Optics Communications 285 (2012) 4887–4890
Contents lists available at SciVerse ScienceDirect
Optics Communications
0030-40
http://d
n Corr
E-m
journal homepage: www.elsevier.com/locate/optcom
An efficient image encryption algorithm based on S8 S-box transformationand NCA map
Iqtadar Hussain a,n, Tariq Shah a, Muhammad Asif Gondal b
a Department of Mathematics Quaid-i-Azam University, Islamabad, Pakistanb Department of Sciences and Humanities, National University of Computer & Emerging Sciences, Islamabad, Pakistan
a r t i c l e i n f o
Article history:
Received 19 February 2012
Received in revised form
4 June 2012
Accepted 5 June 2012Available online 20 June 2012
Keywords:
NCA map
S_8
Substitution box
Image encryption
18/$ - see front matter & 2012 Elsevier B.V. A
x.doi.org/10.1016/j.optcom.2012.06.011
esponding author.
ail address: [email protected] (I. Hussain
a b s t r a c t
In this manuscript we present a novel scheme for image encryption based on S8 substitution boxes and
NCA chaotic sequence. Furthermore, we analyze the strength of the proposed algorithm by applying it
to a color image and conclude that the projected algorithm can encrypt color image successfully and
secure against many classic attacks.
& 2012 Elsevier B.V. All rights reserved.
1. Introduction
The chaotic schemes are classified by their reliance on initialconditions and pseudo randomness. Furthermore, these schemeshave an interesting ability of creating confusion and diffusion inthe data. Basically the concept of confusion and diffusion isdirectly related to Substitution Permutation (S–P) network. Inthis paper, we execute the image encryption with the help of twointeresting concepts: one is the theory of substitution andpermutation network, and the other is Chaos Theory. Now thequestion is, why do we consider them? Firstly, S-box is the onlynonlinear module that is normally used in a block cipher. Throughthe substitution of gray value at each pixel of the image, it gainsthe dominant significance of encryption. Moreover, S-box isgenerated based on the S8 AES algorithm [1]. Therefore, it hasthe excellent properties of resisting the differential cryptanalysisand linear cryptanalysis, which unable an opponent to decipherand secure the details of the images. Secondly, because of ChaosTheory’s randomness and strong safety, it is also frequently usedin the encryption. Furthermore, it is easy to implement and easyto use. Therefore, we studied the algorithms using the twotheories. Concerning the structure of this paper, we first brieflyintroduced S-boxes and related concepts; then a standard algo-rithm is proposed. Afterwards, the experiments concerning the
ll rights reserved.
).
strength of the proposed method are performed. Finally, wepresent conclusion.
2. S8 S-boxes and encryption algorithm
In [1], S8 S-boxes are presented by the action of the symmetricgroup S8 on Advanced Encryption Standard substitution box,
f : S8 � AES:S�box-S8AES:S�box ð1Þ
The function f explains the construction algorithm of S8 AESS-box. In (1) permutation of the symmetric group S8 are appliedto the elements of the AES S - box, corresponding to everypermutation, one can get a new S8 S-box. So the total numberof S-boxes which are constructed by this method are 40,320,because the order of S8 is 40,320.
The standard algorithm is very simple, and it only needs twosteps as follows. Firstly, we take one of the 40,320S-boxes ‘‘whichare constructed in [1]’’. Secondly, we choose the objects of theexperiment. If the image is grayscale image, we can directly dothe substitution for each byte; if the image is three dimensional(RGB), we can turn them to the three-tier image, then follow thesubstitutions respectively and finally merge them.
Compared with other encryption algorithms, the advantages ofthis algorithm are as follows. The inherent characteristics of S-boxes make this algorithm withstand the differential cryptana-lysis and linear cryptanalysis. This algorithm can use differentparameters in choosing the S-boxes, and the effects do notchange. This shows that it is more flexible to select the algorithm
I. Hussain et al. / Optics Communications 285 (2012) 4887–48904888
parameters. Because the S-boxes are constructed in preprocessstage, we just need to know the serial number in the S-boxessequence. So the rate of this algorithm is faster than others, andthe time and space complexity of this algorithm are lower thanothers.
3. The improvement one: selecting different s-boxes for eachbyte the NCA map designs
In [2], the authors demonstrate that chaotic encryptionsystems can be easily attacked and in order to improve security,they suggested the adoption of nonlinear functions, limited in timeand space, to change the key continuously. In accordance with sucha principle, in this paper the NCA map uses the power function andtangent function instead of linear function. The NCA is defined as
XNþ1 ¼ ltgðaXNÞð1�XNÞb
Where
XN Að0,1Þ, n¼ 0,1,2,. . .
