partial image encryption using cellular automata

Partial Image Encryption Using Cellular Automata

Marco Tulio Ramırez Torres1, Marcela Mejıa Carlos2, Jose S. Murguıa Ibarra3, Luis Javier Ontanon Garcıa1

1 Universidad Autonoma de San Luis Potosı, CARAO,Mexico

2 Universidad Autonoma de San Luis Potosı, IICO,Mexico

3 Universidad Autonoma de San Luis Potosı,Facultad de Ciencias,

Mexico

{tulio.torres, marcela.mejia, ondeleto, luis.ontanon}@uaslp.mx

Abstract. In this work is proposed a partial imageencryption method based on the synchronization of thecellular automaton rule 90. The security analysis provesthat this cryptosystem is resistant to different tests andattacks such as the Chosen/Knownplain image attackand bit-replacement. This algorithm is a variant fromanother encryption algorithm named ESCA, in this casewe modified the ESCA system to a partial encryptionversion reducing the latency time up to a 50%. Thisversion has two changes a)it only encrypts the threemost significant bits, and b) the bits of the secret keyare rotated instead of calculating a key for each blockof plaintext. These changes allow to reduce the latencytime and according to the tests do not compromise thesecurity. This proposal could be a feasible and secureoption for real-time applications.

Keywords. Partial encryption, digital images, cellularautomata.

1 Introduction

Nowadays, many of our information is in digitalformats and it is sent through networks or is storedin different devices. And, with technologies asInternet of things our personal data could be moreand more exposed, therefore we need to learnabout internet and its risks [14] and develop newsecurity techniques. For this reason, it exists agreat interest in the protection and manipulation ofthe data.

Due to the great advances in technology,each time is required to have better and moreefficient algorithms for confidential and secure datahandling. This information may vary dependingon the application area and in many cases isnecessary processing it in real time.

For example, pictures, medical images, dia-grams, surveillance video, video conference, etc.could contain confidential information, and if thesedata are transmitted and are not encrypted theconfidentiality of information is exposed in thelinks allowing access to third parties without beingdetected. To overcome the eavesdropping problemseveral encryption systems have been proposed,such as AES (Advanced Encryption Standard),IDEA (International Data Encryption Algorithm),RSA (Rivest, Shamir y Adleman) among others.

These systems are generally used in text andbinary data, but they are not suitable for theencryption of multimedia content as digital imagesand audio files, due to their massive volumes, highadjacent correlation and sometimes the multimediadata require real-time interactions (displaying, bitrate conversion, etc.) [3]. That is why theimage encryption is a particular studying area.The image encryption algorithms should providetwo kinds of security: cryptographic security andperceptual security.

Computación y Sistemas, Vol. 23, No. 4, 2019, pp. 1575–1582doi: 10.13053/CyS-23-4-2929

ISSN 2007-9737

This means that the data can not be recoveredwithout the correct key and also the informationmust be transformed in an unintelligible form. Forexample Fig. 1 shows an image encrypted witha scheme that not provide perceptual security. Itis easy to guess what is the original image, evenwhen we do not know the secret key.

Fig. 1. (a) Original image. (b) Image encrypted inECB mode

Hence, many encryption systems with differentapproaches have been developed for imageencryption area [19, 17, 12]. In some cases,the algorithms provide perceptual security butare vulnerable to cryptanalysis attacks [16, 18,10]. For this reason, it is crucial to validate theproposed algorithms.

On the other hand, it exists different techniquesto try reduce computational cost due to cryp-tographic algorithms. There are proposes ascompression-encryption algorithms [9], techniquesto optimize calculations [6], partial encryptionalgorithms [1], among others. Partial encryptionalgorithms encrypt only a part of the informationand the rest is not modified. This means thatdata blocks are partitioned, one part is encodedand the other keep unchanged and later arecombined together.

