A new image encryption scheme based on coupling map lattices with mixed multi-chaos

As a kind of spatiotemporal chaos, coupled map lattice (CML) is widely applied into image encryption because of its advantages of more complex dynamical behavior and lower computational overhead. Firstly, this paper proposed a novel spatiotemporal chaos model (MCML) by mixing Logistic, Sine and Tent maps into CML map together. Beyond that, we also change the structure of CML and the coupling method in different lattices. Bifurcation diagram, Lyapunov exponents and NIST test are employed to measure the chaotic behaviors of the MCML system. Secondly, by applying MCML chaos, we design a new key binding and distribution rule, the improved diffusion scheme to encrypt image. Furthermore, the novel bit Z-scan scrambling method also be used to enhance the security of the encryption scheme. Finally, a large number of experimental results prove that our proposed scheme is suitable for image encryption and has high security against common attacks.

www.nature.com/scientificreports www.nature.com/scientificreports/ model have larger range of parameters and higher Lyapunov exponents which are more suitable for the image encryption.
Traditional method of secret key generation is generally given a random bit stream. The key is independent with the plaintext so that it doesn't have enough ability to resist common attacks 13,14 . To resist the choice of plaintext attack, many researchers take hash value of all the plaintext as the key 15,16 . But it isn't desirable when the size of images is too large or the number of pictures is too many. It needs the long waiting time during the process of converting all plaintext into hash values. This paper introduces the key binding method that the random bit stream is disturbed by the average of all plaintext. We design a perfect key binding scheme and key distribution rule to ensure the sensibility of the encryption algorithm.
At present, most research works of the encryption schemes are committed to the improvement of scrambling process but less considered about the diffusion process. Generally, the diffusion process adopted a fixed formula by using a simple XOR operation [17][18][19] . As far as the diffusion process is concerned, we found that this model has a great defect [20][21][22] . Although we don't know the key, we still can get the equivalent random sequence by the image attack with all pixels of 0 or 1. Therefore, we propose an improved diffusion method by converting a portion of the pixel's values from an integer to a decimal point. At the same time, the chaotic sequences of MCML and nonlinear functions are stacked to produce a better diffusion effect by the rule we defined. The control parameter of nonlinear function is decided by decimal chaotic data and keep changing with different images. In addition, bit-level scrambling not only changes the position information, but also changes the value of the pixel, so that the bit-level based cryptosystem has higher security than pixel scrambling [23][24][25] . A new fast scrambling of pixel's position scheme for Z-scan method based on bit level is applied into our algorithms to achieve higher encryption security 26,27 . The non-repeated and random sequences are produced based on comparison between the numerical value of chaotic data and Z-scan strategy have better scrambling effect than progressive-Scan. The rest of the paper is organized as follows. Section 2 is the introduction of the proposed MCML model. Section 2.4 explain the key binding and distribution rule, the improved diffusion scheme and the bit Z-scan scrambling method. Section 3 presents the image encryption scheme using MCML system in detail. Section 4 is the experimental results, analysis and comparison. Finally, Section 5 is the conclusion of the paper.

the new mixed couple map lattices system
The definition of mixed couple map lattices. CML map is a typical spatiotemporal chaotic system which include some excellent advantages: more initial parameters, long periods, uneasy to be degraded and more complex nonlinear behavior, etc. 10 . Generally speaking, it considers the lattice of L logistic maps. It is defined as follows: where ε (0 ≤ ε ≤ 1) represents the coupling coefficient, i (i = 1, 2, …, L) denotes the lattice and f(x) is the logistic map as Eq. (2): In f(x), u (0 ≤ u ≤ 1) is the parameter. When u ∈ [0.87, 1], f(x) is in chaos. Even if the u changes a little, the sequence x will be completely different. In addition, Sine and Tent maps are another two normally used 1-D chaotic maps. They also can be applied in the CML as the nonlinear functions. The definition can be represented by the following Eqs. (3) and (4), respectively, where parameter α and β is within the range of (0, 1] and they have the same features with logistic map. Based on the above research work, this paper proposed a novel mixed couple map lattices (MCML) by applying Logistic, Sine, Tent maps into CML model together. Three different kinds of chaos are sequentially inserted into all the lattices in MCML. The overall framework of the new MCML model is described as follows:  As seen in Eq. (5), we not only use three different maps to build the structure of MCML model but also change the coupling method in different lattices. Compared with CML, the coupling coefficient ε is disappeared and MOD operation is used in MCML map. Anything else, the data at n + 1 time point is only related to the data at n time point in CML, we also make the data at n + 1 point have relationship with both n and n + 1 point. To achieve better chaos, we make the parameters of three chaotic systems interact with each other. In Logistic lattices, the parameters α, β in h(x) and g(x) equal 1 − u in f(x). In Sine lattices, the parameters u, β in f(x) and h(x) equal 1 − α in g(x). In Tent lattices, the parameters u, α of f(x) and g(x) equal 1 − β in h(x). The details are shown as follows: www.nature.com/scientificreports www.nature.com/scientificreports/ ( 1 ( 1 )) , 1 ) , ( )   www.nature.com/scientificreports www.nature.com/scientificreports/ these figures, we can find that the bifurcation behavior of three different map lattices of MCML and their trajectories are evenly distributed over the entire space from 0 to 1. Besides, the bifurcation diagram of the proposed MCML model without black and periodic windows are also the new features. Therefore, MCML is considered to be a spatiotemporal chaotic system suitable for cryptography. Figure 1(h,i) show the space-time plot of MCML system and CML system respectively. Obviously, the CML system shows the defect turbulence pattern. However, the MCML system shows the fully developed turbulence pattern and the chaotic defect do not occur.

