2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International

Conference on Ubiquitous Computing and Communications (ISPA/IUCC)

A Novel Parallel Image Encryption Scheme Using Chaos

Chong Fu*, Gao-yuan Zhang, Mai Zhu, Li-ying Cong, Wei-min Lei
School of Computer Science and Engineering
Northeastern University
Shenyang 110004, China
E-mail: [email protected]

Abstract—In recent years, chaos-based image cipher has been
widely studied and a growing number of schemes based on
permutation-substitution architecture have been proposed. To
better meet the challenge of real-time secure image
communication applications, this paper suggests a new image
encryption scheme using a parallel substitution. In the
permutation stage, the Arnold cat map is employed to shuffle
the pixel positions so as to erase the strong relationship
between adjacent pixels. In the substitution stage, the
scrambled image is firstly decomposed into eight bit-planes
which are then parallelly mixed with keystreams generated by
the chaotic logistic map. Theoretically, the parallel substitution
strategy runs eight times faster than the serial strategy on an 8-
thread processor as the volume of data processed by each
substitution unit is 1/8 of that of the input image. Experimental
results show that the proposed parallel scheme runs more than
five times faster than the serial scheme. Extensive security
analysis is carried out with detailed analysis, demonstrating
the satisfactory security of the proposed scheme.
Keywords- image cipher; Arnold cat map; parallel
substitution; bit-plane; logistic map
I. INTRODUCTION
Image encryption technology has been widely
investigated over the past two decades or so to meet the
increasing demand for real-time secure image transmissions
over public networks. Existing studies have shown that
though modern block ciphers such as DES and AES can be
applied to any kind of data, they are not suitable for practical
image encryption. This is because the security of these
algorithms is mainly ensured by their high computational
cost, and they are difficult to meet the demand for online
communications when dealing with digital images
characterized by bulk data capacity. Thanks to the intrinsic
properties of chaos, such as extreme sensitivity to initial
conditions, ergodicity and long term unpredictability, the
chaos-based image encryption technology has suggested a
promising direction. The permutation-substitution structure,
which is proposed by Fridrich in 1998 [1], is widely used in
the construction of secure image ciphers. Under this structure,
the positions of the pixels in the original image are firstly
scrambled in a pseudorandom mannerwith the purpose of
erasing the strong relationship between adjacent pixels. Then
the pixels values are sequentially mixed with a chaotic
keystream sequence so as to confuse the relationship
between cipher-image and plain-image. The whole
permutation-substitution operation is often performed for
several rounds according to the security requirement.
To better meet the challenge of real-time secure image
communication applications, much work has been done in
recent years on improving the efficiency of chaos-based
image encryption technology. Many of the existing studies
have pointed out that the substitution procedure consumes
the highest percentage of execution time of a permutation-
substitution type image cipher. This is because a
considerable amount of computation load is devoted to
chaotic system iteration and the subsequent quantization
required by the keystream generation. Therefore, the key to
improving the speed performance of a chaos-based image
cipher is by either reducing the computational complexity of
the substitution procedure or the number of cipher cycles.
For instance, in [2], Xiang et al. investigated the feasibility
of selective image encryption on a bit-plane. It was
concluded that only selectively encrypting 50% of the whole
image data can gain an acceptable security. Therefore, the
encryption time was substantially reduced. In [3-6], schemes
with certain substitution effect introduced in the permutation
stage are proposed. As the pixel value mixing effect is
contributed by both stages, the number of iteration rounds
required by the substitution procedure is reduced, and hence
the performance of the cryptosystem is improved. In [7],
Wong et al. proposed a more efficient diffusion mechanism
using simple table lookup and swapping techniques as a
light-weight replacement of the 1D chaotic map iteration. In
[8], Fu et al. proposed a novel bidirectional diffusion strategy
to minimize the number of cipher rounds needed to spread
the influence of each individual pixel over the entire cipher-
image. It is demonstrated that their scheme takes one round
of permutation and two rounds of substitution to obtain a
satisfactory diffusion effect.
With the advancements of semiconductor technologies,
multi-core processors have become commonplace and are
used widely across many application domains including
general-purpose, embedded, network, digital signal
processing as well as graphics. Unfortunately, most of the
existing chaos-based image ciphers are designed for serial
computation. Taking full advantage of multi-core processors,
this paper suggests a fast chaos-based image encryption
scheme using a parallel substitution. Results of efficiency
analysis indicate that the speed of the proposed parallel
scheme is approximately five times faster than that of serial
scheme. The remainder of this paper is organized as follows.

