You are on page 1of 13

Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Contents lists available at SciVerse ScienceDirect

Engineering Applications of Artificial Intelligence


journal homepage: www.elsevier.com/locate/engappai

A novel image encryption/decryption scheme based on chaotic


neural networks
Nooshin Bigdeli, Yousef Farid n, Karim Afshar
EE Department, Imam Khomeini International University, Daneshgah Blv., Qazvin, Iran

a r t i c l e i n f o abstract

Article history: This paper presents a novel image encryption/decryption algorithm based on chaotic neural network
Received 9 March 2011 (CNN). The employed CNN is comprised of two 3-neuron layers called chaotic neuron layer (CNL) and
Received in revised form permutation neuron layer (PNL). The values of three RGB (Red, Green and Blue) color components of
10 November 2011
image constitute inputs of the CNN and three encoded streams are the network outputs. CNL is a
Accepted 6 January 2012
Available online 9 February 2012
chaotic layer where, three well-known chaotic systems i.e. Chua, Lorenz and Lü systems participate in
generating weights and biases matrices of this layer corresponding to each pixel RGB features. Besides,
Keywords: a chaotic tent map is employed as the activation function of this layer, and makes the relationship
Secure communication between the plain image and cipher image nonlinear. The output of CNL, i.e. the diffused information, is
Cipher-image
the input of PNL, where three-dimensional permutation is applied to the diffused information. The
Chaotic neuron layer (CNL)
overall process is repeated several times to make the encryption process more robust and complex. A
Permutation neuron layer (PNL)
Tent map 160-bit-long authentication code has been used to generate the initial conditions and the parameters of
the CNL and PNL. Some security analysis are given to demonstrate that the key space of the new
algorithm is large enough to make brute-force attacks infeasible and simulations have been carried out
with detailed numerical analysis, demonstrating the high security of the new image encryption scheme.
& 2012 Elsevier Ltd. All rights reserved.

1. Introduction secure communications (Lian, 2009). In the literature, lots of


encryption methods are proposed which are based on using
In the recent years, secure private communication methods chaotic systems in this era (Wei et al., 2006; Joshi et al., 2009;
have aroused the interest of many researchers all over the world. Tong and Cui, 2008; Tong and Cui, 2009; Wong et al., 2008). For
The most general architecture for image encryption is the the special properties such as parameters and initial-value sensi-
permutation–diffusion architecture. There are two iterative stages tivity, ergodicity and quasi-randomness, chaos is used in data
in this kind of image cryptosystems (Chen et al., 2004). The protection, widely (Lian, 2009).
permutation stage changes the position of image pixels but does Due to their good properties such as high nonlinearity, para-
not alter their values. In the diffusion stage, the pixel values are meter sensitivity and learning ability, neural networks have been
modified sequentially so that a tiny change in one pixel is spread widely used as the other choice for information protection, such
out to almost all pixels in the whole image. The whole as data encryption, data authentication and intrusion detection
permutation–diffusion round repeats for a number of times so (Lian, 2009; Chan and Cheng, 2001; Xiao et al., 2005). Neural
as to achieve a satisfactory level of security. For this architecture, networks’ confusion and diffusion properties have been used to
generation of secret keys and control parameter are essential design encryption algorithms, such as the stream ciphers (Chan
issues in increasing security and complexity of the algorithm. and Cheng, 2001; Karras and Zorkadis, 2003) or the block ciphers
A good encryption algorithm should be sensitive to the cipher (Lain et al., 2004; Lian, 2009).
keys, and the key space should be large enough to make brute- As a combination of neural networks and chaos, a chaotic
force attacks infeasible. In order to achieve such type of security, neural network (CNN), has both the characteristic of neural
employing chaotic systems in generating the secret keys and network and chaos. Especially it has more complex dynamic
parameters has become one of the most important topics in behavior and so, it is expected to have better performance as
an image encryption tool. Therefore, such combinations have
been employed in some researches as more efficient methods
n
Corresponding author. Tel./fax: þ 98 281 8371155.
for information protection and information encryption (Lian,
E-mail addresses: bigdeli@ikiu.ac.ir (N. Bigdeli), yousef.farid@ikiu.ac.ir, 2009). As an instance, in (Lian et al., 2006) a three-layer neural
y.farid.e.control@gmail.com (Y. Farid), afshar@ikiu.ac.ir (K. Afshar). network has been used to construct a hash function. The three

0952-1976/$ - see front matter & 2012 Elsevier Ltd. All rights reserved.
doi:10.1016/j.engappai.2012.01.007
754 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

