Next Article in Journal
Bayesian Compressive Sensing of Sparse Signals with Unknown Clustering Patterns
Next Article in Special Issue
On Structural Entropy and Spatial Filling Factor Analysis of Colonoscopy Pictures
Previous Article in Journal / Special Issue
Entropy and Contrast Enhancement of Infrared Thermal Images Using the Multiscale Top-Hat Transform
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Breaking an Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos

1
School of Automation, Guangdong University of Technology, Guangzhou 510006, China
2
School of Automation Science and Electrical Engineering, State Key Laboratory of Software Development Environment, and Beijing Advanced Innovation Center for Big Data and Brain Computing, Beihang University, Beijing 100191, China
*
Author to whom correspondence should be addressed.
Entropy 2019, 21(3), 246; https://doi.org/10.3390/e21030246
Submission received: 3 February 2019 / Revised: 26 February 2019 / Accepted: 26 February 2019 / Published: 5 March 2019
(This article belongs to the Special Issue Entropy in Image Analysis)

Abstract

:
Recently, an image encryption algorithm based on DNA encoding and spatiotemporal chaos (IEA-DESC) was proposed. In IEA-DESC, pixel diffusion, DNA encoding, DNA-base permutation and DNA decoding are performed successively to generate cipher-images from the plain-images. Some security analyses and simulation results are given to prove that it can withstand various common attacks. However, in this paper, it is found that IEA-DESC has some inherent security defects as follows: (1) the pixel diffusion is invalid for attackers from the perspective of cryptanalysis; (2) the combination of DNA encoding and DNA decoding is equivalent to bitwise complement; (3) the DNA-base permutation is actually a fixed position shuffling operation for quaternary elements, which has been proved to be insecure. In summary, IEA-DESC is essentially a combination of a fixed DNA-base position permutation and bitwise complement. Therefore, IEA-DESC can be equivalently represented as simplified form, and its security solely depends on the equivalent secret key. So the equivalent secret key of IEA-DESC can be recovered using chosen-plaintext attack and chosen-ciphertext attack, respectively. Theoretical analysis and experimental results show that the two attack methods are both effective and efficient.

1. Introduction

With the rapid development of information technologies such as mobile Internet, cloud computing, social networking, and Big Data, the security of multimedia data such as image and video has attracted more and more attention [1,2,3]. Image is an important part of multimedia data, and its encryption protection techniques are particularly interesting [4,5]. In the past three decades, many novel image encryption schemes based on various methodologies were proposed, such as chaos theory [6], DNA computing [7], cellular automaton [8,9], and quantum information [9,10]. Among them, chaos is the most popular one because it has the unique characteristics of sensitivity to initial values and parameters, ergodicity, and deterministic inherent randomness [11,12,13,14,15,16], which correspond to the confusion and diffusion properties of encryption [17]. Moreover, DNA computing has the characteristics of high parallelism, large storage capacity, and low energy consumption [7]. Hence, researches on image encryption schemes combined with chaos theory and DNA computing have become a hot topic in recent years [18,19,20]. Nevertheless, many encryption schemes are actually insecure as a result of their various security defects [21,22]. Therefore, performing cryptanalysis on these existing encryption algorithms is indispensable [21,23,24].
In recent years, with the security analysis and breaking of some existing chaotic image algorithms combining DNA computing and chaos theory [25,26,27,28,29,30], research interest in cryptanalysis has become increasingly stimulated [31,32,33,34]. In 2010, Zhang et al. [25] created an image encryption method using DNA addition combined with chaotic maps. However, in 2014, Hermassi et al. [26] pointed out that the algorithm in Reference [25] was irreversible and was vulnerable to the chosen-plaintext attack and the known-plaintext attack. In 2015, Zhen et al. [27] proposed an image encryption scheme combining DNA coding and entropy. Nonetheless, in 2016, Su et al. [28] pointed out that the algorithm of Reference [27] was insecure and could be broken using the chosen-plaintext attack. In 2016, Jain et al. [29] proposed a robust DNA chaotic image encryption scheme based on Reference [25] and Reference [26]. Whereas, in 2017, Dou et al. [30] used the chosen-plaintext attack method to break the algorithm proposed in Reference [29]. In addition, Özkaynak et al. [33] and Zhang et al. [34] further concluded that an encryption algorithm may lead to the existence of an equivalent secret key if only a single DNA encoding and operation rule is employed.
Generally speaking, cryptanalysis becomes more difficult as the level of encryption design increases [35]. However, there are still some existing algorithms that can be broken owing to their inherent defects [36]. Moreover, since each encryption algorithm has natural features, the corresponding attack method may also be different. Therefore, it makes sense, even if a similar attack method is used, to reveal the intrinsic characteristics of the different encryption algorithms.
In 2015, an image encryption algorithm based on DNA encoding and spatiotemporal chaos (IEA-DESC) was proposed [37]. In IEA-DESC, pixel diffusion, DNA encoding, DNA-base permutation, and DNA decoding are adopted successively to obtain cipher-images from plain-images. Some security analyses and simulation results are given to prove that it can withstand various common attacks. Despite this, according to the basic criteria of cryptanalysis, some findings in IEA-DESC can be given as follows:
(1)
Its pixel diffusion is invalid for attackers.
In IEA-DESC, there is no external secret key during the pixel diffusion phase. According to the cryptographic principle proposed by Kerckhoffs [38], the algorithm is public for attackers. Therefore, its pixel diffusion is essentially useless.
(2)
The combination of DNA encoding and DNA decoding can be equivalently simplified.
Although the DNA encoding rule is related to the plain-image, there is a certain relationship between its decoding rule and its encoding rule. This leads to the fact that for any binary bit, the output is the complement of the input after DNA encoding and DNA decoding. Hence, DNA encoding and DNA decoding are a complementary process on the whole.
(3)
The sequences for DNA-base permutation are fixed for different plain-images.
During IEA-DESC’s DNA-base permutation, the chaos-based sequences for encryption are neither associated with plain-image nor cipher-image. Thus, on the basis of the basic rules of cryptanalysis, under the condition of a given secret key, the encryption sequences are fixed for different plain-images. Once the attackers obtain these sequences, i.e., an equivalent secret key, the DNA-base permutation is deciphered.
On the basis of the above properties, IEA-DESC’s pixel diffusion is invalid, and therefore, its security depends only on the DNA domain encryption. Unfortunately, an equivalent secret key exists in the overall DNA domain encryption phase. More specifically, the DNA-based encryption algorithm is essentially a permutation-only process of a quaternary element. Yet, permutation-only encryption algorithms have been analyzed to be insecure [39,40]. Therefore, in this paper, two attack methods for breaking IEA-DESC using the chosen-plaintext attack and chosen-ciphertext attack are proposed, respectively.
The rest of the paper is organized as follows. Section 2 concisely describes IEA-DESC. Section 3 proposes two different attack methods on IEA-DESC. Section 4 presents the experimental simulation results. Section 5 gives some improvement suggestions for the security of chaos-based encryption algorithms. The last section concludes the paper.

