Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147

Contents lists available at SciVerse ScienceDirect

Commun Nonlinear Sci Numer Simulat

journal homepage: www.elsevier .com/locate /cnsns

A cryptosystem based on elementary cellular automata

A.A. Abdo a,⇑, Shiguo Lian b, I.A. Ismail c, M. Amin a, H. Diab a

a Dept. of Mathematics, Computer Science, Faculty of Science, Menoufia University, Shebin El-Koom 32511, Egyptb Central Research Institute, Huawei Technologies, Beijing 100085, Chinac Dean of Computer and Informatics faculty, MIU University, Egypt

a r t i c l e i n f o

Article history:Received 28 August 2011Received in revised form 27 January 2012Accepted 28 May 2012Available online 28 June 2012

Keywords:Elementary cellular automataImage encryptionCellular neural networkChaos

1007-5704/$ - see front matter � 2012 Elsevier B.Vhttp://dx.doi.org/10.1016/j.cnsns.2012.05.023

⇑ Corresponding author.E-mail addresses: asd2asd254@yahoo.com (A.A.

a b s t r a c t

Based on elementary cellular automata, a new image encryption algorithm is proposed inthis paper. In this algorithm, a special kind of periodic boundary cellular automata withunity attractors is used. From the viewpoint of security, the number of cellular automataattractor states are changed with respect to the encrypted image, and different key streamsare used to encrypt different plain images. The cellular neural network with chaotic prop-erties is used as the generator of a pseudo-random key stream. Theoretical analysis andexperimental results have both confirmed that the proposed algorithm possesses highsecurity level and good performances against differential and statistical attacks. The com-parison with other existing schemes is given, which shows the superiority of the proposalscheme.

� 2012 Elsevier B.V. All rights reserved.

1. Introduction

Image, due to its feature of bulky data and huge correlation between pixels are generally difficult to handle by traditionalencryption algorithms. Many encryption methods have been proposed for image encryption in the literature. These includetraditional [1,2], compression in an iterated mode [3–5], and dynamical chaotic systems [6–13]. Traditional algorithms areseriously challenged by the complexity of their internal structure and the fact that they cannot be concisely and clearly ex-plained. Compression methods have the difficulty that the recovered image has less definition than the original one (i.e. theencrypted image is not the same as the original one). Implementation of dynamical chaotic systems is seriously challengedby the differences between the discrete arithmetic of the computers and the chaotic arithmetic defined by the dynamicalsystems used. Generally, most of them are accompanied by detailed security analysis [14,15].

Cellular automata which are a class of discrete dynamical systems can be implemented in image encryption withoutmuch additional hardware or software complexity as a good option in the transmission of large amount of data applications[16–21]. The large number of CA evolution rule enables very large number of ways to produce a sequence of CA data security.Further, one dimensional CA substitutions only consist of and/or logic operations which are easy and simple computations.In connection to cryptographic techniques, CA are used as pseudorandom number generators for VLSI built-in self-test [22].Generally, CA due to its parallelism, easy, regular structure, and simple hardware structure, is more efficient for crypto-graphic techniques.

Here we aim to use elementary cellular automata(ECA), the simplest case of CA: a linear array of cells with a periodicbehavior and control parameters are generated by cellular neural network (CNN) in the encryption phase. This providesthe opportunity for great flexibility in both performance characteristics and level of security. Many of ECA of length 8 hasa periodic behavior, i.e., it returns to its initial state after t times. This means that CA can be treated as a ring (attractors).

. All rights reserved.

Abdo), shiguo.lian@ieee.org (S. Lian), mohamed_amin110@yahoo.com (M. Amin).

A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147 137

Among these attractors, it is found that the bitwise xor operation between the values in the same attractor is equal to zero,thus we call these attractors as unity attractors. Based on ECA, with a periodic behavior and unity feature, a novel and simpleimage encryption method is proposed. In addition, the control parameters are generated from cellular neural network (CNN)which was first proposed by Chua and Yang [25]. For security consideration, the CNN’s parameters are affected by the cipher-image, so the key stream is changed according to the image, thus the ciphering algorithm can resist some known-plaintext/ciphertext attacks.

The remain of the paper is organized as follows. Section 2 introduces characteristics of the cellular automata and chaoticsequence generator using cellular neural network (CNN). In Section 3, the proposed encryption scheme is presented in detail,and the proposed algorithm’s performances including security and efficiency are tested and discussed in Section 4. Finally, inSection 5, the conclusion is drawn and some future work is given.

