A Fast Color Image Encryption Algorithm Using 4-Pixel Feistel Structure

Algorithms using 4-pixel Feistel structure and chaotic systems have been shown to resolve security problems caused by large data capacity and high correlation among pixels for color image encryption. In this paper, a fast color image encryption algorithm based on the modified 4-pixel Feistel structure and multiple chaotic maps is proposed to improve the efficiency of this type of algorithm. Two methods are used. First, a simple round function based on a piecewise linear function and tent map are used to reduce computational cost during each iteration. Second, the 4-pixel Feistel structure reduces round number by changing twist direction securely to help the algorithm proceed efficiently. While a large number of simulation experiments prove its security performance, additional special analysis and a corresponding speed simulation show that these two methods increase the speed of the proposed algorithm (0.15s for a 256*256 color image) to twice that of an algorithm with a similar structure (0.37s for the same size image). Additionally, the method is also faster than other recently proposed algorithms.


Introduction
With the rapid development of multimedia communications, the efficiency and security of image encryption transmission has become increasingly important. Due to the excellent security properties of chaos, such as ergodicity and sensitivity to initial conditions and parameters, chaos-based image encryption algorithms have attracted more and more attention since they were first proposed by the British mathematician Matthews R. in 1984 [1]. Afterwards, many chaotic image encryption algorithms have been designed based on different chaos maps and structures [2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20]. In particular, due to larger data capacities and higher correlation among pixels, the encryption of color images demand better statistical and diffusion properties in image algorithms than gray images. Thus, color image encryption has recently attracted substantial attention.
Efficiency is a very important factor in the design of chaotic image encryption algorithms. There are some well-known algorithms as examples. All these algorithms were considered safe at the time and gave special attention to their efficiency, yielding successful results. In 2004, Chen et al. proposed a symmetric image encryption scheme that employed the 3D cat map to shuffle the positions of image pixels and used another chaotic map to confuse the relationship between the cipher-image and the plain-image. This algorithm could be used to encrypt a 256 Ã 256 image in less than 0.4s [21]. In 2006, Pareek et al. proposed an algorithm that used an external 80-bit secret key and two chaotic logistic maps that could encrypt a 256 Ã 256 image in 0.33*0.39s [22]. In 2013, Fu et al. proposed a very efficient medical image protection scheme based on chaotic maps using a substitution mechanism in the permutation process through a bit-level shuffling algorithm. This algorithm took only 9.5ms to encrypt a 512 Ã 512 gray image [23]. However, all three algorithms were broken later. Both Chen's and Fu's algorithms were vulnerable to a chosen-plain-text attack [24,25]. Pareek's algorithm used logistic maps that have been proven unsafe now. In recent times it has become challenging to find the correct balance of security and efficiency in image encryption algorithms.
Many new thoughts and methods have been introduced to the design of color image encryption algorithms in recent years, as recently as 2015. Liu et al. proposed a new chaotic color image encryption algorithm in which the hash value of the plain image is applied to produce two initial values of the Henon map that generate two pseudo-random sequences [26]. A novel color image encryption with heterogeneous bit-permutation and correlated chaos was proposed by Wang et al. [27]. Murillo-Escobar et al. presented a colour image encryption algorithm based on total plain image characteristics to resist a chosen/known plain image attack, and used a 1D logistic map with optimized distribution to create a fast encryption process [28]. Lang proposed a novel color image encryption method using Color Blend and Chaos Permutation operations in the reality-preserving multiple-parameter fractional Fourier transform domain [29]. Som et al. proposed an algorithm in which the original image is first scrambled using the generalized Arnold cat map to achieve confusion and the scrambled image is then encrypted using chaotic sequences generated by multiple one-dimensional chaotic maps [30]. A perturbed high-dimensional chaos system was designed for image encryption according to Devaney and topological conjugate definition by Tong et al. [31]. The proposed algorithm by Oztruk et al. utilized a Lu-like chaotic system capable of exhibiting both Lorenz-like and Chenlike chaotic system behaviors for different parameter values [32]. We propose an algorithm using 4-pixel Feistel structure and chaotic maps; this algorithm realizes both the security and efficiency needs for a color image [33]. Meanwhile, studies on onset of chaos in discrete nonlinear dynamical systems show potential ways to make selection of chaotic systems and security analysis [34]. Currently, all these algorithms have been shown to be secure, but few are optimized for efficiency.
Feistel structure is a well-known structure for traditional block cipher. Feistel structure don't need to find inverse functions of encryption round functions for decryptions. In encryption and decryption process, algorithms use the same round functions but Feistel structure in different directions. In this point, it demonstrates that Feistel structure is naturally suitable for chaotic image encryption algorithm design as inverse functions are always difficult to be found for chaotic maps. In this paper, a fast color image encryption algorithm is proposed. This algorithm uses a modified 4-pixel Feistel structure and reduces the round number by changing twist direction in a secure way. It also is shown to improve speed while holding a high security level by utilizing simple round functions based on a piecewise linear function, a tent map is proposed.