The main aim of these algorithms is toincrease the efficiency by reducing the data rateto encrypt. There are different classificationsof these algorithms according to type of data,relation between encryption and compression,encryption operation and others. In this work,we focus on a partial image encryption for rawdata. The encryption system considered in thisimplementation is based on the synchronization ofthe cellular automaton rule 90 [13].

This cryptosystem is named ESCA (for short)and it has been validated and implemented forimage encryption in Ref. [7, 8]. The ESCA systemcan be considered secure for images encryptionbut latency time is too high to incorporate it inreal-time applications. In this work we developedand validated a partial encryption version. Theresults show that this scheme could be an efficientsolution to protect information with a low latency.The structure of this paper is organized as follows.In section 2 are defined one dimension cellularautomata, later in section 3 are described ESCAsystem and its partial version, the results of thesecurity analysis and comparison of latency arediscussed in section 4. Finally, the conclusions aredrawn in section 5.

2 Cellular Automata

The concept of cellular automata (CA) wasintroduced in the 1940’s by the mathematiciansJohn von Neumann and Stanislaw Ulam [15]. CAare used to model complex behavior of naturalsystems, where local interactions are involved.In fact, CA represent a class of dynamicalsystems that enable to describe the evolutionof complex systems with simple rules, withoutusing differential equations. Besides, they can beeasily implemented in hardware. Cellular automataconsist in an organized lattice of cells, whereeach cell has a finite number of states. The CAform a two-dimensional lattice whose cells evolvein discrete steps, according to a local updaterule applied uniformly over all the cells. At thebeginning, a state is assigned to the cells attime t = 0, where the new states of a cell willdepend on its own previous state and states of itsneighborhood, as is shown in Fig. 2.

Fig. 2. Space-time in 1-D CA


Marco Tulio Ramírez Torres, Marcela Mejía Carlos, José S. Murguía Ibarra, Luis Javier Ontañon García1576

ISSN 2007-9737

A local rule is the algorithm to compute the nextstate of a cell, using its neighborhood. Generally,a neighborhood is enunciated by its radius, this isthe range of cells on each side affecting the cell intime t. In Ref. [11], the local rule 90 is describedby the formula ci(t + 1) = ci−1(t) + ci+1(t) mod 2,this means that could be obtained by XOR-ing theextreme cells of the radius-1 neighborhood, andthe cells have only two states 0 and 1. The nameof the rule is obtained from the decimal equivalentof the binary resulting expressions of the 8 possiblecombinations in the neighborhood.

3 Partial Image Encryption

3.1 ESCA Encryption System

In this work is considered the encryption schemeused in [5], where the synchronization phe-nomenon of cellular automata has been appliedto design two families of permutations Ψ andΦ for the encryption and decryption processes,and an asymptotically perfect pseudo-randomnumber generator. This cryptosystem is flexibleand reconfigurable for different bit-lengths. Fig.3 illustrates a general block diagram of theencryption system ESCA.

The ESCA system comprises the sets M , Cand K of binary words, M and C correspondto the plaintexts and ciphertexts respectively, thelength of these words is J = 2j , for j = 1, 2, 3....Also it is possible to concatenate several blocks ofthese lengths.

The set K corresponds to the enciphering keysof length N = 2n−1 for n = 1, 2, 3..., for a completeencryption n > j such that N must be largerthan J . The two indexed families of permutationsΨ = {ψk : k εK} and Φ = {φk : k εK} are calledencryption and decryption functions respectively.Basically, the cryptosystem transforms a plaintextsequence m into a ciphertext sequence c, i.e.for every k εK one has c = ψk(m), whereas todisclose from the sequence of cipher-blocks, oneuses the decryption function m = φk(ψk(m)).Since the complete encryption scheme is a sym-metric algorithm, the encryption and decryptionprocesses use the same enciphering key k.

