A Novel Algorithm for Block Encryption of Digital Image Based on Chaos

Jun Peng School of Electronic Information Engineering

Chongqing University of Science and Technology, Chongqing 401331, China pengjun70@126.com

Du Zhang

Department of Computer Science California State University, Sacramento, CA 95819, USA

zhangd@ecs.csus.edu

Xiaofeng Liao Department of Computer Science and Engineering Chongqing University, Chongqing 400044, China

xfliao@cqu.edu.cn ABSTRACT A novel image block encryption algorithm based on three-dimensional Chen chaotic dynamical system is proposed in this paper. The algorithm works on 32-bit image blocks with a 192-bit secret key. The main idea is that the key is employed to drive the Chen’s system to generate a chaotic sequence that is inputted to a specially designed function G, in which we use new 8x8 S-boxes generated by chaotic maps in (Tang, 2005). In order to improve the robustness against difference cryptanalysis and produce desirable avalanche effect, the function G is iteratively performed several times and its last outputs serve as the keystreams to encrypt the original image block. The design of the encryption algorithm is described in detail, along with the security analyses. The results from key space analysis, differential attack analysis, information entropy analysis, correlation analysis of two adjacent pixels have proven that the proposed algorithm can resist cryptanalytic, statistical and brute force attacks, and achieve higher level of security. Moreover, the algorithm can also be easily employed to realize the security cryptosystems over the Internet. Keywords: Image encryption, Chen chaotic dynamical system, S-Boxes, Security. INTRODUCTION In the last decades, extensive studies have been done in the theory of chaos in different fields such as physics, engineering, biology, and economics (Hao, 1993). Chaos theory consistently plays an active role in modern cryptography. As the basis for developing cryptosystems, the main advantage of the chaos-based approaches lies in the random behavior and sensitivity to the initial conditions and control parameters, hence the study on using chaos theory in information security has attracted great attentions (Chen, 2004; Li, 2005; Peng, 2008; Yang, 2004). The close

relationship has been observed in (Álvarez, 2006; Fridrich, 1998; Kocarev, 2001) between chaotic maps and cryptosystems. In particular, the following connections between them can be established: (1) Ergodicity in chaos vs. confusion in cryptography; (2) Sensitive dependence on initial conditions and control parameters of chaotic maps vs. diffusion property of a good cryptosystem for a slight change in the plaintext and in the secret key; (3) Random-like behavior of deterministic chaotic-dynamics which can be used for generating pseudorandom sequences as key sequences in cryptography.

In recent years, the transmission of digital images over the Internet or personal digital mobile phones has been highly developed. Secure storage and transmission of digital images are becoming critically important. Most traditional ciphers, such as DES, IDEA, and AES are not suitable to conduct the digital image encryption in real time due to large data volume involved. Hence, the main purpose of this paper is to design a new image block encryption algorithm by using non-traditional methods such as chaos theory.

A brief review is in order on existing results of chaos-based encryption scheme. Yen et al. (2000) proposed a chaotic key-based algorithm (CKBA) in which a binary sequence as a key is generated based on a chaotic map. According to the binary sequence, image pixels are rearranged and then XORed with the key. However, as pointed out later in (Li, 2002), this algorithm has some drawbacks: it is vulnerable to the chosen or known-plain-text attack using only one plain image, and its security to brute-force attack is also questionable. Chen et al. (2004) used a 3D Arnolad’s cat map for the purpose of substitution and employed Chen’s chaotic system for generating key streaming and diffusion. A more complex system which combines discrete- and continuous-time chaotic systems has been proposed by Guan et al. (2005). Recently, Tong et al. (2009) presented a new compound two-dimensional chaotic functions design which acted as a chaotic sequence generator, and suggested a feedback image encryption scheme by using the new compound chaos and perturbation technology based on 3D Baker map. At the same time, in (Lian, 2009) the author employed a chaotic neural network (CNN) composed of a chaotic neuron layer and a linear neuron layer to construct a block cipher, in which the chaotic neuron layer realizes data diffusion and the linear neuron layer realizes data confusion, and the two layers are repeated for several times to strengthen the cipher. Obviously, these research results laid a good foundation to the subsequent studies on the chaos-based image encryption algorithm.

