Signal Processing: Image

Communication
Manuscript Draft

Manuscript Number: image4151

Title: A new color image encryption algorithm using one-time key and
fractional Fourier transform

Article Type: Full Length Article (FLA)

Keywords: color image encryption; chaotic map; one-time key; message-

digest algorithm 5; fractional Fourier transform.

Abstract: A novel chaotic color image encryption algorithm was proposed

due to the following three features: (1) large Number of Pixel Change
Rate (NPCR) and Unified Average Change Intensity (UACI); (2) robust to
errors and noise attacks; (3) high efficiency and ease of use.
Introducing a one-time key mechanism based on message-digest algorithm 5
(MD5) value of the input plain image, the algorithm is proved to be
robust, resisting differential attacks. Utilizing fractional Fourier
transform (FrFT), the proposed algorithm achieves high robustness to
pixel errors and noise attacks arising from the intrinsic feature of
FrFT. By scrambling the image data thoroughly and using software based on
digital discrete FrFT, the algorithm develops the complex data
manipulating potentials of FrFT efficiently, and keep the size of the
cipher image un-changed, thus eliminates the requirement on double
storage space to store complex values of cipher image. Experimental
results show that the proposed algorithm is efficient, effective, and
robust.
Manuscript

Image
Communication

Image Communication 00 (2016) 1–19

A new color image encryption algorithm using one-time key and

fractional Fourier transform

Zhenguo Gaoa,, Wei Zhanga , Danjie Chenb , Yunlong Zhaoc , Lihua Lianga
a College of Automation, Harbin Engineering University, Harbin 150001, China
b Collegeof Software, Beijing University of Technology, BeiJing 100024, China
c College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China

Abstract
A novel chaotic color image encryption algorithm was proposed due to the following three features: (1) large Number of Pixel
Change Rate (NPCR) and Unified Average Change Intensity (UACI); (2) robust to errors and noise attacks; (3) high efficiency and
ease of use. Introducing a one-time key mechanism based on message-digest algorithm 5 (MD5) value of the input plain image, the
algorithm is proved to be robust, resisting differential attacks. Utilizing fractional Fourier transform (FrFT), the proposed algorithm
achieves high robustness to pixel errors and noise attacks arising from the intrinsic feature of FrFT. By scrambling the image data
thoroughly and using software based on digital discrete FrFT, the algorithm develops the complex data manipulating potentials of
FrFT efficiently, and keep the size of the cipher image un-changed, thus eliminates the requirement on double storage space to store
complex values of cipher image. Experimental results show that the proposed algorithm is efficient, effective, and robust.

⃝
c 2015 Published by Elsevier Ltd.

Keywords: color image encryption, chaotic map, one-time key, message-digest algorithm 5, fractional Fourier transform

1. Introduction

Recently, there has been growing interest in image encryption. With the influx of sensitive information being
transmitted over the Internet at an increasing rate, like images, information security is becoming a serious concerns
[1]. However, because of the large quantity of data in images, image encryption should be with less complexity as
well as a satisfiable security level. Hence, traditional data encryption algorithms, such as Data Encryption Standard
(DES) and Advanced Encryption Standard (AES), are not suitable for image encryption.
By generating pseudo random sequences for facilitating the confusion and diffusion of pixel values in images,
chaotic maps provides an efficient and promising approach for image encryption [2]. Providing more information
than gray images, color images are more popular. As a consequence, color image encryption is increasingly attracting

∗ Correspondingauthor
Email address: mrhhzw@126.com/mrhhzw@gmail.com, phone:86-13115301684 (Zhenguo Gao)
1
 / Image Communication 00 (2016) 1–19 2

more research efforts in recent years [3–5, 7]. Based on the traditional approach of chaos-based image encryption,
the authors select chaotic maps in order to meet their particular requirements and adopt various detailed mechanisms
to propose enhanced algorithms. For example, in [3], the authors use the logistic map to produce several successive
sequences for scrambling rows as well as pixels in a row separately. A latter sequence is then used to alter color
channels of the image. The algorithm [4] divides the image into blocks and then using the 3-dimensional cat map
coupled with a zigzag scanning procedure to scrambling pixels. Then, a 1-dimensional chaotic skew tent map is used
in the diffusion operation. In the algorithm proposed in [5], the well known S-box function in DES is added to improve
security.
Above traditional pure (here ”pure” means not using mathematical or optical transformations) chaos-based algo-
rithms usually have relative lower NPCR and UACI performance, which imply that they are vulnerable to differential
attacks. Indeed, a method to break the algorithm in [3] has been proposed in [6]. An important approach to solve this
problem is using a one-time key mechanism which makes keys dependent on the input plain image. The algorithms
in [7, 8] follow this idea. In [8], Secure Hash Algorithm 3 (SHA-3) hash value of the plain image is used to generate
one-time keys. The algorithm proposed in [7] is a multiple-image encryption algorithm, where three images with the
same size are grouped into one virtual plain image and then encrypted normally into a virtual cipher image, which is
then divided into three parts and regarded as the corresponding cipher images. However, in encryption or decryption,
the corresponding multiple images should be at hand simultaneously, otherwise the encryption or decryption could
not be performed, even if all images except one are at hand. Therefore, such algorithms’ usability may be greatly
restricted by this stringent co-existing requirement.
The most important advantage of chaos-based algorithms is its ability to support perfect image recovery. However,
they are vulnerable to pixel errors. To be specific, one pixel error may lead to image decryption failure com-
pletely. This drawback results from its underlying operation principle, hence this problem can not be solved
unless incorporating other operation principles.
Along with the development of pure chaos based image encryption algorithms, some optical techniques have been
used for image encryption, such as fractional random transform [9], digital holography [10], Fresnel transform [13],
fractional Fourier transform [14–18], gyrator transform [19], and Hartley transform [22]. Many of these algorithms
are multiple-image encryption algorithms [9, 10, 13, 15, 19].
Compared with other transformations, fractional Fourier transform based algorithms usually achieve better diffu-
sion performance, leading to better security performance [14, 15]. The algorithm in [16] uses only the amplitude part
of complex data to convey image data to be encrypted, and two successive FrFT operations are performed in encryp-
tion. Ref. [14] extends the FrFT to a multiple fractional order version. However, these two algorithms were designed
for gray images. The algorithm in [17] operates on the hue-saturation-intensity (HSI) color model. In their algorithm,
the S channel is firstly transformed by a random-phase encoding based on FrFT to obtain a new random phase. This
random phase and the H channel are used as two phase plates to encode the I channel based on FrFT. A double-image
encryption algorithm was proposed in [18] based on iterative fractional Fourier transform, where two-coupled logistic
2
 / Image Communication 00 (2016) 1–19 3

