Chaotic systems have been broadly exploited through the last two decades to build encryption methods. Recently, two new image encryption schemes have been proposed, where the encryption process involves a permutation operation and an XOR-like transformation of the shuffled pixels, which are controlled by three chaotic systems. This paper discusses some defects of the schemes and how to break them with a chosen-plaintext attack.
Deep Dive into Cryptanalysis of an image encryption scheme based on a new total shuffling algorithm.
Chaotic systems have been broadly exploited through the last two decades to build encryption methods. Recently, two new image encryption schemes have been proposed, where the encryption process involves a permutation operation and an XOR-like transformation of the shuffled pixels, which are controlled by three chaotic systems. This paper discusses some defects of the schemes and how to break them with a chosen-plaintext attack.
When we think about exchanging information we are very interested in finding a way to make it fast and secure. Modern telecommunications technologies allow to send and receive files, images, and data in a relatively short time depending on the bandwidth available. Nowadays, the use of traditional symmetric and asymmetric cryptography is the way to secure the information exchange [1,2]. However, applications involving digital images and videos demand other encryption schemes. Indeed, the bulky size and the large redundancy of uncompressed videos/images make it necessary to look for new methods to deal with those features in order to facilitate the integration of the encryption in the whole processing procedure. For recent surveys on image and video encryption, please refer to [3][4][5][6].
The main features of chaotic systems (sensitivity to initial conditions, ergodicity, mixing property, simple analytic description and high complex behavior) make them very interesting to design new cryptosystems. Image encryption is an area where chaos has been broadly exploited. In fact, chaotic systems have been used to mask plain-images through XOR-like substitution operations [7], spatial permutation [8] or the combination of both techniques [9]. This paper is focused on two image encryption schemes proposed in [10,11]. In both papers the image encryption is based on a secret permutation derived from the logistic map, and a masking of the gray-scale values of the shuffled pixels with a keystream generated from one or two chaotic systems. The only difference between the two encryption schemes is that in [10] two chaotic systems (Lorenz and Chen’s systems) are used to generate the keystream, while in [11] only one hyper-chaotic system is used. Because such a difference is independent of the security, we only focus on the cryptanalysis of the scheme proposed in [10].
The rest of this paper is organized as follows. The scheme under study is described briefly in the next section. In Sec. 3 some important problems of the cryptosystem are remarked. Then, a chosen-plaintext attack is described in Sec. 4 along with some experimental results. In the last section the conclusion is given.
Assuming that the size of the plain-image I is M × N and the cipher-image is I ′ , the encryption scheme proposed in [10] can be described by the following two procedures. Please note that we use different notations from the original ones in [10] to get a simpler and clearer description.
In this procedure, the plain-image I is permuted to form an intermediate image I * according to a total shuffling matrix P * , which is derived by pseudo-randomly permuting the rows and columns of the original position matrix P = [(i, j)]. The pseudo-random row and column permutations are generated by iterating the logistic map x n+1 = 4x n (1x n ) from a given initial condition x 0 .
In this procedure, the intermediate image I * is further masked by a keystream {B(i)} M N i=1 as follows: ∀i = 1 ∼ MN, I ′ (i) = I * (i)⊕B(i)⊕I ′ (i-1), where I(i), I ′ (i) denote the i-th pixels of I * and I ′ (counted from left to right and from top to bottom), respectively, and I ′ (0) = 128.
The keystream {B(i)} M N i=1 is generated by iterating the Lorenz and Chen’s systems and doing some postprocessing on all the 6 chaotic variables (the first N 0 iterations of Lorenz system and the first M 0 iterations of Chen’s systems are discarded to enhance the security). Because our cryptanalysis succeeds regardless of the keystream’s generation process, we ignore this part and readers are referred to Sec. 2.3 of [10] for details.
In [10], it is claimed that the secret key includes the initial values of the Lorenz and Chen’s systems and the number of initial iterations N 0 , M 0 . It is quite strange why the initial condition of the logistic map is not claimed to be part of the key, since the image encryption scheme is based on “a new total shuffling algorithm” (as can be seen in the title of [10]). In this cryptanalysis paper, we assume that the initial condition of the logistic map is also part of the key. We believe it is also the original intention of the authors of [10]. In addition, note that both P * and {B(i)} M N i=1 are independent of the plaintext and ciphertext, so they can be used as an equivalent key.
In this section, we discuss some defects of the scheme under study.
It is well known that the ciphertext of a secure encryption scheme should be very sensitive to the change of plaintext [12,Rule 9]. Unfortunately, the encryption scheme under study fails to satisfy this requirement. Given two plain-images I 0 and I 1 with only one pixel difference at the position (i, j), the difference will be permuted to a new position (i * , j * ) according to the shuffling matrix P * . Then, because all plain-pixels before (i * , j * ) are identical for the two plain-images, the ciphertexts will also be identical. This shows the low sensitivity of the image encryption scheme to cha
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