To calculate the enciphering keys k is necessarya pseudo-random number generator, in Ref.[4] the authors present an ergodic and mixingtransformation of binary sequences in terms ofa cellular automaton, which is the main elementof a pseudo-random number generator (PRNG).The PRNG in its basic form, follows the algorithmshown in Fig. 4. At first, the key generator requirestwo seeds, x = xk+1

0 , of N bits, and y = xk0 ,

of (N + 1) bits, which are the input of functionk = h(x,y).

The seeds are x = {x1,x2,x3, . . . ,xN} andy = {y1, y2, y3, . . . , yN+1}, and the first numbergenerated of N bits is the sequence output offunction h, k = xk+2

0 of N bits. Now this sequenceis feeding back to the input, which becomes thenext value of x, and the previous value of xbecomes the initial bits of the new y, where themissing bit is the least significant bit (LSB) of theprevious y, which becomes the most significant bit(MSB) of this sequence, and the same procedureis iterated repeatedly.

In Ref. [7], was added a pre-processing to makethis scheme resistant to Chosen/Known-plaintextattacks. This function works like a dynamicsubstitution, the process is similar to PRNG, wherethe function m = h(m, z) is used to transform theblocks m into an unintelligible form denominatedm.

Fig. 5 shows a block diagram of this process, theinputs are a block m of J bits and a seed z of J + 1bits. At the output, a block m of J bits is obtained,which will be encrypted later with the permutationΨ, c = ψk(m).

Also in Fig. 5 is shown the feedback, thisis different from the key generation, the next zis obtained from the joint of m and the LSB ofprevious z as the MSB. This change allows toprocess images with a high adjacent correlation.

The encryption of an image with the ESCAsystem proceeds as follows:

1. Load the plain-image I of size V × U .

2. By scanning the image I row by row, arrangeits respective pixels as a sequence or avector, and convert each pixel value to theircorresponding binary value.


Partial Image Encryption Using Cellular Automata 1577

ISSN 2007-9737

Fig. 3. The encryption scheme ESCA with its main components: the indexed families of permutations and thepseudorandom generator keys

Fig. 4. Basic form of the pseudo-random numbergenerator

3. Establish the length of the encryption key, itmust be larger than plaintext bit-length.

4. Compute the modified plaintext sequence musing the pre-processing function.

5. Encrypt each modified block, c = ψk(m) witha different k each one.

6. By reshaping the set of ciphered sequences ofthe previous step into an V × U image, obtainthe ciphered image.

Fig. 6 illustrates preprocessed and encryptedimages, using the ESCA system.

Fig. 5. Pre-processing to obtain m

Fig. 6. a) Original image, b) preprocessing image and c)encrypted image.

3.2 Partial Encryption Version

For the ESCA system we developed a partialencryption version for images, due to high latencythat it presents in the complete encryption version.This version focus on two aspects: first, thepre-processing function makes the ESCA systemresistant to Chosen-plain Image Attack, but the



ISSN 2007-9737

initial condition is too short against brute forceattacks. And second, the process with the highestlatency is the PRNG, hence, a way to reduceprocessing time could be encrypt only certainbit-plains, therefore, the secret keys use only a fewbits and could be reused several times, giving arotation to its bits.

The perceptual security is not endangeredbecause the pre-processing function output is amixed image with an uniform histogram (as we willsee in section 3). Therefore, in this investigationwe encrypt 8-bit grayscale images using secretkeys of 31 bits. Each pixel coefficient conformsa block m, that is a boolean vector of 8 bits,m = {m1,m2,m3, . . . ,m8}. From each block ma block m is calculated using the preprocessingfunction m = h(m, z), and also is a vector of 8bits, m = {m1, m2, m3, . . . , m8}. Finally, the secretkey k of 31 bits, k = {k1, k2, k3, . . . , k31}, is usedto encrypt the block m to obtain the correspondingblock c, in the full encryption version this processis described by the next enciphering equations:

c1 = m1 ⊕ k1 ⊕ k17 ⊕ k25 ⊕ k29 ⊕ k31;c2 = m2 ⊕ k2 ⊕ k18 ⊕ k26 ⊕ k30;c3 = m1 ⊕ m3 ⊕ k3 ⊕ k19 ⊕ k27 ⊕ k31;c4 = m4 ⊕ k4 ⊕ k20 ⊕ k28;c5 = m3 ⊕ m5 ⊕ k5 ⊕ k21 ⊕ k29;c6 = m2 ⊕ m6 ⊕ k6 ⊕ k22 ⊕ k30 :c7 = m1 ⊕ m3 ⊕ m5 ⊕ m7 ⊕ k7 ⊕ k23 ⊕ k31;c8 = m8 ⊕ k8 ⊕ k24;