2. The Encryption Algorithm under Study

In this section, the DNA coding rules and spatiotemporal chaos used in Reference [37] are introduced, and then the specific steps of IEA-DESC are detailed.

2.1. DNA Coding Rules

A DNA sequence includes four kinds of nucleic acid bases: A, T, C, and G. With respect to these four bases, the total number of coding combinations is 4 ! = 24 . However, there are only eight kinds of coding combinations because these four bases satisfy the principle of complementary base pairs. More precisely, A and T are complementary to each other, as are C and G. Table 1 shows the eight DNA coding rules.

2.2. Spatiotemporal Chaos

Two discrete chaotic maps are used in IEA-DESC [37], one is the logistic map and the other is a spatiotemporal chaos map based on the so-called new chaotic algorithm (NCA) given in Reference [41]. The iterative equation of the Logistic map is represented as
x n + 1 = μ x n ( 1 x n ) ,
where the state variable x ( 0 , 1 ) and the control parameter μ ( 3.57 , 4 ) . The structure of the functional graph of the Logistic map in a digital computer is quantitatively analyzed in Reference [16].
The spatiotemporal chaos is a dynamic system using discrete time and space, in which the coupled map lattice (CML) is its most common model. The iterative equation of NCA-based CML is modeled by
x n + 1 ( i ) = ( 1 ε ) f ( x n ( i ) ) + ε f x n ( i 1 ) + f x n ( i + 1 ) / 2 , f ( x ) = ( 1 β 4 ) · ctg ( α / ( 1 + β ) ) · ( 1 + 1 / β ) β · tg ( α x n ) · ( 1 x ) β ,
where the spatial lattice index i = 1 , 2 , , L , the time grid index n = 1 , 2 , , the coupling strength ε ( 0 , 1 ) , the state variable x n ( i ) ( 0 , 1 ) , and the periodic boundary condition is x n ( 0 ) = x n ( L ) . The second equation of Equation (2) is the so-called NCA, which is actually an improved logistic map. Given the parameters α = 1.57 , β = 3.5 , ε = 0.3 , and L = 1024 , the system is chaotic, and its attractor is shown in Figure 1.

2.3. Description of IEA-DESC

2.3.1. Secret Key

The secret key of IEA-DESC consists of x 0 , μ , K 0 , N 0 , α , β , ε , and L, where x 0 , μ , K 0 , and N 0 are the parameters of the logistic map, α , β , ε , and L are the parameters of NCA-based CML, and N 0 is the length of discarded sequence for eliminating harmful transient effects.

2.3.2. Encryption Process

The encryption objects of IEA-DESC are 8-bit grayscale images of size H × W (height × width). For convenience, the symbolic representation is different without changing the original algorithm. A block diagram of IEA-DESC is shown in Figure 2, where P , P , and C are the plain-image, the diffused image, and the cipher-image, respectively. As can be seen from Figure 2, the encryption process of IEA-DESC includes four phases: pixel diffusion, DNA encoding, DNA-base permutation, and DNA decoding.
The specific descriptions of IEA-DESC are given as follows:
  • Phase 1. Pixel Diffusion:
    By converting the plain-image P into the corresponding sequence p 1 , p 2 , , p H × W in raster scanning order, the pixel diffusion equation is defined as
    p 1 = p 1 p H × W , p i + 1 = p i p i ,
    where i = 1 , 2 , , H × W 1 , and ⊕ represents the bitwise XOR operation. Thus, the diffused image P of size H × W is obtained from the diffused sequence p 1 , p 2 , , p H × W .
  • Phase 2. DNA Encoding:
    Calculating the sum of the plain-image pixels, the K 0 -th iteration value x K 0 is obtained by Equation (1) under the initial value x 0 and the control parameter μ . The DNA encoding rule r E , as in Table 1, is further determined by
    r E = x K 0 × 8 + 1 ,
    where r E [ 1 , 8 ] , and a rounds the element a to the nearest integer toward minus infinity. Then, by the r E -th encoding rule in Table 1, the diffused image P of size H × W is firstly converted into the corresponding binary matrix of size H × 8 W , and then encoded as the DNA matrix D 1 of size H × 4 W .
  • Phase 3. DNA-Base Permutation:
    First, by iterating Equation (1) N 0 + 4 W times and then discarding the front N 0 elements under the initial value x 0 and the control parameter μ , a sequence a 1 , a 2 , , a 4 W of length 4 W is obtained. Here, the sequence a 1 , a 2 , , a 4 W is taken as an initial value of the spatiotemporal chaos called NCA-based CML. Thus, by iterating Equation (2) H times under the parameters α , β , ε , and L, a real matrix X of size H × 4 W is achieved.
    Then, by sorting each row’s elements of X in ascending order, the corresponding H row position index sequences are obtained as RI i . Using RI i to perform permutation for each row on the DNA matrix D 1 , the corresponding row permuted DNA matrix D 1 is obtained, given by
    D 1 i , k = D 1 i , RI i ( k ) ,
    where i = 1 , 2 , , H , k = 1 , 2 , , 4 W , RI i ( k ) indicates a position index of the k-th element in the i-th row, and RI i ( k ) 1 , 2 , , 4 W . Similarly, by sorting each column’s elements of X in ascending order, the corresponding 4 W column position index sequences are obtained as CI j . Using CI j to perform permutation for each column on the DNA matrix D 1 , the corresponding column permuted DNA matrix D 2 is obtained, represented as
    D 2 k , j = D 1 CI j ( k ) , j ,
    where j = 1 , 2 , , 4 W , k = 1 , 2 , , H , CI j ( k ) indicates a position index of the k-th element in the j-th column, and CI j ( k ) 1 , 2 , , H .
  • Phase 4. DNA Decoding:
    Corresponding to Equation (4), the DNA decoding rule r D is determined as
    r D = 9 r E ,
    where r D [ 1 , 8 ] . Thus, by the r D -th decoding rule in Table 1, the DNA matrix D 2 of size H × 4 W is firstly decoded as the corresponding binary matrix of size H × 8 W , and then converted into the cipher-image C of size H × W .

