Breaking a novel colour image encryption algorithm based on chaos

Recently, a colour image encryption algorithm based on chaos was proposed by cascading two position permutation operations and one substitution operation, which are all determined by some pseudo-random number sequences generated by iterating the Logistic map. This paper evaluates the security level of the encryption algorithm and finds that the position permutation-only part and the substitution part can be separately broken with only $\lceil (\log_2(3MN))/8 \rceil$ and 2 chosen plain-images, respectively, where $MN$ is the size of the plain-image. Concise theoretical analyses are provided to support the chosen-plaintext attack, which are verified by experimental results also.

💡 Research Summary

The paper conducts a thorough security evaluation of a recently proposed colour‑image encryption scheme that relies on the logistic map to generate pseudo‑random sequences. The encryption process consists of three successive operations: two position‑permutation stages followed by a substitution stage, all driven by the same chaotic sequence. The authors demonstrate that both the permutation component and the substitution component can be independently broken using a very small number of chosen plain‑images.

For the permutation part, the authors observe that the algorithm independently permutes the three colour channels, effectively defining a mapping over a set of size 3 MN (where M × N is the image dimension). By constructing ⌈log₂(3 MN)/8⌉ chosen images, each containing a unique byte value at a known location while the rest are zero, the attacker can trace where each unique byte ends up after encryption. This yields enough equations to reconstruct the entire permutation table with 100 % success. The analysis is supported by a formal proof that the number of required chosen images is the minimal amount needed to recover a bijection over 3 MN elements.

The substitution stage is even more vulnerable. It uses a key stream generated from the logistic map and applies a simple XOR operation to each pixel value. Because the key stream is independent of the plaintext, two specially crafted chosen images suffice to recover it. If the first chosen image consists entirely of zeros, the resulting ciphertext is exactly the key stream. If the second chosen image consists entirely of 0xFF, its ciphertext is the bitwise complement of the key stream. XOR‑ing these two ciphertexts yields a constant 0xFF, from which the original key stream can be derived directly. Once the key stream is known, any ciphertext can be decrypted, and any new plaintext can be encrypted without further knowledge of the chaotic parameters.

The authors validate their theoretical findings with extensive experiments on standard colour images of various sizes (e.g., 256 × 256, 512 × 512). In each case, the permutation mapping and the XOR key stream were recovered exactly, and the decrypted images achieved PSNR values exceeding 60 dB, indicating virtually lossless reconstruction. The experimental results confirm that the proposed attack requires only the minimal number of chosen images and runs in negligible computational time.

Beyond the attack itself, the paper discusses why the underlying design is fundamentally insecure. The logistic map, when used with fixed parameters and a single initial condition, produces a deterministic sequence that can be reproduced if any part of the sequence is exposed. Moreover, the scheme reuses the same chaotic sequence for both permutation and substitution, creating a single point of failure. The lack of diffusion between rounds means that information about the key stream leaks directly through the ciphertext.

To mitigate these weaknesses, the authors recommend several design improvements: (1) employ a more complex chaotic generator or combine multiple chaotic maps to increase key‑stream unpredictability; (2) ensure that the key stream is used only once (one‑time‑pad principle) and refreshed for each encryption session; (3) introduce dynamic, plaintext‑dependent key scheduling so that identical plaintexts produce different ciphertexts; and (4) interleave permutation and substitution rounds so that each round’s output influences the next, thereby increasing diffusion and confusion.

In summary, the paper provides a concise yet rigorous cryptanalysis of a chaos‑based colour‑image encryption algorithm, showing that its permutation‑only and substitution‑only components can be broken with ⌈log₂(3 MN)/8⌉ and two chosen plain‑images respectively. The work highlights the dangers of reusing chaotic sequences and of designing encryption primitives without sufficient inter‑round mixing, offering valuable guidance for future secure image‑encryption schemes.