0-7695-6329-5/17/31.00 ©2017 IEEE 1199

DOI 10.1109/ISPA/IUCC.2017.00180
Section 2 presents the architecture of the proposed image
cryptosystem. Section 3 discusses the image scrambling
algorithm based on Arnold cat map. Then the detailed
substitution procedure is described in Section 4. In Section 5,
the proposed image cryptosystem is analyzed with respect to
both security and efficiency, including key space analysis,
key sensitivity analysis, various statistical analyses, and
speed performance analysis. Finally, conclusions are drawn
in the last section.
II. ARCHITECTURE OF THE PROPOSED IMAGE
CRYPTOSYSTEM
The improvement in performance gained by the use of a
parallel algorithm depends very much on the task
decomposition strategy. As is known, a grayscale image
typically uses gray levels that range from 0 (zero level
intensity of light) to 255 (full intensity). In digital computer
system, each such value are represented by an 8-bit format,
given by
G ( x, y ) b(7)b(6)b(5) "b(0)    
where G(x, y) is the value of the pixel at coordinate (x, y) and
the number in parentheses indicates the bit index from
highest bit 7 to the lowest bit 0. Consequently, we can
decompose a 256 gray-level image into eight independent
bit-planes and each bit-plane is a binary image because there
are only two possible intensity values (0 and 1) for each
pixel. Based on the above discussion, the architecture of the
proposed image cipher is designed as shown in Fig. 1.
Figure 1. Architecture of the proposed cryptosystem
The plain-image is firstly scrambled by using a 2-D area-
preserving chaotic map. Next, the scrambled image is
1200
decomposed into eight bit-planes, which are then parallelly
substituted by mixing with chaotic keystream sequences.
Finally, we can combine the eight ciphered bit-planes and
obtain the output cipher-image. The permutation and
substitution operations can be iterated a number of times
according to the security requirement. Theoretically, the
proposed parallel substitution strategy runs eight times faster
than the serial strategy on an 8-thread processor as the
volume of data assigned to each substitution unit is 1/8 of
that of the input image. The detailed permutation and
substitution procedures will be discussed in the next two
sections.
III. IMAGE PERMUTATION BASED ON ARNOLD CAT MAP
In the permutation stage, three chaotic area-preserving
maps, i.e., the Arnold cat map, the baker map and the
standard map are most commonly used to scramble the
pixels positions of an image. In our scheme, the generalized
Arnold cat map, whose mathematical formula is described as
follows, is chosen due to its lowest computational
complexity.
ª xn 1 º ª1 a º ª xn º ª xn º
mod 1 A « » mod 1, 
«y » «b » « »
ab  1¼ ¬ yn ¼
¬ n 1 ¼ ¬ ¬ yn ¼
where a and b are control parameters, and x mod 1 means the
fractional part of x for any real number x. The map is a
chaotic bijection from a unit square onto itself since det|A|=1.
In order to incorporate generalized chaotic cat map into
image encryption that operated on a finite set, it has to be
discretized, while reserving some of its useful features such
as the mixing property and the sensitivity to initial conditions
and parameters. The discretized version cat map can be
obtained simply by changing the range of (x, y) from the unit
square to the discrete lattice SL×SL, where SL indicates the
side length of a square image.
ª xn 1 º ª1 a º ª xn º ª xn º 
«y » mod S L A « » mod S L .
¬ n 1 ¼
«b
¬ ab  1»¼ «¬ yn »¼ ¬ yn ¼
Evidently, the parameters a, b and the number of iterations m
are both immediate candidates for a part of permutation key,
as they jointly uniquely determine the pixel positions
transformation process.
The application of the cat map to the standard “barche”
test image (256×256 pixels, 256 gray levels) is demonstrated
in Fig. 2. Fig. 2(a) shows the original image, and Figs. 2(b)-
(d) show the results of applying the generalized discretized
cat map once, twice, and three times, respectively. The
control parameters a and b are set to 10 and 5, respectively.
As can be seen from this figure, after only one round of
permutation, the test image is completely unrecognizable.
Figs. 3(a)-(h) illustrate the eight bit-planes extracted from
the scrambled image (Fig.2 (d)) in the order from the most
significant bit to the least significant bit. It can be seen from
this figure that the bits in all the eight bit-planes are evenly
distributed, and this means an attacker cannot get any
information about the original image directly from a
successfully broken substitution unit.

