A semi-symmetric image encryption scheme based on the function projective synchronization of two hyperchaotic systems

Both symmetric and asymmetric color image encryption have advantages and disadvantages. In order to combine their advantages and try to overcome their disadvantages, chaos synchronization is used to avoid the key transmission for the proposed semi-symmetric image encryption scheme. Our scheme is a hybrid chaotic encryption algorithm, and it consists of a scrambling stage and a diffusion stage. The control law and the update rule of function projective synchronization between the 3-cell quantum cellular neural networks (QCNN) response system and the 6th-order cellular neural network (CNN) drive system are formulated. Since the function projective synchronization is used to synchronize the response system and drive system, Alice and Bob got the key by two different chaotic systems independently and avoid the key transmission by some extra security links, which prevents security key leakage during the transmission. Both numerical simulations and security analyses such as information entropy analysis, differential attack are conducted to verify the feasibility, security, and efficiency of the proposed scheme.


Introduction
With the rapid growth of broadband communication, multimedia transmission has increased over the Internet, which makes information and communication systems more vulnerable. Image security has attracted a huge amount of attention due to the widespread interconnection of almost all devices and communication networks. Image encryption differs from text encryption due to bulk data capacity, high redundancy and a strong correlation between adjacent pixels.
Since Matthews [1] first proposed the chaos encryption algorithm in 1989, many studies have indicated that chaotic encryption are suitable for bulk data due to its favorable properties, such as complex and nonlinear, high sensitivity to initial conditions, control parameters, nonperiodicity, and a pseudorandom nature.
Many image encryption algorithms   adopted permutation-diffusion mechanism [3-7, 11, 16, 17, 19, 21], in which permuting the positions of image pixels incorporates with changing gray values of image pixels to confuse the relationship between the cipher image and the plain image.
A previous study [26]proposed an image encryption/decryption algorithm with compound chaos mapping, in addition, a hyperchaotic system based on chaotic control parameters was put forward. Another study [27] presented an image encryption scheme on the foundation of multiple chaotic maps while an alternate work [28] proposed an image encryption algorithm on the basis of rotation matrix bit-level permutation and block diffusion. Akram Belazi proposed several image encryption schemes [23][24][25] based on chaos and obtained the good encryption effect. An encryption method on the basis of reversible cellular automata combined with chaos has also been designed in [12]. Ref [29] presented a color image encryption scheme on the foundation of the quantum chaotic system.
According to the type of the key usage, encryption algorithm can be divided into symmetric encryption and asymmetric encryption. The same secret key is used to encrypt and decrypt in symmetric encryption algorithms. Most chaos image encryption schemes are based on symmetric cryptographic techniques, which have been proven to be more vulnerable than an asymmetric cryptosystem [30].
Common symmetric encryption algorithms include DES, 3DES and AES. They are widely used due to their advantages such as great speed, relatively low complexity as well as easy implementation in hardware. Since both encryption and decryption sides should configure the key by some extra methods, once the key is divulged the cryptosystems will be broken. Furthermore, each pair of users need choose a unique key that nobody else knows. This makes the quantity of key to be growing exponentially.
Asymmetric encryption differs from symmetric encryption that it requires a key pair: a public key for encryption and a corresponding private key for decryption which is known only to the owner. The most common asymmetric encryption algorithm is RSA. In an asymmetric key cryptosystem, any user can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver's private key [31]. It is unlike symmetric encryption to share the key, asymmetric encryption do not require a secure channel for the initial exchange of the key from transmitter to receiver. Although asymmetric cryptosystem has so many advantages, it also has disadvantages. For example, it is extremely difficult to factorize large numbers in order to obtain sufficiently long keys especially enormous data.
Since Pecora and Corrall found the drive-response chaos synchronization phenomena [32], a lot of synchronization schemes have been proposed, such as complete synchronization, generalized synchronization, phase synchronization, lag synchronization, projective synchronization. Two chaotic systems synchronization phenomenon is similar to the asymmetric key mechanism, and they can synchronize with each other if they exchange information in just the right way. This motivates us to use chaos synchronization to avoid the key transmission in order to combine the advantage of the symmetric and asymmetric encryption and try to overcome their shortcomings.
In this paper, we propose a new color image cryptosystem using a synchronization scheme for a 3-cell QCNN [33] and a 6 th -order CNN [34]. The 3-cell QCNN is regarded as the response system and the 6th order CNN is used for the drive system. In order to synchronize the drive-response system, the control law for stable synchronization errors and the update rule for unknown parameters estimation are given. The function projective synchronization [35] is treated as the decryption key generator. We prove that the 6 th -order CNN drive system and the 3-cell QCNN response system are asymptotically synchronized. Numerical simulations and security analyses such as information entropy analysis, differential attack are performed to verify the feasibility of the proposed scheme. As similar as the asymmetric encryption, our scheme does not require exchange key, and it effectively avoids the threat of key exposure, therefore, it will be called Semi-Symmetric encryption scheme.
The rest of the paper is organized as follows: In the next section, we briefly describe the 3-cell QCNN system and the 6 th -order CNN system used in our scheme. In Section 3, the function projection synchronization between the response system and the drive system is presented. Section 4 gives the semi-symmetric encryption scheme. The experimental results and performance analyses are given in Section 5. Section 6 concludes the paper.

