Novel Permutation-Diffusion Image Encryption Algorithm With Chaotic Dynamic S-Box and DNA Sequence Operation17

Novel permutation-diffusion image encryption algorithm with chaotic dynamic S-box
and DNA sequence operation

Ye Tian, and Zhimao Lu
Citation: AIP Advances 7, 085008 (2017); doi: 10.1063/1.4994860

View online: http://dx.doi.org/10.1063/1.4994860
View Table of Contents: http://aip.scitation.org/toc/adv/7/8
Published by the American Institute of Physics
AIP ADVANCES 7, 085008 (2017)
Novel permutation-diffusion image encryption algorithm

with chaotic dynamic S-box and DNA sequence operation
Ye Tian1,2,a and Zhimao Lu1,3
1 College of Information and Communication Engineering, Harbin Engineering University,
Harbin 150001, China
2 Key Laboratory of Photonic and Electronic Bandgap Materials, Ministry of Education, School
of Physics and Electronic Engineering, Harbin Normal University, Harbin 150025, China
3 Faculty of Electronic Information and Electrical Engineering, Dalian University of Technology,
Dalian 116024, China

(Received 7 July 2017; accepted 8 August 2017; published online 16 August 2017)
The development of the computer network makes image files transportation via net-
work become more and more convenient. This paper is concerned with the image
encryption algorithm design based on the chaotic S-box mechanism. This paper pro-
poses an Image Encryption algorithm involving both chaotic dynamic S-boxes and
DNA sequence operation(IESDNA). The contribution of this paper is three folded:
Firstly, we design an external 256-bit key to get large key space; secondly, we design
a chaotic system to scramble image pixels; thirdly, DNA sequence operations are
adopted to diffuse the scrambled image pixels. Experimental results show that our pro-
posed image encryption algorithm can meet multiple cryptographic criteria and obtain
good image encryption effect. © 2017 Author(s). All article content, except where
otherwise noted, is licensed under a Creative Commons Attribution (CC BY) license
(http://creativecommons.org/licenses/by/4.0/). [http://dx.doi.org/10.1063/1.4994860]
I. INTRODUCTION
The fast development of network and computer technologies has significantly changed people’s
communications. Transmission over the Internet for image information has become more and more
frequent. The security of the transmitted image information, however, has a serious threat because of
the sharing and openness of the networks.1 Therefore, people are increasingly paying more attention
to the confidentiality and security of image information transmission. Some chaotic systems have
been proven to be insecure.2 Therefore, it is necessary to research new technologies to further improve
the security of image encryption.
In the block cipher system, the construction of the substitution box (S-box) is a crucial point
because it is an essential part of the block cipher system.3 Furthermore, the performance of S-box
directly affects the passwords security system. Mathematically, a n × n size of S-box is a non-linear
mapping S: {0, 1}n → {0, 1}n , here {0, 1}n represents the vector spaces of n elements from GF(2)
where GF represents Galois field. Many algorithms have been proposed to construct S-boxes using
different chaotic systems in recent years.4–9 Moreover, the application of S-boxes is becoming more
and more widespread in image encryption, and its main function is pixel substitution in images.10–14
However, some S-box-only ciphers are vulnerable to chosen plaintext attacks15 and Zhang and Xiao
presented a successful cryptanalysis of this algorithm.16
Recently, lots of good characteristics of DNA computing, such as massive parallelism, huge
storage and ultra-low power consumption have been infiltrated into the field of cryptography.17,18
Therefore, DNA cryptography is a new cryptographic resolution. In these DNA-based cryptosystems,
DNA is used as the information carrier, and the DNA sequence operations and complementary rules
are used to encrypt images.19 Liu et al. proposed a novel confusion and diffusion image encryption
a
Corresponding author: hsdtianye@126.com
2158-3226/2017/7(8)/085008/22 7, 085008-1 © Author(s) 2017

085008-2 Y. Tian and Z. Lu AIP Advances 7, 085008 (2017)
algorithm that combined DNA coding and chaotic maps. They used the DNA coding scheme to
encode each pixel of the original image to four nucleotides and applied the complementary rule to
transform each nucleotide into their base pair for different times generated by Chebyshev chaotic
maps.20 SaberiKamarposhti et al. proposed a hybrid method by using DNA sequences and logistic
map for image encryptions.21 Xue et al. proposed a chaotic image encryption algorithm based on
DNA encoding rules. They firstly used a DNA encoding rule to map the original image into DNA
sequence and then encrypted the DNA sequence by utilizing chaotic systems.22 In addition, Zhang et
al. presented a DNA computing addition operation based chaotic image encryption algorithm. By the
rules of DNA coding, the algorithm converted the image information and the chaotic cipher stream
into DNA sequence.23 Zhang et al. proposed a novel image encryption algorithm by combining 1D
and 2D Logistic maps and DNA addition operation.24 Recently, a new image encryption method
based on linear nonlinear coupled map lattices is proposed. The strategy of DNA computing and
one-time-pad policy was used to generate an image encryption algorithm.25 Chai et al. present a
novel image encryption scheme combining DNA sequence operations, chaotic system and SHA 256
hash.26 In this paper, we aim at acquiring high security using DNA sequence operation to modify the
results obtained in the permutation stage.
The contributions of this work are the following:
1) We design an external 256-bit secret key to get large key space, and this key and a plaintext
are applied to initialize the new chaotic map (NC map) and the cubic map and tent map (C-T
cascade map).
2) We employ a mechanism of image block encryption through which the high correlation among
image pixels is preliminarily reduced.
3) We adopt a scheme of image permutation-diffusion encryption. The permutation process con-
cludes two parts: main permutation stage that calls the NC map and S-boxes to shuffle image
pixels; complementary permutation stage that makes IESDNA can resist differential attack
using an improved generalized two-dimensional Arnold transformation to scramble a sequence
generated by the C-T cascade map. In the diffusion process, a DNA sequence operation is
employed to change the permutated results instead of directly implementing image encryption
by overlaying a chaotic sequence produced by various chaotic maps and image pixel values.
4) We propose to use C-T cascade map rather than the random way to select DNA encoding rules
for coding the permutated results. The rest of the paper is organized as follows. In Section 2,
the system overview is introduced. Section 3 gives the related work. S-box construction and
evaluation criteria are depicted in Section 4, and the proposed image encryption scheme is
presented in Section 5. Section 6 presents the evaluation results, and Section 7 draws some
conclusions.
II. SYSTEM OVERVIEW

We give an overview of our IESDNA framework in this section. The image encryption process of
IESDNA is divided into two stages: permutation stage and diffusion stage. The goal of the permutation
stage is to smash the high correlation among image pixels; the diffusion stage is designed to eliminate
a threat that the permutation stage is vulnerable to the statistical analysis. First, this method designs
an additional 256-bit key to produce the initial values and control parameters of the chaotic systems.
Second, it adopts an existing NC map to scramble the input image and split the scrambled image
into several blocks. Third, it generates a dynamic S-box using the C-T cascade map and reversible
two-dimensional map of structure-triangle to encrypt each image block and encodes the block with
the DNA coding strategy. Fourth, it uses the C-T cascade map to yield a data matrix that has the
same size as an image block and uses the improved generalized two-dimensional Arnold transform
to scramble the data matrix. Fifth, it utilizes the C-T cascade map to generate five random sequences
and adopts the DNA coding rules selected by the first three sequences to perform DNA decoding on
the DNA encoded image block, data matrix, and the scrambled data matrix respectively. Sixth, the
DNA coding rules selected by the remaining two random sequences are exploited to execute DNA
operation on the DNA encoded image block, data matrix, and the scrambled data matrix. Seventh, it
performs the DNA decoding operation on the encrypted block and assembles image blocks into the
FIG. 1. Encryption framework of the IESDNA.
cipher image according to the corresponding positions of the plaintext image blocks. In summary,
Figure 1 depicts the encryption framework of the proposed IESDNA.
III. RELATED WORKS