Proposed algorithm
The proposed algorithm can be divided into 3 levels. The basic level utilizes the functions based on multiple chaotic maps. The intermediate level uses the 4-pixel Feistel structure. The top level is the dependent encryption process.

Functions based on multiple chaotic maps
On the basic level, five chaotic maps or functions are used. Two 3D chaotic systems (Lorenz system as Eq (1) and Chen's system as Eq (2)) are utilized as key generators to offer round keys for encryption and decryption. Compared with low-dimension maps, the high-dimension chaotic system is more complex with more variables and parameters, which makes algorithm's key space larger and system variables' time sequence more erratic and unpredictable. When p = 10, r = 28 and t = 8/3, Lorenz system involves chaotic state and when a = 35, b = 3 and c = 28, Chen's system is chaotic.
With fx Ã 1 ; x Ã 2 ; x Ã 3 g and fx Ã 4 ; x Ã 5 ; x Ã 6 g as the initial conditions, the Lorenz system and Chen's system are solved using the 4 th order Runge-Kutta method with a step size of h = 0.001. Solutions {x 1 , x 2 , x 3 } of each system at step i are noted as {x 1 (i), x 2 (i), x 3 (i)}.After being initialized M 0 and N 0 times, these two systems generate 6 round keys using Eq (3). Thus, the variables x Ã 6 ; M 0 ; N 0 g are needed to construct seed keys of the algorithm. Six piecewise linear functions (shown in Eq (4)) and eight tent maps (shown in Eq (5)) are used to construct the round function, shown in Fig 1. Piecewise linear functions have many good properties in design of chaotic encryption algorithms, such as simplicity in representation, efficiency in implementation, and good dynamical behavior. It has been known that piecewise linear functions are ergodic and have uniform invariant density function on their definition intervals.
The simplicity of the round function contributes to the excellent speed performance of our algorithm. where 0 x 1 and 0 < p < 0.5.
After parameters p1, p2 and 6 initial values IV1, IV2, IV3, IV4, IV5 and IV6 have been generated, there are 8 tent maps (as shown in Eq (5)) that are used to improve the chaotic properties. The 6 outputs can then be obtained using six piecewise linear functions, which will consist of 6 cipher colors used to encrypt 2 pixels after the use of Eq (9). a e ¼ bða À bacÞ Ã 10 14 c mod 256 ð9Þ

Modified 4-pixel Feistel structure
At the intermediate level, the modified 4-pixel Feistel structure is used to realize efficient diffusion among 4 pixels at the same time. However, unlike [33], the rounded number of the modified structure reduces while changing its twist direction to remain secure. The 4-pixel Feistel structure is used twice during the encryption process. However, due to the different functions, each iteration has a different structure, as shown in Fig 2. When the 4-pixel Feistel structure is first used it has two different rounds. The first round uses a simple round function constructed in the previous subsection, using two group of round keys, K = {k 1 , k 2 , k 3 } generated by the Lorenz system and K 0 = {k 4 , k 5 , k 6 }, generated by Chen's system. The second round creates diffusion among 4 pixels using x-or operations instead of completing the confusion process used in the first round, as is done in the traditional Feistel method. The confusion in the first iteration is completed by the second iteration of the 1-round 4-pixel Feistel structure.

Dependent encryption process
At the top level, two instances of dependent encryption processes in different directions are used to extend the effect of changes to all pixels in the image and to resist known-/chosenplain-text attacks and chosen cipher attacks.
All the blocks (represented by (i, j)) are defined by Eq (10), which naturally change the form of the image (shown as Fig 3) and handle the intersected block (shown as Fig 4).
where height and width represent the height and width of the origin image. Here, i = 1, 3, 5, . . ., 1 i height, j = 1, 2, . . ., and 1 j width. The proposed algorithm is described by pseudo-code in Alg. 1 and the process and is described by a flow chart in

Algorithm 1 Proposed algorithm
Lorenz system initializes, K is generated Chen 0 s system initializes, K 0 is generated

Experimental results and cryptanalysis
In our experiments the following equipment was used, CPU: Intel Core2 Quad CPU Q9500 2.83GHz; Memory: 4.00 GB; Operating system: Windows 7 pro; Coding tool: Visual studio 2012. The experiments include randomness test, histogram analysis, correlation of two adjacent pixels, NPCR and UACI, sensitivity to cipher image, information entropy, key sensitivity, and key space analysis.
The encryption results and corresponding decryption results of Lena (512 Ã 512), all-zero image (512 Ã 512), white(650 Ã 492), flower(1024 Ã 768) and mountain(680 Ã 360) are shown in are initial values of Lorenz system, while x Ã 4 , x Ã 5 and x Ã 6 are initial values of Chen's system. M 0 and N 0 are the initialization times for these two systems. If it is not otherwise noted, all encryption and decryption examples in our research used the above keys.