2.3.3. Decryption Process

Decryption is the inverse of encryption. First, the cipher-image C is converted into the DNA matrix D 2 by the r D -th encoding rule. Then, the DNA matrix D 1 is exacted from the DNA matrix D 2 after the anti-permutation. Next, the DNA matrix D 1 is decoded as the diffused image P with the r E -th decoding rule. Finally, the plain-image P is recovered by anti-diffusion decryption from Equation (3).

3. Cryptanalysis of IEA-DESC

3.1. Preliminary Analysis of IEA-DESC

According to modern cryptography principles, encryption algorithms are public and only the secret keys are unknown to attackers [42,43]. More precisely, the security of an algorithm solely depends on its secret key. Four common attack methods for cryptanalysis are shown in Table 2. A secure cryptosystem should be able to resist all types of attacks in Table 2. If a cryptosystem cannot resist anyone of these attacks, one can conclude that the cryptosystem is insecure.
By observing Figure 2, one can divide the encryption process of IEA-DESC into two parts, one is pixel diffusion, and the other is DNA domain encryption. For the pixel diffusion part, there is no secret key involved. Since the algorithm is open from the perspective of cryptanalysis, the diffusion phase of IEA-DESC is essentially invalid for the attacker.
For this reason, only the DNA domain encryption part is worthy of further discussion here. Following Equations (4) and (7), one knows that there is a definite one-to-one correspondence between DNA encoding rule r E and DNA decoding rule r D . Hence, one can list all possible pairs of DNA codec rules, given as
( r E , r D ) ( 1 , 8 ) , ( 2 , 7 ) , ( 3 , 6 ) , ( 4 , 5 ) , ( 5 , 4 ) , ( 6 , 3 ) , ( 7 , 2 ) , ( 8 , 1 ) .
Accordingly, given the eight pairs of DNA codec rules, within the binary bits before and after DNA coding, there appears a certain regularity [34]. Table 3 shows any 2-bit input and its 2-bit output with the eight pairs of DNA codec rules. As can be seen from Table 3, given any 2-bit input, no matter which DNA encoding rule is taken, the corresponding 2-bit output is the same because r E + r D = 9 holds. Put explicitly, the 2-bit input and the corresponding 2-bit output are complementary.
Furthermore, one can see that the chaos-based sequences for DNA-base permutation are fixed for different plain-images under the premise of a given secret key. Indeed, it means that an equivalent secret key exists in IEA-DESC.
On this basis, it is found that IEA-DESC is essentially a combination process of a fixed DNA-base position permutation and bitwise complement. Therefore, a simplified block diagram of IEA-DESC can be illustrated, as is shown in Figure 3, where E K P is the equivalent secret key. Once E K P is obtained, IEA-DESC will be broken. Note that the eight different pairs of DNA encoding and decoding, as in Table 3, are equivalent. For simplicity, one sets r E = 1 and r D = 8 , i.e., the first DNA encoding rule and the eighth DNA decoding rule are adopted below.