A. NC map
We can define a NC map as27
xn+1 = µ × (xn4 − xn2 ) + 1 (1)
where, x n ∈[0,1], system parameter µ ∈ [0,8]. When µ ∈ (3.064, 8], the NC map exhibits chaotic
characteristic. The attractor,28 bifurcation diagram and Lyapunov exponent,29 and Lyapunov dimen-
sion30,31 of the NC map are shown in Figure 2. Table I shows the complexity comparison of two
chaotic maps.
Lyapunov index is important for measuring the chaos degree that can be used to identify the
characteristics of system motion. For a chaotic system, it has at least one positive Lyapunov exponent
that results in the chaotic characteristic. The larger the Lyapunov exponent, the stronger the chaos.29
Figure 2(b) shows a bifurcation diagram of both NC map and Logistic map. In this figure, a NC
map shows chaos in intervals [3.064, 3.528], [3.586, 4.980], [5.103, 6.750] and [7.182, 8.000]. A
Logistic map shows chaos in interval [3.570, 4]. Therefore, the dynamic characteristic of a NC map
is significantly improved. In addition, Figure 2(c) shows that the Lyapunov exponent of a NC map
is much larger than that of a Logistic map. Specifically, the maximum Lyapunov exponents of a NC
map and a Logistic map are 0.9696 and 0.6724 respectively.
Compared with a Logistic map, a NC map has a large chaotic map parameter range and a larger
key space. Furthermore, the Lyapunov exponent of a NC map in chaotic region is larger than that of
a Logistic map, which improves dynamic characteristics of a chaotic map significantly.
B. C-T cascade map

C-T cascade map is the cascade of an improved Cubic map and a Tent map, which can be defined
as the following.32
wn+1 = 1 − a wn3 /0.52 − 3wn − 1/a (2)
where a ∈[0, 2] and wn ∈[0, 1] are the initial conditions of the cascade system. Figure 3 shows the
bifurcation diagram and Lyapunov exponent of this system. Table II shows the complexity comparison
of two chaotic maps.
In Figure 3, a C-T map shows chaos in intervals [0.768, 1.472] and [1.655, 2.000]. A Tent map
shows chaos in interval [1.002, 2.000]. Thus, the dynamic characteristic of a C-T map is significantly
improved. Moreover, Figure 3(b) shows that the Lyapunov exponent of a C-T map is much larger
than that of both Cubic map and Tent map. Specifically, the maximum Lyapunov exponents of a C-T
map, Tent map and Cubic map are 1.0869, 0.4852 and 0.7700 respectively.
FIG. 2. The attractor, bifurcation diagram and Lyapunov exponent of a NC map. (a) Attractor; (b) Bifurcation diagram;
(c) Lyapunov exponents.
TABLE I. Chaotic map complexity analysis.
Logistic map NC map
Parameters 3.570 4.000 3.064 8.000

Measurement\comments Start of chaos End of chaos Start of chaos End of chaos
Lyapunov exponent 0.0105 0.6724 0.0163 0.9696
Lyapunov dimension30,31 N\a N\a N\a N\a
FIG. 3. Bifurcation diagram and Lyapunov exponent of a C-T cascade map. (a) Bifurcation diagram; (b) Lyapunov exponents.
TABLE II. Chaotic map complexity analysis.
Tent map Cubic map C-T cascade map
Parameters 1.002 2.000 2.410 3.000 0.768 2.000

Measurement\comments Start of chaos End of chaos Start of chaos End of chaos Start of chaos End of chaos
Lyapunov exponent 0.0014 0.4852 0.2767 0.7700 0.0397 1.0504
Lyapunov dimension N\a N\a N\a N\a N\a N\a
Since the cascade of a Cubic map and a Tent map expands the parameter ranges of that of the
Cubic and Tent maps, it achieves a larger key space (Initial values and system parameters as the
key); thus, the difficulty of decipher is enhanced, and the system safety is improved. Moreover, the
Lyapunov exponent of the C-T cascade system is greater than the Cubic and Tent map systems in the
chaotic region. The increase of the Lyapunov exponent will enhance the initial sensitivity of a system
so that the system dynamic property is essentially improved.
C. Reversible two-dimensional map (RTD map)

Assume there is a rectangular image of size M × N. We firstly change it to an isosceles triangle
image (the number of pixels per line of isosceles triangle is in the order of 1, 2, 3, ...) and then use
the difference in the number of pixels among the lines of the triangle to insert the odd-numbered line
pixels into the even-number line pixels. Through this process, the triangle is stretched to a straight
line of length MN. Finally, we fold this straight line into an image of scale M × N according to the
characters of the original image.33 Figures 4, 5 show this process.
Assume A (i, j), i = 0, 1, 2, . . . , N 1, j = 0, 1, 2,. . . , M 1 is an arbitrary pixel in an image, and
L(i), i, j = 0, 1, . . . , MN -1 is a row vector obtained by stretching the triangle.
Next, we discuss how to calculate the line number of the point A (i, j) in the triangle.
k(k − 1) k(k + 1)
<i×N +j≤ (3)
2 2
In the left map algorithm, when k is odd, we take this form,
k(k − 1)
L[2(i × N + j) + 1 − ] = A(i, j) (4)
2
when k is even, we take another form,
(k + 2)(k − 1)
L[2(i × N + j) − ] = A(i, j) (5)
2
In the right map algorithm, when k is odd, we have,
k(k − 1)
L[2(i × N + j) + 1 − ] = A(i, M − i − j) (6)
2
when k is even, we have,
FIG. 4. A 6×6 image.

FIG. 5. Process of Line maps. (a) Left line map; (b) Right line map.
(k + 2)(k − 1)
L[2(i × N + j) − ] = A(i, M − i − j) (7)
2
For the folding algorithm, we can write,
B(i, j) = L[i × M + j] (8)
D. Improved generalized two-dimensional Arnold transformation (IGTDAT)

Generalized two-dimensional Arnold transformation is a one-to-one map of two-dimensional
area preserving.34 Since it transforms an arbitrary point to another one in a unit matrix, and is a
reversible map without any attractor, it is suitable for image scrambling.
Generalized two-dimensional Arnold transformation can be shown as follows,
x ab x
* n+1 + = * + * n + mod N (9)
, yn+1 - , c d - , yn -
where a,b,c,d are positive integers, and gcd(ad -bc, N) = 1.
We transfer Eq. (9) to an equation set.
xn+1 = (axn + byn ) mod N
(10)
yn+1 = (cxn + dyn ) mod N
where a,b,c,d are positive integers, and gcd(ad -bc, N) =1.
For a generalized two-dimensional Arnold transformation, we should modify Eq. (10) as
Eq. (11),35
xn+1 = (axn + byn ) mod N
(11)
yn+1 = (cxn + dyn + ef (xn+1 )) mod N
where a,b,c,d,e are positive integers, and gcd(ad -bc, N) =1.
Its inverse transformation can take this form,

