www.ietdl.

org
Published in IET Image Processing
Received on 12th October 2012
Revised on 29th June 2013
Accepted on 14th July 2013
doi: 10.1049/iet-ipr.2012.0586

ISSN 1751-9659

Hardware stream cipher with controllable chaos

generator for colour image encryption
Mohamed L. Barakat1, Abhinav S. Mansingka1, Ahmed G. Radwan2, Khaled N. Salama1
1
Department of Electrical Engineering Program, King Abdullah University of Science and Technology (KAUST), Thuwal,
Saudi Arabia
2
Department of Engineering Mathematics, Faculty of Engineering, Cairo University, Giza, Egypt
E-mail: ahmedgom@yahoo.com

Abstract: This study presents hardware realisation of chaos-based stream cipher utilised for image encryption applications. A
third-order chaotic system with signum non-linearity is implemented and a new post processing technique is proposed to
eliminate the bias from the original chaotic sequence. The proposed stream cipher utilises the processed chaotic output to
mask and diffuse input pixels through several stages of XORing and bit permutations. The performance of the cipher is tested
with several input images and compared with previously reported systems showing superior security and higher hardware
efciency. The system is experimentally veried on XilinxVirtex 4 eld programmable gate array (FPGA) achieving small
area utilisation and a throughput of 3.62 Gb/s.

1 Introduction
Inherited randomness behaviour and sensitivity to initial
conditions promote chaos-based random number generators
(CB-PRNGs) as efcient candidates for cryptographic
applications [13]. Many CB-PRNGs have been digitally
realised using chaotic maps [4, 5] and recently using the
numerical solution of differential equations [6, 7]. Digital design
provides area efciency, repeatability, portability and
integrability with IC technology [8]. However, digital
CB-PRNGs suffer from serious dynamical degradations because
of quantisation error and nite representation of system states,
including loss of ergodicity and shorter pseudo orbits [9].
Chaos-based image encryption using stream ciphers is a
vivid, yet challenging, application of chaos because of the
high correlation between image pixels. Unlike block ciphers
[10], stream ciphering [11] operates on smaller data units
and satises the high throughput requirement for data
transmission applications [12] such as wireless
communications. Chaotic stream ciphers utilise CB-PRNGs
to generate a key stream necessary for masking and
defusing image pixels. Nevertheless, aws in CB-PRNGs
result in weak encryption prone to various cryptanalysis
attacks [13]; and therefore are solved by the hybridisation
of two or more chaotic systems [1417]. The work done by
Huang [18] reports using Chebyshev function to generate
the key stream to mask and permute image pixels in
addition to two-dimentional Chebyshev function to avoid
known-plaintext and chosen-plaintext attacks. Wang et al.
[19] also used three chaotic maps in his encryption that
alters between block and stream ciphering. Liu and Wanga
[20] utilised a true random number generator to provide the
seed for a piecewise linear chaotic map which generates a
key stream for image encryption. Amin et al. [21] used the
tent map to generate a chaotic key stream to encrypt image
bits though a non-linear transformation function. None of
the previously mentioned encryption systems have been
realised on hardware as they occupy a larger area and
operate on lower throughput rates losing the sole
advantages of stream encryption.
To the best knowledge of the authors, this paper presents
the rst hardware realisation of a lightweight chaotic stream
cipher utilised for coloured image encryption satisfying
three corner requirements: (i) high throughput, (ii) robust
encryption and (iii) small hardware area. A third-order jerk
chaotic generator with signum non-linearity is utilised as a
CB-PRNG. The size of the chaotic attractor is controlled
dynamically by the input image increasing the sensitivity of
the output chaotic stream. This paper further introduces a
new post processing technique to overcome the defects in
CB-PRNGs maintaining the same throughput and with a
small hardware overhead. A thorough security analysis is
provided for several images and the results are compared
with the previously reported software-based encryption
systems showing a superior performance. The hardware
utilisation and the maximum throughput of the proposed
stream cipher is compared with known ciphers such as RC4
[22], E0 [23], A5/1 [23], SNOW 3G [24] AES [25] and so
on reecting a higher hardware efciency. The whole
system is implemented on XilinxVirtex 4 FPGA.
2 Chaotic random number generator
The following set of three rst-order ODEs describe a
third-order non-autonomous double-scroll chaos generator

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 33

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
[26, 27] with a single controllable time-varying parameter system as follows

1 F F
X 0 1 0 X 0 Dt = + 1 + 162 , F1 # {0, 1},
4 16 2
Y = 0 0 1 Y + ,0

F2 [ 0, 212 1 , F2 [ N (3a)
Z 1 1 1 Z Dt sgn(X )

1 X 0 Dt = {4 b0010, F1 , F2 , 7 b0}  Dt [24 bits]
sgn(X ) = (1)
1 X ,0 = [0010F1 F2 0000000] (3b)

where Dt is an arbitrary constant and controls the size of the

attractor in real-time and has no effect on the qualitative This guarantees that Dt [0.25, 0.375]) at any instance and
system dynamics [26]. The same system with different simultaneously ensures that the attractor stays within the
constants and without controllability was previously bounds of the xed point representation space [ 1, 1),
implemented [28] using the Euler approximation. veried through rigorous numerical simulation. Therefore
constant Dt has an easy representation in binary form to
realise the expression (3a) in terms of F1 (1-bit) and F2
(12-bits), given in (3b) where the rst number 4 in the
2.1 Digital realisation
expression 4b0010 represents the number of bits and b
A step size of h = 22 is used to maximise chaos enhancement implies a binary format followed by the logical bits [0010].
through the incorporation of additional truncation Thus, the expression 7b0 is translated into seven logical
non-linearities [2931] zeros. The LFSR used in F1 is 128-bit length with a
feedback polynomial described in [32].

