1SPDFFEJOHT
PG
UIF

*OUFSOBUJPOBM
$POGFSFODF
PO
8BWFMFU
"OBMZTJT
BOE
1BUUFSO
3FDPHOJUJPO

/JOHCP
$IJOB

+VMZ


AN IMAGE ENCRYPTION SYSTEM BASED ON 2-DIMENSIONAL QUANTUM

RANDOM WALKS
LINGFENG LI1 , BO PANG2 , YUANYAN TANG3

1
Faculty of Science and Technology, University of Macau, Ilhas, Macau SAR
2
Faculty of Science and Technology, University of Macau, Ilhas, Macau SAR
2
Faculty of Science and Technology, University of Macau, Ilhas, Macau SAR
E-MAIL: MB55460@umac.mo, MB55412@umac.mo, yytang@umac.mo

Abstract: computing. Quantum cryptography is a combination product of

The topic of quantum cryptography has begun to draw in- cryptography and quantum mechanics. Its safety is ensured by
creasing attention recently. The most important factor is that the basic principles of quantum mechanics. So quantum cryp-
the quantum cryptography is based on the principle of quantum tography attracts more and more attention[3][4][5].
mechanics, so it is more secure than the classical one. In this
paper, we introduce a plaintext-related image encryption system
In recent years, quantum computing is a rapidly growing
which employed the two-dimensional two-particle discrete-time
field and has made a lot of breakthrough[6]. As a universal
quantum random walks (QRWs) to construct a novel pseudo-
quantum computation model, QRWs are the quantum counter-
random number generator (PRNG) used to generate the secret
parts of classical random walks and have been developed as a
code streams. And it includes two plaintext-unrelated diffusion
useful tool for solving various problems, such as element dis-
operations and one plaintext-related confusion operation. Simu-
tinction, clustering and so on. Furthermore, Quantum random
lation results and security analysis demonstrate that the proposed
walk with non-linear dynamic characteristics and computation-
encryption scheme has good performance with high-level security.
al parallel characteristics provides the possibility for the con-
Keywords:
struction of PRNGs. Inspired by the above reasons, we are
Quantum Random Walk; Image Encryption; Pseudo-Random
motivated to search for a new PRNG based on the quantum
Number Generator
computation model and apply this new method on the image
encryption[7].
1 Introduction

With the rapid development of digital technologies and com-
puter network, more and more digital data carrying all kinds of
information are transmitted over the networks[1]. Because dig-
ital images can carry a large amount of information, the topic
of image security has become an important research topic for
scholars.
This paper is organized as follows. Section 2 designs the new
PRNG based on the two-dimensional QRWs. Section 3 applies
this PRNG to generate the key code streams for the use of im-
age encryption. Section 4 presents the confusion and diffusion
algorithms and the whole encryption system. Section 5 shows
the simulation results and security analysis. Section 6 reaches
a conclusion.

Traditional encryption algorithms such as DES, AES, and

IDEA have achieved good results and are widely used[2]. How-
ever, with the development of the computer, especially the birth
of quantum computer, the security of traditional encryption al-
gorithms are seriously challenged. Traditional encryption algo-
rithms are only based on mathematical computing complexity,
which can be attacked easily in the era of big data with parallel
2 2D quantum random walks
In this section, we propose the principle of two-dimensional
two-particle discrete-time QRWs and discuss how to construct
the QRWs-based PRNG by running this two-dimensional dis-
crete QRWs on a plane which includes finite nodes. To achieve


` 
*&&&

 1SPDFFEJOHT
PG
UIF

*OUFSOBUJPOBM
$POGFSFODF
PO
8BWFMFU
"OBMZTJT
BOE
1BUUFSO
3FDPHOJUJPO
/JOHCP
$IJOB

+VMZ


⎡ −1−s n1 1−n1
⎤
1 √
2 2 2
⎢ n1
s1 n1 ⎥
C1 = ⎣ √
2
√
2 ⎦
(3)
1−s1 n1
√ −1−s1
2 2 2
⎡ −1−s n2 1−n2
⎤
2 √
2 2 2
⎢ n2
s2 n2 ⎥
, C2 = ⎣ √
2
√
2 ⎦
(4)
1−s2 n2
√ −1−s2
2 2 2

The variables s and n satisfy the condition of s2 + n2 = 1.