maps are used to scramble pixels. However, by scrambling in units of rows and then in columns, the scrambling effect
is less effective. Then, two iterative FrFTs are performed on the first two channels and then followed by the third chan-
nel. The algorithm in [15] makes use of multi-channel FrFT and wavelet transform, but no scrambling operation is
performed to mix the channels. Compared with pure chaos-based algorithms, these optical algorithms are more robust
to pixel errors. However, limited by the underlying physical principles, these algorithms usually deal with color
channels in parallel instead of in thoroughly mixed mode. This fact renders the algorithms more vulnerable to
statistical attacks. Furthermore, these optical operations on real-valued plain images generate complex-valued
images, which require two times the amount of storage space to store. Additionally, optical algorithms require
optical platforms to work, which constrains their suitability in some application scenarios.
As a summary, although there have been quite a few color image encryption algorithms having specific advantages
in different aspects, no algorithms were found that jointly have the following advantages: (1) better NPCR and UACI
performance; (2) robust to pixel errors; (3)high efficiency and ease of use. In this paper, a new color image encryption
algorithm based on chaos is proposed that simultaneously has these three preferred features. (1) By introducing a
novel one-time key mechanism based on message-digest algorithm 5 value of input plain image, the algorithm is
sensitive to plain image variation and generally achieves ideal NPCR performance. Hence, it is powerful in resisting
differential attacks. (2) By utilizing FrFT, our algorithm achieves high robustness to pixel errors and noise attacks
resulted from the intrinsic feature of fractional Fourier transform. (3) By scrambling the image data thoroughly
and using software based digital discrete FrFT, the algorithm exploits the complex data manipulating ability of
FrFT efficiently and effectively, meanwhile keeping the size of the cipher image un-changed, thus eliminating the
requirement on double storage space to store complex valued cipher image. Featured by our one-time key mechanism
based on MD5 as well as FrFT, our algorithm is named as OMD5FrFT in this paper.
The core contribution of the paper is unifying the one-time key enhanced chaos-based approach and software-
based digital discrete optical technique based approach into one framework. Although this algorithm is expressed for
RGB color images here, indeed it is readily applicable or easily extendable for other color model images. Furthermore,
the underlying preliminary operations can be easily replaced with similar operations. For example, the MD5 algorithm
can be replaced with the Secure Hash Algorithm 3 (SHA-3) algorithm.
The remainder of this paper is organized as follows: Section 2 introduces the preliminary operations of our algo-
rithm. Section 3 describes firstly the encryption process of OMD5FrFT in detail, and then gives a rough description
of the decryption process. In Section 4, the effectiveness, efficiency, and main security performances of OMD5FrFT
are evaluated through numerical experiments. A conclusion remark is given in the final section.

2. Preliminary Operations

By combining some preliminary operations including the Kawakami map, a new one-time key mechanism based
on message-digest algorithm 5, image reshaping, global scrambling, complex operation, and fractional Fourier trans-

3
 / Image Communication 00 (2016) 1–19 4

form, our algorithm achieves improved security performance resulting from their particular advantages of the prelim-
inary operations.

2.1. Kawakami map

In the proposed algorithm, the Kawakami map [23] shown in Eq.(1) is used for generating the random sequences
used for scrambling the color channels of all the pixels in plain images.





 xn+1 = −axn + yn



(1)
 yn+1 = xn2 − b

The Kawakami map has two parameters a and b. Following a widely adopted choice in the literature, we set a=0.1
and b=1.6 here.
There are many chaotic maps that may take this position here [26]. The simulations show that they have similar
performance. The Kawakami map is used here for its simplicity and slightly better performance.

2.2. One-Time Key Mechanism based on Message-Digest Algorithm 5

Shannon proved that only the one-time key is theoretically unbreakable. The MD5, designed by Ron Rivest
in 1991, is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value. In the proposed
algorithm, a one-time key approach based on MD5 was developed. Use the MD5 algorithm to treat the plain image P
to obtain a 128-bit value MD5(P), and then obtain four values εi , i={1, 2, 3, 4}, which will be used in the encryption
process to alter other secret keys used in the proposed algorithm.
The four values εi , i={1, 2, 3, 4}, are obtained as follows. The 128 bits of MD5(P) are grouped into eight blocks
with 16-bit length. These blocks are denoted as di , i=1, 2, . . . , 8. Then, by treating the blocks as binary values, the
four values are created with the Eq.(2), where ”⊕” represents bit-wise XOR operation, ”⌊z⌋” is the maximum integer
not bigger than z. It is obvious that ε1 ∈[0, 1), ε2 ∈[0, 1), ε3 ∈[0, 1024), and ε4 ∈[0, 4).






 ε1 =(d1 ⊕d3 ⊕d5 )/216





 ε2 =(d2 ⊕d4 ⊕d6 )/216




(2)


 ε3 =⌊(d7 )/26 ⌋





 ε4 =(d8 )/214

2.3. Image Reshaping

For a RGB color image P with pixel size M×N, it is usually expressed as a nonnegative matrix with size M×N×3.
Denote the matrix as I and its elements as Ii, j,k . Ii, j,k is the value of the k-th color channel of the pixel at i-th row and
j-th column. The i-th color channel, i=1, 2, 3, corresponds to R, G, B color channel, respectively.

4
 / Image Communication 00 (2016) 1–19 5

Image reshaping operation reshapes the matrix I into a row vector Ivec =[I1,1,R , I1,1,G , I1,1,B , I1,2,R , . . . , I M,N,B ] with
length 3MN. The operation that converts the row vector Ivec back into the M×N×3-sized matrix I is called as in-
verse image reshaping operation. Use A and B to denote the image reshaping operation and its inverse operation,
respectively. Hence, Ivec =A(P) and P=B(Ivec ).