2. Related work

2.1. Elementary cellular automata

Cellular automata (CA) was firstly introduced by Von Neumann as a simple model to study biological processes such asself- reproduction [26]. There are a lot of important applications of CA, such as quantum mechanics [27,28], biocomputingtheory [29], and image encryption as we mentioned above. Cellular automata (CA) is a particular form of finite state machine.It is defined as uniform array of identical cells in n-dimensional space [30]. The cells change their states synchronously atdiscrete time instants. The next state of each cell depends on the current states of the neighbor cells according to a statetransition rule. Elementary cellular automata (ECA) is the simplest case, which is a linear array of cells with three neighbor-hood dependency, and state of each cell is 0 or 1. Let Si denotes the current state of the i-th cell at time t, and f a Boolean statefunction that specifies the local rule. The next state of Si at time t þ 1 is produced as:

Table 1Elemen

NeigNext

Stþ1i ¼ f St

i�1; Sti ; S

tiþ1

� �ð1Þ

The set of local rules for the time evolution of one dimensional CA has been coded by Wolfram in [30]. An example of Wol-fram’s notation for CA rule 30 is given in Table 1. The rule number represents the binary number in a decimal way. For exam-ple, if f ð111Þ ¼ 0, f ð110Þ ¼ 0; f ð101Þ ¼ 0, f ð100Þ ¼ 1; f ð011Þ ¼ 1; f ð010Þ ¼ 1; f ð001Þ ¼ 1, f ð000Þ ¼ 0, then the binarynumber 00011110 is 30 in decimal. So, the CA is called Rule 30 CA. Since the neighborhood is composed of 3 cells, thereare n ¼ 223

possible configurations of that neighborhood. It means that the total number of rules of ECA is 256.When dealing with finite CA, many ECA of length 8 has a periodic behavior, i.e., it returns to its initial state after t times,

thus CA can be treated as a ring (attractors). The selected attractors T1 to T16 for Rule 85 are shown in Fig. 1, where the statesare shown in decimal and binary representation. All the attractors shown in Fig. 1 have the merit:

�k

t¼1St ¼ 0 ð2Þ

where � is exclusive-or operation XOR, St is the cell state at time t; 1 6 t 6 k, and k is the number of states of one of suchattractor. The XOR operation begins with any state, i.e., state (1) can be any state on the attractor, by calling the attractorsatisfies this feature as unity attractor. In Fig. 1, the bit wise xor between binary numbers in each attractor is equal to zero.Table 2 illustrates two unity attractors T1, and T2 in the rules 56, 74, and 80. From Eq. (2), we can get the following facts:

d� �k

i¼1Si

� �¼ d:

d� �t

i¼1Si

� �¼ �d: wheret < k ð3Þ

�d� �k

i¼tþ1Si

� �¼ d:

d and �d are 8 bits binary data, d is xoring with all states in the unit attractor and the result is 1. d is xoring with some ofattractor states (t < k) and the result is �d. �d is xoring with the remainder states of the same attractor, and the result is theoriginal value d. This phenomenon is a basic requirement of the proposed scheme. Let t : ð1 6 t 6 kÞ be the encryption times,by applying XOR operation to d for t times with t states on an attractor, the encrypted data are obtained.

tary rule 30.

hborhood 111 110 101 100 011 010 001 000 Nostate 0 0 0 1 1 1 1 0 30

Fig. 1. Uinty attractors of rule 85.

Table 2Two circles of unity attractors T1, and T2 in rules 56, 74, and 80.

Unity attractor Rule 56 Rule 74 Rule 80

T1 5! 130! 65! 7! 13! 128! 9! 132! 66!160! 80! 40! 52! 112! 208! 33! 144! 72!20! 10! 5 193! 67! 7 36! 18! 9!

T2 17! 136! 68! 9! 18! 36! 6! 3! 129!34! 17 72! 144! 33! 192! 96! 48!

66! 132! 9 24! 12! 6

138 A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147

2.2. Chaotic sequence generators using cellular neural network (CNN)

CNN was first proposed by Chua and Yang in 1988 [25]. The CNN can be defined as an M � N type array of identical cellsarranged in a rectangular grid. Each cell is locally connected to its 8 nearest surrounding neighbors. Every cell is a nonlinear

A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147 139

1st- order circuit composed of a linear resistance, a linear capacitance, and some voltage-controlled current sources. Liter-ature [31] reported the chaotic phenomena in the 3rd-order CNN system. The chaotic system of 3th-order CNN can be de-scribed as follows:

_xj ¼ �xj þ ajyj þX3

k¼1;k–j

ajkyj þX3

k¼1

Sjkxk þ ij; j ¼ 1;2;3: ð4Þ

where xj is a state variable, aj a constant, ij the edge value, and yj a cell output. The output is related to the state by the non-linear equation:

yj ¼ 0:5� jðxj þ 1Þj � jðxj � 1Þj: ð5Þ

The parameters of the three cells are given as follows [32]: a12 ¼ a13 ¼ a2 ¼ a23¼ a32 ¼ a3 ¼ a21 ¼ a31 ¼ 0;S13 ¼ S31 ¼ S22 ¼ 0; i1 ¼ i2 ¼ i3 ¼ 0; S33 ¼ S21 ¼ S23 ¼ 1. By substituting in Eq. 4, Eq. (4) can be given by:

½ _x1; _x2; _x3� ¼ ½�x1 þ a1 � y1 þ S11 � x1 þ S12 � x2;

¼ �x2 þ x1 þ x3; ð6Þ¼ �x3 þ S32 � x2 þ x3�

where y1 ¼ 0:5� jðx1 þ 1Þj � jðx1 � 1Þj. From this model, we can get different chaotic output parameters by using differentinput parameters x1; x2; x3; a1; S11; S12; S32. Fig. 2 shows the projections of the chaotic attractors of system (6) in the threedimensional space.

3. The proposed encryption scheme

Our proposed encryption scheme is pictorially shown in Fig. 3. Fig. 3(a) and (c) represents the proposed encryption anddecryption cryptosystem respectively. Their corresponding encryption and decryption functions are illustrated in Fig. 3(b)and (d) respectively. The secret key contains initial conditions x0

1; x02; x0

3 2 ½0;1�, parameters a11; S11; S12; S32, the large inte-ger numbers K; k as map parameters, two rules R1; R2, and two unity attractors (T1; T2 with length k) selected from twoelementary rules R1; R2. For 8-bit gray image of size M � N, the encryption algorithm includes the following steps:

1. key generation: By utilizing the CNN system for three time, we have xn1; xn

2; xn3, where n ¼ 1;2;3, and then compute

parameters C1; C2; C3, where:

C1 ¼ bðK � ððx11Þ

2 þ ðx12Þ

2 þ ðx13Þ

2Þ0:5 þ kÞc mod256:

C2 ¼ bðK � ððx21Þ

2 þ ðx22Þ

2 þ ðx23Þ

2Þ0:5 þ kÞc mod256:

C3 ¼ bðK � ððx31Þ

2 þ ðx32Þ

2 þ ðx33Þ

2Þ0:5 þ kÞc mod256:

ð7Þ

where K and k are two large integer numbers.

−0.5 0 0.5 1 1.5 2 2.5−0.4

−0.2

0

0.2

0.4

x1

x2

−0.5 0 0.5 1 1.5 2 2.5−4

−3

−2

−1

0

1

x1

x3

−0.4 −0.2 0 0.2 0.4−4

−3

−2

−1

0

1

x2

x3

−20

24

−0.5

0

0.5−4

−2

0

2

Phase space

Fig. 2. The projections of the 3th CNN attractors of system (6) in the three dimensional space.

(a) (b)

(c) (d)

Fig. 3. Encryption and decryption algorithms: (a) encryption algorithm, (b) the encryption function, (c) ecryption algorithm, and (d) the decryptionfunction.

140 A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147

2. The encryption algorithm

S1: Use parameters xi�1

1 ; xi�12 ; xi�1

3 to utilize the CNN for three times to generate xi1; xi

2; xi3, and their corresponding

sequences Ci1; Ci

2 and Ci3 from Eq. (7), where M � N P i P 1. We call Ci

1 as a control parameter, Ci2 is an encryption

parameter, and Ci3 is a dynamic control parameter.

S2: Compute d ¼ Ci1mod2 to determine which rule will be used in the pixel ciphering. If d ¼ 1, use R1, otherwise use R2.

S3: Compute t ¼ Ci2modkþ 1, where k is the length of each attractor, and t determines the number of states used in the

encryption function for Rule R1 or R2. For example, let d ¼ Ci1mod2 ¼ 1, then R1 will be used to encrypt the pixel. Let

attractor T1 in the rule R1 ¼ 56, there are 8 states T1 ¼ f5;130;65;160;80;40;20;10g. If t ¼ 4, then the valuesf5;130;65;160g are used in the encryption function, and the remainder values f80;40;20;10g are used in the decryp-tion function.S4: Encrypt the pixel Pi. Use the following equation to encrypt Pi to P0i

P0i ¼ðPi þ Ci

2Þmod256� R1ðjÞ if d ¼ 1;

ðPi þ Ci2Þmod256� R2ðjÞ otherwise;

(

where j ¼ 1;2; . . . t. For Rule R1ðjÞ ¼ stateð1Þ � stateð2Þ . . . stateðtÞ, and R2ðjÞ ¼ stateð1Þ � stateð2Þ . . . stateðtÞ. Fig. 3(b) illustratesthe encryption function.

S5: Compute Ciþ13 ¼ P0i � Ci

3, where P0i is the current ciphering pixel.

A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147 141

S6: Go to to step S1 to generate the next three values Ciþ11 ; Ciþ1

2 ; Ciþ13 CNN by using the current CNN

valuesðxiþ11 ; xiþ1

2 ; �xiþ13 Þ, where �x3

iþ1 ¼ ðCiþ13 =256Þ. Do that until i ¼ M � N.

3. The decryption function:The decryption algorithm is symmetric to the encryption algorithm, which is composed of the following steps:

S1: Use parameters xi�11 ; xi�1

2 ; xi�13 to utilize the CNN for three times to generate xi

1; xi2; xi

3, and their correspondingsequences Ci

1; Ci2 and Ci

3 from Eq. (7), where M � N P i P 1. We call Ci1 as a control parameter, Ci

2 is an encryptionparameter, and Ci

3 is a dynamic control parameter.S3: Compute d ¼ Ci

1mod2 to determine which rule will be used in the pixel ciphering. If d ¼ 1, use R1, otherwise use R2.S2: Compute t ¼ Ci

2modkþ 1, where k is the length of each attractor. We have k� t þ 1 determines the number ofstates used in the decryption function for Rule R1 or R2.S4: Decrypt the pixel Pi. Use the following equation to decrypt P0i to Pi

Pi ¼ðP0i � R1ðk� tÞ � Ci

2Þmod256 if d ¼ 0;

ðP0i � R2ðk� tÞ � Ci2Þmod256 otherwise;

(

where for rule R1ðk� t þ 1Þ ¼ stateðk� t þ 1Þ � stateðk� t þ 2Þ . . . stateðkÞ, and R2ðtÞ ¼ stateðk� t þ 1Þ � stateðk� t þ 2Þ . . . stateðkÞ, it is illustrated at Fig. 3(d).

S5: Compute Ciþ13 ¼ P0i � Ci

3, where P0i is the current ciphering pixel.S6: Go to step S1 to generate the next three values Ciþ1

1 ; Ciþ12 ; Ciþ1

3 CNN by using the current CNNvaluesðxiþ1

1 ; xiþ12 ; �x3

iþ1Þ, where �x3iþ1 ¼ ðCiþ1

3 =256Þ. Do that until i ¼ M � N.

4. Security analysis for the propose algorithm

The standard block ciphers, such as DES [1], AES [2] are not suitable for digital images in spite of the speed of such algo-rithms. In the following content, the proposed encryption algorithm is compared with AES, and both theoretical analysis andcomputer simulations are given to show the proposed algorithm’s competence in security and efficiency for practical imageencryption. In the proposed algorithm, the control parameters are determined not only by the initial key (i.e. the initialparameters of CNN and initial state of selected rule), but also by the image pixel. This means that the control parametersare variable for each image. As a result, different plain-images have distinct control parameters, will not have identicalencryption results, and will then improve the difficulty of chosen-plaintext attacks. Simulation results and performanceanalysis of the proposed scheme are provided to show the algorithm’s security against various attacks. Therefore, this sectionis split into five subsections, namely, adjacent pixels analysis, key space, sensitivity analysis, randomness and other securitymerits.

4.1. Adjacent pixels analysis

In experiments, the image is encrypted by AES [2] and by the proposed algorithm respectively. 256� 256 images Eye,Penguin and Nike gray level images (Fig. 4(a–c)) are tested. Seen from Fig. 4(e–g), the images encrypted by AES are still intel-ligible, while the proposed algorithm encrypts the image into an unintelligible one (Fig. 4(i–k)). Additionally, the objectivetests are done by computing the histogram of Eye and Penguin cipher-images and correlation between two adjacent pairs ofthe original and ciphered images. Fig. 5(a–d) shows Eye and Binguin plain images and their corresponding histograms.Fig. 5(e–h) shows cipher Eye and Binguin image by AES and its corresponding histogram. Fig. 5(i–l) shows cipher Binguinimage by proposed algorithm and its corresponding histogram. Seen from the results, the histograms of the encryptedimages by AES are not uniform, but the ones of the ciphered images by the proposed algorithm are fairly uniform and aresignificantly from the original ones.

One of the requirements of an effective image cryptosystem is the generation of cipher image with sufficiently low cor-relation of adjacent pixels. To analyze the effectiveness of our cryptosystem in this aspect, the correlations between twoadjacent pixels in horizontal, vertical and diagonal directions are calculated. In the experiment, a 256 gray scale image Lena,Eye, Penguin and Nike of size 256� 256, and its corresponding cipher images are obtained using the proposed algorithm andAES respectively. The correlation coefficients are calculated by the formula stated in [33] and are listed in Table 3. The datafor the four cipher images by the proposed algorithm effectively decorrelate adjacent pixels in the plain images than the ci-pher images by AES. As an example, the correlation distribution of two horizontally and vertically adjacent pixels of the plainimage and the cipher image obtained using the proposed algorithm is shown in Fig. 6.

4.2. Space of the key

The key space should be large enough to resist brute force attack. The proposed scheme actually have a sufficiently largesecret keys. The secret key contains initial conditions x0

1; x02; x0

3 2 ½0;1�, parameters a11; S11; S12; S32, the large integer

Fig. 4. (a) Plain Eye image, (b) plain Binguin image, (c) plain Nike image, (d–f) cipher images of the corresponding plain images by AES; (g–i) cipher imagesof the corresponding plain images by the proposed algorithm.

142 A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147

numbers K; k as map parameters, two rules R1 and R2 and two attractors T1; T2. Therefore, the high sensitivity to initial con-ditions inherent to CNN system ensures the high security for the proposed algorithm.

4.3. Sensitivity analysis

1. Sensitivity analysis for the cipher to key: Key sensitivity means the change rate of the number of pixels of the cipher-imagewhen only one bit of the key is modified. In our example, for key1 x1 ¼ 0:33; x2 ¼ 0:33; x3 ¼ 0:33; a11 ¼ 3:66; S11 ¼�1:45; S12 ¼ 8:88; S32 ¼ �14:25; K ¼ 500; k ¼ 129; R1 ¼ 80; R2 ¼ 85, T1 ¼ ½24;48;96;192;129;3;6;12�, T2 ¼½54;147;216;78;99;57;141;288�. For testing it, do as follows:

(a) Encryption for one image was performed with two different key. For comparing the results, average correlationcoefficient between some pixels for each pair of Encrypted images were calculated. The results show that changes onlyin one bit of key, or choosing wrong attractors lead to different result (see Table 4).(b) Assume only one bit of key1 is changed, let x1 ¼ 0:34 instead of 0:33. Even with little movement will result in anincorrectly decrypted image, as displayed in Fig. 7(d). Of course, the original image will be restored with correct secretkeys, seen Fig. 7(c).

2. Differential attacks-sensitivity analysis of plaintext to cipher:Differential attacks test the influence of changing a single pixel in the original image on the encrypted image byte. Wecalculated the number of pixel changing rate (NPCR), and the unified average changing intensity (UACI). Let the plainimage cipher be C1 and the one pixel difference generated cipher be C2, then the NPCR and UACI can be obtained straight-forwardly. Here, NPCR and UACI are computed using the following equations:

NPCR ¼P

ijDði; jÞW � H

� 100 ð8Þ

UACI ¼ 1W � H

Xij

jC1ði; jÞ � C2ði; jÞj255

� 100 ð9Þ

(a)

0100200300400500600700800900

0 50 100 150 200 250

(b) (c)

0

500

1000

1500

2000

2500

3000

3500

0 50 100 150 200 250

(d)

(e)

0

100

200

300

400

500

600

0 0.2 0.4 0.6 0.8 1

(f) (g)

0

100

200

300

400

500

600

700

0 0.2 0.4 0.6 0.8 1

(h)

(i) (j) (k)

0

100

200

300

400

500

600

0

100

200

300

400

500

600

0 0.2 0.4 0.6 0.8 10 0.20.1 0.40.3 0.60.5 0.8 0.90.7 1

(l)

Fig. 5. (a), (b) Plain Eye image and its histogram, (c), (d) Plain Binguin image and its histogram, (e), (f) cipher Eye image by AES and it correspondinghistogram, (g), (h) cipher Binguin image by AES and it corresponding histogram, (i), (j) cipher Eye image by the proposed algorithm and it correspondinghistogram, (k), (l) cipher Binguin image by by the proposed algorithm and it corresponding histogram.

Table 3Correlation coefficients of adjacent pixels of different images.

Cipher image Correlation

Proposed AES

Horizontal Vertical Diagonal Horizontal Vertical Diagonal

Nike 0.00537 �0.00736 �0.01632 0.70879 1.00000 0.02185Eye �0.00446 �0.02501 0.04127 �0.01193 0.04232 �0.06875Penguin -0.00280 �0.00005 0.06211 0.13357 0.09090 0.03580Lena -0.01516 0.01396 0.02180 0.02296 �0.00619 �0.03074

A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147 143

D (i, j) is defined as:

Dði; jÞ ¼1 if C1ði; jÞ ¼ C2ði; jÞ;0 otherwise:

�

H and W denote the height and width of the image, respectively. According to the proposed algorithm, Fig. 8(a) and (b) showthe values of NPCR and UACI in different encryption iterations N ¼ 1 : 10, NPCR and UACI are over 99:96 and 33:44 respec-tively. The values of (NPCR), (UACI) are large enough to ensure the resistance of the proposed algorithm against the differ-ential attack (small changes in the plain image). Fig. 9(a–d) show the difference between two ciphered images. The twociphered images are completely different, where their two plain images have only 1 bit difference.

145 150 155 160 165 170 175 180 185 190 195140

150

160

170

180

190

200

(a)60 80 100 120 140 160 180 200

60

80

100

120

140

160

180

200

(b)0 50 100 150 200 250 300

0

50

100

150

200

250

300

(c)0 50 100 150 200 250 300

0

50

100

150

200

250

300

(d)

Fig. 6. Correlation of two horizontally and vertically adjacent pixels in the plain-image (a), (b), and that in cipher-image (c), (d).

Table 4Key sensitivity analysis of the proposed image cipher algorithm.

Encryption withoriginal key1

Encryption key 2(x1 ¼ 0:34)

Encryption key 3 (R1 ¼ 80; T2 ¼ ½9;132;66;33;144;72;36;18�)(R2 ¼ 85; T2 ¼ ½102;51;153;204�)

Correlationcoefficients

0.0086 0.0019

144 A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147

4.4. Randomness test

There are a lot of possible statistical tests to measure the quality of the generated random sequence. This section presentssome tests chosen from the statistical test suite published by the National Institute of Standards and Technology in August2008 [34].

1. Frequency (Monobit): Calculate x which is the number of ones in the 20,000 bit stream. Now, the Pvalue ¼ erfcðjSn jffiffi2p Þ, where

Sn is the difference between Zero’s and One’s in the bit stream, and erfc is the complementary error function (erfc). The testis passed if Pvalue < 0:01 [34]. Monobit test was conducted on each bit plan encrypted pixel of the image shown in Fig. 10demonstrating different smooth blocks. As can be seen, the proposed algorithm performs better than AES in confusing thestructure of the image content and also in generating the needed balanced bit stream. Table 5 demonstrate Monobit test ofour method against AES. Table 5 is used to construct Fig. 11, where Zn and NZn are the number of zeros and non-zeros.

2. Poker test: For the Poker test, the 20000 bits are divided into 5000 contiguous 4 bit segments. Each four bit segment rep-resents a decimal number between 0 and 15. A truly random sequence of bits should result in a random distribution of thenumbers 0� 15. Let ni be the number of occurrences of a number i. n3 is the number of 4-bits 0110, this values are substi-tuted into:

v ¼ 165000

X15

i¼0

n2

" #� 5000: ð10Þ

The poker test is passed if 1:03 < v < 57:4. Table 6 demonstrates Poker test of our method against AES, Table 6 used to con-struct Fig. 10 for different block size M.3. Block frequency: The purpose of this test is to determine whether the frequency of ones in an M-bit block is approxi-

mately M=2, as would be expected under an assumption of randomness. For block size M ¼ 1, this test degenerates to test1, the Frequency (Monobit) test. Testing this on encrypted ‘Cameraman.bmp’ image (shown in Fig. 6) yields: at M ¼ 20;pvalue ¼ 0:7962 > 0:01, M ¼ 30; pvalue ¼ 0:6641 > 0:01, M ¼ 40; pvalue ¼ 0:3987 > 0:01, M ¼ 100; pvalue ¼

0:8602 > 0:01. If the computed Pvalue is < 0:01, then conclude that the sequence is non-random. Otherwise, conclude thatthe sequence is random [34].

4. Run test: This test determines whether the oscillation between such zeros and ones is too fast or too slow [34]. Whentesting this on encrypted ‘lena.bmp’ image (its size equals to 2097152 bit) we obtain the total number of runs for thisexample equals ‘1048458’ bit, it is approximately equals to the have of Lena size, this value is large enough to indicatean oscillation in the bit stream which is too fast as can be expected in a random sequence.

Fig. 7. (a) Source image (b) encrypted image using the true secret key, (c) decrypted image using the true secret key, and (d) decrypted image using the falsekey.

1 2 3 4 5 6 7 8 940

50

60

70

80

90

100

Rounds

NPC

R

NPCR

NPCR orverall(1:9)

1 2 3 4 5 6 7 8 916

18

20

22

24

26

28

30

32

34

Round

UAC

I

UACI

UACI overall Rounds (1:9)

(a) (b)

Fig. 8. NPCR and UACI in different encryption iterations N = 1:9.

Fig. 9. (a) Source image (b) encrypted image, (c) encrypted image after changing one pixel in the source image, and (d) the difference between the twoencrypted images.

Fig. 10. Performance of the proposed method against AES in confusing image structure. Left to right: original, encrypted using AES and using proposedmethod, respectively.

A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147 145

Table 5Monobit test, of our method against AES, used to construct Fig.10, Zn: number of zeros and NZn: number of non-zeros.

Bit plan image Proposed AES

PNZan PZn Pvalue Status PNZa

n PZn Pvalue Status

1st 522184 526392 3.967314e-005 Fail 516626 531950 1.246162e-050 Fail2nd 529047 519529 1.473143e-020 Fail 528305 520271 4.305344e-015 Fail3rd 525005 523571 1.613964e-001 Pass 532283 516293 5.733405e-055 Fail4th 524413 524163 8.071219e-001 Pass 532921 515655 8.662054e-064 Fail5th 524824 523752 2.951572e-001 Pass 519599 528977 5.276862e-020 Fail6th 524235 524341 9.175537e-001 Pass 473836 574740 0 Fail7th 524197 524379 8.589316e-001 Pass 517210 531366 1.820785e-043 Fail8th 523880 524696 4.255236e-001 Pass 547974 500602 0 Fail

1 2 3 4 5 6 7 80

2

4

6

8

10

12x 104

Bit plan

abs(

NZn

−Zn)

AESProposed

Fig. 11. Monobit test on the encrypted images shown in Fig.10. The difference between the sum of non-zero values (NZn) and zero values (Zn) across the 8-bit planes.

Table 6The Poker test of the proposed scheme VS AES.

Block size M Proposed AES

v2 Status v2 Status

1 K.Byte 18:5000 < 57:4 Pass 56:3830 < 57:4 Pass2 K.Byte 16:5625 < 57:4 Pass 39:1941 < 57:4 Pass3 K.Byte 16:7083 < 57:4 Pass 4:3589 < 57:4 Pass4 K.Byte 14:3438 < 57:4 Pass 5:3902 < 57:4 Pass5 K.Byte 14:9500 < 57:4 Pass 14:3565 < 57:4 Pass6 K.Byte 12:5000 < 57:4 Pass 62:3908 > 57:4 Fail7 K.Byte 15:4286 < 57:4 Pass 10:4686 < 57:4 Pass8 K.Byte 14:2813 < 57:4 Pass 23:565 < 57:41 Pass9 K.Byte 10:4444 < 57:4 Pass 68:6061 > 57:4 Fail10 K.Byte 7:4500 < 57:4 Pass 70:9954 > 57:4 Fail

146 A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147

4.5. Information entropy analysis

The information entropy is defined as follows:

HðsÞ ¼ �XL

i¼0

pðmiÞ log2 pðmiÞ bits ð11Þ

where mi is the ith grey value for an L level grey image. The information entropy measures the distribution of grey values inthe image. If the information entropy is greater, then the distribution of grey values is more uniform, the entropy of a goodrandom image is tend to 8, so an effective encryption algorithm should make the information entropy tend to 8. We obtainedan information entropy 7.97, that is very close to 8. It is can be seen that the proposed algorithm is very effective.

A.A. Abdo et al. / Commun Nonlinear Sci Numer Simulat 18 (2013) 136–147 147

5. Conclusion

This paper proposes a new image encryption algorithm based on elementary CA with periodic boundary and unity rules.The rule states used in the encryption process are different from the states used in the decryption one. The key stream isgenerated using the cellular neural network, and the control parameters are not fixed, but determined by the plain-image.Thus, different plain-images result in nonidentical control parameters and distinct key streams. Also, the secret CA rules andstates are determined by the control parameters, and thus the rules and states also change with different images. The secu-rity analysis for the proposed scheme has been presented. Simulation results on some gray level images show that the pro-posed image encryption scheme has perfect information concealing, and satisfies the properties of confusion and diffusion.And, some other comparative results are also given to show that the proposed scheme’s security is significantly enhanced,e.g., it can resist some known-plaintext and chosen-plaintext attacks effectively, and the scheme is also more efficient inimplementation, e.g., compared with AES. As future work, we plan to design VHDL hardware implementation for the pro-posed cryptosystem.

References

[1] Coppersmith Don, Holloway Chris, Matyas Stephen M, Zunic Nev. The data encryption standard. Inform Secur Tech Rep 1997;2(2):22–4.[2] January 1996 Mollin RA. An introduction to cryptography. New York: CRC Press; 2006.[3] Hennelly BM, Sheridan JT. Image encryption and the fractional Fourier transform. Optik 2003;114(6):251–65.[4] Cheng H, Li X. Partial encryption of compressed images and videos. IEEE Trans Signal Process 2000;48(8):2439–51.[5] Singh N, Sinha A. Chaos based multiple image encryption using multiple canonical transforms. Opt Laser Technol 2010;42(5):724–31.[6] Ismail IA, Amin M, Diab H. An efficient adaptive ergodic matrix and chaotic system for image encryption. Int J Comput Appl 2010;3:202–2330.[7] Amin M, Faragallah Osama S, Abd El-Latif Ahmed A. A chaotic block cipher algorithm for image cryptosystems. Commun Nonlinear Sci Numer Simul

2010;15:3484–97.[8] Ismail IA, Amin M, Diab H. A digital image encryption algorithm based a composition of two chaotic logistic maps. Int J Network Secur

2010;11(1):1–10.[9] Lian S. A block cipher based on chaotic neural networks. Neurocomputing 2009;72:1296–301.

[10] Lian S, Sun J, Wang J, Wang Z. A chaotic stream cipher and the usage in video protection. Chaos Solutions Fract 2007;34(3):851–9.[11] Lian S, Sun J, Wang Zq. A block cipher based on a suitable use of the chaotic standard map. Chaos Solitons Fract 2005;26:117–29.[12] Lian S. Multimedia content encryption:techniques and applications. Taylor and Francis Group: Auerbach Publication; 2008.[13] KOCAREV L, Lian S, editors. Chaos based cryptography. Springer; 2011.[14] Li Chengqing, Li S, Zhang D, Chen Guanrong. Chosen-plaintext cryptanalysis of a clipped-neural-network-based chaotic cipher, Part II (ISNN 2005). Lect

Notes Comput Sci 2005;3497:630–6.[15] Li Chengqing, Li Shujun, Lo Kwok-Tung. Breaking a modified substitution–diffusion image cipher based on chaotic standard and logistic maps.

Commun Nonlinear Sci Numer Simul 2011;16(2):837–43.[16] Fuster-Sabater A, Caballero-Gil P. On the use of cellular automata in symmetric cryptography. Acta Appl Math 2006;93:215–36.[17] Maleki F, Mohades A, Mehdi Hashemi S., Shiri ME. An image encryption system by cellular automata with memory. In: The third international

conference on availability, reliability and security, vol. 4(7). 2008, 1266–711.[18] Li Yu, Yuanxiang Li, Xuewen Xia. Image encryption algorithm based on self-adaptive symmetrical-coupled toggle cellular automata. Congr Image

Signal Process 2008;3:32–6.[19] Miros LS, Franciszek S. CA-based s-boxes for secure ciphers. Intell Inform Syst 2008:99–110.[20] Jeon JC, Yoo b KY. Elliptic curve based hardware architecture using cellular automata. Math Comput Simul 2008;79(4):1197–203.[21] Li Chengqing, Lo KT. Cryptanalysis of an image encryption scheme using cellular automata substitution and scan. Adv Multimedia Inform Process

2010;6297:601–10.[22] Fuster-Sabater Amparo, Eugenia Pazo-Robles M, Caballero-Gil Pino. A simple linearization of the self-shrinking generator by means of cellular

Automata. Neural Networks 2010;23:461–4.[25] Chua LO, Yang L. Cellular neural network: theory. IEEE Trans Circ Syst 1988;35(10):125772.[26] Von Neumann J, Burks AW, editors. The theory of self-reproducing automata. Urbana: University of Illinois Press; 1966.[27] Rubin SH. On randomization and discovery. Inform Sci 2007;177(1):170–91.[28] Zhang B, Lusth JC. Computing with random quantum dot repulsion. Inform Sci 2008;178(6):1519–32.[29] Laurio K, Linaker F, Narayanan A. Regular biosequence pattern matching with cellular automata. Inform Sci 2002;146:1–4.[30] Wolfram S. Statistical mechanics of cellular automata. Rev Mod Phys 1983;55:60144.[31] He ZY, Zhang YF, Lu HT. The dynamic character of cellular neural network with applications to secure communication. J Commun 1999;20(3):59–67.[32] Zhang W, Peng J, Yang H, Wei P. A digital image encryption scheme based on the hybrid of cellular neural network and logistic map. In: Advances in

neural networks, lecture notes in computer science, vol. 3497. 2005. p. 860–7.[33] Chen G, Mao YB, Chui CK. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos Solitons Fract 2004;12:749–61.[34] Rukhin A. Statistical test suite for random and pseudorandom number generators for cryptographic applications. NIST Special Publ 800–22, vol. 1.

2008.