- Email: [email protected]
A novel batch image encryption algorithm using parallel computing
A Novel Batch Image Encryption Algorithm Using Parallel Computing
Journal Pre-proof
A Novel Batch Image Encryption Algorithm Using Parallel Computing Wei Song, Yu Zheng, Chong Fu, Pufang Shan PII: DOI: Reference:
S0020-0255(20)30009-8 https://doi.org/10.1016/j.ins.2020.01.009 INS 15140
To appear in:
Information Sciences
Received date: Revised date: Accepted date:
19 October 2019 26 December 2019 6 January 2020
Please cite this article as: Wei Song, Yu Zheng, Chong Fu, Pufang Shan, A Novel Batch Image Encryption Algorithm Using Parallel Computing, Information Sciences (2020), doi: https://doi.org/10.1016/j.ins.2020.01.009
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2020 Published by Elsevier Inc.
A Novel Batch Image Encryption Algorithm Using Parallel Computing Wei Songa , Yu Zhengc,1 , Chong Fu a,b,∗, Pufang Shana a School
of Computer Science and Engineering, Northeastern University, Shenyang, Liaoning, China Research Center of Security Technology of Complex Network System, Ministry of Education, China c Department of Information Engineering, The Chinese University of Hong Kong, Sha Tin, Hong Kong SAR
b Engineering
Abstract Chaos-based encryption provides a practical way to protect the confidentiality of digital images nowadays. The increasing convenience (e.g., larger bandwidth) of data sharing stimulates the need for encrypting amounts of images in a fast manner. Yet most existing works aim to encrypt an image for each time. Although some parallel encryptions have been proposed, the speed is still far from satisfactory to proceed with the huge increasing number of images. This inspires us to consider another promising way, encrypting a batch of images parallelly for each time. We use maximum available number of threads in parallel computation for full use of processor resources. Considering the batch images as a shared resource, every thread competes with others to encrypt images in the shared resource in a preemptive manner for encryption. A classical permutation-diffusion architecture for chaos-based encryption is utilized for each thread, where logistic map and Lorenz system are used for generating keystream for permutation and diffusion, respectively. We make cryptographical analyses and perform experiments to confirm that the security is guaranteed. The results of efficiency tests demonstrate that the encryption speed is greatly improved compared with the state-of-art image encryption algorithms in parallel as well as serial modes. Keywords: Batch image encryption, Chaos, Multi-threads, Permuation-diffusion
1. Introduction Digital images sharing becomes more convenient nowadays via various social platforms (e.g., Facebook, Instagram). Yet lots of images may be privacy-sensitive such as individual portrait, thus people would only share with certain friends privately instead of the open network in public. The natural way is to encrypt the targeted raw images before transmission via open networks. Some solutions (e.g., Triple-DES, IDEA, and AES) may provide help, but these kinds of block-based encryption algorithms are originally designed for textual data [1]. Compared with text, digital images with more redundancy have a bulk size and stronger correlation among adjacent pixels. Traditional encryptions may not be suitable in this case considering the speed and security [2], which means that another type of encryption scheme is especially required to design for digital images. The natural advantages of chaos can be adapted into this kind of encryption, however, the concerning of speed in proceeding images with huge information entropy also catches the attention. Specifically, the current chaotic encryptions are mostly designed for a single image, they are not efficient (e.g., in speed, storage) in the context of batch images. Thus, our work aims to tackle the above problems by proposing a parallel chaos-based algorithm for batch image encryption. 1.1. Related work In recent years, chaotic system is utilized in encrypting images since the intrinsic features (e.g., sensitivity to initial conditions and system parameters, ergodicity, non-periodic) of a chaotic system are related to cryptography [3]. Many chaotic image encryption schemes have been proposed by utilizing the above features. The first chaos-based ∗ Corresponding
author. Email address: [email protected] (Chong Fu ) 1 This work started when Yu was affiliated with NEU, China. Preprint submitted to Information Sciences
January 10, 2020
enccryption algorithm was proposed by Matthews in 1989 [4]. It’s the landmark that chaos theory enters cryptography. In 1998, Fridrich proposed a fundamental encryption architecture consisting of two iterative operations–permutationdiffusion [5]. The first operation is used for eliminating the strong correlation between pixels and the later operation is used for diffusing the influence of each pixel to the whole cipher-image, respectively. The following works [6–18] using this architecture have been proposed. Specifically, some new chaotic maps [11– 13] were designed by combining low-dimensional chaotic maps. These chaotic maps have good chaotic behaviors with the experiment results showing that it’s efficient and secure to apply them to image encryption. As for the works [14–17], bit-level image encryptions were introduced. In the permutation stage, as a pixel is composed of 8 bits, the value of the pixels is changed by changing the position of bits. Yet the times of manipulations of data have increased 8 times, which means that it severely impacts the encrypting speed. Chaos theory can also be combined with other theories. For example, DNA theory was used with chaos to encode the plain-image, and its operation rules were used to transform encoded image into cipher-image [6–10]. The feasibility of applying matrix semi-tensor product theory was discussed in [18] to meet the requirements of symmetric encryption. Based on this theory, an image encryption algorithm for synchronously updating the Boolean network was proposed. The keystream is generated by 2D-LASM chaotic system which has extremely complex dynamic behavior. All referred solutions above are for single image encryption. Actually, there are always lots of images to be processed, so image batch processing has been widely used, for example in the field of deep learning. More specifically, it’s used in image recognition [19], face pose estimation [20], place recognition [21] and image ranking [22], etc. At the same time, there are batch images that need to be protected before transmission. This inspires researchers to propose some parallel encryption schemes to reduce encryption time [23–27]. A new framework of parallel image encryption using the discretized Kolmogorov flow map was designed in [23]. An image is divided into 4 sub-images, and then the position of pixels is shuffled in the whole image by using a total shuffling matrix which is generated by the logistic map. Later on, the 4 sub-images will be encrypted simultaneously [24]. Wang et al. [25] pointed out that the keystream generated by the high-dimensional chaos will always be the same when encrypting the different images, resulting in that the cryptosystems being weak against chosen-plaintext attack. M. Rostami et al. [26] used two 16 × 16 chaotic blocks to make their algorithm more suitable for parallel processing. Li et al. [27] divided the whole image into k pieces, and utilize chaotic Duffing oscillators to generate pseudo-random and complex sequences to encrypt the pieces, then combining the k pieces into the ciphered image. All referred solutions above are designed for encrypting only an image each time. This is not efficient in transmitting a batch of images. Recently, some schemes [28–30] have been designed for batch images. The batch image encryption algorithms mentioned above execute in a serial manner, which results in long overall running time. But there are almost no aproaches on parallel batch image encryption. When facing this kind of situation, it’s imperative to design some more targeted algorithms instead of utilizing existing algorithms, as we are supposed to respond flexibly to different situations. In our paper, we focus on reducing encryption time in the context of a large number of images to be encrypted. Luckily, a computer with multiple processors can help to encrypt a batch of images parallelly by decomposing the main task into multiple sub-tasks. Then each sub-task hands over on a thread, enabling a higher speed of encryption. So we can use parallel ideas to encrypt batch images, say different threads encrypting different images parallelly. 1.2. Our Contribution We propose a novel chaos-based parallel batch-image encryption algorithm which enables a higher rate of usage of processors. The core contributions are summarized in the following. • We propose a parallel scheme by scheduling multiple threads for speeding up encrypting a batch of images, which reduces the time of encryption largely. Multiple threads are running to proceed images simultaneously, each of which encrypts one image under a chaotic permutation-diffusion architecture. This solution makes full of the advantage of model computers, i.e., multiple processors. • We perform sufficient experiments in different dimensions which confirm the reliable security and higher speed compared with the state-of-art works [2, 27, 31]. Theoretical analyses such as upper bound of executing time are also given to support our experimental results. 2
(a) Multi-threaded concurrent preemption of image ID.
(b) Encryption pipeline for a single image. Figure 1: The proposed image encryption architecture.
• Our solution can also be adapted to other existing chaotic encryption schemes by utilizing them in each thread for encryption. Additionally, our scheme is flexible to encrypt different sizes of images. Roadmap. Section 2 analyses how multiple threads preemptively encrypt batch images and gives the encryption architecture. The detailed encryption process and the proof of the time upper bound of our algorithm will be explained in section 3. Section 4 presents the simulation results and security analysis. Finally, section 5 concludes this paper. 2. Problem Formulation and Encryption Architecture Our problem to be tackled is how to encrypt multiple images fast. The naive way is to encrypt images one by one, which is time-consuming if the number of images is large. In this case, we consider parallel encryption for batch images, i.e., each thread encrypting different images parallelly and simultaneously. Fig. 1 shows the parallel encryption architecture for batch images. The images to be encrypted (which are labeled by the identity numbers) are regarded as shared resources for all threads. Different threads compete with each other to encrypt one of the batch images by performing the instructions 3
as depicted in Fig. 1(b). It should be noted that only one thread can manipulate shared variables or data in a short time, otherwise resulting in errors. Specifically, we assign a unique ID to each image and store them in a global variable ImageIDSet which is initialized to 0 before manipulating images. Varied global variables are representing different images. Suppose we have two threads operating on ImageIDSet one after the other. The first thread gets the ImageIDSet0 and encrypts the image whose ID is 0, then the ImageIDSet is automatically increased by 1. The operation ImageIDSet + + is represented in three steps, see steps of register1 : // 1. Steps of register1
// 2. Steps of register2
// 3. Parallel steps of two registers
register1 = ImageIDSet register1 = register1 + 1 ImageIDSet = register1
register2 = ImageIDSet register2 = register2 + 1 ImageIDSet = register2
register1 = ImageIDSet, register2 = ImageIDSet register1 = register1 + 1, register2 = register2 + 1 ImageIDSet = register2 , ImageIDSet = register1
The second thread gets the ImageIDSet1 and encrypt the image 1. Follow this rule until all images are encrypted. But when the two or more threads execute concurrently, data garbled may occur. For example, when the second thread increases the ImageIDSet by 1, it is represented as steps of register2 . Here, register1 and register2 are local registers for processors. When executing two threads at the same time, it means the internal instructions of the two increment operations are also executed concurrently. The order in which the instructions are executed may be like parallel steps of two registers. After the steps, two threads are encrypting the same image simultaneously, we don’t know what the encrypted data will be. Similarly, we also consider the case that two threads decrypt the same image in the decryption process. To guarantee no turmoil when reading and writing shared data, we should exclude interference from other threads when a thread is encrypting an image. To avoid race condition, we need to perform thread synchronization. Here, we use a critical section that a fragment of a program accesses a shared resource, and these shared resources can’t be accessed by multiple threads at the same time. Threads need to wait for the thread entering the critical section. Multiple processes or threads must access it mutually exclusive. Algorithm 1 Structure of critical section 1: InitializeCriticalSection() 2: do 3: EntrySection() 4: critical section 5: ExitSection() 6: remainder section 7: while True 8: ...... 9: DeleteCriticalSection() As summarized in Algorithm 1, different threads apply to enter the critical section then only one thread enters, while others wait outside critical section. Next, the entered thread gets an image ID without any interference, and then leaves critical section, continuing to encrypt the image pointed to by the ID. Simultaneously other threads compete for entering critical section to get an image ID again. Each thread just gets an image ID whose data type of ID is integer, and ImageIDSet updates its value, then it will leave critical section. Thus, the time cost by the critical section is very little and overall encryption efficiency of the algorithm isn’t affected too much. The experimental evaluation also confirms this in Section 4.