3.2. Analysis of DNA-Base Permutation

To obtain the equivalent secret key E K P , performing analysis on the DNA-base permutation is significant. Since DNA only has four different bases, the essence of DNA-base permutation is a position shuffling procedure for a quaternary matrix of size H × 4 W .
Supposing that one has an input matrix PV of size H × 4 W which satisfies that each element is unequal, and its corresponding one-dimensional sequence in the raster scanning order is 0 , 1 , 2 , , 4 H W 1 . Letting Z m denote a set 0 , 1 , , m 1 , one has PV Z 4 H W . Obviously, after a position permutation, the output matrix CV corresponding to the input matrix PV also has the feature that all elements are not equal to each other. According to the assumption of the chosen-plaintext attack in Table 2, one can know both PV and CV . Thus, the equivalent secret key can be determined by comparing the elements before and after the permutation.
However, since each DNA-base only takes four values, A, G, C, and T, such an input matrix PV does not exist. To cope with the problem, an appropriate transformation is inevitable. Therefore, the specific analysis steps to determine the equivalent secret key E K P , as in Figure 3, are detailed as follows:
Step 1.
Decompose the virtual matrix PV of size H × 4 W into some quaternary matrices of the same size.
The virtual matrix PV is firstly decomposed into the N C corresponding quaternary matrices PQ n ( n = 1 , 2 , , N C ) , defined by
PV = n = 1 N C 4 n 1 PQ n = PQ 1 + 4 PQ 2 + 4 2 PQ 3 + + 4 N C 1 PQ N C ,
where PV Z 4 H W , PQ n Z 4 , and N C is the minimum amount required to ensure this decomposition method. Referring to Reference [39], generally one has
N C = log 4 ( H × 4 W ) = 1 + log 4 ( H W ) ,
where a rounds the element a to the nearest integer toward positive infinity.
Step 2.
Transform these quaternary matrices into the 8-bit images of size H × W , respectively.
The quaternary matrices PQ n ( n = 1 , 2 , , N C ) are transformed into the corresponding decimal matrices using the method whereby every four quaternary elements are combined into a decimal one in order from low to high. For instance, given four quaternary elements are 0, 1, 2, and 3, one gets the corresponding decimal result as 228 because of its combination procedure: 0 × 1 + 1 × 4 + 2 × 4 2 + 3 × 4 3 . In fact, these decimal matrices are the resulting 8-bit images PI n ( n = 1 , 2 , , N C ) of size H × W .
Step 3.
Temporarily use the encryption machine to obtain the N C corresponding cipher-images.
Following Figure 3, the diffused image P is deemed as an input plain-image. As for the chosen-plaintext attack in Table 2, the input plain-images can be arbitrarily chosen, and the encryption machine can be temporarily used. Therefore, one gets the N C cipher-images CI n ( n = 1 , 2 , , N C ) corresponding to the input plain-images PI n ( n = 1 , 2 , , N C ) , respectively, after the encryption. Obviously, one has PI n Z 256 and CI n Z 256 .
As shown in Figure 3, it takes three phases from PI n to CI n : DNA encoding, DNA-base permutation, and DNA decoding. First, the N C plain-images PI n are encoded as the corresponding DNA matrices with the first DNA encoding rule of Table 1. Then, the permuted DNA matrices are further obtained after a DNA-base permutation. Finally, the N C corresponding cipher-images CI n are decoded from the permuted DNA matrices with the eighth DNA decoding rule.
Step 4.
Convert these 8-bit cipher-images into the quaternary matrices of size H × 4 W , respectively.
Note that the eighth DNA decoding rule corresponds to the first DNA encoding rule, and the combination process of DNA encoding and DNA decoding is bitwise complement analyzed as in Table 3. Therefore, the complement operation cannot be ignored.
First, similar to the method in Step 2, the N C 8-bit cipher-images CI n ( n = 1 , 2 , , N C ) of size H × W are converted to the corresponding quaternary matrices CQ n ( n = 1 , 2 , , N C ) of size H × 4 W . Then, the corresponding complementary quaternary matrices CQ ¯ n ( n = 1 , 2 , , N C ) can be obtained from these quaternary matrices CQ n ( n = 1 , 2 , , N C ) , respectively. Here, the quaternary complement operation is defined as being subtracted by 3. Specifically, the complements of 0, 1, 2, and 3 are 3, 2, 1, and 0, respectively.
Step 5.
Compose the N C complementary quaternary matrices into a virtual matrix of size H × 4 W .
Corresponding to Equation (9), the virtual matrix CV is composed from the N C complementary quaternary matrices CQ ¯ n ( n = 1 , 2 , , N C ) , given as
CV = n = 1 N C 4 n 1 CQ ¯ n = CQ ¯ 1 + 4 CQ ¯ 2 + 4 2 CQ ¯ 3 + + 4 N C 1 CQ ¯ N C ,
where CV Z 4 H W , and CQ ¯ n Z 4 .
Step 6.
Obtain the equivalent secret key E K P .
Finally, E K P is obtained by comparing all the different elements of PV and CV .
To better illustrate this analysis process, a simple example is taken. Let a input virtual matrix PV of size 4 × 4 be
PV = 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 .
First, following Steps 1 and 2, one gets two quaternary matrices PQ 1 and PQ 2 , the two 8-bit images PI 1 and PI 2 , and their corresponding DNA matrices as below:
PQ 1 = 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 PI 1 = 228 228 228 228 r E = 1 A G C T A G C T A G C T A G C T ,
PQ 2 = 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 PI 2 = 0 85 170 255 r E = 1 A A A A G G G G C C C C T T T T .
Then, as in Steps 3 and 4, supposing that the procedure of DNA-base permutation is given in Figure 4, one obtains the two cipher-images CI 1 and CI 2 , their corresponding DNA matrices, and the two quaternary ones CQ 1 and CQ 2 via
CQ 1 = 2 1 2 0 1 3 2 3 0 1 2 3 0 1 3 0 CI 1 = 38 237 228 52 r D = 8 G C G T C A G A T C G A T C A T ,
CQ 2 = 0 0 1 0 1 2 2 3 1 2 3 0 2 3 1 3 CI 2 = 16 233 57 222 r D = 8 T T C T C G G A C G A T G A C A .
Correspondingly, one gets the two complementary quaternary matrices CQ ¯ 1 and CQ ¯ 2 as
CQ ¯ 1 = 1 2 1 3 2 0 1 0 3 2 1 0 3 2 0 3 , CQ ¯ 2 = 3 3 2 3 2 1 1 0 2 1 0 3 1 0 2 0 .
Next, as in Step 5, one obtains the corresponding output virtual matrix as
CV = 13 14 9 15 10 4 5 0 11 6 1 12 7 2 8 3 .
Finally, the equivalent secret key E K P is achieved with Step 6.
On the basis of the above discussion, one can conclude that the encryption algorithm given in Figure 3 can be broken just with the equivalent secret key E K P without knowing any secret key parameter.

