Optics Communications 285 (2012) 4887–4890

Contents lists available at SciVerse ScienceDirect

Optics Communications

0030-40

http://d

n Corr

E-m

journal homepage: www.elsevier.com/locate/optcom

An efficient image encryption algorithm based on S8 S-box transformationand NCA map

Iqtadar Hussain a,n, Tariq Shah a, Muhammad Asif Gondal b

a Department of Mathematics Quaid-i-Azam University, Islamabad, Pakistanb Department of Sciences and Humanities, National University of Computer & Emerging Sciences, Islamabad, Pakistan

a r t i c l e i n f o

Article history:

Received 19 February 2012

Received in revised form

4 June 2012

Accepted 5 June 2012Available online 20 June 2012

Keywords:

NCA map

S_8

Substitution box

Image encryption

18/$ - see front matter & 2012 Elsevier B.V. A

x.doi.org/10.1016/j.optcom.2012.06.011

esponding author.

ail address: iqtadarqau@gmail.com (I. Hussain

a b s t r a c t

In this manuscript we present a novel scheme for image encryption based on S8 substitution boxes and

NCA chaotic sequence. Furthermore, we analyze the strength of the proposed algorithm by applying it

to a color image and conclude that the projected algorithm can encrypt color image successfully and

secure against many classic attacks.

& 2012 Elsevier B.V. All rights reserved.

1. Introduction

The chaotic schemes are classified by their reliance on initialconditions and pseudo randomness. Furthermore, these schemeshave an interesting ability of creating confusion and diffusion inthe data. Basically the concept of confusion and diffusion isdirectly related to Substitution Permutation (S–P) network. Inthis paper, we execute the image encryption with the help of twointeresting concepts: one is the theory of substitution andpermutation network, and the other is Chaos Theory. Now thequestion is, why do we consider them? Firstly, S-box is the onlynonlinear module that is normally used in a block cipher. Throughthe substitution of gray value at each pixel of the image, it gainsthe dominant significance of encryption. Moreover, S-box isgenerated based on the S8 AES algorithm [1]. Therefore, it hasthe excellent properties of resisting the differential cryptanalysisand linear cryptanalysis, which unable an opponent to decipherand secure the details of the images. Secondly, because of ChaosTheory’s randomness and strong safety, it is also frequently usedin the encryption. Furthermore, it is easy to implement and easyto use. Therefore, we studied the algorithms using the twotheories. Concerning the structure of this paper, we first brieflyintroduced S-boxes and related concepts; then a standard algo-rithm is proposed. Afterwards, the experiments concerning the

ll rights reserved.

).

strength of the proposed method are performed. Finally, wepresent conclusion.

2. S8 S-boxes and encryption algorithm

In [1], S8 S-boxes are presented by the action of the symmetricgroup S8 on Advanced Encryption Standard substitution box,

f : S8 � AES:S�box-S8AES:S�box ð1Þ

The function f explains the construction algorithm of S8 AESS-box. In (1) permutation of the symmetric group S8 are appliedto the elements of the AES S - box, corresponding to everypermutation, one can get a new S8 S-box. So the total numberof S-boxes which are constructed by this method are 40,320,because the order of S8 is 40,320.

The standard algorithm is very simple, and it only needs twosteps as follows. Firstly, we take one of the 40,320S-boxes ‘‘whichare constructed in [1]’’. Secondly, we choose the objects of theexperiment. If the image is grayscale image, we can directly dothe substitution for each byte; if the image is three dimensional(RGB), we can turn them to the three-tier image, then follow thesubstitutions respectively and finally merge them.

Compared with other encryption algorithms, the advantages ofthis algorithm are as follows. The inherent characteristics of S-boxes make this algorithm withstand the differential cryptana-lysis and linear cryptanalysis. This algorithm can use differentparameters in choosing the S-boxes, and the effects do notchange. This shows that it is more flexible to select the algorithm

I. Hussain et al. / Optics Communications 285 (2012) 4887–48904888

parameters. Because the S-boxes are constructed in preprocessstage, we just need to know the serial number in the S-boxessequence. So the rate of this algorithm is faster than others, andthe time and space complexity of this algorithm are lower thanothers.

3. The improvement one: selecting different s-boxes for eachbyte the NCA map designs

In [2], the authors demonstrate that chaotic encryptionsystems can be easily attacked and in order to improve security,they suggested the adoption of nonlinear functions, limited in timeand space, to change the key continuously. In accordance with sucha principle, in this paper the NCA map uses the power function andtangent function instead of linear function. The NCA is defined as

XNþ1 ¼ ltgðaXNÞð1�XNÞb

Where

XN Að0,1Þ, n¼ 0,1,2,. . .

The ranges of parameters l, a and b will be discussed asfollows. Firstly, they are positive. Secondly, the absolute value ofthe slope of the curve at fixed point should not be less than 1 [3],and XNþ14XN when XN¼1/(1þb), therefore l may be defined as

l¼ mctgða=ð1þbÞÞð1þð1=bÞÞb, m40:

Finally, parameter m is obtained by experimental analysis; as aresult, m¼1�b�4. So the NCA map is defined as follows:

XNþ1 ¼ ð1�b�4Þctgða=ð1þbÞÞð1þð1=bÞÞbtgðaXNÞð1�XNÞ

b

where xnA(0,1), aA(0,1.4], bA[5,43], or xnA(0,1), aA(1.5,1.57],bA[3,15]. The range of a and b are obtained by iteration experi-mental analysis. In [4], many experiments have been done toshow that the NCA map is truly chaotic.

3.1. Proposed methodology

Based on the standard algorithm, the improvement algorithmis as follows: firstly, for each byte, we select the S-box using theserial number sequence which is created by the method of NCAchaos and the numbers in it are from 1 to 40,320; secondly wetraverse the entire image and make the substitution encryptionaccording to the standard algorithm, using the images to do theS-box substitution. As a result of this improvement, their timecomplexity and space complexity will increase as the sizebecomes larger. When we process the large image file, the speed

Fig. 1. Color plain-image (a) color pl

of encryption and decryption is too slow. Therefore, although it isnot advisable for the area of high-speed encryption and decryp-tion, it is desirable for small-size images.

The single round of S-boxes substitution encryption has twoconstant points: 0 and 1, and the key is so less that the encryptioncan be decoded in an accepted time. So here we choose the NCAmap sequence to create the serial number in the range of 1 to40,320. Using different S-boxes to make the N rounds of substitu-tion encryption, here N¼16. The steps of the algorithm are asfollows:

Step I: Construct the S-boxes sequence;Step II: Set encryption key for the plain-image, including

structural parameters. This can help us to get the Chaos NCAsequence from X0 to X (40,320) which is in the range from 0 to 1;

Step III: Let y0 ¼ bx0 � 40,320c, y1 ¼ bx1 � 40,320c,. . . thenwe can get the integer sequence which is in the range of 0 to40,320.

Step IV: According to the numbers in the sequence created bythe step three, choose the numbers as the index of the S-boxessequence. Then we can make the substitution encryption.

The key of the algorithm is the combination of three XN, a, b, land the number of rounds. Using the image of Pepper as theexample, the results are shown in Fig. 1. Compared with theimprovement ones, the encryption and decryption of this algo-rithm need more time. However, it has additional security. Thereasons are as follows:there are multiple rounds using differentS-boxes, and the number of rounds and the S-boxes used by eachround are too difficult to decode. The Chaos theory has guaran-teed that the key is hard to decode. This algorithm is more flexiblethan the improved one because the number of rounds and theinitial value can be changed according to the requirement.

3.2. Security analysis

A good encryption algorithm should resist statistical attacks. Inthis section, we will discuss the security analysis of the proposedencryption scheme.

4. Correlation

It is well known that adjacent image pixels are highly corre-lated in the plain image. In order to resist statistical attack, wemust decrease the correlation of two adjacent pixels in theciphered image [5]. Calculate the correction coefficient of each

ain-image and (b) cipher-image.

Table 4Comparison of correlations between Red, Green, Blue components.

Correlation Adjacent position

between Red, Green

components

Adjacent position

between Red, Blue

components

Adjacent position

between Green,

Blue components

Proposed

scheme

�0.011694 �0.00675 �0.036334

Rhouma’s 0.248026 0.139054 0.171310

Sahar’s 0.305352 0.204247 0.252515

Liu’s 0.231220 0.125403 0.161153

Table 5NPCR and UACI of ciphered image with one bit difference between the

plain image.

Image name Item Proposed Image size 512�512 Ref. [9]

Ref. [8]

Pepper NPCR Red 0.8668463 0.9960365 0.0003814

Green 0.8668011 0.9959035 0.0003814

Blue 0.8668070 0.9959488 0.0003814

UACI Red 0.3251028 0.3339424 0.0000580

Green 0.3243820 0.3349684 0.0000534

Blue 0.3242398 0.3338638 0.0000291

I. Hussain et al. / Optics Communications 285 (2012) 4887–4890 4889

pair using the following formulas:

RAB ¼ covðA,BÞ=ffiffiffiffiffiffiffiffiffiffiDðAÞ

p ffiffiffiffiffiffiffiffiffiffiDðBÞ

pwhere

DðAÞ ¼ 1=NXN

i ¼ 1

ðAi�EðAÞÞ2

covðA,BÞ ¼ 1=NXN

i ¼ 1

ðAi�EðAÞÞðBi�EðBÞÞ

EðAÞ ¼ 1=NXN

i ¼ 1

Ai

where A and B are gray-scale values of two adjacent pixels in theimage. We randomly select 3000 pairs of two adjacent pixels fromplain image, Fig. 1(a), and ciphered image, Fig. 1(b), to calculatethe correction coefficient. From Table 1 we can see that thecorrelation coefficient of ciphered image is much smaller thanthat of plain image, so the chaotic encryption algorithm satisfieszero co-correlation. In the colored image, the correlationsbetween Red, Green and Blue components are high. The previousalgorithms for color image used the same method to encrypt itsRed, Green and Blue components. They neglected the correlationsbetween Red, Green and Blue components. In this paper, weencrypt the three components and make them affect each other. Itcan reduce the correlations between these components effec-tively. We calculate the same position correlations and relatedadjacent position correlations between Red, Green and Bluecomponents of plain image and ciphered image. Tables 2 and 3show the results, respectively. Tables 2 and 3 show that thecorrelation coefficient between three components of cipheredimage is much smaller than that of plain image. The proposedalgorithm can mask the correlations between Red, Green and Bluecomponents effectively and resist the statistical attacks. Thecorrelation coefficient values between three components ofciphered image are much better than those of Rhouma’s [6],

Table 1Correlation coefficients of Red, Green, Blue components of plain image and

ciphered image.

Correlation Red component Green component Blue component

Plain image 0.817970 0.816331 0.729072

Ciphered image �0.020889 �0.028110 �0.005104

Table 2Same position correlations between Red, Green, Blue components.

Correlation Same position

between Red,

Green components

Same position

between Red, Blue

components

Same position

between Green,

Blue components

Plain image 0.735625 0.569469 0.713084

Ciphered image �0.002803 �0.040968 0.011267

Table 3Adjacent positional correlations between Red, Green, Blue components.

Correlation Adjacent position

between Red,

Green components

Adjacent position

between Red, Blue

components

Adjacent position

between Green,

Blue components

Plain image 0.724585 0.560971 0.710684

Ciphered image �0.011694 �0.00675 �0.035334

Sahar’s [7] and Liu’s [8]. The values are plotted in Table 4, whichshows that our scheme can greatly decrease the correlationsbetween Red, Green and Blue components.

5. NPCR and UACI analysis

NPCR stands for the number of pixels change rate while onepixel of the plain image changed. The more NPCR gets close to100%, the more sensitive the cryptosystem is to the changing ofplain image and more effective for the cryptosystem to resistplaintext attack. UACI stands it is for the average intensity ofdifferences between the plain image and ciphered image. Thebigger UACI is more effective for the cryptosystem to resistdifferential attack.

NPCR¼X

l,m,nDðl,m,nÞ=P � Q � 3� 100%

UACI¼ 1=P � Q � 3Xl,m,n

C1ðl,m,nÞ�C2ðl,m,nÞ=255

!� 100%

where C1 and C2 are cipher images analogous to two original-images differing by one byte, and D (l, m, n) is of size M�N�3defined by

Dðl,m,nÞ ¼1 if C1ðl,m,nÞ ¼ C2ðl,m,nÞ

0 otherswise

�

Table 5 shows that the proposed algorithm satisfies the NPCRand UACI analysis with very good readings.

6. Conclusion

In this paper, we proposed a novel image encryption schemebased on the NCA chaotic system and cryptographically secure S8

Advanced Encryption Standard (AES) substitution boxes. The max-imum differential and linear approximation probabilities of the S8

S-boxes, calculated for a typical initial condition, are very low thatis why we make use of these boxes. For colored image encryption,most of the previous algorithms encrypted its Red, Green and Bluecomponents, respectively. They neglected the correlations betweenRed, Green, Blue components. In this paper, we use a chaotic

I. Hussain et al. / Optics Communications 285 (2012) 4887–48904890

system to encrypt Red, Green, Blue components of a colored imageat the same time and make these three components affect eachother. One of the main significance of proposed algorithm is itsresistance against algebraic and statistical attacks due to substitu-tion box confusion. The use of permutation of S8 (symmetric group)incorporates diffusion in the propose algorithm. So the use ofsubstitution and permutation network and chaos make this algo-rithm invulnerable against differential and linear attacks.

References

[1] I. Hussain, T. Shah, H. Mahmood, International Journal of Contemporary.Mathematical Science 5 (26) (2010) 1263.

[2] M.I. Sobhy, A.R. Shehata, IEEE Acoust Speech Signal Process (2001) 1001.[3] D.D. Wheeler, R.A.J. Matthews, Cryptologia 15 (1991) 40.[4] L.H. Zhang, X.F. Liao, X.B. Wang, Chaos, Solitons and Fractals 24 (2005) 759.[5] G.R. Chen, Y.B. Mao, et al., Chaos, Solitons and Fractals 21 (2004) 749.[6] R. Rhouma, M. Soumaya., B. Safya., Chaos, Solitons and Fractals 40 (1) (2009)

309.[7] M. Sahar, M.E. Amir, Chaos, Solitons and Fractals 42 (3) (2009) 1745.[8] H.J. Liu, X.Y. Wang., Computers and Mathematics with Applications 59 (10)

(2010) 3320.[9] Q. Guo., Z.G. Liu., S.T. Liu, Optics and Lasers in Engineering 48 (12) (2010)

1174.