Multiple-image encryption with bit-plane decomposition and chaotic maps

Optics and Lasers in Engineering 80 (2016) 1–11

Contents lists available at ScienceDirect

Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng

Multiple-image encryption with bit-plane decomposition and chaotic maps Zhenjun Tang a,b,n, Juan Song a,b, Xianquan Zhang a,b, Ronghai Sun a,b a b

Guangxi Key Lab of Multi-source Information Mining & Security, Guangxi Normal University, Guilin 541004, China Department of Computer Science, Guangxi Normal University, Guilin 541004, China

art ic l e i nf o

a b s t r a c t

Article history: Received 6 September 2015 Received in revised form 9 December 2015 Accepted 10 December 2015

Image encryption is an efficient technique of image content protection. In this work, we propose a useful image encryption algorithm for multiple grayscale images. The proposed algorithm decomposes input images into bit-planes, randomly swaps bit-blocks among different bit-planes, and conducts XOR operation between the scrambled images and secret matrix controlled by chaotic map. Finally, an encrypted PNG image is obtained by viewing four scrambled grayscale images as its red, green, blue and alpha components. Many simulations are done to illustrate efficiency of our algorithm. & 2015 Elsevier Ltd. All rights reserved.

Keywords: Multiple-image encryption Bit-plane decomposition Encrypted image PNG image Chaotic map

1. Introduction With the rapid development of multimedia technology, a growing number of images and videos are generated, transmitted and shared on the Internet. The increasing use of images and videos makes our lives wonderful, but also brings some problems. For example, more and more people would like to save their images in cyberspace, e.g., cloud storage. If these images are stored without technical protection, private and confidential information will be leaked. Therefore, image protection technology is in demand. In this study, we propose a new image encryption algorithm for protecting multiple grayscale images. Image encryption is a useful technology for image protection [1]. It converts a meaningful image into a chaotic version. Since attackers cannot observe any original information from chaotic image, image protection is thus achieved. In the recent years, image encryption has attracted more attention from optical community [2–5], and many researchers have introduced various techniques to design image encryption algorithms. A widely used technique is Arnold transform [6]. For example, Zhu et al. [7] used Arnold transform and exclusive OR (XOR) operation to calculate chaotic images. Tang and Zhang [8] combined Arnold transform with random strategies and presented a secure encryption scheme n Corresponding author at: Department of Computer Science, Guangxi Normal University, 15 Yucai Road, Guilin 541004, China. E-mail addresses: [email protected], [email protected] (Z. Tang).

http://dx.doi.org/10.1016/j.optlaseng.2015.12.004 0143-8166/& 2015 Elsevier Ltd. All rights reserved.

without image size limitation. Besides Arnold transform, other techniques have been also reported. For example, Tang et al. [9] divided pixel bits into even and odd groups and computed chaotic image by randomly swapping even group and odd group. Martin et al. [10] selected partial wavelet coefficients to conduct image encryption. Lin et al. [11] applied blind source separation to multiple-image encryption. Liu and Wang [12] proposed to encrypt color images by one-time keys and chaotic maps. Wang et al. [13] designed an image encryption algorithm based on Lorenz chaotic system and perceptron model. Later, Wang et al. [14] exploited chaotic system to encrypt the red, green and blue components of color image at the same time, and made the three components affect each other. In another study, Zhang and Liu [15] used chaotic system to produce position mapping array for pixel shuffling. Liu and Wang [16] exploited piecewise linear chaotic map to conduct bit-level permutation and used Chen system to confuse and diffuse the red, green and blue components. Wang et al. [17] exploited linear blend operation and random phase encoding in fractional Fourier domain to convert two images into a single image. Recently, Wang et al. [18] proposed a multiple-image encryption scheme based on mixture retrieval algorithm and phase mask multiplexing in Fresnel domain. Ping et al. [19] presented a cellular automata (CA) based image encryption method. In another work, Wang et al. [20] exploited cycle shift operations and chaotic system to construct image encryption algorithm. Enayatifar et al. [21] jointly used Tinkerbell chaotic map, DNA and CA to design encryption scheme. Tang et al. [22] used chaotic

2

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

system and block shuffling to encrypt image. Wang et al. [23] proposed a hybrid encryption algorithm for color images by combining pixel permutation, XOR operation and data mixture among RGB channels. Although many encryption algorithms have been proposed, there are still some practical problems. For instance, efficient techniques are needed for encrypting multiple images. Some reported techniques [11,17] can encrypt multiple images, but their decrypted images are not completely the same with the original images. This means that they are lossy algorithms and thus are not suitable for those applications requiring images with good visual quality, such as medical images. Aiming at this problem, we propose an efficient multiple-image encryption algorithm based on bit-plane decomposition and chaotic maps, which is novel to optical community. The proposed algorithm reaches good performances in security, robustness, and computational time. It can losslessly retrieve original images from the encrypted images. Many simulations are conducted to validate efficiency of the proposed algorithm. The rest of this paper is organized as follows. Section 2 introduces the proposed algorithm. Section 3 analyzes our key space. Simulation results and conclusions are presented in Sections 4 and 5, respectively.