(a) (b) (c) (d)
Figure 2. The application of the cat map: (a) The “barche” test image
(256×256 pixels, 256 gray levels), (b) The test image after applying the cat
map once, (c) The test image after applying the cat map twice times, (d)
The test image after applying the cat map three times.
(a) (b) (c) (d)
(e) (f) (g) (h)
Figure 3. Bit-planes of the scrambled image: (a)-(h) are the bit-planes
from the highest bit to the lowest, respectively.
IV. PARALLEL SUBSTITUTION BASED ON CHAOTIC
LOGISTIC MAP
In the substitution stage, the eight bit-planes are
parallelly mixed with keystream sequences generated by
iterating the logistic map, given by
xn1 Pxn (1  xn )  xn  [0, 1], P [0, 4],
where ȝ and x are parameter and state variable, respectively.
If one chooses ȝę[3.57, 4], the system is chaotic. Similarly,
the initial value x0 and parameter ȝ of the logistic map are
both immediate candidates for a part of the substitution key.
The detailed processing procedures of a substitution unit are
described as follows:
Step 1: Arrange the bits in a scrambled bit-plane into a 1-
D binary array binData={b1, b2, …, bN×N} in the order from
left to right, top to bottom. To further increase the
computational efficiency, every eight binary pixels are
grouped together to form one pixel with 256 gray levels and
hence we get a byte array imgData={p1, p2, …, pN×N/8}.
Step 2: Pre-iterate the map (4) for T0 times to avoid the
harmful effect of transitional procedure where T0 is a
constant. It should be noticed that the values of 0.5 and 0.75
are two ‘bad’ points, trapping the iterations to the fixed
points 0 and 0.75, respectively. If this case is encountered, a
slight perturbation should apply.
Step 3: Continue the iterated for (N×N)/8 times. For each
iteration, the current value of the state variable x is stored
into an array logSeq={ls0, ls1, ls2, …, ls(N×N)/8í1}.
Step 4: Extract a substitution keystream subKstr={sk0,
sk1, …, sk(N×N)/8í1} from logSeq according to
skn mod[sig (lsn , m), GL ], (5)
where sig(x, m) returns the m most significant decimal digits
in x, mod(x, y) divides x by y and returns the remainder of the
division, and GL is the number of gray levels in the input
image. A m value of 15 is recommended as the state variable
is declared as double-precision type in our scheme, which
has 15 or 16 decimal places of accuracy.
Step 5: Mix the values of pixels in imgData sequentially
according to Eq. (6).
cn skn † ª¬ mod ( pn  skn ), GL º¼ † cn 1 , 
where cn and cn௅1 are the output and previous ciphered pixels,
respectively, and Ͱ performs bit-wise exclusive OR
operation. One may set the initial value c௅1 as a constant.
Step 6: Repeat Step 5 a number of times according to the
security requirement.
Step 7: Combine the eight ciphered bit-planes to produce
the output cipher-image.
The decryption procedure is similar to that of the
encryption process except that some steps are followed in a
reversed order. Particularly, the inverse of Eq. (6) is given by

pn mod ª¬ skn † cn † cn1  GL  skn , GL º¼ .
V. SECURITY ANALYSIS
A. Key Space Analysis
For an effective cryptosystem, the key space should be
large enough to defend against a brute-force attack over it.
As aforementioned, the secret key of the proposed
cryptosystem consists of two parts: the permutation key Kperm

and the substitution key Ksub. Kperm is composed of the
control parameters (a, b) and iteration times m of the cat map,
where a, bę[1, SL], and męN+. Therefore the total number
of permutation key is (SL2)m. Ksub is composed of the initial
condition x0 and parameter ȝ of logistic map, where x0 and ȝ
are in the range [0, 1] and [3.57, 4], respectively. According
to the IEEE floating-point standard, the computational
precision of the 64-bit double-precision number is about 10-
15
. Therefore, the total number of possible values of x0 and ȝ
are approximately 1015 and 4.3×1014, respectively. Clearly,
different substitution units can start with different
substitution keys as they work independently of each other.
However, considering that the security of the permutation
operation is relatively weak, breaking one substitution unit
may reveal sufficient information describing the content of
the original image. Therefore, the size of Ksub should be the
total number of possible combinations of (x0, ȝ) that used in
a single diffusion unit, i.e., Ksub § 1015×4.3×1014= 4.3×1029.
The two parts Kperm and Ksub are independent of each other,
and thereby the key space of the proposed cryptosystem is
KS K perm u K sub | 4.3 u1029 u ( S L 2 ) m . 
Here, it is proposed to take m=3. If N • 256, the total size
satisfies
1201
 KS | 2139. 
Generally, cryptographic algorithms with key space
greater than 2100 are considered to be “computational
security” as the number of operations required to try all
possible 2100 keys is widely considered out of reach for
conventional digital computing techniques for the
foreseeable future. Therefore, the proposed scheme is secure
against brute-force attack.
B. Key Sensitivity Analysis
To evaluate the key sensitivity of the proposed
cryptosystem, the “barche” test image is firstly encrypted
using a randomly chosen secret key (a=33, b=71, x0=0.7,
ȝ0=3.9), and the resulting cipher image is shown in Fig. 4(a).
Then the ciphered image is tried to be decrypted using five
decryption keys, with the first one exactly the same as the
encryption key and the other four having only one-bit
difference to each part of the encryption key, respectively.
The resulting decrypted images are shown in Figs. 4(b)-(f),
respectively, from which we can see that even an almost
perfect guess of the key does not reveal any information
about the plain-image. Therefore, it can be concluded that
the proposed algorithm fully satisfies the key sensitivity
requirement.
(a) (b) (c)
(d) (e) (f)
Figure 4. Results of key sensitivity test.
C. Statistical Analysis
1) Frequency distribution of pixel values
A good image cryptosystem should flatten the frequency
distribution of cipher-pixels values as such information has
the potential to be exploited in a statistical attack. Histogram
analysis is often used as a qualitative check for data
distribution. An image histogram is a graphical
representation showing a visual impression of the
distribution of pixels values by plotting the number of pixels
at each grayscale level. The histograms of the “barche” test
image (Fig. 5(a)) and its output cipher-image (Fig. 5(c))
produced by the proposed scheme are shown in Figs. 5(b)
and (d), respectively. It can be seen from this figure that the
histograms of the cipher-image are fairly uniform and hence
no information about the plain-image can be gathered
through histogram analysis.

(a) (b) (c) (d)
Figure 5. Histogram analysis: (a) original image, (b) histogram of original
image, (c) cipher-image, (d) histogram of cipher-image.
The distribution of pixel values can be further
quantitatively determined by calculating the information
entropy of the image. The information entropy is usually
expressed by the average number of bits needed to store or
communicate one symbol in a message, as described by
N
H ( X ) ¦ P( xi ) log 2 P( xi ),  
i 1
where X is a random variable with N outcomes {x1, ..., xN}
and P(xi) is the probability mass function of outcome xi. It’s
obvious from Eq. (10) that the entropy for a random source
emitting N symbols is H(X)=log2N. For instance, for a
ciphered image with 256 gray levels, the entropy should
ideally be H(X)=8, otherwise there exists certain degree of
predictability which threatens its security. Using the above
formula we obtain the entropies of the plain-image and its
corresponding cipher-image are 7.1149 and 7.9971
respectively. This means the proposed algorithm produces
outputs with perfect randomness and hence is robust against
frequency analysis.
2) Correlation of adjacent pixels
The simplest way to investigate the relationship between
two adjacent pixels in an image is to use a scatter plot, which
is carried out as follows. First, randomly select Sn pairs of
adjacent pixels in each direction from the image. Then, the
selected pairs is displayed as a collection of points, each
having the value of one pixel determining the position on the
horizontal axis and the value of the other pixel determining
the position on the vertical axis. Figs. 6(a)௅(c) and (d)௅(f)
show the scatter diagrams for horizontally, vertically and
diagonally adjacent pixels in the “barche” test image and its
output cipher-image, respectively. As can be seen from Figs.
6(a)௅(c), most points are clustered around the main diagonal,
whereas those in Figs. 6(d)௅(f) are fairly evenly distributed.
The results indicate that the proposed scheme can effectively
eliminate the correlation between adjacent pixels in an
original image.
To further quantify and compare the correlations of
adjacent pixels in a plain-image and its output cipher-image,
the correlation coefficient rx,y is calculated by using the
following formulas:
Sn
1
Sn
¦ ( x  x )( y  y )
i i
rxy i 1
,  
§ 1 Sn
·§ 1 Sn
·
¨ ¦ ( xi  x ) 2 ¸¨ ¦ ( yi  y ) 2 ¸
© Sn i 1 ¹© Sn i 1 ¹
1202
 SN SN TABLE II. ENCRYPTION SPEED OF THE NEW PARALLEL SCHEME AND
1 1
 x
SN
¦x ,
i 1
i y
SN
¦ y ,
i 1
i
  THE CONVENTIONAL SERIAL SCHEME