xn+1 b
xn = ([ad − bc]−1
N
) mod N
yn+1 − ef (xn+1 ) d
a (12)
xn+1
yn = ([ad − bc]−1
N
) mod N
c yn+1 − ef (xn+1 )
where a,b,c,d,e are positive integers, and gcd(ad -bc, N) =1.
Thus, we can modify Eq. (11) as Eq. (13),
xn+1 = (xn + hyn ) mod N
(13)
yn+1 = (gxn + (hg + 1)yn + ef (xn+1 )) mod N
where, f (sn+1 ) that can take the form, f (xn+1 ) = (xn+1 )r + d, is a nonlinear function of a variate sn+1 .
Its inverse transformation expression can be written as,
xn+1 h
xn = ( ) mod N
yn+1 − ef (xn+1 ) hg − 1
(14)
1 xn+1
yn = ( ) mod N
g yn+1 − ef (xn+1 )
where e, f,g are positive integers, and f (sn+1 ), f (xn+1 ) = (xn+1 )r + d, is a nonlinear function of a variate
sn+1 .
After an operation of zero vector scrambling, since the generalized two-dimensional Arnold
transform has not a little change, it is vulnerable to security attacks. However, when introducing the
nonlinearity variable into the generalized two-dimensional Arnold transform, i.e., add a nonlinearity
term into Eq. (13), it is no longer a quasi-affine transformation and has not the traditional linear
cryptographic property. As a result, it can resist differential attacks to some extent. When we apply
an improved generalized two-dimensional Arnold transform to image scrambling, its scrambling
cycle significantly grows because the scrambled image exists obvious texture feature.
E. DNA rules
DNA is the main chemical ingredient of chromosomes. A DNA sequence has four kinds of
nucleic acid bases: A (Adenine), T (Thymine), G (Guanine), C (Cytosine), where, A and T are
complementary, G and C are complementary. If using the binary sequence 00, 0l, 10 and 11 to encode
four bases, we will obtain a total of 24 kinds of coding schemes; however, only eight kinds of encoding
schemes shown in Table III are in line with the Watson-Crick Complementary rules.36
1. DNA addition and subtraction rule
As there are eight kinds of encoding schemes, we can write eight kinds of DNA addition and
subtraction rules. Tables IV and V show the DNA addition and subtraction rules of the 1-st scheme.
Note: Other schemes can also be selected.
2. DNA XOR rule
XOR operation of the DNA sequence originates from the binary XOR operation. As there are
eight kinds of DNA encoding schemes, there are eight kinds of DNA XOR logic-operation rules.
Table VI gives the DNA XOR rule of the 1-st scheme.
TABLE III. DNA encoding rule.
Rule 1 2 3 4 5 6 7 8
00 A A T T G G C C
01 G C G C A T A T
10 C G C G T A T A
11 T T A A C C G G
TABLE IV. DNA addition rule of 1-st scheme.
Addition A G C T
A A G C T
G G C T A
C C T A G
T T A G C
TABLE V. DNA subtraction rule of 1-st scheme.
Subtraction A G C T
A A T C G
G G A T C
C C G A T
T T C G A
TABLE VI. DNA XOR rule of 1-st scheme.
XOR A G C T
A A G C T
G G A T C
C C T A G
T T C G A
For example, if the gray value of the first pixel of an image is 76, the binary number of which is
[01001100], the corresponding DNA sequence is [CATA] using the 1-st DNA encoding rule. Likewise,
the gray value of the second pixel of the image is 168, the binary number of which is [10101000],
the DNA coding criterion 1 to obtain DNA sequence is [CCCA] using the 1-st DNA encoding rule.
Thus, a new sequence [TCGA] can be obtained by performing [CATA] XOR [CCCA] according to
Table VI.
IV. S-BOX CONSTRUCTION AND EVALUATION CRITERIA

In this section, the S-box construction steps are summarized. To obtain the S-box with desired
cryptography properties, many evaluating criteria such as Bijectivity, Non-linearity, SAC, BIC, DP,
and LP, have been designed. We will also use these criteria to test the performance of the proposed
S-box in this paper.
A. S-box construction
Step 1: Define an integer array (denoted by S) of length 256.
Step 2: Substitute an initial value s0 into Eq. (2) to iterate 500 times, and begin to record from
the 501-th value, denote the obtained real value sequences by si ,i = 1,2,· · · .
Step 3: Substituted si into Eq. (15) to gain an integer Qi ranging of [0,255],
Qi = mod( floor(si × 103 , 256)) (15)
Step 4: If Qi has appeared in the array S, abandon it; otherwise, deposit it into S, when the array
is filled in, the S-box is generated.
Step 5: Arrange the integer sequence S in a 16 ×16 table to construct an initial prototype S-box.
Step 6: Call the above reversible two-dimensional map of the triangle (see Figure 5), perform p
times left map and q times right map on the prototype S-box to obtain p ×q lines, finally, fold these
results to generate p ×q S-boxes of scale 8 ×8.
B. S-box evaluation criteria

1. Bijectivity
Adamas et al. pointed out that if the linear sum of the Boolean function f i of each compo-
nent of the designed n × n S-box was 2n−1 , f was then a biject, specifically, the expression is the
following,37
Xn
wt( ai fi ) = 2n−1 (16)
i=1
here, ai ∈{0,1}, (a1 , a2 , ..., an ) , (0, 0, ..., 0), wt() denotes the Hamming weight.
In fact, a reversible S-box is usually required, especially in a replacement network, the S-box
must be bijective.
2. Nonlinearity
Definition 1. Assume f (x): F2n → F2 is an n Boolean function, the nonlinearity of f (x) can take
the form,
Nf = min dH (f , l) (17)
l ∈Ln
where Ln is the set of all linear and affine functions, dH (f , l) is the Hamming distance between f
and l.
The nonlinearity denoted by the Walsh spectrum can take the form,
Nf = 2−n (1 − max n Sh f i (ω)) (18)

ω ∈GF(2 )
The cyclic spectrum of the function f (x) is,

X
Sh f i (ω) = 2−n (−1) f (x)⊕x ·ω (19)
x ∈GF(2n )
where, ω ∈ GF(2n ), and x · ω denotes the dot product of x and w.

The larger the nonlinearity N f of the function f, the stronger the ability of its resistance to the
linear attacks, vise versa.
3. Strict avalanche criterion

Strict avalanche criterion describes a fact that when one bit in the input of Boolean function
changes, the changing probability of every bit in its output is 1/2. In practical application, a correlation
matrix, the construction method of which refers to the literature,38 is always constructed to test the
SAC property of the Boolean function.
4. Bit independent criterion
Given a Boolean function f j , f k (j , k) is a two bits output of an S-box, if fj ⊕ fk is highly nonlinear
and meets the SAC, the correlation coefficient of each output bit pair may be close to 0 when one
input bit is inversed. Thus, we can check the BIC of the S-box by verifying whether fj ⊕ fk (j , k) of
any two output bits of the S-box meets the nonlinearity and SAC.39
5. Differential approximation probability
The Differential approximation probability DPf can reflect the XOR distribution of the input
and output of the Boolean function, i.e., the maximum likelihood of outputting ∆y when the input
is ∆x,40
# {x ∈ X | f (x) ⊕ f (x ⊕ ∆x) = ∆y }
DPf = max ( ) (20)
∆x,0,∆y 2n
where, X denotes a set of all possible inputs, 2n is the number of elements in the set.
The smaller the DPf , the stronger the ability of the S-box for fighting against differential
cryptanalysis attacks, vise versa.
6. Linear approximation probability

Given two randomly selected masks Γx and Γy, we use Γx to calculate the mask of all possible
values of an input x and use Γy to calculate the mask of the output values S(x) of the corresponding
S-box. After masking the input and the output values, and the maximum number of the same results
is called the maximum linear approximation that can be computed by the following equation,41
# {x |x · Γx = S(x) · Γy} 1
LP = max − (21)
Γx,Γy,0 2n 2
where, Γx and Γy are the mask values of the input and output, respectively, X is a set of all possible
input values of x, the elements of which is 2n .
The smaller the LP, the stronger the ability of the S-box for fighting against linear cryptanalysis
attacks, vise versa.
V. DESCRIPTION OF THE PROPOSED ALGORITHM

A. Encryption process
Given a gray image, P, with as size of M × N. The encryption process of P can be described as
follows.
Step 1: Consider a 256-bit binary number, key. Divide key into k 1 , k 2 , ...,k 32 , where a 8-bit
k i , i= 1,2, ..., 32, can be represented by an integer from 0 to 255.
key = [k1 , k2 , ..., k32 ] (22)
kxor = k1 ⊕ k2 ⊕ · · · ⊕ k32 (23)

