random numbers, which are generated by onedimensional CA. In addition, an encryption algorithm using a secondorder life-like CA is designed in [9], the pixels are substituted by the CA. In [10], reversible cellular automata is applied to image encryption, and the pixels are confused by using CA and the histogram distribution in encrypted image is more uniform because of the excellent pseudo-randomness of CA. Therefore, in this algorithm, the CA is used to encrypt the scrambled image to reduce the correlation and further improve the security.
The following three aspects are main contributions of this algorithm: (1) In the proposed algorithm, a one- Lanhang Li et al.

EAI Endorsed Transactions
2 dimensional CA is used to encrypt the image in bit-level, and a new selection method of transform rules based on CA is presented. The sequence numbers based on CA are randomly generated by judging the interval of the values of pseudo random sequence. (2) Initial secret keys are produced according to the hash value of original image, which certifies the generated pseudo random sequences are highly correlated with original image. (3) A new diffusion and permutation mechanism is designed in this algorithm. In the process of permutation, the key matrices are generated by the chaotic maps. The index matrices can be obtained by sorting each row or column of the key matrices, which are utilized to scramble the image.
The rest of this article is composed as follows. The fundamental knowledge about chaotic maps and CA are given in Section 2. Section 3 describes the proposed encryption algorithm. Simulation results and security performance analysis are discussed in Section 4, and Section 5 gives a conclusion.
In addition, the Logistic-Sine-Cosine map (LSC) [12] is defined by where r ∈ [0,1]. It has been proved that the LSC map has more complex chaotic behaviour than the Logistic map.

Cellular automata
In one-dimensional CA, the two neighbours of each cell have two values, i.e., zero or one. Therefore, for three neighbouring cells, there are 2 × 2 × 2 = 2 3 possible states, which are 000, 001, 010, 011, 100, 101, 110, 111. The state function is given by , (3) where t denotes the time, Si presents the current state of the i th cell, and denotes the next state of Si at time t + 1.
The state of is controlled by the i th cell's state and the two neighbouring states of i − 1 th cell and i + 1 th cell at time ) denotes Boolean function, which means logical operation. Table 1 shows different logical operation mode. Taking three adjacent cells as an operational unit at time t, and there Table 1. Different rules of one-dimensional CA.

Generating the initial values of chaotic maps
Hash function is used to transform the input with any length into a fixed length output, which can be applied to authenticated encryption [13]. In this algorithm,   (4) Then, the intermediate values α = d1 ⊕d2 ⊕d3 ⊕d4, and β = d5 ⊕d6 ⊕d7 ⊕d8.
Finally, the initial values are given by