4
(a) The bifurcation diagram of logistic map.
(b) Lyapunov exponents for logistic map.
Figure 2: The using of logistic map in permutation stage.
3. Detailed Construction 3.1. Selected Chaotic System In the permutation stage, the logistic map with simple structure and complex dynamic behavior is utilized to generate pseudo-random chaotic sequences, which is defined as, xn+1 = µxn (1 − xn ), xn ∈ [0, 1],
(1)
where xn is state variable, n is the number of current iterations and the the range of parameter µ is (0, 4]. Its bifurcation diagram is depicted in Fig. 2(a). When µ ∈ (3.57, 4], the logistic map is chaotic interrupted by many periodic windows corresponding to nagative Lyapunov exponents, as shown in Fig. 2(b). Obviously, incorrect selection of µ may cause the cryptosystem to fail. To address the issue, we fixed µ to 4 so that the system is surjective at the interval (0, 1). The initial value x0 of the map can be any value within (0, 1) except 0.5 and 0.75. Because when x0 or xn is equal to 0.5 or 0.75, logistic map will fall into a fixed point. To avoid this bad situation, a slight perturbation must be done. In the diffusion stage, we use a more complex chaotic Lorenz system with more initial condition values, which makes attackers difficult in predicting trajectory efficiently due to the larger key space. The expression of this chaotic Lorenz system is defined as in the following at time slot t, dx = σ(y − x), dt dy = x(ρ − z) − y, dt dz = xy − βz, dt
(2)
where the state variables and parameters are x, y, z and σ, β, ρ, respectively. This system is chaotic when σ = 10, β = 8 3 , ρ = 28, as showed by attractor images in Fig. 3. For fast computation, 4th-order Runge-Kutta method is utilized to solve the Lorenz system. The formulas are defined by,
where
xn = xn−1 + (h/6)(K1 + 2K2 + 2K3 + K4 ), yn = yn−1 + (h/6)(Y1 + 2Y2 + 2Y3 + Y4 ), Z = Z + (h/6)(Z + 2Z + 2Z + Z ), n n−1 1 2 3 4
5
(3)
(a)
(b)
(c)
(d)
Figure 3: Projections of Lorenz system (a) Three dimensional attractor. (b) X-Y plane projection. (c) Y-Z plane projection. (d) X-Z plane projection.
K j = σ(yn−1 − xn−1 ), L j = xn−1 (ρ − zn−1 ) − yn−1 , (with M = x y − βz , j n−1 n−1 n−1
j = 1)
K j = σ[(yn−1 + hL j−1 /2) − (xn−1 + hK j−1 /2)], L j = (xn−1 + hK j−1 /2)[ρ − (zn−1 + hM j−1 /2)] − (yn−1 + hL j−1 /2), M = (x + hK /2)(y + hL /2) − β(z + hM /2), j n−1 j−1 n−1 j−1 n−1 j−1
K j = σ[(yn−1 + hL j−1 ) − (xn−1 + hK j−1 )], L j = (xn−1 + hK j−1 )[ρ − (zn−1 + hM j−1 )] − (yn−1 + hL j−1 ), (with M = (x + hK )(y + hL ) − β(z + hM ), j n−1 j−1 n−1 j−1 n−1 j−1
(with
j = 2, 3)
j = 4)
and the step size h is chosen as 0.005 after we consider speed and model computer precision. Additionally, Lorenz system generates 3 state variables at each iteration, all of which are used in diffusion. 3.2. The Proposed Encryption Algorithm Our design is shown in algorithm 2, which can be divided into two parts, i.e., image-thread matching and encrypting images in parallel. We define the path of batch images as Img Path, and the initial values of used chaotic system as (x0 , lx0 , ly0 , lz0 ). The detailed explanation is as follows with steps. Algorithm 2 Our proposed encryption algorithm Input: Img Path, x0 , lx0 , ly0 , lz0 , Nump Output: Ciphered images 1: Read Images from the Img Path and assign an ID to each image. 2: ImgNum ← N and Create Nump threads. 3: while ImgNum! = 0 4: Each thread applys for entering critical section 5: Get an Image ID and ImgNum − − 6: Leave the critical section and encrypt the image Image-thread matching: 1. Read all images by order and assign a unique ID to each image satisfying ID ∈ [0, NumImg ]. An image ID is used as the unique identifier of an image in the shared resources which all threads preempt. Critical section is used to protect image ID from disorder when threads preempt shared resources. 6
Figure 4: The permutation strategy based on pixel swapping mechanism.
2. Get the number of processors Nump and create the same number of threads. Set priority and affinity of each thread to make them run on different processors. Suspend the threads and initialize the parameters of each thread, containing the thread ID and the key of logistic map and Lorenz system. After that, resume the threads’ execution. 3. When the thread i executes thread function, it mainly contains two important operations which are the preemption of image ID and the image encryption. The thread i applies to enter the critical section and waits until it gets permission to enter. Then, it gains an image ID. We suppose that the ID is 1, the global variable that stores ID is incremented by 1. After it leaves critical section, the thread i encrypts the image pointed by ID1 . Next, the thread with thread ID (may be k) sccessfully finishes similar operation and then encrypts the image pointed by ID2 . Then we will perform the following steps for encryption afer getting this image. Encryption in each thread: When thread m encrypts an image, without loss of generality, the image pointed by IDk is regarded as a 24 bit-color image of size W × H. The detailed encryption process is described as follows.
1. Convert the image into a 1-dimensional array in bytes P = {p0 , p1 , ..., p3×W×H−1 }, the order is from left to right, top to bottom. 2. Pre-iterate the logistic map for T 0 times to avoid the harmful effect of the transitional procedure, where T 0 is constant. Then, iterate the logistic map for (3 × W × H − 1) times to generate a chaotic sequence LC = {lc0 , lc1 , ..., lc3×W×H−2 }. 3. The permutation strategy is based on pixel swapping mechanism, that is, each pixel exchanges its position of another pixel which is randomly selected behind it. It works as shown in Fig. 4. To conduct this phase, permutation coordinates which can be obtained by quantizing the chaotic sequence, are needed. The quantization operation is described as, kpi = round((abs(lci ) − floor(abs(lci ))) × 1014 ),
(4)
position[i] = i + (i + mod(kpi , (3 × img size − 1) − i)),
(5)
position[i] = 3 × img size − 1,
(6)
kdi = mod[round((abs(ldi ) − floor(abs(ldi ))) × 1014 ), L],
(7)
where round(x) is a rounding function, abs(x) returns the absolute value of x, floor(x) returns the largest integer less than x. The next operation is to generate permutation coordinates according to ki .
Then swap the pixel i with another pixel located at position[i], for the last pixel, leave its position as it is.
where i represents the ith pixel, mod(x, y) returns the remainder of x divided by y, img size is the image size. 4. Pre-iterate the Lorenz system for T 0 times for better chaos. Then iterate the system for W × H times, during each time of iteration, three state variables can be produced. Finally, a chaotic sequence LD = {ld0 , ld1 , ..., ld3×W×H−1 } used for diffusion phase is obtained. 5. Quantize the chaotic sequence by,
7
where L is the graylevel. 6. Carry out diffusion operation in term that. cn = kdn ⊕ {[pn + kdn ] mod L} ⊕ cn−1 ,
(8)
pn = [kdn ⊕ cn ⊕ +2L − kdn ] mod L.
(9)
where pn is plaintext color component ,and cn and cn−1 are the current and previous ciphered color components, respectively. ⊕ indicates an XOR operation. As for the initial value of c−1 , it can be set as a constant, here is 127. 7. Wait for all the threads to finish executing. Encryption time expires until the end of the last thread. The decryption procedure, overall, can be considered as a reverse order of encryption procedure. The inverse of Eq. (8) is that,
It should be noted that the number of decrypted images by each thread may be different from that of the encrypted images due to the preempt method we use. 3.3. Proof of the time upper bound Here is the proof that our algorithm has a time upper bound. Although there are already many parallel algorithms, they still lack convincing theoretical proof. We prove that our algorithm has a time upper bound, and it’s better than ordinary parallel algorithms. The results of experiments also confirmed our proof. From the proof we know that if we want to reduce the upper bound of encryption time, we must make processors work as much as possible. The details are as follows. Proof. We define an encryption step as S en . Then one encryption time S en consumes is T en . The encryption time T is composed of T en . As the size of image may be different, the T en of different S en may be different. Suppose we have P processors, and the number of images is N. The running time of our parallel algorithm on P processors is T p . But if there is only one processor, the algorithm is converted into a serial algorithm, the running time PN T eni . is T sum , it’s the sum of all T en , T sum = i=1 In each encryption step, on P processors, an ideal parallel algorithm can encryption at most P images. Thus in T p time, it can encrypt at most PT p images. And in serial model, it can encrypt T sum images, the total number of images, we have PT p ≥ T sum . So T p ≥ T sum /P. In each encryption step, if all the P processors are encrypting images, then we call it a complete encryption step, S ces . Otherwise, fewer than P processors are working, we call it an incomplete encryption step, S ins . The encryption time of S ins is T ins . We start by considering the S ces . In each S ces , the P processors can encrypt P images. Let’s use contradiction proof. Suppose that the number of S ces is strictly greater than bT sum /Pc. Then, the total images encrypted by S ces is at least P · (bT sum /Pc + 1) = P bT sum /Pc + P = T sum − (T sum modP) + P > T sum .
Thus, there is a contradiction that P processors would encrypt more images than total number of images. So, T p can’t be all of S ces , the maximum number of S ces it can contain is bT sum /Pc. Now, consider the S ins . It means that the number of encrypted images is fewer than P. So all encryption steps consist of S ces and S ins . In the best case, all steps are S ces , while the worst case is all steps are S ins . The T p is the sum of two kinds of encryption step. We have, T p ≤ T sum /P + T ins , T ins is related to the idleness of processors. We can define a value, Vid p , that represents processor idleness. Vid p = Pwork /P, where Pwork is the number of processors that are working. The fewer processors that are idle, the smaller the Vid p and T ins are. Vid p and T ins are positively correlated.
To reduce the encryption time, we need to reduce the number of incomplete steps. As for a specific case, the T sum and P can’t be optimized. Our algorithm reduces the Vid p . So it can satisfy not only the T sum /P, but also reduce T ins . 8
Figure 5: Time saved by our preemptive encryption algorithm.