3.3. Breaking IEA-DESC Using the Chosen-Plaintext Attack

Following Section 3.2, the diffused image P is considered as the input of the cryptosystem. However, as shown in Figure 2, the actual input of IEA-DESC is the plain-image P rather than the diffused image P . To accommodate to this change, the input chosen plain-image should be adjusted accordingly.
According to the analysis in Section 3.1, the pixel diffusion part of IEA-DESC is actually useless for attackers. Under the premise that the algorithm is known, there is a certain one-to-one correspondence between the diffused image and the plain-image. Therefore, for 8-bit grayscale images of size H × W , the specific analysis steps for the chosen-plaintext attack are given as follows:
Step 1.
Choose some special plain-images.
The N C 8-bit images PI n ( n = 1 , 2 , , N C ) constructed in Section 3.2 are presented as the diffused images P n ( n = 1 , 2 , , N C ) , respectively, and then their one-to-one corresponding plain-images P n ( n = 1 , 2 , , N C ) are obtained using anti-diffusion decryption, which is defined from Equation (3) as
p i = p i + 1 p i , p H × W = p 1 p 1 ,
where i = 1 , 2 , , H × W 1 , p 1 , p 2 , , p H × W and p 1 , p 2 , , p H × W are the sequences transformed by the plain-image P and the diffused image P in the raster scanning order, respectively.
Step 2.
Temporarily use the encryption machine to get the corresponding cipher-images.
On the basis of the condition of the chosen-plaintext attack, the corresponding N C cipher-images C n ( n = 1 , 2 , , N C ) are obtained from the N C plain-images P n ( n = 1 , 2 , , N C ) by temporarily using the encryption machine.
Step 3.
Achieve the equivalent DNA-base permutation secret key.
By substituting PI n ( n = 1 , 2 , , N C ) and CI n ( n = 1 , 2 , , N C ) in Section 3.2 with the diffused images P n ( n = 1 , 2 , , N C ) and the cipher-images C n ( n = 1 , 2 , , N C ) , respectively, one gets the equivalent DNA-base permutation secret key E K P with the same method as in Section 3.2.
Step 4.
Recover the images with the equivalent secret key.
First, using the equivalent secret key E K P , the corresponding diffused image can be obtained from a cipher-image. Then, the recovered plain-image is obtained from the diffused images with Equation (12).
Therefore, the chosen-plaintext attack is effective to break IEA-DESC, and its data complexity is O ( N C ) = O ( 1 + log 4 ( H W ) ) .

3.4. Breaking IEA-DESC Using the Chosen-Ciphertext Attack

Since the encryption structure of Figure 3 is symmetrical, the chosen-ciphertext attack is also available. The specific analysis steps based on the chosen-ciphertext attack are detailed below:
Step 1.
Choose some specific cipher-images and temporarily use the decryption machine to get the corresponding plain-images.
Here, the N C images { PI n } n = 1 N C in Secction Section 3.2 are served as the chosen cipher-images { C n } n = 1 N C respectively, and then temporarily use the decryption machine to get the corresponding plain-images { P n } n = 1 N C .
Step 2.
Get the corresponding diffused images.
The one-to-one corresponding N C diffused images P n ( n = 1 , 2 , , N C ) are obtained from these plain-images P n ( n = 1 , 2 , , N C ) using Equation (3).
Step 3.
Achieve the equivalent secret key.
The equivalent DNA-base permutation secret key is achieved by using the same method as Step 3 in Section 3.3.
Step 4.
Recover images with the equivalent secret key:
This step is also the same as Step 4 in Section 3.3, so it is omitted.
Therefore, the chosen-ciphertext attack is also valid for breaking IEA-DESC, and its data complexity is also O ( 1 + log 4 ( H W ) ) .

4. The Experiments for Breaking IEA-DESC

To verify the feasibility of the two proposed attack methods, some experimental simulations were performed based on a personal computer with Matlab R2016a. Similar to those in Reference [37], our experimental images are 8-bit grayscale images “Lenna” and “Peppers” of size 256 × 256 .

4.1. Breaking IEA-DESC by Chosen-Plaintext Attack

The experiment for breaking IEA-DESC was firstly carried out by the chosen-plaintext attack method proposed in Section 3.3. Given H = 256 and W = 256 , one gets N C = 1 + log 4 ( H × W ) = 9 from Equation (10). Correspondingly, the nine 8-bit images PI n ( n = 1 , 2 , , 9 ) constructed using the method in Section 3.2 are shown in Figure 5a–r.
First, following Step 1 in Section 3.3, the nine special images shown in Figure 5 are selected as the diffused images P n ( n = 1 , 2 , , 9 ) , respectively, and then their corresponding plain-images P n ( n = 1 , 2 , , 9 ) are obtained, as shown in Figure 6a–r. Then, according to Step 2 in Section 3.3, the nine corresponding cipher-images C n ( n = 1 , 2 , , 9 ) and their histograms are obtained as shown in Figure 7a–r. Next, using the method in Step 3 in Section 3.3, the equivalent secret key E K P is obtained using the nine chosen diffused images shown in Figure 5a–r and the nine corresponding cipher-images shown in Figure 7a–r. Finally, the images are recovered using the equivalent secret key E K P . The attacking results on IEA-DESC with the 8-bit images “Lenna” and “Peppers” are shown in Figure 8a–d and Figure 9a–d, respectively.

4.2. Breaking IEA-DESC Using the Chosen-Ciphertext Attack

Accordingly, the experiment for breaking IEA-DESC is accomplished using the chosen-ciphertext attack method proposed in Section 3.4.
First, following Step 1 in Section 3.4, the nine special images shown in Figure 5 are used as the cipher-images C n ( n = 1 , 2 , , 9 ) respectively, and then their corresponding plain-images P n ( n = 1 , 2 , , 9 ) are obtained, as shown in Figure 10a–r. Then, according to Step 2 in Section 3.4, the nine corresponding diffused images P n ( n = 1 , 2 , , 9 ) and their histograms are obtained as shown in Figure 11a–r, respectively. Next, using the method in Step 3 in Section 3.4, the equivalent secret key E K P is obtained using the nine chosen cipher-images shown in Figure 5a–r and the nine corresponding diffused images shown in Figure 11a–r. Finally, the images are recovered using the equivalent secret key E K P . The attacking results on IEA-DESC with the 8-bit images “Lenna” and “Peppers” are also shown in Figure 8a–d and Figure 9a–d, respectively.