X
psum = P(x, y) (24)
x ∈[1,M],y∈[1,N]
32
X
ksum = ki (25)
i=1
X 6
ksum1 = ki (26)
i=1
X12
ksum2 = ki (27)
i=7
X18
ksum3 = ki (28)
i=13
X24
ksum4 = ki (29)
i=19
X32
ksum5 = ki (30)
i=25
X32
ksum6 = ki (31)
i=31
t0 = mod( ksum + kxor + floor((psum − floor((psum))∗ 106 ), 256) / 256 (32)
a0 = 7.999 (33)
here, t 0 , a0 are initial values of the chaotic map and the system parameter respectively.
Step 2: Arrange pixels of P into a one-dimensional sequence I, with as size of M × N, from left
to right and top to bottom.
Step 3: Iterate equation (1) with t 0 and a0 . Discard previous 500 obtained values and record
the following M × N values, {t i , i = 1,2,· · · M × N}. Sort {t i } in ascending order to obtain {d i ,
i = 1,2,· · · M × N} and the corresponding indexes{ei , i = 1,2,· · · M × N}. Use these indexes to
scramble the sequence I. As a result, a scrambled sequence, I 0, is obtained.
Step 4: Pass s0 and a6 into Eqs. (2), (15) to construct an intermediate S-box. Use the left map
scheme of the Reversible two-dimensional map to scramble the intermediate S-box for m times, and
use the right map scheme to scramble it for n times. As a result, m × n S-boxes are obtained, {S k ,
k = 1,2,· · · , m × n}.
Step 5: Let k ← 1. For each sub-block Bk , k = 1,2,· · · , m × n, use a binary value
w =b7 b6 b5 b4 b3 b2 b1 b0 to represent a pixel of it. Denote i = b7 b6 b5 b4 by a binary representation
of a row index value, and convert it to a decimal value s. Denote j =b3 b2 b1 b0 by a binary represen-
tation of a column index value, and convert into a decimal value t. Replace the elements of the s +1th
row of the S-box with that of the t +1th column to obtain a sub-block Bk0 , k = 1,2,· · · , m × n.
Step 6: For each sub-block{Bk0 , k = 1,2,· · · , m × n}, use a 8-bit binary value to represent a
pixel of it. Convert the binary sub-block into a one-dimensional binary sequence, {Ak (l), k = 1,2,· · · ,
m × n,l =1,2,· · · ,8 × M/m × N/n},with the size of 8 × M/m × N/n.
Step 7: Iterate Eq. (2) with initial values x 0 , y0 , z0 , u0 , v0 , and control parameters
a1 ,a2 ,a3 ,a4 ,a5 .Discard previous 500 obtained values and record the following 4 × M/m × N/n values,
x j , yj , zj , uj , vj , j =1,2,· · · 4 × M/m × N/n. Convert these values into integers ranging from1,8 according
to Eqs. (51)–(55).
X
x0 = (ksum1 + kxor + psum + ksum + ( Bk (x, y)) mod 256)/(3 × 210 ) (34)
x ∈[1,m],y∈[1,n]
X
y0 = (ksum2 + kxor + psum + ksum + ( Bk (x, y)) mod 256)/(3 × 210 ) (35)
x ∈[1,m],y∈[1,n]
X
z0 = (ksum3 + kxor + psum + ksum + ( Bk (x, y)) mod 256)/(3 × 210 ) (36)
x ∈[1,m],y∈[1,n]
X
u0 = (ksum4 + kxor + psum + ksum + ( Bk (x, y)) mod 256)/(3 × 210 ) (37)
x ∈[1,m],y∈[1,n]
X
v0 = (ksum5 + kxor + psum + ksum + ( Bk (x, y)) mod 256)/(3 × 210 ) (38)
x ∈[1,m],y∈[1,n]
X
s0 = (ksum6 + kxor + psum + ksum + ( Bk (x, y)) mod 256)/(3 × 29 ) (39)
x ∈[1,m],y∈[1,n]
h=1 (40)
g=1 (41)
e=1 (42)
r =3 (43)
d =1 (44)
a1 = 1.9999 (45)
a2 = 1.9999 (46)
a3 = 1.9999 (47)
a4 = 1.9999 (48)
a5 = 1.9999 (49)
a6 = 1.9999 (50)
xi0 = [xi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (51)
yi0 = [yi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (52)
zi0 = [zi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (53)
ui0 = [ui × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (54)
vi0 = [vi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (55)

where, x 0 , y0 , z0 , u0 , v0 , s0 , h, g, e, r, d are initial values of the C-T cascade map and the improved
generalized two-dimensional Arnold transform, and a1 , a2 , a3 , a4 , a5 , a6 are the initial parameters of
the C-T cascade map.
Step 8: Encode {Ak (l), k = 1, 2, · · · , m × n, l = 1, 2,· · · , 8 × M/m × N/n},with DNA map rules
selected by{xj0, j = 1, 2,· · · , 4 × M/m × N/n}to obtain a DNA sequence{Ak0 (j), k = 1, 2,· · · , m × n,
j = 1, 2, · · · , 4 × M/m × N/n}, with the length of 4 × M/m × N/n.
Step 9: Convert {yj , j = 1, 2, · · · , 4 × M/m × N/n}, into a integer ranging from [0, 255] using
Eq. (56). h i
wj = yj × 104 mod256, j = 1, 2, · · · 4 × M/m × N/n (56)
Step 10: Take the first M/m × N/n numbers in wj , and obtain wj0,Convert wj0 into a binary
sequence, {wl00, l = 1, 2,· · · 8 × M/m × N/n}. Encode wl00with DNA map rules selected by{yi0,i =1,
2,· · · , 4 × M/m × N/n} to obtain a DNA sequence {Wk0(j), k = 1, 2,· · · , m × n, j = 1, 2, · · · , 4 × M/m
× N/n}, with the length of 4 × M/m × N/n.
Step 11: Substitute Eqs. (40)–(42) into (14), substitute Eqs. (43), (44) into (15), and substitute
wj0 into Eq. (14) to obtain {Yk0, k = 1, 2,· · · m × n}.
Step 12: Convert Yk0 into a binary sequence, {Z k (l), k = 1, 2,· · · , m × n, l = 1, 2,· · · 8 × M/m × N/n}.
Encode {Z k (l), k = 1, 2,· · · , m × n, l = 1, 2, · · · 8 × M/m × N/n}. with DNA map rules selected by
{zj0, j = 1, 2, · · · , 4 × M/m × N/n }to obtain a DNA sequence {Zk0 (j), k = 1, 2,· · · , m × n, j = 1, 2, · · ·
4 × M/m × N/n},with the length of 4 × M/m × N/n.
Step 13: Let k ← k + 1, repeat Steps 5-12 until k = m × n.
Step 14: Operate according to DNA map rules selected by {uj0, j = 1, 2,· · · , 4 × M/m × N/n}.
For the first sub-block, use the following equation to encrypt
Dk (j) = Wk0 ⊕ (Ak0 (j) + Zk0 (j)), k = 1, j = 1, 2, · · · , 4 × M/m × N/n (57)
For k = 2, 3, . . . , m × n, use the following equation to encrypt
Dk (j) = (Dk (j − 1) + Wk0(j)) ⊕ (Ak0 (j) + Zk0 (j)), k = 2, · · · , m × n,
(58)
j = 1, 2, · · · , 4 × M/m × N/n
"+" and ⊕ are addition and XOR operations of the above DNA sequences.
Step 15: For each sequence Dk (j), it is decoded according to DNA map rules selected by vj0, to
obtain a binary sequence Dk0 (j), k = 1,2,· · · , m × n, j = 1,2,· · · , 8 × M/m × N/n.
Step 16: Convert the one-dimensional binary sequence, Dk0 (j), k = 1, 2, · · · , m × n, into a decimal
sequence, C k , k = 1, 2,· · · , m × n,
Step 17: Construct a ciphertext image with encrypted sub-blocks, C k , k = 1, 2,· · · , m × n,
according to the indexes of plaintext sub-blocks.
FIG. 6. Decryption framework of the IESDNA.
B. Decryption process
The decryption algorithm is the inverse process of the encryption algorithm, and Figure 6 depicts
the decryption framework of the proposed IESDNA.
Step 1: Consider the same initial values and parameters as the encryption process. Calculate
Eqs. (51)–(55) to obtain xj0, yj0, zj0, uj0, vj0, j = 1, 2,· · · , 4 × M/m × N/n, and calculate Eq. (56) to
obtain wj . Call the Step 10 in the above encryption process to obtain{Wk0(j), k = 1, 2,· · · , m × n,
j =1, 2, · · · , 4 × M/m × N/n}, and the Steps 11, 12 to achieve {Zk0 (j), k = 1, 2, · · · , m × n, j = 1, 2,
· · · 4 × M/m × N/n}.
Step 2: Pass s0 and a6 into Eqs. (2), (15) to construct an intermediate S-box. Use the left map
scheme of the ICT to scramble the intermediate S-box for m times, and use the right map scheme to
scramble it for n times. As a result, m × n S-boxes are obtained.
Step 3: Let k ← 1.Divide the ciphertext image C into sub-blocks {Dk , k = 1, 2, · · · , m × n}, with
the size of M/m × N/n, and convert each block into a binary sequence, {Dk0 , k = 1, 2, · · · , m × n},
with the length of 8M/m × N/n.
Step 4: Encode {Dk0 , k = 1, 2,· · · m × n}, with DNA map rules selected by vi to obtain a DNA
sequence Dk with the length of 4 × M/m × N/n.
Step 5: Operate according to DNA map rules selected by {uj0, j = 1, 2,· · · , 4 × M/m × N/n}. For
the first sub-block, use the following equation to decrypt
Ak0 (j) = Wk0(j) ⊕ Dk (j) − Zk0 (j), k = 1, j = 1, 2, · · · , 4 × M/m × N/n (59)
For k = 2, 3, . . . , m × n, use the following equation to decrypt
Ak0 (j) = (Dk (j − 1) + Wk0(j)) ⊕ Dk (j) − Zk0 (j), k = 2, · · · , m × n,
(60)
j = 1, 2, · · · , 4 × M/m × N/n
“-”, “+” and ⊕ are subtraction, addition and XOR operations of the above DNA sequences.
Step 6: For each sequence Ak0 , it is decoded according to DNA map rules selected by {xj0, j = 1,
2, · · · , 4 × M/m × N/n}, to obtain a binary sequence{Ak (l)k = 1, 2,· · · m × n, l = 1, 2, · · · , 8 × M/m
× N/n}, with the length of 8M/m × N/n.
Step 7: Convert {Ak (l), k = 1, 2,· · · m × n, l = 1, 2, · · · , 8 × M/m × N/n}, into a decimal sub-block
{Bk0 ,k = 1, 2,· · · m × n}with the size of M/m × N/n.
Step 8: In Encryption process Steps 4 to achieve S-boxes, {S k , k = 1, 2, · · · , m × n}. For each
pixel value in Bk , it is an element in the S-box. The row index value of the element is m, and m -1 = d 7
d 6 d 5 d 4 is a binary representation. The column index value is n, and n -1= d 3 d 1 d 0 is also a binary
representation. Thus, v = d 7 d 6 d 5 d 4 d 3 d 2 d 1 d 0 denotes a binary value of a pixel, and convert it
into a decimal value. {Bk , k = 1, 2,· · · , m × n} can be obtained by traversing all the pixels.
Step 9: Let k ← k + 1, repeat Steps 3-8 until k = m × n.
Step 10: Construct the plaintext image I 0 with each sub-block {Bk , k = 1, 2,· · · , m × n}.
Step 11: Iterate Eq. (1) with the initial value t 0 and the control parameter a0 , discard the previous
500 obtained values and record afterward M × N values, {t i , i = 1, 2,· · · M × N}. Use t i to scramble
inversely I 0 to obtain an one-dimensional sequence I with the length of M × N.
Step 12: Convert I to achieve an image P from right to left and from bottom to top.
VI. EXPERIMENTAL RESULTS AND ANALYSIS

