Sei sulla pagina 1di 11

www.ietdl.

org
Published in IET Image Processing
Received on 12th October 2012
Revised on 29th June 2013
Accepted on 14th July 2013
doi: 10.1049/iet-ipr.2012.0586

ISSN 1751-9659

Hardware stream cipher with controllable chaos


generator for colour image encryption
Mohamed L. Barakat1, Abhinav S. Mansingka1, Ahmed G. Radwan2, Khaled N. Salama1
1
Department of Electrical Engineering Program, King Abdullah University of Science and Technology (KAUST), Thuwal,
Saudi Arabia
2
Department of Engineering Mathematics, Faculty of Engineering, Cairo University, Giza, Egypt
E-mail: ahmedgom@yahoo.com

Abstract: This study presents hardware realisation of chaos-based stream cipher utilised for image encryption applications. A
third-order chaotic system with signum non-linearity is implemented and a new post processing technique is proposed to
eliminate the bias from the original chaotic sequence. The proposed stream cipher utilises the processed chaotic output to
mask and diffuse input pixels through several stages of XORing and bit permutations. The performance of the cipher is tested
with several input images and compared with previously reported systems showing superior security and higher hardware
efciency. The system is experimentally veried on XilinxVirtex 4 eld programmable gate array (FPGA) achieving small
area utilisation and a throughput of 3.62 Gb/s.

1 Introduction key stream for image encryption. Amin et al. [21] used the
tent map to generate a chaotic key stream to encrypt image
Inherited randomness behaviour and sensitivity to initial bits though a non-linear transformation function. None of
conditions promote chaos-based random number generators the previously mentioned encryption systems have been
(CB-PRNGs) as efcient candidates for cryptographic realised on hardware as they occupy a larger area and
applications [13]. Many CB-PRNGs have been digitally operate on lower throughput rates losing the sole
realised using chaotic maps [4, 5] and recently using the advantages of stream encryption.
numerical solution of differential equations [6, 7]. Digital design To the best knowledge of the authors, this paper presents
provides area efciency, repeatability, portability and the rst hardware realisation of a lightweight chaotic stream
integrability with IC technology [8]. However, digital cipher utilised for coloured image encryption satisfying
CB-PRNGs suffer from serious dynamical degradations because three corner requirements: (i) high throughput, (ii) robust
of quantisation error and nite representation of system states, encryption and (iii) small hardware area. A third-order jerk
including loss of ergodicity and shorter pseudo orbits [9]. chaotic generator with signum non-linearity is utilised as a
Chaos-based image encryption using stream ciphers is a CB-PRNG. The size of the chaotic attractor is controlled
vivid, yet challenging, application of chaos because of the dynamically by the input image increasing the sensitivity of
high correlation between image pixels. Unlike block ciphers the output chaotic stream. This paper further introduces a
[10], stream ciphering [11] operates on smaller data units new post processing technique to overcome the defects in
and satises the high throughput requirement for data CB-PRNGs maintaining the same throughput and with a
transmission applications [12] such as wireless small hardware overhead. A thorough security analysis is
communications. Chaotic stream ciphers utilise CB-PRNGs provided for several images and the results are compared
to generate a key stream necessary for masking and with the previously reported software-based encryption
defusing image pixels. Nevertheless, aws in CB-PRNGs systems showing a superior performance. The hardware
result in weak encryption prone to various cryptanalysis utilisation and the maximum throughput of the proposed
attacks [13]; and therefore are solved by the hybridisation stream cipher is compared with known ciphers such as RC4
of two or more chaotic systems [1417]. The work done by [22], E0 [23], A5/1 [23], SNOW 3G [24] AES [25] and so
Huang [18] reports using Chebyshev function to generate on reecting a higher hardware efciency. The whole
the key stream to mask and permute image pixels in system is implemented on XilinxVirtex 4 FPGA.
addition to two-dimentional Chebyshev function to avoid
known-plaintext and chosen-plaintext attacks. Wang et al.
[19] also used three chaotic maps in his encryption that 2 Chaotic random number generator
alters between block and stream ciphering. Liu and Wanga
[20] utilised a true random number generator to provide the The following set of three rst-order ODEs describe a
seed for a piecewise linear chaotic map which generates a third-order non-autonomous double-scroll chaos generator

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 33


doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
[26, 27] with a single controllable time-varying parameter system as follows

1 F F
X 0 1 0 X 0 Dt = + 1 + 162 , F1 # {0, 1},
4 16 2
Y = 0 0 1 Y + ,0

F2 [ 0, 212 1 , F2 [ N (3a)
Z 1 1 1 Z Dt sgn(X )

1 X 0 Dt = {4 b0010, F1 , F2 , 7 b0}  Dt [24 bits]
sgn(X ) = (1)
1 X ,0 = [0010F1 F2 0000000] (3b)

where Dt is an arbitrary constant and controls the size of the


attractor in real-time and has no effect on the qualitative This guarantees that Dt [0.25, 0.375]) at any instance and
system dynamics [26]. The same system with different simultaneously ensures that the attractor stays within the
constants and without controllability was previously bounds of the xed point representation space [ 1, 1),
implemented [28] using the Euler approximation. veried through rigorous numerical simulation. Therefore
constant Dt has an easy representation in binary form to
realise the expression (3a) in terms of F1 (1-bit) and F2
(12-bits), given in (3b) where the rst number 4 in the
2.1 Digital realisation
expression 4b0010 represents the number of bits and b
A step size of h = 22 is used to maximise chaos enhancement implies a binary format followed by the logical bits [0010].
through the incorporation of additional truncation Thus, the expression 7b0 is translated into seven logical
non-linearities [2931] zeros. The LFSR used in F1 is 128-bit length with a
feedback polynomial described in [32].