4.3. Attack Complexity

In terms of attack complexity, the running times of the chosen-plaintext attack method and the chosen-ciphertext attack method are about 2.1165 s and 2.0785 s, respectively. Moreover, given 8-bit images of size 256 × 256 , the data complexity of the two attack methods required for breaking IEA-DESC are both O ( 9 ) . Therefore, the experimental results verify that the two attack methods are both effective and efficient.

5. Suggestions for Improvement

On the basis of the analysis above, IDE-DESC can neither resist against chosen-plaintext attacks nor chosen-ciphertext attacks because of its inherent security defects. In fact, some other chaos-based ciphers also have similar vulnerabilities as mentioned in Reference [36]. To deal with these problems, some suggestions for improvement to enhance the security are given below:
(1)
Checking the validity of each encryption component is significant.
The diffusion part of IEA-DESC is invalid for the attacker because it does not involve any secret key parameter. In fact, it does not contribute to security, but increases the computational complexity of the algorithm. Therefore, the designed algorithms should be scrutinized from the perspective of cryptanalysis to ensure the validity of each encryption component.
(2)
Exploiting some novel permutation mechanisms to enhance the security.
Like other permutation-only encryption algorithms, DNA-base permutation only changes the position but does not change the value of each element. The only difference is that the element is quaternary. For permutation-only algorithms, many studies have proved that they are insecure [39,40,44]. To fulfil this demand, exploiting some novel permutation mechanisms is worthwhile.
(3)
Avoiding the existence of an equivalent secret key in the algorithm.
The encryption process of the algorithm should be associated with the characteristics of the plain-image or cipher-image [2]. Otherwise, the encryption process for different input images is completely identical, which may lead to the existence of an equivalent secret key. Once the equivalent secret key is obtained by an attacker, the encryption algorithm is broken [36].
(4)
Appropriately increasing the number of encryption rounds.
In a single-round encryption algorithm, the confusion and diffusion characteristics maybe insufficient [42]. Increasing the number of encryption rounds can effectively improve this problem. Of course, it also requires higher computational complexity [21]. Therefore, ways in which to balance safety and efficiency deserves more research.

6. Conclusions

In this paper, the security of a recent image encryption algorithm called IEA-DESC has been analyzed in detail. It was claimed that some merits of DNA encoding and spatiotemporal chaos are inherited in the algorithm. However, its algorithm structure has several inherent security pitfalls. It was found that IEA-DESC is actually a combined process of DNA-base permutation and bitwise complement from the perspective of cryptanalysis. Therefore, a chosen-plaintext attack and a chosen-ciphertext attack were proposed to recover the equivalent secret key of IEA-DESC, respectively. Both theoretical analysis and experimental results are provided to support effectiveness and efficiency of two attack methods for breaking IEA-DESC. The reported results would help the designers of DNA-based cryptography pay more attention to importance of the essential structure of an encryption scheme, instead of the elegance of the underlying theory.

Author Contributions

Methodology, H.W.; Software, H.W.; Validation, S.Y. and J.L.; Supervision, S.Y.; Project Administration, S.Y. and J.L.; Funding Acquisition, J.L.

Funding

This research was funded by the National Key Research and Development Program of China (No. 2016YFB0800401), and the National Natural Science Foundation of China (No. 61532020, 61671161).

