An Efficient Image Encryption Using a Dynamic, Nonlinear and Secret Diffusion Scheme

This paper presents a new secret diffusion scheme called Round Key Permutation (RKP) based on the nonlinear, dynamic and pseudorandom permutation for encrypting images by block, since images are considered particular data because of their size and their information, which are two-dimensional nature and characterized by high redundancy and strong correlation. Firstly, the permutation table is calculated according to the master key and sub-keys. Secondly, scrambling pixels for each block to be encrypted will be done according the permutation table. Thereafter the AES encryption algorithm is used in the proposed cryptosystem by replacing the linear permutation of ShiftRows step with the nonlinear and secret permutation of RKP scheme; this change makes the encryption system depend on the secret key and allows both to respect the second Shannon’s theory and the Kerckhoff principle. Security analysis of cryptosystem demonstrates that the proposed diffusion scheme of RKP enhances the fortress of encryption algorithm, as can be observed in the entropy and other obtained values.

the row coordinate of pixels of the scrambled image; and the second is for label the column coordinate of pixels of the scrambled image. Then, a new pixel exchange model is performed by a generated virtual coordinate matrix. For diffusion, they used a matrix of the same size as original image to change the values of the scrambled image according to MOD operation and XOR operation. In (3), researchers propose an efficient image encryption scheme with a self-adaptive permutation-diffusion and DNA random encoding; in this work, the plain image is converted to DNA sequence by a random encoding rules to disarrange the bit distribution of the plaintext, then a selfadaptive permutation-diffusion process is performed. Besides, the intrinsic features of the plaintext disturb the quantization processes of the permutation and diffusion procedures. In (4), proposes an image encryption based on Latin cubes; the permutation scheme in this work is highly plaintext-related with a strong diffusivity of substitution scheme have been constructed by exploiting the excellent cryptographic properties of Latin cubes of high-dimensional form, discreteness, uniformity and 3D attribute. In (5), authors propose an image encryption algorithm, where the image pixel locations is scrambled by a chaotic sequence, and the bit permutation is implemented by butterfly network. Then, the image is coded into a DNA matrix dynamic. In (6), proposed an image encryption scheme using self-adaptive selective permutation and a feedback-based diffusion mechanism, which can act on inter-intra blocks. In (7), researchers generate the permutation and substitution key stream sequences for image data scrambling and mixing by a hyper chaotic Lü system and logistic map, where a pixel swapping mechanism is used for permuting the positions of colored sub pixels in the input image. In (8), proposed a novel chaos-based image encryption scheme with an efficient permutation-diffusion mechanism, in this work, in the permutation process of image pixel positions, they utilized a generalized Arnold map to generate one chaotic orbit used to get two index order sequences. In (9), proposed a novel encryption algorithm for color image based on Pixel-Level and Bit-Level pseudo-random permutations, while to dispel the redundancy on the entire image, the same permutation function in the ring ℤ/nℤ is applied to all pixels in the image, where n is the size of the image. In (10), researchers used a chaotic orbit perturbing mechanism for permutation-diffusion type image cipher with, while the permutation step consists to shuffle pixels in the plain image with a pixel-swapping mechanism, and a chaotic logistic map iteration generate the pseudorandom locations; moreover, a plain pixel related chaotic orbit perturbing mechanism is produced. In (11), proposed a block permutation encryption algorithm for color image, while the block permutation is realized by mixing R.G.B components to strengthen the dependence of each component. In (12), to permute pixels, a chaotic map and deoxyribonucleic acid (DNA) are used, while in the diffusion step a DNA sequence and a DNA operator are performed. In (13), authors propose a strategy of random diffusion for image encryption using a spatiotemporal chaos of the Logistic-dynamic mixed linear-nonlinear coupled map lattices, in this work a pending sequence is generated according to the number of image pixels, and then two index chains are generated combining the conflict handling process. Finally, the cipher image is obtained by random diffusion. In (14), proposes an image encryption using a combination of Grain-128a algorithm and Zaslavsky chaotic map; where a process of bit confusion and diffusion is applied using a sequences generated by the chaotic map. Despite the advantages of algorithms mentioned above, they have a number of inherent limitations. Firstly, the diffusion scheme is static and doen't change along the encryption process. Secondly, transmitter and recipient must share the secret key and some other parameters (for instance in (2,5) the correspondents must share the chaos parameters). Also, when the secret key is changed, the diffusion process does not change, i.e. the diffusion scheme does not have any dependence with the secret key. Taking into account what is mentioned, in this paper, a new diffusion scheme for block cipher algorithm called Round Key Permutation (RKP) is proposed, which makes the diffusion scheme secret and has a direct dependence with the encryption key and subkeys. In addition, it allows the encryption algorithm both to respect Shannon's second theory and Kerckhoffs principle, which means that the security of an encryption system must not reside in the encryption process but in the secret key. Therefore, scrambling pixels of each block will be done with various methods using the permutation table calculated from the master key and round keys. This diffusion technique makes the permutation in each block to be encrypted secret, nonlinear, random and dynamic (changes with the changing of round key).
The proposed diffusion technique is applied to the advanced encryption standard algorithm (AES); because it is the ultimate secure choice for block cryptosystem, besides its use is very practical and has many advantages compared with other algorithms (based on a variable structure of substitution-permutation network and a dynamic key in each iteration). Also another algorithm which had a dynamic encryption key can be used like the algorithm proposed in (15), in this paper the authors showed that rekeying increase security, extend the lifetime of the master key effectively and bringing significant, provable security gains in practical situations. This propriety of rekeying allows us by applying the RKP to increase the security level and the dependence between the encryption scheme and master key (sub-keys). The cryptosystem used consists to replace the linear permutation of Shift-Rows step in AES algorithm by the proposed diffusion technique RKP which is a nonlinear, random, secret and dynamic permutation. The test of complexity of the proposed cryptosystem (AES with Round Key Permutation) and a comparative study is presented thereafter with the AES and other encryption algorithm by tests of statistical, differential analysis and the sensitivity of the secret key.

Structure of AES:
The AES (Advanced Encryption Standard) is a symmetric encryption algorithm that processes data blocks of 128, 196 or 256 bits and the size of the typically key used is 128 bits with variants of 192 and 256 bits. The data blocks and the key are stored in a table as shown in Fig.1; the number of columns depends on the blocks size and the key (16,17).

Figure 1. State table block
AES is based on a succession of rounds; the rounds number varies depending on the block size and the key size. The proposed cryptosystem use the AES algorithm of 128 bits block size with 128 bits key size and a rounds number r equal to 10.
The AES algorithm in the encryption mode consists of 3 steps:  The first is an " exclusive or" operation between the plaintext block and the secret key K.  The second step is a set of 9 rounds each executing 4 operations: SubBytes, ShiftRows, MixColumns and AddRoundKey.
 The last step is a round in which the MixColumns operation is not performed. All the encryption operations are invertible. Therefore, in order to decrypt a block, operations are applied reversely.

Contribution: Image Encryption by AES Algorithm with RKP:
Image encryption is provided by the AES algorithm replacing the linear permutation of ShiftRows step by the proposed diffusion technique, which permute pixels of each block according to the permutation table calculated from the encryption key and sub-keys through the following procedure: Marking the 1 st minimum (or maximum) in the matrix of the encryption key by 1, the 2 nd by 2 and so on until reaching 16 (the key size). In case of equality, always takes the reference from left to right and from top to bottom (according to the order of appearance). (Figs. 2, 3).

Figure 2. Calculating procedure of the permutation table and encryption/ decryption block
To decrypt a block, the same procedure is applied reversely.
When the image contains homogeneous areas, all identical blocks will also be identical after encryption. In this case, the ciphered image contains textured areas and the entropy of the image is not maximal. To solve this problem, the CBC mode is applied on the proposed algorithm; this allows on one hand to increase the level of complexity and on the other hand satisfies second Shannon's theory of diffusion.