2. Proposed algorithm Fig. 1 shows block diagram of our image encryption. In the first step, four input grayscale images are decomposed into bit-planes. In the second step, these bit-planes are randomly divided into bitblocks controlled by Henon map and thus bit-blocks among different bit-planes are randomly swapped. Finally, XOR operations between four shuffled images and a secret matrix controlled by Logistic map are conducted to generate four chaotic images, which are viewed as the red, green, blue, and alpha components of a PNG (Portable Network Graphics) image, respectively. In the following sections, we firstly introduce the key techniques, including PNG image, bit-plane decomposition, random bit-block partition and chaotic maps, and thus describe details of the proposed algorithm.

2.2. Bit-plane decomposition A non-negative decimal number d can be converted to a binary representation with n bits as follows. Xn d¼ b 2i  1 ¼ b1 20 þb2 21 þ … þbi 2i  1 þ … þbn 2n  1 ð1Þ i¼1 i For a grayscale image, pixel value ranges from 0 to 255 and thus each pixel can be represented by an 8-bit binary sequence. Consequently, we can decompose a grayscale image into 8 bit-planes, where the i-th bit-plane is formed by the i-th bit of all pixels (i¼1, 2, …, 8). Note that a higher bit-plane contains more significant visual information of the original image. Fig. 2 is a standard grayscale image Lena and its 8 bit-planes are presented in Fig. 3. 2.3. Random bit-block pattern Random partition is an efficient method for image encryption. Motivated by random image block partition proposed in [22], we divide bit-planes into random overlapping bit-blocks and swap bit-blocks among different bit-planes to achieve encryption. The random bit-block pattern can be determined as follows. Suppose that the size of bit-plane is M  N (i.e., input image is M  N), the selected bit-block size is S  S, and the overlapping sizes between adjacent blocks along the x-axis and the y-axis are both t, where tA (1, S). Thus, the bit-block numbers along the x-axis and the yaxis are nx and ny, which can be calculated by the following equations. ( Nt S  t ; if modðN  t; S  t Þ ¼ 0 nx ¼ N  t  ð2Þ S  t þ 1; otherwise

2.1. PNG image Portable network graphics (PNG) is a popular image format widely used on the Internet. It is published as an ISO/IEC standard in 2004 and supports lossless data compression. Compared with traditional BMP image, PNG image has below advantages. (1) It has a small file size due to the use of lossless data compression. (2) As an alpha component is added, it supports transparency. In the alpha component, every image pixel has a corresponding value ranging from 0 to 255 for illustrating transparency. In this work, we achieve multiple-image encryption by viewing four processed grayscale images as the red, green, blue and alpha components of a PNG image.

Keys

Henon map

Fig. 2. Lena.

Random bit-block pattern

Logistic map

Keys

Grayscale image 1 Grayscale image 2

Bit-plane

Random bit-block

Grayscale image 3

decomposition

swapping

XOR operation

Grayscale image 4 Fig. 1. Block diagram of our image encryption.

PNG image

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

3

Fig. 3. Bit-planes of Lena.

