An Image Encryption Algorithm Utilizing Julia Sets and Hilbert Curves

Image encryption is an important and effective technique to protect image security. In this paper, a novel image encryption algorithm combining Julia sets and Hilbert curves is proposed. The algorithm utilizes Julia sets’ parameters to generate a random sequence as the initial keys and gets the final encryption keys by scrambling the initial keys through the Hilbert curve. The final cipher image is obtained by modulo arithmetic and diffuse operation. In this method, it needs only a few parameters for the key generation, which greatly reduces the storage space. Moreover, because of the Julia sets’ properties, such as infiniteness and chaotic characteristics, the keys have high sensitivity even to a tiny perturbation. The experimental results indicate that the algorithm has large key space, good statistical property, high sensitivity for the keys, and effective resistance to the chosen-plaintext attack.


Introduction
With the increasingly wide reach of the Internet, communications via Internet are getting more frequent. Due to a large number of threats against communications security, information protection has become an important issue. Especially because digital images contain so much information, security for images is a widespread concern. Nowadays, image encryption has been a focus in the research of information security.
Most conventional encryption algorithms put the emphasis on text data or binary data. Therefore, they have highly computational complexity. Because the digital images have special coding structures and large amounts of data, the conventional encryption algorithm may change the original data format in the image encryption. So, among the popular applications of multimedia, research on image encryption has both theoretical and practical significance.
Currently, there are various kinds of image encryption techniques, including image-scrambling-based techniques, dataprocessing-based techniques, key-based encryption techniques, etc. Some algorithms are based on certain transformation rules. For instance, Shyu used random grids to accomplish the encryption of secret gray-scale and color images [1]. Some algorithms are proposed according to the characteristics of the image itself, such as Yuen's proposal of a chaos-based joint image compression and encryption algorithm using discrete cosine transformation (DCT) and Secure Hash Algorithm-1 (SHA-1) [2]. Combining the encryption with other data processing technologies, Hermassi introduced a new scheme based on joint compression and encryption using the Huffman code [3]. Among the algorithms utilizing the keys, there has been a great deal of research in chaotic cryptography. For example, Chen produced a key through 3D chaotic cat maps and operated a pixel value with XOR to get the cipher image [4].
In the fractal research field, image encryptions are also explored. Using the fractal set directly as the key is the common method. Kumar proposed a method of encrypting a Mandelbrot set with the RSA method and Elliptical curve [5]. Liu studied a novel fractal cryptographic algorithm based on a fractal model and fractal dimension [6]. Rozouvan encrypted an image with the transformed Mandelbrot set [7]. Lock compressed the original picture for matrix multiplication with the fractal image [8]. Sun used a Mandelbrot set and the Hilbert transformation to generate the random key [9]. Lin encrypted an image by assembling the fractal image additional method and the binary encoding method [10]. Tong proposed an image encryption scheme based on 3D baker with dynamical compound chaotic sequence cipher generator [11].
At the same time, a great deal of analysis has been performed on the image encryption algorithms based on fractal sets or chaos sets. Yuen made a cryptanalysis on secure fractal image coding based on fractal parameter encryption [12]. For some shortcomings in encryption algorithms, Li et al. made the optimal quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks [13] [14].
Many conventional fractal-based encryption methods are combined with fractal coding compression or treat the fractal image as a host image to hide some information, e.g., keys. For the former, fractal coding operation itself may bring the time consumption. This will result in reducing efficiency of the algorithm. For the latter, usually the key length is invariant, which is not flexible and may have some restrictions in the encryption. To meet these challenges, we propose a novel image encryption algorithm. The algorithm uses several parameters to generate the keys with the same size as the plain images and has a good efficiency in the encryption. Firstly, we generate a Julia set and scramble it with the Hilbert curve in bit-level, and then make the scrambled Julia set modulo with the plain image. Finally, the cipher image is obtained by diffusion process. The Julia set is a classical set in fractal theory and can be calculated by several parameters iteratively. For this property, the key is much easier to store and transmit. What's more, the Julia set has the infiniteness and the chaotic features, so tiny changes of the parameters will lead to dramatic changes of the cipher image. In addition, the diffusion process guarantees that if one pixel value changes, then all the pixels will change, which makes the algorithm resist the chosen plaintext attack effectively.