Fig. 5 describles how our preemptive encryption reduces the Vid p . Each thread ends at different slot. The whole encrption time is determined by the longest running thread. For the naive parallel algorithms, the processor will be idled when a thread ends its encryption task. It means other threads need to wait for the one which is still processing encryption. Our preemptive encryption method tries its best to keep all processors working in the way that it shifts some images to idled processors. As shown in Fig. 5, the time T s = T 1 − T 2 is saved. 4. Experimental Evaluation and Security Analysis We perform our tests on images with the number 50, 100, 150, 200 from USC-SIPI Image Database. These 200 test images include 57 256 × 256 gray images, 9 256 × 256 color images, 59 512 × 512 gray images, 21 512 × 512 color images, 30 1024 × 1024 gray images and 24 1024 × 1024 color images. Tab. 1 lists some test results. The initial value of logistic map and Lorenz system (x0 = 0.19379856882846, lx0 = 19.3295439058107, ly0 = 11.3582814798081, lz0 = 24.3474137484743) are used as the key. The analyses of security and performance are given below. 4.1. Brute-Force Attack The key space of our cryptosystem is large against brute-force attack, say {0, 1}212 . Specifically, the initial values of logistic map x0 and Lorenz system (lx0 , ly0 , lz0 ), are used as permutation key and diffusion keys, each of which has 53 bits precision. As two stages are independent of each other, the total key space is 253×4=212 , which is secure s.t. key space is larger than 2100 [32]. 4.2. Statistical Attack Analysis Statistical attack analysis refers to histogram analysis, information analysis and correlation of adjacent pixels analysis. 4.2.1. Histogram Analysis Histogram analysis means the frequency distributions to pixel values of ciphertexts are uniform so that the attacker can’t infer plaintext. The fequency distribution of pixel values implies the statistical correlation between plain-image and cipher-image. A cryptosystem should have the ability to hide the correlation. Through histogram analysis, we can intuitively observe the fequency distribution of pixel values in the image. Fig. 6 shows frequency distributions in three color channels after 1-round encryption. The frequency distribution of cipher-image is perfectly uniform. It shows that our algorithm successfully hides the correlation between plain-image and cipher-image.
9
Figure 6: (a) and (h) are the plain-image and cipher-image, (b)-(d) and (i)-(k) are the three corresponding color channels, (e)-(g) and (l)-(n) are the corresponding histograms, respectively.
4.2.2. Information Entropy Analysis Information entropy representing the average number of bits required to store a character is another way to analyse the distribution to pixel values of images. This is a key indicator for measuring the randomness and unpredictability, which is defined as, N X P(S i ) log2 P(S i ), (10) H(S ) = − i=1
where S is a random variable with N outcomes {S 1 , S 2 , ..., S N }, and P(S i ) is probability of S i appearance. From the Eq. (10), the entropy of a random source with N is log2 N. For example, the information entropy of a random image with 256 gray levels is theoretically 8. Otherwise, a cryptosystem would be attacked by analyzing the appearance of some characters, e.g., frequency analysis. Tab. 1 lists comparison of information entropy of different algorithms of the test images and the corresponding cipher-images. All information entropy of the cipher-images in Tab. 1 is very close to 8, showing good randomness. Compared with other algorithms [2, 27, 31], as our proposed algorithm encrypts batch images, we test more images and the information entropy is practically 8. 4.2.3. Correlation of Adjacent Pixels Analysis Correlation of adjacent pixels analysis says the similarity of pixel values between adjacent pixels in an image. Each pixel has a strong correlation with its adjacent pixels in horizontal, vertical and diagonal directions for a digital image. A good cryptosystem should remove this correlation as possible in a quantitative way, which enables guaranteeing security. We calculate the correlation coefficients r xy with 5000 pairs of adjacent pixels in the image through Eq. (11) from a quantitative perspective. 1 PN ¯)(yi − y¯ ) i=1 (xi − x N r xy = q , (11) P PN N ( N1 i=1 (xi − x¯)2 )( N1 i=1 (yi − y¯ )2 ) PN PN where x,y are the two-pixel values of adjacent pixels, x¯ = N1 i=1 xi , y¯ = N1 i=1 yi , and N is the number of sample points. Tab. 2 lists the correlation coefficients of the three directions. From Tab. 2, the correlation coefficients are close to 1 for plain-images, which means there is a strong correlation among adjacent pixels. For cipher-images, the correlation coefficients are close to 0 which means our algorithm eliminates the correlation of adjacent pixels. It is convenient to visually express the test results when analyzing from a qualitative perspective. Plot a scatter diagram of coordinate that is the values of a pair of adjacent pixels (x, y) as in Fig. 7. Unlike the scatter diagrams 10
Table 1: Comparison of information entropy of different algorithms.
Filename Cameraman Chemical Clock Moonsurface Aerial StreamAndBridge CarAndAPCs Tank Truck TruckAndAPCs Male Airport Couple Female House Jellybeans Mandrill Peppers Sailboat Splash Barbara
Size 256 × 256 256 × 256 256 × 256 256 × 256 256 × 256 512 × 512 512 × 512 512 × 512 512 × 512 512 × 512 1024 × 1024 1024 × 1024 256 × 256 256 × 256 256 × 256 256 × 256 512 × 512 512 × 512 512 × 512 512 × 512 720 × 576
Type Gray Gray Gray Gray Gray Gray Gray Gray Gray Gray Gray Gray Color Color Color Color Color Color Color Color Color
Plain 6.844040 7.342433 6.705667 6.709312 7.311807 5.705560 6.107418 5.495740 6.027415 6.563196 7.523737 6.830330 5.791983 6.553184 7.143593 5.985648 7.679608 7.565483 7.572155 7.019297 7.474731
Cipher 7.997192 7.997783 7.997608 7.997476 7.996961 7.999206 7.999170 7.999328 7.999343 7.999272 7.999807 7.999786 7.997375 7.997581 7.996985 7.996896 7.999296 7.999251 7.999349 7.999189 7.999549
Ref. [2] — — — — — 7.999300 — — — — 7.999800 — — — — — — — — — —
Ref. [27] — — — — — — — — — — — — — — — — — 7.999859 — — —
Ref. [31] 7.990400 — — — — — — — — — — — — — — — 7.997100 7.996100 — — 7.993200
Table 2: Correlation coefficients for adjacent pixels in plain-images and the corresponding output cipher-images.
Image mandrill
airplane
peppers
Direction Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal
R 0.878811 0.929158 0.867137 0.954388 0.973093 0.930650 0.966673 0.960547 0.951730
Plain-image G 0.775681 0.865516 0.746226 0.971024 0.953255 0.929413 0.982030 0.982068 0.968672
B 0.876955 0.899540 0.831447 0.926694 0.968970 0.9048115 0.964476 0.967357 0.942911
11
R −0.002933 0.002134 0.000402 0.002251 0.008798 0.010604 0.001705 0.014842 −0.019529
Cipher-image G 0.008411 −0.014631 0.002829 0.022833 0.004532 −0.012587 −0.030952 0.001667 0.004391
B 0.004816 −0.016196 0.000824 0.003489 −0.004566 −0.014987 −0.010851 −0.023300 0.011354
(a)
(b)
(c)
(d)
(e)
(f)
Figure 7: The scatter diagram of adjacent pixels, (a)-(c) and (d)-(f) are the scatter diagrams for horizontally adjacent pixels in three components of Mandrill and its output cipher-image, respectively.
(a)-(c) that the points are mostly located near the diagonal, the points in the scatter diagrams (d)-(f) almost cover the entire plane. Points in (d)-(f) are on the entire plane compared with that in (a)-(c) (on diagonal), which means our algorithm eliminates the strong correlation of adjacent pixels. 4.3. Diffusion Performance The number of pixel change rate (NPCR) to test the image difference, and the unified average changing intensity (UACI) to test average difference intensity are used to evaluate performance in diffusion. Suppose P1 (i, j) and P2 (i, j) are the (i, j)th pixel of image P1 and image P2 , respectively. The NPCR is defined as, PW P H j=1 D(i, j) i=1 NPCR = × 100%, (12) W×H where W and H are the image width and height. D(i, j) is defined as, ( 0 i f P1 (i, j) = P2 (i, j), D(i, j) = (13) 1 i f P1 (i, j) , P2 (i, j). For two random images, the theoretical value of NPCR is: NPCRtv = (1 −
1 ) × 100%, 2L
where L is the image gray level. For instance, the NPCR of two 8-bit random grayscale images is 99.609%. The UACI is defined as, W H 1 X X |P1 (i, j) − P2 (i, j)| × 100%, UACI = W × H i=1 j=1 2L − 1
Similarly, the theoretical value of UACI is,
12
(14)
(15)
Table 3: Information about the test images for NPCR and UACI.
Image name clock cameraman bridge tank male airport barbara couple sailboat peppers mandrill
Type
Size
gray gray gray gray gray gray color color color color color
256 × 256 256 × 256 512 × 512 512 × 512 1024 × 1024 1024 × 1024 720 × 576 256 × 256 512 × 512 512 × 512 512 × 512
Color component — — — — — — blue blue blue blue green
Pixel position (x, y) (41, 35) (87, 90) (53, 165) (214, 217) (90, 97) (78, 81) (194, 156) (147, 190) (58, 178) (223, 159) (231, 186)
Pixel original 174 101 101 118 90 49 148 57 42 124 82
Value modified 173 100 102 117 97 48 149 58 43 125 83
Table 4: Comparison of NPCR and UACI of different algorithms.
Image name bridge male cameraman peppers barbara mandrill clock tank airport couple sailboat
Performance criteria NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI
Proposed
Ref. [2]
Ref. [27]
Ref. [31]
0.9962 0.3344 0.9960 0.3348 0.9959 0.3370 0.9962 0.3374 0.9963 0.3376 0.9961 0.3347 0.9959 0.3361 0.9961 0.3334 0.9961 0.3347 0.9961 0.3342 0.9961 0.3344
0.9961 0.3346 0.9960 0.3346 — — — — — — — — — — — — — — — — — —
— — — — 0.9938 0.3368 0.9962 0.3857 — — — — — — — — — — — — — —
— — — — 0.9960 0.3315 0.9971 0.3219 0.9962 0.3322 0.9959 0.3156 — — — — — — — — — —
1 UACItv = L 2 (2 )
P2L −1 i=1 i(i + 1) × 100%. 2L − 1
(16)
According to Eq. (16), the UACI of 8-bit random grayscale images is 33.464%. We introduce images at the test stage in Tab. 3. As listed in Tab. 3, there is only one bit different of a pixel value between plain-image and cipher-image. The pixel location is randomly selected. In [27], the changed pixel location are all (32, 32). In [2], NPCR and UACI of image male is the average values of multiple test results. Tab. 4 lists the comparison of NPCR and UACI of different algorithms. Compared with other algorithms, we provide more test results, the NPCR and UACI of our algorithms are very close to 0.99609 and 0.33464, which confirms good diffusion performance.