( M t ny ¼

 t ; if modðM t; S t Þ ¼ 0 SM  t S  t þ1; otherwise

ð3Þ

where ⌊  c means downward rounding, and mod(  ,  ) is the module operation. Therefore, the total number of bit-blocks is Ntotal ¼nx  ny. Let X[i] be the x-coordinate of the i-th bit-block along the x-axis and Y[ j] be the y-coordinate of the j-th bit-block along the y-axis, where i¼1, 2, …, nx and j¼1, 2, …, ny. Thus, they can be calculated by the following rules. If mod(N  t, S  t) is 0, X [i] ¼(i  1)(S  t), where i¼1, 2, …, nx. Otherwise, the x-coordinates of the first nx  1 blocks can be calculated by X[i] ¼(i  1)(S  t), where i¼1, 2, …, nx  1, and the x-coordinate of the last block is X [nx] ¼N  Sþ 1. Similarly, if mod(M  t, S  t) is 0, Y[j] ¼(j  1)(S  t), where j¼1, 2, …, ny. Otherwise, the y-coordinates of the first ny  1 blocks can be calculated by Y[j]¼ (j  1)(S  t), where j¼1, 2, …, ny  1, and the y-coordinate of the last block is Y[ny] ¼M  Sþ 1. For simplicity, bit-blocks are indexed from top to bottom and from left to right, and the coordinates of the i-th bit-block are denoted by (X [ui], Y[vi]). Note that random bit-block pattern is dependent on the parameters S and t. The theoretical range of S is (1, min(M, N)]. In experiment, we find that a small S value leads to a large computational cost. A large S value helps to make fast speed, but the scrambled result is not good enough. To keep a trade-off between speed and scrambled result, we randomly choose S value from a moderate range [32, 100]. Since the range of t is (1, S), the available number of bit-block patterns is 32(S  2). As the inputs of our algorithm are four grayscale images (i.e., total number of bitplanes is 32) and every bit-plane is partitioned with different parameters, the total number of bit-block patterns is [32  (S 2)]32. For example, when S ¼34, the total number is [32  (34  2)]32 ¼2320, which is large enough for resisting brute-force attacks [15,16].

2.4. Chaotic maps Chaotic map [24] is an effective technique for image encryption. Here, we use two chaotic maps, i.e., Henon map and Logistic map. The Henon map is used to control the random bit-block pattern and the Logistic map is exploited to conduct XOR operation. The Henon map [25] is a typical two-dimensional discrete chaotic map defined as follows. ( xðk þ 1Þ ¼ 1  ax2 ðkÞ þyðkÞ ð4Þ yðk þ 1Þ ¼ bxðkÞ where a and b are control parameters. The Henon map is in chaos when a A (0.54, 2) and bA (0,1), and the initial values x(0) and y (0) can be taken as secret keys. Here, we choose a ¼1.4 and b¼ 0.3. We repeat the Equation (4) and obtain two chaotic sequences x ¼ [x(1), x(1), …, x(32)] and y¼ [y(1), y(1), …, y(32)]. Thus, the arrays D and F for storing block sizes and overlapping sizes can be calculated by the following equations.     ð5Þ D k ¼ mod modðxðkÞ248 ; 256Þ; 69 þ32         F k ¼ mod y k 248 ; D k 1 þ1

ð6Þ

Logistic map [26] is a well-known chaotic system defined below. xi þ 1 ¼ mxi ð1  xi Þ

ð7Þ

where μ is the control parameter and the Logistic system is in chaos when μ A [0, 4]. As a fixed control parameter will result in a short periodic cycle and thus leave the cryptosystem from security [27], the control parameter μ and the initial value x0 are both taken as secret keys in this study. Here, we iteratively calculate Eq. (7) to generate M  N chaotic numbers A[M][N], which are further

4

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

mapped to the range [0, 255] by the following equation. 48

C ½i½j ¼ modðA½i½j2 ; 256Þ

ð8Þ

where 1 r irM, and 1 rjrN. 2.5. Our encryption algorithm Detailed steps of our image encryption are illustrated as follows. STEP 1: Convert the four input grayscale images sized M  N into 32 bit-planes. STEP 2: Use Henon map to calculate the arrays D and F for determining random bit-block pattern. STEP 3: Let the key k1 be the seed of pseudo-random generator. Generate 32 random numbers and record them in an array G. Suppose that Bi,j is the j-th bit-block of the i-th bit-plane. Thus, random bit-block swapping can be done as follows. for (i ¼1; ir 32; iþ þ) { Exploit D[i] and F[i] to calculate random bit-block pattern. Let K be the total number of bit-blocks and G[i] be the seed of pseudo-random generator. P ¼mod(rand(1, K)  248, 32) þ1); // rand(x,y) is a pseudorandom generator producing x  y float numbers Q¼ mod(rand(1, K)  248, K) þ1); // bit-block index for (j ¼1; jr K; jþ þ ) { m ¼P[ j]; if (m ¼ ¼i) { if (m ¼ ¼ 32) m ¼1; else m þ þ ; } l ¼Q[ j]; Swap Bi,j and Bm,l. } } STEP 4: Convert 1st  8th bit-planes, 9th  16th bit-planes, 17th  24th bit-planes, and 25th  32nd bit-planes to four scrambled grayscale images, respectively. Let these scrambled images be I1, I2, I3 and I4, respectively. Use Logistic map to generate a secure matrix C by the Eq. (8). Calculate J1 ¼I1  C, J2 ¼I2  C, J3 ¼I3  C, and J4 ¼I4  C, where  is the XOR operation between the corresponding elements of input matrices. STEP 5: The chaotic images J1, J2, J3, and J4 are viewed as the red, green, blue, and alpha components of PNG image. Consequently, an encrypted PNG image is obtained by assembling these chaotic images. Note that the parameters of Henon map, Logistic map, and k1 are the secret keys of our algorithm, which are shared between sender and receiver.