neuron-layers are used to realize data confusion, diffusion and attractors for a Chua system with a1 ¼10, b1 ¼100/7 are shown
compression. And the multi-block hash mode is presented to in Fig. 1(a)–(c).
support the plaintext with variable length. Socek and Culibrk B. Lorenz system: The dynamics of chaotic Lorenz system may
(Socek and Culibrk, 2005) analyzed a clipped Hopfield neural be represented by the following equations (Li and Yin, 2009):
network-based encryption system for digital images and videos, x_ 2 ¼ a2 ðy2 x2 Þ
and pointed how to ensure the security of stream through y_ 2 ¼ x2 z2 y2 þ c2 x2
improving some scheme, such as randomness properties of the
z_ 2 ¼ x2 y2 b2 z2 ð2Þ
generated key-stream. In (Lian, 2009), a CNN structure is pro-
posed for block cipher in which the employed chaotic activation where a2, b2, and c2 are its constant parameters. With a2 ¼10,
function in the so-called chaotic neuron layer realizes data b2 ¼8/3, c2 ¼ 28, system has chaotic behavior (Li and Yin, 2009)
diffusion and a linear neuron layer realizes data confusion. This which has been illustrated in Fig. 1(d)–(f) via the projection of
structure implies good computing security, but due to constant system attractors of its state space trajectories.
weight and bias matrices, it seems vulnerable to attacks. C. Lü system: The chaotic Lü system model can be described as
In this paper, the idea in (Lian, 2009) has been generalized to (Lü et al., 2002):
achieve a novel block cipher based on CNN. These cryptosystem is x_ 3 ¼ a3 ðy3 x3 Þ
based on a 3-input 3-output neural network structure that y_ 3 ¼ x3 z3 þc3 x3
comprised of two 3-neuron layers called chaotic neuron layer z_ 3 ¼ x3 y3 b3 z3 ð3Þ
(CNL) and permutation neuron layer (PNL). The values of three
RGB (Red, Green and Blue) color components of image constitute where a3,b3, c3 are parameters. With a3 ¼36,b3 ¼3, c3 ¼20,
inputs of the CNN and three encoded streams are the network system has chaotic behavior (Lü et al., 2002). Trajectories of
outputs. The weights and biases matrices of CNL are generated by the state variables of this chaotic system are also shown in
three well-known chaotic systems i.e. Chua, Lorenz and Lü Fig. 1(g)–(i).
systems. Besides, a chaotic tent map is employed as the activation
function of this layer. The output of CNL, i.e. the diffused
information, is the input of PNL. In PNL a linear permutation in 2.2. The tent map and its properties
conjunction with a 2-dimentional nonlinear shuffling are applied
to the data to obtain three-dimensional permutation. The overall The discrete chaotic tent map is a 1-D piecewise-linear map
process is repeated several times to make the encryption process defined by the following equation (Masuda and Aihara, 2002):
more robust and complex. Simulations show that the suggested ( S 
image encryption scheme has the advantage of large key space ax , 1 r x ra
f Tent ða,xÞ ¼  S  ð4aÞ
and high security. Sa ðSxÞ þ1, a oxrS
The rest of this paper is organized as follows. In Section 2, a
short background about the employed chaotic systems and where a(aA[1,S]) is an integer determined by user, and, bxc and
chaotic function and their behavior is presented. The proposed dxe denotes floor and ceiling of x, respectively. Generally, S is
encryption and decryption methods are described in Section 3 selected according to the plaintext. For an 8-bit image, S¼256 is
and the performance security analysis results of the proposed intuitive. The discrete tent map is a one-to-one mapping. In order
algorithm is brought in Section 4. In Section 5 the paper is to illustrate the impact of tent map on a time series, a 16  16
concluded. block of Lena image is selected and arranged in the form of time
series and then applied as the input to the tent map system. The
resulting time series is shown in Fig. 2. As seen, the output of the
2. Preliminary Materials tent map system has chaotic behavior, while the input of this
system has a quasi-periodic behavior.
As stated earlier, in order to implement the chaotic neural The inverse of above-mentioned tent map is also defined as
network for image encryption, some chaotic systems are used for (Masuda and Aihara, 2002):
8          
> ay=S  ay=S ¼ 1 and b a c 4 d Sa e or ay=S  ay=S ¼ 0
ay=S  ða=S1Þy
< ay=S if
1
f Tent ða,yÞ ¼       ð4bÞ
>
: ða=S1Þyþ S if ay=S  ay=S ¼ 1 and b a c r d Sa e
ay=S  ða=S1Þy

generating secret keys as well as neural network parameters. The 2.3. CAT map permutation algorithm
details of implementing this network will be described in Section
3. Beforehand, a short introduction to the employed chaotic In the permutation stage of image cryptosystems, three types
systems, the tent map and the Cat map permutation algorithm of two-dimensional chaotic maps are usually employed: the
will be presented in this section. Standard map, Cat map and generalized Baker map. Cat map is
the commonest map used in the literature. Suppose the size of the
2.1. The employed chaotic systems original grayscale image D is N  N and the coordinates of the
pixel positions are SI ¼{(x,y)9x,y¼1,2,y,N}. Cat map is described
A. Chua system: The chaotic Chua system is modeled by the as (Xiao et al., 2009):
following equations (Botmart and Niamsup, 2007): ! ! " # !
x^ x 1 p x
x_ 1 ¼ a1 ðy1 f ðx1 ÞÞ ¼Q modðNÞ ¼ modðNÞ ð5Þ
y^ y q pq þ 1 y
y_ 1 ¼ x1 y1 þz1
z_ 1 ¼ b1 y1 ð1Þ
where, p and q are positive integers which are called Cat map
3
where a1, b1 are constant parameters and f ðx1 Þ ¼ 2x1 x1 =7. control parameters and the (x,y) and ðx^ , y^ Þ are the original and the
With a1 ¼10, and b1 ¼100/7 system has chaotic behavior new positions, respectively. Since detðQ Þ ¼ 1, the map is area-
(Botmart and Niamsup, 2007). The projection of chaotic preserving.
N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 755

Fig. 1. The projections of chaotic attractors for: (a)–(c) Chua system, (d)–(f) Lorenz system, and (g)–(i) Lu system.