(1)

where ci, mi and ki, with i = 1, 2, ..., 31, correspondto the i bit of the ciphertext, modified plaintextand secret key, respectively. Hence, this partialencryption is obtained encrypting the three mostsignificant bits of the modified plaintext m6, m7

and m8. The secret keys that we considerare at least 31 bits length, where the initialcondition could be of 136 bits [8]. If the systemencrypts the three most significant bits of themodified plaintext to obtain c6, c7 and c8, onlyeight specific bits are required from the secretkey: k6, k7, k8, k22, k23, k24, k30 and k31, as is shwonin eqs. 1.

Looking this aspect, the bits of secret key arerotated one position and the LSB become the MSB,and it is used again when another block of plaintextis encrypted, the enciphering equations use eight

different bits of the same secret key. This processis repeated 14 times for each key. Fig. 7 showshow we rotate the bits of the secret key.

Fig. 7. Bit rotation of secret key

Finally, with this version the encryption systemcalculate only one secret key for 14 m blocks, andreduce the enciphering equations from 8 to 3. Inthe next section is shown the security analysis anda comparison of the latency time using the partialencryption version.

4 Results

4.1 Security Analysis

To measure the quality and the robustness ofthe partial encryption ESCA system, it hasbeen evaluated with some common statisticaltests and attacks. This is done by testingthe distribution of pixels of the ciphered-images,studying the correlation between the plain andciphered images, the chosen-plain image attack,and bit-replacement attack.

4.1.1 Histogram Analysis

An image histogram shows how pixels in an imageare distributed by plotting the number of pixelsat each color intensity level. If the histogram ofan encrypted image (or ciphered-image) has anuniform distribution, then the cipher is able to hidethe redundancy of original image. We calculatethe histograms for three different 256 gray-levelimages, the Lena, peppers and mandrill images.All of them have dimensions of 512 × 512 pixels,and we consider these images because they arewidely used as standard test images in the fieldof image processing. The histograms for the



ISSN 2007-9737

grayscale Lena test image (plain-image) and itsencrypted version are shown in Fig. 8, one cansee that the histogram of the ciphered images isuniformly distributed and significantly different fromthe respective histograms of the plain-images.

Fig. 8. Histogram analysis for the gray-scale Lenatest image. Top row: (a) The plain-image, (b) thepreprocessed-image and (c)the ciphered-image. Bottomrow: (d) The histogram of (a), (e) the histogram of (b)and (f) the histogram of (c)

4.1.2 Correlation

To show that the ciphered-image is independentfrom the plain-image, we calculate the correlationcoefficient between both images. If the coefficientis close to 0, it suggests that there is no linearcorrelation or a weak linear correlation. Thecorrelation coefficients for the three grayscale testimages are showing in the Table 1, as we can seethere is no correlation between the original imageand encrypted image.

Table 1. Correlation coefficient between plain-imagesand their corresponding recovered images

Images Correlation coefficient

Lena 0.0037

Peppers 0.0031

Mandrill 0.0004

4.1.3 Chosen-Plain Image Attack

Although the ESCA system seems to be secureagainst the previous statistical attacks, we analyse

it with the Chosen-plain Image Attack (CPIA). Asis pointed out in Ref. [2], if the cryptosystem issecure against the chosen-plain image attack, itis also secure against other cryptanalytic attackssuch as cipher image only attack or known-plainimage attack. In this case, the attacker isable to choose the plain images and obtain thecorresponding encrypted images, but does notknow the decryption key. We perform this attack asfollows: (a) We look for a mask image IM , whichis obtained by applying the bitwise XOR operationto the chosen plain-image with its correspondingciphered image pixel by pixel.