done as follows. for (i¼ 32; io ¼1; i- -) { Exploit D[i] and F[i] to calculate random bit-block pattern. Let K be the total number of bit-blocks and G[i] be the seed of pseudo-random generator. P ¼mod(rand(1, K)  248, 32) þ1); // rand(x,y) is a pseudorandom generator producing x  y float numbers Q¼ mod(rand(1, K)  248, K) þ1); // bit-block index for (j¼ K; jo ¼ 1; j- -) { m ¼ P[j]; if (m ¼ ¼ i) { if (m ¼ ¼32) m ¼ 1; else m þ þ; } l¼ Q[j]; Swap Bi,j and Bm,l. } } STEP 5: Use 1st  8th bit-planes, 9th 16th bit-planes, 17th  24th bit-planes, and 25th  32nd bit-planes to reconstruct four grayscale images, respectively.

3. Key space analysis Key space [17,26] is a useful index for measuring security. The bigger the key space, the more secure the encryption algorithm is. Clearly, our key space is closely dependent on the combination of the parameters of Henon map, Logistic map, and k1. As discussed above, Henon map is used to control random bit-block pattern, whose available number is [32(S  2)]32. Suppose that the computational precision is 10–15 and then available number of the parameters of Logistic map is 1015  1015 ¼1030. As to the seed of pseudo-random generator k1, it is an integer ranging from 0 to 232 1 in MATLAB. Thus, the number of available k1 is 232. Therefore, our key space is [32(S  2)]32  1030  232 ¼ (S  2)32  1030  2192 4(S  2)32  2291. For instance, if S ¼34, our key space is bigger than (34  2)32  2291 ¼2451. Our large key space can ensure a high security against brute-force attacks [17]. As a reference, the key spaces of Arnold transform and Zhang and Liu's algorithms [15] are T (T¼ 384 for 512  512 images) and 2104, respectively. For Liu and Wang's algorithm [16], its key space is 1.0368  10114. For our algorithm, S is the bit-block size which is randomly selected from the range [32, 100]. Therefore, even if S¼ 32, our key space still reaches 7.3724  10134. Clearly, our algorithm has the biggest key space among the assessed algorithms. This means that our algorithm is more secure than Arnold transform and the compared algorithms [15,16].

4. Simulation results 2.6. Our decryption algorithm Decryption algorithm is an inverse process of the above encryption. Details are as follows. STEP 1: Extract the red, green, blue, and alpha components of PNG image and represent them as J1, J2, J3, and J4. STEP 2: Use Logistic map to generate a secure matrix C by the Eq. (8). Calculate I1 ¼ J1  C, I2 ¼ J2  C, I3 ¼ J3  C, and I4 ¼ J4  C. STEP 3: Use Henon map to calculate the arrays D and F for determining random bit-block pattern. STEP 4: Apply bit-plane decomposition to I1, I2, I3 and I4, and obtain 32 bit-planes. Let the key k1 be the seed of pseudorandom generator. Generate 32 random numbers and record them in an array G. Thus, random bit-block re-swapping can be

In simulations, our parameter settings are as follows. The initial values of Henon map are x(0)¼0.5 and y(0) ¼0.6, the parameters of Logistic map are μ ¼4 and x0 ¼0.55, and the key for pseudorandom generator is k1 ¼ 12. 4.1. Encrypted results We exploit many grayscale images to validate our algorithm, and find that our algorithm can effectively convert four grayscale images into a single encrypted PNG image. For space limitation, a typical example is presented here. Fig. 4(a)–(d) are four grayscale image sized 512  512, (e)–(h) are four encrypted results for the red, green, blue and alpha components of PNG image, and (i) is the PNG image. It is observed that the four components are meaningless and their

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

5

Fig. 4. An example of encrypted result. Table 1 Correlation coefficients of the original and encrypted images. Direction

Horizontal Vertical Diagonal

Original images

Encrypted images

Fig. 4(a)

Fig. 4(b)

Fig. 4(c)

Fig. 4(d)

Fig. 4(e)

Fig. 4(f)

Fig. 4(g)