System descriptions 3-cell QCNN hyperchaotic system
Quantum dots and quantum cellular automata (QCA) [36] constitute new types of semiconductor nano-materials that have many unique nano-features. The k th QCA state equation is obtained by the Schrödinger equation [36]: where ℏ is Planck's constant, γ is the inter-dot tunneling energy, which takes into account the neighboring polarizations, and E k is the electrostatic energy cost of two adjacent fully polarized cells that have opposite polarization. The effect of local interconnections is considered in the term " P k ; and φ k is a quantum phase of the QCA. Eq (1) constitutes the QCNN state equations and its dynamics are characterized by two variables, P k and f k . A 3-cell QCNN system can be described as Eq (2): where P 1 , P 2 , P 3 and ϕ 1 , ϕ 2 , ϕ 3 are the state variables; b 01 , b 02 , and b 03 are the proportional inter-dot energy in each cell, and ω 01 , ω 02 , ω 03 are effect weigh parameters on the differences in the polarization of the adjacent cells, like the cloning templates in traditional CNNs. The 6 th -order CNN hyperchaotic system The 6 th -order CNN is another hyperchaotic system used in this paper, which is introduced in Ref [34], and it is all the interconnection in a CNN. Its state equation is defined as Eq (3): k¼1 s jk x k þ i j ðj ¼ 1; 2; :::; 6Þ ð3Þ where a j ¼ 0ðj ¼ 1; 2; 3; 5; 6Þ; a 4 ¼ 200; a jk ¼ 0ðj; k ¼ 1; 2; :::; 6; j 6 ¼ kÞ; :::; 6Þ; Eq (3) could be calculted as Eq (4): where p 4 = 0.5(|x 4 + 1| − |x 4 − 1|). We calculated the Lyapunov exponents of system(4). When t ! 1, the six Lyapunov exponents are λ 1 = 2.748, λ 2 = −2.9844, λ 3 = 1.2411, λ 4 = −14.4549, λ 5 = −1.4123 and λ 6 = −83.2282. Two of these exponents are positive, so system(4) is also hyperchaotic.

