Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Contents lists available at SciVerse ScienceDirect

Engineering Applications of Artificial Intelligence

journal homepage: www.elsevier.com/locate/engappai

A novel image encryption/decryption scheme based on chaotic

neural networks
Nooshin Bigdeli, Yousef Farid n, Karim Afshar
EE Department, Imam Khomeini International University, Daneshgah Blv., Qazvin, Iran

a r t i c l e i n f o abstract

Article history: This paper presents a novel image encryption/decryption algorithm based on chaotic neural network
Received 9 March 2011 (CNN). The employed CNN is comprised of two 3-neuron layers called chaotic neuron layer (CNL) and
Received in revised form permutation neuron layer (PNL). The values of three RGB (Red, Green and Blue) color components of
10 November 2011
image constitute inputs of the CNN and three encoded streams are the network outputs. CNL is a
Accepted 6 January 2012
Available online 9 February 2012
chaotic layer where, three well-known chaotic systems i.e. Chua, Lorenz and Lü systems participate in
generating weights and biases matrices of this layer corresponding to each pixel RGB features. Besides,
Keywords: a chaotic tent map is employed as the activation function of this layer, and makes the relationship
Secure communication between the plain image and cipher image nonlinear. The output of CNL, i.e. the diffused information, is
Cipher-image
the input of PNL, where three-dimensional permutation is applied to the diffused information. The
Chaotic neuron layer (CNL)
overall process is repeated several times to make the encryption process more robust and complex. A
Permutation neuron layer (PNL)
Tent map 160-bit-long authentication code has been used to generate the initial conditions and the parameters of
the CNL and PNL. Some security analysis are given to demonstrate that the key space of the new
algorithm is large enough to make brute-force attacks infeasible and simulations have been carried out
with detailed numerical analysis, demonstrating the high security of the new image encryption scheme.
& 2012 Elsevier Ltd. All rights reserved.

1. Introduction secure communications (Lian, 2009). In the literature, lots of

In the recent years, secure private communication methods
have aroused the interest of many researchers all over the world.
The most general architecture for image encryption is the
permutation–diffusion architecture. There are two iterative stages
in this kind of image cryptosystems (Chen et al., 2004). The
permutation stage changes the position of image pixels but does
not alter their values. In the diffusion stage, the pixel values are
modified sequentially so that a tiny change in one pixel is spread
out to almost all pixels in the whole image. The whole
permutation–diffusion round repeats for a number of times so
as to achieve a satisfactory level of security. For this architecture,
generation of secret keys and control parameter are essential
issues in increasing security and complexity of the algorithm.
A good encryption algorithm should be sensitive to the cipher
keys, and the key space should be large enough to make brute-
force attacks infeasible. In order to achieve such type of security,
employing chaotic systems in generating the secret keys and
parameters has become one of the most important topics in
n
Corresponding author. Tel./fax: þ 98 281 8371155.
E-mail addresses: bigdeli@ikiu.ac.ir (N. Bigdeli), yousef.farid@ikiu.ac.ir,
y.farid.e.control@gmail.com (Y. Farid), afshar@ikiu.ac.ir (K. Afshar).
encryption methods are proposed which are based on using
chaotic systems in this era (Wei et al., 2006; Joshi et al., 2009;
Tong and Cui, 2008; Tong and Cui, 2009; Wong et al., 2008). For
the special properties such as parameters and initial-value sensi-
tivity, ergodicity and quasi-randomness, chaos is used in data
protection, widely (Lian, 2009).
Due to their good properties such as high nonlinearity, para-
meter sensitivity and learning ability, neural networks have been
widely used as the other choice for information protection, such
as data encryption, data authentication and intrusion detection
(Lian, 2009; Chan and Cheng, 2001; Xiao et al., 2005). Neural
networks’ confusion and diffusion properties have been used to
design encryption algorithms, such as the stream ciphers (Chan
and Cheng, 2001; Karras and Zorkadis, 2003) or the block ciphers
(Lain et al., 2004; Lian, 2009).
As a combination of neural networks and chaos, a chaotic
neural network (CNN), has both the characteristic of neural
network and chaos. Especially it has more complex dynamic
behavior and so, it is expected to have better performance as
an image encryption tool. Therefore, such combinations have
been employed in some researches as more efficient methods
for information protection and information encryption (Lian,
2009). As an instance, in (Lian et al., 2006) a three-layer neural
network has been used to construct a hash function. The three

0952-1976/$ - see front matter & 2012 Elsevier Ltd. All rights reserved.
doi:10.1016/j.engappai.2012.01.007
754 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

neuron-layers are used to realize data confusion, diffusion and
compression. And the multi-block hash mode is presented to
support the plaintext with variable length. Socek and Culibrk
(Socek and Culibrk, 2005) analyzed a clipped Hopfield neural
network-based encryption system for digital images and videos,
and pointed how to ensure the security of stream through
improving some scheme, such as randomness properties of the
generated key-stream. In (Lian, 2009), a CNN structure is pro-
posed for block cipher in which the employed chaotic activation
function in the so-called chaotic neuron layer realizes data
diffusion and a linear neuron layer realizes data confusion. This
structure implies good computing security, but due to constant
weight and bias matrices, it seems vulnerable to attacks.
In this paper, the idea in (Lian, 2009) has been generalized to
achieve a novel block cipher based on CNN. These cryptosystem is
based on a 3-input 3-output neural network structure that
comprised of two 3-neuron layers called chaotic neuron layer
(CNL) and permutation neuron layer (PNL). The values of three
RGB (Red, Green and Blue) color components of image constitute
inputs of the CNN and three encoded streams are the network
outputs. The weights and biases matrices of CNL are generated by
three well-known chaotic systems i.e. Chua, Lorenz and Lü
systems. Besides, a chaotic tent map is employed as the activation
function of this layer. The output of CNL, i.e. the diffused
information, is the input of PNL. In PNL a linear permutation in
conjunction with a 2-dimentional nonlinear shuffling are applied
to the data to obtain three-dimensional permutation. The overall
process is repeated several times to make the encryption process
more robust and complex. Simulations show that the suggested
image encryption scheme has the advantage of large key space
and high security.
The rest of this paper is organized as follows. In Section 2, a
short background about the employed chaotic systems and
chaotic function and their behavior is presented. The proposed
encryption and decryption methods are described in Section 3
and the performance security analysis results of the proposed
algorithm is brought in Section 4. In Section 5 the paper is
concluded.
2. Preliminary Materials
As stated earlier, in order to implement the chaotic neural
network for image encryption, some chaotic systems are used for
8         
> ay=S  ay=S ¼ 1 and b a c 4 d Sa e or ay=S  ay=S ¼ 0
ay=S  ða=S1Þy
< ay=S if
1
f Tent ða,yÞ ¼       ð4bÞ
>
: ða=S1Þyþ S if ay=S  ay=S ¼ 1 and b a c r d Sa e
ay=S
attractors for a Chua system with a1 ¼10, b1 ¼100/7 are shown
in Fig. 1(a)–(c).
B. Lorenz system: The dynamics of chaotic Lorenz system may
be represented by the following equations (Li and Yin, 2009):
x_ 2 ¼ a2 ðy2 x2 Þ
y_ 2 ¼ x2 z2 y2 þ c2 x2
z_ 2 ¼ x2 y2 b2 z2 ð2Þ
where a2, b2, and c2 are its constant parameters. With a2 ¼10,
b2 ¼8/3, c2 ¼ 28, system has chaotic behavior (Li and Yin, 2009)
which has been illustrated in Fig. 1(d)–(f) via the projection of
system attractors of its state space trajectories.
C. Lü system: The chaotic Lü system model can be described as
(Lü et al., 2002):
x_ 3 ¼ a3 ðy3 x3 Þ
y_ 3 ¼ x3 z3 þc3 x3
z_ 3 ¼ x3 y3 b3 z3 ð3Þ
where a3,b3, c3 are parameters. With a3 ¼36,b3 ¼3, c3 ¼20,
system has chaotic behavior (Lü et al., 2002). Trajectories of
the state variables of this chaotic system are also shown in
Fig. 1(g)–(i).
2.2. The tent map and its properties
The discrete chaotic tent map is a 1-D piecewise-linear map
defined by the following equation (Masuda and Aihara, 2002):
( S 
ax , 1 r x ra
f Tent ða,xÞ ¼  S  ð4aÞ
Sa ðSxÞ þ1, a oxrS
where a(aA[1,S]) is an integer determined by user, and, bxc and
dxe denotes floor and ceiling of x, respectively. Generally, S is
selected according to the plaintext. For an 8-bit image, S¼256 is
intuitive. The discrete tent map is a one-to-one mapping. In order
to illustrate the impact of tent map on a time series, a 16  16
block of Lena image is selected and arranged in the form of time
series and then applied as the input to the tent map system. The
resulting time series is shown in Fig. 2. As seen, the output of the
tent map system has chaotic behavior, while the input of this
system has a quasi-periodic behavior.
The inverse of above-mentioned tent map is also defined as
(Masuda and Aihara, 2002):

 ða=S1Þy

generating secret keys as well as neural network parameters. The 2.3. CAT map permutation algorithm
details of implementing this network will be described in Section
3. Beforehand, a short introduction to the employed chaotic In the permutation stage of image cryptosystems, three types
systems, the tent map and the Cat map permutation algorithm of two-dimensional chaotic maps are usually employed: the
will be presented in this section. Standard map, Cat map and generalized Baker map. Cat map is
the commonest map used in the literature. Suppose the size of the
2.1. The employed chaotic systems original grayscale image D is N  N and the coordinates of the
pixel positions are SI ¼{(x,y)9x,y¼1,2,y,N}. Cat map is described
A. Chua system: The chaotic Chua system is modeled by the as (Xiao et al., 2009):
following equations (Botmart and Niamsup, 2007): ! ! " # !
x^ x 1 p x
x_ 1 ¼ a1 ðy1 f ðx1 ÞÞ ¼Q modðNÞ ¼ modðNÞ ð5Þ
y^ y q pq þ 1 y
y_ 1 ¼ x1 y1 þz1
z_ 1 ¼ b1 y1 ð1Þ
where, p and q are positive integers which are called Cat map
3
where a1, b1 are constant parameters and f ðx1 Þ ¼ 2x1 x1 =7. control parameters and the (x,y) and ðx^ , y^ Þ are the original and the
With a1 ¼10, and b1 ¼100/7 system has chaotic behavior new positions, respectively. Since detðQ Þ ¼ 1, the map is area-
(Botmart and Niamsup, 2007). The projection of chaotic preserving.
 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765
Fig. 1. The projections of chaotic attractors for: (a)–(c) Chua system, (d)–(f) Lorenz system, and (g)–(i) Lu system.
3. The proposed image encryption and decryption scheme
In this section, the step by step procedures and the properties
of the proposed image encryption scheme as well as its decryp-
tion process will be described.
3.1. Encryption algorithm
The flowchart of the proposed encryption process is shown in
Fig. 3(a). As it is seen in this figure, three distinct blocks comprise
the encryption system: a chaotic key generator block, chaotic
neuron layer (CNL) and permutation neuron layer (PNL). Each of
the last two layers is 3-input 3-output and includes three
neurons. The chaotic key generator block supports these layers
by their corresponding weights and biases. The details of layer
interactions are illustrated in Fig. 3(b) and (c). In Fig. 3(b), the
inputs of CNL are the RGB components of the input image. A
linear combination of the inputs are passed through two non-
linear stages i.e. nonlinear normalization and bitxor operations
755
and then enter to the activation function block which is a chaotic
tent map. The output of this layer is the diffused information
which is the input of the PNL. In this layer, the permutation is
done in two steps. In the first step, a linear permutation is applied
to the secret data. The permutation matrix is generated by the
chaotic key generator block. The permuted strings are then
nonlinearly shuffled via 2-dimensional Cat map permutation
algorithm (Section 2.3). This procedure is repeated several times
(R times) to achieve higher security and more complexity. In more
details, the encryption process may be summarized in the
following steps:
Step 1: In the proposed algorithm, 160 bits authentication
code is used as secret keys. Therefore, the key space size is
2160. Select a sequence of 160 bits as the authentication code K,
and then split them into five groups, that are further mapped
into nine initial parameters x1(0),y1(0), z1(0), x2(0), y2(0), z2(0),
x3(0), y3(0) and z3(0). In Fig. 4 it is shown that how the secret
keys are generated from the authentication code. Next, set R as
756 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Fig. 2. (a) A sample input of the tent map system and (b) the corresponding output of the tent map system.

Fig. 3. (a) The flowchart of encryption process, (b) Chaotic neuron layer, and (c) Permutation neuron layer.

Fig.4. The method of nine secretes keys generation from a 160 bits authentication code.

the number of iterations, and N0 as the complementary matrices in the following way:
secret keys. 2 3
x1 ðN0 þ iÞ x2 ðN0 þ iÞ x3 ðN0 þ iÞ
Step 2: Iterate three chaotic Chua, Lorenz and Lü systems using 6 y ðN þ iÞ y ðN þiÞ y ðN þiÞ 7
Runge–Kutta algorithm for N0 times to avoid the harmful
W dl,i ¼ 4 1 0 2 0 3 0 5 þ aI ð6Þ
effect of transitional procedure, thus x1(N0), y1(N0), z1(N0), z1 ðN0 þ iÞ z2 ðN0 þ iÞ z3 ðN0 þ iÞ
x2(N0), y2(N0), z2(N0), x3(N0), y3(N0) and z3(N0) are gotten. Call
r the iteration number. Set r ¼1. aðj,iÞ ¼ modð9xj ðN 0 þ iÞ9f loorðxj ðN 0 þ iÞÞÞ1014 ,255Þ þ 1, j ¼ 1,2,3
Step 3: Since the image D is a N  N pixels image, for T
Al,i ¼ ½að1,iÞ,að2,iÞ,að3,iÞ
N0 þi,i¼(r 1)  (N  N)þ1,y,r  (N  N) iterate the three
chaotic systems, where i¼1, 2,y represents the ith iteration bðj,iÞ ¼ dec2biðmodð9yj ðN 0 þiÞ9Þf loorðyj ðN 0 þiÞÞÞ
of chaotic systems. For each iteration compute Wdl ,Bdl and Al 1014 ,255Þ þ 1, j ¼ 1,2,3
 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765
Bdl,i ¼ ½bð1,iÞ,bð2,iÞ,bð3,iÞT
where, Wdl,i is the weight matrix and Bdl,i and Al,i are the bias
matrices of CNL, mod(x,y) returns the remainder after division,
floor(x) rounds the elements of x to the nearest integers less
than or equal to x and dec2bi(x) converts decimal number x to
a binary value. Besides, I is a 3  3 identity matrix, and the
parameter a prevent from occurrence the singularity problem
in W 1
dl,i matrix. The next matrix to be determined is Wcl. This
matrix is the weight matrix of PNL and is employed for the
linear shuffling of the three color components of the output of
CNN, i.e. in order to change the positions of the (R, G, B)
components of the image. Therefore, it consists of 3  3 matrix
with just one ‘1’ in each of its rows/columns. In order to
determine Wcl, let us define:
Di ¼ ½x1 ðN0 þ iÞ,y2 ðN 0 þiÞ,z3 ðN 0 þiÞ
w1,i ¼ argðmaxðDi ÞÞ
w2,i ¼ argðminðDi ÞÞ
where, by argðmaxðDi ÞÞ, we mean the index of the maximum
value in the vector Di. Then the non–zero term of first and
second rows of matrix Wcl,k is determined as
W cl,i ð1,w1,i Þ ¼ W cl,i ð2,w2,i Þ ¼ 1
and, the non-zero term of the third row is determined such
that it exists just one ‘1’ in each row/column of the matrix Wcl,k
( for example: [010;001;100]  [R, G, B] ¼[G, B, R]). Then, the
control parameters of Eq. (5) are derived as (Wang et al., 2009)
pi ¼ f loor½modðz1 ðN0 þ iÞ  224 ,NÞ
qi ¼ f loor½modðmodðz1 ðN0 þ iÞ  248 ,224 Þ,NÞ
Step 4: Suppose that the input image P is N  N pixels. Then,
corresponding to each pixel k, there is a vector Xk of order
three with the RGB components of the pixel as its entries
Xk ¼[Rk,Gk,Bk]T,k¼1,y,(N  N). Then the total color information
of the image will be a 3  (N  N) matrix X with columns
Xk,k¼1,y,(N  N). Compute the matrix X as the input of CNL.
Step 5: Considering Fig. 3, in order to generate the secret
information, several operations are applied to each column of
matrix X, i.e. Xk,k¼1,y,(N  N) and i¼(r  1)  (N  N)þ 1,y,
r  (N  N) as
Y 1,k ¼ W dl,i X k
– Normalization (mapping the values of Y1,k into interval
[1,255]):
Y 1,k -½1,255
Y 1,k ! Y 2,k ¼ NðY 1,k Þ
where, NðxÞ ¼ q1 tanhðq2 xÞ þq3 , and q1,q2,q3 are constant
parameters.
– Manipulation:
Y 3,k ¼ f loorðY 2,k Þ þmodðY 2,k ,f loorðY 2,k ÞÞ ¼ Y 31,k þ Y 32,k
Fig. 5. The flowchart of decryption process.
757
– XOR operation
ð7Þ
Y 4,k ¼ Y 31,k  Bdl,i ð13Þ
– Applying chaotic activation function
Y 5,k ¼ f ðY 4,k ,Al,i Þ þY 32,k ð14Þ
where, the symbol  in Eq. (13) represents the exclusive OR
operation bit-by-bit, and f(  ) in Eq. (14) is the chaotic tent map as
introduced in Eq. (4a).
Step 6: The output of the CNL is the 3  (N  N) matrix Y5
which is then permuted in two stages by PNL. At first, each
column of Y5 i.e. Y5,k,k¼1,y,(N  N) is linearly permuted as
Y 6,k ¼ gðW cl,i Y 5,k þ Bcl,i Þ ð15Þ
ð8aÞ Usually, the structure of the neural network layers (activation
functions of neurons, weight matrix and bias vector) are
regulated regarding the design purposes. Here, our purpose
is to change the positions of the red, blue and green compo-
nents of the image using the neural structure, i.e. linear neuron
ð8bÞ with proper weights, but and without biases. Therefore, it is
assumed that g(x)¼x, Bcl,i ¼ [0,0,0]T, and the calculation of
weight matrix Wcl,i is as clarified in step 3.
Step 7: In this stage, the output of the linear permutation stage
are shuffled. For this purpose, each row of matrix Y6 is
arranged in a N  N matrix and thus three output N  N
matrixes are provided. Then, each matrix is permuted in
ð9Þ two-dimensional by Cat map permutation algorithm of
Section 2.3. Considering the three nonlinearly permuted
matrices as three planes of encrypted image (red, green, blue),
the output encrypted image is derived, which is called Y7.
Step 8: If the current round is not the final round of encryption
(r oR), then set P¼ Y7. Set r ¼r þ1 and return to step 3.
Otherwise, set Pfinal ¼Y7 is the final cipher-image and encryp-
tion process is completed.
3.2. Decryption algorithm
In the decryption stage, the reverse of encryption process
ð10Þ
should be performed. Therefore, the inverse of PNL and CNL
operations should be synthesized and applied to the encrypted
image, iteratively. The decryption process flow chart has been
shown in Fig. 5. From this figure, the decryption process can be
summarized as
ð11Þ
Step 1: Considering the authentication code K, generate secret
keys of x1(0),y1(0), z1(0), x2(0), y2(0), z2(0), x3(0), y3(0) and
z3(0). Having known R and N0, iterate the three chaotic Chua,
Lorenz and Lü systems (Eqs. (1) to (3)) for i¼1,y,N0 þR 
ð12Þ
(N  N). Set r ¼R. Set the input image H¼Pfinal.
758 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

1
Step 2: For N0 þi,i ¼(r  1)  (N  N)þ1,y,r  (N  N), compute H4,k ¼ f Tent ðAl,i ,H31,k Þ ð18Þ
the p, q, Wcl, Bcl, Al, Bdl and Wdl matrices using Eqs. (6)–(8).
H5,k ¼ H4,k  Bdl,i ð19Þ
Step 3: For each plane of encrypted image, H, execute the
reverse action of nonlinear permutation employing Eq. (5). Call H6,k ¼ H5,k þ H32,k ð20Þ
it H1. Represent H1 in a 3  (N  N) matrix form.
Step 4: Considering H1,k,k¼ 1,y,(N  N) as the kth column of
matrix H1, and i¼ (r 1)  (N  N)þ1,y,r  (N  N), the inverse – De-normalization (inverse mapping of Eq. (11)):
of linear permutation is done as
½1,255-H7,k
H2,k ¼ W cl,i 1 ðg 1 ðH1,k ÞBcl,i Þ ð16Þ H6,k ! H7,k ¼ N 1 ðH6,k Þ ð21Þ

H8,k ¼ W 1
dl,i H 7,k ð22Þ
Step 5: The secret information is decodes as 1
– Manipulation: where, in Eq. (18), is the inverse of chaotic tent map as it
f Tent
is defined in Eq. (4b), and N  1(  ) in Eq. (21) is the inverse of
H3,k ¼ f loorðH2,k Þ þ modðH2,k ,f loorðH2,k ÞÞ ¼ H31,k þ H32,k ð17Þ normalization function in Eq. (11).

Fig. 6. Histogram analysis: (a, b, c, d) the plain of original ‘‘Lena’’ image and the corresponding histograms of red, green and blue channels of the plain image; (e, f, g, h) and
(i, j, k, l) the same plots but for the encrypted and decrypted images, respectively.
 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 759

Step 6: Convert the 3  (N  N) matrix of H8 to the N  N pixel 4. Performance and security analysis
image with three color component. If r 41, set r ¼r  1, H¼ H8
and go to step 2. Otherwise, decryption process has been A good encryption procedure should be robust against all
completed and H8 is the decrypted image. kinds of cryptanalytic, statistical and brute-force attacks. Some
security analysis has been performed on the proposed image
encryption scheme.
Remark 1. In the proposed block-cipher, three components of
color image, i.e., R, G, B, comprises the input of the CNN. Thus,
with arranging the pixels of gray-level image in certain order as 4.1. Key space security
8
< R ¼ Pi ,
>
G ¼ P i1 , ð23Þ The security of key includes two aspects. One is the size of the
>
:B¼P , key space, which characterizes the capability of resisting brute-
i2
force attack. A short key means that the best encryption algorithm
The process of encrypting color image can be applied to the can be broken by exhaustive search (also known as brute-force
gray-level image similarly until the cipher image satisfies the attacks) in a reasonable amount of time, while the reverse is not
desired performance requirement. true. The other is the key non-recovery property. It must be

Fig. 7. Histogram analysis: (a, b, c, d) the plain of original ‘‘Baboon’’ image and the corresponding histograms of red, green and blue channels of the plain image; (e, f, g, h)
and (i, j, k, l) the same plots but for the encrypted and decrypted images, respectively.
760 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

computationally infeasible to recover the key. In our algorithm, a
160 bits authentication code is used as secret keys. Moreover, the
parameters R, N0, p, q could also be used as the secret keys.
Therefore, an authentication code of at least 224 is feasible for the
proposed algorithm. In order to examine if the selected key size is
enough, the suggestions in (Lian, 2009; Lenstra and Verheul,
2001; NIST Special Publication 800-133, 2011; Bennett et al.,
1997; Ferguson and Schneier, 2003) has been considered, here. In
(Lian, 2009), Lian suggested that the key space should be at least
264 for a sufficient security level against brute-force search
attacks. The proposed cryptosystem has fulfilled this requirement.
In (Lenstra and Verheul, 2001), Lenstra and Verheul took the data
points from attacks on keys of various lengths and extrapolated
them via Moore’s Law. They concluded that in 2030, it seems that
a 93-bit key size is sufficient for security against the brute-force
attacks, and that in 2050 this will be true for a 109-bit key. From
this, one might conclude that, a 128-bit key is sufficient to keep
data confidential for the next few decades. In (NIST Special
Publication 800-133, 2011), NIST, presumably based on similar
types of calculation, recommend a minimum of 128 bits of
strength to keep data confidential ‘‘beyond 2030’’. Thus, in order
to insure the required level of security, an authentication code of
160 bit which has been considered in the proposed method seems
a proper choice. On the other hand, in (Bennett et al., 1997) it has
been proved that a brute-force key search on a quantum compu-
ter cannot be faster than roughly 2n/2 invocations of the under-
lying cryptographic algorithm, compared with roughly 2n in the
classical case. Thus, in the presence of large quantum computers
an n-bit key can provide at least n/2 bits of security. This is one of
the reasons why AES supports a 256-bit key length (Ferguson and

Fig. 8. Histogram analysis: (a, b, c, d) the plain of original ‘‘Peppers’’ image and the corresponding histograms of red, green and blue channels of the plain image; (e, f, g, h)
and (i, j, k, l) the same plots but for the encrypted and decrypted images, respectively.
 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765
Schneier, 2003). Quantum brute force is easily defeated by
doubling the key length, which has little extra computational
cost in ordinary use. This implies that at least a 218-bit key is
required to achieve 109-bit security rating against a quantum
computer up to about 2050. A conclusion can be drawn that the
key space of the proposed algorithm is large enough to resist the
brute-force attack, for the next few decades, even if quantum
computing is employed.
Additionally, compared with the proposed methods in (Yen
and Guo, 1999; Lian, 2009), this algorithm is of higher security
against known-plaintext or selected-plain text attacks. In the
algorithm proposed in (Yen and Guo, 1999), only weight matrices
are used as keys, which can be recovered by known-plain text or
select-plain text attackers. In the proposed method, in addition to
the weight matrices, the chaotic function f(  ) and the parameters
R, N0, p, qcan be used as keys, which make attackers more difficult
to recover these keys. Furthermore, the weight and bias matrices
are constructed from three different chaotic maps and are
different for each pixel in different iterations. Chaotic activation
functions and chaos-based 3-dimentional shuffling makes this
method more robust against variable attacks. Therefore, for
successful decryption of the encrypted data, in addition the secret
keys, the above-mentioned parameters and functions as well as
the decryption process must be known.
4.2. Histogram analysis
An image histogram illustrates the distribution of pixels’
density versus their color intensity level. To show the feasibility
of the proposed scheme, we employed the 256  256 ‘‘Lena’’,
‘‘Baboon’’ and ‘‘Peppers’’ color images as our plain color images.
Taking R¼2, the plain-images, cipher-images and the decrypted
images mid the underlying histograms of these images versus
their three main components (red, green and blue colors) have
been shown in Figs. 6–8. As it is illustrated, the histograms of the
cipher-image are fairly uniform, and have good statistical proper-
ties resembling white noise. In this manner, no information could
be achieved from the encrypted image about the order of pixels in
the original image and hence does not provide any clue to employ
any statistical attack on the proposed image encryption procedure.
Similar situation has been observed for other images (not
shown here).
Additionally, the Lena ciphered image in the gray-level form
with the proposed algorithm is compared with the traditional
cipher AES (Mollin, 2006) and the algorithm only based on tent
map (Masuda and Aihara, 2002) as well as chaotic neural network
of (Lian, 2009). In the experiments, the image is encrypted by AES
(Mollin, 2006), the algorithm (Masuda and Aihara, 2002), chaotic
neural network of (Lian, 2009) and the proposed algorithm,
respectively. Seen from the results shown in Fig. 9, the images
Fig. 9. Comparison of image encryption results. (a) AES algorithm (Mollin, 2006), (b) the algorithm in (Masuda and Aihara, 2002), (c) chaotic neural network in (Lian, 2009)
and (d) proposed algorithm.
761
encrypted by AES (Mollin, 2006), and the algorithm (Masuda and
Aihara, 2002) are still intelligible, some patterns in the encrypted
image by the chaotic neural network in (Lian, 2009) are also
intelligible in Fig. 9(c), while the proposed algorithm encrypts the
image into an unintelligible one (Fig. 9(d)).
4.3. Key sensitivity
In order to demonstrate the key sensitivity of our algorithm,
several experiments have been done under the same condition but
with a small mismatch in secret keys. That is, in each case, a
relative mismatch of order 10  14 exists in just one of the secret
keys. Here, we only represent the variation of four parameters from
total keys. The secret keys of the different scenarios are chosen as
i. x1 ð0Þ ¼ 0:3 þ1e14 ¼ 0:30000000000001,
x2 ð0Þ ¼ 1, x3 ð0Þ ¼ 1:75, z3 ð0Þ ¼ 2:75
ii. x1 ð0Þ ¼ 0:3, x2 ð0Þ ¼ 1 þ 1e14 ¼ 1:0000000000001,
x3 ð0Þ ¼ 1:75,
z3 ð0Þ ¼ 2:75
iii. x1 ð0Þ ¼ 0:3, x2 ð0Þ ¼ 1,
x3 ð0Þ ¼ 1:75 þ 1e15 ¼ 1:750000000000001, z3 ð0Þ ¼ 2:75
iv. x1 ð0Þ ¼ 0:3, x2 ð0Þ ¼ 1, x3 ð0Þ ¼ 1:75,
z3 ð0Þ ¼ 2:75 þ 1e16 ¼ 2:750000000000001
Fig. 10 shows the decryption result for Lena image for these four
scenarios with r ¼1. For each case, the decrypted image as well as
the corresponding histogram of H8 in Eq. (22) has been shown. As
it is seen, even with such a small mismatches in the secret keys,
the decrypted image is absolutely different from the real plain-
image. Besides, the histograms have negative values. This obser-
vation shows that just such a small mismatch in the secret keys
results in incorrect decrypted pixels both in value and sign.
Especially, this behavior makes decryption impossible when r is
greater than one. This is that to this fact that the input of inverse
of tent map (f  1 in Eq. (4b)) must be positive, and XOR operation
with negative number is impossible. Therefore, negative values in
the first round of decryption makes would block the decryption
procedure. This is, however, due to the high complexity and the
chaotic properties of the proposed algorithm. From this property,
it is seen that the proposed algorithm show very high robustness
against just a small mismatch which implies a very high security
in data encryption.
762 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765

Fig. 10. The sensitivity analysis with respect to the secret key for relative mismatch of order 1e-14 (a) mismatch in x1(0), (b) mismatch in x2(0), (c) mismatch in x3(0) and
(d) mismatch in z3(0).

4.4. Correlation coefficient analysis figure, it is observed that while two adjacent pixels in the original
are highly correlated, there is negligible correlation between the
As it is known, the correlation of between adjacent pixels in two adjacent pixels in the encrypted image. In the next stage, the
the original image is very high. An effective encryption algorithm correlation between two vertically adjacent pixels, two horizon-
should reduce the correlation between adjacent pixels. The tally adjacent pixels, two diagonally adjacent pixels, are also
following formula are used for calculation of the correlation computed for a batch of 5000 adjacent pairs of the original
coefficient (rxy) as and ciphered images. The correlation coefficients of proposed
NI cipher of Figs. 6(e), 7(e) and 8 (e) are compared with the
1 X traditional cipher AES (Zeghid et al., 2007), the algorithm
eðxÞ ¼ x
NI i ¼ 1 i (Rhouma et al.), and the algorithm in (Hongjun and Xingyuan,
1 X NI 2010), respectively, in Table 1. From Table 1, it is observed that
dðxÞ ¼ ðx eðxÞÞ2 the proposed image encryption have better performance in
NI i ¼ 1 i
comparison with other algorithms. Therefore, it can clearly be
NI
1 X seen that our algorithm can destroy the relativity effectively; the
covðx,yÞ ¼ ðx eðxÞÞðyi eðyÞÞ
NI i ¼ 1 i proposed image encryption algorithm has a strong ability to resist
covðx,yÞ statistical attack.
r xy ¼ pffiffiffiffiffiffiffiffiffipffiffiffiffiffiffiffiffiffi ð24Þ
dðxÞ dðyÞ
where x and y are the gray values of two adjacent pixels in the
image, covðx,yÞ is the covariance, d(x) is the variance and e(x) is 4.5. Information entropy analysis
the mean. For example, in Fig. 11, the correlations of both
vertically and horizontally adjacent pixels in Lena plain-image The information entropy is defined to express the degree of
and ciphered image have been compared. From the graphs in this uncertainties in a system. For a message source m, the information
 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 763

Fig. 11. Correlation of two adjacent pixels: (a) and (b) the distribution of two horizontally adjacent pixels in the plain and cipher images, respectively; (c) and (d) the
distribution of two vertically adjacent pixels in the plain and cipher images, respectively.

Table 1
Correlation coefficients of the original image Lena and the cipher-images obtained by the proposed scheme and the three
comparable block ciphers.

Scheme Vertical Horizontal Diagonal

Original image 0.9882 0.9856 0.9669

AES (Zeghid et al., 2007) 0.077 0.066 –

Algorithm (Rhouma et al.) 0.0845 0.0681 –

Algorithm (Hongjun and Xingyuan, 2010) 0.0965  0.0318 0.0362

Proposed algorithm
Lena 0.00122 0.00183  0.00119
Baboon 0.00141 0.00257 0.00096
Peppers  0.00085 0.00131  0.00192

entropy H(m) can be calculated as Table 2

Information entropies of the cipher-images obtained by the proposed scheme and
Nm
2X1 the two comparable block ciphers.
1
HðmÞ ¼  pðmi Þlog ð25Þ
i¼0
pðmi Þ Scheme R G B

where p(mi) represents the probability of occurrence of mi, and log Algorithm (Rhouma et al.) 7.9732 7.9750 7.9715
denotes the base 2 logarithm. For a random process, every symbol Algorithm (Hongjun and Xingyuan, 2010) 7.9851 7.9852 7.9832
has equal probability. Therefore, for example, for Nm ¼8, every
Proposed algorithm
symbol in m ¼ fm1 ,m2 ,. . .,m28 g has equal probability of Lena 7.9981 7.9962 7.9974
p(mi)¼2  8. Such a distribution results in the entropy H(m)¼8. Baboon 7.9967 7.9941 7.9985
Here, the performance of the proposed encryption/decryption Peppers 7.9975 7.9978 7.9933
method has been examined via analyzing the information entropy
of the ciphered image of Fig. 6(e). For the ciphered image, the
information entropy has been calculated for gray level value of the results show that the cipher-image is close to a random source and
pixels which is H(m)¼ 7.9951, while this value for the ciphered the proposed algorithm is secure against the entropy attack.
image with AES algorithm (Zeghid et al., 2007) is H(m)¼7.91.
Additionally, the information entropies of the three color compo- 4.6. Speed analysis
nents (R, G, B) of Figs. 6(e), 7(e) and 8 (e) are compared with the
algorithms (Rhouma et al.; Hongjun and Xingyuan, 2010) in Apart from the security considerations, some other issues on
Table 2. Our scheme leads to the highest entropy compared with image encryption are also important, such as the running speed
the other algorithms. They are very close to the ideal value 8. The for real-time image encryption/decryption. Here, the simulator
764 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765
Table 3
Average encryption/decryption speed of the proposed method in comparison with
other methods.
Scheme Encryption Decryption
speed speed
AES (Zeghid et al., 2007) 19.18 18.95
Algorithm (Rhouma et al.) 7.67 7.46
Algorithm (Hongjun and Xingyuan, 9.69 9.56
2010)
Proposed algorithm 12.06 11.85
for the proposed cryptosystem is implemented using Matlab
7.7.0. Performance was measured on a 1.60 GHz Pentium IV with
512 Mbytes of RAM running Windows XP. To evaluate the run-
ning speed, the different images have been encrypted/decrypted
by the proposed cryptosystem ten times and the average time and
speed have been evaluated. Simulation results show that the
average encryption/decryption time is 54.1 ms for encryption and
55.95 ms for decryption and the average encryption/decryption
speed is 12.06 MB/s for encryption and 11.85 MB/s for decryption.
In order to show the strength of the proposed method, the
encryption/decryption speed of the proposed method has been
compared with that of the AES algorithm (Zeghid et al., 2007) and
the algorithms of (Rhouma et al.; Hongjun and Xingyuan, 2010) in
Table 3. As seen in this table, compared to the other algorithms,
the proposed method is fast. However, although the AES algo-
rithm seems faster than the proposed algorithm, but it suffers
from lack of sufficient security as mentioned in last sections.
5. Summary and conclusions
In this paper, a novel image encryption scheme based on
chaotic neural networks (CNN) is proposed. The employed CNN is
a 3-input 3-output network comprised of two 3-neuron layers
called chaotic neuron layer (CNL) and permutation neuron layer
(PNL). The values of three RGB (Red, Green and Blue) color
components of image constitute inputs of the CNN and three
encoded streams are the network outputs. CNL is a chaotic layer
where, three well-known chaotic systems i.e. Chua, Lorenz and Lü
systems participate in generating weights and biases matrices of
this layer corresponding to each pixel RGB features. Besides, a
chaotic tent map is employed as the activation function of this
layer. The output of CNL, i.e. the diffused information, is the
input of PNL. In PNL a linear permutation in conjunction with a
2-dimensional nonlinear shuffling obtains three-dimensional per-
mutation. The overall process is repeated several times to make it
more robust and complex. The proposed method has 160-bits
authentication code with two additional secret keys where a
slight mismatch in one of them results in severely decrypted
image. The main features of the proposed algorithm may be
summarized as
 Key space: The proposed algorithm has large key space
including a 160-bits authentication code which could be
extended up to 224 bits. It has been shown that the key space
of the proposed algorithm is large enough to resist the brute-
force attack, for the next few decades, even if quantum
computing is employed.
 Key Sensitivity: The analyses show that just such a small
mismatch of order 10–14 in the secret keys results in incorrect
decrypted pixels both in value and sign. Especially, this
behavior makes decryption impossible when the number of
encryption iterations is greater than one.
 Complexity: The proposed algorithm has remarkable com-
plexity and mixture characteristics. In the proposed algorithm,
the weight and bias matrices are constructed from three
different chaotic maps and are different for each pixel in
different iterations. Chaotic activation function and chaos-
based 3-dimensional shuffling makes this method more robust
against variable attacks. Therefore, for successful decryption of
the encrypted data, in addition the secret keys, these functions
and their parameters as well as the decryption process must
be known.
 Performance analysis: Simulation results for both gray-level
and color images have been demonstrated to evaluate and
compare its performance with that of other block ciphers. The
results show that the proposed scheme leads to the highest
security level in terms of the key space, key sensitivity,
correlation coefficients, entropy and computational complex-
ity of the cipher-images.
 Computational speed analysis: The computational speed
analysis of the proposed method is representative of high
speed of encryption/decryption as well as reasonably low time
of computation.
References
Botmart, T., Niamsup, P., 2007. Adaptive control and synchronization of the
perturbed Chua’s system. Math. Comput. Simulation 75 (1–2), 37–55.
Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, U., 1997. The strengths and
weaknesses of quantum computation. SIAM J. Comput. 26 (5), 1510–1523.
Chen, G., Mao, Y., Chui, C.K., 2004. A symmetric image encryption scheme based on
3D chaotic cat maps. Chaos Solions Fractals 21, 749–761.
Chan, C., Cheng, L., 2001. The convergence properties of a clipped Hopfield
network and its application in the design of key-stream generator. IEEE Trans.
Neural Network 12 (2), 340–348.
Ferguson, N., Schneier, B., 2003. Practical Cryptography. John Wiley and Sons.
Hongjun, L., Xingyuan, W., 2010. Color image encryption based on one-time keys
and robust chaotic maps. Comput. Math. Appl. 59, 3320–3327.
Joshi, M., Shakher, C., Singh, K., 2009. Logarithms-based RGB image encryption in
the fractional Fourier domain: a non-linear approach. Opt. Lasers Eng. 47 (6),
721–727.
Karras, D.A., Zorkadis, V., 2003. On neural network techniques in the secure
management of communication systems through improving and quality
assessing pseudorandom stream generators. Neural Networks 16 (5-6),
899–905.
Lian, S., 2009. A block cipher based on chaotic neural networks. Neurocomputing
72, 1296–1301.
Lain, S.G., Chen, G.R., Cheung, A., Wang, Z.Q., 2004. A chaotic-Neural-Network-
based encryption algorithm for JPEG2000 encoded images. In: Proceedings of
the 2004 IEEE Symposium on Neural Networks (ISNN2004), Dalian, China,
Lecture Notes in Computer Science, Springer, Berlin, 3174, pp. 627–632.
Lian, S., Sun, J., Wang, Z., 2006. Secure Hash function based on neural network.
Neurocomputing 69, 16–18.
Li, D., Yin, Z., 2009. Connecting the Lorenz and Chen systems via nonlinear control.
Commun. Nonlinear Sci. Numerical Simulation 14 (3), 655–667.
Lü, J., Chen, G., Zhang, S., 2002. The compound structure of a new chaotic attractor.
Chaos Solitons Fractals 14 (5), 669–672.
Lenstra, A.K., Verheul, E.R., 2001. Selecting cryptographic key sizes. J. Cryptology
14 (4), 255–293.
Masuda, N., Aihara, K., 2002. Cryptosystems with discretized chaotic maps.
IEEE Trans. Circuits and Systems-I: Fundam. Theory Appl. 49 (1), 28–40.
Mollin, R.A., 2006. An Introduction to Cryptography. CRC Press, New York.
NIST Special Publication 800-133, July 2011. Recommendation for Key Manage-
ment: Part 1, NIST.
Rhouma, R., Meherzi, S., Belghith, S. OCML-based colour image encryption, doi:10.
1016/j.chaos.2007.07.083.
Socek, D., Culibrk, D., 2005. On the security of a clipped Hopfield neural network
cryptosystem. In: 7th ACM Multimedia and Security workshop, pp. 71–75.
Tong, X., Cui, M., 2008. Image encryption with compound chaotic sequence cipher
shifting dynamically. Image Vision Comput. 26 (6), 843–850.
Tong, X., Cui, M., 2009. Image encryption scheme based on 3D baker with
dynamical compound chaotic sequence cipher generator. Signal Process. 89
(4), 480–491.
Wei, J., Liao, X., Wong, K., Xiang, T., 2006. A new cryptosystem. Chaos Solutions
Fractals 30, 1143–1152.
 N. Bigdeli et al. / Engineering Applications of Artificial Intelligence 25 (2012) 753–765 765

Wong, K.W., Kwok, B.S.H., Law, W.S., 2008. A fast image encryption scheme based
on chaotic standard map. Phys. Lett. A 372 (15), 2645–2652.
Wang, Y., Wong, K.W., Liao, X., Xiang, T., Chen, G., 2009. A chaos-based image
encryption algorithm with variable control parameters. Chaos Solutions
Fractals 41 (4), 1773–1783.
Xiao, D., Liao, X., Wong, K.W., 2005. An efficient entire chaos-based scheme for
deniable authentication. Chaos Solutions Fractals 23, 1327–1331.
Xiao, D., Liao, X., Wei, P., 2009. Analysis and improvement of a chaos-based image
encryption algorithm. Chaos Solitons Fractals 40 (5), 2191–2199.
Yen, J., Guo, J., 1999. A chaotic neural network for signal encryption/decryption
and its VLSI architecture. In: Proceedings of the 10th VLSI Design/CAD
Symposium, Taiwan, pp. 319–322.
Zeghid, M., Machhout, M., Khriji, L., Baganne, A., Tourki, R.A., 2007. Modified AES based
algorithm for image encryption. World Acad. Sci. Eng. Technol. 27, 206–211.