13
(a)
(b)
(c)
(d)
(e)
(f)
(g)
(h)
(i)
(j)
Figure 8: (a) is plain-image, (b),(c),(e),(g),(i) are the cipher-images encrypted by Key(a)-(e), (d), (f), (b), (j) are the differential images of (b) and (c), (b) and (e), (b) and (g), (b) and (i), respectively.
(a)
(b)
(c)
(d)
(e)
(f)
Figure 9: (a) is the cipher-image encrypted by key (a) in Table 7, (b) is the right decrypted image, (c)-(f) are cipher-image decrypted by key (b)-(e) in Tab. 5, respectively.
Table 5: Test keys for key sensitivity analysis of the encryption procedure of algorithm.
Key No. (a) (b) (c) (d) (e)
x0 0.19379856882846 0.19379856882847 0.19379856882846 0.19379856882846 0.19379856882846
lx0 19.3295439058107 19.3295439058107 19.3295439058108 19.3295439058107 19.3295439058107
ly0 11.3582814798081 11.3582814798081 11.3582814798081 11.3582814798082 11.3582814798081
lz0 24.3474137484743 24.3474137484743 24.3474137484743 24.3474137484743 24.3474137484744
4.4. Key Sensitivity Analysis The sensitivity of key exists in both encryption and decryption process. It’s one of the essential indicators to measure the security of a cryptosystem. This means the cipher-images are completely different under two similar keys (e.g., only 1-bit difference) from the attacker. Conversely, the attacker can not get any information about plain-images if decrypting images under a similar key. 4.4.1. Encryption Key Sensitivity Analysis Tab. 5 lists keys for key sensitivity analysis at the test stage, including five sets of similar keys (only 1-bit difference). Due to no continuous black area in differential images in Fig. 8, our algorithm has a key sensitivity to 1-bit in encryption.
14
Table 6: Encryption speed test results.
Number of images 50 100 150 200
proposed (s) 2.488 8.415 10.277 13.197
serial mode (s) 4.798 18.571 25.923 31.513
Ref. [2] (s) 409.965 1696.28 2123.5 2728.11
Ref. [27] (s) 56.64 124.98 168.78 204.08
Ref. [31] (s) 86.37 245.37 317.22 399.82
Figure 10: The encryption time line of the parallel and serial modes.
4.4.2. Decryption Key Sensitivity Analysis Key sets to test decryption key sensitivity is also in Tab. 5, where key (a) is real key and keys (b)-(e) are similar keys. The decrypted images in Fig. 9 show that even a tiny difference to the real key results no useful information of plain-images. This confirms good decryption sensitivity. 4.5. Speed Analysis One of the comparable algorithms uses a serial mode to encrypt batch images. For each image, our algorithm adopts the same permutation-diffusion architecture. The other three comparable algorithms Ref. [2], Ref. [27] and Ref. [31] utilize parallel encryption for each image. When encrypting batch images, they will encrypt each image parallelly one by one. For different image sizes, 256 × 256, 512 × 512 and 1024 × 1024, the minimum encryption time required by (Ref. [2], Ref. [27], Ref. [31]) is (1.217300s, 4.893116s, 19.891103s), (0.56s, 0.61s, 0.81s) and (0.43s, 1.10s, 2.25s), respectively. When encrypting batch images, for comparable algorithms, the total encryption time is the sum of encrypting each image. The time of our proposed is the maximum running time of the thread among multiple threads. Our experiments are carried out on a computer with Inter(R) Core(TM) i7-6700 CPU(4 cores, 8 threads) and 8GB RAM. The developed platform is codeblocks 17.12, and the operating system is windows 10. The speed test results are given in Tab. 6. We increase the number of images whose size is 1024 × 1024, so the encryption time has increased a lot when encrypting 50 test images. From the Tab. 6, compared with other algorithms, we can see that there is a significant improvement in encyption efficiency in our proposed algorithm. The proposed algorithm has more advantages in encryption speed while ensuring security and it’s very suitable for encryping batch images. For a better understanding of the encryption architecture, the Fig. 10. shows the encryption time line. The start time is when the first thread starts encryption, and the end time is when the last thread ends encryption. Parallel encryption enables encrypting images simultaneously, which saves amounts of time.
15
5. Conclusions This paper proposed a chaos-based parallel encryption scheme that encrypts a batch of images in a preemptive manner, which makes full use of processors of a modern computer. The experimental results show security and efficiency. The more images to be encrypted, the faster the speed is increased, which is suitable for the encryption of a batch of images. Specifically, each thread does not interrupt others when encrypting images, and images with different sizes can be encrypted. Basic permutation-diffusion encryption architecture for each image can be replaced by other algorithms, making it versatile to expand. Acknowledgements This work was supported by the Fundamental Research Funds for the Central Universities (Nos. N150402004 and N180716019) and the National Nature Science Fundation of China (No. 61802055). References [1] A. Kanso, M. Ghebleh, An efficient and robust image encryption scheme for medical applications, Communications in Nonlinear Science and Numerical Simulation 24 (1-3) (2015) 98–116. [2] H.-M. Yuan, Y. Liu, T. Lin, T. Hu, L.-H. Gong, A new parallel image cryptosystem based on 5d hyper-chaotic system, Signal Processing: Image Communication 52 (2017) 87–96. [3] M. Mollaeefar, A. Sharif, M. Nazari, A novel encryption scheme for colored image based on high level chaotic maps, Multimedia Tools and Applications 76 (1) (2017) 607–629. [4] R. Matthews, On the derivation of a chaotic encryption algorithm, Cryptologia 13 (1) (1989) 29–42. [5] J. Fridrich, Symmetric ciphers based on two-dimensional chaotic maps, International Journal of Bifurcation and chaos 8 (06) (1998) 1259– 1284. [6] R. Enayatifar, A. H. Abdullah, I. F. Isnin, Chaos-based image encryption using a hybrid genetic algorithm and a dna sequence, Optics and Lasers in Engineering 56 (2014) 83–93. [7] X. Wei, L. Guo, Q. Zhang, J. Zhang, S. Lian, A novel color image encryption algorithm based on dna sequence operation and hyper-chaotic system, Journal of Systems and Software 85 (2) (2012) 290–299. [8] H. Liu, X. Wang, et al., Image encryption using dna complementary rule and chaotic maps, Applied Soft Computing 12 (5) (2012) 1457–1466. [9] X.-Y. Wang, Y.-Q. Zhang, X.-M. Bao, A novel chaotic image encryption scheme using dna sequence operations, Optics and Lasers in Engineering 73 (2015) 53–61. [10] X. Huang, G. Ye, An image encryption algorithm based on hyper-chaos and dna sequence, Multimedia tools and applications 72 (1) (2014) 57–70. [11] Y. Zhou, L. Bao, C. P. Chen, A new 1d chaotic system for image encryption, Signal processing 97 (2014) 172–182. [12] Z. Hua, Y. Zhou, C.-M. Pun, C. P. Chen, 2d sine logistic modulation map for image encryption, Information Sciences 297 (2015) 80–94. [13] Z. Hua, Y. Zhou, H. Huang, Cosine-transform-based chaotic system for image encryption, Information Sciences 480 (2019) 403–419. [14] T. Xiang, K.-w. Wong, X. Liao, Selective image encryption using a spatiotemporal chaotic system, Chaos: An Interdisciplinary Journal of Nonlinear Science 17 (2) (2007) 023115. [15] Y.-Q. Zhang, X.-Y. Wang, A symmetric image encryption algorithm based on mixed linear–nonlinear coupled map lattice, Information Sciences 273 (2014) 329–351. [16] Y. Li, C. Wang, H. Chen, A hyper-chaos-based image encryption algorithm using pixel-level permutation and bit-level permutation, Optics and Lasers in Engineering 90 (2017) 238–246. [17] W. Zhang, H. Yu, Z.-l. Zhu, et al., An image encryption scheme using self-adaptive selective permutation and inter-intra-block feedback diffusion, Signal Processing 151 (2018) 130–143. [18] X. Wang, S. Gao, Image encryption algorithm for synchronously updating boolean networks based on matrix semi-tensor product theory, Information Sciences 507 (2020) 16–36. [19] J. Yu, M. Tan, H. Zhang, D. Tao, Y. Rui, Hierarchical deep click feature prediction for fine-grained image recognition, IEEE transactions on pattern analysis and machine intelligence. [20] C. Hong, J. Yu, J. Zhang, X. Jin, K.-H. Lee, Multi-modal face pose estimation with multi-task manifold deep learning, IEEE Transactions on Industrial Informatics. [21] J. Yu, C. Zhu, J. Zhang, Q. Huang, D. Tao, Spatial pyramid-enhanced netvlad with weighted triplet loss for place recognition, IEEE transactions on neural networks and learning systems. [22] J. Yu, X. Yang, F. Gao, D. Tao, Deep multimodal distance metric learning using click constraints for image ranking, IEEE transactions on cybernetics 47 (12) (2016) 4014–4024. [23] Q. Zhou, K.-w. Wong, X. Liao, T. Xiang, Y. Hu, Parallel image encryption algorithm based on discretized chaotic map, Chaos, Solitons & Fractals 38 (4) (2008) 1081–1092. [24] O. Mirzaei, M. Yaghoobi, H. Irani, A new image encryption method: parallel sub-image encryption with hyper chaos, Nonlinear Dynamics 67 (1) (2012) 557–566. [25] X. Wang, L. Liu, Cryptanalysis of a parallel sub-image encryption method with high-dimensional chaos, Nonlinear Dynamics 73 (1-2) (2013) 795–800.
16
[26] M. J. Rostami, A. Shahba, S. Saryazdi, H. Nezamabadi-pour, A novel parallel image encryption with chaotic windows based on logistic map, Computers & Electrical Engineering 62 (2017) 384–400. [27] C. Li, G. Luo, C. Li, A parallel image encryption algorithm based on chaotic duffing oscillators, Multimedia Tools and Applications 77 (15) (2018) 19193–19208. [28] T.-H. Chen, C.-S. Wu, Compression-unimpaired batch-image encryption combining vector quantization and index compression, Information Sciences 180 (9) (2010) 1690–1701. [29] A. K. Pal, G. Biswas, S. Mukhopadhyay, An efficient compression-encryption scheme for batch-image, in: Technology Systems and Management, Springer, 2011, pp. 85–90. [30] C.-H. Lin, T.-H. Chen, C.-S. Wu, A batch image encryption scheme based on chaining random grids, Scientia Iranica 20 (3) (2013) 670–681. [31] S. Mozaffari, Parallel image encryption with bitplane decomposition and genetic algorithm, Multimedia Tools and Applications 77 (19) (2018) 25799–25819. [32] G. Alvarez, S. Li, Some basic cryptographic requirements for chaos-based cryptosystems, International journal of bifurcation and chaos 16 (08) (2006) 2129–2151.
17
Declaration of interests The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper. ☐The authors declare the following financial interests/personal relationships which may be considered as potential competing interests:
Author contributions Wei Song: Conceptualization, Methodology, Software, Writing-Reviewing and Editing. Yu Zheng: Writing-Reviewing and Editing. Chong Fu: Conceptualization, Writing-Reviewing and Editing. Pufang Shan: Writing-Reviewing and Editing.