3. The proposed image encryption and decryption scheme and then enter to the activation function block which is a chaotic
tent map. The output of this layer is the diffused information
In this section, the step by step procedures and the properties which is the input of the PNL. In this layer, the permutation is
of the proposed image encryption scheme as well as its decryp- done in two steps. In the first step, a linear permutation is applied
tion process will be described. to the secret data. The permutation matrix is generated by the
chaotic key generator block. The permuted strings are then
3.1. Encryption algorithm nonlinearly shuffled via 2-dimensional Cat map permutation
algorithm (Section 2.3). This procedure is repeated several times
The flowchart of the proposed encryption process is shown in (R times) to achieve higher security and more complexity. In more
Fig. 3(a). As it is seen in this figure, three distinct blocks comprise details, the encryption process may be summarized in the
the encryption system: a chaotic key generator block, chaotic following steps:
neuron layer (CNL) and permutation neuron layer (PNL). Each of
the last two layers is 3-input 3-output and includes three Step 1: In the proposed algorithm, 160 bits authentication
neurons. The chaotic key generator block supports these layers code is used as secret keys. Therefore, the key space size is
by their corresponding weights and biases. The details of layer 2160. Select a sequence of 160 bits as the authentication code K,
interactions are illustrated in Fig. 3(b) and (c). In Fig. 3(b), the and then split them into five groups, that are further mapped
inputs of CNL are the RGB components of the input image. A into nine initial parameters x1(0),y1(0), z1(0), x2(0), y2(0), z2(0),
linear combination of the inputs are passed through two non- x3(0), y3(0) and z3(0). In Fig. 4 it is shown that how the secret
linear stages i.e. nonlinear normalization and bitxor operations keys are generated from the authentication code. Next, set R as
756 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Fig. 2. (a) A sample input of the tent map system and (b) the corresponding output of the tent map system.

Fig. 3. (a) The flowchart of encryption process, (b) Chaotic neuron layer, and (c) Permutation neuron layer.

Fig.4. The method of nine secretes keys generation from a 160 bits authentication code.

the number of iterations, and N0 as the complementary matrices in the following way:
secret keys. 2 3
x1 ðN0 þ iÞ x2 ðN0 þ iÞ x3 ðN0 þ iÞ
Step 2: Iterate three chaotic Chua, Lorenz and Lü systems using 6 y ðN þ iÞ y ðN þiÞ y ðN þiÞ 7
Runge–Kutta algorithm for N0 times to avoid the harmful
W dl,i ¼ 4 1 0 2 0 3 0 5 þ aI ð6Þ
effect of transitional procedure, thus x1(N0), y1(N0), z1(N0), z1 ðN0 þ iÞ z2 ðN0 þ iÞ z3 ðN0 þ iÞ
x2(N0), y2(N0), z2(N0), x3(N0), y3(N0) and z3(N0) are gotten. Call
r the iteration number. Set r ¼1. aðj,iÞ ¼ modð9xj ðN 0 þ iÞ9f loorðxj ðN 0 þ iÞÞÞ1014 ,255Þ þ 1, j ¼ 1,2,3
Step 3: Since the image D is a N  N pixels image, for T
Al,i ¼ ½að1,iÞ,að2,iÞ,að3,iÞ
N0 þi,i¼(r 1)  (N  N)þ1,y,r  (N  N) iterate the three
chaotic systems, where i¼1, 2,y represents the ith iteration bðj,iÞ ¼ dec2biðmodð9yj ðN 0 þiÞ9Þf loorðyj ðN 0 þiÞÞÞ
of chaotic systems. For each iteration compute Wdl ,Bdl and Al 1014 ,255Þ þ 1, j ¼ 1,2,3
N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 757

– XOR operation
Bdl,i ¼ ½bð1,iÞ,bð2,iÞ,bð3,iÞT ð7Þ
Y 4,k ¼ Y 31,k  Bdl,i ð13Þ
where, Wdl,i is the weight matrix and Bdl,i and Al,i are the bias
matrices of CNL, mod(x,y) returns the remainder after division,
– Applying chaotic activation function
floor(x) rounds the elements of x to the nearest integers less
than or equal to x and dec2bi(x) converts decimal number x to Y 5,k ¼ f ðY 4,k ,Al,i Þ þY 32,k ð14Þ
a binary value. Besides, I is a 3  3 identity matrix, and the
parameter a prevent from occurrence the singularity problem
in W 1
dl,i matrix. The next matrix to be determined is Wcl. This where, the symbol  in Eq. (13) represents the exclusive OR
matrix is the weight matrix of PNL and is employed for the operation bit-by-bit, and f(  ) in Eq. (14) is the chaotic tent map as
linear shuffling of the three color components of the output of introduced in Eq. (4a).
CNN, i.e. in order to change the positions of the (R, G, B) Step 6: The output of the CNL is the 3  (N  N) matrix Y5
components of the image. Therefore, it consists of 3  3 matrix
which is then permuted in two stages by PNL. At first, each
with just one ‘1’ in each of its rows/columns. In order to column of Y5 i.e. Y5,k,k¼1,y,(N  N) is linearly permuted as
determine Wcl, let us define:
Y 6,k ¼ gðW cl,i Y 5,k þ Bcl,i Þ ð15Þ
Di ¼ ½x1 ðN0 þ iÞ,y2 ðN 0 þiÞ,z3 ðN 0 þiÞ
w1,i ¼ argðmaxðDi ÞÞ
w2,i ¼ argðminðDi ÞÞ ð8aÞ Usually, the structure of the neural network layers (activation
functions of neurons, weight matrix and bias vector) are
where, by argðmaxðDi ÞÞ, we mean the index of the maximum regulated regarding the design purposes. Here, our purpose
value in the vector Di. Then the non–zero term of first and is to change the positions of the red, blue and green compo-
second rows of matrix Wcl,k is determined as nents of the image using the neural structure, i.e. linear neuron
W cl,i ð1,w1,i Þ ¼ W cl,i ð2,w2,i Þ ¼ 1 ð8bÞ with proper weights, but and without biases. Therefore, it is
assumed that g(x)¼x, Bcl,i ¼ [0,0,0]T, and the calculation of
and, the non-zero term of the third row is determined such
weight matrix Wcl,i is as clarified in step 3.
that it exists just one ‘1’ in each row/column of the matrix Wcl,k
Step 7: In this stage, the output of the linear permutation stage
( for example: [010;001;100]  [R, G, B] ¼[G, B, R]). Then, the
are shuffled. For this purpose, each row of matrix Y6 is
control parameters of Eq. (5) are derived as (Wang et al., 2009)
arranged in a N  N matrix and thus three output N  N
pi ¼ f loor½modðz1 ðN0 þ iÞ  224 ,NÞ matrixes are provided. Then, each matrix is permuted in
qi ¼ f loor½modðmodðz1 ðN0 þ iÞ  248 ,224 Þ,NÞ ð9Þ two-dimensional by Cat map permutation algorithm of
Section 2.3. Considering the three nonlinearly permuted
matrices as three planes of encrypted image (red, green, blue),
Step 4: Suppose that the input image P is N  N pixels. Then, the output encrypted image is derived, which is called Y7.
corresponding to each pixel k, there is a vector Xk of order Step 8: If the current round is not the final round of encryption
three with the RGB components of the pixel as its entries (r oR), then set P¼ Y7. Set r ¼r þ1 and return to step 3.
Xk ¼[Rk,Gk,Bk]T,k¼1,y,(N  N). Then the total color information Otherwise, set Pfinal ¼Y7 is the final cipher-image and encryp-
of the image will be a 3  (N  N) matrix X with columns tion process is completed.
Xk,k¼1,y,(N  N). Compute the matrix X as the input of CNL.
Step 5: Considering Fig. 3, in order to generate the secret
information, several operations are applied to each column of
matrix X, i.e. Xk,k¼1,y,(N  N) and i¼(r  1)  (N  N)þ 1,y, 3.2. Decryption algorithm
r  (N  N) as
In the decryption stage, the reverse of encryption process
Y 1,k ¼ W dl,i X k ð10Þ
should be performed. Therefore, the inverse of PNL and CNL
operations should be synthesized and applied to the encrypted
– Normalization (mapping the values of Y1,k into interval image, iteratively. The decryption process flow chart has been
[1,255]): shown in Fig. 5. From this figure, the decryption process can be
Y 1,k -½1,255 summarized as
Y 1,k ! Y 2,k ¼ NðY 1,k Þ ð11Þ
where, NðxÞ ¼ q1 tanhðq2 xÞ þq3 , and q1,q2,q3 are constant Step 1: Considering the authentication code K, generate secret
parameters. keys of x1(0),y1(0), z1(0), x2(0), y2(0), z2(0), x3(0), y3(0) and
– Manipulation: z3(0). Having known R and N0, iterate the three chaotic Chua,
Lorenz and Lü systems (Eqs. (1) to (3)) for i¼1,y,N0 þR 
Y 3,k ¼ f loorðY 2,k Þ þmodðY 2,k ,f loorðY 2,k ÞÞ ¼ Y 31,k þ Y 32,k ð12Þ
(N  N). Set r ¼R. Set the input image H¼Pfinal.

Fig. 5. The flowchart of decryption process.


758 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

1
Step 2: For N0 þi,i ¼(r  1)  (N  N)þ1,y,r  (N  N), compute H4,k ¼ f Tent ðAl,i ,H31,k Þ ð18Þ
the p, q, Wcl, Bcl, Al, Bdl and Wdl matrices using Eqs. (6)–(8).
H5,k ¼ H4,k  Bdl,i ð19Þ
Step 3: For each plane of encrypted image, H, execute the
reverse action of nonlinear permutation employing Eq. (5). Call H6,k ¼ H5,k þ H32,k ð20Þ
it H1. Represent H1 in a 3  (N  N) matrix form.
Step 4: Considering H1,k,k¼ 1,y,(N  N) as the kth column of
matrix H1, and i¼ (r 1)  (N  N)þ1,y,r  (N  N), the inverse – De-normalization (inverse mapping of Eq. (11)):
of linear permutation is done as
½1,255-H7,k
H2,k ¼ W cl,i 1 ðg 1 ðH1,k ÞBcl,i Þ ð16Þ H6,k ! H7,k ¼ N 1 ðH6,k Þ ð21Þ

H8,k ¼ W 1
dl,i H 7,k ð22Þ
Step 5: The secret information is decodes as 1
– Manipulation: where, in Eq. (18), is the inverse of chaotic tent map as it
f Tent
is defined in Eq. (4b), and N  1(  ) in Eq. (21) is the inverse of
H3,k ¼ f loorðH2,k Þ þ modðH2,k ,f loorðH2,k ÞÞ ¼ H31,k þ H32,k ð17Þ normalization function in Eq. (11).

Fig. 6. Histogram analysis: (a, b, c, d) the plain of original ‘‘Lena’’ image and the corresponding histograms of red, green and blue channels of the plain image; (e, f, g, h) and
(i, j, k, l) the same plots but for the encrypted and decrypted images, respectively.
N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 759

Step 6: Convert the 3  (N  N) matrix of H8 to the N  N pixel 4. Performance and security analysis
image with three color component. If r 41, set r ¼r  1, H¼ H8
and go to step 2. Otherwise, decryption process has been A good encryption procedure should be robust against all
completed and H8 is the decrypted image. kinds of cryptanalytic, statistical and brute-force attacks. Some
security analysis has been performed on the proposed image
encryption scheme.
Remark 1. In the proposed block-cipher, three components of
color image, i.e., R, G, B, comprises the input of the CNN. Thus,
with arranging the pixels of gray-level image in certain order as 4.1. Key space security
8
< R ¼ Pi ,
>
G ¼ P i1 , ð23Þ The security of key includes two aspects. One is the size of the
>
:B¼P , key space, which characterizes the capability of resisting brute-
i2
force attack. A short key means that the best encryption algorithm
The process of encrypting color image can be applied to the can be broken by exhaustive search (also known as brute-force
gray-level image similarly until the cipher image satisfies the attacks) in a reasonable amount of time, while the reverse is not
desired performance requirement. true. The other is the key non-recovery property. It must be

Fig. 7. Histogram analysis: (a, b, c, d) the plain of original ‘‘Baboon’’ image and the corresponding histograms of red, green and blue channels of the plain image; (e, f, g, h)
and (i, j, k, l) the same plots but for the encrypted and decrypted images, respectively.
760 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

computationally infeasible to recover the key. In our algorithm, a attacks, and that in 2050 this will be true for a 109-bit key. From
160 bits authentication code is used as secret keys. Moreover, the this, one might conclude that, a 128-bit key is sufficient to keep
parameters R, N0, p, q could also be used as the secret keys. data confidential for the next few decades. In (NIST Special
Therefore, an authentication code of at least 224 is feasible for the Publication 800-133, 2011), NIST, presumably based on similar
proposed algorithm. In order to examine if the selected key size is types of calculation, recommend a minimum of 128 bits of
enough, the suggestions in (Lian, 2009; Lenstra and Verheul, strength to keep data confidential ‘‘beyond 2030’’. Thus, in order
2001; NIST Special Publication 800-133, 2011; Bennett et al., to insure the required level of security, an authentication code of
1997; Ferguson and Schneier, 2003) has been considered, here. In 160 bit which has been considered in the proposed method seems
(Lian, 2009), Lian suggested that the key space should be at least a proper choice. On the other hand, in (Bennett et al., 1997) it has
264 for a sufficient security level against brute-force search been proved that a brute-force key search on a quantum compu-
attacks. The proposed cryptosystem has fulfilled this requirement. ter cannot be faster than roughly 2n/2 invocations of the under-
In (Lenstra and Verheul, 2001), Lenstra and Verheul took the data lying cryptographic algorithm, compared with roughly 2n in the
points from attacks on keys of various lengths and extrapolated classical case. Thus, in the presence of large quantum computers
them via Moore’s Law. They concluded that in 2030, it seems that an n-bit key can provide at least n/2 bits of security. This is one of
a 93-bit key size is sufficient for security against the brute-force the reasons why AES supports a 256-bit key length (Ferguson and

Fig. 8. Histogram analysis: (a, b, c, d) the plain of original ‘‘Peppers’’ image and the corresponding histograms of red, green and blue channels of the plain image; (e, f, g, h)
and (i, j, k, l) the same plots but for the encrypted and decrypted images, respectively.
N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 761

Schneier, 2003). Quantum brute force is easily defeated by encrypted by AES (Mollin, 2006), and the algorithm (Masuda and
doubling the key length, which has little extra computational Aihara, 2002) are still intelligible, some patterns in the encrypted
cost in ordinary use. This implies that at least a 218-bit key is image by the chaotic neural network in (Lian, 2009) are also
required to achieve 109-bit security rating against a quantum intelligible in Fig. 9(c), while the proposed algorithm encrypts the
computer up to about 2050. A conclusion can be drawn that the image into an unintelligible one (Fig. 9(d)).
key space of the proposed algorithm is large enough to resist the
brute-force attack, for the next few decades, even if quantum 4.3. Key sensitivity
computing is employed.
Additionally, compared with the proposed methods in (Yen In order to demonstrate the key sensitivity of our algorithm,
and Guo, 1999; Lian, 2009), this algorithm is of higher security several experiments have been done under the same condition but
against known-plaintext or selected-plain text attacks. In the with a small mismatch in secret keys. That is, in each case, a
algorithm proposed in (Yen and Guo, 1999), only weight matrices relative mismatch of order 10  14 exists in just one of the secret
are used as keys, which can be recovered by known-plain text or keys. Here, we only represent the variation of four parameters from
select-plain text attackers. In the proposed method, in addition to total keys. The secret keys of the different scenarios are chosen as
the weight matrices, the chaotic function f(  ) and the parameters
R, N0, p, qcan be used as keys, which make attackers more difficult
to recover these keys. Furthermore, the weight and bias matrices i. x1 ð0Þ ¼ 0:3 þ1e14 ¼ 0:30000000000001,
are constructed from three different chaotic maps and are x2 ð0Þ ¼ 1, x3 ð0Þ ¼ 1:75, z3 ð0Þ ¼ 2:75
different for each pixel in different iterations. Chaotic activation
functions and chaos-based 3-dimentional shuffling makes this
method more robust against variable attacks. Therefore, for ii. x1 ð0Þ ¼ 0:3, x2 ð0Þ ¼ 1 þ 1e14 ¼ 1:0000000000001,
successful decryption of the encrypted data, in addition the secret x3 ð0Þ ¼ 1:75,
keys, the above-mentioned parameters and functions as well as z3 ð0Þ ¼ 2:75
the decryption process must be known.

iii. x1 ð0Þ ¼ 0:3, x2 ð0Þ ¼ 1,


4.2. Histogram analysis x3 ð0Þ ¼ 1:75 þ 1e15 ¼ 1:750000000000001, z3 ð0Þ ¼ 2:75

An image histogram illustrates the distribution of pixels’


density versus their color intensity level. To show the feasibility
iv. x1 ð0Þ ¼ 0:3, x2 ð0Þ ¼ 1, x3 ð0Þ ¼ 1:75,
of the proposed scheme, we employed the 256  256 ‘‘Lena’’,
z3 ð0Þ ¼ 2:75 þ 1e16 ¼ 2:750000000000001
‘‘Baboon’’ and ‘‘Peppers’’ color images as our plain color images.
Taking R¼2, the plain-images, cipher-images and the decrypted
images mid the underlying histograms of these images versus Fig. 10 shows the decryption result for Lena image for these four
their three main components (red, green and blue colors) have scenarios with r ¼1. For each case, the decrypted image as well as
been shown in Figs. 6–8. As it is illustrated, the histograms of the the corresponding histogram of H8 in Eq. (22) has been shown. As
cipher-image are fairly uniform, and have good statistical proper- it is seen, even with such a small mismatches in the secret keys,
ties resembling white noise. In this manner, no information could the decrypted image is absolutely different from the real plain-
be achieved from the encrypted image about the order of pixels in image. Besides, the histograms have negative values. This obser-
the original image and hence does not provide any clue to employ vation shows that just such a small mismatch in the secret keys
any statistical attack on the proposed image encryption procedure. results in incorrect decrypted pixels both in value and sign.
Similar situation has been observed for other images (not Especially, this behavior makes decryption impossible when r is
shown here). greater than one. This is that to this fact that the input of inverse
Additionally, the Lena ciphered image in the gray-level form of tent map (f  1 in Eq. (4b)) must be positive, and XOR operation
with the proposed algorithm is compared with the traditional with negative number is impossible. Therefore, negative values in
cipher AES (Mollin, 2006) and the algorithm only based on tent the first round of decryption makes would block the decryption
map (Masuda and Aihara, 2002) as well as chaotic neural network procedure. This is, however, due to the high complexity and the
of (Lian, 2009). In the experiments, the image is encrypted by AES chaotic properties of the proposed algorithm. From this property,
(Mollin, 2006), the algorithm (Masuda and Aihara, 2002), chaotic it is seen that the proposed algorithm show very high robustness
neural network of (Lian, 2009) and the proposed algorithm, against just a small mismatch which implies a very high security
respectively. Seen from the results shown in Fig. 9, the images in data encryption.

Fig. 9. Comparison of image encryption results. (a) AES algorithm (Mollin, 2006), (b) the algorithm in (Masuda and Aihara, 2002), (c) chaotic neural network in (Lian, 2009)
and (d) proposed algorithm.
762 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Fig. 10. The sensitivity analysis with respect to the secret key for relative mismatch of order 1e-14 (a) mismatch in x1(0), (b) mismatch in x2(0), (c) mismatch in x3(0) and
(d) mismatch in z3(0).

4.4. Correlation coefficient analysis figure, it is observed that while two adjacent pixels in the original
are highly correlated, there is negligible correlation between the
As it is known, the correlation of between adjacent pixels in two adjacent pixels in the encrypted image. In the next stage, the
the original image is very high. An effective encryption algorithm correlation between two vertically adjacent pixels, two horizon-
should reduce the correlation between adjacent pixels. The tally adjacent pixels, two diagonally adjacent pixels, are also
following formula are used for calculation of the correlation computed for a batch of 5000 adjacent pairs of the original
coefficient (rxy) as and ciphered images. The correlation coefficients of proposed
NI cipher of Figs. 6(e), 7(e) and 8 (e) are compared with the
1 X traditional cipher AES (Zeghid et al., 2007), the algorithm
eðxÞ ¼ x
NI i ¼ 1 i (Rhouma et al.), and the algorithm in (Hongjun and Xingyuan,
1 X NI 2010), respectively, in Table 1. From Table 1, it is observed that
dðxÞ ¼ ðx eðxÞÞ2 the proposed image encryption have better performance in
NI i ¼ 1 i
comparison with other algorithms. Therefore, it can clearly be
NI
1 X seen that our algorithm can destroy the relativity effectively; the
covðx,yÞ ¼ ðx eðxÞÞðyi eðyÞÞ
NI i ¼ 1 i proposed image encryption algorithm has a strong ability to resist
covðx,yÞ statistical attack.
r xy ¼ pffiffiffiffiffiffiffiffiffipffiffiffiffiffiffiffiffiffi ð24Þ
dðxÞ dðyÞ
where x and y are the gray values of two adjacent pixels in the
image, covðx,yÞ is the covariance, d(x) is the variance and e(x) is 4.5. Information entropy analysis
the mean. For example, in Fig. 11, the correlations of both
vertically and horizontally adjacent pixels in Lena plain-image The information entropy is defined to express the degree of
and ciphered image have been compared. From the graphs in this uncertainties in a system. For a message source m, the information
N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 763

Fig. 11. Correlation of two adjacent pixels: (a) and (b) the distribution of two horizontally adjacent pixels in the plain and cipher images, respectively; (c) and (d) the
distribution of two vertically adjacent pixels in the plain and cipher images, respectively.

Table 1
Correlation coefficients of the original image Lena and the cipher-images obtained by the proposed scheme and the three
comparable block ciphers.

Scheme Vertical Horizontal Diagonal

Original image 0.9882 0.9856 0.9669

AES (Zeghid et al., 2007) 0.077 0.066 –

Algorithm (Rhouma et al.) 0.0845 0.0681 –

Algorithm (Hongjun and Xingyuan, 2010) 0.0965  0.0318 0.0362

Proposed algorithm
Lena 0.00122 0.00183  0.00119
Baboon 0.00141 0.00257 0.00096
Peppers  0.00085 0.00131  0.00192

entropy H(m) can be calculated as Table 2


Information entropies of the cipher-images obtained by the proposed scheme and
Nm
2X1 the two comparable block ciphers.
1
HðmÞ ¼  pðmi Þlog ð25Þ
i¼0
pðmi Þ Scheme R G B

where p(mi) represents the probability of occurrence of mi, and log Algorithm (Rhouma et al.) 7.9732 7.9750 7.9715
denotes the base 2 logarithm. For a random process, every symbol Algorithm (Hongjun and Xingyuan, 2010) 7.9851 7.9852 7.9832
has equal probability. Therefore, for example, for Nm ¼8, every
Proposed algorithm
symbol in m ¼ fm1 ,m2 ,. . .,m28 g has equal probability of Lena 7.9981 7.9962 7.9974
p(mi)¼2  8. Such a distribution results in the entropy H(m)¼8. Baboon 7.9967 7.9941 7.9985
Here, the performance of the proposed encryption/decryption Peppers 7.9975 7.9978 7.9933
method has been examined via analyzing the information entropy
of the ciphered image of Fig. 6(e). For the ciphered image, the
information entropy has been calculated for gray level value of the results show that the cipher-image is close to a random source and
pixels which is H(m)¼ 7.9951, while this value for the ciphered the proposed algorithm is secure against the entropy attack.
image with AES algorithm (Zeghid et al., 2007) is H(m)¼7.91.
Additionally, the information entropies of the three color compo- 4.6. Speed analysis
nents (R, G, B) of Figs. 6(e), 7(e) and 8 (e) are compared with the
algorithms (Rhouma et al.; Hongjun and Xingyuan, 2010) in Apart from the security considerations, some other issues on
Table 2. Our scheme leads to the highest entropy compared with image encryption are also important, such as the running speed
the other algorithms. They are very close to the ideal value 8. The for real-time image encryption/decryption. Here, the simulator
764 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Table 3 behavior makes decryption impossible when the number of


Average encryption/decryption speed of the proposed method in comparison with encryption iterations is greater than one.
other methods.
 Complexity: The proposed algorithm has remarkable com-
Scheme Encryption Decryption plexity and mixture characteristics. In the proposed algorithm,
speed speed the weight and bias matrices are constructed from three
different chaotic maps and are different for each pixel in
AES (Zeghid et al., 2007) 19.18 18.95 different iterations. Chaotic activation function and chaos-
Algorithm (Rhouma et al.) 7.67 7.46 based 3-dimensional shuffling makes this method more robust
Algorithm (Hongjun and Xingyuan, 9.69 9.56 against variable attacks. Therefore, for successful decryption of
2010) the encrypted data, in addition the secret keys, these functions
Proposed algorithm 12.06 11.85
and their parameters as well as the decryption process must
be known.
 Performance analysis: Simulation results for both gray-level
and color images have been demonstrated to evaluate and
compare its performance with that of other block ciphers. The
for the proposed cryptosystem is implemented using Matlab results show that the proposed scheme leads to the highest
7.7.0. Performance was measured on a 1.60 GHz Pentium IV with security level in terms of the key space, key sensitivity,
512 Mbytes of RAM running Windows XP. To evaluate the run- correlation coefficients, entropy and computational complex-
ning speed, the different images have been encrypted/decrypted ity of the cipher-images.
by the proposed cryptosystem ten times and the average time and  Computational speed analysis: The computational speed
speed have been evaluated. Simulation results show that the analysis of the proposed method is representative of high
average encryption/decryption time is 54.1 ms for encryption and speed of encryption/decryption as well as reasonably low time
55.95 ms for decryption and the average encryption/decryption of computation.
speed is 12.06 MB/s for encryption and 11.85 MB/s for decryption.
In order to show the strength of the proposed method, the
encryption/decryption speed of the proposed method has been
compared with that of the AES algorithm (Zeghid et al., 2007) and References
the algorithms of (Rhouma et al.; Hongjun and Xingyuan, 2010) in
Table 3. As seen in this table, compared to the other algorithms,
Botmart, T., Niamsup, P., 2007. Adaptive control and synchronization of the
the proposed method is fast. However, although the AES algo- perturbed Chua’s system. Math. Comput. Simulation 75 (1–2), 37–55.
rithm seems faster than the proposed algorithm, but it suffers Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, U., 1997. The strengths and
from lack of sufficient security as mentioned in last sections. weaknesses of quantum computation. SIAM J. Comput. 26 (5), 1510–1523.
Chen, G., Mao, Y., Chui, C.K., 2004. A symmetric image encryption scheme based on
3D chaotic cat maps. Chaos Solions Fractals 21, 749–761.
Chan, C., Cheng, L., 2001. The convergence properties of a clipped Hopfield
5. Summary and conclusions network and its application in the design of key-stream generator. IEEE Trans.
Neural Network 12 (2), 340–348.
Ferguson, N., Schneier, B., 2003. Practical Cryptography. John Wiley and Sons.
In this paper, a novel image encryption scheme based on Hongjun, L., Xingyuan, W., 2010. Color image encryption based on one-time keys
chaotic neural networks (CNN) is proposed. The employed CNN is and robust chaotic maps. Comput. Math. Appl. 59, 3320–3327.
Joshi, M., Shakher, C., Singh, K., 2009. Logarithms-based RGB image encryption in
a 3-input 3-output network comprised of two 3-neuron layers the fractional Fourier domain: a non-linear approach. Opt. Lasers Eng. 47 (6),
called chaotic neuron layer (CNL) and permutation neuron layer 721–727.
(PNL). The values of three RGB (Red, Green and Blue) color Karras, D.A., Zorkadis, V., 2003. On neural network techniques in the secure
management of communication systems through improving and quality
components of image constitute inputs of the CNN and three assessing pseudorandom stream generators. Neural Networks 16 (5-6),
encoded streams are the network outputs. CNL is a chaotic layer 899–905.
where, three well-known chaotic systems i.e. Chua, Lorenz and Lü Lian, S., 2009. A block cipher based on chaotic neural networks. Neurocomputing
72, 1296–1301.
systems participate in generating weights and biases matrices of
Lain, S.G., Chen, G.R., Cheung, A., Wang, Z.Q., 2004. A chaotic-Neural-Network-
this layer corresponding to each pixel RGB features. Besides, a based encryption algorithm for JPEG2000 encoded images. In: Proceedings of
chaotic tent map is employed as the activation function of this the 2004 IEEE Symposium on Neural Networks (ISNN2004), Dalian, China,
layer. The output of CNL, i.e. the diffused information, is the Lecture Notes in Computer Science, Springer, Berlin, 3174, pp. 627–632.
Lian, S., Sun, J., Wang, Z., 2006. Secure Hash function based on neural network.
input of PNL. In PNL a linear permutation in conjunction with a Neurocomputing 69, 16–18.
2-dimensional nonlinear shuffling obtains three-dimensional per- Li, D., Yin, Z., 2009. Connecting the Lorenz and Chen systems via nonlinear control.
mutation. The overall process is repeated several times to make it Commun. Nonlinear Sci. Numerical Simulation 14 (3), 655–667.
Lü, J., Chen, G., Zhang, S., 2002. The compound structure of a new chaotic attractor.
more robust and complex. The proposed method has 160-bits Chaos Solitons Fractals 14 (5), 669–672.
authentication code with two additional secret keys where a Lenstra, A.K., Verheul, E.R., 2001. Selecting cryptographic key sizes. J. Cryptology
slight mismatch in one of them results in severely decrypted 14 (4), 255–293.
Masuda, N., Aihara, K., 2002. Cryptosystems with discretized chaotic maps.
image. The main features of the proposed algorithm may be IEEE Trans. Circuits and Systems-I: Fundam. Theory Appl. 49 (1), 28–40.
summarized as Mollin, R.A., 2006. An Introduction to Cryptography. CRC Press, New York.
NIST Special Publication 800-133, July 2011. Recommendation for Key Manage-
ment: Part 1, NIST.
 Key space: The proposed algorithm has large key space Rhouma, R., Meherzi, S., Belghith, S. OCML-based colour image encryption, doi:10.
including a 160-bits authentication code which could be 1016/j.chaos.2007.07.083.
extended up to 224 bits. It has been shown that the key space Socek, D., Culibrk, D., 2005. On the security of a clipped Hopfield neural network
cryptosystem. In: 7th ACM Multimedia and Security workshop, pp. 71–75.
of the proposed algorithm is large enough to resist the brute-
Tong, X., Cui, M., 2008. Image encryption with compound chaotic sequence cipher
force attack, for the next few decades, even if quantum shifting dynamically. Image Vision Comput. 26 (6), 843–850.
computing is employed. Tong, X., Cui, M., 2009. Image encryption scheme based on 3D baker with
 Key Sensitivity: The analyses show that just such a small dynamical compound chaotic sequence cipher generator. Signal Process. 89
(4), 480–491.
mismatch of order 10–14 in the secret keys results in incorrect Wei, J., Liao, X., Wong, K., Xiang, T., 2006. A new cryptosystem. Chaos Solutions
decrypted pixels both in value and sign. Especially, this Fractals 30, 1143–1152.
N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 765

Wong, K.W., Kwok, B.S.H., Law, W.S., 2008. A fast image encryption scheme based Xiao, D., Liao, X., Wei, P., 2009. Analysis and improvement of a chaos-based image
on chaotic standard map. Phys. Lett. A 372 (15), 2645–2652. encryption algorithm. Chaos Solitons Fractals 40 (5), 2191–2199.
Wang, Y., Wong, K.W., Liao, X., Xiang, T., Chen, G., 2009. A chaos-based image Yen, J., Guo, J., 1999. A chaotic neural network for signal encryption/decryption
encryption algorithm with variable control parameters. Chaos Solutions and its VLSI architecture. In: Proceedings of the 10th VLSI Design/CAD
Fractals 41 (4), 1773–1783. Symposium, Taiwan, pp. 319–322.
Xiao, D., Liao, X., Wong, K.W., 2005. An efficient entire chaos-based scheme for Zeghid, M., Machhout, M., Khriji, L., Baganne, A., Tourki, R.A., 2007. Modified AES based
deniable authentication. Chaos Solutions Fractals 23, 1327–1331. algorithm for image encryption. World Acad. Sci. Eng. Technol. 27, 206–211.