Xt+h 1 h 0 Xt 0
Yt+h = 0 2.2 Post processing
1 h Yt + 0 (2)
Zt+h h h 1 h Zt hDt sgn(Xt ) Statistical defects in the output bits of chaotic oscillators
cause short-term predictability [33] and thus, reduce the
security in cryptographic applications. To overcome such
The circuit schematic of the numerical solution is shown in
defects, this work proposes a post processing technique in
Fig. 1. A xed point twos complement format is used with
which all the 72-bits of the output are put through delayed
24-bits representing each of {X, Y, Z}, 1-bit allocated to the
feedback after a rotation of 1-bit to the right and XORing
sign and integer part and the remaining 23-bits to the
operation, according to Fig. 2. Since 1 and 72 are relative
fractional part. The constant Dt is a 24-bit added or
primes, this guarantees that every output bit receives
subtracted from X based on whether X is positive or
contributions from every single input bit, thus equalising
negative, respectively, and stored in a temporary register T
the bias and completely suppressing short-term
to reduce the critical path at the Z-register. This implements
predictability. According to a general equation that
the signum non-linearity with the controllable input. From
the diagram in Fig. 1, the total component count for this
chaotic oscillator is three 24-bit adders, two 24-bit
subtractors, one 24-bit adder/subtractor and four 24-bit
registers. Since scalar multiplications reduce to arithmetic
shifts because they are powers of 2, they only rewire the
bits and do not require any hardware. The initial condition
(IC) of the state registers {X, Y, Z} is of width 72-bits and
is provided by the user. The constant that controls the
attractor size Dt is carefully designed to divide the
controllability between the user and the input image adding
extra randomness to the system. The expression of Dt is Fig. 2 Circuit diagram of the full CB-PRNG showing initial
specied in terms of a 1-bit input F1 derived from a linear condition and controllable-size inputs, the post processing circuit
feedback shift register (LFSR) with a seed provided by the and the resulting decomposition into three 24-bit outputs for use
user, and a 12-bit input F2 as a feedback from the cipher in the stream cipher

Fig. 1 Circuit diagram of the fully digital third-order ODE-based non-autonomous double-scroll chaos generator

34 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343


& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
www.ietdl.org
Table 1 Experimental results on XC4VSX35-10FF668 FPGA for demonstrates a good correspondence with the analogue
the generator before and after post processing attractor in [26]. A positive maximum Lyapunov exponent
Components Chaotic Chaotic generator with post (MLE) for the output time series indicates the presence of
utilised generator processing chaotic dynamics. Given an arbitrary change in initial
conditions, the MLE approximates the long-term divergence
slices 189 230 in the output by dS(t) elt S(dt), with a positive MLE
slice FF 219 291 conrming the existence of chaos. The software based on
four input LUTs 299 370 [35] enables the calculation of the MLE from a time series
Frequency, MHz 153.4 153.4
of discrete data, giving the result as 0.136. The seed value
of the resulting CB-PRNG is the initial condition of the {X,
Y, Z} registers. In addition, the nal post processed output
illustrates the expectation after XORing of two 34-bits [34] is split into three 24-bit outputs {U, V, W} for utilisation in
colour image encryption, given that a standard RGB image
1 1 1 1 pixel is composed of 24-bits. The phase plots of {U, V, W}
E(A B) 2 E(A) E(B) r (4)
2 2 2 2 are shown in Figs. 3df, in which it is clear that post
processing has suppressed the attractor shape, enabled full
where A and B are the correlated random variables with coverage of the entire available phase space and thus
r denoting correlation between A and B. If A is an ideal eliminated short-term predictability. The performance of the
random variable (E(A) = 0.5) and B is loaded with bias output under the NIST SP. 800-22 test suite is assessed in
(E(B) 0.5), the expression indicates that the XOR further sections after the description of the stream cipher.
operation gives a result with lower bias (E(A B) 0.5)
provided the correlation is low (r 0). Area results of the
chaotic generator before and after post processing are 3 Image encryption system
shown in Table 1. Hardware efciency motivates
implementing the rotation as simple rewiring without any 3.1 Encryption/decryption algorithm
hardware overhead. Synthesis results reect the low
hardware cost of post processing without affecting the Each input colour pixel undergoes several stages of diffusion
frequency of operation. using feedback, pixel confusion and bit permutations.
Assume a consecutive sequence of plain image pixels Pi
2.3 Chaotic response where i denotes the location index. Similarly, let Ci,j denote
a ciphered image pixel in the ith location at the jth
Oscilloscope traces of the attractors (X Y Z-phase plots) of encryption stage. Let Pj denote bit permutation in
the original oscillator are shown in Figs. 3ac which encryption where the bit locations are shufed and let P 
j