Journal Pre-proof
A Novel Batch Image Encryption Algorithm Using Parallel Computing Wei Song, Yu Zheng, Chong Fu, Pufang Shan PII: DOI: Reference:
S0020-0255(20)30009-8 https://doi.org/10.1016/j.ins.2020.01.009 INS 15140
To appear in:
Information Sciences
Received date: Revised date: Accepted date:
19 October 2019 26 December 2019 6 January 2020
Please cite this article as: Wei Song, Yu Zheng, Chong Fu, Pufang Shan, A Novel Batch Image Encryption Algorithm Using Parallel Computing, Information Sciences (2020), doi: https://doi.org/10.1016/j.ins.2020.01.009
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2020 Published by Elsevier Inc.
A Novel Batch Image Encryption Algorithm Using Parallel Computing Wei Songa , Yu Zhengc,1 , Chong Fu a,b,∗, Pufang Shana a School
of Computer Science and Engineering, Northeastern University, Shenyang, Liaoning, China Research Center of Security Technology of Complex Network System, Ministry of Education, China c Department of Information Engineering, The Chinese University of Hong Kong, Sha Tin, Hong Kong SAR
b Engineering
Abstract Chaos-based encryption provides a practical way to protect the confidentiality of digital images nowadays. The increasing convenience (e.g., larger bandwidth) of data sharing stimulates the need for encrypting amounts of images in a fast manner. Yet most existing works aim to encrypt an image for each time. Although some parallel encryptions have been proposed, the speed is still far from satisfactory to proceed with the huge increasing number of images. This inspires us to consider another promising way, encrypting a batch of images parallelly for each time. We use maximum available number of threads in parallel computation for full use of processor resources. Considering the batch images as a shared resource, every thread competes with others to encrypt images in the shared resource in a preemptive manner for encryption. A classical permutation-diffusion architecture for chaos-based encryption is utilized for each thread, where logistic map and Lorenz system are used for generating keystream for permutation and diffusion, respectively. We make cryptographical analyses and perform experiments to confirm that the security is guaranteed. The results of efficiency tests demonstrate that the encryption speed is greatly improved compared with the state-of-art image encryption algorithms in parallel as well as serial modes. Keywords: Batch image encryption, Chaos, Multi-threads, Permuation-diffusion
1. Introduction Digital images sharing becomes more convenient nowadays via various social platforms (e.g., Facebook, Instagram). Yet lots of images may be privacy-sensitive such as individual portrait, thus people would only share with certain friends privately instead of the open network in public. The natural way is to encrypt the targeted raw images before transmission via open networks. Some solutions (e.g., Triple-DES, IDEA, and AES) may provide help, but these kinds of block-based encryption algorithms are originally designed for textual data [1]. Compared with text, digital images with more redundancy have a bulk size and stronger correlation among adjacent pixels. Traditional encryptions may not be suitable in this case considering the speed and security [2], which means that another type of encryption scheme is especially required to design for digital images. The natural advantages of chaos can be adapted into this kind of encryption, however, the concerning of speed in proceeding images with huge information entropy also catches the attention. Specifically, the current chaotic encryptions are mostly designed for a single image, they are not efficient (e.g., in speed, storage) in the context of batch images. Thus, our work aims to tackle the above problems by proposing a parallel chaos-based algorithm for batch image encryption. 1.1. Related work In recent years, chaotic system is utilized in encrypting images since the intrinsic features (e.g., sensitivity to initial conditions and system parameters, ergodicity, non-periodic) of a chaotic system are related to cryptography [3]. Many chaotic image encryption schemes have been proposed by utilizing the above features. The first chaos-based ∗ Corresponding
author. Email address: [email protected] (Chong Fu ) 1 This work started when Yu was affiliated with NEU, China. Preprint submitted to Information Sciences
January 10, 2020
enccryption algorithm was proposed by Matthews in 1989 [4]. It’s the landmark that chaos theory enters cryptography. In 1998, Fridrich proposed a fundamental encryption architecture consisting of two iterative operations–permutationdiffusion [5]. The first operation is used for eliminating the strong correlation between pixels and the later operation is used for diffusing the influence of each pixel to the whole cipher-image, respectively. The following works [6–18] using this architecture have been proposed. Specifically, some new chaotic maps [11– 13] were designed by combining low-dimensional chaotic maps. These chaotic maps have good chaotic behaviors with the experiment results showing that it’s efficient and secure to apply them to image encryption. As for the works [14–17], bit-level image encryptions were introduced. In the permutation stage, as a pixel is composed of 8 bits, the value of the pixels is changed by changing the position of bits. Yet the times of manipulations of data have increased 8 times, which means that it severely impacts the encrypting speed. Chaos theory can also be combined with other theories. For example, DNA theory was used with chaos to encode the plain-image, and its operation rules were used to transform encoded image into cipher-image [6–10]. The feasibility of applying matrix semi-tensor product theory was discussed in [18] to meet the requirements of symmetric encryption. Based on this theory, an image encryption algorithm for synchronously updating the Boolean network was proposed. The keystream is generated by 2D-LASM chaotic system which has extremely complex dynamic behavior. All referred solutions above are for single image encryption. Actually, there are always lots of images to be processed, so image batch processing has been widely used, for example in the field of deep learning. More specifically, it’s used in image recognition [19], face pose estimation [20], place recognition [21] and image ranking [22], etc. At the same time, there are batch images that need to be protected before transmission. This inspires researchers to propose some parallel encryption schemes to reduce encryption time [23–27]. A new framework of parallel image encryption using the discretized Kolmogorov flow map was designed in [23]. An image is divided into 4 sub-images, and then the position of pixels is shuffled in the whole image by using a total shuffling matrix which is generated by the logistic map. Later on, the 4 sub-images will be encrypted simultaneously [24]. Wang et al. [25] pointed out that the keystream generated by the high-dimensional chaos will always be the same when encrypting the different images, resulting in that the cryptosystems being weak against chosen-plaintext attack. M. Rostami et al. [26] used two 16 × 16 chaotic blocks to make their algorithm more suitable for parallel processing. Li et al. [27] divided the whole image into k pieces, and utilize chaotic Duffing oscillators to generate pseudo-random and complex sequences to encrypt the pieces, then combining the k pieces into the ciphered image. All referred solutions above are designed for encrypting only an image each time. This is not efficient in transmitting a batch of images. Recently, some schemes [28–30] have been designed for batch images. The batch image encryption algorithms mentioned above execute in a serial manner, which results in long overall running time. But there are almost no aproaches on parallel batch image encryption. When facing this kind of situation, it’s imperative to design some more targeted algorithms instead of utilizing existing algorithms, as we are supposed to respond flexibly to different situations. In our paper, we focus on reducing encryption time in the context of a large number of images to be encrypted. Luckily, a computer with multiple processors can help to encrypt a batch of images parallelly by decomposing the main task into multiple sub-tasks. Then each sub-task hands over on a thread, enabling a higher speed of encryption. So we can use parallel ideas to encrypt batch images, say different threads encrypting different images parallelly. 1.2. Our Contribution We propose a novel chaos-based parallel batch-image encryption algorithm which enables a higher rate of usage of processors. The core contributions are summarized in the following. • We propose a parallel scheme by scheduling multiple threads for speeding up encrypting a batch of images, which reduces the time of encryption largely. Multiple threads are running to proceed images simultaneously, each of which encrypts one image under a chaotic permutation-diffusion architecture. This solution makes full of the advantage of model computers, i.e., multiple processors. • We perform sufficient experiments in different dimensions which confirm the reliable security and higher speed compared with the state-of-art works [2, 27, 31]. Theoretical analyses such as upper bound of executing time are also given to support our experimental results. 2
(a) Multi-threaded concurrent preemption of image ID.
(b) Encryption pipeline for a single image. Figure 1: The proposed image encryption architecture.
• Our solution can also be adapted to other existing chaotic encryption schemes by utilizing them in each thread for encryption. Additionally, our scheme is flexible to encrypt different sizes of images. Roadmap. Section 2 analyses how multiple threads preemptively encrypt batch images and gives the encryption architecture. The detailed encryption process and the proof of the time upper bound of our algorithm will be explained in section 3. Section 4 presents the simulation results and security analysis. Finally, section 5 concludes this paper. 2. Problem Formulation and Encryption Architecture Our problem to be tackled is how to encrypt multiple images fast. The naive way is to encrypt images one by one, which is time-consuming if the number of images is large. In this case, we consider parallel encryption for batch images, i.e., each thread encrypting different images parallelly and simultaneously. Fig. 1 shows the parallel encryption architecture for batch images. The images to be encrypted (which are labeled by the identity numbers) are regarded as shared resources for all threads. Different threads compete with each other to encrypt one of the batch images by performing the instructions 3
as depicted in Fig. 1(b). It should be noted that only one thread can manipulate shared variables or data in a short time, otherwise resulting in errors. Specifically, we assign a unique ID to each image and store them in a global variable ImageIDSet which is initialized to 0 before manipulating images. Varied global variables are representing different images. Suppose we have two threads operating on ImageIDSet one after the other. The first thread gets the ImageIDSet0 and encrypts the image whose ID is 0, then the ImageIDSet is automatically increased by 1. The operation ImageIDSet + + is represented in three steps, see steps of register1 : // 1. Steps of register1
// 2. Steps of register2
// 3. Parallel steps of two registers
register1 = ImageIDSet register1 = register1 + 1 ImageIDSet = register1
register2 = ImageIDSet register2 = register2 + 1 ImageIDSet = register2
register1 = ImageIDSet, register2 = ImageIDSet register1 = register1 + 1, register2 = register2 + 1 ImageIDSet = register2 , ImageIDSet = register1
The second thread gets the ImageIDSet1 and encrypt the image 1. Follow this rule until all images are encrypted. But when the two or more threads execute concurrently, data garbled may occur. For example, when the second thread increases the ImageIDSet by 1, it is represented as steps of register2 . Here, register1 and register2 are local registers for processors. When executing two threads at the same time, it means the internal instructions of the two increment operations are also executed concurrently. The order in which the instructions are executed may be like parallel steps of two registers. After the steps, two threads are encrypting the same image simultaneously, we don’t know what the encrypted data will be. Similarly, we also consider the case that two threads decrypt the same image in the decryption process. To guarantee no turmoil when reading and writing shared data, we should exclude interference from other threads when a thread is encrypting an image. To avoid race condition, we need to perform thread synchronization. Here, we use a critical section that a fragment of a program accesses a shared resource, and these shared resources can’t be accessed by multiple threads at the same time. Threads need to wait for the thread entering the critical section. Multiple processes or threads must access it mutually exclusive. Algorithm 1 Structure of critical section 1: InitializeCriticalSection() 2: do 3: EntrySection() 4: critical section 5: ExitSection() 6: remainder section 7: while True 8: ...... 9: DeleteCriticalSection() As summarized in Algorithm 1, different threads apply to enter the critical section then only one thread enters, while others wait outside critical section. Next, the entered thread gets an image ID without any interference, and then leaves critical section, continuing to encrypt the image pointed to by the ID. Simultaneously other threads compete for entering critical section to get an image ID again. Each thread just gets an image ID whose data type of ID is integer, and ImageIDSet updates its value, then it will leave critical section. Thus, the time cost by the critical section is very little and overall encryption efficiency of the algorithm isn’t affected too much. The experimental evaluation also confirms this in Section 4.