Security Analysis of Proposed Cryptosystem and Experimental Results:
After the encryption of an image, it is necessary have an independence (low correlation) between pixels of the plain image and that of the ciphered image. This independence can be seen by simple viewing of the ciphered image, but the visual inspection remains insufficient to judge the encryption of an image. The metrics for evaluating the degree of encryption can be classified into statistical analysis, differential analysis and sensitivity analysis of the secret key.

Statistical Analysis
To resist the statistical attack, the ciphered image histogram must be very close to a uniform distribution. To measure this uniformity, two tests are applied, the first test is entropy and the second test is chi-square.

Histogram
The histogram of image is an important feature in analyzing of statistical performance in the encryption process. The histogram of an image is a discrete function that maps the number of pixel for each intensity simply by counting the number of pixel having certain intensity in the image (18), so the histogram illustrates how the gray levels pixels in an image are distributed. Therefore, it can be displayed as probability density function. Figure 4 shows the results of Lena's image 224x224, encrypted by the AES algorithm with Round Key Permutation in CBC mode. The encrypted image is not at all visible; also the plain image histogram is changed tremendously comparing with the encrypted image histogram and the gray level occurrence probabilities is uniformly distributed in the encrypted image (Fig.4e).

Entropy Test
Entropy is the amount of information released or encompassed by a source of information. The entropy test of an image M is given by equation 2: (1) Q=2 8 =256 represents the number of gray level, pi the probability of having an intensity i More an image is complex, more its entropy is large. The uniform distribution is obtained, when the entropy H(M) is maximum and is given by equation 3 : The obtained entropy value of the encrypted image is 7.9967; this results is very close to H max , it means that the source data has a nearly uniform distribution and the cryptosystem providing such data can withstand to the statistical attack. Table 1 indicates that the entropy of the AES algorithm with Round Key Permutation is large compared to the AES algorithm; also the entropy of the AES algorithm with Round Key Permutation in CBC mode is high compared to the algorithm without CBC mode, so the CBC mode adds complexity to the proposed cryptosystem.

Chi-square Test
The chi-square is a similarity measure of two categorical probability distributions. The chi-square value is 0 if the two distributions are identical; if the distributions are very different, some higher number will result. The chi-square test is given by the following formula: The distribution of the histogram is uniform if it satisfies the following condition: X 2 exp < X 2 th Q-1, α =273,12 for a threshold α fixed at 0.05 in our experiment.

Correlation Coefficient of Adjacent Pixels
The calculation of the correlation coefficient between the pixels allows evaluating the encryption quality of cryptosystem. Generally, in an original image, each pixel is strongly correlated with its adjacent pixels in the three directions horizontal, vertical and diagonal. In the case of ideal cryptosystem, the encrypted image doesn't have any correlation between adjacent pixels.
To test the correlation between adjacent pixels; 5300 pairs of two adjacent pixels are taken from the original image and those encrypted in the three directions horizontal, vertical and diagonal as follows: For each selected pixel (at the number 5300) of coordinates (i, j), 4 vectors V, V H , V V , V D containing the gray levels of the pixels are formed, which are found at the positions (i, j), (i+1, j), (i, j+1), (i+1, j+1) respectively. The correlation coefficients in the three directions are C VH , C VV , C VD . Table 2 groups the correlation coefficients for the following algorithms: the proposed algorithm AES with Round Key Permutation, ECKBA proposed in (19); the algorithm proposed by Mansour et al (20). The correlation coefficients measured for the original image are close to 1, while the correlation coefficients for the encrypted images of different algorithms are close to 0, it is also deduced that the encryption has considerably attenuated the correlation between pixels of encrypted images. The graph in Fig.5 represents the correlation coefficients in absolute value of the adjacent pixels of the encrypted images of each algorithm for comparing the performances of the proposed cryptosystem with ECKBA and Mansour et al algorithm. For the horizontal and vertical direction, Round Key Permutation performance has exceeded the other two algorithms; with the exception of the ECKBA algorithm which has a value of diagonal adjacent pixels lower than the proposed algorithm.   All results show that the cryptosystem used reveals good properties and resists against statistical attacks.

Differential Analysis
To ensure the security of an image encryption scheme against differential analysis, two quantitative measures are used: the Number of Pixels Change Rate (NPCR) and the Unified Average Changing Intensity (UACI) defined by the following equation: (4) Where M and N are the width and height of image I 1 and I 2 respectively and D(i, j) is a matrix of the same size as I 1 and I 2 such that: Table 3 indicates that the NPCR / UACI score between original image and encrypted image by AES with Round Key Permutation algorithm is large compared to that of AES; by applying the CBC mode, the NPCR of the algorithm increases. Also the NPCR of the proposed algorithm is large compared to the ECKBA encryption algorithm and the algorithm proposed by Mansour et al. The UACI of the proposed algorithm is better than the other tested algorithms. Another test is performed between two encrypted images (LENA 224*224) that differ from the original image by a single pixel, the NPCR and UACI values are shown in Table 4.
The UACI value of AES with Round Key Permutation algorithm is better compared to the AES, but the NPCR value is the same. Also, the NPCR of the ECKBA algorithm reaches the maximum value but its UACI value remains lower than the proposed algorithm.

Sensitivity of the Secret Key
To test the sensitivity of the key on the proposed cryptosystem and their reliability; two different tests are performed:  The first test is to encrypt the same image by two keys slightly different; the used keys are different only by a single bit at the initial condition. Changing a single bit in the encryption key then gives two completely different histograms with a very low correlation coefficient between the two encrypted images (corrcoef = 0.0090). Therefore, the two encrypted images are completely independent from each other.
• The second test consists on using the key K1 to encrypt an image (LENA 80x80), and using the key K2 in the decryption phase ( Fig. 9)

Figure 9. a) Plain image, b) Image decrypted by K2, c) Image decrypted by K1
The decryption process failed when the secret key is slightly changed and the decrypted image is completely blurred (Fig 9b). With these two tests, the conclude is that the AES algorithm with Round Key Permutation is extremely sensitive to small changes of the secret key, so the proposed approach guarantees security against brute force attacks.
Avalanche Criterion: Any function that satisfies this criterion must have a change with a probability of one-half of the output bits, if only one bit at the input changes; the output will then be uniformed and no statistical prediction can take place; this criterion is measured by calculating of hamming distance.
The Hamming distance is the number of different bits between two binary sequences C1 and C2, which will be noted dH(C1, C2). This criterion measures the avalanche effect and it is defined by the equation 6: ( 1 , 2 ) = ∑ 1 ( ), 2 ( ) −1 =0 (6) Two binary sequences E1 and E2 are encrypted, which differ by a single bit by our algorithm AES with Round Key Permutation, then the Hamming distance is calculated between the two resulting encrypted sequences C1 and C2, by changing each time the position of the bit to be changed for plain text sequences. Figure 10  ( ) = ( ) * 100 (7) The size of the binary sequences tested is Lb = 128 bits and j represents the different bit position. 81.25% pairs of encrypted sequences have a Hamming distance greater than 46%, and 18.75% pairs have a distance less than 46%; the average value of the Hamming distance obtained for our algorithm is 50.2563 (Fig. 10); indeed whatever the position of the changed bit, this provided almost 50% of difference between the bits of two concerned sequences. So the avalanche property is reached by the algorithm AES with Round Key Permutation. The execution time was evaluated by MATLAB 7.6.0 (R2008a). The experiments were conducted using an Intel Core i3 processor with a frequency of 2.4 GHz.
The execution time required for each algorithm: AES and Round Key Permutation to encrypt a Lena's image of different size (40x40, 80x80, 120x120, 160x160, 240x240, 320x320 and 400x400) is provided in Fig. 11. If the size of the image increases, the two methods have almost the same execution time with a difference of a few milliseconds.