Fig. 3 Experimentally obtained


a XY
b YZ
c XZ original attractors from the digital chaotic oscillator
In addition to
d UV
e UW
f VW phase portraits after post processing the output
Results are drawn on an oscilloscope from a Xilinx Virtex 4 FPGA

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 35


doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
denote the corresponding reverse permutation in decryption. applying cascaded three stages of the permutations results
The encryption algorithm is thus expressed as in a different location from the original colour component
which guarantees inter-colour confusion. The decryption
Pj (Ci, j1 Ui ), j=1 algorithm achieves a reverse operation as follows
Ci, j = Pj (Ci, j1 Vi ), j=2 (5a)
P (C
j i, j1 Wi ), j=3 Pj (Ci, 0 Wi ),
j=1
Ci, j = Pj (Ci, 0 Vi ), j=2 (7a)
Ci, 0 = Pi Ci1, 1 Ci2, 2 (5b)

Pj (Ci, 0 Ui ), j=3
The proposed algorithm consists of three identical stages of
encryption to prevent any information leakage based on the Pi = Ci, 3 Ci1, 1 Ci2, 2 (7b)
values of input pixels. This process is performed on two
levels: (i) masking each colour pixel values using the
0 0 1 0 0 0 0 0 0 1 0 0
processed chaotic outputs, (ii) shufing bits between the 0
colour RGB layers through bit permutations Pj . The stream 0 0 0 1 0

1
0 0 0 0 0


of ciphered pixels from the second stage Ci, 2 is taken as 0 1 0 0 0 0 0 0 1 0 0 0
P1j =
0
, P2j =
feedback to the generator to control attractor size Dt
0 0 0 0 1

0
1 0 0 0 0

dynamically creating a direct relationship between the input
image and the chaos generation. Another stage of 0 0 0 1 0 0 0 0 0 0 0 1
encryption is required to distribute the effect of correlation 1 0 0 0 0 0 0 0 0 0 1 0
between each two neighbouring pixels on the following
0 0 0 0 0 1 0 0 0 1 0 0
consecutive pixel. In addition, pixels constituting this stage 1
Ci1, 1, Ci2, 2 are chosen after applying bit permutations 0 0 0 0 0

0
0 0 0 1 0


P1 , and P2 , respectively. For any random input pixel if one 0 0 0 1 0 0 0 0 1 0 0 0
bit ips, the following pixels experience an avalanche effect Pj =
3
0
, Pj =
4
0 0 0 1 0

0
1 0 0 0 0

[36] with a ipping rate depending on the bit shufing.
Hardware efciency motivates implementation of the static 0 1 0 0 0 0 0 0 0 0 0 1
reversible bit permutations through a simple bit rewiring 0 0 1 0 0 0 1 0 0 0 0 0
which can be re-congured for different designs producing (7c)
completely different outputs. In addition, to reduce the
wiring complexity, permutations are performed on the
nibble level. Each colour component is divided into 4-bits
yielding a total of six parts per pixel and each encryption 3.2 Hardware realisation
stage alternates between four different nibble shufing Cipher and decipher hardware architectures are described in
schemes chaotically. Permutation matrices are described as very-large-scale-integration hardware descriptive language
follows (VHDL) and veried on Xilinx Virtex 4 FPGA. The digital
design consists of pipeline registers, two-input XOR gates,
R1 selection MUXs, in addition to permutation units, shown in
R2
Fig. 4. Each stage contains an MUX selected between four
G1 different permutation schemes randomly through a 2-bit
Ci, j = Pm , j = 1, 2, 3, and m = 1, 2, 3, 4 (6a)
j G2 chaotic signal coming from the chaotic outputs {U, V, W}.

B1 The systems key is 200-bits in width provided by the user
B2 and is divided into 72-bits as IC to the chaotic generator, in
addition to 128-bits as a seed to the LFSR. Table 2
0 0 0 0 0 1 0 1 0 0 0 0 summarises the area results of both architectures, without
0 0 1 0 0 0 0 0 0 1 0 0 accounting for the chaotic generator and the post

processing, achieving frequencies of up to 408 and 440
1 0 0 0 0 0 0 0 1 0 0 0
Pj = MHz for both the cipher and decipher systems, respectively.
, Pj = 1 0 0
1 2

0 0 0 0 1 0 0 0 0 Output signals of the FPGA are shown in Figs. 5af


obtained from the oscilloscope after applying an 8-bit
0 1 0 0 0 0 0 0 0 0 0 1
staircase signal in the RED component with zeros in the
0 0 0 1 0 0 0 0 0 0 1 0 remaining bits as an input test image. The input function
Sin(t) is described in the binary form [using the same
0 1 0 0 0 0 0 0 0 0 0 1
0 0 0 0 1 0 0 0 0 1 0 0
notation as in (3b)] as


0 0 0 0 0 1 0 0 1 0 0 0
P3j = 0 0 1 0 0 0 , P 4
=
1 0 0

{24 b0}, 0 t 50
j
0 0 0








{4 b0100, 20 b0}, 51 t 101
0 0 0 1 0 0 0 1 0 0 0 0 Sin (t) = {4 b1000, 20 b0}, 102 t 152 (8)


1 0 0 0 0 0 0 0 0 0 1 0
{4 b1100, 20 b0}, 153 t 203

(6b) {8 b1, 16 b0}, 204 t 255

where m denotes a permutation scheme. Each permutation where t is an 8-bit counter. Unlike the input signal, the FFT of
matrix has a cyclicity index bigger than three and is not the the ciphered signal is uniformly distributed over the whole
inverse of any of the others. Moreover, the net effect of spectrum with characterisitcs similar to white noise.