Julia Set
According to the Escape Time Algorithm, a generalized Julia set can be constructed in the complex plane by the mapping function f (z)~z m zc,(m[R,c[C). Studies have shown that the Julia set J(f) is a closure of the repelling periodic points in the polynomial f [15]. The Julia set has sophisticated structures, infinity feature, and selfsimilarity. When an area of a Julia set border is enlarged, it is still a Julia-like image. What is more, a Julia set has an important feature that f is chaotic on the border of Julia set, that is, f has sensitive dependence relation to the initial conditions [15]. An arbitrary small perturbation can cause drastic changes in the iterated sequence of f. Therefore, we choose the border of the Julia image in the algorithm.

Hilbert Scrambling
The two-dimensional Hilbert curves are drawn as follows: divide a square into four squares and start the curve from the southwest corner of the center square to the northwest corner; then go to the northeast center, and finally go to the southeast corner. This is one iteration for a Hilbert curve. If we repeat the above process, we can get a curve that fills the whole square. Considering that the Hilbert curve can fill the square and has been proven to be a continuous closed curve, we utilize the curve to scramble the Julia image.
It is known that the RGB color model is commonly used for representing and displaying the images on the computer screen. The pixel value in each layer can be represented by eight binary bits. Figure 1 displays the scrambling process, where the odd bits are calculated with the forward pixel along the Hilbert curve and the even bits are calculated with the backward pixel along the curve simultaneously. In Figure 1, the values in R layer of pixels A, B, and C are denoted by (a 7 a 6 a 5 a 4 a 3 a 2 a 1 a 0 ), (b 7 b 6 b 5 b 4 b 3 b 2 b 1 b 0 ) and (c 7 c 6 c 5 c 4 c 3 c 2 c 1 c 0 ) respectively. The odd bits of A are calculated through an AND operation with B, and the even bits are obtained in the same way with C, then the pixel value in R layer of A is reset. The scrambling process is recyclable along the Hilbert curve. Equation (1) shows the scramble function.
Taking R channel for example, the current pixel value of A is 182, 10110110 in binary. B is the forward pixel along the Hilbert curve with the value 154, 10011010 in binary. C is the backward pixel along the curve with the value 62, 00111110 in binary. Applying Equation (1), we can get the new value of A. Its odd bits are 16060616 and even bits are 60616160. So the final pixel value of A changes to 150 in decimal after scrambling. Figure 2 shows the pseudocode.

Encryption and Diffusion
The final keys are obtained after the Julia set is scrambled by Hilbert curve. Using Equation (2), we encrypt the plain image with the final keys and get a temporary cipher image.
where e ij is the pixel value of (i,j ) coordinate in the plain image, e' ij is the pixel value after encryption, and d ij is the pixel value in the final keys. Because the image in the experiments is 256-color, the value of l is 256. The diffusion algorithm is also an important image encryption process. Based on a single pixel unit having three layers R, G, and     B, we propose a diffusion method. To ensure each pixel in the image can be affected in the diffusion process, the method diffuses the temporary cipher image in horizontal direction firstly, then in vertical direction. Equation (3) shows the diffusion function, where q i and q i-1 are the pixel values in the cipher image, p i and p i+1 are the pixel values in the temporary cipher image. For each layer in the diffusion process, the last pixel value is assigned to the initial value for the next layer iteration, that is q N 2~q0. There are no specific values of q 0 in the cipher image and p iz1 in the   temporary cipher image; therefore they are the keys in the diffusion process.