4
(a) The bifurcation diagram of logistic map.
(b) Lyapunov exponents for logistic map.
Figure 2: The using of logistic map in permutation stage.
3. Detailed Construction 3.1. Selected Chaotic System In the permutation stage, the logistic map with simple structure and complex dynamic behavior is utilized to generate pseudo-random chaotic sequences, which is defined as, xn+1 = µxn (1 − xn ), xn ∈ [0, 1],
(1)
where xn is state variable, n is the number of current iterations and the the range of parameter µ is (0, 4]. Its bifurcation diagram is depicted in Fig. 2(a). When µ ∈ (3.57, 4], the logistic map is chaotic interrupted by many periodic windows corresponding to nagative Lyapunov exponents, as shown in Fig. 2(b). Obviously, incorrect selection of µ may cause the cryptosystem to fail. To address the issue, we fixed µ to 4 so that the system is surjective at the interval (0, 1). The initial value x0 of the map can be any value within (0, 1) except 0.5 and 0.75. Because when x0 or xn is equal to 0.5 or 0.75, logistic map will fall into a fixed point. To avoid this bad situation, a slight perturbation must be done. In the diffusion stage, we use a more complex chaotic Lorenz system with more initial condition values, which makes attackers difficult in predicting trajectory efficiently due to the larger key space. The expression of this chaotic Lorenz system is defined as in the following at time slot t, dx = σ(y − x), dt dy = x(ρ − z) − y, dt dz = xy − βz, dt
(2)
where the state variables and parameters are x, y, z and σ, β, ρ, respectively. This system is chaotic when σ = 10, β = 8 3 , ρ = 28, as showed by attractor images in Fig. 3. For fast computation, 4th-order Runge-Kutta method is utilized to solve the Lorenz system. The formulas are defined by,
where
xn = xn−1 + (h/6)(K1 + 2K2 + 2K3 + K4 ), yn = yn−1 + (h/6)(Y1 + 2Y2 + 2Y3 + Y4 ), Z = Z + (h/6)(Z + 2Z + 2Z + Z ), n n−1 1 2 3 4
5
(3)
(a)
(b)
(c)
(d)
Figure 3: Projections of Lorenz system (a) Three dimensional attractor. (b) X-Y plane projection. (c) Y-Z plane projection. (d) X-Z plane projection.
K j = σ(yn−1 − xn−1 ), L j = xn−1 (ρ − zn−1 ) − yn−1 , (with M = x y − βz , j n−1 n−1 n−1
j = 1)
K j = σ[(yn−1 + hL j−1 /2) − (xn−1 + hK j−1 /2)], L j = (xn−1 + hK j−1 /2)[ρ − (zn−1 + hM j−1 /2)] − (yn−1 + hL j−1 /2), M = (x + hK /2)(y + hL /2) − β(z + hM /2), j n−1 j−1 n−1 j−1 n−1 j−1
K j = σ[(yn−1 + hL j−1 ) − (xn−1 + hK j−1 )], L j = (xn−1 + hK j−1 )[ρ − (zn−1 + hM j−1 )] − (yn−1 + hL j−1 ), (with M = (x + hK )(y + hL ) − β(z + hM ), j n−1 j−1 n−1 j−1 n−1 j−1
(with
j = 2, 3)
j = 4)
and the step size h is chosen as 0.005 after we consider speed and model computer precision. Additionally, Lorenz system generates 3 state variables at each iteration, all of which are used in diffusion. 3.2. The Proposed Encryption Algorithm Our design is shown in algorithm 2, which can be divided into two parts, i.e., image-thread matching and encrypting images in parallel. We define the path of batch images as Img Path, and the initial values of used chaotic system as (x0 , lx0 , ly0 , lz0 ). The detailed explanation is as follows with steps. Algorithm 2 Our proposed encryption algorithm Input: Img Path, x0 , lx0 , ly0 , lz0 , Nump Output: Ciphered images 1: Read Images from the Img Path and assign an ID to each image. 2: ImgNum ← N and Create Nump threads. 3: while ImgNum! = 0 4: Each thread applys for entering critical section 5: Get an Image ID and ImgNum − − 6: Leave the critical section and encrypt the image Image-thread matching: 1. Read all images by order and assign a unique ID to each image satisfying ID ∈ [0, NumImg ]. An image ID is used as the unique identifier of an image in the shared resources which all threads preempt. Critical section is used to protect image ID from disorder when threads preempt shared resources. 6
Figure 4: The permutation strategy based on pixel swapping mechanism.
2. Get the number of processors Nump and create the same number of threads. Set priority and affinity of each thread to make them run on different processors. Suspend the threads and initialize the parameters of each thread, containing the thread ID and the key of logistic map and Lorenz system. After that, resume the threads’ execution. 3. When the thread i executes thread function, it mainly contains two important operations which are the preemption of image ID and the image encryption. The thread i applies to enter the critical section and waits until it gets permission to enter. Then, it gains an image ID. We suppose that the ID is 1, the global variable that stores ID is incremented by 1. After it leaves critical section, the thread i encrypts the image pointed by ID1 . Next, the thread with thread ID (may be k) sccessfully finishes similar operation and then encrypts the image pointed by ID2 . Then we will perform the following steps for encryption afer getting this image. Encryption in each thread: When thread m encrypts an image, without loss of generality, the image pointed by IDk is regarded as a 24 bit-color image of size W × H. The detailed encryption process is described as follows.
1. Convert the image into a 1-dimensional array in bytes P = {p0 , p1 , ..., p3×W×H−1 }, the order is from left to right, top to bottom. 2. Pre-iterate the logistic map for T 0 times to avoid the harmful effect of the transitional procedure, where T 0 is constant. Then, iterate the logistic map for (3 × W × H − 1) times to generate a chaotic sequence LC = {lc0 , lc1 , ..., lc3×W×H−2 }. 3. The permutation strategy is based on pixel swapping mechanism, that is, each pixel exchanges its position of another pixel which is randomly selected behind it. It works as shown in Fig. 4. To conduct this phase, permutation coordinates which can be obtained by quantizing the chaotic sequence, are needed. The quantization operation is described as, kpi = round((abs(lci ) − floor(abs(lci ))) × 1014 ),
(4)
position[i] = i + (i + mod(kpi , (3 × img size − 1) − i)),
(5)
position[i] = 3 × img size − 1,
(6)
kdi = mod[round((abs(ldi ) − floor(abs(ldi ))) × 1014 ), L],
(7)
where round(x) is a rounding function, abs(x) returns the absolute value of x, floor(x) returns the largest integer less than x. The next operation is to generate permutation coordinates according to ki .
Then swap the pixel i with another pixel located at position[i], for the last pixel, leave its position as it is.
where i represents the ith pixel, mod(x, y) returns the remainder of x divided by y, img size is the image size. 4. Pre-iterate the Lorenz system for T 0 times for better chaos. Then iterate the system for W × H times, during each time of iteration, three state variables can be produced. Finally, a chaotic sequence LD = {ld0 , ld1 , ..., ld3×W×H−1 } used for diffusion phase is obtained. 5. Quantize the chaotic sequence by,
7
where L is the graylevel. 6. Carry out diffusion operation in term that. cn = kdn ⊕ {[pn + kdn ] mod L} ⊕ cn−1 ,
(8)
pn = [kdn ⊕ cn ⊕ +2L − kdn ] mod L.
(9)
where pn is plaintext color component ,and cn and cn−1 are the current and previous ciphered color components, respectively. ⊕ indicates an XOR operation. As for the initial value of c−1 , it can be set as a constant, here is 127. 7. Wait for all the threads to finish executing. Encryption time expires until the end of the last thread. The decryption procedure, overall, can be considered as a reverse order of encryption procedure. The inverse of Eq. (8) is that,
It should be noted that the number of decrypted images by each thread may be different from that of the encrypted images due to the preempt method we use. 3.3. Proof of the time upper bound Here is the proof that our algorithm has a time upper bound. Although there are already many parallel algorithms, they still lack convincing theoretical proof. We prove that our algorithm has a time upper bound, and it’s better than ordinary parallel algorithms. The results of experiments also confirmed our proof. From the proof we know that if we want to reduce the upper bound of encryption time, we must make processors work as much as possible. The details are as follows. Proof. We define an encryption step as S en . Then one encryption time S en consumes is T en . The encryption time T is composed of T en . As the size of image may be different, the T en of different S en may be different. Suppose we have P processors, and the number of images is N. The running time of our parallel algorithm on P processors is T p . But if there is only one processor, the algorithm is converted into a serial algorithm, the running time PN T eni . is T sum , it’s the sum of all T en , T sum = i=1 In each encryption step, on P processors, an ideal parallel algorithm can encryption at most P images. Thus in T p time, it can encrypt at most PT p images. And in serial model, it can encrypt T sum images, the total number of images, we have PT p ≥ T sum . So T p ≥ T sum /P. In each encryption step, if all the P processors are encrypting images, then we call it a complete encryption step, S ces . Otherwise, fewer than P processors are working, we call it an incomplete encryption step, S ins . The encryption time of S ins is T ins . We start by considering the S ces . In each S ces , the P processors can encrypt P images. Let’s use contradiction proof. Suppose that the number of S ces is strictly greater than bT sum /Pc. Then, the total images encrypted by S ces is at least P · (bT sum /Pc + 1) = P bT sum /Pc + P = T sum − (T sum modP) + P > T sum .
Thus, there is a contradiction that P processors would encrypt more images than total number of images. So, T p can’t be all of S ces , the maximum number of S ces it can contain is bT sum /Pc. Now, consider the S ins . It means that the number of encrypted images is fewer than P. So all encryption steps consist of S ces and S ins . In the best case, all steps are S ces , while the worst case is all steps are S ins . The T p is the sum of two kinds of encryption step. We have, T p ≤ T sum /P + T ins , T ins is related to the idleness of processors. We can define a value, Vid p , that represents processor idleness. Vid p = Pwork /P, where Pwork is the number of processors that are working. The fewer processors that are idle, the smaller the Vid p and T ins are. Vid p and T ins are positively correlated.
To reduce the encryption time, we need to reduce the number of incomplete steps. As for a specific case, the T sum and P can’t be optimized. Our algorithm reduces the Vid p . So it can satisfy not only the T sum /P, but also reduce T ins . 8
Figure 5: Time saved by our preemptive encryption algorithm.