Xt+h 1 h 0 Xt 0
Yt+h = 0 2.2 Post processing
1 h Yt + 0 (2)
Zt+h h h 1 h Zt hDt sgn(Xt ) Statistical defects in the output bits of chaotic oscillators
cause short-term predictability [33] and thus, reduce the
security in cryptographic applications. To overcome such
The circuit schematic of the numerical solution is shown in
defects, this work proposes a post processing technique in
Fig. 1. A xed point twos complement format is used with
which all the 72-bits of the output are put through delayed
24-bits representing each of {X, Y, Z}, 1-bit allocated to the
feedback after a rotation of 1-bit to the right and XORing
sign and integer part and the remaining 23-bits to the
operation, according to Fig. 2. Since 1 and 72 are relative
fractional part. The constant Dt is a 24-bit added or
primes, this guarantees that every output bit receives
subtracted from X based on whether X is positive or
contributions from every single input bit, thus equalising
negative, respectively, and stored in a temporary register T
the bias and completely suppressing short-term
to reduce the critical path at the Z-register. This implements
predictability. According to a general equation that
the signum non-linearity with the controllable input. From
the diagram in Fig. 1, the total component count for this
chaotic oscillator is three 24-bit adders, two 24-bit
subtractors, one 24-bit adder/subtractor and four 24-bit
registers. Since scalar multiplications reduce to arithmetic
shifts because they are powers of 2, they only rewire the
bits and do not require any hardware. The initial condition
(IC) of the state registers {X, Y, Z} is of width 72-bits and
is provided by the user. The constant that controls the
attractor size Dt is carefully designed to divide the
controllability between the user and the input image adding
extra randomness to the system. The expression of Dt is Fig. 2 Circuit diagram of the full CB-PRNG showing initial
specied in terms of a 1-bit input F1 derived from a linear condition and controllable-size inputs, the post processing circuit
feedback shift register (LFSR) with a seed provided by the and the resulting decomposition into three 24-bit outputs for use
user, and a 12-bit input F2 as a feedback from the cipher in the stream cipher

Fig. 1 Circuit diagram of the fully digital third-order ODE-based non-autonomous double-scroll chaos generator

34 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
 www.ietdl.org
Table 1 Experimental results on XC4VSX35-10FF668 FPGA for demonstrates a good correspondence with the analogue
the generator before and after post processing attractor in [26]. A positive maximum Lyapunov exponent
Components Chaotic Chaotic generator with post (MLE) for the output time series indicates the presence of
utilised generator processing chaotic dynamics. Given an arbitrary change in initial
conditions, the MLE approximates the long-term divergence
slices 189 230 in the output by dS(t) elt S(dt), with a positive MLE
slice FF 219 291 conrming the existence of chaos. The software based on
four input LUTs 299 370 [35] enables the calculation of the MLE from a time series
Frequency, MHz 153.4 153.4
of discrete data, giving the result as 0.136. The seed value
of the resulting CB-PRNG is the initial condition of the {X,
Y, Z} registers. In addition, the nal post processed output
illustrates the expectation after XORing of two 34-bits [34] is split into three 24-bit outputs {U, V, W} for utilisation in
  
1 1 1 1
E(A B) 2 E(A) E(B) r (4)
2 2 2 2
where A and B are the correlated random variables with
r denoting correlation between A and B. If A is an ideal
random variable (E(A) = 0.5) and B is loaded with bias
(E(B) 0.5), the expression indicates that the XOR
operation gives a result with lower bias (E(A B) 0.5)
provided the correlation is low (r 0). Area results of the
chaotic generator before and after post processing are
shown in Table 1. Hardware efciency motivates
implementing the rotation as simple rewiring without any
hardware overhead. Synthesis results reect the low
hardware cost of post processing without affecting the
frequency of operation.
2.3 Chaotic response
Oscilloscope traces of the attractors (X Y Z-phase plots) of
the original oscillator are shown in Figs. 3ac which
colour image encryption, given that a standard RGB image
pixel is composed of 24-bits. The phase plots of {U, V, W}
are shown in Figs. 3df, in which it is clear that post
processing has suppressed the attractor shape, enabled full
coverage of the entire available phase space and thus
eliminated short-term predictability. The performance of the
output under the NIST SP. 800-22 test suite is assessed in
further sections after the description of the stream cipher.
3 Image encryption system
3.1 Encryption/decryption algorithm
Each input colour pixel undergoes several stages of diffusion
using feedback, pixel confusion and bit permutations.
Assume a consecutive sequence of plain image pixels Pi
where i denotes the location index. Similarly, let Ci,j denote
a ciphered image pixel in the ith location at the jth
encryption stage. Let Pj denote bit permutation in
encryption where the bit locations are shufed and let P 
j

