A novel image encryption scheme based on memristive chaotic system and combining bidirectional bit-level cyclic shift and dynamic DNA-level diffusion

1 Introduction

In 1971, Professor Chua first hypothesized the memristor concept [1]. A memristor is a passive two-terminal electronic element that describes the relationship between charge and flux. Due to the nonlinearity of the memristor, it is easy to cause the chaotic phenomenon in the circuit and enhance the complexity of the chaotic system [2]. It was not until 2008 that HP Labs reported the first physical implementation of a memristor [3]. The invention of the memristor has further stimulated researchers’ interest in the application of chaotic systems. Numerous memristive chaotic systems have so far been introduced [4–6]. The most notable distinction between memristive chaotic systems and conventional dynamical systems is that the former’s long-term dynamical behavior heavily depends on the memristor’s initial state, which results in the dynamic phenomenon of coexisting attractors [7–9]. As a result, this feature will offer sufficient pattern selectivity in encrypted secret communication.

As one of the important carriers of information, images are widely transmitted and stored over the Internet. Thus, the privacy and security of image information are receiving more and more attention [10–16]. Different from text, an image has bulk data capacity, and the adjacent pixels have a strong correlation. When an image is encrypted with the traditional encryption methods, the encryption performance is not ideal. In recent years, various encryption schemes for image information have been proposed, and the image encryption scheme based on chaos has been widely discussed due to the pseudo-randomness, highly sensitive to initial conditions, and ergodicity of chaotic systems [17–24]. A chaos-based image cryptosystem generally adopts the structure of permutation and diffusion. Recently, bit-level permutation has gradually replaced pixel-level permutation [25–29], owing to the latter disturbs the pixel position of an image, but does not change the statistical characteristics. Zhu et al. [27] proposed chaos-based image encryption using a bit-level permutation. In 2017, Li et al. [28] proposed a hyper-chaos-based image encryption algorithm, the pixel-level permutation and bit-level permutation are utilized to strengthen the security of the cryptosystem. In 2018, Teng et al. [29] employed bit-level permutation in a chaotic color image encryption. The bit-level permutation can not only change the position of the pixels but also change their value. Therefore, image encryption algorithms that adopt bit-level permutations may possess a high security level. Meanwhile, image encryption schemes based on DNA complementary rules have been proposed continuously [30–34]. Zhang et al. [30] proposed an image fusion encryption algorithm based on DNA sequence operations and combined hyper-chaotic maps. In [31], Chai et al. presented an image encryption algorithm using DNA sequence operations and a 2D Logistic chaotic system. Moreover, a new color image encryption scheme based on a four-wing hyperchaotic system and dynamic DNA encoding was proposed in [33]. In these studies, image encryption schemes based on DNA technology showed high security, and DNA technology possesses other advantages such as working in parallel and having ultra-low power consumption.

While the research on image encryption continues to advance, there are also many researchers engaged in cryptanalysis work that is connected to image encryption [26, 35–42]. After their analysis and evaluation, some image encryption schemes are confirmed to be not as secure as they claim and have some rationality and practicality problems. Specifically, the representative problems with the current image encryption schemes are as follows:

• 1. The employed chaotic systems have distinguishing characteristics, such as limited chaotic range and uneven trajectory distribution.

• 2. Some schemes’ secret key designs are irrational, necessitating the replacement of the secret key each time a new image is encrypted. When there are a lot of images to be encrypted, such designs are impractical.

• 3. The hash value of the plaintext image is utilized inappropriately. When encrypting different images, such designs necessitate the generation of chaotic sequences on a constant basis, thus resulting in low encryption efficiency.

• 4. The entire encryption process of some schemes is independent of the plaintext image, making them difficult to effectively resist plaintext attacks.

In this paper, to address the problems of existing image encryption schemes, a novel image encryption scheme based on a memristive chaotic system and combining bidirectional bit-level cyclic shift and dynamic DNA-level diffusion (IES-M-BD) is proposed. The following is a summary of the novelties and contributions of our proposed scheme.

• 1. A memristive chaotic system with excellent chaotic performance and uniform trajectory distribution is adopted to generate chaotic sequences.

• 2. Our proposed IES-M-BD is designed to exploit a more reasonable binary sequence as the secret key, and does not need to change the secret key when encrypting different images.

• 3. A bidirectional bit-level cyclic shift operation is designed, which can realize permutation and confusion at the same time.

• 4. In IES-M-BD, the hash value of the plaintext image is utilized to affect the cyclic shift and DNA-level diffusion operations. Thus, the plaintext sensitivity of IES-M-BD is ensured.