Fig. 5 describles how our preemptive encryption reduces the Vid p . Each thread ends at different slot. The whole encrption time is determined by the longest running thread. For the naive parallel algorithms, the processor will be idled when a thread ends its encryption task. It means other threads need to wait for the one which is still processing encryption. Our preemptive encryption method tries its best to keep all processors working in the way that it shifts some images to idled processors. As shown in Fig. 5, the time T s = T 1 − T 2 is saved. 4. Experimental Evaluation and Security Analysis We perform our tests on images with the number 50, 100, 150, 200 from USC-SIPI Image Database. These 200 test images include 57 256 × 256 gray images, 9 256 × 256 color images, 59 512 × 512 gray images, 21 512 × 512 color images, 30 1024 × 1024 gray images and 24 1024 × 1024 color images. Tab. 1 lists some test results. The initial value of logistic map and Lorenz system (x0 = 0.19379856882846, lx0 = 19.3295439058107, ly0 = 11.3582814798081, lz0 = 24.3474137484743) are used as the key. The analyses of security and performance are given below. 4.1. Brute-Force Attack The key space of our cryptosystem is large against brute-force attack, say {0, 1}212 . Specifically, the initial values of logistic map x0 and Lorenz system (lx0 , ly0 , lz0 ), are used as permutation key and diffusion keys, each of which has 53 bits precision. As two stages are independent of each other, the total key space is 253×4=212 , which is secure s.t. key space is larger than 2100 [32]. 4.2. Statistical Attack Analysis Statistical attack analysis refers to histogram analysis, information analysis and correlation of adjacent pixels analysis. 4.2.1. Histogram Analysis Histogram analysis means the frequency distributions to pixel values of ciphertexts are uniform so that the attacker can’t infer plaintext. The fequency distribution of pixel values implies the statistical correlation between plain-image and cipher-image. A cryptosystem should have the ability to hide the correlation. Through histogram analysis, we can intuitively observe the fequency distribution of pixel values in the image. Fig. 6 shows frequency distributions in three color channels after 1-round encryption. The frequency distribution of cipher-image is perfectly uniform. It shows that our algorithm successfully hides the correlation between plain-image and cipher-image.
9
Figure 6: (a) and (h) are the plain-image and cipher-image, (b)-(d) and (i)-(k) are the three corresponding color channels, (e)-(g) and (l)-(n) are the corresponding histograms, respectively.
4.2.2. Information Entropy Analysis Information entropy representing the average number of bits required to store a character is another way to analyse the distribution to pixel values of images. This is a key indicator for measuring the randomness and unpredictability, which is defined as, N X P(S i ) log2 P(S i ), (10) H(S ) = − i=1
where S is a random variable with N outcomes {S 1 , S 2 , ..., S N }, and P(S i ) is probability of S i appearance. From the Eq. (10), the entropy of a random source with N is log2 N. For example, the information entropy of a random image with 256 gray levels is theoretically 8. Otherwise, a cryptosystem would be attacked by analyzing the appearance of some characters, e.g., frequency analysis. Tab. 1 lists comparison of information entropy of different algorithms of the test images and the corresponding cipher-images. All information entropy of the cipher-images in Tab. 1 is very close to 8, showing good randomness. Compared with other algorithms [2, 27, 31], as our proposed algorithm encrypts batch images, we test more images and the information entropy is practically 8. 4.2.3. Correlation of Adjacent Pixels Analysis Correlation of adjacent pixels analysis says the similarity of pixel values between adjacent pixels in an image. Each pixel has a strong correlation with its adjacent pixels in horizontal, vertical and diagonal directions for a digital image. A good cryptosystem should remove this correlation as possible in a quantitative way, which enables guaranteeing security. We calculate the correlation coefficients r xy with 5000 pairs of adjacent pixels in the image through Eq. (11) from a quantitative perspective. 1 PN ¯)(yi − y¯ ) i=1 (xi − x N r xy = q , (11) P PN N ( N1 i=1 (xi − x¯)2 )( N1 i=1 (yi − y¯ )2 ) PN PN where x,y are the two-pixel values of adjacent pixels, x¯ = N1 i=1 xi , y¯ = N1 i=1 yi , and N is the number of sample points. Tab. 2 lists the correlation coefficients of the three directions. From Tab. 2, the correlation coefficients are close to 1 for plain-images, which means there is a strong correlation among adjacent pixels. For cipher-images, the correlation coefficients are close to 0 which means our algorithm eliminates the correlation of adjacent pixels. It is convenient to visually express the test results when analyzing from a qualitative perspective. Plot a scatter diagram of coordinate that is the values of a pair of adjacent pixels (x, y) as in Fig. 7. Unlike the scatter diagrams 10
Table 1: Comparison of information entropy of different algorithms.
Filename Cameraman Chemical Clock Moonsurface Aerial StreamAndBridge CarAndAPCs Tank Truck TruckAndAPCs Male Airport Couple Female House Jellybeans Mandrill Peppers Sailboat Splash Barbara
Size 256 × 256 256 × 256 256 × 256 256 × 256 256 × 256 512 × 512 512 × 512 512 × 512 512 × 512 512 × 512 1024 × 1024 1024 × 1024 256 × 256 256 × 256 256 × 256 256 × 256 512 × 512 512 × 512 512 × 512 512 × 512 720 × 576
Type Gray Gray Gray Gray Gray Gray Gray Gray Gray Gray Gray Gray Color Color Color Color Color Color Color Color Color
Plain 6.844040 7.342433 6.705667 6.709312 7.311807 5.705560 6.107418 5.495740 6.027415 6.563196 7.523737 6.830330 5.791983 6.553184 7.143593 5.985648 7.679608 7.565483 7.572155 7.019297 7.474731
Cipher 7.997192 7.997783 7.997608 7.997476 7.996961 7.999206 7.999170 7.999328 7.999343 7.999272 7.999807 7.999786 7.997375 7.997581 7.996985 7.996896 7.999296 7.999251 7.999349 7.999189 7.999549
Ref. [2] — — — — — 7.999300 — — — — 7.999800 — — — — — — — — — —
Ref. [27] — — — — — — — — — — — — — — — — — 7.999859 — — —
Ref. [31] 7.990400 — — — — — — — — — — — — — — — 7.997100 7.996100 — — 7.993200
Table 2: Correlation coefficients for adjacent pixels in plain-images and the corresponding output cipher-images.
Image mandrill
airplane
peppers
Direction Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal
R 0.878811 0.929158 0.867137 0.954388 0.973093 0.930650 0.966673 0.960547 0.951730
Plain-image G 0.775681 0.865516 0.746226 0.971024 0.953255 0.929413 0.982030 0.982068 0.968672
B 0.876955 0.899540 0.831447 0.926694 0.968970 0.9048115 0.964476 0.967357 0.942911
11
R −0.002933 0.002134 0.000402 0.002251 0.008798 0.010604 0.001705 0.014842 −0.019529
Cipher-image G 0.008411 −0.014631 0.002829 0.022833 0.004532 −0.012587 −0.030952 0.001667 0.004391
B 0.004816 −0.016196 0.000824 0.003489 −0.004566 −0.014987 −0.010851 −0.023300 0.011354
(a)
(b)
(c)
(d)
(e)
(f)
Figure 7: The scatter diagram of adjacent pixels, (a)-(c) and (d)-(f) are the scatter diagrams for horizontally adjacent pixels in three components of Mandrill and its output cipher-image, respectively.
(a)-(c) that the points are mostly located near the diagonal, the points in the scatter diagrams (d)-(f) almost cover the entire plane. Points in (d)-(f) are on the entire plane compared with that in (a)-(c) (on diagonal), which means our algorithm eliminates the strong correlation of adjacent pixels. 4.3. Diffusion Performance The number of pixel change rate (NPCR) to test the image difference, and the unified average changing intensity (UACI) to test average difference intensity are used to evaluate performance in diffusion. Suppose P1 (i, j) and P2 (i, j) are the (i, j)th pixel of image P1 and image P2 , respectively. The NPCR is defined as, PW P H j=1 D(i, j) i=1 NPCR = × 100%, (12) W×H where W and H are the image width and height. D(i, j) is defined as, ( 0 i f P1 (i, j) = P2 (i, j), D(i, j) = (13) 1 i f P1 (i, j) , P2 (i, j). For two random images, the theoretical value of NPCR is: NPCRtv = (1 −
1 ) × 100%, 2L
where L is the image gray level. For instance, the NPCR of two 8-bit random grayscale images is 99.609%. The UACI is defined as, W H 1 X X |P1 (i, j) − P2 (i, j)| × 100%, UACI = W × H i=1 j=1 2L − 1
Similarly, the theoretical value of UACI is,
12
(14)
(15)
Table 3: Information about the test images for NPCR and UACI.
Image name clock cameraman bridge tank male airport barbara couple sailboat peppers mandrill
Type
Size
gray gray gray gray gray gray color color color color color
256 × 256 256 × 256 512 × 512 512 × 512 1024 × 1024 1024 × 1024 720 × 576 256 × 256 512 × 512 512 × 512 512 × 512
Color component — — — — — — blue blue blue blue green
Pixel position (x, y) (41, 35) (87, 90) (53, 165) (214, 217) (90, 97) (78, 81) (194, 156) (147, 190) (58, 178) (223, 159) (231, 186)
Pixel original 174 101 101 118 90 49 148 57 42 124 82
Value modified 173 100 102 117 97 48 149 58 43 125 83
Table 4: Comparison of NPCR and UACI of different algorithms.
Image name bridge male cameraman peppers barbara mandrill clock tank airport couple sailboat
Performance criteria NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI NPCR UACI
Proposed
Ref. [2]
Ref. [27]
Ref. [31]
0.9962 0.3344 0.9960 0.3348 0.9959 0.3370 0.9962 0.3374 0.9963 0.3376 0.9961 0.3347 0.9959 0.3361 0.9961 0.3334 0.9961 0.3347 0.9961 0.3342 0.9961 0.3344
0.9961 0.3346 0.9960 0.3346 — — — — — — — — — — — — — — — — — —
— — — — 0.9938 0.3368 0.9962 0.3857 — — — — — — — — — — — — — —
— — — — 0.9960 0.3315 0.9971 0.3219 0.9962 0.3322 0.9959 0.3156 — — — — — — — — — —
1 UACItv = L 2 (2 )
P2L −1 i=1 i(i + 1) × 100%. 2L − 1
(16)
According to Eq. (16), the UACI of 8-bit random grayscale images is 33.464%. We introduce images at the test stage in Tab. 3. As listed in Tab. 3, there is only one bit different of a pixel value between plain-image and cipher-image. The pixel location is randomly selected. In [27], the changed pixel location are all (32, 32). In [2], NPCR and UACI of image male is the average values of multiple test results. Tab. 4 lists the comparison of NPCR and UACI of different algorithms. Compared with other algorithms, we provide more test results, the NPCR and UACI of our algorithms are very close to 0.99609 and 0.33464, which confirms good diffusion performance.
13
(a)
(b)
(c)
(d)
(e)
(f)
(g)
(h)
(i)
(j)
Figure 8: (a) is plain-image, (b),(c),(e),(g),(i) are the cipher-images encrypted by Key(a)-(e), (d), (f), (b), (j) are the differential images of (b) and (c), (b) and (e), (b) and (g), (b) and (i), respectively.