36 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343


& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
www.ietdl.org

Fig. 4 Circuit diagram of


a Encryption
b Decryption systems
Decryption implements a reverse functionality of the encryption

Table 2 Experimental results on XC4VSX35-10FF668 FPGA for sequence of permutations at each encryption stage and thus,
the cipher and decipher systems gives a completely different output.
Components utilised Encryption system Decryption system
The chaotic generator utilised has three state registers each
of 24-bit wide. On adding the 128-bit seed of the LFSR, the
slices 164 202 total key space in this system is 2200. Key sensitivity is
slice FF 218 244 visually inspected by examining the wrong decrypted image
four input LUTs 236 249 when altering the systems key as shown in Fig. 7c.
Frequency, MHz 408.5 440.3 Quantitatively, key sensitivity is measured through the
mean-square error (MSE) which assesses the distortion in
the wrong decrypted image compared with the original one
4 Security analysis when the input key to the decryption system is wrong. The
MSE test is described as
The analysis in this section is conducted on a 512 512
coloured Lena.bmp. Experiments are carried out and the
1  M  N  
2
data are analysed using MATLAB. MSE = P i, j D(i, j) (9)
M N i=1 j=1

4.1 Key space analysis


where M and N are the width and height of the image,
The initial states of the generators registers (IC) in addition to respectively, P(i, j) is the original plain image pixel and D
the seed of the LFSR are considered the key of this proposed (i, j) is the corresponding deciphered image pixel. The
cipher. Brute-force attack is dened to systematically check higher MSE value reects the bigger difference between the
all possible keys until the correct one is found [37]. Secure two images indicating higher sensitivity to the systems
encryption requires: (i) large key space to make the key. Fig. 6 depicts the MSE values of the wrong deciphered
brute-force attack inefcient, and (ii) sensitivity to the input image with respect to the number of error bits in the
key in which small changes in the deciphers key lead to decryption key. The values shown in the gure imply that
completely wrong decryption. In the proposed stream the system is highly sensitive to even 1-bit error in the
cipher, both the key provided by the user and the input decryption key and remains at the same sensitivity level
image affects the chaotic output values from the generator with additional erroneous bits. It is also shown that the
as discussed earlier and consequently affects the MSE values of the colour components are ordered
permutation selection at each MUX. As a result, changing irrespective to the number of error bits; green MSE is the
the input key or the input image produces different lowest and blue MSE is the highest. This is a direct result

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 37


doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org

Fig. 5 Experimentally obtained results of


a Input test image (RED component)
b Staircase input signal
c FFT of the input signal
d Output signal from the cipher
e FFT of the ciphered signal
f Output signal from the decipher

from the feedback F2 which creates a relationship between the 2 test is performed on the RGB histograms to analytically
input image and the chaotic generation as explained earlier. examine the quality of the uniform distribution. The test is
Thus, MSE values change with the input image producing a used to determine whether there is a signicant difference
prole for each colour component differing from one image between the expected number of intensity counts for colour
to another. levels and the observed counts in the ciphered image
assuming a uniform distribution [38] and is described as
4.2 Histogram analysis
L
(Oi Ei )2
Image histogram depicts statistical distribution of colour x2 = (10)
Ei
intensities. Secure ciphered images are characterised by at i=1
histograms for all colours in which the intensities are
evenly distributed over the whole colour scale. Visual where Ei is the expected occurrence of each colour level
inspection of the histograms in Fig. 7 conrms the uniform asserted by the null hypothesis, L is the colour level (256)
distribution of the RGB colour components. Furthermore, a and Oi is the observed count of each colour level [0255].

Fig. 6 MSE values with respect to the number of error bits in the decryption

38 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343


& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
www.ietdl.org

Fig. 7 Visual analysis for the encryption quality


a Original image
b Ciphered image
c Wrong deciphered image (1-bit error in the key)
In addition to
df Histograms of the RGB components for the original image and similarly
gi For the ciphered image.

 2
With a signicance level of 0.05, it is found that 1 N
1
N
x2test , x2 (255, 0.05) for the three histograms implying that D(x) = x x (11b)
the null hypothesis is not rejected and the histogram N i=1 i N j=1 j
distributions are uniform.
cov(x, y)
r =  (11c)
D(x) D(y)
4.3 Pixel correlation analysis

High correlation between adjacent pixels in the images


Table 3 Correlation coefficients for the horizontal, vertical and
requires an efcient confusion and diffusion algorithm to diagonal orientations for both original and ciphered images
maintain the correlation as minimally as possible in the
ciphered image. The correlation coefcient between two Axis Original image Ciphered image
adjacent pixels xi and yi can be calculated as [37]
Red Green Blue Red Green Blue
  
1 N
1
N
1 N horiz. 0.9753 0.9748 0.9532 0.001 0.0005 0.0015
cov(x, y) = x x yi y (11a) vert. 0.9871 0.9872 0.9741 0.0016 0.0022 0.004
N i=1 i N j=1 j N j=1 j diag. 0.9634 0.9630 0.9334 0.004 0.0032 0.003