In this paper, the encryption and decryption experiments are performed on a personal computer
equipped with Intel (R) Core (TM) i3 CPU 3.07GHz, 2G RAM, 500GB hard drive and Windows
XP operating system. Moreover, a 256×256 grayscale picture of Lena shown in Figure 7(a) is used
as the plaintext. Furthermore, in this experiment, we chose this encryption key, 108 130 63 112 23
18 114 30 156 120 127 100 27 190 11 119 26 19 110 57 149 124 23 168 101 130 141 65 12 64
91 116 (32 decimal numbers, each number can be written in a 8-bit binary number, a total of 256
bits), and set M = 256, N = 256, m = 32, n = 32 in the experiment. The encrypted image is shown in
Figure 7(b).
A. S-box performance analysis

In our code scheme, a dynamically generated S-box is not only associated with a key, but also
with the plaintext. So to test the S-box of the encryption process, we need to determine the plaintext.
Figures 8(a–f) depict the generated cryptography properties of the first 1024 S-boxes of Lena.
FIG. 7. Original image and its encrypted image. (a) Original image; (b) Encrypted image.
FIG. 8. Performance distribution of S-boxes. (a) Average nonlinearities distribution; (b) Average values distribution of depen-
dent matrixes; (c) Average value distribution of BIC-nonlinearity; (d) Average value distribution of BIC-SAC; (e) Maximum
value distribution of DP; (f) Maximum value distribution of LP.
We can make the following observations from these Figures:

1) The nonlinearity of all S boxes 99.9% is more than 100, and the maximum is 106, indicating
that these obtained S-boxes have good nonlinearity characteristic; 2) These S-boxes have good
avalanche characteristic because the average values of correlation matrixes of them slightly
fluctuate around the ideal value 0.5; 3) These S-boxes have enough BIC feature since the
average BIC-nonlinearity of them are beyond 101, the maximum non-linearity is 105, and the
average BIC-SAC of them slightly fluctuate around the ideal value 0.5; 4) The differential
distribution values of 99.61% S-boxes locate in the range,10,14 i.e., the DP values distribute in
the range [0.03906, 0.05469], and only 0.39% S-boxes obtain 14 greater differential distribution
values (however, the maximum is only 18), that is, the maximum DP is 0.07031. It shows that
these S-boxes can resist differential attack; 5) The linear approximation probability values of
98.73% S-boxes locate between 0.1172 and 0.1563 (or DP values locate between 0.03906 and
0.05469), and only 1.27% S-boxes gain 0.1563 greater linear approximation probability values
(the maximum is 0.1797). It indicates that these S-boxes have the ability to resist linear attack.
To sum up, the experimental results may show that our method can construct dynamic S-boxes
with good cryptographic properties.
B. Security analysis
1. Analysis of a key space
To be able to resist brute-force attack, a sufficiently large key space is required. In this paper, a set
of 256 bits binary numbers is selected as a key since it is convenient and practical. Theoretically, the
key space with such a large key space 2256 makes the password system resist the brute-force attack.
2. Sensitivity analysis of a key

The encryption algorithm should be sensitive to the key, i.e., when there are small changes in
the key, the ciphertext should change greatly.
1) Figure 9 shows the sensitivity analysis of the key of IESDNA. Figure 9(a) depicts the decrypted
image of Figure 9(b) using the correct key, 108 130 63 112 23 18 114 30 156 120 127 100 27
190 11 119 26 19 110 57 149 124 23 168 101 130 141 65 12 64 91 116. Moreover, Figure 9(b)
depicts a decrypted image using the slightly changed key, 109 130 63 112 23 18 114 30 156
120 127 100 27 190 11 119 26 19 110 57 149 124 23 168 101 130 141 65 12 64 91 116. It
can be seen that the two decrypted images are completely different though the key has a minor
change. So, IESDNA is sensitive to a key.
2) The Different Rate (DR) of a cipher image encrypted by the correct key and the slightly changed
key is calculated by equations (61), (62), respectively,10
FIG. 9. Results of the key sensitivity. (a) Correct decrypted image; (b) Error decrypted image.
TABLE VII. The DR of the ciphertext images.
Images Scale DR
Lena 256×256 0.9963

Boat 256×256 0.9964
Cameraman 256×256 0.9960
Peppers 256×256 0.9962
 1 C1 (i, j) , C2 (i, j)