Fig. 3 Experimentally obtained

a XY
b YZ
c XZ original attractors from the digital chaotic oscillator
In addition to
d UV
e UW
f VW phase portraits after post processing the output
Results are drawn on an oscilloscope from a Xilinx Virtex 4 FPGA

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 35

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
denote the corresponding reverse permutation in decryption. applying cascaded three stages of the permutations results
The encryption algorithm is thus expressed as in a different location from the original colour component
which guarantees inter-colour confusion. The decryption
Pj (Ci, j1 Ui ), j=1 algorithm achieves a reverse operation as follows
Ci, j = Pj (Ci, j1 Vi ), j=2 (5a)
P (C
j i, j1 Wi ), j=3 Pj (Ci, 0 Wi ),
j=1
Ci, j = Pj (Ci, 0 Vi ), j=2 (7a)
Ci, 0 = Pi Ci1, 1 Ci2, 2 (5b)

Pj (Ci, 0 Ui ), j=3
The proposed algorithm consists of three identical stages of
encryption to prevent any information leakage based on the Pi = Ci, 3 Ci1, 1 Ci2, 2 (7b)
values of input pixels. This process is performed on two
levels: (i) masking each colour pixel values using the
0 0 1 0 0 0 0 0 0 1 0 0
processed chaotic outputs, (ii) shufing bits between the 0
colour RGB layers through bit permutations Pj . The stream 0 0 0 1 0

1
0 0 0 0 0


of ciphered pixels from the second stage Ci, 2 is taken as 0 1 0 0 0 0 0 0 1 0 0 0
P1j =
0
, P2j =
feedback to the generator to control attractor size Dt
0 0 0 0 1

0
1 0 0 0 0

dynamically creating a direct relationship between the input
image and the chaos generation. Another stage of 0 0 0 1 0 0 0 0 0 0 0 1
encryption is required to distribute the effect of correlation 1 0 0 0 0 0 0 0 0 0 1 0
between each two neighbouring pixels on the following
0 0 0 0 0 1 0 0 0 1 0 0
consecutive pixel. In addition, pixels constituting this stage 1
Ci1, 1, Ci2, 2 are chosen after applying bit permutations 0 0 0 0 0

0
0 0 0 1 0


P1 , and P2 , respectively. For any random input pixel if one 0 0 0 1 0 0 0 0 1 0 0 0
bit ips, the following pixels experience an avalanche effect Pj =
3
0
, Pj =
4
0 0 0 1 0

0
1 0 0 0 0

[36] with a ipping rate depending on the bit shufing.
Hardware efciency motivates implementation of the static 0 1 0 0 0 0 0 0 0 0 0 1
reversible bit permutations through a simple bit rewiring 0 0 1 0 0 0 1 0 0 0 0 0
which can be re-congured for different designs producing (7c)
completely different outputs. In addition, to reduce the
wiring complexity, permutations are performed on the
nibble level. Each colour component is divided into 4-bits
yielding a total of six parts per pixel and each encryption 3.2 Hardware realisation
stage alternates between four different nibble shufing Cipher and decipher hardware architectures are described in
schemes chaotically. Permutation matrices are described as very-large-scale-integration hardware descriptive language
follows (VHDL) and veried on Xilinx Virtex 4 FPGA. The digital
design consists of pipeline registers, two-input XOR gates,
R1 selection MUXs, in addition to permutation units, shown in
R2
Fig. 4. Each stage contains an MUX selected between four
G1 different permutation schemes randomly through a 2-bit
Ci, j = Pm , j = 1, 2, 3, and m = 1, 2, 3, 4 (6a)
j G2 chaotic signal coming from the chaotic outputs {U, V, W}.

B1 The systems key is 200-bits in width provided by the user
B2 and is divided into 72-bits as IC to the chaotic generator, in
addition to 128-bits as a seed to the LFSR. Table 2
0 0 0 0 0 1 0 1 0 0 0 0 summarises the area results of both architectures, without
0 0 1 0 0 0 0 0 0 1 0 0 accounting for the chaotic generator and the post

processing, achieving frequencies of up to 408 and 440
1 0 0 0 0 0 0 0 1 0 0 0
Pj = MHz for both the cipher and decipher systems, respectively.
, Pj = 1 0 0
1 2

0 0 0 0 1 0 0 0 0 Output signals of the FPGA are shown in Figs. 5af

obtained from the oscilloscope after applying an 8-bit
0 1 0 0 0 0 0 0 0 0 0 1
staircase signal in the RED component with zeros in the
0 0 0 1 0 0 0 0 0 0 1 0 remaining bits as an input test image. The input function
Sin(t) is described in the binary form [using the same
0 1 0 0 0 0 0 0 0 0 0 1
0 0 0 0 1 0 0 0 0 1 0 0
notation as in (3b)] as


0 0 0 0 0 1 0 0 1 0 0 0
P3j = 0 0 1 0 0 0 , P 4
=
1 0 0

{24 b0}, 0 t 50
j
0 0 0








{4 b0100, 20 b0}, 51 t 101
0 0 0 1 0 0 0 1 0 0 0 0 Sin (t) = {4 b1000, 20 b0}, 102 t 152 (8)


1 0 0 0 0 0 0 0 0 0 1 0
{4 b1100, 20 b0}, 153 t 203

(6b) {8 b1, 16 b0}, 204 t 255

where m denotes a permutation scheme. Each permutation where t is an 8-bit counter. Unlike the input signal, the FFT of
matrix has a cyclicity index bigger than three and is not the the ciphered signal is uniformly distributed over the whole
inverse of any of the others. Moreover, the net effect of spectrum with characterisitcs similar to white noise.

36 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
 www.ietdl.org

Fig. 4 Circuit diagram of

a Encryption
b Decryption systems
Decryption implements a reverse functionality of the encryption

Table 2 Experimental results on XC4VSX35-10FF668 FPGA for sequence of permutations at each encryption stage and thus,
the cipher and decipher systems gives a completely different output.
Components utilised Encryption system Decryption system
The chaotic generator utilised has three state registers each
of 24-bit wide. On adding the 128-bit seed of the LFSR, the
slices 164 202 total key space in this system is 2200. Key sensitivity is
slice FF 218 244 visually inspected by examining the wrong decrypted image
four input LUTs 236 249 when altering the systems key as shown in Fig. 7c.
Frequency, MHz 408.5 440.3 Quantitatively, key sensitivity is measured through the
mean-square error (MSE) which assesses the distortion in
the wrong decrypted image compared with the original one
4 Security analysis when the input key to the decryption system is wrong. The
MSE test is described as
The analysis in this section is conducted on a 512 512
coloured Lena.bmp. Experiments are carried out and the
1  M  N  
2
data are analysed using MATLAB. MSE = P i, j D(i, j) (9)
M N i=1 j=1

4.1 Key space analysis

The initial states of the generators registers (IC) in addition to
the seed of the LFSR are considered the key of this proposed
cipher. Brute-force attack is dened to systematically check
all possible keys until the correct one is found [37]. Secure
encryption requires: (i) large key space to make the
brute-force attack inefcient, and (ii) sensitivity to the input
key in which small changes in the deciphers key lead to
completely wrong decryption. In the proposed stream
cipher, both the key provided by the user and the input
image affects the chaotic output values from the generator
as discussed earlier and consequently affects the
permutation selection at each MUX. As a result, changing
the input key or the input image produces different
where M and N are the width and height of the image,
respectively, P(i, j) is the original plain image pixel and D
(i, j) is the corresponding deciphered image pixel. The
higher MSE value reects the bigger difference between the
two images indicating higher sensitivity to the systems
key. Fig. 6 depicts the MSE values of the wrong deciphered
image with respect to the number of error bits in the
decryption key. The values shown in the gure imply that
the system is highly sensitive to even 1-bit error in the
decryption key and remains at the same sensitivity level
with additional erroneous bits. It is also shown that the
MSE values of the colour components are ordered
irrespective to the number of error bits; green MSE is the
lowest and blue MSE is the highest. This is a direct result

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 37

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org

Fig. 5 Experimentally obtained results of

a Input test image (RED component)
b Staircase input signal
c FFT of the input signal
d Output signal from the cipher
e FFT of the ciphered signal
f Output signal from the decipher

from the feedback F2 which creates a relationship between the
input image and the chaotic generation as explained earlier.
Thus, MSE values change with the input image producing a
prole for each colour component differing from one image
to another.
4.2 Histogram analysis
Image histogram depicts statistical distribution of colour
intensities. Secure ciphered images are characterised by at
histograms for all colours in which the intensities are
evenly distributed over the whole colour scale. Visual
inspection of the histograms in Fig. 7 conrms the uniform
distribution of the RGB colour components. Furthermore, a
2 test is performed on the RGB histograms to analytically
examine the quality of the uniform distribution. The test is
used to determine whether there is a signicant difference
between the expected number of intensity counts for colour
levels and the observed counts in the ciphered image
assuming a uniform distribution [38] and is described as
L
(Oi Ei )2
x2 = (10)
Ei
i=1
where Ei is the expected occurrence of each colour level
asserted by the null hypothesis, L is the colour level (256)
and Oi is the observed count of each colour level [0255].

Fig. 6 MSE values with respect to the number of error bits in the decryption

38 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
 www.ietdl.org

Fig. 7 Visual analysis for the encryption quality

a Original image
b Ciphered image
c Wrong deciphered image (1-bit error in the key)
In addition to
df Histograms of the RGB components for the original image and similarly
gi For the ciphered image.

 2
With a signicance level of 0.05, it is found that 1 N
1
N
x2test , x2 (255, 0.05) for the three histograms implying that D(x) = x x (11b)
the null hypothesis is not rejected and the histogram N i=1 i N j=1 j
distributions are uniform.
cov(x, y)
r =  (11c)
D(x) D(y)
4.3 Pixel correlation analysis

High correlation between adjacent pixels in the images

Table 3 Correlation coefficients for the horizontal, vertical and
requires an efcient confusion and diffusion algorithm to diagonal orientations for both original and ciphered images
maintain the correlation as minimally as possible in the
ciphered image. The correlation coefcient between two Axis Original image Ciphered image
adjacent pixels xi and yi can be calculated as [37]
Red Green Blue Red Green Blue
  
1 N
1
N
1 N horiz. 0.9753 0.9748 0.9532 0.001 0.0005 0.0015
cov(x, y) = x x yi y (11a) vert. 0.9871 0.9872 0.9741 0.0016 0.0022 0.004
N i=1 i N j=1 j N j=1 j diag. 0.9634 0.9630 0.9334 0.004 0.0032 0.003

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 39

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
Fig. 8 Visual inspection for the horizontal correlation
ac Original image RGB colours, respectively, and similarly
df Ciphered image RGB
where cov (x, y) is the covariance between the two pixels and
N is the total number of pixels selected from the image for the
calculation. Table 3 summarises the auto correlation
coefcients for horizontal, vertical and diagonal orientations
of the original and ciphered image and Fig. 8 shows the
visual inspection of the horizontal correlation for RGB
components. Furthermore, to measure how different the
ciphered image is from the original, the cross-correlation
coefcients are calculated using the same equations in
(11ac) by considering each pixel value xi from the original
image and its corresponding pixel yi from the ciphered one.
Cross-correlation coefcients are found to be 0.0035,
0.001 and 0.0002 for the RGB colours, respectively. Low
coefcient values imply robust confusion and diffusion
algorithm implemented in the system to prevent any
information leakage regarding pixel correlations.
4.4 Entropy analysis
The entropy is a measure of the predictability of a random
source. The ciphered image data should appear as random
noise to avoid any information leakage. For a binary source
S producing 28 symbols of equal probabilities each symbol
is 8-bits wide and the entropy of this source is dened as [36]
 red
8
2
Entropy = P(Si ) log2 P(Si ) (12)
i=1
40
& The Institution of Engineering and Technology 2013
where P(Si) is the probability of the symbol Si. A source with
entropy equal to 8 is considered truly random. Table 4 depicts
the entropy values of the ciphered image compared with the
original ones which imply the high randomness levels
achieved by the proposed stream cipher.
4.5 Differential analysis
To prevent revelation of any meaningful statistical
relationships between the input and the output, small
changes in the original image should result in signicant
changes in the ciphered image. In general, this property is
directly controlled by the quality of diffusion and confusion
adopted in the system. Quantitatively, the sensitivity of the
encryption algorithm to the input is evaluated through two
tests [37]. The rst test is the NPCR, which represents the
number of pixels change rate of the ciphered image while
one pixel of the original image has changed. Assume two
ciphered images, C1 and C2, whose corresponding original
images have only one pixel difference, the NPCR value is
Table 4 Entropy results for original and ciphered images for
all the colour components
Entropy Original image Ciphered mage
7.2634 7.9994
green 7.5899 7.9993
blue 6.9854 7.9993
IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343
doi: 10.1049/iet-ipr.2012.0586
 www.ietdl.org

SAC, %
Table 5 Differential analysis results for all the colour

49.995
49.989
49.987
49.991
49.984
49.989
49.999
49.987
49.969
49.977
49.999
49.993
49.976
49.994
49.978
49.993
49.978
49.971
components

Colour NPCR, % UACI, %

Max Min Mean Max Min Mean

UACI, %

33.417
33.465
33.457
33.479
33.497
33.571
33.573
33.459
33.519
33.401
33.497
33.506
33.488
33.457
33.426
33.438
33.359
33.379
red 99.743 99.4 99.59 33.839 32.837 33.367
green 99.742 99.425 99.592 33.972 32.936 33.406
blue 99.748 99.442 99.589 33.946 32.905 33.447

NPCR, %

99.594
99.596
99.597
99.594
99.592
99.593
99.594
99.592
99.593
99.599
99.594
99.593
99.595
99.589

99.592
99.589
99.591
99.59
expressed as

0, C1 (i, j) = C2 (i, j)
D(i, j) = (13a)
C1 (i, j) = C2 (i, j)

Ciphered
1,

7.9993
7.9993
7.9993
7.9993
7.9995
7.9994
7.9992
7.9992
7.9992
7.9993
7.9994
7.9993
7.9993
7.9993
7.9994
7.9993
7.9993
7.9993
1  M  N

Entropy
NPCR = D(i, j) (13b)
M N i=1 j=1

Original

6.9481
6.8845
6.1265
7.7067
7.4744
7.7522
6.7178
6.7990
6.2138
7.3124
7.6429
7.2136
7.3388
7.4963
7.0583
The second test is the UACI which represents the unied

0
0
0
average changing intensity measuring the average intensity
difference of two ciphered images, whose corresponding
original image has only one pixel difference as follows
Table 7 Correlation, entropy and differential analysis results for coloured images obtained from USC-SIPI image database
Cross corr.

0.0034
0.0038

0.0027
0.0037
0.0005
0.0039

0.0001

0.0016

0.0017

N 


0.0008

0.0045

0.0008

0.0011

0.0013

0.0018
1  M 
C1 (i, j) C2 (i, j)

0
0
0
UACI = 100
M N i=1 j=1 255
(14)
0.0031
0.0005

0.0019

0.0019
0.0016
0.0013

0.0014

0.0039
0.0005
0.002
0.0038
0.0012

0.0002
0.0013
0.0003

0.0013
0.002

0.004
Diag.

Both tests are conducted 500 times with inputs having only
1-bit change randomly in only pixel with an arbitrary
Ciphered image corr.

location. Table 5 depicts the mean values of the NPCR and

UACI tests for all the colour components. The results
0.0013

0.0006
0.0021
0.0045
0.0008
0.0036

0.0022

0.0001

0.0004
0.002
reect the effect of using the chained confusion algorithm
0.0027
0.0003

0.0005

0.0008

0.0002
0.0008
0.0002

0.0047
Vert.

implemented in the system in which changing 1-bit in the

input affects the chaotic sequence from the generator
resulting in a completely different output.
0.0007

0.0001
0.0005
0.0032
0.0015

0.0011
0.0007

0.0012
0.0004
0.0007
0.0009
0.0007
0.0014
0.0002
0.0024

0.0015
0.0002
0.0003
Horiz.

4.6 Strict avalanche criterion

The strict avalanche criterion (SAC), rst introduced in [36],
examines the bit level difference between the input and the
0.9894
0.9711
0.9649
0.8543
0.7348
0.8399
0.9343
0.9326
0.9146
0.9420
0.9530
0.9530
0.9564
0.9687
0.9478
Diag.

1
1
1

Table 6 NIST SP. 800-22 tests for the original and processed
Original image corr.

chaos output as well as the ciphered image

0.9951
0.9871
0.9789
0.8660
0.7650
0.8809
0.9568
0.9678
0.9353
0.9541
0.9663
0.9694
0.9663
0.9818
0.9664

Test Original Processed Ciphered

Vert.

1
1
1

chaos chaos image

PV PP PV PP PV PP
0.9936
0.9812
0.9826
0.9231
0.8655
0.9073
0.9726
0.9578
0.9640
0.9558
0.9715
0.9710
0.9635
0.9811
0.9665

Horiz.

monobits 0.96 1.00 0.95

1
1
1

block frequency x 0.95 1.00 1.00

cumulative sums x 0.95 1.00 0.95
runs x 0.79 0.99 1.00
longest run x 0.76 0.99 1.00

green

green

green

green

green

green

rank x 0.91 0.98 1.00

blue

blue

blue

blue

blue

blue
red

red

red

red

red

red

FFT x 0.85 1.00 0.95

N. O. template x 0.80 0.99 0.98
O. template x 0.78 1.00 1.00
universal x 0.83 0.99 1.00
Image (file name)

mandrill (4.2.03)

peppers (4.0.07)
airplane (4.0.04)

sailboat (4.2.06)

app. entropy x 0.74 0.99 0.91

splash (4.2.01)

random Exc. 0.97 0.99 0.97

black image

random Exc. Var. 0.99 1.00 1.00

serial x 0.68 0.99 0.95
linear complexity 1.00 0.98 1.00
final result fail pass pass

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 41

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
Table 8 Comparison in the security analysis results between the six images. The results imply that the proposed stream
the proposed cipher and other reported software-based chaotic cipher maintains the same high security levels regardless of
systems
the input image.
Analysis Huang Wang Liu and Amin This
[18] et al. Wanga et al. work
[19] [20] [21] 5 Comparison with previous work
horiz. 0.097 0.014 0.0965 0.021 0.002 The security performance of the proposed stream cipher is
corr.
vert. 0.0484 0.009 0.031 0.014 0.0016 evaluated in Table 8 as compared with four recent
corr. chaos-based image encryption systems [1821]. This
diag. 0.07 0.005 0.0362 0.035 0.002 comparison is based on the mean values of the correlation
corr. coefcients, entropy and differential analysis.
entropy 7.9939 7.9845 7.9998 7.9993
NPCR, % 99.31 98.563 99.606 99.61 99.601
Unfortunately, the hardware comparison between the
UACI, % 33.46 33.081 33.393 33.41 33.462 proposed system and the previously reported systems is not
mentioned since they have not been implemented on
hardware. The results reect that the proposed system
outperforms all the others and imply the high level of
output data because of a 1-bit change in the input. Ciphers randomness and robust encryption achieved. In addition to
with good SAC property achieve theoretically 50% bit the security comparison, hardware area efciency and
difference between the input and the output images. The throughput results of the proposed stream cipher are
SAC value for the proposed stream cipher is calculated 500 compared in Table 9 with the standard stream and block
times with only a 1-bit change in the input image resulting cipher systems such as: RC4 used in 802.11 Wi-Fi security
in mean values of 49.995, 49.992 and 49.988% for the protocol, E0 used in Bluetooth protocol, A5/1 used in GSM
RGB colours, respectively. The results conrm the high communications, SNOW 3G used by the 3GPP group as a
sensitivity of the encryption algorithm originating from the mobile cellular standard, in addition to the advanced
dynamic control of the attractor size Dt and the permutation encryption standard (AES) adopted in many applications.
functions used. Since this paper exhibits an FPGA implementation, the gate
count is expressed as 8 (LUT + FF) to facilitate a basic
4.7 Statistical randomness analysis area/throughput comparison between systems. As shown in
Table 9, the proposed system yields the highest area/
The randomness of the CB-PRNG utilised in addition to the throughput ratio compared with all other systems and
ciphered image are assessed using NIST SP. 800-22 therefore achieved the best hardware efciency. Together
statistical test suite [39]. Table 6 shows the NIST results for with the high security accomplished, the proposed stream
the chaotic output before and after post processing as well cipher can be considered a new encryption standard.
as the ciphered image. The results are represented by the
proportion of the passing sequences and the validity of the
P-value (PV) distribution. The results imply that the post 6 Conclusion
processing effectively removed the bias in the original
chaotic stream producing uniformly distributed random bits. This paper presents the rst hardware realisation of the
In addition, the ciphered image is considered as a pseudo chaos-based stream cipher designed for image encryption
random noise source. applications. The encryption system utilises a third-order
jerk chaotic generator with signum non-linearity in addition
4.8 Application to other images and comparison to a dynamically controllable attractor size. To reduce the
bias in the output sequence, a simple post processing
The security of the proposed system is further examined for technique is proposed with a small hardware cost. The
ve standard coloured images obtained from the ciphering algorithm masks and permutes the original pixels
miscellaneous volume of the University of Southern creating a feedback loop between the ciphered image and
California-Signal and Image Processing Institute the chaotic generator to increase the output sensitivity to
(USC-SIPI) image database [40] in addition to a black small changes in the input. The security analysis is
image where the RGB components are all zeros. Table 7 conducted for several images and the results are compared
depicts the correlation and entropy in addition to the mean with previously reported systems which conrm the
values of the differential analysis, and SAC values for all superior performance of the proposed system. Finally, the

Table 9 Comparison in the hardware performance results between the proposed system and other reported non-chaos-based ciphers
System Area (Gc) T.put, Mb/s Efficiency T.put/area Implementation target

Mickey128 [2] 5039 413.2 0.082 ASIC

Trivium [25] 2580 327.9 0.127 ASIC
Moustique [41] 7264 369 0.05 FPGA
Salsa20 [42] 12 126 121 0.009 ASIC
RC4 [22] 10 653 135.52 0.013 FPGA
E0 [23] 1902 93.36 0.049 FPGA
A5/1 [23] 932 90.85 0.097 FPGA
SNOW 3G [24] 25 016 7968 0.318 ASIC
AES [43] 14 322 3709 0.259 FPGA
this work 8968 3682.87 0.411 FPGA

42 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586

proposed stream cipher system can be considered as a new
symmetric encryption standard.
7 References
1 Liu, F., Wu, C.-K.: Robust visual cryptography-based watermarking
scheme for multiple cover images and multiple owners, IET Inf.
Secur., 2011, 5, (2), pp. 121128
2 Ding, Q., Wang, J.N.: Design of frequency-modulated correlation delay
shift keying chaotic communication system, IET Commun., 2011, 5,
(7), pp. 901905
3 Wagemakers, A., Escribano, F.J., Lpez, L., Sanjun, M.A.F.:
Competitive decoders for turbo-like chaos-based systems, IET
Commun., 2012, 6, (10), pp. 12781283
4 Chen, S.-L., Hwang, T., Chang, S.-M., Lin, W.-W.: A fast digital
chaotic generator for secure communication, Int. J. Bifurcation
Chaos, 2010, 20, (12), pp. 39693987
5 Li, C.-Y., Chen, Y.-H., Chang, T.-Y., Deng, L.-Y., To, K.: Period
extension and randomness enhancement using high-throughput
reseeding-mixing PRNG, Trans. Very Large Scale Integr. (VLSI)
Syst., 2012, 20, (2), pp. 385389
6 Zidan, M.A., Radwan, A.G., Salama, K.N.: Controllable v-shape
multiscroll buttery attractor: system and circuit implementation,
Int. J. Bifurcation Chaos, 2012, 22, (6), pp. 12501431250156
7 Zidan, M.A., Radwan, A.G., Salama, K.N.: Random number generation
based on digital differential chaos. Int. Midwest Symp. Circuits Syst.
(MWSCAS), 2011, pp. 14
8 Taylor, G., Cox, G.: Digital randomness, IEEE Spectr., 2011, 48, (9),
pp. 3258.
9 Li, S., Chen, G., Mou, X.: On the dynamical degradation of piecewise
linear chaotic maps, Int. J. Bifurcation Chaos, 2005, 15, (10),
pp. 31193152
10 Barakat, M.L., Radwan, A.G., Salama, K.N.: Hardware realization of
chaos-based block cipher for image encryption. Int. Conf.
Microelectronics (ICM), 2011, pp. 15
11 Kircanski, A., Youssef, A.M.: On the sliding property of SNOW 3 G
and SNOW 2.0, IET Info. Secur., 2011, 5, (4), pp. 199206
12 Millrioux, G., Guillot, P.: Self-synchronizing stream ciphers and
dynamical systems: state of the art and open issues, Int. J. Bifurcation
Chaos, 2010, 20, (9), pp. 29792991
13 Alvarez, G., Amig, J.M., Arroyo, D., Li, S.: Lessons learnt from the
cryptanalysis of chaos-based ciphers, in Kocarev, L., Lian, S. (Eds.):
Chaos-Based Cryptography (Springer, Berlin/Heidelberg, 2011),
vol. 354, pp. 257295
14 Gao, T., Chen, Z.: Image encryption based on a new total shufing
algorithm, Chaos Solitons Fractals, 2008, 38, (1), pp. 213220
15 Giesl, J., Behal, L., Vlcek, K.: Improving chaos image encryption
speed, Int. J. Future Gener. Commun. Netw., 2009, 2, (3), pp. 2336
16 Ismail, I.A., Ismail, M., Diab, H.: A digital image encryption algorithm
based a composition of two chaotic logistic maps, Int. J. Netw. Sec.,
2010, 11, (1), pp. 19
17 Huang, C.K., Nienb, H.H.: Multi chaotic systems based pixel
shufe for image encryption, Opt. Commun., 2009, 282, (11),
pp. 21232127
18 Huang, X.: Image encryption algorithm using chaotic Chebyshev
generator, Nonlinear Dyn., 2012, 67, (4), pp. 24112417
19 Wang, X., Wang, X., Zhao, J., Zhang, Z.: Chaotic encryption algorithm
based on alternant of stream cipher and block cipher, Nonlinear Dyn.,
2011, 63, (4), pp. 587597
20 Liu, H., Wanga, X.: Color image encryption based on one-time keys
and robust chaotic maps, Comput. Math. Appl., 2010, 59, (10),
pp. 33203327
21 Amin, M., Faragallah, O.S., Abd El-Latif, A.A.: A chaotic block cipher
algorithm for image cryptosystems, Commun. Nonlinear Sci. Numer.
Simul., 2010, 15, (11), pp. 34843497
IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343
doi: 10.1049/iet-ipr.2012.0586
www.ietdl.org
22 Hamalainen, P., Hannikainen, M., Hamalainen, T., Saarinen, J.:
Hardware implementation of the improved WEP and RC4 encryption
algorithms for wireless terminals. Eur. Signal Proc. Conf., 2000,
pp. 22892292
23 Batina, L., Lano, J., Mentens, N., rs, S.B., Verbauwhede, B., Preneel,
I.: Energy, performance, area versus security trade-offs for stream
ciphers. State of the Art of Stream Ciphers, Workshop Record,
ECRYPT, 2004
24 Kitsos, P., Selimis, G., Koufopavlou, O.: High performance ASIC
implementation of the SNOW 3G stream cipher. Int. Conf. Very
Large Scale Integration, 2008
25 Good, T., Benaissa, M.: ASIC hardware performance, in Robshaw, M.,
Billet, O. (Eds.): New stream cipher designs (Springer, Berlin/
Heidelberg, 2008) pp. 267293
26 Sprott, J.C.: A new class of chaotic circuit, Phys. Lett. A, 2000, 266,
(1), pp. 1923
27 Elwakil, A.S., Salama, K.N., Kennedy, M.P.: A system for chaos
generation and its implementation in monolithic form. Int. Symp.
Circuits Syst. (ISCAS), 2000, pp. 217220
28 Mansingka, A.S., Radwan, A.G., Zidan, M.A., Salama, K.N.: Analysis
of bus width and delay on a fully digital signum nonlinearity chaotic
oscillator. Int. Midwest Symp. Circuits Syst. (MWSCAS), 2011,
pp. 14
29 Sprott, J.C.: Chaos and time-series analysis (Oxford University Press,
2003)
30 Zidan, M.A., Radwan, A.G., Salama, K.N.: The effect of numerical
techniques on differential equation based chaotic generators. Int.
Conf. Microelectronics (ICM), 2011, pp. 14
31 Mansingka, A.S., Radwan, A.G., Salama, K.N.: Design,
implementation and analysis of fully digital 1-D controllable
multiscroll chaos. Int. Conf. Microelectronics (ICM), 2011, pp. 15
32 Alfke, P.: Efcient shift registers, LFSR counters, and long pseudo
random sequence generators. Xilinx Application Note, 1996
33 Yalcin, M.E., Suykens, J.A.K., Vandewalle, J.: True random bit
generation from a double-scroll attractor, Trans. Circuits Syst. I, Reg.
Pap., 2004, 51, (7), pp. 13951404
34 Davies, R.B.: Exclusive OR (XOR) and Hardware Random Number
Generators. Available at: http://www.robertnz.net/pdf/xor2.pdf,
February 2002
35 Kodba, S., Perc, M., Marhl, M.: Detecting chaos from a time series,
Eur. J. Phys., 2005, 26, (1), pp. 205215
36 Webster, A., Tavares, S.: On the design of S-boxes, in Williams, H.
(Ed.): Advances in cryptology (Springer, Berlin/Heidelberg, 1986),
pp. 523534
37 Corrochano, E.B., Mao, Y., Chen, G.: Chaos-based image encryption,
in Corrochano, E.B. (Ed.): Handbook of geometric computing
(Springer, Berlin Heidelberg, 2005), pp. 231265
38 LEcuyer, P., Simard, R.: TestU01: A C library for empirical testing of
random number generators, ACM Trans. Math. Softw., 2007, 33, (4),
pp. 2240
39 Rukhin, A., Soto, J., Nechvatal, J., et al.: A statistical test suite for
random and pseudorandom number generators for cryptographic
applications, NIST Special Publication 800-22, 2001
40 Weber, A.G.: (1997) The USC-SIPI image database version 5.
USC-SIPI Rep. no. 315. Available at: http://www.sipi.usc.edu/services/
database/Database.html
41 Daemen, J., Kitsos, P.: The self-synchronizing stream cipher
Moustique, in Robshaw, M., Billet, O. (Eds.): New stream cipher
designs (Springer, Berlin/Heidelberg, 2008), pp. 210223
42 Good, T., Benaissa, M.: Hardware results for selected stream cipher
candidates. Workshop Record of Stream Ciphers (SASC), 2007,
pp. 191204
43 Bouhraoua, A.: Design feasibility study for a 500 Gbits/s advanced
encryption standard cipher/decipher engine, IET Comput. Digit.
Tech., 2010, 4, (4), pp. 334348
43
& The Institution of Engineering and Technology 2013