Motivated by the aforementioned results, a new image block encryption algorithm based on three-dimensional Chen dynamical system is proposed in this paper. The main novelty of the algorithm can be summarized as follows: (1) the 3D Chen system with complex dynamical behaviors is adapted; (2) within the algorithm, a 192-bit secret key is used to drive the Chen system and the keystreams are generated through iteratively performing a specially designed function G; (3) when designing the function G, we use new 8 8× S-boxes produced by chaotic maps in (Tang, 2005) in order to obtain desirable confusion and diffusion properties. Results of various types of analysis show that the new algorithm is highly secure for practical image encryption applications.

The remaining part of the paper is organized as follows. We first introduce the Chen chaotic system and show its chaotic attractors. The design of the encryption algorithm is then described in details, along with some experiments. Following that are the analyses that address the security performance of the proposed algorithm. Finally, conclusions and future work are drawn. CHAOTIC SYSTEMS

When choosing a chaotic system, we mainly consider the following principles: (i) it can be easily implemented by software and hardware; (ii) it should have complex dynamical behaviors; and (iii) it is suitable for image encryption process. Research results in (Chen, 1998; Ueta, 2000; Yassen, 2003) indicate that Chen system is a three-order system which can be easily implemented by circuits, and has better three-dimensional dynamical properties in phase space than Lorenz system and Chua's system. Therefore, Chen chaotic system can be applied to designing a cryptosystem with higher security. Chen dynamical system is described by the following system of differential equations (Chen, 1999):

( ),( ) ,

.

x a y xy c a x xz cyz xy bz

= −⎧⎪ = − − +⎨⎪ = −⎩

(1)

where x, y and z are the state variables and a, b and c are three positive real constants. Chen dynamical system is chaotic when a=35, b=3 and c∈ [20, 28.4]. Numerical experiments are carried out to integrate the system (1) by using fourth-order Runge-Kutta method with time step 0.001 and the chaotic attractors are shown in Fig.1. with parameters a=35, b=3 and c=28.

(a) (b)

(c)

Figure 1. The chaotic attractor of Chen dynamical system in the (a) x-y plane, (b) x-z plane, and (c) y-z plane.

DESIGN OF THE IMAGE ENCRYPTION ALGORITHM In this Section, we describe the proposed image encryption algorithm in details. Fig. 2 is the diagrammatic depiction of the algorithm.

Figure 2. Diagram of proposed encryption algorithm.

In general, we use a 192-bit key as the secret key of the encryption system, and the initial

conditions of Chen system are determined through an initialization process. Four variables are generated from the output of Chen system and then used as input to a function G, which will be performed by several iterations. After that, the output keystreams are employed to encrypt plain-image block iM through bitwise XOR operation. The encrypted image block would be iE , which is also fed back to the Chen system for the encryption of the subsequent plain-image block. The introduction of this feedback mechanism would enhance the sensitivity of the ciphertext with respect to the plaintext and make their relationship more sophisticated, which in turn will result in the enhancement of the difficulties for cryptanalysis. Description of Function G Function G is similar to the round function of the DES-like iterated ciphers, where the ciphertext is calculated by recursively applying a round function to the plaintext. The block diagram of function G is displayed in Fig.3.

In Fig.3, k1, k2, k3, k4 are the four input variables, and l1, l2, l3, l4 are the corresponding four output variables of the function G. There are four identical S-boxes. As we know, the substitution boxes (S-boxes) have been extensively used in most of conventional cryptographic systems, such as DES, IDEA and AES. S-boxes are core component of the DES-like cryptosystems and the only nonlinear component of these ciphers. In block ciphers, they are typically used to obscure the relationship between the secret key and the ciphertext - Shannon’s property of confusion. In many cases, the S-boxes are carefully chosen to provide the cryptosystem with abilities of resisting cryptanalysis. Mathematically, an n×m S-box is a nonlinear mapping from Vn to Vm, where Vn and Vm represent the vector spaces of n and m tuples of elements from GF(2) respectively.

Chen Dynamical System

Initialization of (x0,y0,z0,N0)

Function G

Function G

… … … …

Mi Ei

192-bit Secret Key

Figure 3. Diagram of function G DESCRIPTION OF S-BOX The S-box employed in this paper is designed by G. Tang et al. (2005), where a new method is utilized for obtaining cryptographically strong 8 8× S-boxes based on iterating chaotic maps. The method consists of two steps: Firstly, by iterating a chaotic map, an 8-bit sequence of binary random variables is generated from a real value trajectory obtained. After turning it to a decimal integer on the range of 0 2n− , an integer table can be obtained then. Secondly, a key-dependent permuting is used to shuffle the table nonlinearly by applying a Baker map several times (Chen, 2004). The shuffled table is the desirable S-box, which is shown in Table 1.

The S-box produced in this new method satisfies many important properties (Adams, 1989) for cryptographically “good” S-boxes. These properties include: bijective, nonlinearity, strict avalanche criterion, output bits independence criterion and equiprobable input/output XOR distribution, besides the fact that it has high immunity to resist differential cryptanalysis. Therefore, it is a good candidate for use in the design image encryption algorithm.

The usage of the S-box is explained as follows: If we suppose the input of the S-box is one byte u, which can be expressed as xy in hexadecimal, then the output of S-box is found by selecting the row using x, and the column using y. For example, an input integer 230, whose hexadecimal format is E6; hence the corresponding output would be 7 (see Table 1).

Table 1. An 8x8 S-Box Produced in (Tang, 2005).

121 50 31 84 8 0 52 205 190 99 203 132 42 41 173 69 63 159 30 100 193 29 1 82 187 165 189 222 14 170 175 83 207 38 171 254 4 111 233 55 195 62 5 6 166 245 234 13 184 79 146 218 32 115 74 127 97 39 76 185 90 65 123 125133 227 19 242 154 157 197 67 116 60 232 211 34 145 164 23 172 183 153 28 80 71 95 64 158 213 246 206 136 17 253 182155 18 168 196 216 104 163 66 238 176 113 96 180 237 220 12 109 57 135 51 68 58 44 255 61 25 214 72 122 46 56 53 212 215 147 13 11 225 208 105 244 128 226 251 94 137 117 98 49 88 14 78 70 241 89 110 194 174 200 9 209 144 24 2 138 142 124 239 75 37 252 243 21 33 156 48 249 27 192 210231 221 152 118 114 148 219 130 126 235 10 202 91 40 45 85 228 47 107 169 131 179 224 199 198 230 54 250 141 101 103 16736 188 181 106 92 204 223 134 177 20 3 139 186 178 247 43 26 87 119 22 201 35 7 151 81 240 162 161 236 77 217 19116 248 73 160 112 140 86 120 229 102 93 59 129 143 108 150

1k S-Box

S-Box

S-Box

S-Box

2k

3k

4k

1l

2l

3l

4l

Description of Encryption Process We assume that the original image blocks are 1 2 tM M M , where iM (1 i t≤ ≤ ) denotes the -thi image block with size 1 32× pixels, 1 2 tE E E are the corresponding encrypted image

blocks, and t denotes the number of image blocks. Besides, we use a 192-bit secret key, 1 2 24K K K , to determine the initial conditions of Chen dynamical system (1), i.e., 0x , 0y , 0z ,

and its iteration times 0N . As shown in Fig.3, the detailed process for encrypting image is described as follows:

Input: 1 2 tM M M (original image blocks)

Output: 1 2 tE E E (encrypted image blocks) Initialization: Suppose v denotes the current image block, and let 1v = . The initial

conditions of the Chen system are obtained through the following computational procedures:

1 2 24( ) mod 256S K K K= + + + ,

1 2 24P K K K= ⊕ ⊕ ⊕ , 4

,1 1

( ) mod 256t

i ji j

Q M= =

= ∑∑ ,

70 1 5 9 13 17( ) / 256x K K K K K S Q= × × × × × × ,

70 2 6 10 14 18( ) / 256y K K K K K S Q= × × × × × × ,

70 3 7 11 15 19( ) / 256z K K K K K S Q= × × × × × × ,

2 2 20 4 8 23 24( ) mod 256N S P Q K K K K= + + + × + × .

Step 1: Iterates Chen dynamical system 200 + 0N times from the initial conditions 0x δ+ ,

0y δ+ and 0z δ+ with parameters a =35, b =3 and c =28, where δ =0.01. Assume ( nx , ny , nz )

represents the -thn state. Calculate nτ according to the following formula:

2 2 2 1/2( )n n n nx y zτ λ= + + (2)

For the current image block, if v =1 then λ =1, else if v >1 then

1,1 1,2 1,3 1,4ln( )v v v vE E E Eλ − − − −= ⊕ ⊕ ⊕ (3)

Here, 1, (1 4)v jE j− ≤ ≤ denotes the -thj byte of the former encrypted image block whose size is

four bytes (32 bits). Step 2: Let ( )n nfloorζ τ τ= − , then (0,1)ζ ∈ , and it can be expressed as

1 20. ( ) ( ) ( )ib x b x b xζ = (4)

in which the -thi bit ( )ib x can be represented as:

2 11

( /2 )1

( ) ( 1) ( )i

ir

i rr

b x x−

−

=

= − Θ∑ (5)

where ( )t xΘ is a threshold function which is defined as: if x t< , ( )t xΘ = 0; otherwise ( )t xΘ =1. Generate the following four byte variables:

8( 1) 1 8( 1) 2 8( )i i i ik w w w− + − += , 1 4i≤ ≤ (6)

where 1 ( 1) mod 32j j jw b b + += ⊕ , 1 4j≤ ≤ .

Step 3: Input the four variables 1k , 2k , 3k , 4k to the function G, we get the four output

variables 1l , 2l , 3l , 4l , which will be viewed as new input variables of function G in the

subsequent iteration. After eight iterations, we obtain the keystream 1s , 2s , 3s , and 4s .

Mathematically, ( 1s , 2s , 3s , 4s )= 8G ( 1s , 2s , 3s , 4s ).

Step 4: Encrypt the current -thv image block vM with keystream 1 2 3 4S s s s s= as follows:

, ,v j v j jE M s= ⊕ , 1 4j≤ ≤ (7)

Step 5: Assume ,1 ,2 ,3 ,4( ) mod 256v v v vp E E E E= + + + , 1/2 / 256q p= , Let 0 0x x q= , 0 0y y q= ,

0 0z z q= , and 0 0N N p= ⊕ . If all the original image blocks are encrypted (i.e., v t= ) then encryption process END else goto Step 1, at the same time 1v v= + .

Remark 1: It is found that if the plaintext or secret key is all “0” bits then the variables S , P and Q are all zero, which will result in the initial conditions 0x , 0y and 0z being zero. As we know, (0, 0, 0) is a trivial solution of system (1). So to avoid this situation, we use a small positive increment δ to generate new initial conditions 0x δ+ , 0y δ+ and 0z δ+ , here δ =0.01.

Remark 2: To guarantee the sensitivity of the encryption algorithm with regard to the entire original image, we introduce one special parameterQ in the initialization process. It is clear that the generation of Q depends on the plaintext ,i jM , which implies that the ciphertext is sensitive

to the plaintext. This can be verified in our experiments. If the encryption key is K , then the decryption key should be EK = ( , )K Q , here we call EK an extend key.

Remark 3: As the presented encryption algorithm is a symmetrical one, thus the decryption process is similar to the encryption process. One can use the extend key EK to regenerate the

keystream 1s , 2s , 3s , 4s and recover the original image according to the following formulae:

, ,v j v j jM E s= ⊕ , 1 4j≤ ≤ (8)

EXPERIMENTAL RESULTS In this Section, we give some experimental results of the proposed encryption algorithm with regard to the 512×512 grey-scale “Lena” images. Fig.4 (a) is the original image and its

corresponding encrypted image with a randomly selected secret key K1 is displayed in Fig.4 (b). Here, K1 is selected as “JWe93F5a6\&8hKw12Psb3\#m7B”.

(a) (b)

(c) (d)

Figure 4. Encryption experimental and histogram results. (a) and (c) are for “Lena” original image, (b) and (d) are for the encrypted image.

In the following step, we perform the histogram experiment. In statistics, an image histogram

illustrates how pixels in an image are distributed by graphing the number of pixels at each gray-scale value. Fig.4 (c) and Fig.4 (d) show the histograms for the images in Fig.4 (a) and Fig.4 (b), respectively. From the results, we found that the histogram of the encrypted image is fairly uniform and is significantly different from the respective histogram of the original image, indicating that this algorithm makes the encrypted image indeed look like a random one. SECURITY ANALYSIS From the cryptography point of view, an ideal encryption algorithm should have desirable features for withstanding most kinds of known attacks such as cryptanalytic attacks: statistical attacks, brute-force attacks, ciphertext only attack and known plaintext attack, etc. In this section,

we will discuss some security analysis on the proposed algorithm in terms of key space, correlation analysis of two adjacent pixels, information entropy analysis, differential attack analysis, and diffusion and confusion analysis. Key Space Analysis A good encryption scheme should be sensitive to the secret keys, and the key space should be large enough to make the brute-force attacks infeasible. In this algorithm, since the size of the secret key is 192 bits, the key space size can reach up to 2192, which is large enough to resist all kinds of brute-force attacks with the current computer technology. Correlation Analysis of Two Adjacent Pixels To examine the correlation between two adjacent (in horizontal, vertical, and diagonal direction) pixels, we randomly select 2000 pairs of pixels from the original image and encrypted image respectively, and compute their corresponding relevant coefficients by using the following formulae:

cov( , )( ) ( )xy

x yrD x D y

=

(9)

1

1cov( , ) ( ( ))( ( ))N

i ii

x y x E x y E yN =

= − −∑

(10)

where cov(x,y) is covariance, D(x) is variance, x and y denote the gray-scale values of two adjacent pixels in the image. In numerical computation, the following discrete forms were used:

1

1( )N

ii

E x xN =

= ∑

(11)

2

1

1( ) ( ( ))N

ii

D x x E xN =

= −∑

(12)

(a) (b) Figure 5. Correlations of two vertically adjacent pixels. (a) and (b) are correlation distribution

analysis of the original ‘Lena’ image and the encrypted image, respectively.

Fig.5 illustrates the correlation distribution of two vertically adjacent pixels in the original “Lena” image and its corresponding encrypted image with K1, and the correlation coefficients are 0.9730 and 0.0104, respectively. Similar results for vertical and diagonal directions were also obtained and shown in Table 2.

Table 2. Correlation Coefficients of Two Adjacent Pixels in the Original and Encrypted Image.

Correlation coefficients Original image Encrypted image

Horizontal 0.9847 0.0189 Vertical 0.9730 0.0104 Diagonal 0.9640 -0.0076

From the results of Table 2, we found that the correlation coefficients of the encrypted images

are very small. These correlation analyses confirm that the chaotic encryption algorithm satisfies zero co-correlation, indicating that the attacker cannot obtain any valuable information by exploiting a statistic attack. Differential Attack Analysis As we know, in order to avoid the known-plaintext attack and the chosen-plaintext attack, a good encryption algorithm should have the desirable property which spreads the influence of a single plaintext bit over as much of the ciphertext as possible so as to hide the statistical structure of the plaintext (Schneier, 1996). This means the small difference of the plaintext should be diffused to the whole ciphertext. To evaluate the influence of one-pixel change on the whole encrypted image, two common measures (Chen, 2004) are used, i.e., number of pixels change rate (NPCR) and unified average changing intensity (UACI). The NPCR measures the different pixel numbers between two images, and the UACI measures the average intensity of differences between two images. These two measures are defined as follows:

,( , )

NPCR= 100%i jD i j

W H×

×∑

(13)

1 2

,

( , ) ( , )1UACI= 100%255i j

E i j E i jW H

⎡ ⎤−⎢ ⎥×

× ⎢ ⎥⎣ ⎦∑

(14)

where E1 and E2 denote two encrypted images, respectively, W and H are the width and height of image, and the gray-scale values of the pixels at grid (i, j) of E1 and E2 are labeled as E1(i, j) or E2(i, j), respectively. D(i,j) is related to E1(i, j) and E2(i, j). If E1(i, j) = E2(i, j) then D(i, j) = 1 else D(i, j) = 0.

We randomly choose a pixel of the original image and make a slightly change on the gray-scale value of this pixel. The encryption algorithm is performed on the modified original image and then the two measures NPCR and UACI are computed. This kind of experiment is carried out 512 times, and the average value of NPCR and UACI are calculated. We obtained NPCR ≈ 99.65%, and UACI ≈ 32.24%. The results show that a slightly change in the original image will result in a great change in the encrypted image, this implies that the proposed algorithm has an excellent capability to resist the differential attack.

Information Entropy Analysis It is well known that the information entropy H(m) of a plaintext message m can be calculated as

21

1( ) ( )log( )

n

ii i

H m p mp m=

=∑

(15)

where ( )ip m represents the probability mass function of message im and 256n= for image. For a 256-gray-scale image, if every gray value has an equal probability, then information entropy equals to 8, indicating that the image is a purely random one. When the information entropy of an image is less than 8, there exists a certain degree of predictability, which will threaten its security. Therefore, we strive for an entropy value of the encrypted image to be close to the ideal value of 8 so as to withstand the entropy attack effectively.

The information entropy of the original image “Lena” and its corresponding encrypted images are computed. They are 7.4455 and 7.9993, respectively. From the computation results we found that the entropy of the original images is smaller than the ideal one due to the fact that practical information sources seldom generate random messages. However the entropy of the encrypted one is very close to the theoretical value, showing the proposed encryption algorithm is sufficiently secure under the entropy attack. Analysis of Diffusion and Confusion Shannon (1949) has suggested two core techniques of “diffusion and confusion” for the design of practical ciphers. Diffusion means to spread the influence of a single plaintext or key bits over as much of the ciphertext as possible so as to hide the statistical structure of the plaintext. Confusion means to exploit some transformations to hide any relationship between the plaintext, the ciphertext and the key, thus making cryptanalysis more difficult (Schneier, 1996). Generally speaking, block ciphers’ security depends on their computing security (Mollin, 2006) that is determined by the confusion and diffusion criteria.

As was pointed out earlier, several properties of chaotic systems such as ergodicity and sensitivity to the initial conditions are connected to the diffusion and confusion of the conventional ciphers. In this paper, the objective of introducing the Chen chaotic system with the unpredictable dynamical behaviors into the design of the image encryption algorithm is that we want to obtain the desirable features as conventional cryptosystem.

The term avalanche effect suggested by Feistel (1973) can be pertinently used to express the diffusion and confusion properties implicated in the encryption algorithm. An encryption algorithm is said to satisfy the strict avalanche criterion if, whenever a single input bit is complemented, each of the output bits should change with a probability of one half.

Let HW denote the Hamming weight of a binary sequence, nie denotes a unit vector whose

length is -thn bit and only the -thi bit is “1”. To evaluate the avalanche effect of this algorithm, we calculate the following four variables:

(i) Suppose the plaintext block is 32ie , and the Hamming weight of 32( , )i jf e z is 1

iHW . Here, 32( , )i jf e z denotes the obtained ciphertext when encrypting the plaintext 32

ie with a randomly selected secret key jz , 1 j T≤ ≤ , where T is the number of the secret keys. Calculate the following average Hamming weight 1HW :

321 1

1

132 i

i

HW HW=

= ∑

(16)

(ii) Randomly select a non-zero plaintext block 1m , let 2,i tHW denote the Hamming weight of

1( , )tf m z ⊕ 321( , )i tf m e z⊕ , where the meaning of function f is the same as in (i). Calculate the

following average Hamming weight 2HW : 32

2 2,

1 1

1 1( )32

T

i ti t

HW HWT= =

= ∑ ∑

(17)

(iii) Assume the plaintext 1m is all-zero, the secret key 1z also is all-zero. Let 3HW denote the Hamming weight of 1 1( , )f m z ⊕ 192

1 1( , )if m z r⊕ . Calculate the following average: 192

3 3

1

1192 i

i

HW HW=

= ∑

(18)

(iv) Assume the plaintext 1m is all-zero, but the secret key 1z is non-zero. Let 4HW denote the Hamming weight of 1 1( , )f m z ⊕ 192

1 1( , )if m z r⊕ . Calculate the following average: 192

4 4

1

1192 i

i

HW HW=

= ∑

(19)

0 2 4 6 8 10 12 14 1615

15.2

15.4

15.6

15.8

16

16.2

16.4

16.6

16.8

17

Iteration numbers of function G

Ave

rage

of t

he H

amm

ing

wei

ght

HW1

HW2

HW3

HW4

Figure 6. Hamming weight results.

In the experiments, we randomly select 50 secret keys, i.e., 50T = , and perform the

aforementioned four calculations for the different iteration number of function G from 1 to 16, although we assign its value with 8 in Step 3. From the results shown in Fig.6, we found that the average of Hamming weight is very close to 16 (50%), especially 1HW =15.9781,

2HW =15.9456 for eight iterations of function G, and 1 4max / 32 0.5 0.0725ii HW≤ ≤ − = , which

indicates that the proposed algorithm has the strict avalanche effect, implying the perfect diffusion and confusion features. This result also implies that if we want to improve the encryption speed, the function G could be iterated as few as two times while keeping the same security features. CONCLUSION In this paper, a novel image block encryption algorithm based on a three-dimensional Chen dynamical system is proposed. The main idea is to employ the output sequences of Chen's chaotic system to iteratively perform a specially designed function G, in which we use new 8 8× S-boxes generated by chaotic maps (Tang, 2005) so as to improve the robustness against difference cryptanalysis and produce desirable avalanche effect. The last output of function G worked as the keystream to encrypt the original image block. Security analyses indicate that the proposed algorithm has desirable properties such as excellent diffusion and confusion from cryptographic point of view and can be easily adopted to realize the security cryptosystems over the Internet.

The analysis of the capability of the algorithm withstanding some other attacks needs to be further investigated in the future work. Apart from the security considerations, some other issues on image encryption are also important, such as the running speed for real-time image encryption and decryption. Therefore, another future work is to consider and measure the speed performance with the proposed algorithm and to design a modified version for color image encryption. ACKNOWLEDGEMENTS The authors would like to thank the anonymous reviewers for their valuable suggestions. The work described in this paper was supported by the Natural Science Foundation Project of CQ CSTC under Grant No.2008BB2360, No.2008BB2199; the Science and Technology Research Project of Chongqing Municipal Education Commission of China under Grant No.KJ081406; and the First Batch of Supporting Program for University Excellent Talents in Chongqing. REFERENCES Adams, C., & Tavares, S. (1989). Good S-boxes are easy to find. In G. Brassard (Ed.), Advances in cryptology: Proceeding of CRYPTO’89 , LNCS 435 (pp. 612-615). Berlin: Springer-Verlag Press

Álvarez, G., & Li, S. J. (2006). Some basic cryptographic requirements for chaos-based cryptosystems. International Journal of Bifurcation and Chaos, 16(8), 2129-2151.

Chen, G. R., & Dong, X. N. (1998). From chaos to order methodologies, perspectives, and applications. Singapore: World Scientific Press.

Chen, G. R., Mao, Y., & Chui, C. K. (2004). A symmetric image encryption based on 3D chaotic map. Chaos, Solitons & Fractals, 21(3), 749-761.

Chen, G. R., & Ueta, T. (1999). Yet another chaotic attractor. International Journal of Bifurcation and Chaos, 9(7), 1465-1466.

Feistel, H. (1973). Cryptography and computer privacy. Scientific American, 228(5), 15-23.

Fridrich, J. (1998). Symmetric ciphers based on two-dimensional chaotic maps. International Journal of Bifurcation and Chaos, 8(6), 1259-1284.

Guan, Z. H., Huang, F., & Guan, W. (2005). Chaos based image encryption algorithm. Physics Letters A, 346(1-3), 153-157.

Hao, B. L. (1993). Starting with parabolas: an introduction to chaotic dynamics. Shanghai:

Shanghai Scientific and Technological Education Publishing House.

Kocarev, L. (2001). Chaos-based cryptography: A brief overview. IEEE Circuits and Systems Magazine, 1(3), 6-21.

Li, S. J., Álvarez, G., & Chen, G. R. (2005). Breaking a chaos-based secure communication scheme designed by an improved modulation method. Chaos, Solitons & Fractals, 25, 109-120.

Li, S. J., & Zheng, X. (2002). Cryptanalysis of a chaotic image encryption method. In Proceeding of IEEE International Symposium on Circuits and Systems, Vol. 2 (pp. 708-711), Phoenix, AZ, USA.

Lian, S. G. (2009). A block cipher based on chaotic neural networks. Neurocomputing, 72, 1296-1301.

Mollin, R. A. (2006). An Introduction to Cryptography. NY: CRC Press.

Peng, J., Zhang, D., Liu, Y. G., & Liao, X. F. (2008). A double-piped iterated hash function based on a hybrid of chaotic maps. In Y. Wang, D. Zhang, J. C. Latombe, & W. Kinsner (Eds.), The 7th IEEE International Conference on Cognitive Informatics (pp. 358-365). Los Alamito, CA: IEEE Computer Society Press.

Schneier, B. (1996). Applied Cryptography (2nd Edition). NY: John Wiley & Sons Press.

Shannon, C. E. (1949). Communication theory of secrecy system. The Bell System Technical Journal, 28(4), 656-715.

Tang, G. P., Liao, X. F., & Chen, Y. (2005). A novel method for designing S-boxes based on chaotic maps. Chaos, Solitons & Fractals, 23(2), 413-419.

Tong, X. J., & Cui, M. G. (2009). Image encryption scheme based on 3D baker with dynamical compound chaotic sequence cipher generator. Signal Processing, 89(4), 480-491.

Ueta, T., & Chen, G. R. (2000). Bifurcation analysis of chen’s equation. International Journal of Bifurcation and Chaos, 10(8), 1917-1931.

Yang, T. (2004). A survey of chaotic secure communication systems. International Journal of Computational Cognition, 2(1), 81-130.

Yassen, M. T. (2003). Chaos control of Chen chaotic dynamical system. Chaos, Solitons & Fractals, 15(2), 271-283.

Yen, J. C., & Guo, J. I. (2000). A new chaotic key-based design for image encryption and decryption. In Proceeding of IEEE International Symposium on Circuits and Systems, Vol.4 (pp. 49-52), Geneva, Switzerland.