The synchronized key generation system
Let System(4) and System(2) be the drive system and the response system, respectively. Thus, the system(2) can be described by the Eq (5) via the function projective synchronization [35]: where b 11 , b 12 , b 13 , ω 11 , ω 12 and ω 13 are the parameters of response system(5) that need to be estimated in order to synchronize system(4) and system (5), and u 1 , u 2 , u 3 , u 4 , u 5 and u 6 are the controllers. Define synchronization error states as follows: which _ e i denotes the deviation between system(4) and system (5), when _ e i converges to zero as time tends to infinity lim as the scaling function factor, drive system and response system reach synchronization. Substituting Eqs (2), (4) and (5) into Eq (6) yields the error dynamical system(7) as defined in Eq (7) between system(4) and system (5): We design the control law u i (i = 1, 2, 3, 4, 5, 6) as Eq (8) to make the synchronization errors e 1 , e 2 , e 3 , e 4 , e 5 , and e 6 to stabilize at the origin.
The simulations results are illustrated in   Table 1. Initial values and control parameters of drive and response system.

Drive system
Response system Control parameters of Response system  The semi-symmetric image encryption scheme In this paper, we propose a semi-symmetric image encryption/decryption scheme based on the function projective synchronization. The proposed scheme is illustrated in Fig 6. The scheme is deployed at the ends of Alice and Bob, respectively. Firstly, Alice adopts system (2) with initial parameters and control parameters to obtain the key. Bob adopts system(5) to obtain the key independently. Function projective synchronization ensures that Alice and Bob get the equivalent key. Secondly, Alice encrypts the plain image by his key and transmits the cipher image to Bob. Thirdly, Bob decrypts the cipher image with his key. The proposed scheme is different with symmetric algorithms that Alice and Bob use in different key generation systems. The symmetric algorithms transmit the key by some extra security methods. The proposed scheme is similar to asymmetric algorithms that the keys generated by the two systems need not transmit to each other over other security link, which prevents security key leakage during the transmission.
Our scheme is a hybrid chaotic encryption algorithm. It consists of a scrambling stage and a diffusion stage. In encryption phase, 3-cell QCNN system(2) is used for scrambling and diffusing the plain image. In decryption phase, since the function projective synchronization is used to synchronize the response system(5) and drive system(4), the 6 th -order CNN drive system(4) with control laws(8) and update rules(9) generates the key to decrypt the cipher image.
Since det(A) = 1, the parameters are described as follows: The plain image is scrambled by Eq (10) in order to generate the permutation image. It is transformed into three 1 × (N × N) streams S j = {S j (1), S j (2), . . .. . .S j (N × N)}, j 2 {r, g, b} by arranging its pixels from top to bottom and left to right.
In the diffusion stage, 6 th -order CNN system(4) is used to diffuse the image, which changes the permutation image pixel's values. The initial conditions are described as follows: Of these initial conditions, γ i is taken as the appropriate integer. P j is chaotic value, so the initial conditions x i (0) is also chaotic value. Let the plain image be an N × N image.
The 6 th -CNN is iterated NÂN 2 times and its result is divided into three matrices:X r , X g , and X b : . . . . . . : Arranging matrix elements from top to bottom and from left to right, X r , X g , and X b are transformed into three 1 × (N × N) streams: X j StreamðiÞ; ði ¼ 1; 2; :::; N Â N j 2 fr; g; bgÞ The diffusion key streams, K j , are generated by using sequences X j _Stream and S j as described by Eq (12): Let S j (0) = 127. The scramble image is shifted to the cipher image by key streams, K j . These C r , C g , and C b row vectors are transformed into N × N matrix. Compose the three color components to obtain the encrypted image.

Decryption algorithm
As shown in Fig 8, the decryption is the inverse process of the encryption, except that the decryption key P r1 , P r2 , P r3 , ϕ r1 , ϕ r2 , and ϕ r3 are generated by the synchronized key generation system instead of 3-cell QCNN (2).

Performance analysis
In this section, we perform 11 experiments to validate the proposed scheme. The results show that our scheme has good encryption performance.