Decryption
As the proposed algorithm is a symmetric algorithm, the decryption process is the reverse order of the encryption, noting that the iteration order is reversed correspondingly.
The diffusion process starts from the first pixel in the temporary cipher image, with directions from left to right and top to bottom. So, for the inverse diffusion process, it starts from the last pixel in the cipher image, with the directions from bottom to top and right to left. The equation is as follows: For the module operation decryption, the order is also reversed and the equation is as follows: The Encryption System Suppose the initial image is of the size M6N. The whole encryption process is as follows:  Figure 5 is selected to map to a Julia-like set, as shown in Figure 6.
In our experiments, the whole algorithm runs in one iteration. There are two keys in the Hilbert scrambling process, forward step and backward step. They are assigned as 5000 and 9000 respectively. As discussed in Section 3 in the algorithm part, the diffusion process needs only two keys. One is q 0 in R layer of the horizontal direction, and the other is p N 2 z1 in B layer of the vertical direction. Experimental results show that the images with size of 2566256 cost less than 610 ms for the whole encryption process, in which the Julia set generation costs about 550 ms and the Hilbert scrambling process costs about 15 ms. The experiments produce a satisfying result. In fact, once the Julia set is generated, the scrambling, encryption and diffusion process can be accomplished in a flash. Figure7 shows the plain image, Figure 8 shows the corresponding cipher image and Figure 9 shows the correct decryption result.

Key Space
The keys in the algorithm consist of the parameters of the Julia set, forward step and backward step along the Hilbert curve, and two diffusion keys. The Julia keys are the mapping parameters m, p, and q (c = p+qi) and the area X max , X min , Y max , Y min (four parameters represent an image area, such as the X-axis scope ranges from X min to X max ). There are a total of seven keys. They are stored in double data type; the required memory space for one parameter is eight bytes, i.e. 64 bits. The keys for scrambling a Hilbert curve and the keys for diffusion are both in integer data type, with values ranging from 0 to 65535 and 0 to 255 respectively. Therefore, they need 16 bits and 8 bits for storage respectively. As all the above mentioned, the size of the key space is larger than 2 6467 62 16626k 62 8626k = 2 448+48k , in which k denotes the iterations times (k = 1, 2, 3……).

Key-sensitive Analysis
The whole encryption process includes three sub-processes. They are Julia set generation, Hilbert scrambling, and diffusion process. If the key values change, the corresponding cipher image or decrypted images will be of great difference.
In the decryption, if any key value of the Julia image is changed, the cipher image cannot be decrypted correctly. Taking the key m for example, we change the value of m from 15 to 15.000000000000001. Figure 10(a) shows the cipher image when m value is changed. Comparing the right cipher image (Figure 8) and the wrong cipher image (Figure 10(a)), there are 99.620%, 99.591%, and 99.624% difference in R, G, and B layers, respectively. Figure 10(b) shows the decrypted image by the wrong key. It can be seen that the decrypted image in Figure 10(b) has obvious difference from the plain image in Figure 9, which illustrates the algorithm has a high sensitivity for tiny changes of the initial value m.
The scrambling by the Hilbert curve is in bit-level. The keys in this process include a forward scrambling key and a backward scrambling key ranging from 0 to 65535. Figure 10(c) shows the decrypted image with the forward scrambling key 5001 instead of 5000, which has great differences from the Lena image in Figure 9.
The diffusion keys are q 0 for R layer in horizontal direction diffusion and p N 2 z1 for B layer in vertical direction diffusion. In the experiment, the value of p N 2 z1 is changed from 42 to 41 and the value of q 0 remains 100. Decrypting the cipher image in Figure 8, we get the wrong decrypted image shown in Figure10 (d). Table 1 shows the different ratio between two decrypted images in R, G, and B layers, respectively. The correct cipher image and the wrong cipher image have great differences when a key value is changed slightly, that means the correct decryption will happen only when all keys are correct. So it is easy to conclude that the keys have a high-sensitivity.

Plain image Sensitivity Analysis
Generally speaking, a chosen-plaintext attack is an attack model in which the attacker obtains the right to use the encryption system, makes a minor change of the plaintext and examines the changes of the ciphertext. The purpose of the attack is to gain some further information to reduce the security of the encryption  scheme. In the worst case, the attack could reveal the scheme's secret keys. If a minor change in the plaintext could cause large changes in the ciphertext, then the aggressive behaviors may be meaningless.
The common standards to test plain image sensitivity are NPCR (the number of pixels change rate) and UACI (unified average changing intensity) [17]. Usually, the plaintext sensitivity will be better if the NPCR value is larger. The formulas are shown in Equation (6) and Equation (7).

NPCR~1
W |H where C 1 and C 2 are the encrypted images, and their corresponding plaintexts have only a one-bit difference in the same pixel before encrypted. The C 1 (i,j) and C 2 (i,j) are the pixel value at grid (i,j) in C 1 and C 2 , respectively. And W and H are the width and height of the images. If C 1 (i,j) = = C 2 (i,j) then D(i,j) = 1; otherwise, D(i,j) = 0. Therefore NPCR is to measure the percentage of the different pixels between two images. And the UACI is to test the average intensity of differences. Table 2 and Table 3 show the plain image sensitivity. We calculate NPCR and UACI values for each pixel LSB (Least Significant Bit) changed in the R channel of the Lena image, Baboon image and Pepper image. Their average NPCR are all about 99.6% and their average UACI are 33.4877%, 33.4175%, and 33.4743%, respectively. Some NPCR and UACI are listed in Table 2 and Table 3.
The experimental results show that the sensitivity of the plain image is significant. When any pixel bit is changed in one layer, it can influence almost all the pixel values of the cipher image. In this case, the cipher image cannot be decrypted correctly. It is noted that such experimental effects partially owes to the diffusion process in the algorithm. From the above experimental results, we can draw the conclusion that the encryption algorithm can resist chosen plaintext attacks effectively.

Information Entropy Analysis
It is widely known that the entropy H(g) of a message source g can be calculated in Equation (8) [17].
Where N|N is the amount of the information, P(g i ) is the occurrence probability of the g i value in all of values. The logarithmic function is to represent the entropy in bit form. If the source sends 2 8 symbols (containing g i ) with equal probability, i.e., G = {g 1 , g 2 , g 3 , ……g 2 8 }, then the entropy value should be equal to 8. In this case, it is a truly random source. So, the entropy value of an encrypted image should be up to 8. Table 4 lists the entropy value of the cipher image, which is close to the ideal standard value. It is a clear proof that the encryption system has a good randomness, which indicates it can resist the entropy attack.

Statistical Analysis
The plain image histograms are shown in Figure 11(a) to Figure 11(c) and cipher image histograms are shown in Figure 12(a) to Figure 12(c), in which the X-ordinate represents the gray-level value and the Y-ordinate represents the occurrence frequency for each gray-level value. The experimental results indicate that each layer's gray value distribution of the cipher image tends toward equilibrium. These figures demonstrate a uniform distribution of pixel color values for the three image channels, which proves the success of the algorithm in randomizing the output.  Table 5 shows that our encrypting Lena image passes the sp800-22 test suite. It proves once again that the cipher image has a good randomness.

Conclusions
In this study, we have proposed an encryption algorithm combining the classical Julia set and the Hilbert curve. In the algorithm, the Julia set is scrambled in bit-level by the Hilbert curve to enhance the key sensitivity. The diffusion operation is implemented to resist the chosen plaintext attack. Through the analysis of the experimental results, we obtained the following conclusions: (1) The abundant Julia-like images are the copies of a Julia set and can be generated by a few parameters, which greatly reduces the key store space. The chaotic characteristic of the boundaries in the Julia image gives the key extreme sensitivity to the slight parameter changes, improving the security of the encryption algorithm greatly. In our experiments, the key sensitivity achieves 10 215 . (2) The diffusion process has a good effect in the pixel spread, and provides much large key space, has a high sensitivity to the plain image and keys, and especially enhances the resistance against chosen plaintext attack. (3) The entropy value of the cipher image achieves an ideal value, illustrating that the encryption system not only has a good randomness but also can resist the entropy attack. The statistical analysis shows that the distributions of the cipher image are uniform, also indicating the success of the algorithm in randomizing the output. In addition, the randomness test passes the sp800-22 test suite, proving the randomness of the cipher image on another side.
For future work, we will consider choosing better Julia set keys and other methods to improve the algorithm for the key conversion.

Author Contributions
Conceived and designed the experiments: YYS. Performed the experiments: LNC. Analyzed the data: RDX. Contributed reagents/materials/ analysis tools: RQK. Wrote the paper: YYS RDX.