Randomness test
We use sts-2.1.2 test suite offered by NIST(National Institute of Standards and Technology) to test the randomness of our cipher [35]. For each test of sts-2.1.2, there is a predefined threshold for p-value, namely 0.01. When p-value is larger than 0.01, we can conclude the statistical test is passed successfully and the tested sequence is considered as random with 99% confidence. According to results shown in Table 1, we can conclude that our cipher sequence has sufficient randomness.      It can be found that the histograms of the cipher image are close to uniform. Thus, a frequency analysis cannot be used to break the algorithm.

Correlation of two adjacent pixels
The correlation of two adjacent pixels can be calculated using the following formula: where covðx; yÞ ¼ 1 First, we use this formula to test the correlation between various colors in Lena and its cipher image; this comparison shows that the correlation property between the plain image and the cipher image is good. Results are shown in Table 2.
Then, the correlation between different colors of two adjacent pixels of Lena's, all-zero's, white's, flower's and mountain's cipher is tested. Lena's results are shown in Tables 3-5. The results from the all-zero image are shown in Tables 6-8. All results have been compared with algorithms also using 4-pixel Feistel structure [33]. And the test results of white's, flower's and mountain's cipher are shown in Table 9.
It can be found that the performance of the proposed algorithm is nearly as good as that of the algorithm in [33]. This can be seen more clearly by comparing it with the algorithms proposed by Wang [27], Murillo-Escobar [28] and Tong [31], all in 2015 and by Wu [36] and Tong [37], both in 2016. To our knowledge, few algorithms proposed recently handle the correlation between different colors. Thus, there may be a need for a color image encryption algorithm. Because there is no recent data on correlation between different colors, the data shown in Table 10 is just the correlation between the same colors.
Results show that different colors in different directions have little correlation and the proposed algorithm has better correlation performance than the other recent algorithms.

NPCR and UACI
The Number of Pixels Change Rate (NPCR) indicates the rate of the number of pixels that change when one pixel in the plain image is changed. As the NPCR approaches 99.6094%, the more sensitive the crypto-system is to changes in the plain image, and the more effective it is in resisting a plaintext attack. The UACI(Unified Average Changing Intensity) indicates the average intensity of differences between the plain image and the ciphered image. As The UACI where c 1 (i, j) and c 2 (i, j) are the cipher-image pixel values before and after one pixel of the plain image is changed.
The test figures are shown as Fig 12, and the results are shown in Table 11 and Table 12.
These results show the good diffusion property of the algorithm. In addition, this indicates that the algorithm can resist plain-text attacks and differential attacks.

Sensitivity to cipher image
As done in [13], when one pixel of cipher image is changed, the recovered plain image exhibits no correlation to the plain image, then the cipher can resist a chosen-cipher attack. Similarly, the NPCR and correlation between the recovered image, with one pixel of the cipher image changed, and the plain image are computed to prove the proposed algorithm's resistance to the chosen-cipher attack. Test figures are shown as Fig 13, and results are shown in Table 13.
The results show that the proposed algorithm can resist a chosen-cipher attack.

Information entropy
Information entropy of a cipher image can be computed as Eq (14).
where p(m i ) represents the probability of symbol m i , and log 2 represents the base 2 logarithm so that the entropy is expressed in bits, N represents the number of bits used to represent a pixel. The results show that the entropy of all the three color channels is close to the ideal value of 8. Thus, the algorithm is secure against entropy attacks.

Key sensitivity
Key sensitivity is a simple way to find out the size of the key space [14]. In this test, we adjust keys in double form by changing the last number of the decimal and adjust integer keys by adding 1. Then, the correlation between the ciphers before and after the change to the key will be  The results for encryption key sensitivity are shown in Table 16.
The results for decryption key sensitivity show as Table 17. Thus, we have shown that the modified chaotic algorithm is sensitive to small key changes, such that a small change in the key will generate a completely different decryption result and cannot be used to find the correct plain image.

Key space analysis
In the previous subsection, it us shown that a key in double form has a precision of 10 −15 . As mentioned in the beginning of this section, there are 6 doubles and 2 integers used as keys for the proposed algorithm. Even if integers are ignored, the key space, composed of all 6 double numbers, is greater than 10 15 Ã 6 > 2 300 . Thus, the key space is large enough to resist a bruteforce attack.