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Özkaynak, F. Brief review on application of nonlinear dynamics in image encryption. Nonlinear Dyn. 2018, 92, 305–313. [Google Scholar] [CrossRef]
  2. Wen, H.; Yu, S.; Lü, J. Encryption algorithm based on hadoop and non-degenerate high-dimensional discrete hyperchaotic system. Acta Phys. Sin. 2017, 66, 230503. [Google Scholar] [CrossRef]
  3. Chen, S.; Yu, S.; Lü, J.; Chen, G.; He, J. Design and FPGA-based realization of a chaotic secure video communication system. IEEE Trans. Circuits Syst. Video Technol. 2018, 28, 2359–2371. [Google Scholar] [CrossRef]
  4. Fridrich, J. Symmetric ciphers based on two-dimensional chaotic maps. Int. J. Bifurc. Chaos 1998, 8, 1259–1284. [Google Scholar] [CrossRef]
  5. Chen, G.; Mao, Y.; Chui, C.K. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos Solitons Fractals 2004, 21, 749–761. [Google Scholar] [CrossRef]
  6. Lorenz, E.N. Deterministic nonperiodic flow. J. Atmos. Sci. 1963, 20, 130–141. [Google Scholar] [CrossRef]
  7. Gehani, A.; LaBean, T.; Reif, J. DNA-based cryptography. In Aspects of Molecular Computing; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2003; Volume 2950, pp. 167–188. [Google Scholar]
  8. Abdo, A.; Lian, S.; Ismail, I.; Amin, M.; Diab, H. A cryptosystem based on elementary cellular automata. Commun. Nonlinear Sci. Numer. Simul. 2013, 18, 136–147. [Google Scholar] [CrossRef]
  9. Yang, Y.G.; Tian, J.; Lei, H.; Zhou, Y.H.; Shi, W.M. Novel quantum image encryption using one-dimensional quantum cellular automata. Inf. Sci. 2016, 345, 257–270. [Google Scholar] [CrossRef]
  10. Akhshani, A.; Akhavan, A.; Lim, S.C.; Hassan, Z. An image encryption scheme based on quantum logistic map. Commun. Nonlinear Sci. Numer. Simul. 2012, 17, 4653–4661. [Google Scholar] [CrossRef]
  11. Askar, S.S.; Karawia, A.; Al-Khedhairi, A.; Al-Ammar, F.S. An algorithm of image encryption using logistic and two-dimensional chaotic economic maps. Entropy 2019, 21, 44. [Google Scholar] [CrossRef]
  12. Karawia, A. Encryption algorithm of multiple-image using mixed image elements and two dimensional chaotic economic map. Entropy 2018, 20, 801. [Google Scholar] [CrossRef]
  13. Liu, H.; Wang, X. Color image encryption using spatial bit-level permutation and high-dimension chaotic system. Opt. Commun. 2011, 284, 3895–3903. [Google Scholar] [CrossRef]
  14. He, S.; Sun, K.; Wang, H. Complexity analysis and DSP implementation of the fractional-order lorenz hyperchaotic system. Entropy 2015, 17, 8299–8311. [Google Scholar] [CrossRef]
  15. Chen, C.; Sun, K.; Peng, Y.; Alamodi, A.O. A novel control method to counteract the dynamical degradation of a digital chaotic sequence. Eur. Phys. J. Plus 2019, 134. [Google Scholar] [CrossRef]
  16. Li, C.; Feng, B.; Li, S.; Kurths, J.; Chen, G. Dynamic analysis of digital chaotic maps via state-mapping networks. IEEE Trans. Circuits Syst. I Regul. Pap. 2019, 66. [Google Scholar] [CrossRef]
  17. Shannon, C.E. Communication theory of secrecy systems. Bell Syst. Tech. J. 1949, 28, 656–715. [Google Scholar] [CrossRef]
  18. Chai, X.; Gan, Z.; Yang, K.; Chen, Y.; Liu, X. An image encryption algorithm based on the memristive hyperchaotic system, cellular automata and DNA sequence operations. Signal Process. Image Commun. 2017, 52, 6–19. [Google Scholar] [CrossRef]
  19. Zhang, L.; Sun, K.; Liu, W.; He, S. A novel color image encryption scheme using fractional-order hyperchaotic system and DNA sequence operations. Chin. Phys. B 2017, 26, 100504. [Google Scholar] [CrossRef]
  20. Chai, X.; Fu, X.; Gan, Z.; Lu, Y.; Chen, Y. A color image cryptosystem based on dynamic DNA encryption and chaos. Signal Process. 2019, 155, 44–62. [Google Scholar] [CrossRef]
  21. Li, C.; Lin, D.; Feng, B.; Lü, J.; Hao, F. Cryptanalysis of a chaotic image encryption algorithm based on information entropy. IEEE Access 2018, 6, 75834–75842. [Google Scholar] [CrossRef]
  22. Lin, Z.; Yu, S.; Feng, X.; Lü, J. Cryptanalysis of a chaotic stream cipher and its improved scheme. Int. J. Bifurc. Chaos 2018, 28, 1850086. [Google Scholar] [CrossRef]
  23. Zhu, C.; Wang, G.; Sun, K. Improved cryptanalysis and enhancements of an image encryption scheme using combined 1D chaotic maps. Entropy 2018, 20, 843. [Google Scholar] [CrossRef]
  24. Li, C.; Liu, Y.; Zhang, L.Y.; Wong, K.W. Cryptanalyzing a class of image encryption schemes based on Chinese Remainder Theorem. Signal Process. Image Commun. 2014, 29, 914–920. [Google Scholar] [CrossRef]
  25. Zhang, Q.; Guo, L.; Wei, X. Image encryption using DNA addition combining with chaotic maps. Math. Comput. Model. 2010, 52, 2028–2035. [Google Scholar] [CrossRef]
  26. Hermassi, H.; Belazi, A.; Rhouma, R.; Belghith, S.M. Security analysis of an image encryption algorithm based on a DNA addition combining with chaotic maps. Multimed. Tools Appl. 2014, 72, 2211–2224. [Google Scholar] [CrossRef]
  27. Zhen, P.; Zhao, G.; Min, L.; Jin, X. Chaos-based image encryption scheme combining DNA coding and entropy. Multimed. Tools Appl. 2016, 75, 6303–6319. [Google Scholar] [CrossRef]
  28. Su, X.; Li, W.; Hu, H. Cryptanalysis of a chaos-based image encryption scheme combining DNA coding and entropy. Multimed. Tools Appl. 2017, 76, 14021–14033. [Google Scholar] [CrossRef]
  29. Jain, A.; Rajpal, N. A robust image encryption algorithm resistant to attacks using DNA and chaotic logistic maps. Multimed. Tools Appl. 2016, 75, 5455–5472. [Google Scholar] [CrossRef]
  30. Dou, Y.; Liu, X.; Fan, H.; Li, M. Cryptanalysis of a DNA and chaos based image encryption algorithm. Optik-Int. J. Light Electron Opt. 2017, 145, 456–464. [Google Scholar] [CrossRef]
  31. Sun, S. A novel hyperchaotic image encryption scheme based on DNA encoding, pixel-level scrambling and bit-level scrambling. IEEE Photonics J. 2018, 10, 1–14. [Google Scholar] [CrossRef]
  32. Feng, W.; He, Y. Cryptanalysis and improvement of the hyper-chaotic image encryption scheme based on DNA encoding and scrambling. IEEE Photonics J. 2018, 10, 1–15. [Google Scholar] [CrossRef]