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 39


doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org

Fig. 8 Visual inspection for the horizontal correlation


ac Original image RGB colours, respectively, and similarly
df Ciphered image RGB

where cov (x, y) is the covariance between the two pixels and where P(Si) is the probability of the symbol Si. A source with
N is the total number of pixels selected from the image for the entropy equal to 8 is considered truly random. Table 4 depicts
calculation. Table 3 summarises the auto correlation the entropy values of the ciphered image compared with the
coefcients for horizontal, vertical and diagonal orientations original ones which imply the high randomness levels
of the original and ciphered image and Fig. 8 shows the achieved by the proposed stream cipher.
visual inspection of the horizontal correlation for RGB
components. Furthermore, to measure how different the
ciphered image is from the original, the cross-correlation 4.5 Differential analysis
coefcients are calculated using the same equations in To prevent revelation of any meaningful statistical
(11ac) by considering each pixel value xi from the original relationships between the input and the output, small
image and its corresponding pixel yi from the ciphered one. changes in the original image should result in signicant
Cross-correlation coefcients are found to be 0.0035, changes in the ciphered image. In general, this property is
0.001 and 0.0002 for the RGB colours, respectively. Low directly controlled by the quality of diffusion and confusion
coefcient values imply robust confusion and diffusion adopted in the system. Quantitatively, the sensitivity of the
algorithm implemented in the system to prevent any encryption algorithm to the input is evaluated through two
information leakage regarding pixel correlations. tests [37]. The rst test is the NPCR, which represents the
number of pixels change rate of the ciphered image while
one pixel of the original image has changed. Assume two
4.4 Entropy analysis ciphered images, C1 and C2, whose corresponding original
images have only one pixel difference, the NPCR value is
The entropy is a measure of the predictability of a random
source. The ciphered image data should appear as random
noise to avoid any information leakage. For a binary source Table 4 Entropy results for original and ciphered images for
S producing 28 symbols of equal probabilities each symbol all the colour components
is 8-bits wide and the entropy of this source is dened as [36]
Entropy Original image Ciphered mage

 red 7.2634 7.9994


8
2
green 7.5899 7.9993
Entropy = P(Si ) log2 P(Si ) (12) blue 6.9854 7.9993
i=1

40 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343


& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
www.ietdl.org

SAC, %
Table 5 Differential analysis results for all the colour

49.995
49.989
49.987
49.991
49.984
49.989
49.999
49.987
49.969
49.977
49.999
49.993
49.976
49.994
49.978
49.993
49.978
49.971
components

Colour NPCR, % UACI, %

Max Min Mean Max Min Mean

UACI, %

33.417
33.465
33.457
33.479
33.497
33.571
33.573
33.459
33.519
33.401
33.497
33.506
33.488
33.457
33.426
33.438
33.359
33.379
red 99.743 99.4 99.59 33.839 32.837 33.367
green 99.742 99.425 99.592 33.972 32.936 33.406
blue 99.748 99.442 99.589 33.946 32.905 33.447

NPCR, %

99.594
99.596
99.597
99.594
99.592
99.593
99.594
99.592
99.593
99.599
99.594
99.593
99.595
99.589

99.592
99.589
99.591
99.59
expressed as

0, C1 (i, j) = C2 (i, j)
D(i, j) = (13a)
C1 (i, j) = C2 (i, j)

Ciphered
1,

7.9993
7.9993
7.9993
7.9993
7.9995
7.9994
7.9992
7.9992
7.9992
7.9993
7.9994
7.9993
7.9993
7.9993
7.9994
7.9993
7.9993
7.9993
1  M  N

Entropy
NPCR = D(i, j) (13b)
M N i=1 j=1

Original

6.9481
6.8845
6.1265
7.7067
7.4744
7.7522
6.7178
6.7990
6.2138
7.3124
7.6429
7.2136
7.3388
7.4963
7.0583
The second test is the UACI which represents the unied

0
0
0
average changing intensity measuring the average intensity
difference of two ciphered images, whose corresponding
original image has only one pixel difference as follows
Table 7 Correlation, entropy and differential analysis results for coloured images obtained from USC-SIPI image database
Cross corr.

0.0034
0.0038

0.0027
0.0037
0.0005
0.0039

0.0001

0.0016

0.0017

N 


0.0008

0.0045

0.0008

0.0011

0.0013

0.0018
1  M 
C1 (i, j) C2 (i, j)

0
0
0
UACI = 100
M N i=1 j=1 255
(14)
0.0031
0.0005

0.0019

0.0019
0.0016
0.0013

0.0014

0.0039
0.0005
0.002
0.0038
0.0012

0.0002
0.0013
0.0003

0.0013
0.002

0.004
Diag.

Both tests are conducted 500 times with inputs having only
1-bit change randomly in only pixel with an arbitrary
Ciphered image corr.

location. Table 5 depicts the mean values of the NPCR and


UACI tests for all the colour components. The results
0.0013

0.0006
0.0021
0.0045
0.0008
0.0036

0.0022

0.0001

0.0004
0.002
reect the effect of using the chained confusion algorithm
0.0027
0.0003

0.0005

0.0008

0.0002
0.0008
0.0002

0.0047
Vert.

implemented in the system in which changing 1-bit in the


input affects the chaotic sequence from the generator
resulting in a completely different output.
0.0007

0.0001
0.0005
0.0032
0.0015

0.0011
0.0007

0.0012
0.0004
0.0007
0.0009
0.0007
0.0014
0.0002
0.0024

0.0015
0.0002
0.0003
Horiz.