2.4. Global Scrambling

The global scrambling operation is used to re-order a given data sequence using a chaotic sequence. The data
sequence and the chaotic sequence should be of equal length.
Let d=[d1 , d2 , . . ., dL ] be the data sequence to be treated, and let u=[u1 , u2 , . . ., uL ] be the chaotic sequence gener-
ated by a chaotic map, e.g., the Kawakami map. The detailed operation process of global scrambling is as follows.
At first, we obtain a sorted sequence ū=[ū1 , ū2 , . . ., ūL ] by sorting the elements of u in ascending order. For each
element ui in the original sequence u, denote its order in the sorted sequence ū as ti , thus ui =ūti . Then, a new
sequence t=[t1 , t2 , . . ., tL ] can be obtained by collecting all ti s in the ascending order of i. At last, we obtain the
final scrambled data sequence d̄ by re-ordering the data sequence d according to the chaotic sequence t, so that
d̄=[d̄1 , d̄2 , . . . , d̄L ]=[dt1 , dt2 , . . . , dtL ].
The combined operation of obtaining the scrambled sequence d̄ from the given data sequence d using the chaotic
sequence u is defined as global scrambling operation. Denote the global scrambling operation using the chaotic
sequence u as Cu , thus d̄=Cu (d). Similarly, denote the inverse global scrambling operation using chaotic sequence u
as Du , thus d=Du ( d̄).

2.5. Complex Operation

The complex operation is used to construct a complex-valued output data sequence from a real-valued input data
sequence. The length of the output data sequence is half of that of the input data sequence. Hence, the length of the
input data sequence should be even. This assumption is usually true for image operation in real life.
Let d=[d1 , d2 , . . ., d2L ] be the input data sequence to be treated. We construct a L-length output data sequence
e=[e1 , e2 , . . ., eL ] as follows. At first, we partition the input data sequence d into two equal length sequences d1
and d2 , where d1 contains the first half of d, and d2 contains the last half. Then, assume that the maximum
element of d2 is dmax , we normalize sequence d2 by dividing its elements with dmax . We denote the obtained
normalized sequence as d3 . And then, we construct a complex value ei =d1 (i)ejπd3 (i) , using d1 (i) and d3 (i), which
are respectively the i-th element of d1 and d3 . Collecting all ei s, we finally obtain a complex-valued sequence
e=[e1 , e2 , . . . , eL ]=[d1 (1)ejπd3 (1) , d1 (2)ejπd3 (2) , . . ., d1 (L)ejπd3 (L) ].
The combined operation of obtaining the complex-valued sequence e from the real-valued input data sequence d
is defined as complex operation.
Since that the elements of d2 are to be used as phase components of complex values, to insure the validity of
inverse complex operation, using d3 (the normalized version of d2 ) instead of d2 directly is necessary. As a result, to
5
 / Image Communication 00 (2016) 1–19 6

enable successful decryption, dmax should be used as a dummy key for the inverse complex operation in decryption.
Hence, it should be included in the key set of our algorithm. However, different from other keys, dmax is only used
as a parameter for decryption, because that it is not suitable for providing security.
Denote the complex operation with key dmax as Edmax , thus e=Edmax (d). Similarly, denote the inverse complex
operation with key dmax as Fdmax , thus d=Fdmax (e).

2.6. Fractional Fourier Transform

The FrFT was introduced to the optical community by Ozaktas and Mendolovic in [24] as an extension to the
traditional Fourier transform (FT). Compared with traditional FT, an additional parameter α called as fractional order
is introduced in FrFT. For a one-dimensional function f (x), the mathematical definition of the FrFT transform with
fractional order α is defined as Eq.(3).

∫ +∞
Fα (u) =Fα [x] (u) = f (t)Kα (t, u) dt (3)
−∞

where Kα (t, u) is defined as Eq.(4).




 σ(α)e jπψ(t,u,α) , α , nπ





Kα (t, u)= 

 δ(t−u), α=2nπ (4)




 δ(t+u), α=(2n+1)π
√
In Eq.(4), ψ (t, u, α) represents ψ (t, u, α) =t2 cot α−2ut csc α+u2 cot α, σ (α) represents σ (α) = 1−j cot α(here j is
the imaginary unit), and δ(u) represents the delta function, where δ(u) equals 1 when u=0 and equals 0 otherwise.
When α=1, the FrRT is equivalent to the ordinary FT. When α=4, the FrFT result is equivalent to the original
function. FrRT is periodic in fractional order with period equals 4. Hence, α∈[0, 4) is used in our algorithm.
In the following text, we use symbol FrFTα to denote the FrFT operation with fractional order α. The inverse of
FrFTα is equal to FrFT−α , i.e., FrFT−α (FrFTα ( f (t)))= f (t).
In the proposed algorithm, instead of performing on the plain image directly, the FrFT operation is per-
formed on a vector obtained by reshaping the plain image, hence one dimensional FrFT is used. The FrFT
transformation is numerically implemented using the discrete FrFT algorithm described in [25].

3. Image Encryption and Decryption

3.1. Image Encryption Process

Following the traditional image encryption approach, the encryption process of our OMD5FrFT contains two
operation modes: confusion and diffusion. In the confusion mode, the Kawakami map is used for scrambling color
channels of all pixels of the plain image. In the diffusion mode, FrFT is used to achieve the robustness to pixel
errors and noise attacks. Furthermore, by combining the additional preliminary operations introduced in Section
6
 / Image Communication 00 (2016) 1–19 7

x

y
m MD5(P) x 
Chaotic
 ε1,ε2,ε3,ε4
y map y
x 
m
P
Plain Inverse Invese
Image IIR Global IGS Complex ICO IFrFT Global Cipher
image P complex IICO IGS2 image C
P reshaping scrambling operation FrFTa scrambling image
Operation reshaping
A Cx Edmax Cy C
Fdmax B

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9

Fig 1. The step-wise encryption process of OMD5FrFT

2, including one-time key mechanism based on message-digest algorithm 5, image reshaping, global scrambling,
and complex function operation, our algorithm achieves improved security performance resulting from the particular
advantages of the preliminary operations.
For a given color plain image P with pixel size M×N, we obtain MD5(P) using the MD5 algorithm. Then, we
randomly select proper values for x0′ ∈(0, 1), y′0 ∈(0, 1), m′ ∈[0, 1024), and α′0 ∈[0, 4). Here x0′ and y′0 are used to set the
initial iteration values of the chaotic map. m′ is used to determine the number of iteration rounds of the chaotic map to
be ignored. a′0 is used to set the fractional order of the FrFT operation. The values of x0′ , y′0 , m′ , α′0 , and MD5(P) make
up the key set of our algorithm for encrypting the plain image P. The step-wise encryption process of OMD5FrFT is
shown in Fig.1.
The steps are briefly explained as follows.