Fig. 4(h)

0.9808 0.9683 0.9316

0.9610 0.8514 0.9620

0.8717 0.9733 0.7326

0.8883 0.9606 0.7557

 0.0155 0.0199 0.0244

 0.0486 0.0481 0.0026

0.0460 0.0173 0.0126

 0.1015 0.0382  0.0242

4.2. Correlation analysis

among adjacent pixels. It is defined as: h i  E x  μx y  μy corrðx; yÞ ¼

In general, there is a high correlation among adjacent pixels of a natural image in horizontal, vertical or diagonal direction. To prevent leakage of the original image, a good encryption algorithm should break the relationship of adjacent pixels. Here, the wellknown correlation coefficient is exploited to measure correlation

where μx and μy are the mean values of x and y, σ x and σ y denote the standard deviations of x and y, respectively, and E[  ] is the expectation function. Note that the maximum value of correlation coefficient is 1. A correlation coefficient approaching to 1 indicates strong correlation, while the coefficient close to 0 means low

combined PNG image is a chaotic image. This illustrates effectiveness of our encryption algorithm.

σx σy

ð9Þ

6

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

250

300

250

300

200

250

200

250

200

150

200

150

150 100

100

50 0

150 100

0

50

100

150

200

250

0

100

50

50 0

100

200

300

0

50 0

50

100

150

200

250

0

250

250

250

250

200

200

200

200

150

150

150

150

100

100

100

100

50

50

50

50

0

0

50

100

150

200

250

0

0

50

100

150

200

250

0

0

50

100

150

200

Fig. 5. Distributions of adjacent pixels along horizontal direction.

Fig. 6. Decrypted results with wrong keys.

250

0

0

0

100

50

100

200

150

300

200

250

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

7

6000

6000

6000

6000

5000

5000

5000

5000

4000

4000

4000

4000

3000

3000

3000

3000

2000

2000

2000

2000

1000

1000

1000

1000

0

0

0

0

50

100

150

200

250

0

50

100

150

200

250

0 0

50

100

150

200

250

0

3500

3500

3500

3500

3000

3000

3000

3000

2500

2500

2500

2500

2000

2000

2000

2000

1500

1500

1500

1500

1000

1000

1000

1000

500

500

500

500

0

0

0

0

50

100

150

200

250

Encrypted result of Fig.4 (a) [15]

0

50

100

150

200

250

Encrypted result of Fig.4 (b) [15]

50

100

150

200

250

0

Encrypted result of Fig.4 (c) [15]

2500

2500

2500

2000

2000

2000

1500

1500

1500

1500

1000

1000

1000

1000

500

500

500

500

0 50

100

150

200

Our result for red component

250

0 0

50

100

150

200

250

Our result for green component

150

200

250

50

100

150

200

250

Encrypted result of Fig.4 (d) [15]

2000

0

100

0 0

2500

0

50

0 0

50

100

150

200

250

Our result for blue component

0

50

100

150

200

250

Our result for alpha component

Fig. 7. Original histograms and those of encrypted images among different algorithms.

correlation. We randomly pick out 3000 pairs of adjacent pixels from the original and the encrypted images along horizontal, vertical and diagonal directions, respectively, and calculate their correlation coefficients. The results are listed in Table 1. It is observed that all correlation coefficients of the original images are close to 1, while those of the encrypted images are around zero. For space limitation, Fig. 5(a)–(h) present distributions of adjacent pixels in Fig. 4(a)–(h) along horizontal direction, respectively. Note that the first row is the results of the original images, and distributions of adjacent pixels are around the diagonal direction. This means that adjacent pixels in the original images have high correlation. The second row of Fig. 5 shows distributions of adjacent pixels in the encrypted images along horizontal direction. It is observed that the distributions disperse over the whole range, illustrating that adjacent pixels in the encrypted image have low correlation. From the above analysis, it is concluded that our algorithm can effectively reduce correlation in the encrypted images. 4.3. Key sensitivity analysis A good encryption technique should be sensitive to secret keys. In other words, a slight key difference should cause a great change in the decrypted images. In the experiments, we slightly change a secret key and thus use the changed keys to decrypt the encrypted image as shown in Fig. 4(i). Fig. 6 presents the decrypted results with wrong keys, where the first row is the results with a slightly changed key x(0) ¼0.500001 (a change with a precision of 10  6), the second row is the decrypted images with a changed key