  33. Özkaynak, F.; Yavuz, S. Analysis and improvement of a novel image fusion encryption algorithm based on DNA sequence operation and hyper-chaotic system. Nonlinear Dyn. 2014, 78, 1311–1320. [Google Scholar] [CrossRef]
  34. Zhang, Y.; Xiao, D.; Wen, W.; Wong, K.W. On the security of symmetric ciphers based on DNA coding. Inf. Sci. 2014, 289, 254–261. [Google Scholar] [CrossRef]
  35. Li, C.; Lin, D.; Lü, J. Cryptanalyzing an Image-Scrambling Encryption Algorithm of Pixel Bits. IEEE Multimed. 2017, 24, 64–71. [Google Scholar] [CrossRef]
  36. Li, C.; Lin, D.; Lü, J.; Hao, F. Cryptanalyzing an image encryption algorithm based on autoblocking and electrocardiography. IEEE Multimed. 2018, 25, 46–56. [Google Scholar] [CrossRef]
  37. Song, C.; Qiao, Y. A novel image encryption algorithm based on DNA encoding and spatiotemporal chaos. Entropy 2015, 17, 6954–6968. [Google Scholar] [CrossRef]
  38. Schneier, B. Applied Cryptography—Protocols, Algorithms, and Souce Code in C, 2nd ed.; John Wiley & Sons, Inc.: New York, NY, USA, 1996. [Google Scholar]
  39. Li, C.; Lo, K.T. Optimal quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks. Signal Process. 2011, 91, 949–954. [Google Scholar] [CrossRef]
  40. Jolfaei, A.; Wu, X.W.; Muthukkumarasamy, V. On the security of permutation-only image encryption schemes. IEEE Trans. Inf. Forensics Secur. 2016, 11, 235–246. [Google Scholar] [CrossRef]
  41. Gao, H.; Zhang, Y.; Liang, S.; Li, D. A new chaotic algorithm for image encryption. Chaos Solitons Fractals 2006, 29, 393–399. [Google Scholar] [CrossRef]
  42. Alvarez, G.; Li, S. Some basic cryptographic requirements for chaos-based cryptosystems. Int. J. Bifurc. Chaos 2006, 16, 2129–2151. [Google Scholar] [CrossRef]
  43. Xie, E.Y.; Li, C.; Yu, S.; Lü, J. On the cryptanalysis of Fridrich’s chaotic image encryption scheme. Signal Process. 2017, 132, 150–154. [Google Scholar] [CrossRef]
  44. Li, C. Cracking a hierarchical chaotic image encryption algorithm based on permutation. Signal Process. 2016, 118, 203–210. [Google Scholar] [CrossRef]
Figure 1. The attractor of the new chaotic algorithm (NCA)-based coupled map lattice (CML).
Figure 1. The attractor of the new chaotic algorithm (NCA)-based coupled map lattice (CML).
Entropy 21 00246 g001
Figure 2. Block diagram of the image encryption algorithm based on DNA encoding and spatiotemporal chaos (IEA-DESC).
Figure 2. Block diagram of the image encryption algorithm based on DNA encoding and spatiotemporal chaos (IEA-DESC).
Entropy 21 00246 g002
Figure 3. Simplified block diagram of IEA-DESC.
Figure 3. Simplified block diagram of IEA-DESC.
Entropy 21 00246 g003
Figure 4. The illustration diagram of a position shuffling for matrices of size 4 × 4 .
Figure 4. The illustration diagram of a position shuffling for matrices of size 4 × 4 .
Entropy 21 00246 g004
Figure 5. The nine 8-bit special images and their corresponding histograms.
Figure 5. The nine 8-bit special images and their corresponding histograms.
Entropy 21 00246 g005
Figure 6. The nine plain-images under chosen-plaintext attack.
Figure 6. The nine plain-images under chosen-plaintext attack.
Entropy 21 00246 g006
Figure 7. The nine corresponding output cipher-images under chosen-plaintext attack.
Figure 7. The nine corresponding output cipher-images under chosen-plaintext attack.
Entropy 21 00246 g007
Figure 8. Attacking result on IEA-DESC with the 8-bit image “Lenna”.
Figure 8. Attacking result on IEA-DESC with the 8-bit image “Lenna”.
Entropy 21 00246 g008
Figure 9. Attacking result on IEA-DESC with the 8-bit image “Peppers”.
Figure 9. Attacking result on IEA-DESC with the 8-bit image “Peppers”.
Entropy 21 00246 g009
Figure 10. The nine corresponding output plain-images under chosen-ciphertext attack.
Figure 10. The nine corresponding output plain-images under chosen-ciphertext attack.
Entropy 21 00246 g010
Figure 11. The nine corresponding diffused images under chosen-ciphertext attack.
Figure 11. The nine corresponding diffused images under chosen-ciphertext attack.
Entropy 21 00246 g011
Table 1. Eight kinds of DNA coding rules.
Table 1. Eight kinds of DNA coding rules.
Rules12345678
A0000010110101111
T1111101001010000
G0110001100110110
C1001110011001001
Table 2. Four common attack methods for cryptanalysis.
Table 2. Four common attack methods for cryptanalysis.
Attack MethodsAvailable Resources for Cryptanalysis
Ciphertext-only attackThe attacker only knows the ciphertext.
Known-plaintext attackThe attacker knows any given plaintext, and also knows the corresponding ciphertext.
Chosen-plaintext attackThe attacker can choose the plaintext that would be useful for deciphering, and also knows the corresponding ciphertext.
Chosen-ciphertext attackThe attacker can choose the ciphertext that is useful for deciphering, and also knows the corresponding plaintext.
Table 3. Any 2-bit input and its 2-bit output with the eight pairs of DNA codec rules.
Table 3. Any 2-bit input and its 2-bit output with the eight pairs of DNA codec rules.
2-Bit InputDNA-Base with Encoding Rule r E 2-Bit Output with Decoding Rule r D
12345678
00AAGCGCTT11
01GCAATTCG10
10CGTTAAGC01
11TTCGCGAA00

Share and Cite

MDPI and ACS Style

Wen, H.; Yu, S.; Lü, J. Breaking an Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos. Entropy 2019, 21, 246. https://doi.org/10.3390/e21030246

AMA Style

Wen H, Yu S, Lü J. Breaking an Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos. Entropy. 2019; 21(3):246. https://doi.org/10.3390/e21030246

Chicago/Turabian Style

Wen, Heping, Simin Yu, and Jinhu Lü. 2019. "Breaking an Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos" Entropy 21, no. 3: 246. https://doi.org/10.3390/e21030246

APA Style

Wen, H., Yu, S., & Lü, J. (2019). Breaking an Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos. Entropy, 21(3), 246. https://doi.org/10.3390/e21030246

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop