Breaking an image encryption scheme based on Arnold map and Lucas series

Fairly recently, a novel image encryption based on Arnold scrambling and Lucas series has been proposed in the literature. The scheme design is based on permutation-substitution operations, where Arnold map is used to permute pixels for some T rounds, and Lucas sequence is used to mask the image and substitute pixel’s values. The authors of the cryptosystem have claimed, after several statistical analyses, that their system is “with high efficiency” and resists chosen and known plaintext attacks. Negatively, in this paper we showed the opposite. The key space of the scheme under study could be reduced considerably after our equivalent keys analysis, and thus the system is breakable under reasonable brute force attack. After all, the design of the scheme has several weaknesses that make it weak against chosen and known plaintext attacks. Consequently, we do not recommend the use of this system for any cryptographic concern or security purpose.

💡 Research Summary

The paper presents a comprehensive cryptanalysis of a recently proposed image encryption scheme (IEAL) that combines Arnold scrambling with a Lucas‑sequence based masking operation. The authors first describe the algorithm: an input gray‑scale image of size N×N is scrambled by applying the Arnold cat map T times, then each pixel is XOR‑masked with a Lucas sequence generated from a starting index S (modulo 256).

The analysis begins by exploiting the inherent periodicity of the Arnold map. For a given image dimension N, the map repeats after a finite period P (e.g., P≈256 for N=256). Consequently, any key value T and T + k·P (k∈ℤ) produce identical permutations, meaning the effective key space for the scrambling parameter is reduced from the full integer range to at most P distinct values.

Next, the Lucas sequence is examined. When reduced modulo 256, the sequence is also periodic with a period L≈384. Therefore, the masking start index S and S + m·L (m∈ℤ) are equivalent, further shrinking the overall key space to roughly P·L possibilities. For typical image sizes the authors compute concrete upper bounds (e.g., ≤2⁴⁰ for 256×256 images), far below the ≥2⁸⁰ security level recommended for modern cryptographic primitives.

The paper then identifies weak keys. If T is a multiple of P, the scrambling step becomes ineffective, and two successive encryptions with the same key revert the image to its original state. The probability of randomly selecting such a weak key is 1/P, which can be as high as 8 % for common dimensions—an unacceptably large risk.

A “generalized cycle attack” is described: by repeatedly re‑encrypting a ciphertext with the same unknown key, an attacker eventually reaches the original plaintext after lcm(P, L) iterations. The authors demonstrate this experimentally, recovering a 256×256 image after 24 re‑encryptions.

A timing side‑channel is also considered. The algorithm’s runtime grows linearly with T because each Arnold iteration incurs a loop, while the masking step is constant. By measuring encryption times, an adversary can infer the value of T, thereby narrowing the search space for a brute‑force attack.

Finally, the paper details chosen‑plaintext and known‑plaintext attacks. Using all‑zero and all‑255 images, the attacker can directly recover the Lucas masking sequence (i.e., the value of S). The scrambling key T can be deduced with a small number of carefully crafted plaintexts, exploiting the map’s periodicity. The authors calculate that ⌈log₂ N⌉ chosen plaintexts suffice to recover T, contradicting the original claim that the scheme resists such attacks.

In summary, the IEAL scheme suffers from several fundamental design flaws: a dramatically reduced key space due to periodicity, the existence of weak keys, vulnerability to repeated‑encryption (cycle) attacks, exploitable timing information, and straightforward chosen‑plaintext recovery of both scrambling and masking keys. The authors conclude that the scheme should not be employed for any security‑critical application.