A METHOD FOR IMAGE ENCRYPTION BASED ON FRACTIONAL-ORDER HYPERCHAOTIC SYSTEMS ∗

By using sequences generated from fractional-order hyperchaotic systems, a color image encryption scheme is investigated. Firstly, a plain image, which is known to users in advance, is chosen as a secret key to confuse the original image. Then, the confused image is encrypted by the sequences generated from the fractional-order hyperchaotic systems. With this simple encryption method, we can get an encrypted image that is fully scrambled and diffused. For chaos-based image cryptosystems, this encryption scheme enhances the security and improves the effectiveness. Furthermore, the cryptosystem resists the differential attack. Experiments show that the algorithm is suitable for image encryption, and some statistical tests are provided to show the high security in the end.


Introduction
Chaos is a very interesting phenomenon in nonlinear science, thanks to its sensitivity to initial values and parameters. In 1963, the chaotic Lorenz system was proposed, then many chaotic systems and hyperchaotic systems were investigated by scholars, such as the Rössler system, Lü system, Chen system, high-dimensional hyperchaotic systems, and multi-wing hyperchaotic systems [6,7,17]. In recent years, chaos-based encryption has attracted much attention due to its potential advantage of good confusion and diffusion properties in commercial, military and medical applications.
Methods of chaos-based image encryption have been widely studied in the past. As we know, the ciphered images should be greatly different from the original images, for example, the pixel values are changed pseudo-randomly and the correlation coefficient drops near to zero. Determining whether a system can have good resistance to attacks, it can be measured by means of NPCR (number of pixels change rate) and UACI (unified average changing intensity) [1]. One of the key points in image encryption is to change the positions or pixel values based on some lowdimensional chaotic systems, such as the cat map and the logistic map, which are used to generate pseudo-random sequences. Accordingly, encryption based on hyperchaotic systems will be a typical and useful method due to its good results. Mazloom et al. [10] proposed a novel chaos-based image encryption algorithm to encrypt color images by using a coupled nonlinear chaotic map. For getting higher security and higher complexity, they employ the image size and color components into the cryptosystem, thereby significantly increasing the resistance to known and chosen plaintext attacks. Liu and Wang [8] designed a triple color image encryption scheme based on chaos where the Lorenz system was employed to generate four pseudo-random sequences, and the 256-bit hash value came from three images was applied to produce the initial values and parameters for the Lorenz system. In [15], a new color image encryption algorithm was investigated based on the chaotic sequences generated from two fractional-order hyperchaotic systems.
However, recent cryptanalysis works have demonstrated that some chaos-based image cryptosystems are insecure against various attacks, and have been broken easily [9,13]. The weaknesses in these insecure algorithms include insensitiveness to the changes of the plain image and weak secret keys. Compared to integerorder chaotic systems, the dynamics of fractional-order chaotic systems are more complex, because fractional derivatives have complex geometrical interpretation for their nonlocal character and high nonlinearity [12,15]. In addition, the derivative order of fractional-order chaotic systems can be used as secret keys. Based on a combination of fractional-order hyperchaotic systems, we propose a method of image encryption in this paper.
Specially, a plain image is employed to scramble the pixel values of the original image. Then, the scrambled image is encrypted once again by using sequences generated from the combination of fractional-order hyperchaotic systems. Similarly, the decryption algorithm is the reverse of the encryption. The encrypted image can be deciphered successfully when the user obtains the correct keys. In the end, the results of several experiments show that the scheme of image encryption is effective, and some security tests are provided to show its high security for image encryption and transmission.
The paper is organized as follows. In Section 2, the definition of fractionalorder derivative and some fractional-order hyperchaotic systems are introduced. The proposed encryption scheme is investigated in Section 3. Experimental results are performed in Section 4. Some security analyses are performed and discussed in Section 5. Finally, Conclusions are drawn in Section 6.

Systems description
In general, hyperchaotic systems have more complex behavior. So, fractionalorder hyperchaotic systems are employed to design the cryptosystem. Riemann-Liouville definition and the predictor-corrector algorithm are used in computing the fractional-order differential equations. There are several definitions of fractional derivatives [3,11], and the Riemann-Liouville definition is given by where Γ(•) is the gamma function, and Γ(z) = The fractional-order hyperchaotic Lü, Lorenz and Chen systems are combined to generate pseudo-random sequences. In this subsection, they will be described separately. The hyperchaotic Lü equation can be described as follows [2]:  Similarly, the fractional-order hyperchaotic Lorenz system is given by where a 2 = 10, b 2 = 8/3, c 2 = 28, d 2 = −1, β = 0.95, and system (2.2) exhibits a hyperchaotic behavior, as described in [16]. Furthermore, the fractional-order hyperchaotic Chen system is in the form of and, when a 3 = 35, b 3 = 7, c 3 = 12, d 3 = 0.5, γ = 0.95, it has a hyperchaotic attractor [4].

Generation of the variable initial values and parameters
Chaotic systems are sensitive to the initial values and parameters. In order to improve the security of a designed scheme, the key point is to keep the initial values dynamic, which associates to the original image. SHA-256 is a widely used cryptographic hash function with 256-bit hash value in cryptography [8]. The 256-bit hash value generated from the original image is divided into 8-bit blocks k i (i = 1, 2, . . . , 32), so they are used to regenerate the initial values and parameters. For example, the new initial values and parameters are given as follows: are the new initial values and parameters, respectively.

Design of the encryption scheme
In this subsection, a color image encryption scheme is investigated. A color image could be decomposed into three colors (RGB). Assume that the image size is w × h and the value of each pixel is an integer in the interval [0, 255].
First, a plain image ('I') is employed to scramble the original image ('O') by the exclusive OR operation instead of encrypting an image using a chaotic sequences directly. The detailed encryption algorithm is described as follows: Step 1. There are a variety of options on image ('I'), but it must be different from the image ('O'), where the size of images ('I') is also w × h. Image ('I') can be converted into I R , I G , I B , so the size of matrix ('I R , I G , I B ') is w × h too. Therefore, the image ('I') is used to scramble the pixel values of image ('O'). The encryption procedure is according to the formula where i = 1, 2, . . . , w; j = 1, 2, . . . , h, and ⊕ is the exclusive OR operator. After the operations of 'XOR' and 'mod', all the pixel values of image ('O') are changed, therefore we get a scrambled image ('P ').
Step 2. We need to generate the pseudo-random sequences from hyperchaotic systems by using the initial values and parameters in (2.1)(2.2)(2.3). The corresponding pseudo-random sequences are shown as follows: where k = 1, 2, 3, n = w × h + l, and w, h stand for the width and height of image respectively, and l is the discarded former values of each sequence.
Step 3. The pseudo-random sequences generated from the fractional-order hyperchaotic Lü system are preprocessed according to formula Similarly, the pseudo-random sequences generated from the fractional-order hyperchaotic Lorenz and Chen systems are preprocessed according to the formula (3.3), therefore, we get random sequences X 2 , Y 2 , Z 2 , W 2 and X 3 , Y 3 , Z 3 , W 3 , which have good stochastic properties.
Step 4. From Step 3, we can now obtain a random sequence via a combination of the random sequences. Select any three random sequences from X 1 , Y 1 , Z 1 , W 1 , X 2 ,Y 2 ,Z 2 ,W 2 and X 3 ,Y 3 ,Z 3 ,W 3 , and combine them into new sequences C 1 ,C 2 ,C 3 . For instance, one combination is given by , respectively, whose sizes are also w × h.
Step 5. Modify the pixel values for RGB color components of the image ('P ') by the formulas

Remark 3.1.
For the initial values of fractional-order hyperchaotic systems, they are usually set by the user. In Subsection 3.1, SHA-256-bit hash function is employed to generate new initial values, which are unique. Therefore, the secret key is dynamic and relates to the original image. Accordingly, the proposed scheme has a good effect on resisting the differential attack.

Remark 3.2.
The fractional-order hyperchaotic systems are used to produce four pseudo-random sequences. However, the color image has three RGB colors. So, we only need to choose any three sequences generated from X k , Y k , Z k , W k (k = 1, 2, 3). From the perspective of cryptography, this would expand the key space of the scheme.

Design of the decryption scheme
At the receiver side, the image ('P ′ ') is decrypted by the same pseudo-random sequences generated from a combination of fractional-order Lü, Lorenz and Chen hyperchaotic system. The decryption procedure is similar to the encryption process, with the reversed order, and the decryption procedure consists of the following two steps: Step 1. We need to get a correct key including initial values and parameters, and use it to generate pseudo-random sequences from the combined fractional-order hyperchaotic systems. According to the encryption steps, reprocess the pseudosequences, then decipher the image ('P ′ '). Thus, we get the deciphered image ('P ').
Step 2. The plain image ('I') is known, so the original image ('O') can be recovered according to the reverse algorithm of the encryption in Step 1 if the secret key is correct. However, it can not be deciphered correctly if initial values or parameters are incorrect. More about security analyses and key sensitivities will be discussed in Section 5.

Experimental results
This experiment is based on the platform of Matlab R2011a, and the results of simulations show the feasibility of the proposed scheme. The variables initial values of the fractional-order hyperchaotic Lü system are set by  Figure 3 respectively, whose sizes are set as 300 × 300.
In Step 1, the image 'Lena.bmp' is confused as shown in Figure 4(a), which is blurred and confused. Then, the image 'P ' is also encrypted as described in the previously encryption Steps 2-5. Finally, we get the resulting encrypted image. The resulting encrypted images and histograms are shown in Figure 4. Without any encryption, the image histograms are different and uneven. However, after the encryption of Steps 2-5, the histogram becomes much evenly as shown in Figure 4 (d).

Security analyses
Here, several security tests are employed to verify the effectiveness of the new image encryption scheme.

Key space analysis
The high sensitiveness to initial conditions and parameters has a significant advantage in secure communications. It would provide a large enough key space against the brute force attacks. In this encryption algorithm, system initial values, parameters values, derivative order of the fractional-order hyperchaotic systems, and the plain image ('I') are secret keys. For the initial conditions x 2 0 , y 2 0 , z 2 0 , w 2 0 of the hyperchaotic Lorenz system, if the precision is 10 −14 , the key space size will be 10 56 . In our scheme, the initial values key space size is above 10 14×4×3 , the parameter key space size is above 10 14×3 , and the derivative order can also create a larger key space. So, the total key space is more than S ≈ 10 14×4×3 = 10 210 , which is large enough to resist brute-force attacks.

Key sensitivity analyses
We know that the secret key sensitivity play a decisive role on the key space, so the high sensitiveness of initial values will enlarge the key space and improve the security of the encryption scheme. One mismatch digit of initial values is used to decipher the encrypted image, for instance, using the initial value x 1 0 = 1.21570000000001, which is a little bigger than x 1 0 = 1.2157, and the other initial values keep matched. The deciphered image is shown in Figure 5 (a), from which one couldn't find any useful information. Therefore, if the secret keys value is changed a little, then the decrypted image is absolutely different from the original image. Meanwhile, if one of the initial values x i 0 , y i 0 , z i 0 , w i 0 (i = 1, 2, 3) is mismatched, then the deciphered image is blurred such that one can't get any useful information.
Similarly, choose one parameter, whose value is a little bigger than the standard parameters of equations (2.1) (2.2) (2.3), such as a = 35.00000000000001, while the others keep matched. Simulations show that the original images couldn't be recovered by using a wrong secret key, and Figure 5 (b) is an example for the results. In addition, if the order α = 0.96, the recovered image shown in Figure 5(c) is blurred too.  The differences between the corresponding ciphered images are computed and given in Table 1. The results obviously demonstrate that the ciphered images exhibit no similarity and there isn't significant correlation that could be observed from the differential images.
(a) Incorrect initial value (b) Incorrect parameter (c) Incorrect derivative order

Differential attack
A good secure communication should resist all kinds of attacks, such as differential attack. The criteria of NPCR and UACI are used to examine the encryption scheme in resisting the differential attack. The formulae of calculating NPCR and UACI are given as follows [1]: where W and H represent the width and height of the image, C 0 (i, j) and C 1 ′ (i, j) are respectively the ciphered image before and after one pixel of the plain image is changed, and D(i, j) are defined by: The test results are shown in Table 2. From Figure 4(b), the NPCR is over 99% and the average UACI is over 33%, so the encryption scheme is very sensitive with respect to the little change in the plain image. In our scheme, a simple plain image ('I') is employed to scramble the pixel values of the original image. Compared with the NPCR, to some extent, the effects of encryption are better than the method proposed by Hussain et al. [5]. Although the images used in this scheme are different from other references, test results may be largely identical with only minor differences.

Statistical analysis
The correlation coefficients of images can be used to measure the effectiveness of an encryption algorithm. In order to calculate the correlation coefficient of two Ave. Figure 4(a) 0.0017 0.0008 0.0015 0.0013 0.0004 0.0004 0.0004 0.0004 Figure 4( Table 3 shows the correlation coefficients of the original image ('O') and the ciphered image ('P '). The correlation coefficients of the original image are nearly 1, implying that the image has good relevancy. After encryption, the correlation coefficients are close to zero, implying that the ciphered image has been well encrypted.

Information entropy
In 1949, Shannon firstly introduced the information entropy, which was a mathematical property that reflects the randomness and the unpredictability of an information source [14]. The entropy of information H(s) is defined as where s is the source, N is the number of bits to represent the symbol s i , and P (s i ) is the probability of the symbol s i . For a truly random source consisting of 2 N symbols, the entropy is N . Therefore, for an effective cryptosystem, the entropy of the ciphered image with 256 gray levels should ideally be 8. The information entropies are calculated and listed in Table 4.
From Table 4, where three different images are chosen as test objects, the results show that the information entropies could approach the theoretical value 8. So, information leakage in the encryption procedure could be negligible and the proposed algorithm is secure against entropy analysis.

Conclusions
In this paper, an image encryption method is proposed. The original image is scrambled by using a known image. Then, image is encrypted once again by the pseudorandom sequences generated from the combined fractional-order hyperchaotic systems. Experiments demonstrate that the scheme is suitable for image encryption with the same size in batches. Some security tests are discussed to show the effectiveness of the new scheme. The key space is large enough to resist brute force attacks. For chaos-based secure communications, in the future, we will investigate some better algorithms and use other high-dimensional hyperchaotic systems.