Key space analysis
The key space size is the total number of different keys that can be applied in the encryption process. The key space must be large enough to make brute-attacks infeasible. Stinson DR. [38] suggested that the key space should be at least 2 100 to ensure a high level security. In our algorithm there are twelve parameters for the keys: six initial conditions P 1 , F 1 , P 2 , F 2 , P 3 , F 3 and six control parameters b 01 ; b 02 ; b 03 ; o 01 ; o 02 ; o 03 . They are all floating point numbers. According to the IEEE floating-point standard [39], the computational precision of the 64-bit double-precision numbers is 2 -52 . So the key space of the proposed encryption method is (2 52 ) 12 = 2 624 , which is sufficiently large enough to resist all kinds of brute-force attacks.

Key sensitivity analysis
A secure encryption algorithm must be sensitivity to its keys which satisfies the requirement of resisting brute-force attack. Under the same experiment condition as Eq (13). P 1 (0), P 2 (0), P 3 (0), ϕ 1 (0), ϕ 2 (0), ϕ 3 (0) are QCNN system(2) initial conditions, used as user keys in the proposed encryption scheme. With a tiny difference in the encryption keys, six groups of test cases are designed, which differ 10 -13 to every encryption key, respectively.  Table 2 lists the percentage of different pixels in RGB color component using Key or Key1, Key2, . . ., Key6 seven encrypt images, respectively. Therefore, it can be concluded the slightly deviation in the key brings out absolutely different in the corresponding encryption images. Consequently, the proposed scheme has a high key sensitivity and can resist the brute-force attack.

Histogram analysis
A good image encryption approach should always generate the uniform histogram of cipher image for any plain image. The plain images, cipher images, decrypted images, and the histograms of their three-color components are shown in Figs 9-12. As illustrated, the histograms of the encrypted images are fairly uniform and significantly different from the respective histograms of the original images. Hence, our proposed scheme does not provide any clue to statistical attacks.

Correlation coefficient analysis
To test the correlation of pixels (vertical, horizontal, diagonal), we randomly select 4000 adjacent pairs of the plain image and the cipher image, and calculated the correlation coefficients of pixels, according to the following formula:  Figs 13 and 14 show image "Flower" and "Cablecar" correlation of two adjacent pixels. Table 3 provides more tests of the correlations, which show that two adjacent pixels in the plain images are highly correlated while the cipher images showed negligible correlations. The result indicates that our proposed encryption model functions properly.
Information entropy analysis. Information entropy is thought to be one of the most important features of randomness. To measure the entropy, H(m), of a source m, the following   equation can be employed: where p(m i ) represents the probability of symbol m i , and the entropy is expressed in bits. For example, when n = 8, the image color strength value is m = {m 0 , . . .. . ., m 255 }. For a random process, each symbol has equal probability, p(m i ) = 1/256, H(m) = 8. In general, the entropy value of the message is smaller than 8 but should to be close to ideal. Table 4 provides a comparison of average entropy values for a considerable number of images for the proposed method and some other methods. We noticed that our scheme outperforms other schemes and approaches the ideal value of 8.

Differential attack
Cryptanalysis features an important method called differential attack to crack the encryption algorithm in order to quantitatively measure the influence of a one-pixel change on the cipher image. This influence can be measured via the number of pixel change rate (NPCR) and the unified averaged changing intensity (UACI), which are computed with the following formula: where W and H represent the width and height of the image, respectively. C(i, j) and C 0 (i, j) are the ciphered images before and after one pixel of the plain image is changed. For position (i, j), if C(i, j) 6 ¼ C 0 (i, j), then D(i, j) = 1; else D(i, j) = 0. We tested the NPCR and UACI values for images Flower and Cablecar for the proposed scheme. As shown in Tables 5 and 6, the proposed scheme is very sensitive with small changes in the plain image. This result shows that our scheme can resist differential attack well.