• 5. A novel DNA sequence operation design, including dynamic column-level DNA encoding, dynamic DNA-level diffusion, DNA-level permutation, and dynamic column-level DNA decoding, not only improves the encryption efficiency, but also ensures the security of IES-M-BD.

The rest of this paper is organized as follows. In Section 2, the preliminaries are introduced. In Section 3, we describe IES-M-BD in detail. In Section 4, the simulation tests and security analyses are presented. Finally, the conclusions are drawn in Section 5.

2 Preliminaries

In this section, we briefly introduce the adopted discrete memristive chaotic system, the SHA-256 hash value of the plaintext image, and the DNA Sequence operation.

2.1 Memristive chaotic system

A 3D chaotic map with discrete memristor is adopted to generate pseudo random sequences for bit-level cyclic shift and dynamic DNA-level diffusion. Based on the discrete HP memristor model, this chaotic map is derived from the sine map and an iterative chaotic map with infinite collapse [5], which is defined as:

where x, y, and z represent the system states variables, α, γ, ω are amplitude, internal perturbation, and angular frequency, β is a system parameter evolved from HP memristor model. Here ω is set to π. Set α = 2, β = 3, γ = 3, and the initial state values (x₀, y₀, z₀) = (0.3, 0.5, 1), one can get the attractors presented in Figure 1. Addtionally, the bifurcation diagrams and Lyapunov exponential spectrums are shown in Figure 2 and Figure 3, respectively.

FIGURE 1. The phase diagrams with parameters a = 2, b = 3 and c = 3: (A) x-y plane; (B) x-z plane; (C) y-z plane.

FIGURE 2. Bifurcation diagrams: (A) 2 < a < 10; (B) 2 < b < 10; (C) 2 < c < 10.

FIGURE 3. Lyapunov exponent spectrums: (A) 2 < a < 10; (B) 2 < b < 10; (C) 2 < c < 10.

When $a\in \left[\mathrm{2,10}\right],b\in \left[\mathrm{2,10}\right],c\in \left[\mathrm{2,10}\right]$, this system is in chaotic state. There is at least one Lyapunov exponent always positive in Figure 3, which can verify that the system is chaotic. Figure 2 shows the bifurcation diagrams of this system, where the ranges are (a, b, c) ∈ [2, 10] with an increment step of Δa = 0.1, Δb = 0.1, Δc = 0.1. The bifurcation diagrams demonstrate that the chaotic system has complex dynamic characteristics, and the chaotic trajectories are widely distributed and relatively uniform. These characteristics make this discrete memristive chaotic system very suitable for image encryption.

2.2 SHA-256 hash value

SHA-256 is one of the most widely used hash algorithms in the world, it can convert image data into a 256-bit hash value. The hash value will change dramatically if one make any minor change to the image. SHA-256 is often used in encryption schemes to enhance their sensitivity to the plaintext image. In IES-M-BD, the hash value of the plaintext image is adopted to affect the cyclic shift and DNA-level diffusion operations. Thus, the plaintext sensitivity of IES-M-BD is enhanced. Even if the plaintext image only changes by one pixel bit, the encrypted image will be completely different. In this paper, we denote the hash value of the plaintext image as H⁽¹⁾ = b₁b₂ … b₃₂, and let

where b_i (i = 1, 2, … , 32) represents the ith byte consisting of eight consecutive bits in H⁽¹⁾, and ⊕ represents the bitwise XOR operation.

2.3 DNA sequence operation

Each DNA sequence has four types of nucleic acid bases, which are Adenine (A), Thymine (T), Cytosine (C), and Guanine (G). These four nucleic acid bases follow the principle of complementary, where A and T, C and G are complementary pairs. Each nucleic acid base is encoded by a 2-bit binary code. So, there are types of encoding rules, but only eight of them can satisfy the complementary rule, which are shown in Table 1.

TABLE 1. Binary coding rules for DNA sequences.

For an 8-bit gray image, each pixel can be encoded as a DNA sequence, whose length is 4. For example, a pixel value of 28 in a gray image, as shown in Figure 4, expressed as a binary number of 00011100, which can be encoded to a DNA sequence AGTA by DNA encoding Rule 1. Moreover, the addition, subtraction, and XOR operations of DNA sequences are similar to traditional binary addition, subtraction, and XOR operations. Corresponding to the eight types of DNA encoding rules, there are eight types of addition, subtraction, and XOR operations for DNA sequences.

FIGURE 4. An example of DNA encoding: (A) Pixel matrix; (B) Binary matrix; (C) DNA base matrix.