The ranges of parameters l, a and b will be discussed asfollows. Firstly, they are positive. Secondly, the absolute value ofthe slope of the curve at fixed point should not be less than 1 [3],and XNþ14XN when XN¼1/(1þb), therefore l may be defined as
l¼ mctgða=ð1þbÞÞð1þð1=bÞÞb, m40:
Finally, parameter m is obtained by experimental analysis; as aresult, m¼1�b�4. So the NCA map is defined as follows:
XNþ1 ¼ ð1�b�4Þctgða=ð1þbÞÞð1þð1=bÞÞbtgðaXNÞð1�XNÞ
b
where xnA(0,1), aA(0,1.4], bA[5,43], or xnA(0,1), aA(1.5,1.57],bA[3,15]. The range of a and b are obtained by iteration experi-mental analysis. In [4], many experiments have been done toshow that the NCA map is truly chaotic.
3.1. Proposed methodology
Based on the standard algorithm, the improvement algorithmis as follows: firstly, for each byte, we select the S-box using theserial number sequence which is created by the method of NCAchaos and the numbers in it are from 1 to 40,320; secondly wetraverse the entire image and make the substitution encryptionaccording to the standard algorithm, using the images to do theS-box substitution. As a result of this improvement, their timecomplexity and space complexity will increase as the sizebecomes larger. When we process the large image file, the speed
Fig. 1. Color plain-image (a) color pl
of encryption and decryption is too slow. Therefore, although it isnot advisable for the area of high-speed encryption and decryp-tion, it is desirable for small-size images.
The single round of S-boxes substitution encryption has twoconstant points: 0 and 1, and the key is so less that the encryptioncan be decoded in an accepted time. So here we choose the NCAmap sequence to create the serial number in the range of 1 to40,320. Using different S-boxes to make the N rounds of substitu-tion encryption, here N¼16. The steps of the algorithm are asfollows:
Step I: Construct the S-boxes sequence;Step II: Set encryption key for the plain-image, including
structural parameters. This can help us to get the Chaos NCAsequence from X0 to X (40,320) which is in the range from 0 to 1;
Step III: Let y0 ¼ bx0 � 40,320c, y1 ¼ bx1 � 40,320c,. . . thenwe can get the integer sequence which is in the range of 0 to40,320.
Step IV: According to the numbers in the sequence created bythe step three, choose the numbers as the index of the S-boxessequence. Then we can make the substitution encryption.
The key of the algorithm is the combination of three XN, a, b, land the number of rounds. Using the image of Pepper as theexample, the results are shown in Fig. 1. Compared with theimprovement ones, the encryption and decryption of this algo-rithm need more time. However, it has additional security. Thereasons are as follows:there are multiple rounds using differentS-boxes, and the number of rounds and the S-boxes used by eachround are too difficult to decode. The Chaos theory has guaran-teed that the key is hard to decode. This algorithm is more flexiblethan the improved one because the number of rounds and theinitial value can be changed according to the requirement.
3.2. Security analysis
A good encryption algorithm should resist statistical attacks. Inthis section, we will discuss the security analysis of the proposedencryption scheme.
4. Correlation
It is well known that adjacent image pixels are highly corre-lated in the plain image. In order to resist statistical attack, wemust decrease the correlation of two adjacent pixels in theciphered image [5]. Calculate the correction coefficient of each
ain-image and (b) cipher-image.
Table 4Comparison of correlations between Red, Green, Blue components.
Correlation Adjacent position
between Red, Green
components
Adjacent position
between Red, Blue
components
Adjacent position
between Green,
Blue components
Proposed
scheme
�0.011694 �0.00675 �0.036334
Rhouma’s 0.248026 0.139054 0.171310
Sahar’s 0.305352 0.204247 0.252515
Liu’s 0.231220 0.125403 0.161153
Table 5NPCR and UACI of ciphered image with one bit difference between the
plain image.
Image name Item Proposed Image size 512�512 Ref. [9]
Ref. [8]
Pepper NPCR Red 0.8668463 0.9960365 0.0003814
Green 0.8668011 0.9959035 0.0003814
Blue 0.8668070 0.9959488 0.0003814
UACI Red 0.3251028 0.3339424 0.0000580
Green 0.3243820 0.3349684 0.0000534
Blue 0.3242398 0.3338638 0.0000291
I. Hussain et al. / Optics Communications 285 (2012) 4887–4890 4889
pair using the following formulas:
RAB ¼ covðA,BÞ=ffiffiffiffiffiffiffiffiffiffiDðAÞ
p ffiffiffiffiffiffiffiffiffiffiDðBÞ
pwhere
DðAÞ ¼ 1=NXN
i ¼ 1
ðAi�EðAÞÞ2
covðA,BÞ ¼ 1=NXN
i ¼ 1
ðAi�EðAÞÞðBi�EðBÞÞ
EðAÞ ¼ 1=NXN
i ¼ 1
Ai
where A and B are gray-scale values of two adjacent pixels in theimage. We randomly select 3000 pairs of two adjacent pixels fromplain image, Fig. 1(a), and ciphered image, Fig. 1(b), to calculatethe correction coefficient. From Table 1 we can see that thecorrelation coefficient of ciphered image is much smaller thanthat of plain image, so the chaotic encryption algorithm satisfieszero co-correlation. In the colored image, the correlationsbetween Red, Green and Blue components are high. The previousalgorithms for color image used the same method to encrypt itsRed, Green and Blue components. They neglected the correlationsbetween Red, Green and Blue components. In this paper, weencrypt the three components and make them affect each other. Itcan reduce the correlations between these components effec-tively. We calculate the same position correlations and relatedadjacent position correlations between Red, Green and Bluecomponents of plain image and ciphered image. Tables 2 and 3show the results, respectively. Tables 2 and 3 show that thecorrelation coefficient between three components of cipheredimage is much smaller than that of plain image. The proposedalgorithm can mask the correlations between Red, Green and Bluecomponents effectively and resist the statistical attacks. Thecorrelation coefficient values between three components ofciphered image are much better than those of Rhouma’s [6],
Table 1Correlation coefficients of Red, Green, Blue components of plain image and
ciphered image.