FIGURE 1. Conditional shift of quantum For the quantum with the initial state of |0, 1c ⊗ |0, 0p , the
process of walk in the first step is shown below:
C·S
the two-dimensional QRWs, we define the position Hilbert s- |0, 0p ⊗ |0, 1c −−→ −(1+s )n
√1 2 | − 1, −1p ⊗ |0, 0c +
2 2
pace Hp = {|x, y : x, y ∈ Z} and the coin Hilbert space −(1+s1 )s2
2
| − 1, 0p ⊗ |0, 1c +
Hc = {|a, b : a, b ∈ {0, 1, 2}}. States of the total system are −(1+s1 )n2
√ | − 1, 1p ⊗ |0, 2c +
2 2
in the space H = Hc ⊗ Hp . The unitary evolution of the entire n1 n2
2
|0, −1p ⊗ |0, 0c +
n√1 s2
quantum system U consists of two separate components which 2
|0, 0p ⊗ |0, 0c + (5)
n1 n2
are flipping coin operation and conditional shift operation[8]: 2
|0, 1p ⊗ |0, 0c +
(1−s1 )n2
U = S · (C ⊗ I) (1) √
2 2
|1, −1p ⊗ |0, 0c +
(1−s1 )s2
2
|1, 0p ⊗ |0, 0c +
Where I is the identity operator and C is the flipping oper- p (1−s )n
√1 2 |1, 1p ⊗ |0, 0c
2 2

ator applied to the coin state, the coin state a determines the
direction of movement on x axis and b determines the direction
on y axis. The coin states of the two particles are both assigned And the probability of locating the quantum at position (x, y)
to a value of 3 in order to let the walker be able to reach all after t steps is:
 2
the nine positions nearby include the original position as fig- t
P (x, y, t) = x, y, a, b|(Û ) |φinitial (6)
ure 1 shows. And if the walker moves out of the boundary of a,b∈{0,1,2}
the plane, the next position is regarded as the boundary on the
other side. The conditional shift operator on the plane can be
expressed by equation 2 taking a=0 and b=0 as an example: 3 Pseudo random number generator based on quan-
S|0, 0, x, y = |0, 0, x − 1, y − 1 (2) tum random
walks

TABLE 1. All the conditions of shifting on one step.

Choose the initial parameters (M, N, (α, β), t, s1 , s2 ) of the
2D discrete-time QRWs on the plane of M × N size. Here α, β
a b x y are the initial states of the particles which are three-dimensional
0 0 -1 0 vectors. The variable t is the step number whose value is in the
0 1 -1 0 domain of positive integer. And s1 and s2 are the parameters
0 2 -1 +1 of the two coin matrixes C1 and C2 .By repeating the process of
1 0 0 -1 the coin flipping and the conditional shifting as shown above,
1 1 0 0
the QRWs system can be implemented after the specified steps
1 2 0 +1
2 0 +1 -1 and generate a probability distribution P [7].
2 1 +1 0 ⎡ ⎤
p11 p12 ··· ··· p1N
2 2 +1 +1
⎢ p21 p22 ··· ··· p2N ⎥
⎢ ⎥
⎢ .. .. .. .. .. ⎥
P =⎢
⎢ . . . . . ⎥⎥ (7)
⎢ . .. .. .. .. ⎥
The coin flipping operator C is separated into two operators ⎣ .. . . . . ⎦
C1 and C2 which are shown below, and they satisfy the condi- pM 1 pM 2 ··· ··· pM N M ×N
tion of C = C1 ⊗ C2 .