Known plaintext attack and chosen plaintext attack
The diffusion key stream K j , in Eq (12), not only depends on the security key (initial conditions of 3-cell QCNN, P 1 (0), P 2 (0), P 3 (0), ϕ 1 (0), ϕ 2 (0), ϕ 3 (0)) but also on the plain image itself. Hence, when the same security key encrypts different images, the diffusion key streams are different. Therefor it is ineffective on input an all "0" or all "1" image into this scheme. Accordingly, our scheme can resist known plaintext attack and chosen plaintext attack.

Encryption quality analysis
In an ideal cryptographic model, encrypted images should have uniform histogram distribution to hide pixels relevant information. It implies the encryption algorithm changes the the cipher pixel value to make the probability of each cipher pixel being totally uniform. Literature [43] gives a method for estimating the encryption quality, deviation from uniform histogram (D H ), which is given by Eq (14).
In Eq (14), M × N is the image size and C i is the image pixel gray or color level, C i 2 [0, 255]. H Ci is the histogram value at index i, and H C is the actual histogram of encrypted image. The smaller D H value indicates the more uniform histogram distribution and the higher encryption quality.
We obtain D H comparison reports for three images through using our algorithm with other chaotic encryption algorithms in Ref [25]. As can be seen from Table 7, all D H values are very low. Moreover, our algorithm has more uniform histogram distribution and better encryption quality than Ref [10,13,25,44]. Chi-square test A Chi-squared test [45,46], also written as X 2 test, is any statistical hypothesis test wherein the sampling distribution of the test statistic is a chi-squared distribution when the null hypothesis is true. Chi-squared test illustrate the possibility of statistical attacks. To evaluate if and what extent distribution of encrypted image histograms approach the features of a uniform distribution, Chi-squared tests are computed for 7 cipher images' histograms, and then are summarized in Table 8. We find the histograms of the encrypted images are fairly uniform, so the proposed scheme can defend statistical attack.

NIST SP800-22 test
NIST SP800-22 test [47] includes 16 test methods, which are used to analyse the randomness of binary sequences generated by cipher systems. We performed all the 16 tests for 65536-8 bits key stream sequence and the results are shown in Table 9. From the Table 9, it shows that our scheme goes through all NIST SP800-22 tests successfully. Therefore, the key stream sequence is absolutely random in our scheme.

Encryption speed and computation complexity
The encryption speed is an important issue for a well applicable encryption system. Nevertheless, it depends on many factors as hardware, software and programming [25]. Ref [24,48] have performed encryption speed tests for some algorithms in [5,7,24,[48][49][50][51][52] at the same enviorment. From Ref [48], we know that the encryption speed of algorithm [5,7,48,49] are >10s, 2.3s, 1.25s, and 2.901s respectively. The execution time of scheme in [24,[50][51][52] are 155ms, 173ms, 2.089s and 334ms [24]. In our scheme, Arnold mapping iteration times t j in Eq (11), is randomness for improving security, so it is hard to build a baseline to compare encryption speed with other methods, especially programming skill and code optimization [25]. So we give the encryption speed with different Arnold mapping iteration times in Table 10, and   Table 10, our scheme has an acceptable speed. Additionally, the computation complexity relies on the number of operations and steps to fulfill the encryption. Our scheme needs OðnÞ to complete the entire encryption process, where n is the pixel number of images. Thus, the efficiency of the proposed algorithm is competent in the application level encryption requirements.

Conclusion
In this paper, a semi-symmetric image encryption scheme based on function projective synchronization between two hyperchaotic systems is proposed, and it has several advantages such as great speed, relatively low complexity compared respectively to symmetric and asymmetric algorithms. Especially, the key is generated simultaneously in encryption side and decryption side independently, which effectively avoids the key transmission and threats of key exposure. The presented scheme is a hybrid chaotic encryption algorithm and it consists of a scrambling stage and a diffusion stage. Moreover, the 6 th -order CNN is not only regarded as the drive system for the key synchronization, but also is used for diffusing key generation to enhance the security and sensitivity of the scheme. The simulation experiments and security performance analyses show that our scheme has a satisfactory security performance.