The process of encryption
The flow chat of the proposed method is displayed in Figure 1, and the detailed encryption steps are presented next.
Step 1. Suppose original image is I, and the dimension of it is m × n. Initial values of two chaotic maps can be acquired according to H, which is represented in Section 3.1 clearly.
Step 2. The 2D-LSCM map is iterated for m × n + 500 times by using x1, y1, and two sequences X, Y are obtained by discarding the former 500 values. Similarity, the chaotic sequence Z is generated by iterating the LSC map for m×n×8 times. Then, the sequence X is reshaped into matrix X1 with the same size as I. In addition, 2m values from sequence Z are selected, and quantification operations are performed by where Z(1 : n) represent the first value to the n th value in sequence Z, Z(m+1 : 2m) represent the m+1 th value to the 2m th value in sequence Z. The diffusion matrix D is obtained by reshaping vector Y1 into matrix.
Step 3. The plain-image is diffused by using the new diffusion method. Firstly, the pixels in the first row of plain-image are encrypted by vector R and the first row of matrix D, which is calculated by (7) where x ∈ [2,n], R is 1D vector produced by the LSC map.
Secondly, the pixels in the first column of plain-image are encrypted by vector C and the first column of matrix D, which is calculated by C1(y,1) = mod(C(y) + I(y,1),256) ⊕ D(y,1), (8) where y ∈ [2,m], C is 1D vector produced by the LSC map.
Finally, when x ∈ [2,m], y ∈ [2,n], other pixels are encrypted by the corresponding values in matrix D, which is shown in (9) Specially, the first value C1(1) is calculated by Step 4. The process of permutation is presented. The values in every row and column of the key matrix X1 are sorted in ascending order. As a result, two index matrices X2 and X3 are obtained. In this algorithm, the permutated image C2 can be acquired by using the index matrices to confuse the diffused image. Figure 2 shows the process of generating the index matrices for permutation when the size of image is 4 × 4.
Step 5. Cellular automata transform is adopted to obtain the final cipherimage. Eight CA transform rules in Table I are randomly selected to encrypt the image in this paper. The selection of the rule number is controlled by the sequence numbers Ri. For example, if Ri is five, the Rule 165 CA is selected to transform the pixel in bit-level.  What's more, the Rule numbers in the process of the CA transform are randomly selected. The chaotic sequence Z is obtained by iterating the LSC map and the initial value of the LSC map is related with plain-image, which certifies that the process of CA transform is sensitive to plain-image.
Step 6. The permuted matrix C2 is reshaped into a vector, and the vector is transformed into sequence C3. The values in C3 is binary, and the length of C3 is m×n×8. Then, C3 is regarded as the inputs of the CA, and the corresponding rules of the CA transform are the sequence Zi. The outputs can be obtained after conducting the CA transform, and the outputs are converted into decimal vector C4. Finally, the vector C4 is reshaped into the final encrypted image.
Obviously, the decryption process is the inverse of encryption.

Experimental results and security analysis
Experimental results are displayed in this part and security analysis is discussed in detail. Three standard images are tested, and the size of them are 512 × 512. No any useful information can be acquired from encrypted images, which are represented in Figure 3, and the plainimages can be recovered successful.

Differential attack
After a tiny modification is made for plain-image, hackers can obtain one new image and encrypt the modified image. Then, attackers may compare the difference between two encrypted images to seek out secret keys. Generally, number of pixel change rate (NPCR) and unified average changing intensity (UACI) are selected to assess the capacity for withstanding the differential attack, which are defined by where m × n is the dimension of image. T1 and T2 are encrypted images, and their corresponding plain-images differ by one pixel. When T1(i,j) 6= T2(i,j), the difference matrix D(i,j) = 1; or else, D(i,j) = 0.

Fig.3. Experimental results. (a)-(c) original images; (d)-(f) encrypted images;(g)-(i) decrypted images.
In this test, three images are tested, and 100 pixels are selected randomly with adding one for each time. The test results and the comparison with other schemes are listed in Table 2. The results indicate that the average values are approximate to the expected value [14], which certifies that the algorithm can resist differential attack.

Key space
Key space ought to be large enough to withstand brute force attack, and the key space in an encryption scheme is usually required to reach 2 100 [18]. The secret keys in this paper includes two control parameters r, θ, initial values x0, x1, y1, and 256-bit hash value. The accuracy of the computer is limited, assuming it is 10 −15 [19], the entire key space in this work is 2 388 . Therefore, the proposed algorithm can defend brute force attack.

Key sensitivity
Encryption method ought to be sensitive enough to the encryption key, which means that an enormous variation will be taken place in cipher-image when secret key is altered slightly. In order to prove the key sensitivity, the hash value H(5ec042e1...f35459f5) is changed slightly to H1(4ec042e1...f35459f5). Figure 4(a) shows the new cipher-image when H1 is utilized to encrypt the 512 × 512 "Lena". In addition, Figure 4 What's more, the decrypted image by using an error key has an enormous difference with the correct decrypted image. Usually, this difference can be evaluated by peak signal-to-noise ratio (PSNR) and mean square error (MSE) [20], which are calculated by

EAI Endorsed Transactions on
Security and Safety 07 2020 -10 2020 | Volume 7 | Issue 26 | e3 Image encryption algorithm using chaotic maps and cellular automata Lanhang Li et al.

6
where D represents decrypted image by using wrong key and P is the original image. A small value of PSNR demonstrates that there is a great difference between image P and D [21]. The key sensitivity can be also evaluated by NPCR and UACI. The results are listed in Table 3, in which certifies that the proposed algorithm has a good performance in key sensitivity.  Table 3. Key sensitivity about decrypted image.

The histogram analysis
Histogram of an image shows each pixel value's distribution [22]. If the histogram is not uniform, the exposed information may be utilized by attackers. Figure  5 displays the histograms of encrypted images, which are balance distribution. Hence, the proposed algorithm is resistant against statistical attack.

Correlation analysis
The strong correlation in horizontal(HL), vertical(VL), and diagonal(DL) directions exist commonly between two adjacent pixels, which indicates that original image contains a lot of redundant information. Hence, a secure encryption algorithm ought to eliminate these correlations. The correlation coefficients corxy can be calculated by where and yi represent gray values of adjacent pixels in an image. Figure 6 displays the correlation of adjacent pixels in three directions of "Lena" and its encrypted image, respectively. In addition, Table 4 gives the correlation coefficients of test images and the comparison results. The correlation coefficients of encrypted images in this paper are much nearer to zero than other methods. So the proposed algorithm is able to eliminate the correlation effectively.

Information entropy analysis
The randomness of information can be described by information entropy, which can be calculated by , (17) where p(si) is the probability of si. In a fully uniform image with 2 8 gray level, the expected value of entropy is eight [8]. The nearer the entropy is to eight of cipherimage, the higher security of the scheme [25]. The results for three tested images and the comparison for "Lena" with different methods are listed in Table 5. The information entropies of encrypted image in this paper are close to eight, and higher than the other three methods.

Data loss and Noise attack analysis
The information may be lost due to the effect of congestion network or noise when the cipher-image is transmitted over internet [29]. Therefore, it is essential for the cryptosystem to have the ability to resist data loss and noise attacks [30].
The cipher-image "Lena" with different cropped parts and the decrypted results are displayed in Figure 7. The recovered images can still be identified in spite of there are a large number of data is lost in cipher-images. Hence, the proposed algorithm can resist the data loss attack effectively.
In addition, the Gaussian noise(GN) is tested, which can be added to the encrypted image C by C ' = C + kGN, (18)   where C' is new encrypted image after adding GN, k is noise intensity, and GN is the standard GN, and. The decrypted results after adding GN are represented in Figure 8, in which the recovered images can be recognized when k = 30. Therefore, the proposed algorithm is resistant to GN attack.
What's more, the decrypted image after adding salt and pepper noise(SPN) with different densities are given in Figure 9. The results indicate that the encryption scheme is capable of resisting SPN attack.

Known/chosen plaintext attack analysis
Initial values of the 2D-LSCM map and the LSC map in the proposed algorithm are calculated by SHA-256 hash value of plain-image, which indicates that the encrypted image is highly sensitive to the plain-image. What's more, attackers usually choose a special image such as all black and the secret key may be found according to the chosenplaintext attack [31]. Figure 10 shows the cipher-images of all black and white, and their histograms. In addition, Table 6 shows the values of entropies and correlation coefficients of cipher-images. The results indicate that the attackers cannot get any valuable information from the encrypted images. Hence, the proposed scheme can withstand the known/chosen plaintext attack.

Conclusion
Based on chaotic maps and cellular automata, a novel image encryption algorithm is proposed in this work. Firstly, initial secret keys of the chaotic maps are calculated by using the SHA-256 hash value of the original image, which leads to high key sensitivity. Then, the plain-image is diffused and scrambled by using the proposed encryption method. The final encrypted image can be acquired by transforming the scrambled image using CA. Experimental results and security analysis certify the proposed scheme has good performance in key sensitivity, ideal information entropy, and it can resist a variety of attacks, i.e., noise and data loss attacks. All these demonstrate that the proposed algorithm is suited for multimedia communication.  Table 6. Performance evaluation results of special images.