A ”good” mask can be obtained if the pixels ofthe chosen plain-image m are all fixed to be thesame gray value, e.g. m = (0, 0, ..., 0, 0). (b)Once the mask image IM is obtained, we chooseanother image IO and get the correspondingciphered image IC . (c) Next, we try to recoverthe plain-image IO by XOR-ing the mask imageIM and the cipher image IC pixel by pixel. Incase that the obtained image in step (c) conveyssignificant information of the image IO, thusthe encryption system is insecure, otherwise theproposed encryption scheme resist the attack. InFig. 9 is shown an example of this attack.

Fig. 9. Top row: (a) The plain-image. (b) The partialencrypted image of (a). (c) The second chosen image.Bottom row: (d) The mask image of (c). (e) Therecovered image

The grayscale Lena is the plain-image IO (Fig.9(a)), and its respective ciphered version is shownin Fig. 9(b). The chosen-image used was an imagewith pixels of value zero, m = (0, 0, ..., 0, 0), seeFig. 9(c), and the mask image IM is illustrated



ISSN 2007-9737

in Fig. 9(d). The recovered plain-image is shownin Fig. 9(e), and a visual inspection reveals theeffectiveness of our proposed encryption scheme.Similar results were obtained for the test imagesconsidered in this work. Also we calculatedthe correlation coefficient between the recoveredimage and the original image, to ensure that theyare independent of each other. The results arein Table 2.



Lena 0.0031

Peppers 0.0004

Mandrill 0.0016

4.1.4 Bit-Replacement

This attack is for partial encryption algorithms,it tries to recover the original image replacingthe encrypted bits by a constant, usually zero.The luminance is compensated adding constantsdepending the number of bits and their position.Fig. 10 shows the results of this attack replacingthe three encrypted bits, and the Table 3 showstheir corresponding correlation coefficient for thethree images under this attack.

Fig. 10. (a) Original image. (b) Encrypted image. (c)Recovered image

4.2 Comparative Analysis

Once that the security of this scheme wasguaranteed, we calculated the execution time ofthe complete and partial versions to make acomparative. The Table 4 shows the results ofencrypt an image of 128× 128 pixels.



Lena 0.0011

Peppers 0.0021

Mandrill 0.0017

As the images have the same resolution theresult is the same for the three test images.The computer used in this test has a quad-coreprocessor and 8 GB of RAM.


Algorithm Execution time (ms)

Complete encryption 31

Partial encryption 15

As we can see, the latency is reduced more thanhalf. And this time is adequate to real-time video,with 30 frames per second.

5 Conclusion and Future Work

In this work we can confirm that this partial versioncould be a secure option to encrypt images. Thelatency time was reduced, and in a low resolutioncould be an option to real-time applications.

In future work, we will try to combine thispartial encryption system with a compressionscheme to get better results and applications.The compression procedure that is considered isbased on an energy criterion of the Haar waveletcoefficients, because it has a low degradation anda simple implementation. Currently, the patent ofESCA system is pending, this variation also couldbe patented as an improvement.

Acknowledgements

This work has been done with financial supportthrough project PRODEP DSA/103.5/16/10419and UASLP.



ISSN 2007-9737

References

1. Belazi, A., El-Latif, A. A. A., Diaconu, A.-V.,Rhouma, R., & Belghith, S. (2017). Chaos-basedpartial image encryption scheme based on linearfractional and lifting wavelet transforms. Optics andLasers in Engineering, Vol. 88, pp. 37–50.

2. del Rey, A., Sanchez, G., & De La Villa Cuenca,A. (2012). Encrypting digital images using cellularautomata. Hybrid Artificial Intelligent Systems,pp. 78–88.