D(i, j) =  0 C (i, j) = C (i, j) (61)
 1 2
X
D(i, j)
i,j
DR == × 100% (62)
M ×N
here, M and N respectively denotes the width and height of an image, C 1 (i, j) and C 2 (i, j) respectively
represent the pixels at the position (i, j) of two ciphertext images which originate from the plaintext
and the one pixel changed plaintext. Table VII depicts the experimental results.
3. Histogram analysis
The histogram represents the distribution of gray level of all pixels in an image. The example
of the lena image with 256×256, of which the histogram analysis is shown in Figure 10, is used.
Figure 10(a) shows the histogram of the plaintext image, Figure 10(b) corresponds to the histogram
of the encrypted image. Contrast with the plaintext, the ciphertext image information distribution is
uniform; thus, it is difficult for an attacker to attack ciphertext by some statistical methods and the
security of the ciphertext is improved.
4. Correlation analysis of a ciphertext

The correlation between two adjacent pixels in the original image is great. Therefore, to make
the encryption image resist the statistical analysis attack, the correlation between two adjacent pixels
in the ciphertext image should be reduced, and the corresponding equations are the following,42
cov(x, y)
γxy = √ p (63)
D(x) D(y)
N
1 X
cov(x, y) = (xi − E(x))(yi − E(y)) (64)
N i=1
FIG. 10. The histograms of the plaintext image and ciphertext image. (a) The histogram of a plaintext image; (b) The histogram
of a ciphertext image.
FIG. 11. Correlation of plaintext image and the ciphertext image in multiple directions. (a) Plaintext horizontal correlation; (b)
Plaintext vertical correlation; (c) Plaintext diagonal correlation; (d) Ciphertext horizontal correlation; (e) Ciphertext vertical
correlation; (f) Ciphertext diagonal correlation.
N N
here, E(x) = N1 xi , D(x) = N1 (xi − E(x))2 , x and y are two adjacent pixels in the image, γ xy is the
P P
i=1 i=1
correlation coefficient.
Figure 11 depicts the correlation of 3000 pixels randomly selected from the plaintext and
ciphertext images in three different directions including horizontal, vertical and diagonal directions.
Table VIII gives the correlation coefficient of the Lena image and its encrypted image in three direc-
tions and lists the corresponding results obtained by recent chaotic system based image encryption
algorithms.
Table VIII and Figure 11 show that IESDNA has a smaller correlation coefficient, and can better
achieve the purpose of destructing the correlation between adjacent pixels, and as a result, IESDNA
makes the ciphertext have a better random distribution characteristic.
5. Differential attack test

To test the impact of the ciphertext when the plaintext has some minor changes, the Number of
Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI) to analyze the ciphertext
image are adopted. The theoretical value of NPCR is 100%. The closer to the value, the more sensitive
of the ciphertext to the plaintext change, and the stronger of the ability for the encryption algorithm to
resist the known plaintext attack and chosen plaintext attack. UACI is used to measure the resistance
ability of the differential attack. If the obtained index is close to 33.333%, the capacity to resist
differential attack is strong. Assume that there are two ciphertext images C 1 , C 2 , the corresponding
plaintexts of both are the same except for only one pixel. Use equations (65), (66) to calculate these
two indexes,43
M N
1 XX
NPCR = D(i, j) × 100% (65)
M × N i=1 j=1
TABLE VIII. Correlation coefficient of adjacent pixels of the lena ciphertext.
Direction Horizontal Vertical Diagonal
Plaintext 0.9357 0.9614 0.9112

Ciphertext -0.0010 -0.0015 -0.0012
TABLE IX. NPCR and UACI of ciphertexts of different images.
Images NPCR UACI
Lena 0.9962 0.3361

Boat 0.9961 0.3349
Cameraman 0.9964 0.3359
Peppers 0.9957 0.3349
M N
1 X X |C1 (i, j) − C2 (i, j)|
UACT = × 100% (66)
M × N i=1 j=1 255
where M and N respectively denotes the width and height of an image, C 1 (i, j) and C 2 (i, j) repre-
sent the pixels values at the position (i, j) of two ciphertext images originating from the plaintext
and the one pixel changed plaintext, respectively. if C 1 (i, j) , C 2 (i, j), then D(i, j) = 1, otherwise
D(i, j) = 0.
Table IX depicts the NPCR and UACI of the ciphertexts of different images. As can be seen, all
the NPCR values are more than 99%, and all the UACI values are above 33.33%, Table X depicts the
NPCR and UACI of the lena ciphertext obtained by different methods.10,11,14,44–46 The results show
that IESDNA is sensitive to the plaintext, and can resist the differential attack to some extent.
6. Information entropy analysis
Entropy refers to the uncertainty of information, the larger the information entropy, the greater
the uncertainty of information, vise versa. It solves the problem of quantifying information. In this
paper, the information entropy to reflect the randomness of the occurrence of the pixel gray values
in the encryption result is used.
Use m to represent the information source, and use equation (67) to calculate the information
entropy,47
2Xn −1
1
H(m) = p(mi )log2 (67)
i=0
p(m i)
here, p(mi ) denotes the probability of the occurrence of pixel gray value mi . According to
equation (67), if the information entropy H(m) = 8, the information is then completely random,
and the disorder of the information is the strongest, that is, the information entropy of the ciphertext
should be closer to 8.
Table XI lists the information entropy of ciphertexts of different images obtained by IESDNA.
From the table, we can see that information entropy of IESDNA is closer to 8; thus, the encryption
effect of it may be good.
7. Analysis of crop resistance
Images in the transmission process often encounter crop-operations from some anonymous
attackers. As a result data information may be lost and the decryption performance of recipients may
be affected. For a good image encryption algorithm, a decrypted image can restore main information
TABLE X. NPCR and UACI of the lena ciphertext.
Images NPCR UACI
Lena 0.9962 0.3361

Reference 10 0.9961 0.3342
Reference 11 0.9961 0.3347
Reference 14 0.9892 0.3279
Reference 44 0.9959 0.3346
Reference 45 0.9962 0.3342
Reference 46 0.9961 0.3346
TABLE XI. Information entropy of ciphertexts of different images.
Images Entropy
Lena 7.9974
Boat 7.9973
Cameraman 7.9975
Peppers 7.9973
of the plaintext image even though the decrypted image is subjected to crop-attacks. In the security
analysis, generally, the following steps are performed to verify the anti-crop capability of a proposed
image encryption method: crop a ciphertext image such that part information of the image is lost,
and use a key to decrypt the cropped ciphertext image.26
The crop-operation on an encrypted image is used to check to the crop-resistance ability of the
proposed algorithm. As shown in Figure 12, the black rectangle area in Lena image is the crop part, all
pixels-values of which are zero. Figure 12(a) shows an encrypted image that is crop by one-sixteen.
Figure 12(b) depicts the decrypted image of (a). Figure 12(c) shows an encrypted image that is crop
by one-eighth. Figure 12(d) depicts the decrypted image of (c). Figure 12(e) shows an encrypted
image that is crop by one-fourth. Figure 12(f) depicts the decrypted image of (e). Figure 12(g) shows
an encrypted image that is crop by one-half. Figure 12(h) depicts the decrypted image of (g). The
following observations can be seen from the results: 1) when an encrypted image is crop by one-
sixteen, the corresponding decrypted image is clear with only a small amount of noise-like dots, 2)
As the crop area increases, the decrypted image becomes blurred, and 3) even though the image is
crop by one-half, the information of the plaintext image can be obtained from the decrypted image.
Table XII shows the peak signal-to-noise ratio (PSNR) of the decrypted image under different
crop areas. It can be seen that the proposed algorithm can effectively resist the crop attack.
8. Anti-noise ability analysis

Due to the existence of channel noise the decryption performance of images recipients would be
affected. A good image encryption algorithm should have the strong capability of resisting noise. In
the security analysis, generally, the following steps are performed to verify the anti-noise capability of
FIG. 12. Test of cropping. (a) An one-sixteen-crop encrypted image; (b) The decrypted image of (a); (c) An one-eighth-crop
encrypted image; (d) The decrypted image of (c); (e) An one-fourth-crop encrypted image; (f) The decrypted image of (e);
(g) An one-half-crop encrypted image; (h) The decrypted image of (g).
TABLE XII. PSNR of decrypted image.
Crop area 1/16 1/8 1/4 1/2
PSNR 9.0386 8.7914 7.6670 6.3850
a proposed image encryption method: add salt-pepper noise and Gaussian noise of different intensities
to a ciphertext image, and use a key to decrypt the modified ciphertext image.26
The anti-noise ability of the proposed algorithm is checked by adding salt-pepper-noise and
Gaussian-noise with difference intensities to the encrypted image.
a. Salt-pepper-noise attack. In order to verify the anti-noise ability of the proposed algorithm,
various density of salt-pepper-noise is added to the Lena image. The decryption result is shown in
Figure 13. The added noise intensities are 0.001, 0.01, 0.1 and 0.2, respectively. Table XIII shows
the peak signal-to-noise ratio (PSNR) of the corresponding decrypted images in the order of 9.1841,
9.0250, 8.4001 and 7.8534, respectively. From the figures, we can see that the decrypted images
become more and more blurred with the increase of noise intensity, but the outline of the original
image can still be seen. It shows that the proposed algorithm can resist salt-pepper-noise attack to
some extent.
b. Gaussian-noise attack. In order to verify the anti-noise ability of the proposed algorithm,
the Lena image is added with several types of Gaussian white noise of various variances and zero-
mean-value. The decryption results are shown in Figure 14. The noise intensities added in the image
are 0.2, 0.3, 0.4 and 0.5 respectively. Table XIV shows the peak signal to noise ratio (PSNR) of the
corresponding decrypted images that are 9.1175, 8.7851, 8.5786 and 8.4955, respectively. From the
FIG. 13. Test of salt-pepper noise addition. (a) Noise intensity is 0.001; (b) Noise intensity is 0.01; (c) Noise intensity is 0.05;
(d) Noise intensity is 0.1.
TABLE XIII. PSNR of decrypted image.
Noise intensity 0.001 0.01 0.1 0.2
PSNR 9.1841 9.0250 8.4001 7.8534
FIG. 14. Test of Gaussian-noise addition. (a) Variance value is 0.2; (b) Variance value is 0.3; (c) Variance value is 0.4;
(d) Variance value is 0.5.
TABLE XIV. PSNR of decrypted image.
Variance 0.2 0.3 0.4 0.5
PSNR 9.1175 8.7851 8.5786 8.4955
results, we can see that the decrypted images become blurred with the increase of the noise intensity,
but the outline of the original image can still be obtained. It shows that the proposed algorithm can
resist Gaussian-noise attack to some extent.
VII. CONCLUSIONS
A block encryption algorithm based on dynamic S-boxes and DNA sequence operation is pro-
posed in this paper. It first uses a new chaotic, NC, map to scramble an input plaintext image and
then leverages an S-box generated by a Cubic-Tent, C-T, cascade map and an improved generalized
two-dimensional Arnold map to substitute the scrambled image. Next, A DNA sequence operation
is further applied to diffuse the scrambled image. Theoretical analysis and experimental results show
that the proposed image encryption algorithm can effectively resist violent attack, correlation analysis,
information entropy analysis and differential attack, anti-crop attack and anti-noise attack.
ACKNOWLEDGMENTS
The authors would like to appreciate for the financial supports by the National Natural Science
Foundation of China (Nos: 60603092, 60975042, 51472066).
1 X. Y. Wang, Y. Q. Zhang, and X. M. Bao, “A colour image encryption scheme using permutation-substitution based on
chaos,” Entropy 17, 3877–3897 (2015).
2 D. D. Wheeler, “Problems with chaotic cryptosystems,” Cryptologia 13, 243–250 (1989).
3 K. Ning, “A pseudo DNA cryptography method,” arXiv 0903, 2693 (2009).
4 G. Jakimoski and L. Kocarev “Chaos and cryptography: block encryption ciphers based on chaotic maps,” IEEE Transactions
on Circuits and Systems I: Fundamental Theory and Applications 48, 163–169 (2001).
5 M. Khan, T. Shah, H. Mahmood, M. A. Gondal, and I. Hussain, “A novel technique for the construction of strong S-boxes
based on chaotic Lorenz systems,” Nonlinear Dynamics 70, 2303–2311 (2012).

6 I. Hussain, S. Tariq, and A. G. Muhammad, “A novel approach for designing substitution-boxes based on nonlinear chaotic
algorithm,” Nonlinear Dynamics 70, 1791–1794 (2012).

7 Y. Tian and Z. M. Lu, “S-box: Six-dimensional compound hyperchaotic map and artificial bee colony algorithm,” Journal
of Systems Engineering and Electronics 27, 232–241 (2016).

8 F. Özkaynak, V. Çelik, and A. B. Özer, “A new S-box construction method based on the fractional-order chaotic Chen
system,” Signal, Image and Video Processing 11, 659–664 (2017).

9 Ü. Çavuşoğlu, A. Zengin, I. Pehlivan, and S. Kaçar, “A novel approach for strong S-box generation algorithm design based
on chaotic scaled Zhongtang system,” Nonlinear Dynamics 87, 1081–1094 (2017).

10 X. Wang and Q. Wang, “A novel image encryption algorithm based on dynamic S-boxes constructed by chaos,” Nonlinear
Dynamics 75, 567–576 (2014).

11 X. Zhang, Y. Mao, and Z. Zhao, “An efficient chaotic image encryption based on alternate circular S-boxes,” Nonlinear
Dynamics 78, 359–369 (2014).

12 M. Khan and T. Shah, “A novel image encryption technique based on Hénon chaotic map and S symmetric group,” Neural
8
Computing & Applications 25, 1717–1722 (2014).
13 H. Liu, A. Kadir, and P. Gong, “A fast color image encryption scheme using one-time S-boxes based on complex chaotic
system and random noise,” Optics Communications 338, 340–347 (2015).

14 A. U. Rehman, J. S. Khan, J. Ahmad, and S. O. Hwang, “A new image encryption scheme based on dynamic s-boxes and
chaotic maps,” 3D Research 7, 84 (2016).

15 I. Hussain, T. Shah, and M. A. Gondal, “An efficient image encryption algorithm based on S S-box transformation and
8
NCA map,” Optics Communications 285, 4887–4890 (2012).
16 Y. Zhang and D. Xiao, “Cryptanalysis of S-box-only chaotic image ciphers against chosen plaintext attack,” Nonlinear
Dynamics 72, 751–756 (2013).

17 T. Head, G. Rozenberg, R. S. Bladergroen, C. K. D. Breek, P. H. M. Lommerse, and H. P. Spaink, “Computing with DNA
by operating on plasmids,” Biosystems 57, 87–93 (2000).

18 X. Zheng, J. Xu, and W. Li, “Parallel DNA arithmetic operation based on n-moduli set,” Applied Mathematics and
Computation 212, 177–184 (2009).

19 Q. Zhang, X. Xue, and X. Wei, “A novel image encryption algorithm based on DNA subsequence operation,” The Scientific
World Journal 2012, 286741 (2012).

20 H. Liu and X. Wang, “Image encryption using DNA complementary rule and chaotic maps,” Applied Soft Computing 12,
1457–1466 (2012).
21 M. SaberiKamarposhti, I. AlBedawi, and D. Mohamad, “A new hybrid method for image encryption using DNA sequence
and chaotic logistic map,” Australian Journal of Basic and Applied Sciences 6, 371–380 (2012).
22 X. Xue, Q. Zhang, X. Wei, L. Guo, and Q. Wang, “An image fusion encryption algorithm based on DNA sequence and
multi-chaotic maps,” Journal of Computational and Theoretical Nanoscience 7, 397–403 (2010).

23 Q. Zhang, L. Guo, and X. Wei, “Image encryption using DNA addition combining with chaotic maps,” Mathematical and
Computer Modelling 52, 2028–2035 (2010).

24 X. Y. Wang, Y. Q. Zhang, and X. M. Bao, “A novel chaotic image encryption scheme using DNA sequence operations,”
Optics and Lasers in Engineering 73, 53–61 (2015).

25 Y. Q. Zhang, X. Y. Wang, J. Liu, and Z. L. Chi, “An image encryption scheme based on the MLNCML system using DNA
sequences,” Optics and Lasers in Engineering 82, 95–103 (2016).

26 X. Chai, Y. Chen, and L. Broyde, “A novel chaos-based image encryption algorithm using DNA sequence operations,”
Optics and Lasers in Engineering 88, 197–213 (2017).

27 A. Belazi, A. A. A. El-Latif, and S. Belghith, “A novel image encryption scheme based on substitution-permutation network
and chaos,” Signal Processing 128, 155–170 (2016).

28 S. Çiçek, A. Ferikoğlu, and I. Pehlivan, “A new 3D chaotic system: Dynamical analysis, electronic circuit design, active con-
trol synchronization and chaotic masking communication application,” Optik-International Journal for Light and Electron
Optics 127, 4024–4030 (2016).
29 Y. Wang, Z. Liu, J. Ma, and H. He, “A pseudorandom number generator based on piecewise logistic map,” Nonlinear
Dynamics 83, 2373–2391 (2016).

30 J. Lü and G. Chen, “A new chaotic attractor coined,” International Journal of Bifurcation and Chaos 12, 659–661 (2002).
31 Y. Wu, G. Yang, H. Jin, and J. P. Noonan, “Image encryption using the two-dimensional logistic chaotic map,” Journal of
Electronic Imaging 21, 013014–1–013014-15 (2012).

32 X. Tan, Z. Huang, and C. Yao, “New image encryption algorithm based on cascade chaos system,” Journal of Information
&Computational Science 11, 2467–2478 (2014).

33 F. Huang, Y. Feng, and J. Li, “An image encryption approach based on an invertible two-dimensional map by construction
triangle,” Journal of Optoelectronics. Laser 20, 378–381 (2009).

34 H. Zhu, C. Zhao, X. Zhang, and L. Yang, “An image encryption scheme using generalized Arnold map and affine cipher,”
Optik 125, 6672–6677 (2014).

35 C. M. Wu, “An improved discrete Arnold transform and its application in image scrambling and encryption,” Acta Physica
Sinica 63, 090504 (2014).

36 X. Wei, L. Guo, Q. Zhang, J. Zhang, and S. Lian, “A novel color image encryption algorithm based on DNA sequence
operation and hyper-chaotic system,” Journal of Systems and Software 85, 290–299 (2012).
37 C. Adams and S. Tavares, “The structured design of cryptographically good S-boxes,” Journal of Cryptology 3, 27–41
(1990).
38 A. F. Webster and S. E. Tavares, “On the design of S-boxes,” in Proceedings of Advances in CryptologyCRYPTO 85.Lecture
Notes in Computer Science (Springer-Verlag, 1986), Vol. 218, pp. 523–534.

39 C. Adams and S. E. Tavares, “Good S-boxes are easy to find,” in Proceedings of Advances in CryptologyCRYPTO 85.Lecture
Notes in Computer Science (Springer-Verlag, 1989), Vol. 435 pp. 612–615.

40 E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystems,” in Proceedings of Advances in
CryptologyCRYPTO 90.Lecture Notes in Computer Science (Springer-Verlag, 1990), Vol. 537, pp. 2–21.
41 M. Matsui, “Linear cryptanalysis method for DES cipher,” in Proceedings of Advances in Cryptology EURO-
CRYPT93.Lecture Notes in Computer Science (Springer-Verlag, 1994), Vol. 765, pp. 386–397.
42 T. Gao and Z. Chen, “A new image encryption algorithm based on hyper-chaos,” Physics Letters A 372, 394–400 (2008).
43 C. Zhu, “A novel image encryption scheme based on improved hyperchaotic sequences,” Optics Communications 285,
29–37 (2012).
44 A. Belazi, A. A. A. El-Latif, A. V. Diaconu, R. Rhouma, and S. Belghith, “Chaos-based partial image encryption scheme
based on linear fractional and lifting wavelet transforms,” Optics and Lasers in Engineering 88, 37–50 (2017).
45 Y. Liu, J. Wang, J. Fan, and L. Gong, “Image encryption algorithm based on chaotic system and dynamic S-boxes composed
of DNA sequences,” Multimedia Tools and Applications 75, 4363–4382 (2016).

46 M. Khan, “A novel image encryption scheme based on multiple chaotic S-boxes,” Nonlinear Dynamics 82, 527–533 (2015).
47 Q. Zhang and X. Wei, “A novel couple images encryption algorithm based on DNA subsequence operation and chaotic
system,” Optik 124, 6276–6281 (2013).

Novel Permutation-Diffusion Image Encryption Algorithm With Chaotic Dynamic S-Box and DNA Sequence Operation17

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Novel Permutation-Diffusion Image Encryption Algorithm With Chaotic Dynamic S-Box and DNA Sequence Operation17

Uploaded by

Copyright:

Available Formats

Novel permutation-diffusion image encryption algorithm with chaotic dynamic S-box

and DNA sequence operation

Citation: AIP Advances 7, 085008 (2017); doi: 10.1063/1.4994860

Novel permutation-diffusion image encryption algorithm

Dalian 116024, China

2158-3226/2017/7(8)/085008/22 7, 085008-1 © Author(s) 2017

II. SYSTEM OVERVIEW

FIG. 1. Encryption framework of the IESDNA.

III. RELATED WORKS

B. C-T cascade map

TABLE I. Chaotic map complexity analysis.

Logistic map NC map

Parameters 3.570 4.000 3.064 8.000

TABLE II. Chaotic map complexity analysis.

Tent map Cubic map C-T cascade map

Parameters 1.002 2.000 2.410 3.000 0.768 2.000

C. Reversible two-dimensional map (RTD map)

FIG. 4. A 6×6 image.

D. Improved generalized two-dimensional Arnold transformation (IGTDAT)

Its inverse transformation can take this form,

TABLE III. DNA encoding rule.

TABLE IV. DNA addition rule of 1-st scheme.

TABLE V. DNA subtraction rule of 1-st scheme.

TABLE VI. DNA XOR rule of 1-st scheme.

IV. S-BOX CONSTRUCTION AND EVALUATION CRITERIA

Qi = mod( floor(si × 103 , 256)) (15)

B. S-box evaluation criteria

Nf = 2−n (1 − max n Sh f i (ω) ) (18)

The cyclic spectrum of the function f (x) is,

where, ω ∈ GF(2n ), and x · ω denotes the dot product of x and w.

3. Strict avalanche criterion

6. Linear approximation probability

V. DESCRIPTION OF THE PROPOSED ALGORITHM

key = [k1 , k2 , ..., k32 ] (22)

kxor = k1 ⊕ k2 ⊕ · · · ⊕ k32 (23)

t0 = mod( ksum + kxor + floor((psum − floor((psum))∗ 106 ), 256) / 256 (32)

xi0 = [xi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (51)

yi0 = [yi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (52)

zi0 = [zi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (53)

ui0 = [ui × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (54)

vi0 = [vi × 104 ]mod8 + 1, i = 1, 2, · · · 4 × M/m × N/n (55)

FIG. 6. Decryption framework of the IESDNA.

VI. EXPERIMENTAL RESULTS AND ANALYSIS

A. S-box performance analysis

We can make the following observations from these Figures:

2. Sensitivity analysis of a key

TABLE VII. The DR of the ciphertext images.

Lena 256×256 0.9963

4. Correlation analysis of a ciphertext

5. Differential attack test

TABLE VIII. Correlation coefficient of adjacent pixels of the lena ciphertext.

Direction Horizontal Vertical Diagonal

Plaintext 0.9357 0.9614 0.9112

TABLE IX. NPCR and UACI of ciphertexts of different images.

Images NPCR UACI

Lena 0.9962 0.3361

TABLE X. NPCR and UACI of the lena ciphertext.

Images NPCR UACI

Lena 0.9962 0.3361

TABLE XI. Information entropy of ciphertexts of different images.

8. Anti-noise ability analysis

TABLE XII. PSNR of decrypted image.

Crop area 1/16 1/8 1/4 1/2

Nf = 2−n (1 − max n Sh f i (ω)) (18)