• Step 1. Obtain εi ,i={1, 2, 3, 4}, from plain image P as described in Section 2.2, then determine the plain image
dependent keys using Eq.(5). Obviously, x0 ∈[0, 1), y0 ∈[0, 1), m∈[0, 1024), α0 ∈[0, 4).






 x0 = (x0′ + ε1 )/2





 y0 = (y′0 + ε2 )/2




(5)


 m = ⌊(m′0 +ε3 )/2⌋





 α0 = (α′0 +ε4 )/2

• Step 2. Set the Kawakami map’s initial iteration values to x0 and y0 . Then, iterate the chaotic system for
m+3MN times. Thus, two chaotic sequences x̂=[x1 , x2 , . . . , xm+3MN ] and ŷ=[y1 , y2 , . . . , ym+3MN ] with length
m+3MN can be obtained. Discarding the first m elements of both x̂ and ŷ to avoid possible unwanted effects,
two remaining chaotic sequences with length 3MN are obtained, denoted respectively as x and y. The two
chaotic sequences will be used respectively in the global scrambling operations in Step 4 and Step 8.

• Step 3. Perform a image reshaping operation on plain image P to obtain a real-valued data sequence IIR =A x (P)
with length 3MN.
7
 / Image Communication 00 (2016) 1–19 8

• Step 4. Perform a global scrambling operation on IIR using the chaotic sequence x, and give rise to a real-valued
data sequence IGS =C x (IIR ) with length 3MN.

• Step 5. Perform a complex operation on IGS , a complex-valued data sequence ICO =E(IGS ) with length 3MN/2
is obtained.

• Step 6. Perform a FrFT operation on ICF using fractional order α=α0 , leading to a complex-valued data sequence
IFrFT = FrFTα0 (ICO ) with length 3MN/2.

• Step 7. Perform an inverse complex operation on IFrFT to obtain a real-valued data sequence IICO =F(IFrFT ) with
length 3MN.

• Step 8. Perform a global scrambling operation on IICO using the chaotic sequence y, then obtain a real-valued
data sequence IGS2 =C y (IICO ) with length 3MN.

• Step 9. Perform an inverse image reshaping operation on IGS2 , the final color cipher image C=B(IGS2 ) with
pixel size M×N can be obtained.

In summary, our color image encryption algorithm obtains the cipher image C from the plain image P following
Eq.(6). The key set of our algorithm is {x0′ , y′0 , m′ , α′0 , dmax , MD5(P)}.

C=B{C y {Fdmax {FrFTα0 [Edmax [C x (A(P))]]}}} (6)

Remarks: The FrFT operation in our algorithm on color channels are quite different from existing FrFT-based
algorithms, as listed below.

• Existing algorithms usually deal with color channels in parallel [14–17], whereas our algorithm mix all the
channels thoroughly before the FrFT operation.

• Existing algorithms use two-dimensional multiple successive FrFT operations [16, 17] or iterative FrFT opera-
tions [18], whereas our algorithm only requires a single one-dimensional FrFT operation.

• In existing algorithms, not all of the two components (amplitude and phase) of complex data are conveying
image data [14–18], whereas in our algorithm, both amplitude and phase components of complex data are
conveying image data.

• In existing algorithms, size of cipher image is two times that of the plain image [14–18], whereas in our algo-
rithm, cipher image and plain image have the same size.

8
 / Image Communication 00 (2016) 1–19 9

(a) (b) (c) (d)

(e) (f) (g) (h)

Fig 2. Color plain image, cipher image, and their color channel images. (a)plain image P; (b)red channel image of P; (c)green channel image of P;
(d)blue channel image of P;(e)cipher image C; (f)red channel image of C; (g)green channel image of C; (h)blue channel image of C.

3.2. Image Decryption Process

The decryption process of our algorithm is similar to the encryption process except that the operations are per-
formed in the reverse order. To be specific, the image decryption process of our algorithm obtains a decrypted image
P̄ from the cipher image C following Eq.(7) using the key set {x0′ , y′0 , m′ , α′0 , dmax , MD5(P)}.

P̄=B{D x {Fdmax {FrFT−α0 [Edmax [D y (A(C))]]}}} (7)

4. Experimental Results

A series of numerical experiments were performed on Matlab 8.0.1 to evaluate the validity, efficiency, and security
performance of the proposed algorithm.

4.1. Encryption Result

The widely used color Lena image with pixel size 256×256 is used as the plain image to test the effectiveness of
our algorithm. Encryption keys are set as x0′ =0.8927, y′0 =0.7035, m′ =300, α′0 =0.50. The plain image P and its color
channel images are shown in Fig.2 (a)-(d), whereas the corresponding cipher image C and its color channel images
are shown in Fig.2 (e)-(h). The results show that our algorithm effectively hides the information in the plain image,
and the three color channel images are similar.
9
 / Image Communication 00 (2016) 1–19 10

(a) (b) (c)

(d) (e) (f)

Fig 3. Key sensitivity test results. (a)decrypted image with correct keys; (b)decrypted image with xb0′ =x0′ +10−15 ; (c)decrypted image with
yb′0 =y′0 +10−15 ; (d)decrypted image with m̂′ =m′ +1; (e)decrypted image with αb′0 =α′0 +0.02; (f)decrypted image with MD5=MD5(P)+2
[ −128 .