4.6 Strict avalanche criterion


The strict avalanche criterion (SAC), rst introduced in [36],
examines the bit level difference between the input and the
0.9894
0.9711
0.9649
0.8543
0.7348
0.8399
0.9343
0.9326
0.9146
0.9420
0.9530
0.9530
0.9564
0.9687
0.9478
Diag.

1
1
1

Table 6 NIST SP. 800-22 tests for the original and processed
Original image corr.

chaos output as well as the ciphered image


0.9951
0.9871
0.9789
0.8660
0.7650
0.8809
0.9568
0.9678
0.9353
0.9541
0.9663
0.9694
0.9663
0.9818
0.9664

Test Original Processed Ciphered


Vert.

1
1
1

chaos chaos image

PV PP PV PP PV PP
0.9936
0.9812
0.9826
0.9231
0.8655
0.9073
0.9726
0.9578
0.9640
0.9558
0.9715
0.9710
0.9635
0.9811
0.9665


Horiz.

monobits 0.96 1.00 0.95



1
1
1

block frequency x 0.95 1.00 1.00


cumulative sums x 0.95 1.00 0.95
runs x 0.79 0.99 1.00
longest run x 0.76 0.99 1.00

green

green

green

green

green

green

rank x 0.91 0.98 1.00


blue

blue

blue

blue

blue

blue
red

red

red

red

red

red

FFT x 0.85 1.00 0.95


N. O. template x 0.80 0.99 0.98
O. template x 0.78 1.00 1.00
universal x 0.83 0.99 1.00
Image (file name)

mandrill (4.2.03)

peppers (4.0.07)
airplane (4.0.04)


sailboat (4.2.06)

app. entropy x 0.74 0.99 0.91


splash (4.2.01)

random Exc. 0.97 0.99 0.97


black image

random Exc. Var. 0.99 1.00 1.00


serial x 0.68 0.99 0.95
linear complexity 1.00 0.98 1.00
final result fail pass pass

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 41


doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013
www.ietdl.org
Table 8 Comparison in the security analysis results between the six images. The results imply that the proposed stream
the proposed cipher and other reported software-based chaotic cipher maintains the same high security levels regardless of
systems
the input image.
Analysis Huang Wang Liu and Amin This
[18] et al. Wanga et al. work
[19] [20] [21] 5 Comparison with previous work
horiz. 0.097 0.014 0.0965 0.021 0.002 The security performance of the proposed stream cipher is
corr.
vert. 0.0484 0.009 0.031 0.014 0.0016 evaluated in Table 8 as compared with four recent
corr. chaos-based image encryption systems [1821]. This
diag. 0.07 0.005 0.0362 0.035 0.002 comparison is based on the mean values of the correlation
corr. coefcients, entropy and differential analysis.
entropy 7.9939 7.9845 7.9998 7.9993
NPCR, % 99.31 98.563 99.606 99.61 99.601
Unfortunately, the hardware comparison between the
UACI, % 33.46 33.081 33.393 33.41 33.462 proposed system and the previously reported systems is not
mentioned since they have not been implemented on
hardware. The results reect that the proposed system
outperforms all the others and imply the high level of
output data because of a 1-bit change in the input. Ciphers randomness and robust encryption achieved. In addition to
with good SAC property achieve theoretically 50% bit the security comparison, hardware area efciency and
difference between the input and the output images. The throughput results of the proposed stream cipher are
SAC value for the proposed stream cipher is calculated 500 compared in Table 9 with the standard stream and block
times with only a 1-bit change in the input image resulting cipher systems such as: RC4 used in 802.11 Wi-Fi security
in mean values of 49.995, 49.992 and 49.988% for the protocol, E0 used in Bluetooth protocol, A5/1 used in GSM
RGB colours, respectively. The results conrm the high communications, SNOW 3G used by the 3GPP group as a
sensitivity of the encryption algorithm originating from the mobile cellular standard, in addition to the advanced
dynamic control of the attractor size Dt and the permutation encryption standard (AES) adopted in many applications.
functions used. Since this paper exhibits an FPGA implementation, the gate
count is expressed as 8 (LUT + FF) to facilitate a basic
4.7 Statistical randomness analysis area/throughput comparison between systems. As shown in
Table 9, the proposed system yields the highest area/
The randomness of the CB-PRNG utilised in addition to the throughput ratio compared with all other systems and
ciphered image are assessed using NIST SP. 800-22 therefore achieved the best hardware efciency. Together
statistical test suite [39]. Table 6 shows the NIST results for with the high security accomplished, the proposed stream
the chaotic output before and after post processing as well cipher can be considered a new encryption standard.
as the ciphered image. The results are represented by the
proportion of the passing sequences and the validity of the
P-value (PV) distribution. The results imply that the post 6 Conclusion
processing effectively removed the bias in the original
chaotic stream producing uniformly distributed random bits. This paper presents the rst hardware realisation of the
In addition, the ciphered image is considered as a pseudo chaos-based stream cipher designed for image encryption
random noise source. applications. The encryption system utilises a third-order
jerk chaotic generator with signum non-linearity in addition
4.8 Application to other images and comparison to a dynamically controllable attractor size. To reduce the
bias in the output sequence, a simple post processing
The security of the proposed system is further examined for technique is proposed with a small hardware cost. The
ve standard coloured images obtained from the ciphering algorithm masks and permutes the original pixels
miscellaneous volume of the University of Southern creating a feedback loop between the ciphered image and
California-Signal and Image Processing Institute the chaotic generator to increase the output sensitivity to
(USC-SIPI) image database [40] in addition to a black small changes in the input. The security analysis is
image where the RGB components are all zeros. Table 7 conducted for several images and the results are compared
depicts the correlation and entropy in addition to the mean with previously reported systems which conrm the
values of the differential analysis, and SAC values for all superior performance of the proposed system. Finally, the

Table 9 Comparison in the hardware performance results between the proposed system and other reported non-chaos-based ciphers
System Area (Gc) T.put, Mb/s Efficiency T.put/area Implementation target

Mickey128 [2] 5039 413.2 0.082 ASIC


Trivium [25] 2580 327.9 0.127 ASIC
Moustique [41] 7264 369 0.05 FPGA
Salsa20 [42] 12 126 121 0.009 ASIC
RC4 [22] 10 653 135.52 0.013 FPGA
E0 [23] 1902 93.36 0.049 FPGA
A5/1 [23] 932 90.85 0.097 FPGA
SNOW 3G [24] 25 016 7968 0.318 ASIC
AES [43] 14 322 3709 0.259 FPGA
this work 8968 3682.87 0.411 FPGA

42 IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343


& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586
www.ietdl.org
proposed stream cipher system can be considered as a new 22 Hamalainen, P., Hannikainen, M., Hamalainen, T., Saarinen, J.:
symmetric encryption standard. Hardware implementation of the improved WEP and RC4 encryption
algorithms for wireless terminals. Eur. Signal Proc. Conf., 2000,
pp. 22892292
7 References 23 Batina, L., Lano, J., Mentens, N., rs, S.B., Verbauwhede, B., Preneel,
I.: Energy, performance, area versus security trade-offs for stream
1 Liu, F., Wu, C.-K.: Robust visual cryptography-based watermarking ciphers. State of the Art of Stream Ciphers, Workshop Record,
scheme for multiple cover images and multiple owners, IET Inf. ECRYPT, 2004
Secur., 2011, 5, (2), pp. 121128 24 Kitsos, P., Selimis, G., Koufopavlou, O.: High performance ASIC
2 Ding, Q., Wang, J.N.: Design of frequency-modulated correlation delay implementation of the SNOW 3G stream cipher. Int. Conf. Very
shift keying chaotic communication system, IET Commun., 2011, 5, Large Scale Integration, 2008
(7), pp. 901905 25 Good, T., Benaissa, M.: ASIC hardware performance, in Robshaw, M.,
3 Wagemakers, A., Escribano, F.J., Lpez, L., Sanjun, M.A.F.: Billet, O. (Eds.): New stream cipher designs (Springer, Berlin/
Competitive decoders for turbo-like chaos-based systems, IET Heidelberg, 2008) pp. 267293
Commun., 2012, 6, (10), pp. 12781283 26 Sprott, J.C.: A new class of chaotic circuit, Phys. Lett. A, 2000, 266,
4 Chen, S.-L., Hwang, T., Chang, S.-M., Lin, W.-W.: A fast digital (1), pp. 1923
chaotic generator for secure communication, Int. J. Bifurcation 27 Elwakil, A.S., Salama, K.N., Kennedy, M.P.: A system for chaos
Chaos, 2010, 20, (12), pp. 39693987 generation and its implementation in monolithic form. Int. Symp.
5 Li, C.-Y., Chen, Y.-H., Chang, T.-Y., Deng, L.-Y., To, K.: Period Circuits Syst. (ISCAS), 2000, pp. 217220
extension and randomness enhancement using high-throughput 28 Mansingka, A.S., Radwan, A.G., Zidan, M.A., Salama, K.N.: Analysis
reseeding-mixing PRNG, Trans. Very Large Scale Integr. (VLSI) of bus width and delay on a fully digital signum nonlinearity chaotic
Syst., 2012, 20, (2), pp. 385389 oscillator. Int. Midwest Symp. Circuits Syst. (MWSCAS), 2011,
6 Zidan, M.A., Radwan, A.G., Salama, K.N.: Controllable v-shape pp. 14
multiscroll buttery attractor: system and circuit implementation, 29 Sprott, J.C.: Chaos and time-series analysis (Oxford University Press,
Int. J. Bifurcation Chaos, 2012, 22, (6), pp. 12501431250156 2003)
7 Zidan, M.A., Radwan, A.G., Salama, K.N.: Random number generation 30 Zidan, M.A., Radwan, A.G., Salama, K.N.: The effect of numerical
based on digital differential chaos. Int. Midwest Symp. Circuits Syst. techniques on differential equation based chaotic generators. Int.
(MWSCAS), 2011, pp. 14 Conf. Microelectronics (ICM), 2011, pp. 14
8 Taylor, G., Cox, G.: Digital randomness, IEEE Spectr., 2011, 48, (9), 31 Mansingka, A.S., Radwan, A.G., Salama, K.N.: Design,
pp. 3258. implementation and analysis of fully digital 1-D controllable
9 Li, S., Chen, G., Mou, X.: On the dynamical degradation of piecewise multiscroll chaos. Int. Conf. Microelectronics (ICM), 2011, pp. 15