Encryption Speed (ms)

where xi and yi are grayscale values of the ith pair of adjacent
pixels.
The correlation coefficients for two adjacent pixels in the
“barche” test image and its corresponding cipher-image are
calculated in three directions according to Eqs. (11)-(12), and
the results are listed in TABLE I. It can be seen from this
table that the correlation coefficients for adjacent pixels in
the output cipher-images are very close to zero, and it further
supports the conclusion drawn from Fig. 6.
(a) (b) (c)
(d) (e) (f)
Figure 6. Graphical analysis for correlation of adjacent pixels: (a)௅(c) and
(d)௅(f) are scatter diagrams for horizontally, vertically and diagonally
adjacent pixels in the “barche” test image and its corresponding cipher-
image, respectively.
TABLE I. CORRELATION COEFFICIENTS FOR TWO ADJACENT PIXELS
IN PLAIN-IMAGE AND CIPHER-IMAGE
Direction Plain-image Cipher-image
horizontal 0.9391 í0.0082
vertical 0.9369 0.0205
diagonal 0.8895 í0.0134
D. Speed Performance
To evaluate the computational efficiency improvement of
the proposed scheme, the running speed is analyzed in this
section. TABLE II lists the time required for encrypting
images with different size by using the new parallel and the
conventional serial schemes. The processor employed in the
tests is Intel Xeon E3-1230v1 (3.2GHz, 4 cores, 8 threads).
As can be seen from this table, the parallel scheme runs more
than five times faster than the serial scheme when applied to
images of size greater than 512×512. There is no such a
significant increase in running speed when applying the new
scheme to images of relatively small size (e.g. 256×256).
This is because the bit-plane extraction operation occupies a
significant proportion of the whole computation cost when
dealing with small images. With such a speed, the proposed
cryptosystem is appropriate to be used for real-time secure
image communication applications, where the encryption
time should be short relative to the transmission time.
Image Size
Parallel scheme Serial scheme
256×256 12.0 26.2
512×512 21.4 106.9
1024×1024 77.9 428.6
2048×2048 328.6 1692.0
VI. CONCLUSIONS
This paper has proposed a new chaos-based image
encryption scheme using a parallel substitution. In the
permutation stage, the pixel positions are scrambled by using
the Arnold cat map. In the substitution stage, the eight bit-
planes of the scrambled image are parallelly mixed with
keystream sequences generated by iterating the logistic map.
Compared with serial substitution strategy, the computation
time of the proposed parallel strategy will be theoretically
decreased by seven times as the volume of data processed by
each substitution unit is only 1/8 of that of the input image.
Experimental results have shown that the proposed parallel
scheme runs more than five times faster than the serial
scheme. Both theoretical analyses and experimental results
indicate the new image cipher has a high security level.
Therefore, the proposed scheme has excellent potential for
practical real-time image encryption applications.
ACKNOWLEDGMENT
This work was supported by the Fundamental Research
Funds for the Central Universities (No. N150402004), and
the Online Education Research Fund of MOE Research
Center for Online Education (Qtone Education) (No.
2016YB123).
REFERENCES
[1] J. Fridrich, “Symmetric ciphers based on two-dimensional chaotic
maps,” International Journal of Bifurcation and Chaos, vol. 8, no. 6,
pp. 1259-1284, 1998.
[2] T. Xiang, K. W. Wong, X. F. Liao, “Selective image encryption using
a spatiotemporal chaotic system,” Chaos, vol. 17, no. 2, pp. 023115,
2007.
[3] K. W. Wong, B. S. H. Kwok, and W. S. Law, “A fast image
encryption scheme based on chaotic standard map,” Physics Letters A,
vol. 372, no. 15, pp. 2645-2652, 2008.
[4] C. Fu, W. H. Meng, Y. F. Zhan, et al, “An efficient and secure
medical image protection scheme based on chaotic maps,” Computers
in biology and medicine, vol. 43, no. 8, pp. 1000-1010, 2013.
[5] C. Fu, J. B. Huang, N. N. Wang, et al, “A symmetric chaos-based
image cipher with an improved bit-level permutation strategy,”
Entropy, vol. 16, no. 2, pp. 770-788, 2014.
[6] Chen J, Zhu Z L, Fu C, et al. A fast image encryption scheme with a
novel pixel swapping-based confusion approach[J]. Nonlinear
Dynamics, 2014, 77(4): 1191-1207.
[7] K. W. Wong, B. S. H. Kwok, and C. H. Yuen, “An efficient diffusion
approach for chaos-based image encryption,” Chaos Solitons &
Fractals, vol. 41, no. 5, pp. 2652-2663, 2009.
[8] C. Fu, J. J. Chen, H. Zou, W. H. Meng, Y. F. Zhan, and Y. W. Yu, “A
chaos-based digital image encryption scheme with an improved
diffusion strategy,” Optics Express, vol. 20, no. 3, pp. 2363-2378,
2012.

1203