Correlation Red component Green component Blue component
Plain image 0.817970 0.816331 0.729072
Ciphered image �0.020889 �0.028110 �0.005104
Table 2Same position correlations between Red, Green, Blue components.
Correlation Same position
between Red,
Green components
Same position
between Red, Blue
components
Same position
between Green,
Blue components
Plain image 0.735625 0.569469 0.713084
Ciphered image �0.002803 �0.040968 0.011267
Table 3Adjacent positional correlations between Red, Green, Blue components.
Correlation Adjacent position
between Red,
Green components
Adjacent position
between Red, Blue
components
Adjacent position
between Green,
Blue components
Plain image 0.724585 0.560971 0.710684
Ciphered image �0.011694 �0.00675 �0.035334
Sahar’s [7] and Liu’s [8]. The values are plotted in Table 4, whichshows that our scheme can greatly decrease the correlationsbetween Red, Green and Blue components.
5. NPCR and UACI analysis
NPCR stands for the number of pixels change rate while onepixel of the plain image changed. The more NPCR gets close to100%, the more sensitive the cryptosystem is to the changing ofplain image and more effective for the cryptosystem to resistplaintext attack. UACI stands it is for the average intensity ofdifferences between the plain image and ciphered image. Thebigger UACI is more effective for the cryptosystem to resistdifferential attack.
NPCR¼X
l,m,nDðl,m,nÞ=P � Q � 3� 100%
UACI¼ 1=P � Q � 3Xl,m,n
C1ðl,m,nÞ�C2ðl,m,nÞ=255
!� 100%
where C1 and C2 are cipher images analogous to two original-images differing by one byte, and D (l, m, n) is of size M�N�3defined by
Dðl,m,nÞ ¼1 if C1ðl,m,nÞ ¼ C2ðl,m,nÞ
0 otherswise
�
Table 5 shows that the proposed algorithm satisfies the NPCRand UACI analysis with very good readings.
6. Conclusion
In this paper, we proposed a novel image encryption schemebased on the NCA chaotic system and cryptographically secure S8
Advanced Encryption Standard (AES) substitution boxes. The max-imum differential and linear approximation probabilities of the S8
S-boxes, calculated for a typical initial condition, are very low thatis why we make use of these boxes. For colored image encryption,most of the previous algorithms encrypted its Red, Green and Bluecomponents, respectively. They neglected the correlations betweenRed, Green, Blue components. In this paper, we use a chaotic
I. Hussain et al. / Optics Communications 285 (2012) 4887–48904890
system to encrypt Red, Green, Blue components of a colored imageat the same time and make these three components affect eachother. One of the main significance of proposed algorithm is itsresistance against algebraic and statistical attacks due to substitu-tion box confusion. The use of permutation of S8 (symmetric group)incorporates diffusion in the propose algorithm. So the use ofsubstitution and permutation network and chaos make this algo-rithm invulnerable against differential and linear attacks.
References
[1] I. Hussain, T. Shah, H. Mahmood, International Journal of Contemporary.Mathematical Science 5 (26) (2010) 1263.
[2] M.I. Sobhy, A.R. Shehata, IEEE Acoust Speech Signal Process (2001) 1001.[3] D.D. Wheeler, R.A.J. Matthews, Cryptologia 15 (1991) 40.[4] L.H. Zhang, X.F. Liao, X.B. Wang, Chaos, Solitons and Fractals 24 (2005) 759.[5] G.R. Chen, Y.B. Mao, et al., Chaos, Solitons and Fractals 21 (2004) 749.[6] R. Rhouma, M. Soumaya., B. Safya., Chaos, Solitons and Fractals 40 (1) (2009)
309.[7] M. Sahar, M.E. Amir, Chaos, Solitons and Fractals 42 (3) (2009) 1745.[8] H.J. Liu, X.Y. Wang., Computers and Mathematics with Applications 59 (10)
(2010) 3320.[9] Q. Guo., Z.G. Liu., S.T. Liu, Optics and Lasers in Engineering 48 (12) (2010)
1174.