Optics Communications 285 (2012) 562–566

Contents lists available at SciVerse ScienceDirect

Optics Communications

j ourna l homepage: www.e lsev ie r .com/ locate /optcom

A new image encryption algorithm based on chaos

Xingyuan Wang a,⁎, Jianfeng Zhao a, Hongjun Liu a,b

a Faculty of Electronic Information and Electrical Engineering, Dalian University of Technology, Dalian, 116024, Chinab Weifang Vocational College, Weifang 261041, China

⁎ Corresponding author. Tel.: +86 411 82056240; faE-mail addresses: wangxy@dlut.edu.cn (X. Wang), ji

0030-4018/$ – see front matter © 2011 Elsevier B.V. Alldoi:10.1016/j.optcom.2011.10.098

a b s t r a c t

a r t i c l e i n f o

Article history:Received 22 December 2010Received in revised form 20 October 2011Accepted 25 October 2011Available online 17 November 2011

Keywords:Image encryptionChaotic mapSecurity

In this letter, we introduce a new image encryption algorithm based on iterating chaotic maps. Using thepseudorandom sequence generated by a group of one dimensional chaotic maps, the proposed algorithmrealizes fast encryption and decryption of both gray-scale image and true color image. Moreover, the roundsof encryption could be set by the user. Theoretical analysis and numerical simulation prove the proposedalgorithm effective and secure.

© 2011 Elsevier B.V. All rights reserved.

1. Introduction

Chaotic system is characterized by sensitive dependence on initialconditions, pseudo-randomness and ergodicity. In addition, it has agood feature of confusion and diffusion. Pseudorandom sequencewith good randomness, non-relevance and complexity provided bychaotic system is quite suitable for protecting information security.As a result, secure communication, information encryption and infor-mation hiding technologies based on chaos have been researchedextensively [1–3]. In recent years, encryption of image and other mul-timedia information becomes one of the focuses of research [4–7].Digital image data can be represented by a matrix, but image datahave strong correlations among adjacent pixels. In order to improvethe security of the image encryption algorithm, many researchers pre-fer shuffling the positions and changing the values of the image pixelssimultaneously. Many image encryption algorithm adopt Arnold catmap or other invertible maps to shuffle the pixels' positions of theplain-image [4,6], but these algorithms require the width be equal tothe height of the image, which limits their scope of application.Besides, several image encryption algorithms based on chaos arequite suitable for encrypting gray-scale image and small size image[7]. When we use these algorithms to encrypt true color image andlarge size image that are more common, we may encounter problemssuch as lower security and slower speed.

In this letter, we introduce a new image encryption algorithmbased on chaos theory. The proposed algorithm realizes fast encryp-tion and decryption of both gray-scale image and true color imageby using the pseudorandom sequence generated by a group of chaotic

x: +86 41184706706.anfyun@163.com (J. Zhao).

rights reserved.

maps. In addition, the rounds of encryption could be set by the user.Theoretical analysis and numerical simulation prove the proposedalgorithm effective and secure.

2. Description of the proposed algorithm

The proposed algorithm is a new symmetrical image encryptionalgorithm based on iterating chaotic maps. It uses the pseudorandomsequence generated by a group of chaotic maps to encrypt image.First of all, we must choose a group of chaotic systems with goodproperties. The group includes at least three chaotic maps. For sim-plicity, we choose a group of logistic maps:

xi;tþ1 ¼ μ ixi;t 1−xi;t� �

; ð1Þ

where xi, t∈(0, 1), μi∈(3.5699456…, 4], and they denote the variableand control parameter of the ith logistic map respectively, wherei=0, 1, 2, …. The reason for choosing logistic system is that it is sim-ple and easy to understand, however, other chaotic systems with bet-ter properties could be adopted instead of logistic system to gethigher level of security. In other words, the proposed algorithm isindependent of a particular chaotic system. The whole process ofencryption is provided briefly in the flowchart in Fig. 1.

2.1. Round key generation

The secret key is a binary number which is not less than 128 bits,and its length is the integer multiple of 8. Divide the key into severalsegments key0, key1, key2,…, keyl/8−1, where l is the length of the key.Each segment includes 8 bits, so it could be denoted by an integerbetween 0 and 255. Because we may carry out several rounds of

Generation of initial conditions and control parameters

Pixels Shuffling: change theposition of pixel

Input secret key

round <= n ?

Pixels Substitution: change thevalue of pixel

all encrypted?

Disturbance chaotic system

End

Start

Y

N

Y

N

Fig. 1. The flowchart of the encryption process of the proposed algorithm.

563X. Wang et al. / Optics Communications 285 (2012) 562–566

encryption, assume the total number of encryption rounds is n(n≤ l/8).Then calculate the initial conditions of the variables in every round,which are the real keys used in the encryption of the round. Letμi=4.0(i=1, 2, 3,…), and other variables are as follows:

xi;0 ¼ Aþ key kþi−1ð Þ% l=8ð Þ� �.

key kþi−1ð Þ% l=8ð Þ þ 255:0� �

; ð2Þ

ki ¼Aþ key l=8−k−1ð Þ% l=8ð Þ; if Aþ key l=8−k−1ð Þ% l=8ð Þ≥200;Aþ key l=8−k−1ð Þ% l=8ð Þ þ 200; if Aþ key l=8−k−1ð Þ% l=8ð Þb200;

�ð3Þ

C′ ¼ ROL A; Aþ keykð Þ%8ð Þ; ð4Þ

where A=key0⊕key1⊕key2⊕…⊕keyl/8−1;k(k=0, 1, 2, …, n−1)denotes the current number of encryption rounds; ROL(a, b) performsthe b-bit left cyclic shift on the binary sequence a; % denotes modulararithmetic of integer; / denotes division operation of real number. Inthe encryption process, every bytes of ciphertext would depend on C′.Then, according to xi,0, iterate corresponding chaotic map ki times.

2.2. Pixels shuffling

In this paper, we take images of BMP format for example. Assumethe plain-image is a true color image sized N×M pixels. We encryptthe plain-image bytes by bytes. Then calculate the actual number ofbytes per row and per column of the plain-image

W ¼ N � 24þ 31ð Þ=8=4ð Þ � 4;H ¼ M;

�ð5Þ

where/denotes division operation of integer, so the fractional part ofthe result of division will be discarded. If the plain-image is a gray-scale image sized N×M, thenW=N and H=M, whereW is the actualbyte number of each row and H is the actual byte number of each col-umn. In this way, we could use two H×W matrixes to denote pixeldata of plain-image and cipher-image respectively. In most cases, Wis not less than H. In order to improve processing speed when W islarge, we divide every row of pixel data into several groups. More-over, we must ensure each group has the same number of bytes, forexample, we could divide each row into 4 groups averagely.

Assume Pi,W/G× j+k denotes the kth byte of the jth group of the ithrow of the plain-image, where i=0, 1, 2,…, H−1, j=0, 1, 2,…, G−1,k=0, 1, 2, …, W/G−1, and G denotes the number of groups in therow. Select 3 logistic maps and iterate them several times respective-ly, so we get 3 variables xp1,t1, xp2,t2 and xp3,t3. Then calculate

r ¼ xp1;t1 � 1014 þ C′� �

%H;

g ¼ xp2;t2 � 1014 þ C′� �

%G;

c ¼ xp3;t3 � 1014 þ C′� �

% W=Gð Þ;

8>>><>>>:

ð6Þ

and we use Cr,W/G× g+ c to denote the ciphertext corresponding withPi,W/G× j+ k, so Cr,W/G× g+ c should be written to the cth byte of thegth group of the rth row of the cipher-image. If the current byte andthe previous byte of the plain-image are in the same group and row,we only need to calculate a new c according to formula (6). This cmust be different from any of the previous value of c in its group, oth-erwise, iterate corresponding logistic map and recalculate a new c. rand g remain unchanged. If the current byte and the previous byteof the plain-image are in the same row, we only need to calculate anew g and a new c according to formula (6). Similarly, g must be dif-ferent from any of the previous value of g in its row, and cmust be dif-ferent from any of the previous value of c in its group, otherwise,iterate corresponding logistic maps and recalculate g and c. r remainunchanged. Every time we calculate r, it must be different from anyof its previous value, otherwise, iterate corresponding logistic mapand recalculate r.

2.3. Pixels substitution

Before writing Cr,W/G× g+ c into the cipher-image, change its value.For a true color image, re-select 3 logistic maps and iterate them 1time respectively, so we get 3 variables xp1′,t1′, xp2′,t1′ and xp3′,t1′,then calculate

T ¼xp1′ ;t1′ � 1014 þ C′� �

%256; if Pi;W=G�jþk is red component;

xp2′ ;t2′ � 1014 þ C′� �

%256; if Pi;W=G�jþk is green component;

xp3′ ;t3′ � 1014 þ C′� �

%256; if Pi;W=G�jþk is blue component:

8>>><>>>:

ð7Þ

For a gray-scale image, take turns to use the variables of all thelogistic maps, one at a time,

T ¼ xp;t � 1014 þ C′� �

%256 p ¼ 0;1;2;…ð Þ: ð8Þ

a) Plain-image b) Cipher-image

c) Success of decryption d) Failure of decryption

Fig. 2. Encryption and decryption results of “Lena”.

564 X. Wang et al. / Optics Communications 285 (2012) 562–566

Next, calculate

Cr;W=G�gþc ¼ Pi;W=G�jþk⊕T ; ð9Þ

where ⊕ denotes exclusive-OR operation. Then write Cr,W/G× g+ c intothe cth byte of the gth group of the rth row of the cipher-image. Finally,recalculate C′:

C′ ¼ C′⊕ r � g þ cð Þ%256⊕Cr;W=G�gþc; ð10Þ

and with the help of C′, the new byte of the cipher-image is dependenton both the value and position of all the previous bytes of the cipher-image. According to the above steps of “shuffling the positions” and“changing the values”, we complete the encryption to one byte of theplain-image. Carry out the same operations to all the bytes of everygroup of every row of the plain-image orderly, and then the wholeplain-image would be encrypted.

The decryption process is a bit different from the encryption pro-cess. After calculate the results of formula (6), get Cr,W/G× g+ c fromthe cth byte of the gth group of the rth row of the cipher-image,and change formula (9) to Pi,W/G× j+ k=Cr,W/G× g+ c⊕T, so we getPi,W/G× j+ k, the plaintext corresponding to Cr, W/G× g+ c. Finally,write Pi,W/G× j+ k to the kth byte of the jth group of the ith row ofthe recovered image.

2.4. System disturbance

Chaotic maps must be perturbed in the encryption and decryptionprocesses to prevent them from degrading into periodic sequence forcomputer's finite precision [8]. In order to maintain the good statisti-cal properties of chaos dynamics, the magnitude of perturbing signalmust be much smaller than that of the chaos signal. In numericalquantities, a signal-to-noise ratio is defined [9]

SNR ¼ 10 log10mc

mp

!; ð11Þ

where mc denotes the maximum magnitude of chaotic signal, and mp

denotes the maximum magnitude of perturbing signal; therefore, theSNR should be much larger than 1. In the proposed algorithm, afterprocessing one row of pixel data, the algorithm must decide whetherto perturb the variables of the chaotic maps. The perturbing signal is

sp ¼ 1n� C′þ 10� g þ 1ð Þð Þ

Xni¼0

xi;t ; ð12Þ

where xi,t is the variable of the ith chaotic map currently, and n is thetotal number of chaotic maps, and g is the current result of formula(6). If xi,t+spb1, then perturb xi,t: let xi,t=xi,t+sp. Then iterate theith chaotic map for keyw times, where

w ¼ C′þ key kþi−1ð Þ% l=8ð Þ þ xi;t � 10000� �

% l=8ð Þ: ð13Þ

When the above operation is finished, go on to process the nextrow of pixel data.

3. Experimental results

We have used Microsoft Visual C++ 6.0 to run encryption anddecryption programs in a personal computer with a Pentium 4 CPU1.70 GHz, 256 MB memory and 60 GB hard-disk capacity, and theoperation system is Microsoft Windows XP. The 512×512 true colorBMP image “Lena” sized 768 kb (Fig. 2(a)) is used as a plain-image.When 3 logistic maps are used, and the total number of encryptionrounds is n=3, and the 128-bit encryption key is 11, 56, 75, 157,234, 254, 111, 188, 3, 24, 90, 174, 204, 12, 56, 159, the cipher-image

we get is shown in Fig. 2(b). When we decrypt the cipher-imagewith the same key, the recovered image is shown in Fig. 2(c). Whenthe decryption key is 11, 56, 75, 157, 234, 254, 111, 188, 3, 24, 90,174, 204, 12, 56, 160, the recovered image is shown in Fig.2 (d).From Fig. 2(c) and (d) we can see that, even a nuance between theencryption key and the decryption key could cause completely differ-ent decryption results, which shows that the cryptosystem is sensitivedependent on the secret key. Table 1 shows the time cost of differentimages for 1 round of encryption and decryption respectively.Table 2 shows the time cost of “Lena” (Fig. 2(a)) for different roundsof encryption and decryption. In fact, for most users, 1 round ofencryption with the proposed algorithm is enough, and more roundsof encryption is needed onlywhen there is amuch higher requirementfor security; therefore, according to the results of Table 1, the pro-posed algorithm could process both gray-scale and true color imageswith different sizes quickly and efficiently in most cases. The userscould balance security and processing speed through changing thetotal number of encryption rounds.

4. Security analysis

The security of a cryptosystem is of great importance. The pro-posed algorithm uses the pseudorandom sequence generated by cha-otic systems to encrypt message. We analyze the security of thecryptosystem from the following aspects:

(1) Key space. The proposed algorithm adopts a binary numberwhich is not less than 128 bits rather than the initial conditionsand control parameters of the chaotic maps as secret key. Thiskind of key is more convenient and practical. Besides, the totalnumber of encryption rounds and the number of chaotic mapscould also be secret keys. Accordingly, the theoretical keyspace is not less than 2128, which is large enough for the cryp-tosystem to resist exhaustive attack.

(2) Sensitivity. Cryptosystem should be sensitive to secret key.Even a tiny change would cause completely different results,as shown in Fig. 2(c) and (d). Fig. 3(a) shows the differences

Table 1Time cost of different images for 1 round of encryption and decryption.

Image style Image size Encryption time Decryption time

Gray-scale 65 kb(256×256) 0.078 s 0.079 sTrue color 768 kb(512×512) 1.140 s 1.171 sTrue color 517 kb(500×353) 0.750 s 0.750 sTrue color 2.25 Mb(1024×768) 3.641 s 3.734 s

a) Differences when encryption key is changed slightly

b) Differences when plain-image is changed slightly

0

0

0

50

100

150

200

250

50

-100

-150

-200

-250200 400 600 800

n

Pixe

l Val

ue D

iffe

renc

es

50

100

150

200

250

50

-100

-150

-200

-250

Pixe

l Val

ue D

iffe

renc

es

100 1200 1400 1600

0 200 400 600 800n

100 1200 1400 1600

Fig. 3. Differences between two cipher-images.

565X. Wang et al. / Optics Communications 285 (2012) 562–566

between two cipher-images when encryption key is changedfrom 11, 56, 75, 157, 234, 254, 111, 188, 3, 24, 90, 174, 204,12, 56, 159 to 11, 56, 75, 157, 234, 254, 111, 188, 3, 24, 90,174, 204, 12, 56, 160. Chaotic system is sensitive dependenton initial conditions and control parameters, which is thebasic reason for the result of Fig. 3(a). Meanwhile, a good cryp-tosystem should be also sensitive to plaintext. Fig. 3(b) showsthe differences between two cipher-images when 1 bit of thepixel data of the plain-image is changed. A tiny change inplain-image leads to dramatic changes in cipher-image, be-cause the cryptosystem adopts the cipher block chainingmode. The encryption result of every byte is influenced bythe contents of the previous bytes. Concretely, the encryptionresult of every byte of pixel data is sensitive dependent onthe values and positions of all the previous pixel data. Table 3shows the changing rate of the pixel data of the cipher-imagewhen 1 byte of the pixel data of the plain-image (Fig. 2(a)) ischanged. We could see from the table that even 1 round ofencryption would lead to dramatic avalanche effect [10]. Asthe encryption rounds increase, the changing rate wouldslightly increases. The high sensitivity to plain-image ensuresthe cryptosystem could resist chosen plaintext attack.

(3) Statistical properties. Cipher-image must be able to cover upthe statistical properties of the plain-image. Usually, the occur-rence frequencies of the values of pixel data is regular andimage data have strong correlations among adjacent pixels;therefore, we analyze the statistical properties from the follow-ing two aspects:➀ Information entropy. Information entropy is the most im-

portant feature of randomness. Let m be the informationsource, and the formula for calculating information entropyis

H mð Þ ¼X2n−1

i¼0

p mið Þ log21

p mið Þ ; ð14Þ

where p(mi) represents the probability of symbol mi. As-sume that there is 28 states of the information source andthey appear with the same probability. According to the for-mula (14), we can get the ideal H(m)=8, which shows thatthe information is completely random. The information en-tropy of the cipher-image should be close to 8 after encryp-tion. The more it gets close to 8, the less possible for thecryptosystem to divulge information.

➁ Correlation of two adjacent pixels. Randomly select 1000pairs of adjacent pixels (in vertical, horizontal and diagonaldirections) from the plain-image and cipher-image, and

Table 2Time cost of “Lena” for different rounds of encryption and decryption.

Encryption rounds Encryption time Decryption time

1 1.140 s 1.171 s3 3.406 s 3.500 s5 5.656 s 5.829 s

calculate the correlation of two adjacent pixels accordingto formula (15):

rxy ¼cov x; yð ÞffiffiffiffiffiffiffiffiffiffiD xð Þp ffiffiffiffiffiffiffiffiffiffi

D yð Þp ; ð15Þ

where

cov x; yð Þ ¼ 1N

XNi¼1

xi−E xð Þð Þ yi−E yð Þð Þ; E xð Þ ¼ 1N

XNi¼1

xi; D xð Þ

¼ 1N

XNi¼1

xi−E xð Þð Þ2

The less the correlation of two adjacent pixels is, the saferthe cipher-image is.

Test the plain-image (Fig. 2(a)) and corresponding cipher-imageaccording to formulas (14) and (15), and the results are shown inTable 4. We could see that the information entropy of the cipher-image is much larger than that of the plain-image, and it is close to8; therefore, cipher-image could hardly divulge information. In addi-tion, the correlation of two adjacent pixels of the plain-image is great

Table 3Changing rate of cipher-image when 1 bit of “Lena” is changed.

Encryption rounds Changing rate of cipher-image

1 99.604289%3 99.607976%5 99.610774%

Table 4Statistical properties tests.

Encryption rounds Color components Information entropy ofplain-image

Information entropy ofcipher-image

Correlation of two adjacentpixels of plain-image

Correlation of two adjacentpixels of cipher-image

1 R 6.968464 7.999312 0.944495 0.024228G 7.594064 7.999266 0.974835 0.040401B 7.253124 7.999394 0.980830 0.011095

3 R 6.968464 7.999481 0.944495 0.042954G 7.594064 7.999343 0.974835 0.022598B 7.253124 7.999347 0.980830 0.007308

5 R 6.968464 7.999324 0.944495 0.042958G 7.594064 7.999371 0.974835 0.003735B 7.253124 7.999292 0.980830 0.016292

566 X. Wang et al. / Optics Communications 285 (2012) 562–566

while that of the cipher-image is little. The tests results of informationentropy and correlation of two adjacent pixels indicate that the cryp-tosystem could resist statistical attack efficiently.

5. Conclusion

In this letter, we proposed a new image encryption algorithmbased on iterating chaotic maps. The proposed algorithm shufflesthe positions and changes the values of the image pixels simulta-neously with the help of the pseudorandom sequence generated bychaotic maps. This algorithm could be used for encrypting gray-scale image as well as true color image, and it does not require thewidth be equal to the height of the image. Usually, 1 round of encryp-tion with the proposed algorithm is safe enough to resist exhaustiveattack, chosen plaintext attack and statistical attack. More rounds ofencryption is needed only when there is a much higher requirementfor security, however, as the total number of encryption roundsincreases, the processing speed reduces. In conclusion, the proposedalgorithm is secure and practical.

Acknowledgement

This research is supported by the National Natural ScienceFoundation of China (Nos.: 61173183, 60973152, and 60573172),the Superior University Doctor Subject Special Scientific ResearchFoundation of China (No: 20070141014) and the National NaturalScience Foundation of Liaoning Province (No: 20082165).

References

[1] K. Fallahi, R. Raoufi, H. Khoshbin, Communications in Nonlinear Science andNumerical Simulation 13 (2008) 763.

[2] I.C. Lin, Y.B. Lin, C.M. Wang, Computer Standards & Interfaces 31 (2009) 458.[3] S. Behnia, A. Akhshani, S. Ahadpour, H. Mahmodi, A. Akhavan, Physics Letters A

366 (2007) 391.[4] N. Singh, A. Sinha, Optics & Laser Technology 42 (2010) 724.[5] T. Xiang, K.W. Wong, X. Liao, Chaos 17 (2007) 023115.[6] K.W. Wong, B.S.H. Kwok, W.S. Law, Phys. Lett. A 372 (2008) 2465.[7] T. Gao, Z. Chen, Phys. Lett. A 372 (2008) 394.[8] V. Patidar, N.K. Pareek, G. Purohit, K.K. Sud, Optics Communications 284 (2011)

4331.[9] J.Y. Hua, L.M. Meng, Z.J. Xu, G. Li, Digital Signal Processing 20 (2010) 692.

[10] X.J. Tong, M.G. Cui, Z. Wang, Optics Communications 282 (2009) 2722.