Speed analysis
Compared with the algorithm proposed in [33], which also uses the 4-pixel Feistel structure, this algorithm has two methods that can be used to speed it up, namely the simple round function and the modified 4-pixel Feistel structure. The round function in the algorithm is simpler than the one introduced in [33], where three chaotic functions constructed one round function for one color of one pixel (Fig 16). For each round of [33], 12 piecewise linear functions and 6 logistic functions are needed. However, in our research, 6 piecewise linear functions and 8 tent maps replace the 12 piecewise linear functions and 6 logistic maps used in [33]. As a result, the computation for each round function becomes easier.
The second method used to speed up the algorithm is the modified 4-pixel Feistel structure. It can easily be found that the algorithm given in [33] can be divided into 2 independent parts each of which has a 2-round Feistel structure (Fig 17) in the 2 times of dependent encryption progress. The use of these two methods means that slightly different functions are used. If these two functions are not secure, the dependent encryption progress will be meaningless. As a result, we attempt to classify the security properties of these two functions.
The first time of dependent encryption progress can be presented in Fig 18 (8-pixel example). Due to the good properties of round functions based on the multiple chaotic system, the two encrypted pixels can be treated as result of two other pixels, but independent from each other. For an image of 8 pixels, using the algorithm in [33] requires 4 steps to complete the first iteration of the dependent encryption process. A Feistel cipher with two rounds can handle the four pixels so that the position (or diffusion) will not be shown in the image. In this image, the deeper color of the pixel indicates that more pixels affect the handling of this pixel. It is found that for the four pixels handled in step 1, each is affected by all four pixels. However, for the first 4 pixels handled in step 2, they are affected by the first six pixels. In step 3, the 4 pixels are affected by all 8 pixels in the image.
Step 4 extends the affect to pixel 1 and pixel 3. After the first iteration of the dependent encryption, only a few pixels at the beginning and end of the image should be affected by all the pixels. A change of one pixel should affect every pixel in the image, which means that the NPCI and UACR values will be good, which is necessary for a secure image encryption algorithm. Thus, a second iteration of the dependent encryption algorithm is necessary to extend the affect to all pixels in the image. In brief, in the first iteration of dependent encryption the effect of pixels accumulates. During the second iteration of dependent encryption the affect extends through the whole image.
As shown in the analysis above, the first iteration of dependent encryption aims at accumulating the effect of the encryption on the pixels. Thus, a simpler structure (Fig 2)is proposed, so that the accumulation of pixels is just realized by changing the twist direction without encrypting all pixels.
The structure of this method uses the same functions as the original structure, but the computations are more simple. In the first iteration of the dependent encryption, if only the first round with round functions is considered, only two pixels are handled. The affect is propagated as progress continues, as shown in Fig 19. The second round occurs without using round functions and provides a way to extend the results from two pixels to all four pixels in a handled block.
During the second iteration of dependent encryption, only an extension of this affect is needed. This is accomplished using the 1-round Feistel, which is described below. If round functions aren't taken into count (in effect, simpler functions have been proposed), the operations needed for the modified 4-pixel Feistel structure are only half of the original amount, in both the encryption phase and the key generation phase.
Due to the difference of computer configurations, code optimization, or even image format, the speed of an algorithm is difficult to compare exactly. Some results are shown in Table 18 for reference. As shown, the proposed algorithm is twice as fast as that in [33], which also uses 4-pixel Feistel structure. We also show that our algorithm performs better than those developed in other recent research.
Through our analysis and simulation, our two methods (the simple round function and modified 4-pixel Feistel structure) are shown to accelerate the proposed algorithm to much faster speeds than those found in [33], which also uses 4-pixel Feistel structure, as well as those found in other recent research.

Conclusions
In our research we propose a fast color image encryption algorithm using 4-pixel Feistel structure and multiple chaotic systems. We perform multiple simulation experiments, including histogram and key space and speed analysis, measure the correlation of two adjacent pixels, and find the NPCR, UACI, information entropy, and key sensitivity values to show that the proposed algorithm has good statistical and diffusion properties and can resist many different types of attacks. In our analysis we give two methods that are used to speed up the algorithm. First, we introduce the use of a simple round function, based on a piecewise linear function, and a tent map is proposed to reduce computational cost during each round. Second, a modified 4-pixel Feistel structure, which reduces round numbers by changing twist direction in a secure way, is proposed to help the algorithm proceed in an efficient way. Simulation results prove that these two methods increase the speed of the proposed algorithm to twice that of a similarly structured algorithm (A 256 Ã 256 image can be encrypted in 0.15s compared with 0.37s) and even more for other recently developed algorithms.