Lyapunov exponents. Lyapunov exponents (LE) is an important indicator for evaluating the dynamic
behavior of chaotic systems and it is concerned with its predictability 8 . This paper adopts the wolf method to calculate all the LEs in every lattice of the proposed MCML and CML system. The Kolmogorov-Sinai entropy density is the average of the positive LEs of all lattices. Here, the entropy density h is employed to indicate whether a system is chaotic and the dynamics performance of chaos, which is described as Eq. (6).
where L represents the number of lattices, λ + i ( ) indicates the positive LE of the i-th lattice output time series. With the fixed α = 0.3187, β = 0.2559, we consider the entropy density h as the LE of MCML system and do the contrast experiment between the Logistic map, Sine map, Tent map and CML system. The result is shown in Fig. 2. Obviously, MCML system possesses higher exponents than logistic map, Sine map, Tent map and CML system so that the chaotic orbits generated by MCML are much harder to predict. At the same time, it is chaos when u is in (0, 1). Therefore, the secret key space has increased significantly and it means higher security if MCML is applied into image encryption. niSt test of chaotic sequence. In order to further analyze the random characteristics of chaotic sequence generated by MCML system, the National Institute of Standards and Technology (NIST) is adopted to detect the randomness of chaotic sequence in this paper.
First, let μ = 0.175127105787396, α = 0.506205391837284, β = 0.630946466699243, then gives rational initial iteration value of each lattice, chaotic sequence can be gotten. In this paper, we take the number of groups M=100 and the sequence length of each group N=1000000. And then the statistical tests are performed using NIST SP 800-22 suit. NIST test consists of 15 sub-tests, all tests can be used to estimate the randomness of the sequence. The test results mainly show the pros and cons of the pseudo-random sequence by analyzing the uniformity and pass rate of the sequence, in which probability value (P-value) represents the uniformity of the sequence, and Proportion represents the pass rate of the sequence 28 . In this paper, each test gives a significance level α=0.01. If P-value ≥ α, the sequence is random, otherwise the sequence is not random. The results are listed in Table 1. We can clearly see that most of the P-value are over 0.01 and the Proportion are over 98% except for overlapping template test. The results of statistical tests show that the pseudo chaotic sequences generated by MCML system have good randomness. the image encryption algorithm preliminary work. The key binding and distribution rule. The most of key streams are generated through the hash function with all plaintext as input and converted into one-time key as initial conditions and parameters of chaotic system 15,16 . However, it will cost a lot of calculation time. In this paper, with the average of plaintext values as interference source, the key binding and distribution rule is designed to realize a clear balance of sensitivity and time overhead. The details of rule are shown as follows: Step 1. Generate a random 256-bit binary secret key stream and convert it into a 64-bit hexadecimal number: key' . In our simulation experiments, 10 Step 3. Use k' to perturb the key' . Since the high bit has a greater amount of information, so the 1-th, 9-th, 17-th, 25-th, 33-th, 41-th, 49-th, 57-th of key' is replaced by k' , then, Step 4. In our design scheme, there are 7 initial conditions and parameters as keys: u, α, β, x 0 , y 0 , z 0 , c 0 . The distribution rule is given as follows: The improved diffusion scheme. Most of the diffusion process is based on the simple operation as Eq. (8) and it can quickly change the values of pixels [4][5][6][18][19][20] . p(i) is plaintext, c(i) represents cipher-text, s(i) is the pseudo-random integer chaotic sequence with values between 0 and 255.
But, after analysis, there is a huge security risk. If all pixel's values of an image are 0, the process of diffusion with using Eq. (8) to encryption can be described as follows: (2) (3) (1) (0), Then, we can easily get the equivalent chaotic sequence s. Due to above problem, we propose an improved diffusion scheme. It is shown as follows: www.nature.com/scientificreports www.nature.com/scientificreports/  To enhance the effect of encryption, the control parameter of nonlinear function is decided by decimal chaotic data and keep changing with different images. These measures ensure that it's hard to break the diffusion process and can't get the equivalent chaotic sequence s.
The bit Z-scan scrambling method. In the scrambling process, the random positions of pixels or bits are generated by the MOD operation but can't guarantee the occurrence of non-repetitive positions. Hence, A method to generate non-repeated and random data by sort the chaotic sequence is adapted. The following Fig. 3    www.nature.com/scientificreports www.nature.com/scientificreports/ mutual exchange of position coordinates. The process of bit Z-scan scrambling method is shown as the following Fig. 4. The result shows that our algorithm implements the function of scrambling and diffusion simultaneously.