4.2. Security Analysis

4.2.1. Key Sensitivity Analysis

Key sensitivity measures a variety of the decrypted results of a cipher image using slightly deviated values. For
image encryption algorithms with low key sensitivity, decryption results using wrong key values may still reveal some
information of the original plain image. Hence, algorithms with high key sensitivity are more preferred.
To qualitatively inspect the key sensitivity of the proposed algorithm, a range of tests were performed by decrypt-
ing the cipher image shown in Fig.2 (e) via different key sets. In the first test, all correct keys are used. Then, in
each further test, we let only one selected key takes a wrong value slightly deviated from its correct value, mean-
while all other keys take correct values. In the further tests, the keys in set {x0′ , y′0 , m′ , α′0 , MD5(P)} take wrong values
in turn. The decryption results are shown in Fig.3, where Fig.3 (a) corresponds to decryption result with all cor-
rect keys, and Fig.3 (b)-(f) correspond to wrong keys of xb0′ =x0′ +10−15 , yb′0 =y′0 +10−15 , m̂′ =m′ +1, αb′0 =α′0 +0.02, and
[
MD5=MD5(P)+2−128
, respectively.
The decrypted image in Fig.3 (a) is visually identical to the original plain image, implying that our algorithm can
encrypt and decrypt color images correctly. The decrypted images in Fig.3 (b)-(f) show no distinguishable hint of the
plain image, which imply that the proposed algorithm is highly sensitive to keys.
The results in Fig.3 only provides qualitative hints for the key sensitivity of our algorithm. Contrastively, the Mean

10
 / Image Communication 00 (2016) 1–19 11

Square Error (MSE) between plain image and its corresponding decrypted image provides a quantitative measure for
key sensitivity. The MSE between two color images I1 and I2 with pixel size M×N and 3 color channels is defined as
Eq.(8), which is extended for color images from Eq.(17) in [16].

∑
[I1 (i, j, k) − I2 (i, j, k)]2
i, j,k
MSE(I1 , I2 )= (8)
M×N×3
To quantitatively inspect the key sensitivity of our algorithm, MSE(P, P̄) was tested using Lena image P as the
plain image. Here P̄ represents the decrypted images obtained using keys with different slight deviations from the
correct keys. Tests for all keys were conducted. However, only the plot of MSE for α′0 is shown in Fig.4 because of
space limitation. The test results show that our algorithm is sensitive to keys x0′ and y′0 . A slight deviation 10−15 of
the two keys make the MSE increase sharply from 0 to about 7000. Compared with other keys, our algorithm is less
sensitive to key α′0 : the deviation of α′0 should be larger than 0.004. Since m′ is an integer, the deviation of m′ can
only be integers.

7,000
6,300
5,600
4,900
4200
MSE

3500
2800
2100
1400
700
0
0.4 0.45 0.5 0.55 0.6
fractional order α used for decryption (correct α=0.5)

Fig 4. MSE(P, P̄) VS. fractional order αb′0 used for decryption (correct α′0 =0.5).

For color images with 256 gray level, the MSE should fall in the range of [0, 2552 ]=[0, 65025]. However, it should
be noted that MSE does not improve with larger size. By averaging MSEs between the Lena image and 100 randomly
generated images, we found that the ideal MSE respect to the Lena image is about 9000. Hence, we assume that,
when MSE≤9000, the larger the MSE is, the better the algorithm is. Whereas when MSE>9000, the smaller the MSE
is, the better the algorithm is. we also found that, if P is the Lena image, maxP′ (P, P′ )=32539. This maximum value is
obtained at argmaxP′ (P, P′ )=P̃ where P̃(i, j, k)=P(i, j, k) if P(i, j, k)>127 otherwise P̃(i, j, k)=255−P(i, j, k). However,
P̃ and P are visually similar and thus not a good cipher for P.

11
 / Image Communication 00 (2016) 1–19 12

4.2.2. Signal to Noise Ratio Analysis

Signal to Noise Ratio (SNR) is widely used in the literature as a quantitative measure for evaluating algorithm’s
effectiveness. SNR is related to by different from MSE. SNR between two color images I1 and I2 with pixel size M×N
and 3 color channels are defined as Eq.(9), which is extended from color images from Eq.(18) in [16].

∑
i, j,k I1 (i, j, k)2
SNR(I1 , I2 )= ∑ (9)
i, j,k [I1 (i, j, k) − I2 (i, j, k)]2
In order to select a suitable chaotic map for the algorithm, we calculate SNRs for our algorithms respect to dif-
ferent chaotic maps. The typical maps selected for comparison are the Logistic map, the VanderPol oscillator, the
Kawakami map, and the Complex squaring map. They are typical maps representing sets of discrete one-dimensional
real maps, continuous one-dimensional real maps, discrete two-dimensional real maps, and discrete one-dimensional
complex maps, respectively. Interested readers can refer to [26] for the definitions of the chaotic maps. We calculated
c ) for key α=α0 +0.02 using the Lena image as P. Here SNR(P, C) represents
SNR(P, C), SNR(P, P̄), and SNR(P, P̄key
the SNR between P and its corresponding cipher image; SNR(P, P̄) represents the SNR between P and the corre-
sponding decrypted image using correct keys; SNR(P, P̄key
c ) represents the SNR between P and the corresponding
c but all other keys are correct. The collected results shown in Table
decrypted image using a wrong key with value key
1 are averaged over 10 trials. The cases when the denominator of SNR(P, P̄) is zero are omitted. The results show that
the Kawakami map has slightly better performance; hence it is used in the proposed algorithm.

Table 1. SNR values of tested chaotic maps.

Logistic map VanderPol oscillator Kawakami map Complex squaring map
SNR(P, C) 2.9253 3.0254 2.8457 3.2103
SNR(P, P̄) 3.78×108 3.63×108 3.91×108 3.58×108
SNR(P, P̄key
c) 3.1012 3.1133 2.8512 2.9567

To evaluate the effectiveness of our algorithm, we compared the SNR results of our algorithm with the algorithms
proposed in [8, 15, 17, 18, 22]. They are good representatives of existing related algorithms. The algorithm in [8] is
a latest pure chaos based algorithm without using mathematical transformation, and it adopts the one-time key idea.
The algorithm in [22] utilizes the hartley transform and the gyrator transform. The latter three algorithms use two-
dimensional FrFTs but in slightly different ways. In [17], the HSI color model is used and the three color channels are
conveyed in two complex data in FrFT domain. The algorithm in [18] scrambles the color channels, and then performs
two FrFTs on channel pairs of three reconstructed channels. However, the scrambling there is performed in units of
rows and then in columns. Hence, the scrambling effect there is not very effective. The algorithm in [15] makes use
of multi-channel FrFT and wavelet transform, but no scrambling operation is performed to mix the channels. Some
other FrFT based algorithms [14, 16] are not included since that they are only for gray images. This set of algorithms
{OMD5FrFT,Ref.[8],Ref.[22],Ref.[17],Ref.[18], Ref.[15]} will also be used in other comparative tests in the following

12
 / Image Communication 00 (2016) 1–19 13

text.
The comparative tests on SRN performances were performed respect to the key x0′ in our algorithm, which has
correspondents in other algorithms. Please note that better SNR performance corresponds to smaller SNR(P, C) and
SNR(P, P̄key
c ), meanwhile larger SNR(P, P̄). SNR(P, P̄) is not valid for [8] since that pure chaos based algorithm

usually achieves perfect decryption P=P̄ using correct keys, thus the denominator of SNR(P, P̄) is zero. The results
are shown in Table 2. It can be seen that: (1) the pure chaos based algorithm attains highly performance; (2) the
proposed algorithm achieves performance similar to the pure chaos based algorithm; (3) FrFT based algorithms in
[15], [17], and [18], generally perform better in turn. This trend may be a consequence of the joint effect of mixing
level of the scrambling operations as well as the FrFT iterations in the algorithms; (4) the two rounds of thoroughly-
mixing global scrambling operations help our algorithm outperform the other FrFT-based algorithms; (5) the hartley
transform and gyrator transform based algorithm generally performs worst.

Table 2. SNR values of tested algorithms.

OMD5FrFT Ref.[8] Ref.[22] Ref.[17] Ref.[18] Ref.[15]
SNR(P, C) 2.8321 2.6210 5.712 4.201 3.5723 4.829
SNR(P, P̄) 3.88×10 8
− 9.72×10 6
5.30×10 8
8.67×10 7
3.64×107
SNR(P, P̄key
c) 2.8542 2.7851 5.417 4.305 3.6112 4.730

4.2.3. Key Space Analysis

The key space should be large enough to render brute-force attacks infeasible. In our algorithm, the key set
includes the keys x0 , y0 , m, α0 , and MD5(P). If digital precision of the system is 10−15 , the size of the key space can
reach up to 2.9×10120 , which is quite bigger than 2128 , i.e., the widely adopted key space size with satisfiable security
performance respect to brute-force attacks. Therefore, the proposed algorithm is powerful in resisting brute-force
attacks.

4.2.4. Correlation Analysis

It is well known that adjacent pixels in plain images are highly correlated. In the literature, the correlation of
adjacent pixels in images is usually analyzed along three directions: diagonal, horizontal, and vertical. Among the
two typical diagonal directions, with degree 45 and degree -45 respectively, the one with degree 45 is usually used.
For gray images, the pixel correlation along one direction is usually tested as follow. Given a number L, randomly
select a set of L pixels. Denote the set of the selected pixels as X, and denote the set of pixels adjacent to the pixels in
set X along the intended direction as Y. Each pixel in X and its adjacent pixel in Y forms a pixel pair. Then, construct
a length-L vector x using the gray values of the pixels in X, and similarly construct a vector y based on set Y. Finally,
the correlation along the intended direction is calculated as Eq.(10), where D(x) and cov(x, y) are defined in Eq.(11).

13
 / Image Communication 00 (2016) 1–19 14

cov (x, y)
r xy = √ √ (10)
D (x) D (y)

∑
L ∑
L ∑
L
E(x)= L1 xi , D(x)= L1 (xi −E(x))2 , cov(x, y)= L1 [(xi − E(x))(yi − E(y))] (11)
i=1 i=1 i=1

For RGB color images, the three color channel images can be catenated along the row direction and thus obtain a
gray image with pixel size M×3N. Then, pixel correlations of the new gray image can be calculated following above
the process. The obtained results are regarded as pixel correlations of the original color image.
Using Lena image as input plain image and letting L=2000, we compared the pixel correlation performances of the
selected algorithms. The results are shown in Table 3. The algorithm generally achieves the lowest correlation values,
which may mainly be because the two rounds of global scrambling operation in the encryption process. Algorithms
with better scrambling operations and more operation iterations tend to have smaller pixel correlations.

Table 3. Pixel correlations of tested algorithms.

plain image OMD5FrFT Ref.[8] Ref.[22] Ref.[17] Ref.[18] Ref.[15]

Diagonal 0.9361 0.0065 0.0075 0.0252 0.0169 0.0126 0.0192

Horizontal 0.9652 0.0079 0.0072 0.0210 0.0138 0.0124 0.0181

Vertical 0.9407 0.0074 0.0083 0.0237 0.0122 0.0101 0.0171

4.2.5. Robustness Against Occlusion and Noise Attacks

Images are vulnerable to pixel errors, or even suffer active occlusion and/or noise attacks. Two tests were per-
formed to compare the robustness of our OMD5FrFT and the algorithms in [8, 15, 17, 18, 22] against occlusion and
noise attacks. In the first test, for cipher images of all tested algorithms, 20% of the pixels at the left top corner of the
images are set to zero. In the second test, the cipher images of the algorithms are all polluted by an additive Gaus-
sian noise with standard deviation 0.05. The modified cipher images are decrypted using corresponding algorithms
with correct keys. Part of the results are shown in Fig.5. The sub figures are labeled in the format of (char, num).
Here, char={a, b} related respectively to occlusion test and noise test; num=1 corresponds to modified cipher images
of OMD5FrFT(the cipher images of other algorithms are omitted for space limitation); num={2, 3, 4} correspond to
decrypted results of OMD5FrFT, Ref.[8], Ref.[18], respectively. Results of the four optical algorithms in Ref.[22],
Ref.[17], Ref.[18], Ref.[15]) are visually similar. For space limitation, the results corresponding to Ref.[18] are shown
in the figure whereas the results corresponding to other optical algorithms are omitted. The results indicate that, (1)
pure chaos based algorithm Ref.[8] is very weak in resisting pixel errors; (2) transformation based algorithms are
robust to occlusion and noise attacks; (3) the proposed algorithm performs better than other transformation based
algorithms, which may resulted from the more effective scrambling operation of our global scrambling operations.
14
 / Image Communication 00 (2016) 1–19 15

(a,1) (a,2) (a,3) (a,4)

(b,1) (b,2) (b,3) (b,4)

Fig 5. Results of robustness test against occlusion and noise attacks. The sub figures are indexed in the format of (char, num). Here, char={a, b}
respectively related to occlusion test and noise test; num=1 corresponds to attacked cipher images of OMD5FrFT(the cipher images of other
algorithms are omitted for space limitation); num={2, 3, 4} corresponds to OMD5FrFT, Ref.[8], and Ref.[18], respectively.

4.2.6. Robustness Against Differential Attack

Differential attack stands for cryptanalysis by analyzing the differences between cipher images corresponding
to some known or deliberately generated plain images. Two widely used performance metrics for evaluating the
performance of algorithms on resisting different attacks are NPCR and UACI.
NPCR and UACI are defined as Eq.(12) and Eq.(13), which are extended for color images from Eq.(36) and
Eq.(37) in [18], respectively.

∑
D(i, j, k)
i, j,k
NPCR= (12)
M×N×3

∑
i, j,k |C(i, j, k)−C ′ (i, j, k)|
UACI= (13)
M×N×3×255
In Eq.(12) and Eq.(13), M and N are respectively the width and height of the images in unit of pixel; C and C ′ are
the two cipher images corresponding to a plain image before and after the change of one pixel; The function D(i, j, k)
is defined as follows: for each (i, j, k), if C(i, j, k)=C ′ (i, j, k), then D(i, j, k)=0, otherwise D(i, j, k)=1.
To verify the robustness against differential attack, a comparative test was conducted using the Lena image P as
the plain image. We made a copy of the Lena image and altered the value of P(128, 128, 1) from 185 to 186. The plain
image and its altered one are encrypted using selected algorithms. Then, NPCR and UACI are calculated for cipher
15
 / Image Communication 00 (2016) 1–19 16

images were generated by the algorithms. To better reveal the effect of the one-time key mechanism, the algorithm in
[3], which is a pure chaos based algorithm but without the one-time key mechanism, is also tested. Compared with
[3], the main enhancement in [8] is the inclusion of a one-time key operation. Hence, the performance differences on
the two metrics NPCR and UACI between these two algorithms can be assumed to mainly come from the one-time
key mechanism.
The final results shown in Table 4 are the average of 10 trials. By using the one-time key mechanism, the pro-
posed algorithm generally has the best performance on NPCR and UACI. The relatively larger differences on UACI
metric provide a clearer view on the performance of the algorithms. By including one-time key mechanisms, the
proposed algorithm and that in [8] outperform other algorithms. The great differences on NPCR and UACI between
the algorithms in [8] and [3] confirm that one-time key mechanism is powerful for resisting differential attacks.

Table 4. NPCR and UACI of tested algorithms.

OMD5FrFT Ref.[8] Ref.[22] Ref.[17] Ref.[18] Ref.[15] Ref.[3]

NPCR 0.9961 0.9919 0.9622 0.9862 0.9885 0.9627 0.5202

UACI 0.3349 0.3334 0.1451 0.2125 0.2561 0.1567 0.1210

4.3. Runtime and Memory Occupation Test

Two metrics, runtime and memory occupation, are used to measure the efficiency of the algorithms from the
software perspective. The results are shown in Table 5. Our algorithm usually achieves smaller runtime and smaller
memory occupation than the other algorithms. Hence, the results indicate that our OMD5FrFT is efficient in this
perspective.

Table 5. Runtime and memory occupation of tested algorithms.

OMD5FrFT Ref.[14] Ref.[16] Ref.[3] Ref.[17] Ref.[18]

Runtime(s) 8.2290 23.7899 49.8310 17.3356 42.9673 29.7765

Memory occupation(Mb) 19.552 42.168 20.216 60.458 63.764 80.080

5. Conclusion

A novel color image encryption algorithm based on chaotic has been presented in this paper. Using FrFT and a
novel one-time key mechanism based on the MD5 hash value, an encryption strategy for color image has also been
developed. The proposed encryption scheme has certain advantages as follows.

• Introducing a novel one-time key mechanism based on the MD5 hash value of input plain image, the proposed
algorithm is robust in resisting differential attacks.
16
 / Image Communication 00 (2016) 1–19 17

• Utilizing FrFT, the proposed strategy achieves high robustness to pixel errors and noise attacks resulted from
the intrinsic feature of FrFT.

• Scrambling the image data thoroughly and using software based on digital discrete FrFT, the proposed scheme
exploits the complex data manipulating ability of FrFT efficiently.

Thus, the proposed algorithm achieves better NPCR and UACI, high efficiency as well as ease of use.
Although this algorithm is expressed for RGB color images here, indeed it is readily applicable or easily extendable
for other color model images. Furthermore, the underlying preliminary operations can be easily replaced with similar
operations. For example, the MD5 algorithm can be replaced with the Secure Hash Algorithm 3 (SHA-3) algorithm.

Acknowledgment

This work is supported by Natural Science Foundation of China(No.61073183); Fundamental Research Funds for
the Central Universities (No.HEUCFX41311).
We are sincerely grateful to Megan McKenney and JH Wang for their helpful discussions and for polishing the
manuscript in great patience, which have improved the quality of the manuscript considerably.

References

[1] Uhl A P. Image and video encryption from digital rights management to secured personal communication, Springer, NY, USA, 2004.
[2] Behnia S, Akhshani A, Mahmodi H. A novel algorithm for image encryption based on mixture of chaotic maps. Chaos, Solitons & Fractals,
2008, 35(2): 408-419.
[3] Wang X, Teng L, Qin X. A novel colour image encryption algorithm based on chaos. Signal Processing, 2012, 92(4): 1101-1108.
[4] Ghebleh M, Kanso A, Noura H. An image encryption scheme based on irregularly decimated chaotic maps. Signal Processing Image Com-
munication, 2014, 29: 618-627.
[5] Liu H, Kadir A, Niu Y. Chaos-based color image block encryption scheme using S-box. AEU-International Journal of Electronics and
Communications, 2014, 68(7): 676-686.
[6] Li C Q, Zhang L Y, Ou R, Wong K W, Shu S. Kwok-Wo Wong, Shi Shu. Breaking a novel color image encryption algorithm based on chaos.
Nonlinear Dynamics, 2012, 70(4): 2383-2388.
[7] Liu H, Wang X. Triple-image encryption scheme based on one-time key stream generated by chaos and plain images. Journal of Systems &
Software, 2013, 86(3): 826-834.
[8] Dong C. Color image encryption using one-time keys and coupled chaotic systems. Signal Processing Image Communication, 2014, 29(5):
628-640.
[9] Zhang Y, Xiao D. Double optical image encryption using discrete Chirikov standard map and chaos-based fractional random transform.
Optics & Lasers in Engineering, 2013, 51(4): 472-480.
[10] Shi X, Zhao D, Huang Y. Double images hiding by using joint transform correlator architecture adopting two-step phase-shifting digital
holography. Optics Communications, 2013, 297(12): 32-37.
[11] Alfalou A, Brosseau C. Implementing compression and encryption of phase-shifting digital holograms for three-dimensional object recon-
struction. Optics Communications, 2013: 67-72.
[12] Wang Q, Guo Q, Lei L. Single-beam image encryption using spatially separated ciphertexts based on interference principle in the Fresnel
domain. Optics Communications, 2014, 333: 151-158.
17
 / Image Communication 00 (2016) 1–19 18

[13] Wang Y, Quan C, Tay C J. Nonlinear multiple-image encryption based on mixture retrieval algorithm in Fresnel domain. Optics Communi-
cations, 2014, 330: 91-98.
[14] Ran Q, Zhao T, Yuan L. Vector power multiple-parameter fractional Fourier transform of image encryption algorithm. Optics & Lasers in
Engineering, 2014, 62(6): 80-86.
[15] Kong D, Shen X. Multiple-image encryption based on optical wavelet transform and multichannel fractional Fourier transform. Optics &
Laser Technology, 2014, 57(4): 343-349.
[16] Singh N, Sinha A. Optical image encryption using fractional Fourier transform and chaos. Optics & Lasers in Engineering, 2008, 46(2):
117-123.
[17] Zhou N R, Wang Y X, Gong L H, He H, Wu J H. Novel single-channel color image encryption algorithm based on chaos and fractional
Fourier transform. Optics Communications 2011, 284(12): 2789-2796.
[18] Sui L S, Gao B. Single-channel color image encryption based on iterative fractional Fourier transform and chaos. Optics & Laser Technology,
2013, 48: 117-127.
[19] Wang Q, Guo Q, Lei L. Multiple-image encryption system using cascaded phase mask encoding and a modified Gerchberg-Saxton algorithm
in gyrator domain. Optics Communications, 2014, 320(2): 12-21.
[20] Abuturab M R. Securing color information using Arnold transform in gyrator transform domain. Optics & Lasers in Engineering, 2012, 50:
772-779.
[21] Abuturab M R. Noise-free recovery of color information using a joint-extended gyrator transform correlator. Optics & Lasers in Engineering,
2013, 51: 230-239.
[22] Abuturab M R. Color image security system based on discrete Hartley transform in gyrator transform domain. Optics & Lasers in Engineering,
2013, 51(3): 317-324.
[23] Kawakami H, Kobayashi K. Computer experiments on chaotic solutions of x(t+2)−ax(t+1)−x2 (t)=b. Bulletin of the Faculty of Engineering,
Tokushima University. 1979.
[24] Mendlovic D, Ozaktas H M. Fractional fourier-fransforms and their optical implementation. Journal of the Optical Society of America A,
1993,10(9): 1875-1881.
[25] Pei S C, Yeh M H, Tseng C C. Discrete fractional Fourier-transform based on orthogonal projections. IEEE Transactions on Signal Processing,
1999, 47(5): 1335-1348.
[26] Wikipedia. List of chaotic maps. https://en.wikipedia.org/wiki/List of chaotic maps. [2015-08-15].

Zhenguo Gao, Ph.D. He is now a Professor in College of Automation, Harbin Engineering University, Harbin,
China. He had been a visiting scholar in University of Illinois at Urbana-Champaign and University of Michigan in
2010 and 2011. He is a senior member of China Computer Federation. He received National Science Foundation
Career Award of China in 2007 and Outstanding Junior Faculty Award of Harbin Engineering University in 2008.
He is serving as a reviewer for some refereed Journals including IEEE/ACM Transactions on Networking, IEEE
Transactions on Mobile Computing, Wireless Networks and Mobile Computing, Journal of Electronics, Journal of
Astronautics.
Wei Zhang, received the B.E.degree in control science and engineering from the school of Astronautics, Harbin
Institute of Technology (HIT), Harbin, China, in 2008 and the M.E. degree in control engineering from the school
of Automation, Harbin Engineering University (HEU), Harbin, China, in 2013. He is currently working toward the
Ph.D. degree at HIT, Harbin, China.His interests are image processing, automation control and power electronics for
renewable systems.

18
 / Image Communication 00 (2016) 1–19 19

Danjie Chen, is now a postgraduate student pursing for her Master degree in College of Software in Beijing
University of Technology. Her main research interests include cooperative communication, cognitive radio networks.
Yunlong Zhao, Ph.D. He is now a Professor in College of Computer Science and Technology, Harbin Engineering
University, Harbin, China. His main research interests include wireless communications, image processing.
Lihua Liang, Ph.D. He is now a Professor in College of Automation, Harbin Engineering University, Harbin,
China. His main research interests include signal processing, control methods.

19