(a)
(b)
(c)
(d)
(e)
(f)
Figure 9: (a) is the cipher-image encrypted by key (a) in Table 7, (b) is the right decrypted image, (c)-(f) are cipher-image decrypted by key (b)-(e) in Tab. 5, respectively.
Table 5: Test keys for key sensitivity analysis of the encryption procedure of algorithm.
Key No. (a) (b) (c) (d) (e)
x0 0.19379856882846 0.19379856882847 0.19379856882846 0.19379856882846 0.19379856882846
lx0 19.3295439058107 19.3295439058107 19.3295439058108 19.3295439058107 19.3295439058107
ly0 11.3582814798081 11.3582814798081 11.3582814798081 11.3582814798082 11.3582814798081
lz0 24.3474137484743 24.3474137484743 24.3474137484743 24.3474137484743 24.3474137484744
4.4. Key Sensitivity Analysis The sensitivity of key exists in both encryption and decryption process. It’s one of the essential indicators to measure the security of a cryptosystem. This means the cipher-images are completely different under two similar keys (e.g., only 1-bit difference) from the attacker. Conversely, the attacker can not get any information about plain-images if decrypting images under a similar key. 4.4.1. Encryption Key Sensitivity Analysis Tab. 5 lists keys for key sensitivity analysis at the test stage, including five sets of similar keys (only 1-bit difference). Due to no continuous black area in differential images in Fig. 8, our algorithm has a key sensitivity to 1-bit in encryption.
14
Table 6: Encryption speed test results.
Number of images 50 100 150 200
proposed (s) 2.488 8.415 10.277 13.197
serial mode (s) 4.798 18.571 25.923 31.513
Ref. [2] (s) 409.965 1696.28 2123.5 2728.11
Ref. [27] (s) 56.64 124.98 168.78 204.08
Ref. [31] (s) 86.37 245.37 317.22 399.82
Figure 10: The encryption time line of the parallel and serial modes.
4.4.2. Decryption Key Sensitivity Analysis Key sets to test decryption key sensitivity is also in Tab. 5, where key (a) is real key and keys (b)-(e) are similar keys. The decrypted images in Fig. 9 show that even a tiny difference to the real key results no useful information of plain-images. This confirms good decryption sensitivity. 4.5. Speed Analysis One of the comparable algorithms uses a serial mode to encrypt batch images. For each image, our algorithm adopts the same permutation-diffusion architecture. The other three comparable algorithms Ref. [2], Ref. [27] and Ref. [31] utilize parallel encryption for each image. When encrypting batch images, they will encrypt each image parallelly one by one. For different image sizes, 256 × 256, 512 × 512 and 1024 × 1024, the minimum encryption time required by (Ref. [2], Ref. [27], Ref. [31]) is (1.217300s, 4.893116s, 19.891103s), (0.56s, 0.61s, 0.81s) and (0.43s, 1.10s, 2.25s), respectively. When encrypting batch images, for comparable algorithms, the total encryption time is the sum of encrypting each image. The time of our proposed is the maximum running time of the thread among multiple threads. Our experiments are carried out on a computer with Inter(R) Core(TM) i7-6700 CPU(4 cores, 8 threads) and 8GB RAM. The developed platform is codeblocks 17.12, and the operating system is windows 10. The speed test results are given in Tab. 6. We increase the number of images whose size is 1024 × 1024, so the encryption time has increased a lot when encrypting 50 test images. From the Tab. 6, compared with other algorithms, we can see that there is a significant improvement in encyption efficiency in our proposed algorithm. The proposed algorithm has more advantages in encryption speed while ensuring security and it’s very suitable for encryping batch images. For a better understanding of the encryption architecture, the Fig. 10. shows the encryption time line. The start time is when the first thread starts encryption, and the end time is when the last thread ends encryption. Parallel encryption enables encrypting images simultaneously, which saves amounts of time.
15
5. Conclusions This paper proposed a chaos-based parallel encryption scheme that encrypts a batch of images in a preemptive manner, which makes full use of processors of a modern computer. The experimental results show security and efficiency. The more images to be encrypted, the faster the speed is increased, which is suitable for the encryption of a batch of images. Specifically, each thread does not interrupt others when encrypting images, and images with different sizes can be encrypted. Basic permutation-diffusion encryption architecture for each image can be replaced by other algorithms, making it versatile to expand. Acknowledgements This work was supported by the Fundamental Research Funds for the Central Universities (Nos. N150402004 and N180716019) and the National Nature Science Fundation of China (No. 61802055). References [1] A. Kanso, M. Ghebleh, An efficient and robust image encryption scheme for medical applications, Communications in Nonlinear Science and Numerical Simulation 24 (1-3) (2015) 98–116. [2] H.-M. Yuan, Y. Liu, T. Lin, T. Hu, L.-H. Gong, A new parallel image cryptosystem based on 5d hyper-chaotic system, Signal Processing: Image Communication 52 (2017) 87–96. [3] M. Mollaeefar, A. Sharif, M. Nazari, A novel encryption scheme for colored image based on high level chaotic maps, Multimedia Tools and Applications 76 (1) (2017) 607–629. [4] R. Matthews, On the derivation of a chaotic encryption algorithm, Cryptologia 13 (1) (1989) 29–42. [5] J. Fridrich, Symmetric ciphers based on two-dimensional chaotic maps, International Journal of Bifurcation and chaos 8 (06) (1998) 1259– 1284. [6] R. Enayatifar, A. H. Abdullah, I. F. Isnin, Chaos-based image encryption using a hybrid genetic algorithm and a dna sequence, Optics and Lasers in Engineering 56 (2014) 83–93. [7] X. Wei, L. Guo, Q. Zhang, J. Zhang, S. Lian, A novel color image encryption algorithm based on dna sequence operation and hyper-chaotic system, Journal of Systems and Software 85 (2) (2012) 290–299. [8] H. Liu, X. Wang, et al., Image encryption using dna complementary rule and chaotic maps, Applied Soft Computing 12 (5) (2012) 1457–1466. [9] X.-Y. Wang, Y.-Q. Zhang, X.-M. Bao, A novel chaotic image encryption scheme using dna sequence operations, Optics and Lasers in Engineering 73 (2015) 53–61. [10] X. Huang, G. Ye, An image encryption algorithm based on hyper-chaos and dna sequence, Multimedia tools and applications 72 (1) (2014) 57–70. [11] Y. Zhou, L. Bao, C. P. Chen, A new 1d chaotic system for image encryption, Signal processing 97 (2014) 172–182. [12] Z. Hua, Y. Zhou, C.-M. Pun, C. P. Chen, 2d sine logistic modulation map for image encryption, Information Sciences 297 (2015) 80–94. [13] Z. Hua, Y. Zhou, H. Huang, Cosine-transform-based chaotic system for image encryption, Information Sciences 480 (2019) 403–419. [14] T. Xiang, K.-w. Wong, X. Liao, Selective image encryption using a spatiotemporal chaotic system, Chaos: An Interdisciplinary Journal of Nonlinear Science 17 (2) (2007) 023115. [15] Y.-Q. Zhang, X.-Y. Wang, A symmetric image encryption algorithm based on mixed linear–nonlinear coupled map lattice, Information Sciences 273 (2014) 329–351. [16] Y. Li, C. Wang, H. Chen, A hyper-chaos-based image encryption algorithm using pixel-level permutation and bit-level permutation, Optics and Lasers in Engineering 90 (2017) 238–246. [17] W. Zhang, H. Yu, Z.-l. Zhu, et al., An image encryption scheme using self-adaptive selective permutation and inter-intra-block feedback diffusion, Signal Processing 151 (2018) 130–143. [18] X. Wang, S. Gao, Image encryption algorithm for synchronously updating boolean networks based on matrix semi-tensor product theory, Information Sciences 507 (2020) 16–36. [19] J. Yu, M. Tan, H. Zhang, D. Tao, Y. Rui, Hierarchical deep click feature prediction for fine-grained image recognition, IEEE transactions on pattern analysis and machine intelligence. [20] C. Hong, J. Yu, J. Zhang, X. Jin, K.-H. Lee, Multi-modal face pose estimation with multi-task manifold deep learning, IEEE Transactions on Industrial Informatics. [21] J. Yu, C. Zhu, J. Zhang, Q. Huang, D. Tao, Spatial pyramid-enhanced netvlad with weighted triplet loss for place recognition, IEEE transactions on neural networks and learning systems. [22] J. Yu, X. Yang, F. Gao, D. Tao, Deep multimodal distance metric learning using click constraints for image ranking, IEEE transactions on cybernetics 47 (12) (2016) 4014–4024. [23] Q. Zhou, K.-w. Wong, X. Liao, T. Xiang, Y. Hu, Parallel image encryption algorithm based on discretized chaotic map, Chaos, Solitons & Fractals 38 (4) (2008) 1081–1092. [24] O. Mirzaei, M. Yaghoobi, H. Irani, A new image encryption method: parallel sub-image encryption with hyper chaos, Nonlinear Dynamics 67 (1) (2012) 557–566. [25] X. Wang, L. Liu, Cryptanalysis of a parallel sub-image encryption method with high-dimensional chaos, Nonlinear Dynamics 73 (1-2) (2013) 795–800.
16
[26] M. J. Rostami, A. Shahba, S. Saryazdi, H. Nezamabadi-pour, A novel parallel image encryption with chaotic windows based on logistic map, Computers & Electrical Engineering 62 (2017) 384–400. [27] C. Li, G. Luo, C. Li, A parallel image encryption algorithm based on chaotic duffing oscillators, Multimedia Tools and Applications 77 (15) (2018) 19193–19208. [28] T.-H. Chen, C.-S. Wu, Compression-unimpaired batch-image encryption combining vector quantization and index compression, Information Sciences 180 (9) (2010) 1690–1701. [29] A. K. Pal, G. Biswas, S. Mukhopadhyay, An efficient compression-encryption scheme for batch-image, in: Technology Systems and Management, Springer, 2011, pp. 85–90. [30] C.-H. Lin, T.-H. Chen, C.-S. Wu, A batch image encryption scheme based on chaining random grids, Scientia Iranica 20 (3) (2013) 670–681. [31] S. Mozaffari, Parallel image encryption with bitplane decomposition and genetic algorithm, Multimedia Tools and Applications 77 (19) (2018) 25799–25819. [32] G. Alvarez, S. Li, Some basic cryptographic requirements for chaos-based cryptosystems, International journal of bifurcation and chaos 16 (08) (2006) 2129–2151.
17
Declaration of interests The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper. ☐The authors declare the following financial interests/personal relationships which may be considered as potential competing interests:
Author contributions Wei Song: Conceptualization, Methodology, Software, Writing-Reviewing and Editing. Yu Zheng: Writing-Reviewing and Editing. Chong Fu: Conceptualization, Writing-Reviewing and Editing. Pufang Shan: Writing-Reviewing and Editing.