the new image encryption algorithm using McML system
In this section, there are several highlights in our proposed algorithm. Firstly, due to the excellent dynamic performance and larger key space, the high-dimensional chaotic MCML model is applied to generate the random sequences. Secondly, the advanced secret key binding and distribution rules are used to produce the parameters, initial values and the improved diffusion scheme is employed to enhance security against the potential attacks. Finally, the bit Z-scan method not only achieve the effect of scrambling but also diffuse the encrypted image. Figure 5 gives a brief description of the encryption scheme.
Without loss of generality, we assume that the plain image P sized M × N, and the lattices of MCML system is N. The proposed scheme can be generalized as follows.
Step 1. Calculate the average of the plaintext and generate a random key stream. Through the defined key binding rule, we can get the finally key.
Step 2. According to the rules of distribution, we can achieve the parameters of MCML system: u in Logistic lattices, α in Sine lattices, β in Tent lattices and c 0 . At the same time, we also can get the initial values: x 0 , y 0 , z 0 in Logistic, Sine, Tent maps respectively. Take the x 0 , y 0 , z 0 into the following Eq. 10 and iterate N/3 times, then, put the data into the corresponding type of lattices. Finally, we can get the initial values of N lattices in MCML. Step 3. Iterate MCML system M times and the chaotic matrix S sized M × N is constructed. Taking Eq. (9) (the improved diffusion method) to change the values of P, then, the diffusion image Cbit is achieved after converting image in bit level.   Table 3. The comparison in information entropies. www.nature.com/scientificreports www.nature.com/scientificreports/ introduced algorithm has a length of 256 bit, so that the key space of the encryption scheme (2 256 ) is large enough to resist all kinds of brute-force attacks.

Sensitivity analysis. Key sensitivity analysis.
A qualified encryption algorithm should be extremely sensitive to minor changes to its secret key 24 . There are two aspects that can reflect key sensitivity: (1) a single bit change in the key should generate a totally different ciphered image, (2) if we use two decryption keys with minor differences to recover the encrypted image, the restored image should be totally different. Suppose K 2 and K 3 are two different keys derived from the original key K 1 with one-bit change. They are given as follows: The key sensitivity analysis result is shown in Fig. 7. Figure 7(a) shows the decryption Baboon with the original key K 1 and Fig. 7(b) is the wrong decryption image using K 2 . The difference between two images which are decrypted by the wrong key K 2 and K 3 is given in Fig. 7(c). In addition, when using K 1 and K 2 to encrypt ordinary images, the encryption results are completely different, and their difference is Fig. 7(d). As shown, our algorithm is extremely sensitive to secret key in both encryption and decryption.