linear chaotic maps, Int. J. Bifurcation Chaos, 2005, 15, (10), 32 Alfke, P.: Efcient shift registers, LFSR counters, and long pseudo
pp. 31193152 random sequence generators. Xilinx Application Note, 1996
10 Barakat, M.L., Radwan, A.G., Salama, K.N.: Hardware realization of
33 Yalcin, M.E., Suykens, J.A.K., Vandewalle, J.: True random bit
chaos-based block cipher for image encryption. Int. Conf.
generation from a double-scroll attractor, Trans. Circuits Syst. I, Reg.
Microelectronics (ICM), 2011, pp. 15
Pap., 2004, 51, (7), pp. 13951404
11 Kircanski, A., Youssef, A.M.: On the sliding property of SNOW 3 G
34 Davies, R.B.: Exclusive OR (XOR) and Hardware Random Number
and SNOW 2.0, IET Info. Secur., 2011, 5, (4), pp. 199206
Generators. Available at: http://www.robertnz.net/pdf/xor2.pdf,
12 Millrioux, G., Guillot, P.: Self-synchronizing stream ciphers and
February 2002
dynamical systems: state of the art and open issues, Int. J. Bifurcation
35 Kodba, S., Perc, M., Marhl, M.: Detecting chaos from a time series,
Chaos, 2010, 20, (9), pp. 29792991
13 Alvarez, G., Amig, J.M., Arroyo, D., Li, S.: Lessons learnt from the Eur. J. Phys., 2005, 26, (1), pp. 205215
cryptanalysis of chaos-based ciphers, in Kocarev, L., Lian, S. (Eds.): 36 Webster, A., Tavares, S.: On the design of S-boxes, in Williams, H.
Chaos-Based Cryptography (Springer, Berlin/Heidelberg, 2011), (Ed.): Advances in cryptology (Springer, Berlin/Heidelberg, 1986),
vol. 354, pp. 257295 pp. 523534
14 Gao, T., Chen, Z.: Image encryption based on a new total shufing 37 Corrochano, E.B., Mao, Y., Chen, G.: Chaos-based image encryption,
algorithm, Chaos Solitons Fractals, 2008, 38, (1), pp. 213220 in Corrochano, E.B. (Ed.): Handbook of geometric computing
15 Giesl, J., Behal, L., Vlcek, K.: Improving chaos image encryption (Springer, Berlin Heidelberg, 2005), pp. 231265
speed, Int. J. Future Gener. Commun. Netw., 2009, 2, (3), pp. 2336 38 LEcuyer, P., Simard, R.: TestU01: A C library for empirical testing of
16 Ismail, I.A., Ismail, M., Diab, H.: A digital image encryption algorithm random number generators, ACM Trans. Math. Softw., 2007, 33, (4),
based a composition of two chaotic logistic maps, Int. J. Netw. Sec., pp. 2240
2010, 11, (1), pp. 19 39 Rukhin, A., Soto, J., Nechvatal, J., et al.: A statistical test suite for
17 Huang, C.K., Nienb, H.H.: Multi chaotic systems based pixel random and pseudorandom number generators for cryptographic
shufe for image encryption, Opt. Commun., 2009, 282, (11), applications, NIST Special Publication 800-22, 2001
pp. 21232127 40 Weber, A.G.: (1997) The USC-SIPI image database version 5.
18 Huang, X.: Image encryption algorithm using chaotic Chebyshev USC-SIPI Rep. no. 315. Available at: http://www.sipi.usc.edu/services/
generator, Nonlinear Dyn., 2012, 67, (4), pp. 24112417 database/Database.html
19 Wang, X., Wang, X., Zhao, J., Zhang, Z.: Chaotic encryption algorithm 41 Daemen, J., Kitsos, P.: The self-synchronizing stream cipher
based on alternant of stream cipher and block cipher, Nonlinear Dyn., Moustique, in Robshaw, M., Billet, O. (Eds.): New stream cipher
2011, 63, (4), pp. 587597 designs (Springer, Berlin/Heidelberg, 2008), pp. 210223
20 Liu, H., Wanga, X.: Color image encryption based on one-time keys 42 Good, T., Benaissa, M.: Hardware results for selected stream cipher
and robust chaotic maps, Comput. Math. Appl., 2010, 59, (10), candidates. Workshop Record of Stream Ciphers (SASC), 2007,
pp. 33203327 pp. 191204
21 Amin, M., Faragallah, O.S., Abd El-Latif, A.A.: A chaotic block cipher 43 Bouhraoua, A.: Design feasibility study for a 500 Gbits/s advanced
algorithm for image cryptosystems, Commun. Nonlinear Sci. Numer. encryption standard cipher/decipher engine, IET Comput. Digit.
Simul., 2010, 15, (11), pp. 34843497 Tech., 2010, 4, (4), pp. 334348

IET Image Process., 2014, Vol. 8, Iss. 1, pp. 3343 43


doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013