A semi-symmetric image encryption scheme based on the function projective synchronization of two hyperchaotic systems

Abstract

Both symmetric and asymmetric color image encryption have advantages and disadvantages. In order to combine their advantages and try to overcome their disadvantages, chaos synchronization is used to avoid the key transmission for the proposed semi-symmetric image encryption scheme. Our scheme is a hybrid chaotic encryption algorithm, and it consists of a scrambling stage and a diffusion stage. The control law and the update rule of function projective synchronization between the 3-cell quantum cellular neural networks (QCNN) response system and the 6^th-order cellular neural network (CNN) drive system are formulated. Since the function projective synchronization is used to synchronize the response system and drive system, Alice and Bob got the key by two different chaotic systems independently and avoid the key transmission by some extra security links, which prevents security key leakage during the transmission. Both numerical simulations and security analyses such as information entropy analysis, differential attack are conducted to verify the feasibility, security, and efficiency of the proposed scheme.

Introduction

With the rapid growth of broadband communication, multimedia transmission has increased over the Internet, which makes information and communication systems more vulnerable. Image security has attracted a huge amount of attention due to the widespread interconnection of almost all devices and communication networks. Image encryption differs from text encryption due to bulk data capacity, high redundancy and a strong correlation between adjacent pixels.

Since Matthews [1] first proposed the chaos encryption algorithm in 1989, many studies have indicated that chaotic encryption are suitable for bulk data due to its favorable properties, such as complex and nonlinear, high sensitivity to initial conditions, control parameters, non-periodicity, and a pseudorandom nature.

Many image encryption algorithms [2–25] based on chaos have been developed in last decades to ensure the security of digital images transmission and storage. Most of them adopted permutation-diffusion mechanism [3–7, 11, 16, 17, 19, 21], in which permuting the positions of image pixels incorporates with changing gray values of image pixels to confuse the relationship between the cipher image and the plain image.

A previous study [26]proposed an image encryption/decryption algorithm with compound chaos mapping, in addition, a hyperchaotic system based on chaotic control parameters was put forward. Another study [27] presented an image encryption scheme on the foundation of multiple chaotic maps while an alternate work [28] proposed an image encryption algorithm on the basis of rotation matrix bit-level permutation and block diffusion. Akram Belazi proposed several image encryption schemes [23–25] based on chaos and obtained the good encryption effect. An encryption method on the basis of reversible cellular automata combined with chaos has also been designed in [12]. Ref [29] presented a color image encryption scheme on the foundation of the quantum chaotic system.

According to the type of the key usage, encryption algorithm can be divided into symmetric encryption and asymmetric encryption. The same secret key is used to encrypt and decrypt in symmetric encryption algorithms. Most chaos image encryption schemes are based on symmetric cryptographic techniques, which have been proven to be more vulnerable than an asymmetric cryptosystem [30].

Common symmetric encryption algorithms include DES, 3DES and AES. They are widely used due to their advantages such as great speed, relatively low complexity as well as easy implementation in hardware. Since both encryption and decryption sides should configure the key by some extra methods, once the key is divulged the cryptosystems will be broken. Furthermore, each pair of users need choose a unique key that nobody else knows. This makes the quantity of key to be growing exponentially.

Asymmetric encryption differs from symmetric encryption that it requires a key pair: a public key for encryption and a corresponding private key for decryption which is known only to the owner. The most common asymmetric encryption algorithm is RSA. In an asymmetric key cryptosystem, any user can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver’s private key [31]. It is unlike symmetric encryption to share the key, asymmetric encryption do not require a secure channel for the initial exchange of the key from transmitter to receiver. Although asymmetric cryptosystem has so many advantages, it also has disadvantages. For example, it is extremely difficult to factorize large numbers in order to obtain sufficiently long keys especially enormous data.

Since Pecora and Corrall found the drive-response chaos synchronization phenomena [32], a lot of synchronization schemes have been proposed, such as complete synchronization, generalized synchronization, phase synchronization, lag synchronization, projective synchronization. Two chaotic systems synchronization phenomenon is similar to the asymmetric key mechanism, and they can synchronize with each other if they exchange information in just the right way. This motivates us to use chaos synchronization to avoid the key transmission in order to combine the advantage of the symmetric and asymmetric encryption and try to overcome their shortcomings.

In this paper, we propose a new color image cryptosystem using a synchronization scheme for a 3-cell QCNN [33] and a 6^th-order CNN [34]. The 3-cell QCNN is regarded as the response system and the 6th order CNN is used for the drive system. In order to synchronize the drive-response system, the control law for stable synchronization errors and the update rule for unknown parameters estimation are given. The function projective synchronization [35] is treated as the decryption key generator. We prove that the 6^th-order CNN drive system and the 3-cell QCNN response system are asymptotically synchronized. Numerical simulations and security analyses such as information entropy analysis, differential attack are performed to verify the feasibility of the proposed scheme. As similar as the asymmetric encryption, our scheme does not require exchange key, and it effectively avoids the threat of key exposure, therefore, it will be called Semi-Symmetric encryption scheme.

The rest of the paper is organized as follows: In the next section, we briefly describe the 3-cell QCNN system and the 6^th-order CNN system used in our scheme. In Section 3, the function projection synchronization between the response system and the drive system is presented. Section 4 gives the semi-symmetric encryption scheme. The experimental results and performance analyses are given in Section 5. Section 6 concludes the paper.

System descriptions

3-cell QCNN hyperchaotic system

Quantum dots and quantum cellular automata (QCA) [36] constitute new types of semiconductor nano-materials that have many unique nano-features. The k^th QCA state equation is obtained by the Schrödinger equation [36]:

$$\begin{array}{ccc}\hfill i\hslash \frac{\partial }{\partial t}{P}_k& =& -2\gamma \sqrt{1-P_k^2}sin{\phi }_k\hfill \\ \hfill i\hslash \frac{\partial }{\partial t}\phi {}_k& =& -E_k{\overline{P}}_k+2\gamma \frac{P_k}{\sqrt{1-P_k^2}}cos{\phi }_k\hfill \end{array}$$ (1)

where ℏ is Planck’s constant, γ is the inter-dot tunneling energy, which takes into account the neighboring polarizations, and E_k is the electrostatic energy cost of two adjacent fully polarized cells that have opposite polarization. The effect of local interconnections is considered in the term ${\overline{P}}_k$; and φ_k is a quantum phase of the QCA. Eq (1) constitutes the QCNN state equations and its dynamics are characterized by two variables, P_k and ϕ_k. A 3–cell QCNN system can be described as Eq (2):

$$\begin{array}{ccc}\hfill {\dot{P}}_1& =& -2b_{01}\sqrt{1-P_1^2}sin{\varphi }_1\hfill \\ \hfill {\dot{\varphi }}_1& =& -{\omega }_{01}(P_1-P_2-P_3)+2b_{01}\frac{P_1}{\sqrt{1-P_1^2}}cos{\varphi }_1\hfill \\ \hfill {\dot{P}}_2& =& -2b_{02}\sqrt{1-P_2^2}sin{\varphi }_2\hfill \\ \hfill {\dot{\varphi }}_2& =& -{\omega }_{02}(P_2-P_1-P_3)+2b_{02}\frac{P_2}{\sqrt{1-P_2^2}}cos{\varphi }_2\hfill \\ \hfill {\dot{P}}_3& =& -2b_{03}\sqrt{1-P_3^2}sin{\varphi }_3\hfill \\ \hfill {\dot{\varphi }}_3& =& -{\omega }_{03}(P_3-P_1-P_2)+2b_{03}\frac{P_3}{\sqrt{1-P_3^2}}cos{\varphi }_3\hfill \end{array}$$ (2)

where P₁, P₂, P₃ and ϕ₁, ϕ₂, ϕ₃ are the state variables; b₀₁, b₀₂, and b₀₃ are the proportional inter–dot energy in each cell, and ω₀₁, ω₀₂, ω₀₃ are effect weigh parameters on the differences in the polarization of the adjacent cells, like the cloning templates in traditional CNNs. The Fig 1, shows the attractor of system(2) in three dimensional space. We investigated the dynamic behavior of system(2) by calculating its Lyapunov exponents. When b₀₁ = b₀₂ = b₀₃ = 0.28, ω₀₁ = 0.5, ω₀₂ = 0.2, and ω₀₃ ∈ [0, 1], which are shown in Fig 2, system(2) is hyperchaotic due to three positive Lyapunov exponents.

Fig 1. 3-cell QCNN system partial attractor distribution.

Fig 2. 3-cell QCNN system Lyapunov exponents spectrum with b₀₁ = b₀₂ = b₀₃ = 0.28, ω₀₁ = 0.5, ω₀₂ = 0.2, and ω₀₃ ∈ [0, 1].

6^th-order CNN hyperchaotic system

The 6^th-order CNN is another hyperchaotic system used in this paper, which is introduced in Ref [34], and it is all the interconnection in a CNN. Its state equation is defined as Eq (3):

$$\begin{array}{c}\hfill \frac{d{x}_i}{dt}=-x_j+a_j{p}_j+{\sum }_{\begin{array}{c}k=1\\ k\ne j\end{array}}^6{a}_{j,k}{p}_k+{\sum }_{k=1}^6{s}_{jk}{x}_k+i_j(j=1,2,...,6)\end{array}$$ (3)

where

$$\begin{array}{c}\hfill \begin{array}{c}{a}_j=0(j=1,2,3,5,6),a_4=200;\hfill \\ a_{jk}=0(j,k=1,2,...,6;j\ne k);\hfill \\ s_{12}=s_{21}=s_{24}=s_{34}=s_{42}=s_{43}=s_{53}=s_{54}=s_{55}=s_{56}=s_{61}=s_{63}=s_{64}=0;\hfill \\ i_j=0(j=1,2,...,6);\hfill \\ s_{11}=s_{23}=s_{33}=s_{51}=1;s_{13}=s_{14}=-1;\hfill \\ s_{22}=3,s_{31}=14,s_{32}=-14,s_{41}=s_{62}=100,s_{44}=-99,s_{52}=18,s_{65}=4,s_{66}=-3;\hfill \end{array}\end{array}$$

Eq (3) could be calculted as Eq (4):

$$\begin{array}{ccc}\hfill {\dot{x}}_1& =& -x_3-x_4\hfill \\ \hfill {\dot{x}}_2& =& 2x_2+x_3\hfill \\ \hfill {\dot{x}}_3& =& 14x_1-14x_2\hfill \\ \hfill {\dot{x}}_4& =& 100x_1-100x_4+200p{}_4\hfill \\ \hfill {\dot{x}}_5& =& 18x_2+x_1-x_5\hfill \\ \hfill {\dot{x}}_6& =& 4x_5-4x_6+100x_2\hfill \end{array}$$ (4)

where p₄ = 0.5(|x₄ + 1| − |x₄ − 1|).

We calculated the Lyapunov exponents of system(4). When t → ∞, the six Lyapunov exponents are λ₁ = 2.748, λ₂ = −2.9844, λ₃ = 1.2411, λ₄ = −14.4549, λ₅ = −1.4123 and λ₆ = −83.2282. Two of these exponents are positive, so system(4) is also hyperchaotic. Fig 3 shows system(4)’s partial chaotic attractor distribution.

Fig 3. 6^th-order CNN partial chaotic attractor distribution.

The synchronized key generation system

Let System(4) and System(2) be the drive system and the response system, respectively. Thus, the system(2) can be described by the Eq (5) via the function projective synchronization [35]:

$$\begin{array}{ccc}\hfill {\dot{P}}_{r1}& =& -2b_{11}\sqrt{1-P_{r1}^2}sin{\varphi }_{r1}+u_1\hfill \\ \hfill {\dot{\varphi }}_{r1}& =& -{\omega }_{11}(P_{r1}-P_{r2}-P_{r3})+2b_{11}\frac{P_{r1}}{\sqrt{1-P_{r1}^2}}cos{\varphi }_{r1}+u_2\hfill \\ \hfill {\dot{P}}_{r2}& =& -2b_{12}\sqrt{1-P_{r2}^2}sin{\varphi }_{r2}+u_3\hfill \\ \hfill {\dot{\varphi }}_{r2}& =& -{\omega }_{12}(P_{r2}-P_{r1}-P_{r3})+2b_{12}\frac{P_{r2}}{\sqrt{1-P_{r2}^2}}cos{\varphi }_{r2}+u_4\hfill \\ \hfill {\dot{P}}_{r3}& =& -2b_{13}\sqrt{1-P_{r3}^2}sin{\varphi }_{r3}+u_5\hfill \\ \hfill {\dot{\varphi }}_{r3}& =& -{\omega }_{13}(P_{r3}-P_{r1}-P_{r2})+2b_{13}\frac{P_{r3}}{\sqrt{1-P_{r3}^2}}cos{\varphi }_{r3}+u_6\hfill \end{array}$$ (5)

where b₁₁, b₁₂, b₁₃, ω₁₁, ω₁₂ and ω₁₃ are the parameters of response system(5) that need to be estimated in order to synchronize system(4) and system(5), and u₁, u₂, u₃, u₄, u₅ and u₆ are the controllers. Define synchronization error states as follows:

$$\begin{array}{c}\hfill {\dot{e}}_i={\dot{y}}_i-\alpha \left(t\right){\dot{x}}_i-\dot{\alpha }\left(t\right)x_i,i=1,2,3,4,5,6\end{array}$$ (6)

which ${\dot{e}}_i$ denotes the deviation between system(4) and system(5), when ${\dot{e}}_i$ converges to zero as time tends to infinity $\underset{t\to \infty }{lim}\left|\right|e_i\left|\right|=\underset{t\to \infty }{lim}\left|\right|y_i-\alpha \left(t\right)x_i\left|\right|=0,i=1,2,3,4,5,6$, α(t) as the scaling function factor, drive system and response system reach synchronization. Substituting Eqs (2), (4) and (5) into Eq (6) yields the error dynamical system(7) as defined in Eq (7) between system(4) and system(5):

$$\begin{array}{ccc}\hfill {\dot{e}}_1& =& -2b_{11}\sqrt{1-P_{r1}^2}sin{\phi }_{r1}+u_1-\alpha \left(t\right)(-2b_{01}\sqrt{1-P_1^2}sin{\phi }_1)-\dot{\alpha }\left(t\right)P_1\hfill \\ \hfill {\dot{e}}_2& =& -{\omega }_{11}(P_{r1}-P_{r2}-P_{r3})+2b_{11}\frac{P_{r1}}{\sqrt{1-P_{r1}^2}}cos{\phi }_{r1}+u_2\hfill \\ & & -\alpha \left(t\right)\left[-{\omega }_{01}(P_1-P_2-P_3)+2b_{01}\frac{P_1}{\sqrt{1-P_1^2}}cos{\phi }_1\right]-\dot{\alpha }\left(t\right){\phi }_1\hfill \\ \hfill {\dot{e}}_3& =& -2b_{12}\sqrt{1-P_{r2}^2}sin{\phi }_{r2}+u_3-\alpha \left(t\right)(-2b_{02}\sqrt{1-P_2^2}sin{\phi }_2)-\dot{\alpha }\left(t\right)P_2\hfill \\ \hfill {\dot{e}}_4& =& -{\omega }_{12}(P_{r2}-P_{r1}-P_{r3})+2b_{12}\frac{P_{r2}}{\sqrt{1-P_{r2}^2}}cos{\phi }_{r2}+u_4\hfill \\ & & -\alpha \left(t\right)\left[-{\omega }_{02}(P_2-P_1-P_3)+2b_{02}\frac{P_2}{\sqrt{1-P_2^2}}cos{\phi }_2\right]-\dot{\alpha }\left(t\right){\phi }_2\hfill \\ \hfill {\dot{e}}_5& =& -2b_{13}\sqrt{1-P_{r3}^2}sin{\phi }_{r3}+u_5-\alpha \left(t\right)(-2b_{03}\sqrt{1-P_3^2}sin{\phi }_3)-\dot{\alpha }\left(t\right)P_3\hfill \\ \hfill {\dot{e}}_6& =& -{\omega }_{13}(P_{r3}-P_{r1}-P_{r2})+2b_{13}\frac{P_{r3}}{\sqrt{1-P_{r3}^2}}cos{\phi }_{r3}+u_6\hfill \\ & & -\alpha \left(t\right)\left[-{\omega }_{03}(P_3-P_1-P_2)+2b_{03}\frac{P_3}{\sqrt{1-P_3^2}}cos{\phi }_3\right]-\dot{\alpha }\left(t\right){\phi }_3\hfill \end{array}$$ (7)

We design the control law u_i(i = 1, 2, 3, 4, 5, 6) as Eq (8) to make the synchronization errors e₁, e₂, e₃, e₄, e₅, and e₆ to stabilize at the origin.

$$\begin{array}{ccc}\hfill u_1& =& 2b_{11}\left[\sqrt{1-P_{r1}^2}sin{\phi }_{r1}-\alpha \left(t\right)\sqrt{1-P_1^2}sin{\phi }_1\right]+\dot{\alpha }\left(t\right)P_1-k_1{e}_1\hfill \\ \hfill u_2& =& {\omega }_{11}\left[(P_{r1}-P_{r2}-P_{r3})-\alpha \left(t\right)(P_1-P_2-P_3)\right]\hfill \\ & & -2b_{11}\left[\frac{P_{r1}}{\sqrt{1-P_{r1}^2}}cos{\phi }_{r1}-\alpha \left(t\right)\frac{P_1}{\sqrt{1-P_1^2}}cos{\phi }_1\right]+\dot{\alpha }\left(t\right){\phi }_1-k_2{e}_2\hfill \\ \hfill u_3& =& 2b_{12}\left[\sqrt{1-P_{r2}^2}sin{\phi }_{r2}-\alpha \left(t\right)\sqrt{1-P_2^2}sin{\phi }_2\right]+\dot{\alpha }\left(t\right)P_2-k_3{e}_3\hfill \\ \hfill u_4& =& {\omega }_{12}\left[(P_{r2}-P_{r1}-P_{r3})-\alpha \left(t\right)(P_2-P_1-P_3)\right]\hfill \\ & & -2b_{12}\left[\frac{P_{r2}}{\sqrt{1-P_{r2}^2}}cos{\phi }_{r2}-\alpha \left(t\right)\frac{P_2}{\sqrt{1-P_2^2}}cos{\phi }_2\right]+\dot{\alpha }\left(t\right){\phi }_2-k_4{e}_4\hfill \\ \hfill u_5& =& 2b_{13}\left[\sqrt{1-P_{r3}^2}sin{\phi }_{r3}-\alpha \left(t\right)\sqrt{1-P_3^2}sin{\phi }_3\right]+\dot{\alpha }\left(t\right)P_3-k_5{e}_5\hfill \\ \hfill u_6& =& {\omega }_{13}\left[(P_{r3}-P_{r1}-P_{r2})-\alpha \left(t\right)(P_3-P_1-P_2)\right]\hfill \\ & & -2b_{13}\left[\frac{P_{r3}}{\sqrt{1-P_{r3}^2}}cos{\phi }_{r3}-\alpha \left(t\right)\frac{P_3}{\sqrt{1-P_3^2}}cos{\phi }_3\right]+\dot{\alpha }\left(t\right){\phi }_3-k_6{e}_6\hfill \end{array}$$ (8)

Furthermore, the update rule for the six unknown parameters b₁₁, b₁₂, b₁₃, ω₁₁, ω₁₂, and ω₁₃ are Eq (9) defined as follows:

$$\begin{array}{ccc}\hfill {\dot{b}}_{11}& =& 2\alpha \left(t\right)\sqrt{1-P_1^2}sin{\varphi }_1{e}_1-2\alpha \left(t\right)\frac{P_1}{\sqrt{1-P_1^2}}cos{\varphi }_1{e}_2-k_7{e}_a\hfill \\ \hfill {\dot{\omega }}_{11}& =& \alpha \left(t\right)(P_1-P_2-P_3)e_2-k_8{e}_b\hfill \\ \hfill {\dot{b}}_{12}& =& 2\alpha \left(t\right)\sqrt{1-P_2^2}sin{\varphi }_2{e}_3-2\alpha \left(t\right)\frac{P_2}{\sqrt{1-P_2^2}}cos{\varphi }_2{e}_4-k_9{e}_c\hfill \\ \hfill {\dot{\omega }}_{12}& =& \alpha \left(t\right)(P_2-P_1-P_3)e_4-k_{10}{e}_d\hfill \\ \hfill {\dot{b}}_{13}& =& 2\alpha \left(t\right)\sqrt{1-P_3^2}sin{\varphi }_3{e}_5-2\alpha \left(t\right)\frac{P_3}{\sqrt{1-P_3^2}}cos{\varphi }_3{e}_6-k_{11}{e}_e\hfill \\ \hfill {\dot{\omega }}_{13}& =& \alpha \left(t\right)(P_3-P_1-P_2)e_6-k_{12}{e}_f\hfill \end{array}$$ (9)

Where k_i > 0(i = 1, 2, 3, …, 12), and e_a = b₁₁−b₀₁, e_b = ω₁₁ − ω₀₁, e_c = b₁₂ − b₀₂, e_d = ω₁₂ − ω₀₂, e_e = b₁₃ − b₀₃, e_f = ω₁₃ − ω₀₃.

Theorem. For a given nonzero scaling function factor α(t), it can make response system(5) and drive system(4) to synchronize by the control law Eq (8) and the update rule Eq (9).

Proof. Choose the following Lyapunov function:

$$\begin{array}{c}\hfill V=\frac{1}{2}(e_1^2+e_2^2+e_3^2+e_4^2+e_5^2+e_6^2+e_a^2+e_b^2+e_c^2+e_d^2+e_e^2+e_f^2)\end{array}$$

The time derivative of V along the trajectory of the error system(6) is

$$\begin{array}{c}\hfill \dot{V}=(e_1{\dot{e}}_1+e_2{\dot{e}}_2+e_3{\dot{e}}_3+e_4{\dot{e}}_4+e_5{\dot{e}}_5+e_6{\dot{e}}_6+e_a{\dot{e}}_a+e_b{\dot{e}}_b+e_c{\dot{e}}_c+e_d{\dot{e}}_d+e_e{\dot{e}}_e+e_f{\dot{e}}_f),\end{array}$$

$$\begin{array}{ccc}\hfill \dot{V}& =& e_1\left[-2(b_{11}-b_{01})\alpha \left(t\right)\sqrt{1-P_1^2}sin{\varphi }_1-k_1{e}_1\right]\hfill \\ & & +e_2\left[-({\omega }_{11}-{\omega }_{01})\alpha \left(t\right)(P_1-P_2-P_3)+2(b_{11}-b_{01})\alpha \left(t\right)\frac{P_1}{\sqrt{1-P_1^2}}cos{\varphi }_1-k_2{e}_2\right]\hfill \\ & & +e_3\left[-2(b_{12}-b_{02})\alpha \left(t\right)\sqrt{1-P_2^2}sin{\varphi }_2-k_3{e}_3\right]\hfill \\ & & +e_4\left[-({\omega }_{12}-{\omega }_{02})\alpha \left(t\right)(P_2-P_1-P_3)+2(b_{12}-b_{02})\alpha \left(t\right)\frac{P_2}{\sqrt{1-P_2^2}}cos{\varphi }_2-k_4{e}_4\right]\hfill \\ & & +e_5\left[-2(b_{13}-b_{03})\alpha \left(t\right)\sqrt{1-P_3^2}sin{\varphi }_3-k_5{e}_5\right]\hfill \\ & & +e_6\left[-({\omega }_{13}-{\omega }_{03})\alpha \left(t\right)(P_3-P_1-P_2)+2(b_{13}-b_{03})\alpha \left(t\right)\frac{P_3}{\sqrt{1-P_3^2}}cos{\varphi }_3-k_6{e}_6\right]\hfill \\ & & +e_a\left[2\alpha \left(t\right)\sqrt{1-P_1^2}sin{\varphi }_1{e}_1-2\alpha \left(t\right)\frac{P_1}{\sqrt{1-P_1^2}}cos{\varphi }_1{e}_2-k_7{e}_a\right]\hfill \\ & & +e_b\left[\alpha \left(t\right)(P_1-P_2-P_3)e_2-k_8{e}_b\right]\hfill \\ & & +e_c\left[2\alpha \left(t\right)\sqrt{1-P_2^2}sin{\varphi }_2{e}_3-2\alpha \left(t\right)\frac{P_2}{\sqrt{1-P_2^2}}cos{\varphi }_2{e}_4-k_9{e}_c\right]\hfill \\ & & +e_d\left[\alpha \left(t\right)(P_2-P_1-P_3)e_4-k_{10}{e}_d\right]\hfill \\ & & +e_e\left[2\alpha \left(t\right)\sqrt{1-P_3^2}sin{\varphi }_3{e}_5-2\alpha \left(t\right)\frac{P_3}{\sqrt{1-P_3^2}}cos{\varphi }_3{e}_6-k_{11}{e}_e\right]\hfill \\ & & +e_f\left[\alpha \left(t\right)(P_3-P_1-P_2)e_6-k_{12}{e}_f\right]\hfill \\ & =& -k_1{e}_1^2-k_2{e}_1^2-k_3{e}_3^2-k_4{e}_4^2-k_5{e}_5^2-k_6{e}_6^2-k_7{e}_a^2-k_8{e}_b^2-k_9{e}_c^2-k_{10}{e}_d^2\hfill \\ & & -k_{11}{e}_e^2-k_{12}{e}_f^2\hfill \\ & =& -e^{T}Ke\hfill \end{array}$$

where e = (e₁, e₂, e₃, e₄, e₅, e₆, e_a, e_b, e_c, e_d, e_e, e_f)^T, and K = diag(k₁, k₂, k₃, k₄, k₅, k₆, k₇, k₈, k₉, k₁₀, k₁₁, k₁₂)^T

Because $\dot{V}\le 0$, we have e₁, e₂, e₃, e₄, e₅, e₆, e_a, e_b, e_c, e_d, e_e, e_f → 0 as t → ∞. i.e.,$\underset{t\to \infty }{lim}\left|\right|e\left|\right|=0$. Proof completed.

Simulation is performed in order to evaluate the feasibly and effectiveness of the proposed control law and the update rule for the 3-cell QCNN and 6^th-order CNN synchronization method. The initial values and control parameters of the drive and the response system for a time-step of 0.1 are shown in Table 1.

Table 1. Initial values and control parameters of drive and response system.

Drive system	Response system	Control parameters of Response system
x1(0) = −0.92	Pr1(0) = 0.1901	b11 = 0.5
x2(0) = 1.41	ϕr1(0) = −184.3	ω11 = 0.6
x3(0) = −1.53	Pr2(0) = 0.123	b12 = 0.4
x4(0) = 0.48	ϕr2(0) = −147.3	ω12 = 0.7
x5(0) = 0.37	Pr3(0) = 0.113	b13 = 0.7
x6(0) = −1.21	ϕr3(0) = −197.85	ω13 = 0.5

In addition, the scaling function α(t) = 0.5 + 0.1 sin(t) and the control gains are defined as (k₁, k₂, k₃, k₄, k₅, k₆, k₇, k₈, k₉, k₁₀, k₁₁, k₁₂) = (1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1).

The simulations results are illustrated in Figs 4 and 5. Fig 4 shows that the errors e₁, e₂, e₃, e₄, e₅, and e₆ approach zero. Fig 5 shows that the estimated unknown parameters converge to b₁₁ → 0.28, ω₁₁ → 0.4, b₁₂ → 0.28, ω₁₂ → 0.35, b₁₃ → 0.28, and ω₁₃ → 0.25 as t → ∞. When t = 10, synchronization errors close 0 and unknown control parameters reach stability, which shows that the synchronization method is efficient.

Fig 4. Error signals between the drive and the response system.

Fig 5. Estimated values for unknown parameters.

The semi-symmetric image encryption scheme

In this paper, we propose a semi-symmetric image encryption/decryption scheme based on the function projective synchronization. The proposed scheme is illustrated in Fig 6. The scheme is deployed at the ends of Alice and Bob, respectively. Firstly, Alice adopts system(2) with initial parameters and control parameters to obtain the key. Bob adopts system(5) to obtain the key independently. Function projective synchronization ensures that Alice and Bob get the equivalent key. Secondly, Alice encrypts the plain image by his key and transmits the cipher image to Bob. Thirdly, Bob decrypts the cipher image with his key.

Fig 6. Semi-symmetric image encryption/decryption scheme.

The proposed scheme is different with symmetric algorithms that Alice and Bob use in different key generation systems. The symmetric algorithms transmit the key by some extra security methods. The proposed scheme is similar to asymmetric algorithms that the keys generated by the two systems need not transmit to each other over other security link, which prevents security key leakage during the transmission.

Our scheme is a hybrid chaotic encryption algorithm. It consists of a scrambling stage and a diffusion stage. In encryption phase, 3-cell QCNN system(2) is used for scrambling and diffusing the plain image. In decryption phase, since the function projective synchronization is used to synchronize the response system(5) and drive system(4), the 6^th-order CNN drive system(4) with control laws(8) and update rules(9) generates the key to decrypt the cipher image.

Encryption algorithm

This encryption flowchart is presented in Fig 7.

Fig 7. Encryption flowchart.

The 3-cell QCNN system(2) is the encryption key generator. The initial conditions ϕ₁(0), ϕ₂(0), ϕ₃(0), P₁(0), P₂(0), and P₃(0) and control parameters b₀₁, b₀₂, b₀₃, ω₀₁, ω₀₂, and ω₀₃ are used to iterate system(2) M times. The results are ϕ₁, ϕ₁, ϕ₃, P₁, P₂, and P₃ encryption keys. In the scrambling stage, the Arnold mapping [37] defined that Eq (10) is used to scramble the three color components of the plain color image.

$$\begin{array}{c}\hfill \left(\begin{array}{c}{x}_{n+1}\hfill \\ y_{n+1}\hfill \end{array}\right)=A\left(\begin{array}{c}{x}_n\hfill \\ y_n\hfill \end{array}\right)\text{mod}\left(N\right)=\left[\begin{array}{cc}1\hfill & p\hfill \\ q\hfill & pq+1\hfill \end{array}\right]\left(\begin{array}{c}{x}_n\hfill \\ y_n\hfill \end{array}\right)\text{mod}\left(N\right)\end{array}$$ (10)

Since det(A) = 1, the parameters are described as follows:

$$\begin{array}{ccc}\hfill p_r& =& floor(\text{mod}({\varphi }_1\times 2^{24}),N)\hfill \\ \hfill q_r& =& floor(\text{mod}(\text{mod}({\varphi }_1\times 2^{48}),2^{24}),N)\hfill \\ \hfill p_g& =& floor(\text{mod}({\varphi }_2\times 2^{24}),N)\hfill \\ \hfill q_g& =& floor(\text{mod}(\text{mod}({\varphi }_2\times 2^{48}),2^{24}),N)\hfill \\ \hfill p_b& =& floor(\text{mod}({\varphi }_3\times 2^{24}),N)\hfill \\ \hfill q_b& =& floor(\text{mod}(\text{mod}({\varphi }_3\times 2^{48}),2^{24}),N)\hfill \end{array}$$

The iterations of Arnold mappings are

$$\begin{array}{cc}\hfill t_j=floor(((\text{mod}({\varphi }_j\times 2^{24})+\text{mod}({\varphi }_j\times 2^{48})),2^{24}),N)& j\in \{r,g,b\}\end{array}$$ (11)

The plain image is scrambled by Eq (10) in order to generate the permutation image. It is transformed into three 1 × (N × N) streams S_j = {S_j(1), S_j(2), ……S_j(N × N)}, j ∈ {r, g, b} by arranging its pixels from top to bottom and left to right.

In the diffusion stage, 6^th-order CNN system(4) is used to diffuse the image, which changes the permutation image pixel’s values. The initial conditions are described as follows:

$$\begin{array}{c}\hfill x_i\left(0\right)={\gamma }_i{P}_j,(i=1,2,3,4,5,6j=1,2,3)\end{array}$$

Of these initial conditions, γ_i is taken as the appropriate integer. P_j is chaotic value, so the initial conditions x_i(0) is also chaotic value. Let the plain image be an N × N image.

The 6^th-CNN is iterated $\frac{N\times N}{2}$ times and its result is divided into three matrices:X_r, X_g, and X_b:

$$\begin{array}{ccc}\hfill X_r& =& \left[\begin{array}{cc}{X}_1\left(1\right)& X_2\left(1\right)\\ X_1\left(2\right)& X_2\left(2\right)\\ ⋮& ⋮\\ X_1\left(\frac{N\times N}{2}\right)& X_2\left(\frac{N\times N}{2}\right)\end{array}\right],X_g=\left[\begin{array}{cc}{X}_3\left(1\right)& X_4\left(1\right)\\ X_3\left(2\right)& X_4\left(2\right)\\ ⋮& ⋮\\ X_3\left(\frac{N\times N}{2}\right)& X_4\left(\frac{N\times N}{2}\right)\end{array}\right],\hfill \\ \hfill X_b& =& \left[\begin{array}{cc}{X}_5\left(1\right)& X_6\left(1\right)\\ X_5\left(2\right)& X_6\left(2\right)\\ ⋮& ⋮\\ X_5\left(\frac{N\times N}{2}\right)& X_6\left(\frac{N\times N}{2}\right)\end{array}\right].\hfill \end{array}$$

Arranging matrix elements from top to bottom and from left to right, X_r, X_g, and X_b are transformed into three 1 × (N × N) streams:

$$\begin{array}{c}\hfill X_j\_Stream\left(i\right),(i=1,2,...,N\times Nj\in \left\{r,g,b\right\})\end{array}$$

The diffusion key streams, K_j, are generated by using sequences X_j_Stream and S_j as described by Eq (12):

$$\begin{array}{ccc}\hfill K_j\left(i\right)& =& \text{mod}\left\{round\right[(abs(X_j\_Stream\left(i\right))-floor\left(abs(X_j\_Stream\left(i\right))\right))\times {10}^{14}\hfill \\ & & +S_j(i-1)],N\}i=1,2,......,N\times N,j\in \{r,g,b\}\hfill \end{array}$$ (12)

Let S_j(0) = 127. The scramble image is shifted to the cipher image by key streams, K_j.

$$\begin{array}{c}\hfill \{\begin{array}{c}{C}_r\left(i\right)=bitxor(S_g\left(i\right),K_r\left(i\right))\hfill \\ C_g\left(i\right)=bitxor(S_b\left(i\right),K_g\left(i\right))\hfill \\ C_b\left(i\right)=bitxor(S_r\left(i\right),K_b\left(i\right))\hfill \end{array}\end{array}$$

i = 1, 2, ……, N × N, bitxor(.) function returns the bitwise exclusive OR value of two integers.

These C_r, C_g, and C_b row vectors are transformed into N × N matrix. Compose the three color components to obtain the encrypted image.

Decryption algorithm

As shown in Fig 8, the decryption is the inverse process of the encryption, except that the decryption key P_r1, P_r2, P_r3, ϕ_r1, ϕ_r2, and ϕ_r3 are generated by the synchronized key generation system instead of 3-cell QCNN(2).

Fig 8. Decryption flowchart.

Performance analysis

In this section, we perform 11 experiments to validate the proposed scheme. The results show that our scheme has good encryption performance.

Key space analysis

The key space size is the total number of different keys that can be applied in the encryption process. The key space must be large enough to make brute-attacks infeasible. Stinson DR. [38] suggested that the key space should be at least 2¹⁰⁰ to ensure a high level security. In our algorithm there are twelve parameters for the keys: six initial conditions P₁, Φ₁, P₂, Φ₂, P₃, Φ₃ and six control parameters ${\text{b}}_{01},{\text{b}}_{02},{\text{b}}_{03},{\omega }_{01},{\omega }_{02},{\omega }_{03}$. They are all floating point numbers. According to the IEEE floating-point standard [39], the computational precision of the 64-bit double-precision numbers is 2^—52. So the key space of the proposed encryption method is (2⁵²)¹² = 2⁶²⁴, which is sufficiently large enough to resist all kinds of brute-force attacks.

Key sensitivity analysis

A secure encryption algorithm must be sensitivity to its keys which satisfies the requirement of resisting brute-force attack. Under the same experiment condition as Eq (13). P₁(0), P₂(0), P₃(0), ϕ₁(0), ϕ₂(0), ϕ₃(0) are QCNN system(2) initial conditions, used as user keys in the proposed encryption scheme.

$$\begin{array}{c}\hfill Key=\left\{\begin{array}{c}{P}_1\left(0\right)=-0.131;P_2\left(0\right)=-0.135;P_3\left(0\right)=-0.123;\hfill \\ {\varphi }_1\left(0\right)=-184.9;{\varphi }_2\left(0\right)=147.3414;{\varphi }_1\left(0\right)=-196.852;\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\end{array}$$ (13)

With a tiny difference in the encryption keys, six groups of test cases are designed, which differ 10^—13 to every encryption key, respectively.

$$\begin{array}{ccc}\hfill Key1& =& \left\{\begin{array}{c}{P}_1\left(0\right)=-0.131+{10}^{-13};P_2\left(0\right)=-0.135;P_3\left(0\right)=-0.123;\hfill \\ {\varphi }_1\left(0\right)=-184.9;{\varphi }_2\left(0\right)=147.3414;{\varphi }_1\left(0\right)=-196.852;\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\hfill \\ \hfill Key2& =& \left\{\begin{array}{c}{P}_1\left(0\right)=-0.131;P_2\left(0\right)=-0.135+{10}^{-13};P_3\left(0\right)=-0.123;\hfill \\ {\varphi }_1\left(0\right)=-184.9;{\varphi }_2\left(0\right)=147.3414;{\varphi }_1\left(0\right)=-196.852;\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\hfill \\ \hfill Key3& =& \left\{\begin{array}{c}{P}_1\left(0\right)=-0.131;P_2\left(0\right)=-0.135;P_3\left(0\right)=-0.123+{10}^{-13};\hfill \\ {\varphi }_1\left(0\right)=-184.9;{\varphi }_2\left(0\right)=147.3414;{\varphi }_1\left(0\right)=-196.852;\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\hfill \\ \hfill Key4& =& \left\{\begin{array}{c}{P}_1\left(0\right)=-0.131;P_2\left(0\right)=-0.135;P_3\left(0\right)=-0.123;\hfill \\ {\varphi }_1\left(0\right)=-184.9+{10}^{-13};{\varphi }_2\left(0\right)=147.3414;{\varphi }_1\left(0\right)=-196.852;\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\hfill \\ \hfill Key5& =& \left\{\begin{array}{c}{P}_1\left(0\right)=-0.131;P_2\left(0\right)=-0.135;P_3\left(0\right)=-0.123;\hfill \\ {\varphi }_1\left(0\right)=-184.9;{\varphi }_2\left(0\right)=147.3414+{10}^{-13};{\varphi }_1\left(0\right)=-196.852;\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\hfill \\ \hfill Key6& =& \left\{\begin{array}{c}{P}_1\left(0\right)=-0.131;P_2\left(0\right)=-0.135;P_3\left(0\right)=-0.123;\hfill \\ {\varphi }_1\left(0\right)=-184.9;{\varphi }_2\left(0\right)=147.3414;{\varphi }_1\left(0\right)=-196.852+{10}^{-13};\hfill \\ b_{01}=b_{01}=b_{01}=0.28;\hfill \\ {\omega }_{01}=0.5;{\omega }_{02}=0.2;{\omega }_{03}=0.3;\hfill \end{array}\right\}\hfill \end{array}$$

Table 2 lists the percentage of different pixels in RGB color component using Key or Key1, Key2, …, Key6 seven encrypt images, respectively. Therefore, it can be concluded the slightly deviation in the key brings out absolutely different in the corresponding encryption images. Consequently, the proposed scheme has a high key sensitivity and can resist the brute-force attack.

Table 2. Percentage of different pixels in RGB color component using Key or Key1, Key2, …, Key6 encrypted images.

Image color component	Key1	Key2	Key3	Key4	Key5	Key6
Airplane Red	99.5956	99.6155	99.5834	99.646	99.5895	99.588
Airplane Green	99.588	99.5911	99.5895	99.5911	99.5911	99.6262
Airplane Blue	99.5743	99.6033	99.6216	99.5941	99.6155	99.5941
Cablecar Red	99.6094	99.6185	99.6231	99.6002	99.6048	99.6353
Cablecar Green	99.5895	99.6017	99.5987	99.5926	99.6170	99.5941
Cablecar Blue	99.5865	99.5972	99.5926	99.6201	99.5880	99.5789
Cornfield Red	99.6567	99.6170	99.6307	99.5972	99.6002	99.5804
Cornfield Green	99.6109	99.6063	99.6109	99.6124	99.5804	99.6323
Cornfield Blue	99.6033	99.5850	99.5895	99.6277	99.5499	99.6063
Peppers Red	99.6124	99.5926	99.6246	99.6078	99.6124	99.6231
Peppers Green	99.6338	99.614	99.588	99.6231	99.5438	99.5804
Peppers Blue	99.6063	99.614	99.5636	99.6033	99.6429	99.5605
Boat Red	99.6017	99.5926	99.5911	99.6048	99.6078	99.588
Boat Green	99.6033	99.6155	99.6399	99.6658	99.5712	99.5834
Boat Blue	99.588	99.5834	99.6246	99.6109	99.588	99.5804
Fruits Red	99.5743	99.5804	99.6384	99.6460	99.6307	99.5865
Fruits Green	99.6201	99.6155	99.5834	99.6506	99.6490	99.5758
Fruits Blue	99.6414	99.6307	99.5712	99.6155	99.6140	99.5987
Yacht Red	99.5880	99.5850	99.6124	99.5911	99.6582	99.6078
Yacht Green	99.5728	99.6521	99.5911	99.6170	99.5758	99.6155
Yacht Blue	99.6521	99.5956	99.6155	99.6429	99.6307	99.5941

Histogram analysis

A good image encryption approach should always generate the uniform histogram of cipher image for any plain image. The plain images, cipher images, decrypted images, and the histograms of their three-color components are shown in Figs 9–12. As illustrated, the histograms of the encrypted images are fairly uniform and significantly different from the respective histograms of the original images. Hence, our proposed scheme does not provide any clue to statistical attacks.

Fig 9. “Flower” original, cipher image and decrypted image.

Fig 12. Three color component histograms of “Cablecar” original, encrypted and decrypted image.

Fig 10. Three color component histograms of “Flower” original, encrypted and decrypted image.

Fig 11. “Cablecar” original, encrypted and decrypted image.

Correlation coefficient analysis

To test the correlation of pixels (vertical, horizontal, diagonal), we randomly select 4000 adjacent pairs of the plain image and the cipher image, and calculated the correlation coefficients of pixels, according to the following formula:

$$\begin{array}{ccc}\hfill e\left(x\right)& =& \frac{1}{N}\sum _{i=1}^N{x}_i\hfill \\ \hfill d\left(x\right)& =& \frac{1}{N}\sum _{i=1}^N{(x_i-e\left(x\right))}^2\hfill \\ \hfill \text{cov}(x,y)& =& \frac{1}{N}\sum _{i=1}^N(x_i-e\left(x\right))(y_i-e\left(y\right))\hfill \\ \hfill r_{xy}& =& \frac{\text{cov}(x,y)}{\sqrt{d\left(x\right)}\sqrt{d\left(y\right)}}\hfill \end{array}$$

Figs 13 and 14 show image “Flower” and “Cablecar” correlation of two adjacent pixels. Table 3 provides more tests of the correlations, which show that two adjacent pixels in the plain images are highly correlated while the cipher images showed negligible correlations. The result indicates that our proposed encryption model functions properly.

Fig 13. “Flower” image correlation of two adjacent pixels.

(a) the distribution of two horizontal adjacent pixels in the original image, (b) the distribution of two horizontal adjacent pixels in the encryption image, (c) the distribution of two vertically adjacent pixels in the original image, (d) the distribution of two vertically adjacent pixels in the encryption image, (e) the distribution of two diagonally adjacent pixels in the original image, and (f) the distribution of two diagonally adjacent pixels in the encryption image.

Fig 14. “Cablecar” image correlation of two adjacent pixels.

(a) the distribution of two horizontal adjacent pixels in the original image, (b) the distribution of two horizontal adjacent pixels in the encryption image, (c) the distribution of two vertically adjacent pixels in the original image, (d) the distribution of two vertically adjacent pixels in the encryption image, (e) the distribution of two diagonally adjacent pixels in the original image and (f) the distribution of two diagonally adjacent pixels in the encryption image.

Table 3. Correlation coefficients of original images and encryption images.

Encryption algorithm	Horizontal	Vertical	Diagonal
Ref [20] algorithm	0.0681	0.0845	-
Ref [22] algorithm	-0.0318	0.0965	0.0362
Ref [24] algorithm	0.0051	-0.0093	-0.0205
Ref [26] algorithm	0.0086	0.0195	-0.0093
Ref [40] algorithm	-0.00164	0.01304	-0.01911
Ref [41] algorithm	0.0773	0.0770	-0.0.0693
Proposed algorithm “Flower”	-0.0062	0.0052	0.0043
Proposed algorithm “Cablecar”	-0.0061	0.0070	0.0102

Information entropy analysis

Information entropy is thought to be one of the most important features of randomness. To measure the entropy, H(m), of a source m, the following equation can be employed:

$$H\left(m\right)=-\sum _{i=0}^{2^n-1}p\left(m_i\right){log}_{2}p\left(m_i\right)$$

where p(m_i) represents the probability of symbol m_i, and the entropy is expressed in bits. For example, when n = 8, the image color strength value is m = {m₀, ……, m₂₅₅}. For a random process, each symbol has equal probability, p(m_i) = 1/256, H(m) = 8. In general, the entropy value of the message is smaller than 8 but should to be close to ideal. Table 4 provides a comparison of average entropy values for a considerable number of images for the proposed method and some other methods. We noticed that our scheme outperforms other schemes and approaches the ideal value of 8.

Table 4. Information entropy of ciphered images with three color components.

Encryption algorithm	red	green	blue
Ref [20] algorithm	7.9732	7.9750	7.9715
Ref [22] algorithm	7.9851	7.9852	7.9832
Ref [23] algorithm	7.9991	7.9990	7.9989
Ref [26] algorithm	7.9971	7.9968	7.9974
Ref [41] algorithm	7.9974	7.9966	7.9975
Ref [42] algorithm	7.9808	7.9811	7.9814
Proposed algorithm “Flower”	7.9993	7.9992	7.9987
Proposed algorithm “Cablecar”	7.9972	7.9975	7.9972

Differential attack

Cryptanalysis features an important method called differential attack to crack the encryption algorithm in order to quantitatively measure the influence of a one–pixel change on the cipher image. This influence can be measured via the number of pixel change rate (NPCR) and the unified averaged changing intensity (UACI), which are computed with the following formula:

$$\begin{array}{ccc}\hfill NPCR& =& \frac{\sum _{i,j}D(i,j)}{W\times H}\times 100\%\hfill \\ \hfill UACI& =& \frac{1}{W\times H}\left(\sum _{i,j}\frac{|C(i,j)-C^{\prime }(i,j)|}{255}\right)\times 100\%\hfill \end{array}$$

where W and H represent the width and height of the image, respectively. C(i, j) and C′(i, j) are the ciphered images before and after one pixel of the plain image is changed. For position (i, j), if C(i, j) ≠ C′(i, j), then D(i, j) = 1; else D(i, j) = 0. We tested the NPCR and UACI values for images Flower and Cablecar for the proposed scheme. As shown in Tables 5 and 6, the proposed scheme is very sensitive with small changes in the plain image. This result shows that our scheme can resist differential attack well.

Table 5. NPCR of ciphered image.

NPCR	red	green	blue
Ref [23] algorithm	99.6239	99.6216	99.6236
Ref [27] algorithm	99.5445	99.5875	99.5374
Ref [29] algorithm	99.6155	99.6536	99.6475
Ref [41] algorithm	99.6399	99.6002	99.5773
Ref [42] algorithm	99.6170	99.6002	99.5925
Proposed algorithm “Flower”	99.6002	99.6063	99.5834
Proposed algorithm “Cablecar”	99.6140	99.6094	99.5926

Table 6. UACI of ciphered image.

UACI	red	green	blue
Ref [23]algorithm	33.6623	33.6827	33.6754
Ref [27]algorithm	34.3174	34.1786	33.6467
Ref [29]algorithm	33.6970	34.3251	32.2345
Ref [41]algorithm	33.5916	33.5010	33.4853
Ref [42]algorithm	33.4252	33.5898	33.4466
Proposed algorithm “Flower”	33.3635	33.4891	33.5000
Proposed algorithm “Cablecar”	33.4828	33.2790	33.4992

Known plaintext attack and chosen plaintext attack

The diffusion key stream K_j, in Eq (12), not only depends on the security key (initial conditions of 3-cell QCNN, P₁(0), P₂(0), P₃(0), ϕ₁(0), ϕ₂(0), ϕ₃(0)) but also on the plain image itself. Hence, when the same security key encrypts different images, the diffusion key streams are different. Therefor it is ineffective on input an all “0” or all “1” image into this scheme. Accordingly, our scheme can resist known plaintext attack and chosen plaintext attack.

Encryption quality analysis

In an ideal cryptographic model, encrypted images should have uniform histogram distribution to hide pixels relevant information. It implies the encryption algorithm changes the the cipher pixel value to make the probability of each cipher pixel being totally uniform. Literature [43] gives a method for estimating the encryption quality, deviation from uniform histogram(D_H), which is given by Eq (14).

$$\begin{array}{c}\hfill D_H=\frac{{\sum }_{C_i}^{255}\text{|}{\text{H}}_{C_i}\text{-}{\text{H}}_C\text{|}}{M\times N}\end{array}$$ (14)

In Eq (14), M × N is the image size and C_i is the image pixel gray or color level, C_i ∈ [0, 255]. H_Ci is the histogram value at index i, and H_C is the actual histogram of encrypted image. The smaller D_H value indicates the more uniform histogram distribution and the higher encryption quality.

We obtain D_H comparison reports for three images through using our algorithm with other chaotic encryption algorithms in Ref [25]. As can be seen from Table 7, all D_H values are very low. Moreover, our algorithm has more uniform histogram distribution and better encryption quality than Ref [10, 13, 25, 44].

Table 7. Deviation from uniform histogram(D_H).

Image	Proposed algorithm	Ref [10]	Ref [13]	Ref [25]	Ref [44]
Peppers	0.0492	0.0938	0.0979	0.0917	0.0977
Airplane	0.0518	0.0969	0.0995	0.0983	0.0943
Boat	0.0524	0.0902	0.0995	0.0958	0.0985

Chi-square test

A Chi-squared test [45, 46], also written as X² test, is any statistical hypothesis test wherein the sampling distribution of the test statistic is a chi-squared distribution when the null hypothesis is true. Chi-squared test illustrate the possibility of statistical attacks. To evaluate if and what extent distribution of encrypted image histograms approach the features of a uniform distribution, Chi-squared tests are computed for 7 cipher images’ histograms, and then are summarized in Table 8. We find the histograms of the encrypted images are fairly uniform, so the proposed scheme can defend statistical attack.

Table 8. Chi-square test results for encrypted images.

Test Image	X2 P-value	Decision on H0
Cablecar	0.710	Accepted
Cornfield	0.969	Accepted
Peppers	0.791	Accepted
Airplane	0.321	Accepted
Fruits	0.580	Accepted
Boat	0.679	Accepted
Yacht	0.684	Accepted

NIST SP800-22 test

NIST SP800-22 test [47] includes 16 test methods, which are used to analyse the randomness of binary sequences generated by cipher systems. We performed all the 16 tests for 65536–8 bits key stream sequence and the results are shown in Table 9. From the Table 9, it shows that our scheme goes through all NIST SP800-22 tests successfully. Therefore, the key stream sequence is absolutely random in our scheme.

Table 9. NIST SP800-22 tests results for encrypted key.

Test name		P-value	Result
Frequency		0.9801	Success
Block-frequency		0.2775	Success
Runs		0.3160	Success
Long runs of ones		0.3954	Success
Rank		0.0296	Success
Spectral DFT		0.1550	Success
No overlapping templates		0.9967	Success
Overlapping templates		0.4514	Success
Universal		0.6556	Success
Linear complexity		0.9056	Success
Serial	P-value1	0.9266	Success
Serial	P-value2	0.7865	Success
Approximate entropy		0.6375	Success
Cumulative sums forward		0.5436	Success
Cumulative sums reverse		0.5651	Success
Random excursions	X = -4	0.7220	Success
	X = -3	0.7752	Success
	X = -2	0.2677	Success
	X = -1	0.2656	Success
	X = 1	0.1007	Success
	X = 2	0.3482	Success
	X = 3	0.4977	Success
	X = 4	0.5168	Success
Random excursions variant	X = -9	0.2492	Success
	X = -8	0.1723	Success
	X = -7	0.2026	Success
	X = -6	0.4146	Success
	X = -5	0.4073	Success
	X = -4	0.3178	Success
	X = -3	0.3753	Success
	X = -2	0.6367	Success
	X = -1	0.4315	Success
	X = 1	0.6596	Success
	X = 2	0.7163	Success
	X = 3	0.6525	Success
	X = 4	0.4903	Success
	X = 5	0.3089	Success
	X = 6	0.2110	Success
	X = 7	0.1905	Success
	X = 8	0.1267	Success
	X = 9	0.1269	Success

Encryption speed and computation complexity

The encryption speed is an important issue for a well applicable encryption system. Nevertheless, it depends on many factors as hardware, software and programming [25]. Ref [24, 48] have performed encryption speed tests for some algorithms in [5, 7, 24, 48–52] at the same enviorment. From Ref [48], we know that the encryption speed of algorithm [5, 7, 48, 49] are >10s, 2.3s, 1.25s, and 2.901s respectively. The execution time of scheme in [24, 50–52] are 155ms, 173ms, 2.089s and 334ms [24]. In our scheme, Arnold mapping iteration times t_j in Eq (11), is randomness for improving security, so it is hard to build a baseline to compare encryption speed with other methods, especially programming skill and code optimization [25]. So we give the encryption speed with different Arnold mapping iteration times in Table 10, and the environment is Microsoft Windows 7, Matlab8.4, a laptop with an Intel Xeon CPU E3-1220 v3 3.10GHz, 8.00GB RAM. As can be seen from the Table 10, our scheme has an acceptable speed.

Table 10. The speed range for the proposed algorithm.

Image	Iteration 1 time Speed(ms)	Iteration 10 times Speed(ms)	Iteration 20 times Speed(ms)	Iteration 30 times Speed(ms)	Iteration 40 times Speed(ms)	Iteration 50 times Speed(ms)
Peppers	103	368	666	960	1261	1554
Cablecar	102	359	644	931	1215	1501
Airplane	104	372	666	959	1256	1550
Cornfield	101	358	646	934	1214	1512
Boat	101	371	668	960	1256	1553
Fruits	102	363	655	931	1216	1528
Yacht	101	358	644	932	1215	1504

Additionally, the computation complexity relies on the number of operations and steps to fulfill the encryption. Our scheme needs $\mathcal{O}\left(\text{n}\right)$ to complete the entire encryption process, where n is the pixel number of images. Thus, the efficiency of the proposed algorithm is competent in the application level encryption requirements.

Conclusion

In this paper, a semi-symmetric image encryption scheme based on function projective synchronization between two hyperchaotic systems is proposed, and it has several advantages such as great speed, relatively low complexity compared respectively to symmetric and asymmetric algorithms. Especially, the key is generated simultaneously in encryption side and decryption side independently, which effectively avoids the key transmission and threats of key exposure. The presented scheme is a hybrid chaotic encryption algorithm and it consists of a scrambling stage and a diffusion stage. Moreover, the 6^th-order CNN is not only regarded as the drive system for the key synchronization, but also is used for diffusing key generation to enhance the security and sensitivity of the scheme. The simulation experiments and security performance analyses show that our scheme has a satisfactory security performance.

Supporting information

S1 Fig. “Flower” original image.

(TIF)

S2 Fig. “Cablecar” original image.

(TIF)

S3 Fig. “Airplane” original image.

(TIF)

S4 Fig. “Boat” original image.

(TIF)

S5 Fig. “Cornfield” original image.

(TIF)

S6 Fig. “Fruits” original image.

(TIF)

S7 Fig. “Peppers” original image.

(TIF)

S8 Fig. “Yacht” original image.

(TIF)

Data Availability

All relevant data are within the paper and its Supporting Information files.

Funding Statement

This research is partially supported by Industrial Innovation Project of Jilin Province (2016C087, http://jldrc.gov.cn) and Science and Technology Project of Jilin Province (20150312030ZX, http://www.jlkjt.gov.cn/bsfw/kjjhxmsb/). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.