K D B B BAF E C ED AE A EF F D EB A B AB K D B B BAF E C ED AE A EF F D EB A B AB K D B B BAF E C ED AE A EF F D EB
Plaintext sensitivity analysis. Obviously, A qualified encryption algorithm should also be extremely sensitive to its plaintext changes 22 . We encrypt two different Baboon image whose tiny change is only one pixel. Figure 8 shows the difference between two encrypted images. It shows that the encrypted result is totally different even if two plaintexts have one-pixel change. Therefore, the proposed algorithm has high plaintext sensitivity.
information entropy analysis. Information entropy provides the most important qualitative criterion for image randomness 7 . Let m be the information source, based on Shannon's theory, the calculation formula of information entropy is as follows: where P(m i ) is the occurrence probability of m i , M is the total state of the information source and the value of information source is between 0 and 255. The ideal theoretical value of information entropy of 256 gray-level images is about 8. The more closer it is to 8, the less possible an attacker can crack an image. The information entropy of ciphertexts is shown in Table 2.
As seen in Table 1, the entropy of all ciphers is closer to 8 and it proves that the ciphertext is random dataset of pixels. Meanwhile, we also provide the contrast data with other advanced schemes which is listed in Table 3. Compared with these existing algorithms, our scheme achieves a higher information entropy so that information leakage during the encryption process is negligible, and the proposed scheme is sufficient to resist entropy attacks.
Statistical attack analysis. The histogram analysis. The histogram of the image represents the distribution of the pixels. Generally speaking, the values for the plaintexts are concentrated in some grayscale levels, so their histogram is not uniform. To resist the potential statistical attacks, an encryption scheme should make the histogram of ciphertexts as flat as possible. The Pepper's and Baboon's histograms of plaintext and its histograms of ciphertext are presented in Fig. 9. As Fig. 9(b,d) shown, obviously, the histograms are very uniform, so it's hard to reveal any useful information which indicates that attackers can't deduce the original image by employing statistical analysis method.  where v i represents the real frequency of pixel value i appears and v 0 means expected frequency. In this paper, the significant level α = 0.05 and χ = .
. 293 24783 0 05 2 . Results of χ 2 test of plaintext images and ciphertext images are shown in Table 4. The data shows that the χ 2 value of ciphertext images are all blow critical value. We can infer that the distribution of pixel value of encrypted images is uniform, which means the proposed algorithm has good ability to resist statistical attack.
The correlation analysis between two adjacent pixels. The strong correlation between adjacent pixels is an important feature for an image and it can be applied to carry out cryptanalysis attack. Good encryption should achieve a sufficiently low correlation between adjacent pixels of a cipher image with horizontal, vertical and diagonal directions. 5000 pairs of adjacent pixels in Baboon's cipher image are selected randomly in three directions, and their correlation is as shown in Fig. 10. As seen in Fig. 10(d-f), the proposed algorithm dramatically randomized the pixels. www.nature.com/scientificreports www.nature.com/scientificreports/ In addition, calculate the correlation coefficient (CC) r xy for each pair using the following equation: xy where x and y are the pixel values of two adjacent pixels of an image, Select 3000 pairs pixels in three directions to calculate the correlation coefficients in every test. The test was performed 50 times and we recorded the average of each group. The details are listed in Table 5. The measured CC of plaintext are close to 1 while the ciphertext are nearly 0 which indicates the correlation between adjacent pixels have been successfully eliminated by our proposed algorithm 29,30 . In addition, the contrast experimental results with the different schemes are shown in Table 3. Compared to other cryptosystems, our proposed obtains the lower correlation values in all directions and achieves a better performance in image encryption effect.
Robustness analysis. It is easily contaminated by noise or the risk of data loss during transmission or storage over the network and physical channels 31 . An effective cryptosystem should be robust against data loss or noise interference to some extent. Randomly change pixel values of 2% (as shown in Fig. 11(a)). Figure 11(b-d) give the decryption results in different locations and numbers of data loss of ciphertext. Obviously, It is robust enough to withstand noise and data loss attacks to some extent.
Differential attack analysis. The ability of resisting differential attack is the most important requirement for all image encryption system, and also known as chosen-plaintext attack. It is an effective way to crack the cryptosystem so that the encryption results must be different when the plaintext have a little change on a pixel. NPCR (number of pixels change rate) and UACI (unified average changing intensity) are used to evaluate the cryptographic system's ability to resist differential attacks 19 . Mathematically, the computational formulas of the NPCR and UACI are defined as follow:  where M × N are the row and column of an image respectively. If c 1 (i, j) ≠ c 2 (i, j), then D(i, j) = 1, otherwise, D(i, j) = 0. Then, A matrix D is created. For an image, the ideal value of NPCR is 99.6094% and UACI is 33.4635% 24 .
In our experiments, one pixel is randomly selected to add 1 to generate new original image and encrypted again. The NPCR and UACI of different images are shown in Table 6. Obviously, our scheme achieves a satisfactory performance with NPCR is 99.6102% and UACI is 33.4336% which are close to the ideal values. Therefore, our encryption scheme is very sensitive to small changes in plaintext. Table 7 is the comparison with different schemes. It's indicated that our experimental results are similar to the results of other algorithms and the proposed scheme could effectively resist chosen plaintext attack. encryption time analysis. In this paper, the proposed algorithm is implemented using software Matlab 2016a. The operation system used is Windows 7 based on x64 processor, the central processing unit (CPU) applied is Core i5-5257 2.7 GHZ and the random-access memory (RAM) adopted is 8 GB. Table 8 shows encryption time for images of different sizes.

conclusion
Finally, A new MCML system is designed by applying several simple one-dimensional maps into CML model. Furthermore, the coupling method between adjacent lattices also has been changed. The analysis results of the bifurcation diagram, Lyapunov exponents and results of NIST test demonstrate that our proposed MCML spatiotemporal chaos owns more complex dynamic behavior so that it's more suitable for image encryption than one-dimensional or high-dimensional chaos. After, we adopt MCML system to encrypt image, combining novel strategies of key binding and distribution rules, the improved diffusion scheme and the Z-scan scrambling method. Several different types of analysis are being used, including key space analysis, sensitivity analysis, information entropy, statistical attacks, and differential attacks. Simulation results show that our scheme has excellent encryption performance.