 1SPDFFEJOHT
PG
UIF

*OUFSOBUJPOBM
$POGFSFODF
PO
8BWFMFU
"OBMZTJT
BOE
1BUUFSO
3FDPHOJUJPO
/JOHCP
$IJOB

+VMZ


Due to the big difference of the magnitude in the probability Original image
Diffusion(I) Confusion Diffusion(II)
Cipher image
PM*N CM*N
distribution, we evaluate the magnitudes of the probabilities:
Secret code stream
k(x, y) = f loor(log10 (P (x, y))) (8) generator

Plaintext-related
Secret Key Secret code stream
generator

And in order to get the valid numbers the probability distri-

bution P (x, y) is transformed in equation 9: FIGURE 2. Encryption Scheme

P1 (x, y) = P (x, y) × (−k(x, y)) (9)

Cipher image Original image
Diffusion(II) Confusion Diffusion(I)
CM*N PM*N

All the elements in P1 (x, y) are double type in range of

(1, 10).To fit the gray-scale image, the elements of the matrix Secret code stream
generator

should be in the range of [0, 256], so the distribution P1 (x, y) Ciphertext-related

Secret Key Secret code stream
is transformed into an available code stream X(x, y) in the fol- generator

lowing equation:
FIGURE 3. Decryption Scheme
X(x, y) = (f loor(P1 (x, y) × 1013 )) mod 256 (10)

Algorithm 1 Diffusion I: The plain image P is converted in to

4 2D-QRWs based image encryption and decryption
the matrix A after diffusion.
shceme Input: The plain image P , matrix X, key r 1
Output: Matrix A
Process
Using 2D-QRWs, this section further designs a new image if the position is (1, 1)
encryption scheme. The chaotic matrixes X, Y , Z are generat- A(1, 1) = P (1, 1) + X(1, 1) + r1 mod 256
ed by the proposed PRNG in the previous section with different else if the position is first row
step numbers x, y and z. The chaotic matrix X and Z are used for j in 2 : 1 : N do
A(1, j) = P (i, j) + A(1, j − 1) + X(i, j) mod 256
for the process of Diffusion I and Diffusion II and they are un- end for
related to the plaintext. The chaotic matrix Y is required to else if the position is first column
be plaintext-related. So the distribution is transformed in the for i in 2 : 1 : M do
A(i − 1) = P (i − 1) + A(i − 1, 1) + X(i − 1) mod 256
equation 11[2]:
end for
else
Y (x, y) =(f loor(P1 (x, y) × 1013 )) mod L for i in 2 : 1 : M , j in 2 : 1 : N do
(11) A(i, j) = P (i, j) + A(i, j − 1) + A(i − 1, j) + X(i, j) mod 256
(L =max ∗ (M, N )) end for
end Process

The secret key of this 2D-QRWs based encryption system

includes the initial state vectors (α, β), The two vectors (α, β)
of the initial states of the particles which satisfy the condition 5 Simulation Results
of |α|2 = |β|2 = 1[6]. Step numbers {x, y, z}, the parameters
of the coin matrixes {s1 , s2 } and three 8-bit random number-
s {r1 , r2 , r3 } used in the confusion and diffusion operations. We select three typical images in the size of 256*256 as
According to figure 2 and figure 3, the algorithm of encryption experimental pictures and encrypt them √
with the secret key
and decryption are shown in algorithm 1,2 and 3. [(1, 0, 0), (0, 1, 0), {130, 140, 150}, { 22 , 12 }, {56, 212, 85}].
The original images and the respective cipher images and
decrypted images are shown in the figure 4. As we can be seen
The decryption process is the reverse of the encryption pro- from the figure 4 that the cipher images are noise-like images
cess. The recipient can decrypt the cipher image C and recover without any visual information leakage. And the decrypted
the original image P if he has the secret key[9]. images are the same as the original images.


 1SPDFFEJOHT
PG
UIF

*OUFSOBUJPOBM
$POGFSFODF
PO
8BWFMFU
"OBMZTJT
BOE
1BUUFSO
3FDPHOJUJPO
/JOHCP
$IJOB

+VMZ


Algorithm 2 Confusion(Shuffling): The matrix A is converted

into matrix E after several steps of shuffling
Input: The matrix A from algorithm I, matrix Y , key r2
Output: Matrix E
Process
Step 1:Swap A(i, j) and A(m, n) convert A into D
m = Y (i, j) + Y (i, N ) + A(i, N ) + A(M, N ) mod N ,
i = 1 : 1 : M − 1, j = 1 : 1 : N − 1
n = Y (i, j) + Y (M, j) + A(M, j) + A(M, N ) mod N ,
i = 1 : 1 : M − 1, j = 1 : 1 : N − 1
Step 2:Swap D(m, j) and D(m, n)
m = Y (M, j) + Y (M, N ) + D(M, N ) mod M
j =1:1:N −1
n = sum(D(1 : 1 : M − 1, j)) + Y (M, N ) + D(M, N ) mod N ,
j =1:1:N −1
Step3:Swap D(i, N ) and D(m, n)
m = Y (i, N ) + Y (M, N ) + D(M, N ) mod M , FIGURE 4. Simulation results. In left, the plain images: Lena, Baboon,
i=1:1:M −1 Pepper; In middle is the cipher images respectively; right is the recovered
n = sum(D(1, 1 : 1 : N − 1)) + Y (M, N ) + D(M, N ) mod N , images from cipher image.
i=1:1:M −1
Step4:Convert D into E, swap E(M, N ) and E(m, n), denote E as B
m = sum(Y (M, 1 : 1 : N − 1)) + sum(E(M, 1 : 1 : N − 1)) mod
M
n = sum(Y (1 : 1 : M − 1, N )) + sum(E(1 : 1 : M − 1, N )) mod
M
end Process

Algorithm 3 Diffusion II: The plain image P is converted in to

the matrix C after diffusion.
Input: The confusion image B, matrix Z, key r3
Output: Matrix C is the encrypted image
Process
C(M, N ) = B(M, N ) + Z(M, N ) + r3 mod 256
for j in N − 1 : −1 : 1 do FIGURE 5. The upper row is histograms of plain image, and below is the
C(M, j) = B(M, j) + C(M, j + 1) + Z(M, j) mod 256 respective cipher image.
end for
for i in M − 1 : −1 : 1 do
C(i, N ) = B(i, N ) + C(i + 1, N ) + Z(i, N ) mod 256
end for In addition to the histogram analysis, the correlation coeffi-
for i in M − 1 : −1 : 1, j in N − 1 : −1 : 1 do cient is also necessary to measure the correlation property of
C(i, j) = B(i, j) + C(i, j + 1) + C(i + 1, j) + Z(i, j) mod 256 adjacent pixels in the original images and cipher images[9].
end for
end Process
Choose N pairs of adjacent pixels randomly from the image.
The gray scales are denoted by (xi , yi ), i = 1, 2, , N . So the
correlation coefficient rxy between x = {xi } and y = {yi }
can be calculated in the formulas below:
6 Statistical Characteristics of cipher images
cov(x, y)
rxy =  
D(x) D(y)
The histogram reflects the statistical characteristics of the N
image and is one of the important indexes to evaluate the im- 1 
cov(x, y) = (xi − E(x))(yi − E(y))
N i=1
age encryption algorithm. If the histogram distribution is close
N (12)
to uniform distribution, the statistical characteristics of the en- 1 
D(x) = (xi − E(x))2
cryption algorithm is excellent[1]. Figure 5 shows the compar- N i=1
ison of the histograms of the plain images and cipher images. N
1 
We can see that all the histograms of cipher images are close to E(x) = xi
N i=1
uniform distribution overall.


 1SPDFFEJOHT
PG
UIF

*OUFSOBUJPOBM
$POGFSFODF
PO
8BWFMFU
"OBMZTJT
BOE
1BUUFSO
3FDPHOJUJPO
/JOHCP
$IJOB

+VMZ


Here we take the selected 3 images as examples, N = 2000. 9 Plaintext Sensitivity Analysis
According to the formula to calculate the horizontal, vertical
and diagonal three directions of the correlation coefficients, the For a given plain image P1 , the corresponding cipher im-
plain image and cipher image in the three directions of the cor- age C1 is obtained by encrypting with the secret key K. Then
relation coefficients are shown in table 2. randomly choose a pixel (i, j) and in order to analyze the sen-
sitivity of the algorithm, we make minor change on this pixel
TABLE 2. Correlation coefficients of the plain and cipher images
in equation 13:
Image Horizontal Vertical Diagnoal P2 (i, j) = (P1 (i, j) + 1) mod 256 (13)
Plaintext 0.9685 0.9385 0.9167
Lena
Ciphertext -0.0213 0.0267 0.0123
Plaintext 0.6096 0.7289 0.5768 And maintain the other pixels unchanged. Assume that P2 is
Baboon
Ciphertext 0.0268 -0.0154 0.0125
Plaintext 0.9543 0.9424 0.9207
encrypted into C2 with the same secret key. Then calculate the
Pepper NPCR and UACI with the formulas mentioned below.
Ciphertext 0.0143 -0.0125 -0.0287
M N
1 
N P CR = |Sign(C1 (i.j) − C2 (i, j))| × 100%
M N i=1 j=1
(14)
M N
The correlation coefficient of the plain images are very large 1   |C1 (i.j) − C2 (i, j)|
U ACI = × 100%
which are close to 1, indicating that there is a strong correlation M N i=1 j=1 256
between the adjacent pixels of the plain images. And the cor-
relation coefficients of the cipher images are very small which
Here we test the three plain images and collect the results in
are close to 0. It shows that the proposed encryption algorith-
table 4.
m reduces the correlation between the pixels to a great extent.
These results indicate that our encryption algorithm has good TABLE 4. Results of plaintext sensitivity tests
ability to resist statistical attacks.
Index Lena Baboon Pepper Theoretical Value
NPCR 99.6094 99.6079 99.6106 99.6094
7 Encryption and Decryption Speed UACI 33.3249 33.448 33.4276 33.4635

Choose the key K = [(1, 0, 0), (0, 1, 0), {130, 140, 150},
√
{ 22 , 12 }, {56, 212, 85}]. Then the original images are encrypt- For two random noise images, the theoretical values of N-
ed and decrypted for 100 times and the mean encryption time PCR and UACI are 99.6094% and 33.4635%[2]. From the
and decryption time are shown in table 3. table we can see that the test results of are very close to the
theoretical ones. It indicates that the proposed encryption algo-
TABLE 3. Results of encryption and decryption time
rithm has excellent property of plaintext sensitivity and is able
Original Image Encryption time Decryption time to resist differential attacks.
Lena 0.1810 0.1806
Baboon 0.1802 0.1807
Pepper 0.1806 0.1806
10 Key Sensitivity Analysis

Similar to the sensibility analysis of the plaintext, if the

8 Key Space
The range of the step numbers x, y and z are al-
l (150, 300).And the parameters s1 and s2 are both in the range
of (0, 1).The step sizes of these two variables are 10−13 .The
{ri } are in the range of [0, 256]. The step sizes of the elements
in the initial state vectors (α, β) are 10−13 .So, the key space is
about 1070 .
initial parameters of the key are slightly changed, the cipher
image should change greatly. We firstly initialize the key K =
√
[(1, 0, 0), (0, 1, 0), {130, 140, 150}, { 22 , 12 }, {56, 212, 85}].
Then make minor change this secret key: change the element
of step number {x, y, z} or {r1 , r2 , r3 } by one or change the
{s1 , s2 } by 10−13 .Then use the two different secret keys to
encrypt the same plain image and calculate the NPCR and
UACI of the two cipher images just like the last section. The
results are shown in the table 5.


 1SPDFFEJOHT
PG
UIF

*OUFSOBUJPOBM
$POGFSFODF
PO
8BWFMFU
"OBMZTJT
BOE
1BUUFSO
3FDPHOJUJPO
/JOHCP
$IJOB

+VMZ


TABLE 5. Results of key sensitivity tests plain image, infinitely close to 8, proving that the encryption
Index Lena Baboon Pepper Theoretical
scheme makes the image randomly distributed.
Value
NPCR 99.5987 99.6002 99.6307 99.6094
x
UACI 33.4302 33.4977 33.3510 33.4635
12 Conclusion
NPCR 99.6216 99.6017 99.5667 99.6094
y
UACI 33.4451 33.3496 33.5039 33.4635 In summary, we have proposed a new PRNG based on a two-
NPCR 99.6109 99.6109 99.6109 99.6094 dimensional QRWs. And we applied this PRNG to generate the
z
UACI 33.4230 33.3843 33.4326 33.4635
NPCR 99.5773 99.6124 99.6429 99.6094
secret code streams for the use of image encryption. Further-
s1 more, to prove the high-level security of this encryption sys-
UACI 33.4695 33.4767 33.2604 33.4635
NPCR 99.6399 99.6033 99.5926 99.6094 tem, we have done the simulation experiment and the security
s2
UACI 33.5382 33.4631 33.5612 33.4635 analysis includes encryption and decryption speed test, key s-
r1
NPCR 99.5865 99.5728 99.5880 99.6094 pace calculation, key sensitivity and plaintext sensitivity anal-
UACI 33.3347 33.5201 33.4175 33.4635 ysis and information entropy etc. As a result, the proposed en-
NPCR 99.6307 99.5895 99.5682 99.6094 cryption scheme has many good characters and is able to resist
r2
UACI 33.4565 33.4762 33.3324 33.4635
differential attacks, statistical attacks and chosen/known plain-
NPCR 96.6629 96.6629 96.6629 99.6094
r3
UACI 33.6183 33.8190 33.8376 33.4635 text attacks and thus can be used for practical communication.

References
As can be seen in table 5, the test values are close to the
theoretical values which indicates that the proposed encryption
[1] Zhongyun Hua and Yicong Zhou. Image encryption using 2d
algorithm is sensitive to the secret key. logistic-adjusted-sine map. Information Sciences, 339:237–253,
2016.
11 Information Entropy
[2] Yong Zhang. The image encryption algorithm with plaintext-
related shuffling. IETE Technical Review, 33(3):310–322, 2016.
Information entropy is used to determine the randomness of
cipher images, the ideal value is 8. We use the proposed scheme [3] A Akhshani, A Akhavan, S-C Lim, and Z Hassan. An image en-
cryption scheme based on quantum logistic map. Communication-
to encrypt the three pictures separately and calculate the infor-
s in Nonlinear Science and Numerical Simulation, 17(12):4653–
mation entropy in the formula of their original image and cipher
4661, 2012.
image respectively.
[4] Yu-Guang Yang, Xin Jia, Si-Jia Sun, and Qing-Xiang Pan. Quan-
L

H(m) = − p(mi ) log2 p(mi ) (15) tum cryptographic algorithm for color images using quantum
i=0 fourier transform and double random-phase encoding. Informa-
tion Sciences, 277:445–457, 2014.
Where L is the gray scale level of the image and p(mi ) is the [5] Ri-Gui Zhou, Qian Wu, Man-Qun Zhang, and Chen-Yi Shen.
emergence probability of gray value i. Quantum image encryption and decryption algorithms based on
quantum image geometric transformations. International Journal
TABLE 6. Results of information entropy tests of Theoretical Physics, 52(6):1802–1817, 2013.

plaintext 7.5770 [6] G Benetti and G Casati. Principles of quantum computation and
Lena
ciphertext 7.9970 infornmation. 2005.
plaintext 7.3891
Baboon [7] Yu-Guang Yang and Qian-Qian Zhao. Novel pseudo-random
ciphertext 7.9971
plaintext 7.5868 number generator based on quantum random walks. Scientific re-
Pepper
ciphertext 7.9972 ports, 6, 2016.
[8] Julia Kempe. Quantum random walks: an introductory overview.
Contemporary Physics, 44(4):307–327, 2003.
As shown in table 6, from which we know that the value of [9] Yicong Zhou, Long Bao, and CL Philip Chen. Image encryption
the original images information entropy is much lower than 8. using a new parametric switching chaotic system. Signal process-
Because the image redundancy is relatively high. The informa- ing, 93(11):3039–3052, 2013.
tion entropy of the cipher images is much larger than that of the