3 Proposed encryption scheme

As a symmetrical image encryption scheme, IES-M-BD mainly consists of seven encryption steps. These encryption steps are Generation of Chaotic Sequences, Bidirectional Bit-level Cyclic Shift, Merging of Bit Planes, Dynamic Column-level DNA Encoding, Dynamic DNA-level Diffusion, DNA-level Permutation, and Dynamic Column-level DNA Decoding, respectively, as shown in Figure 5. In this section, we will describe each encryption step one by one.

FIGURE 5. Encryption flow chart of IES-M-BD.

3.1 Generation of chaotic sequences

In this section, we will describe in detail the process of generating chaotic sequences using the secret key and memristive chaotic system. The process mainly consists of three steps as shown below. In this paper, unless otherwise specified, we all assume that the size of the plaintext image that needs to be encrypted is M × N.

• Step 1: Convert the secret key K into the control parameters (α, β, γ) and initial state values (x₀, y₀, z₀) of the memristive chaotic system. In IES-M-BD, K is a binary sequence with a length of 312 bits, that is, K = a₁a₂ … a₃₁₂. The specific conversion method is as follows.

• Step 2: Iterate the memristive chaotic system M × N + H⁽²⁾ times with the chaotic system parameters obtained in the previous step. Discard the system state values obtained in the previous H⁽²⁾ iterations, and save the remaining system state values as chaotic sequences X = {x₁, x₂, … x_M×N}, Y = {y₁, y₂, … y_M×N}, and Z = {z₁, z₂, … z_M×N}.

• Step 3: Further process X, Y, Z to obtain six chaotic sequences S⁽¹⁾, S⁽²⁾, S⁽³⁾, S⁽⁴⁾, S⁽⁵⁾, S⁽⁶⁾that needs to be used in the subsequent encryption steps. The specific processing method is as follows.

where i = H⁽²⁾ + 1, H⁽²⁾ + 2, … , H⁽²⁾ + M, $⌊•⌋$ returns the integer part of an operand, $\left|•\right|$ returns the absolute value of an operand.

where i = H⁽³⁾ + 1, H⁽³⁾ + 2, … , H⁽³⁾ + N × 8.

where i = 1, 2, … , M × N.

where i = 1, 2, … , M × N.

where i = 1, 2, … , M × N.

3.2 Bidirectional bit-level cyclic shift

For a gray image, the brightness of each pixel is an integer number ranging from 0 to 255, where 0 means completely black. Thus, the brightness could be transformed into an 8-bit binary value. So, an image of size M × N can be converted to a M × (N × 8) binary matrix. In IES-M-BD, we adopt the bit-level permutation to scramble the positions of these binary values. The bit-level permutation uses row cyclic shift and column cyclic shift, so we call it Bidirectional Bit-level Cyclic Shift (BBCS). For example, as shown in Figure 6, an initial matrix of size 4 × 4 was transformed into a 4 × 32 binary matrix, then each row of the binary matrix was operated by row cyclic shift in turn. The value of row cyclic shift was obtained by the chaotic sequence S⁽¹⁾ and the hash value H⁽¹⁾. The next step was to perform a similar column cyclic shift. Finally, a matrix after BBCS was obtained. Specifically, the BBCS of IES-M-BD can be subdivided into the following steps.

• Step 1: Convert the plaintext image P into the binary matrix B of size M × (N × 8).

• Step 2: Initialize a column vector μ of length M, and let

where mean (•) returns the average value of the elements in an operand, min (•) returns the minimum value of the elements in an operand, and max (•) returns the maximum value of the elements in an operand. Then, use μ(1) to perform a cyclic shift operation on the first row of B.

• Step 3: Perform a cyclic shift operation on the remaining rows of B row by row. That is, for the ith row of B, let

where i = 2, 3, … , M, and t^(r) = (S^{(1) (}i) mod 32) + 1. Then, use μ(i) to perform a cyclic shift operation on the ith row of B.

• Step 4: Initialize a row vector υ of length N × 8, and let

Then, use υ(1) to perform a cyclic shift operation on the first column of B.

• Step 5: Perform a cyclic shift operation on the remaining columns of B column by column. That is, for the ith column of B, let

where i = 2, 3, … , N × 8, and t^(c) = (S^{(2) (}i) mod 32) + 1. Then, use υ(i) to perform a cyclic shift operation on the ith column of B.

FIGURE 6. BBCS of IES-M-D.

As can be seen from Figure 6, BBCS not only disorganizes the position of pixels in one image, but also changes the value of each pixel. As a result, this bit-level permutation has the function of both permutation and confusion.

3.3 Merging of bit planes

As mentioned in Section 3.2, after the processing of BBCS, the plaintext image P will become the binary matrix B of size M × (N × 8). Logically, B consists of 8 bit planes B⁽¹⁾, B⁽²⁾, B⁽³⁾, B⁽⁴⁾, B⁽⁵⁾, B⁽⁶⁾, B⁽⁷⁾, and B⁽⁸⁾. Next, merge the 8 bit planes in pairs to obtain the four quaternary matrices Q⁽¹⁾, Q⁽²⁾, Q⁽³⁾, and Q⁽⁴⁾, as shown in Figure 7.

FIGURE 7. An example of merging bit planes.

Specifically, Q⁽¹⁾ is obtained by merging B⁽¹⁾ and B⁽²⁾, Q⁽²⁾ is obtained by merging B⁽³⁾ and B⁽⁴⁾, Q⁽³⁾ is obtained by merging B⁽⁵⁾ and B⁽⁶⁾, and Q⁽⁴⁾ is obtained by merging B⁽⁷⁾ and B⁽⁸⁾. In this way, after the above processing, a quaternary matrix Q with the size of M × (N × 4) can actually be obtained.

3.4 Dynamic column-level DNA encoding

Compared with the DNA encoding method in which the encoding rule remains unchanged, the dynamic DNA encoding that constantly changes the encoding rule during the encoding process can achieve better encryption effects [32, 34]. In addition, different from the previous element-by-element encoding method, in order to improve the encryption efficiency, IES-M-BD adopts the column-level dynamic encoding method. Specifically, this encryption step can be further subdivided into the following steps.

• Step 1: Reshape the chaotic sequences S⁽³⁾ and S⁽⁴⁾ obtained in Section 3.1 into the matrices of size M × N. Then, the DNA encoding rules are generated in groups of four columns, as shown below.

where R^(E) is the obtained DNA encoding rule matrix whose size is M × (N × 4), and j = 1, 2, … , N.

• Step 2: According to R^(E) obtained in the previous step, the dynamic DNA encoding of Q is performed in column units, so as to get the DNA base matrix D^(C) of size M × (N × 4).

• Step 3: Reshape the chaotic sequence S⁽⁵⁾ obtained in Section 3.1 into the matrix of size M × N, and then utilize R^(E) to encode it into the chaotic DNA base matrix D^(S) of size M × (N × 4) in the same way as in Step 2.

• Step 4: Using the Nth column of the DNA base matrix D^(C), the first column of the chaotic matrices S⁽³⁾, S⁽⁴⁾, S⁽⁵⁾, and the hash value parameters H⁽²⁾ and H⁽³⁾, generate a column vector

of size M × 1. Then, encode V as a column vector D^(V)of DNA bases with the first column of R^(E).

3.5 Dynamic DNA-level diffusion

According to Shannon’s suggestion, a secure cryptosystem should not only meet confusion requirements, but also diffusion requirements. Therefore, IES-M-BD further performs DNA-level diffusion operations on D^C to ensure that the diffusion requirements can be met. Likewise, in order to improve encryption efficiency, the diffusion operation here is performed in units of columns. Besides, to ensure extremely high plaintext sensitivity, we introduce H⁽¹⁾, H⁽²⁾ and an iterative structure during the encryption process. Specifically, the dynamic DNA-level diffusion of IES-M-BD can be further subdivided into two steps.

• Step 1: Diffuse the first four columns of D^(C), so as to get the first four columns of the diffusion result matrix C⁽¹⁾, as shown below.

where ⊕, ⊙, and ⊗ represent DNA addtion, DNA substraction and DNA XOR operations, respectively.

• Step 2: Sequentially diffuse the fifth to Nth column of D^(C) in order to get the entire C⁽¹⁾. The specific diffusion method is as follows.

where j = 2, 3, … , 4 × M × N.

3.6 DNA-level permutation

As mentioned in Section 3.5, in order to improve encryption efficiency, the dynamic DNA-level diffusion of IES-M-BD is a one-way diffusion operation in column units. Obviously, this diffusion method cannot ensure the sufficiency of diffusion. Therefore, IES-M-BD further introduces a DNA-level permutation operation, which together with the dynamic DNA-level diffusion forms a two-round iterative structure, thus ensuring the sufficiency of diffusion. Specifically, the DNA-level permutation of IES-M-BD includes the following steps.

• Step 1: Sort the chaotic sequence S⁽⁶⁾ obtained in Section 3.1, and save the index obtained by sorting as a 1D index row vector I of length 4 × M × N.

• Step 2: Stretching C⁽¹⁾ from a DNA matrix into a DNA sequence of length 4 × M × N.

• Step 3: Initialize a DNA sequence C⁽²⁾ of length 4 × M × N, and let C^{(2) (}i) = C^{(1) (}I(i)), where i = 1, 2, … , 4 × M × N.

• Step 4: Reshape the DNA sequence C⁽²⁾ obtained in the previous step into a matrix of size M × (N × 4).