x0 ¼0.550001, and the third row is the results with a wrong key k1 ¼12.000001 (a change with a precision of 10  6). It is clear that all decrypted results are still chaotic images, indicating the key sensitivity of our algorithm. 4.4. Histogram analysis Histogram is an important statistical feature of digital image. An ideal secure image encryption should produce the encrypted images with uniform histograms. Fig. 7(a)–(d) illustrate original histograms of Fig. 4(a)–(d). Since Arnold transform just changes pixel positions and keeps pixel values unchanged, histograms of its encrypted images are the same with their original ones as shown in Fig. 7(a)–(d). Fig. 7(e)–(h) are histograms of the encrypted Fig. 4 (a)–(d) generated by [15]. Clearly, they are different from Fig. 7(a)– (d), but are far away from uniform histogram. Fig. 7(i)–(l) present our encrypted results for the red, green, blue and alpha components of the PNG image. It is obvious that our histograms are uniformly distributed. From these results, we find that our algorithm is better than Arnold transform and [15] in histogram evaluation. To make theoretical analysis, we compare entropies of the encrypted images produced by different algorithms. Note that entropy is an efficient metric for security evaluation [28], which is defined as follows. HðEÞ ¼ 

LX 1 i¼0

Pðei Þlog 2 Pðei Þ

ð10Þ

8

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

where E ¼{e0, e1, …, eL  1} and P(ei) is the possibility of occurrence of ei. In general, the bigger the entropy, the more secure the algorithm is. For grayscale images, L¼ 256 and the theoretical maximum value of entropy is 8. Table 2 lists the original entropies of Fig. 4(a)–(d) and the entropies of the encrypted images generated by Arnold transform, [15] and our algorithm. It is observed that our entropies are all bigger than Arnold transform and [15], and are very close to the theoretical maximum value. This means that our algorithm is more secure than Arnold transform and [15]. Moreover, another quantitative metric called variance of histogram [29] is also exploited to conduct performance analysis. The variance of histogram is defined as follows.

4.6. Cryptanalysis

 1 LX 1  2 1 LX 1 zi  zj VðZÞ ¼ 2 2 L i¼0j¼0

ð11Þ

where Z ¼{z0, z1, …, z L  1}, zi (0 rirL 1) is the number of pixels with gray value equaling i, and L ¼256 for grayscale images. Generally, the smaller the variance value, the more secure the encryption algorithm is. Table 3 illustrates the original variances of histograms of Fig. 4(a)–(d), and the variances of histograms of their encrypted versions calculated by Arnold transform, [15] and our algorithm. Clearly, our variance values are much smaller than those of Arnold transform and [15]. For example, our average value of variances is 1082.414, while those of Arnold transform and [15] are 906341.812 and 159508.609, respectively. As a reference, the average value of variances reported in [29] is about 5000, which is bigger than our value but smaller than those of Arnold transform and [15]. This also illustrates that our algorithm is more secure than the compared algorithms. 4.5. Robustness test To evaluate robustness of our algorithm, we attack the encrypted PNG image as shown in Fig. 4(i) by salt & pepper noise and block removal. To do so, we firstly add salt & pepper noise with 0.01, 0.05, and 0.10 densities to the encrypted PNG image, respectively. Then, we decrypt these attacked images and obtain the reconstructed images as shown in Fig. 8. It is observed that image noises are randomly distributed in the reconstructed images. As noise density increases, its effect on the reconstructed images also increases. Secondly, we remove image blocks with Table 2 Entropy comparisons among different algorithms. Image

Fig. 4(a) Fig. 4(b) Fig. 4(c) Fig. 4(d) Average

Original entropy

7.5060 7.7067 7.1914 7.2010 7.4013

different sizes from the encrypted images and generate the attacked images as shown in Fig. 9. Then, we reconstruct the original images from the attacked encrypted images and obtain the results as shown in Fig. 10. It is found that when the block size is small, such as 40  40, the original images can be well constructed and few objects are missing. As the block size increases, such as 128  512, some objects in the decrypted images are missing. However, the main meanings of the original images can be clearly observed yet. From the above analysis, it is concluded that our algorithm is robust enough to moderate noise contamination and block missing.

Entropy of the encrypted result Arnold

[15]

Our

7.5060 7.7067 7.1914 7.2010 7.4013

7.9446 7.9621 7.8342 7.8600 7.9002

7.9993 7.9992 7.9993 7.9992 7.9992

Kerckhoffs's principle is a basic principle of modern cryptography, which illustrates that "A cryptographic system should be secure even if everything about the system, except the key, is public knowledge" [30]. This means that security of a cryptographic system is only dependent on secret keys, not the encryption/ decryption algorithm. Therefore, a successful cryptanalysis should accurately estimate secret keys (equivalent to recovering plaintext). In general, there are four kinds of attacks for cryptanalysis [14]. These attacks are as follows. (1) Ciphertext-only attack: Attacker only obtains some ciphertexts for analysis. (2) Knownplaintext attack: Attacker can obtain some pairs of plaintexts and ciphertexts. (3) Chosen-plaintext attack: Attacker can access the encryption machine temporarily. He/she can select some specific plaintexts to calculate their corresponding ciphertexts. (4) Chosenciphertext attack: Attacker can access the decryption machine temporarily. He/she can select some specific ciphertexts to recover their corresponding plaintexts. To resist these attacks, our algorithm exploits random bit-block swapping to achieve diffusion and uses chaotic map to alter pixel values randomly. These techniques ensure that it is difficult to observe useful trace between secret keys and plaintext/ciphertext. In other words, correct estimation of secret keys is almost impossible in practice. In fact, our algorithm has a large key space and is very sensitive to secret keys. This illustrates that our algorithm can satisfy Kerckhoffs's principle. Therefore, the above attacks are impractical for our algorithm. 4.7. Computational time We first take 10 grayscale images sized 512  512 as test images, and select 10 groups of four different grayscale images by different combinations of the test images. Then, we record the total consumed time of encrypting these 10 image groups and find the average time of encrypting four grayscale images. Moreover, computational time of Arnold transform (60 iterations), and Zhang and Liu's algorithm [15] is also evaluated. For these compared algorithms, we exploit them to encrypt the 10 test images, calculate the average time of processing a grayscale image, and find the total consumed time of encrypting four grayscale images. In the experiments, all algorithms are implemented with MATLAB

Table 3 Comparisons of variance of histogram among different algorithms. Image

Fig. 4(a) Fig. 4(b) Fig. 4(c) Fig. 4(d) Average

Original variance

562668.609 331358.914 1535878.750 1195460.976 906341.812

Variance of histogram of the encrypted result Arnold

[15]

Our

562668.609 331358.914 1535878.750 1195460.976 906341.812

79446.640 51721.687 296027.750 210838.359 159508.609

1047.375 1142.891 1035.125 1104.265 1082.414

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

Fig. 8. Reconstructed images under different salt & pepper noises.

Fig. 9. Encrypted images with block missing.

9

10

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

Fig. 10. Reconstructed images under different blocks missing.

Table 4 Computational time comparisons (Unit: second) Algorithm

One grayscale image

Four grayscale images

Arnold transform Zhang and Liu's algorithm [15] Our algorithm

0.608 7.009 

2.432 28.036 9.656

R2012a, running on a personal computer with 3.4 GHz Intel Core i5-3570 CPU and 4.0 GB RAM. Table 4 presents computational time of the assessed algorithms. Clearly, our algorithm is faster than Zhang and Liu's algorithm [15], but slower than Arnold transform.

5. Conclusions In this study, we have proposed an efficient encryption for converting four grayscale images to an encrypted PNG image. The proposed algorithm decomposes input images into bit-planes,

randomly swaps bit-blocks among different bit-planes, and conducts XOR operation between the scrambled images and secret matrix. Several secret keys are used to improve security of the proposed algorithm. Since our algorithm is a lossy method, it can accurately construct original images from the encrypted PNG image. Moreover, as our algorithm can encrypt four grayscale images each time, it can be applied to batch processing of a largescale image database with high performance. Many simulations have been done and the results have illustrated efficiency of our algorithm.

Acknowledgments This work is partially supported by the National Natural Science Foundation of China (61562007, 61300109, and 61363034), the Guangxi “Bagui Scholar” Teams for Innovation and Research, the Guangxi Natural Science Foundation (2015GXNSFDA139040), the Scientific and Technological Research Projects in Guangxi Higher

Z. Tang et al. / Optics and Lasers in Engineering 80 (2016) 1–11

Education Institutions (YB2014048 and KY2015LX006), the Project of the Guangxi Key Lab of Multi-source Information Mining & Security (15-A-02-02, 14-A-02–02, 13-A-03-01), the Project of Outstanding Young Teachers' Training in Higher Education Institutions of Guangxi (GXQG012013059), the Scientific Research and Technological Development Program of Guilin (20140103-17), and Guangxi Collaborative Innovation Center of Multi-source Information Integration and Intelligent Processing. The authors would like to thank the anonymous referees and the editor for their valuable comments and suggestions.

References [1] Wang X, Zhang Y, Bao X. A novel chaotic image encryption scheme using DNA sequence operations. Opt Lasers Eng 2015;73:53–61. [2] Chen W, Chen X. Arbitrarily modulated beam for phase-only optical encryption. J Opt 2014;16:105402 10pp. [3] Wang X, Liu L, Zhang Y. A novel chaotic block image encryption algorithm based on dynamic random growth technique. Opt Lasers Eng 2015;66:10–8. [4] Chen W, Chen X. Ghost imaging using labyrinth-like phase modulation patterns for high-efficiency and high-security optical encryption. EPL 2015;109:14001. [5] Xu L, Li Z, Li J, Hua W. A novel bit-level image encryption algorithm based on chaotic maps. Opt Lasers Eng 2016;78:17–25. [6] Qi D. Matrix transformation and its application to image hiding. J North China Univ Technol 1999;11:24–8 [in Chinese]. [7] Zhu L, Li W, Liao L, Li H. A novel algorithm for scrambling digital image based on cat chaotic mapping. Proc IIH-MSP 2006:601–4 2006. [8] Tang Z, Zhang X. Secure image encryption without size limitation using Arnold transform and random strategies. J Multimed 2011;6:202–6. [9] Tang Z, Lu X, Wei W, Wang S. Image scrambling based on bit shuffling of pixels. J Optoelectron  Laser 2007;18:1486–1488 [in Chinese]. [10] Martin K, Lukac R, Plataniotis KN. Efficient encryption of wavelet-based color images. Pattern Recognit 2005;38:1111–5. [11] Lin Q, Yin F, Mei T, Liang H. A blind source separation-based method for multiple images encryption. Image Vis Comput 2008;26:788–98.

11

[12] Liu H, Wang X. Color image encryption based on one-time keys and robust chaotic maps. Comput Math Appl 2010;59:3320–7. [13] Wang X, Yang L, Liu R, Kadir A. A chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn 2010;62:615–21. [14] Wang X, Teng L, Qin X. A novel colour image encryption algorithm based on chaos. Signal Process 2012;92:1101–8. [15] Zhang G, Liu Q. A novel image encryption method based on total shuffling scheme. Opt Commun 2011;284:2775–80. [16] Liu H, Wang X. Color image encryption using spatial bit-level permutation and high-dimension chaotic system. Opt Commun 2011;284:3895–903. [17] Wang Q, Guo Q, Zhou J. Double image encryption based on linear blend operation and random phase encoding in fractional Fourier domain. Opt Commun 2012;285:4317–23. [18] Wang Y, Quan C, Tay CJ. Nonlinear multiple-image encryption based on mixture retrieval algorithm in Fresnel domain. Opt Commun 2014;330:91–8. [19] Ping P, Xu F, Wang Z. Image encryption based on non-affine and balanced cellular automata. Signal Process 2014;105:419–29. [20] Wang X, Gu S, Zhang Y. Novel image encryption algorithm based on cycle shift and chaotic system. Opt Lasers Eng 2015;68:126–34. [21] Enayatifar R, Sadaei HJ, Abdullah AH, Lee M, Isnin IF. A novel chaotic based image encryption using a hybrid model of deoxyribonucleic acid and cellular automata. Opt Lasers Eng 2015;71:33–41. [22] Tang Z, Zhang X, Lan W. Efficient image encryption with block shuffling and chaotic map. Multimed Tools Appl 2015;74:5429–48. [23] Wang L, Song H, Liu P. A novel hybrid color image encryption algorithm using two complex chaotic systems. Opt Lasers Eng 2016;77:118–25. [24] Niu Y, Wang X. An anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 2011;16:1986–92. [25] Huang CK, Nien HH. Multi chaotic systems based pixel shuffle for image encryption. Opt Commun 2009;282:2123–7. [26] Pareek NK, Patidar V, Sud KK. Image encryption using chaotic logistic map. Image Vis Comput 2006;24:926–34. [27] Zhang Y, Wang X. Analysis and improvement of a chaos-based symmetric image encryption scheme using a bit-level permutation. Nonlinear Dyn 2014;77:687–98. [28] Wu Y, Zhou Y, Saveriades G, Agaian S, Noonan JP. Local Shannon entropy measure with statistical tests for image randomness. Inf Sci 2013;222:323–42. [29] Zhang Y, Wang X. A symmetric image encryption algorithm based on mixed linear–nonlinear coupled map lattice. Inf Sci 2014;273:329–51. [30] Kerckhoffs's principle. Available: 〈〈http://crypto-it.net/eng/theory/kerckhoffs. html〉〉, Accessed Oct. 20, 2015.