3. Lian, S. (2008). Multimedia content encryption:techniques and applications. CRC press.

4. Mejıa, M. & Urıas, J. (2001). An asymptoticallyperfect pseudorandom generator. Discrete andContinuous Dynamical Sys, Vol. 7, pp. 115–126.

5. Murguıa, J., Flores-Erana, G., Carlos, M. M., &Rosu, H. (2012). Matrix approach of an encryptionsystem based on cellular automata and its numericalimplementation. International Journal of ModernPhysics C, Vol. 23, No. 11, pp. 1250078.

6. Olguin Carbajal, M., Herrera-Lozada, J. C.,Rivera-Zarate, I., Serrano-Talamantes, J. F.,Cadena-Martınez, R., & Vasquez-Gomez, J. I.(2018). Minimum addition chains generation usingevolutionary strategies. Computacion y Sistemas,Vol. 22, No. 4.

7. Ramırez-Torres, M., Murguıa, J., & Carlos, M. M.(2014). Image encryption with an improved cryp-tosystem based on a matrix approach. InternationalJournal of Modern Physics C, Vol. 25, No. 10,pp. 1450054.

8. Ramırez-Torres, M., Murguıa, J., & Mejıa-Carlos,M. (2014). Fpga implementation of a reconfigurableimage encryption system. ReConFigurable Com-puting and FPGAs (ReConFig), 2014 InternationalConference on, IEEE, pp. 1–4.

9. Ramırez-Torres, M., Murguıa, J., Mejıa-Carlos,M., & Aboytes-Gonzalez, J. (2015). A securecompression scheme for real-time applicationsusing 2d-wt and cellular automata. Research inComputing Science, Vol. 104, pp. 103–114.

10. Rhouma, R. & Belghith, S. (2008). Cryptanalysis ofa spatiotemporal chaotic image/video cryptosystem.Physics Letters A, Vol. 372, No. 36, pp. 5790–5794.

11. Schiff, J. L. (2011). Cellular automata: a discreteview of the world, volume 45. John Wiley & Sons.

12. Suresh, V. & Madhavan, C. V. (2012). Image en-cryption with space-filling curves. Defence ScienceJournal, Vol. 62, No. 1, pp. 46–50.

13. Urıas, J., Salazar, G., & Ugalde, E. (1998).Synchronization of cellular automaton pairs. Chaos:An Interdisciplinary Journal of Nonlinear Science,Vol. 8, No. 4, pp. 814–818.

14. Vallejo, M. G., Munoz, G. E., & Hernando Ros-ales, J. (2018). Kids and parents privacy exposurein the internet of things: How to protect personalinformation? Computacion y Sistemas, Vol. 22,No. 4.

15. Von Neumann, J. & Burks, A. W. (1996). Theoryof self-reproducing automata. University of IllinoisPress Urbana.

16. Wang, H., Xiao, D., Chen, X., & Huang, H.(2018). Cryptanalysis and enhancements of imageencryption using combination of the 1d chaotic map.Signal Processing, Vol. 144, pp. 444–452.

17. Wang, X., Qin, X., & Liu, C. (2018). Colorimage encryption algorithm based on customizedglobally coupled map lattices. Multimedia Tools andApplications, pp. 1–19.

18. Wu, J., Liao, X., & Yang, B. (2018). Cryptanalysisand enhancements of image encryption based onthree-dimensional bit matrix permutation. SignalProcessing, Vol. 142, pp. 292–300.

19. Yu, C., Li, J., Li, X., Ren, X., & Gupta,B. (2018). Four-image encryption scheme basedon quaternion fresnel transform, chaos andcomputer generated hologram. Multimedia Toolsand Applications, Vol. 77, No. 4, pp. 4585–4608.

Article received on 05/04/2018; accepted on 04/01/2019.Corresponding author is Marco Tulio Ramırez Torres.



ISSN 2007-9737

partial image encryption using cellular automata

Documents