As shown in Figure 5, after the first round of DNA-level diffusion and permutation operations, IES-M-BD performs another round of such operations. That is, C⁽²⁾ is diffused again to get C⁽³⁾, and then C⁽³⁾ is permutated again to obtain fully diffused C⁽⁴⁾.

3.7 Dynamic column-level DNA decoding

Similar to Section 3.4, the DNA decoding operation of IES-M-BD is also dynamic and column-wise, as shown below.

• Step 1: Taking the matrices S⁽³⁾ and S⁽⁴⁾ obtained in Section 3.4, generate the DNA decoding rules in groups of four columns, as shown below.

where R^(D) is the obtained DNA encoding rule matrix whose size is M × (N × 4), j = 1, 2, … , N, $T^{(1)}=⌊S^{(3)}(:,j)/4⌋$, and $T^{(2)}=⌊S^{(4)}(:,j)/4⌋$.

• Step 2: According to R^(D) obtained in the previous step, the dynamic DNA decoding of C⁽⁴⁾ is performed in column units, so as to obtain the quaternary matrix Q^(D) of size M × (N × 4).

• Step 3: Merge the four 2-bit planes of Q^(D) to obtain the final ciphertext image C^(F) of size M × N.

Since IES-M-BD is an image encryption scheme with a symmetric structure, its decryption process is the reverse process of the encryption process, as shown in Figure 8.

FIGURE 8. Decryption flow chart of IES-M-BD.

4 Simulation tests and performance analysis

In this section, we will perform simulation tests and performance analysis on IES-M-BD. These tests and analyses include encryption and decryption effect test, key space analysis, key sensitivity analysis, differential attack analysis, pixel value distribution test, correlation analysis, information entropy analysis, noise and data loss attack tests, and time analysis. Without loss of generality, when testing and analyzing IES-M-BD, we all use randomly generated secret keys. And the images used in this section are from The USC-SIPI Image Database (http://sipi.usc.edu/database/). In addition, the hardware and software configurations used in this paper is shown in Table 2.

TABLE 2. Software and hardware configurations.

4.1 Effect of encryption and decryption

In order to verify the effect of encryption and decryption, we encrypted some common test images with IES-M-BD, and then decrypted the generated ciphertext images. The relevant test results are shown in Figure 9. It can be seen that the ciphertext images generated by IES-M-BD are very similar to the noise image, and the encryption effect is excellent. In addition, the decrypted image are exactly the same as the original plaintext images without any loss of information, so the decryption effect is also excellent.

FIGURE 9. Encryption and decryption results of IES-M-BD (A1) 7.1.03; (A2) ciphertext of (A1); (A3) decrypted image of (A2); (B1) 5.2.09; (B2) ciphertext of (B1); (B3) decrypted image of (B2); (C1) 5.2.10; (C2) ciphertext of (C1); (C3) decrypted image of (C2); (D1) house; (D2) ciphertext of (D1); (D3) decrypted image of (D2); (E1) 4.2.05; (E2) ciphertext of (E1); (E3) decrypted image of (E2); (F1) 4.2.07; (F2) ciphertext of (F1); (F3) decrypted image of (F2).

4.2 Key space analysis

As we know, an encryption scheme must have a large enough key space to effectively resist brute force attacks. In general, it is believed that the key space of an encryption scheme should be at least greater than 2¹²⁸ [34]. Considering the problems pointed out by some researchers in their cryptanalytic studies [39, 41–43], we define the secret key of IES-M-BD as a binary sequence of 312 bits, that is, K = a₁a₂ … a₃₁₂. Specifically, IES-M-BD uses six sets of bit sequences (52 × 6) in K to generate the control parameters (α, β, γ) and initial state values (x₀, y₀, z₀) of the memristive chaotic system. In this way, the key space of IES-M-BD is 2³¹². Undoubtedly, this size is much larger than the normally required 2¹²⁸. Therefore, IES-M-BD can effectively resist brute force attacks.

4.3 Key sensitivity analysis

A secure image encryption scheme should not only have a large enough key space, but also be extremely sensitive to small changes in the secret key, so as to mask the statistical relationship between the secret key and the ciphertext image [44–47]. In order to test the sensitivity of IES-M-BD to the secret key, we first randomly generated a secret key K_R. The control parameters and initial state values of the memristive chaotic system generated by K_R are shown below.

Next, we sequentially made minimal changes to each set of 52-bit binary sequences in K_R, changing only one binary bit in one set of binary sequences at a time. In this way, we obtained six secret keys with the smallest difference from K_R, namely $K_C^{(1)}$, $K_C^{(2)}$, $K_C^{(3)}$, $K_C^{(4)}$, $K_C^{(5)}$, and $K_C^{(6)}$. Finally, we encrypted the same plaintext image 5.2.09. tiff with these seven secret keys, and calculated the difference image between the resulting ciphertext images. The relevant test results are shown in Figure 10.

FIGURE 10. Key sensitivity test results of IES-M-BD (A1) 5.2.09; (A2) ciphertext image ${\check{C}}_R$ obtained by K_R; (B1) ciphertext image ${\check{C}}_C^{(1)}$ obtained by $K_C^{(1)}$; (B2) ciphertext image ${\check{C}}_C^{(2)}$ obtained by $K_C^{(2)}$; (B3) ciphertext image ${\check{C}}_C^{(3)}$ obtained by $K_C^{(3)}$; (B4) ciphertext image ${\check{C}}_C^{(4)}$ obtained by $K_C^{(4)}$; (B5) ciphertext image ${\check{C}}_C^{(5)}$ obtained by $K_C^{(5)}$; (B6) ciphertext image ${\check{C}}_C^{(6)}$ obtained by $K_C^{(6)}$; (C1) difference image between ${\check{C}}_R$ and ${\check{C}}_C^{(1)}$; (C2) difference image between ${\check{C}}_R$ and ${\check{C}}_C^{(2)}$; (C3) difference image between ${\check{C}}_R$ and ${\check{C}}_C^{(3)}$; (C4) difference image between ${\check{C}}_R$ and ${\check{C}}_C^{(4)}$; (C5) difference image between ${\check{C}}_R$ and ${\check{C}}_C^{(5)}$; (C6) difference image between ${\check{C}}_R$ and ${\check{C}}_C^{(6)}$.

As one can see from Figure 10, the ciphertext image will change dramatically even with only minimal changes to the secret key. Consequently, IES-M-BD has extremely high key sensitivity.

4.4 Differential attack analysis

As one know, various differential attacks including chosen-plaintext attack and known-plaintext attack are the most common attack methods for attackers. In order to effectively resist differential attacks, an encryption scheme must have extremely high sensitivity to the plaintext image. This means that even if only a very small change occurs in the plaintext image, the ciphertext image generated by this encryption scheme should change extremely significantly. In this paper, many differential attack tests are performed on IES-M-BD using randomly generated secret keys, and the relevant test results are shown in Figure 11.

FIGURE 11. Differential attack test results of IES-M-BD (A1) 7.1.03; (A2) ciphertext of (A1); (A3) 1 bit of the pixel at (256,256) in (A1) is changed; (A4) ciphertext of (A3); (A5) difference image between (A2) and (A4); (B1) boat.512; (B2) ciphertext of (B1); (B3) 1 bit of the pixel at (512,512) in (B1) is changed; (B4) ciphertext of (B3); (B5) difference image between (B2) and (B4).

According to the test results, even if the plaintext image has only a small change of 1 bit, the ciphertext image generated by IES-M-BD has changed completely. The difference image between the ciphertext images before and after the change is similar to the ordinary ciphertext image and the noise image. Besides, this significant change is independent of the location of changed pixel bits. Consequently, IES-M-BD has excellent ability to resist differential attacks.

In addition, we also utilize the number of pixel change ratio (NPCR) and unified average change in intensity (UACI) to further evaluate the ability of IES-M-BD to resist differential attacks, as shown in Table 3. Mathematically, these two metrics can be defined as follows.

where I₁, I₂ are two images, each of them has the size of M × N. According to the test results in Table 3 and the comparison with the other three encryption schemes, one can know that the test results of IES-M-BD are the closest to the ideal value and have very high stability. Therefore, IES-M-BD does have excellent resistance to differential attacks.

TABLE 3. NPCR and UACI test results of IES-M-BD and other image encryption schemes.

4.5 Pixel value distribution

The uniformity of the pixel value distribution of the ciphertext image is also an important aspect to measure the security of an encryption scheme, because it is related to whether it can effectively resist statistical attacks. In order to verify the ability of IES-M-BD to resist statistical attacks, we have drawn some histograms of the plaintext images and the ciphertext images generated by IES-M-BD respectively, as shown in Figure 12. It can be seen that in these ciphertext images, the pixel distribution features in the plaintext images have been completely eliminated, and one cannot perceive any relevant features.

FIGURE 12. Histograms of plaintext images and corresponding ciphertext images (A1) 5.2.08; (A2) ciphertext of 5.2.08; (B1) 5.2.09; (B2) ciphertext of 5.2.09; (C1) 5.2.10; (C2) ciphertext of 5.2.08; (D1) 7.1.03; (D2) ciphertext of 7.1.03; (E1) 7.1.04; (E2) ciphertext of 7.1.04; (F1) 7.1.05; (F2) ciphertext of 7.1.05.

In addition to drawing histograms, one can also quantitatively analyze the pixel distribution uniformity of ciphertext images through the chi-square test [50]. The chi-square test can be defined as follows.

where n_i is the number of pixels whose value is i − 1, M × N is the size of the cipher image, k is the number of all possible pixel values (k = 256 for grayscale images), and p = 1/k. Next, one can calculate the critical value of the chi-square test at the significant level α = 0.05. When the chi-square value of a cipher image is less than the critical value, it is considered to have passed the chi-square test. From the test results shown in Table 4, all ciphertext images generated by IES-M-BD have passed the chi-square test. This means that IES-M-BD does have excellent resistance to statistical attacks.

TABLE 4. Chi-square test results of IES-M-BD.

4.6 Correlation analysis

There is a high correlation between adjacent pixels of the plaintext images in each direction, as shown in the first row of Figure 13. Therefore, a secure image encryption scheme should be able to effectively remove such correlations. Since pixel-level cyclic shift and DNA-level permutation are introduced in the encryption process of IES-M-BD, IES-M-BD can completely eliminate the correlation between adjacent pixels, as shown in the second row of Figure 13.

FIGURE 13. Pixel correlations of 5.2.08 and its ciphertext image generated by IES-M-BD (A1) horizontal direction of 5.2.08; (A2) vertical direction of 5.2.08; (A3) diagonal direction of 5.2.08; (B1) horizontal direction of 5.2.08 ciphertext; (B2) vertical direction of 5.2.08 ciphertext; (B3) diagonal direction of 5.2.08 ciphertext.

In addition, in order to more accurately verify the correlation between adjacent pixels, many researchers use the correlation coefficient (CC) to perform quantitative analysis. Mathematically, we can define CC as follows.

where E(v) and D(v) are the expectation and variance of the grayscale value v, v_x and v_y are the gray values of two adjacent pixels in a certain direction. After calculating the CC values of a large number of plaintext images and some ciphertext images, we found that the CC values of the plaintext images are high, while the CC values of the ciphertext images generated by IES-M-BD are very low, as shown in Table 5. This means that IES-M-BD can indeed significantly eliminate the correlations between adjacent pixels. As shown in Table 6, compared with some recent encryption schemes, the Lena cipher image generated by IES-M-BD demonstrates certain superiority in the correlation of adjacent pixels. It can be seen that the ciphertext image generated by IES-M-BD has the lowest correlations between adjacent pixels in all directions.

TABLE 5. CCs of different plain and cipher images under IES-M-BD.

TABLE 6. CCs of adjacent pixels in Lena cipher images.

4.7 Information entropy analysis

In order to measure the randomness of images generated by encryption schemes, researchers often use information entropy as an evaluation metric. Specifically, we can define information entropy as follows.

where u_x is one of the symbols with a total number of N, and p (u_x) represents the occurrence probability of u_x. If the number of gray levels is 256, then the ideal value of image information entropy is 8. Therefore, the information entropy of an image generated by an encryption scheme is closer to 8, which means less information leakage. Table 7 compares the information entropy values of some plaintext images and the corresponding ciphertext images. After the encryption of IES-M-BD, the information entropy of the image becomes very close to the ideal value, that is, the obtained ciphertext image has excellent randomness. Not only that, IES-M-BD also shows significant advantages compared with other image encryption schemes, as shown in Table 8.

TABLE 7. Information entropy test results of IES-M-BD.

TABLE 8. Test results of five different encryption schemes in terms of information entropy.

Considering the limitation of information entropy, another improved metric, local Shannon entropy (LSE), is proposed to better measure the randomness of ciphertext images [57]. Mathematically, LSE can be defined as follows.

where N represents the number of image blocks, S represents the number of pixels each image block has, o_i represents each image block randomly selected from the measured image, and H (o_i) represents the information entropy of each image block.

According to [57], if the LSE test value of the tested image is between 7.901901305 and 7.903037329, it can be confirmed that the image is random in the sense of LSE. Consequently, we have tested the ciphertext images generated by IES-M-BD, and the specific test results are included in Table 9. According to Table 9, it can be concluded that the test values of IES-M-BD are more stable than that of other schemes, and the pass rate of the LSE test is also higher.

TABLE 9. LSE test results of three image encryption schemes.

4.8 Resistance to noise and data loss

There are two situations that often occur during the transmission of ciphertext images, that is, the transmitted image is contaminated by noise or part of the data is lost. In fact, malicious attackers may also cause these situations to occur. Therefore, an image encryption scheme must be able to resist these attacks in order to be practical. To simulate these noise attacks, we deliberately add salt and pepper noise (SPN) to the ciphertext images generated by IES-M-BD. Figure 14 shows the relevant test results.

FIGURE 14. Noise attack test results of IES-M-BD (A1) ciphertext image of 7.1.02 (A2) contaminated by SPN with density = 0.05; (A3) contaminated by SPN with density = 0.10; (A4) contaminated by SPN with density = 0.15; (B1) decrypted image of (A1); (B2) decrypted image of (A2); (B3) decrypted image of (A3); (B4) decrypted image of (A4); (C1) ciphertext image of 4.2.07 (C2) contaminated by SPN with density = 0.05; (C3) contaminated by SPN with density = 0.10; (C4) contaminated by SPN with density = 0.15; (D1) decrypted image of (C1); (D2) decrypted image of (C2); (D3) decrypted image of (C3); (D4) decrypted image of (C4).

From the test results shown in Figure 14, although these ciphertext images are contaminated by noise, IES-M-BD can still decrypt the images normally. Although the quality of the decrypted image will decrease with the increase of the noise intensity, this does not hinder the transmission of the visual information of the plaintext image.

Similarly, to evaluate the reliability of IES-M-BD under data loss conditions, we intentionally removed some pixels from the ciphertext images. The relevant test results are shown in Figure 15. As one can see, despite the loss of data, IES-M-BD can still decrypt the images normally. That is, the transmission of the visual information of the plaintext image is not significantly affected. Specifically, the more data is lost, the lower the quality of the decrypted image, while IES-M-BD can still maintain high image quality when some pixels are missing.

FIGURE 15. Occlusion attack test results of IES-M-BD (A1) ciphertext of house; (A2) 1/16 data loss at top-left corner; (A3) 1/16 data loss at top-right corner; (A4) 1/16 data loss at bottom-left corner; (A5) 1/16 data loss at bottom-right corner; (B1) decrypted ciphertext of (A1); (B2) decrypted ciphertext of (A2); (B3) decrypted ciphertext of (A3); (B4) decrypted ciphertext of (A4); (B5) decrypted ciphertext of (A5).

4.9 Time analysis

Undoubtedly, in many scenarios of information security application, the encryption efficiency of the cryptographic system is a key factor. Therefore, when designing an image encryption scheme, we should not only consider the security, but also consider the efficiency of the encryption scheme. To this end, we tested IES-M-BD and compared the test results with other encryption schemes, as shown in Table 10. It can be seen that IES-M-BD has higher or comparable encryption efficiency compared with other image encryption schemes. Notably, according to the various analyses above, IES-M-BD is better than the remaining encryption schemes in terms of security. Definitely, in the future, we will also consider further optimization of IES-M-BD to make it more efficient.

TABLE 10. Average times required by different schemes to encrypt some common test images.

5 Conclusion

Aiming at the key problems existing in image encryption, this paper proposes a novel encryption scheme that embraces several innovative designs. Firstly, a discrete memristive chaotic system is exploited to enhance the ergodicity of the generated chaotic sequences. Secondly, the proposed encryption scheme leverages the hash value in a more reasonable way. That is, the proposed image encryption scheme utilizes the hash value to influence the cyclic shift and DNA diffusion operations instead of using it directly as the secret key. Such ingenious design can not only solve the practicability problem brought by the one-time pad secret key design, but also significantly improve the sensitivity of the encryption scheme to the plaintext image. Thirdly, a bidirectional bit-level cyclic shift operation is designed, which can realize permutation and confusion at the same time, thereby further improving the security of the encryption scheme. Finally, the novel DNA sequence operation design, including dynamic column-level DNA encoding, dynamic DNA-level diffusion, DNA-level permutation, and dynamic column-level DNA decoding, not only improves encryption efficiency, but also ensures the security of the proposed encryption scheme once again. In the future, we will continuously optimize this encryption scheme, and extend it to the field of video encryption.

Data availability statement

The original contributions presented in the study are included in the article/supplementary material, further inquiries can be directed to the corresponding author.

Author contributions

JZ and XL provided the idea of algorithm, KQ and ZZ carried out the simulations, arranged the architecture and drafted the manuscript. WF and ZQ supervised the work and revised the manuscript. Both authors read and approved the final manuscript.

Funding

This research was funded by the Research Foundation of Education Bureau of Hunan Province of China (No. 19C0864), the Science and Technology Development Center Project of Chinese Ministry of Education (No. 2021KSA01008), the Project of the Sichuan Higher Education Society of China (No. GJXHXXH21-YB-27), the Guiding Science and Technology Plan Project of Panzhihua City (No. 2020ZD-S-40), and the Doctoral Research Startup Foundation of Panzhihua University (No. 2020DOC019).

Conflict of interest

The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Publisher’s note

All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.

References