STUDYING THE PROPERTIES OF PIXELS PERMUTATIONS BASED ON DISCRETIZED STANDARD MAP

In this article, we described specifics of pixels permutations based on the discretized, two-dimensional Chirikov standard map. Some properties of the discretized Chirikov map can be used by an attacker to recover the original images that are studied. For images with dimensions N  N the vulnerability of permutations allows for brute force attacks, and shown is the ability of an intruder to restore the original image without setting the value of keys permutations. Presented is also, successful cryptographic attack on the encrypted image through permutation of pixels. It is found that for images with dimension N  N the maximum number of combinations is equal to N. A modified Chirikov map was proposed with improved permutation properties, due to the use of two nonlinearities, that increase the keys space to N!.


Introduction
Over the last two decades the application of deterministic chaos for information security became an active field of research [2,6,8]. Among chaos-based cryptography algorithms, a significant part is designed for image encryption. The most commonly used design is cipher with two mean stages: pixels permutation and diffusion which can be repeated several times [5]. Permutations of pixels are needed to break relations between adjacent pixels and prevent correlation attacks. The goal of diffusion is to transform the uneven distribution of color pixels into uniform, thereby concealing the statistical properties of the original image. Typically for pixels permutations, used are discretized versions of Standard, Baker or Cat map [5] or their modifications. For the diffusion step typically is used PRNG based on one, two or multi-dimensional maps. Along with the new encryption algorithms based on deterministic chaos, the works dedicated to cryptanalysis have been presented [1,3,10,12]. In [10] was proposed one of the earliest chaotic image encryption algorithms which uses discretized version of Chirikov standard map for pixels permutations [4]. It was later shown in [9] that in this map, the first pixel does not change its position after any number of permutation cycles. To eliminate this vulnerability, it was suggested to use mechanism, which essence is to shift first pixel into any position in the image. Also, there were given [9] recommendations for minimum size images for encryption and minimum number of permutation cycles.
In this paper we focus on cryptographic security of pixels permutations based on the discretized two-dimensional Chirikov standard map considering its geometric properties. We explore the resistance of permutations to brute force attack and we find property that greatly reduces the key space of permutations compared to the known assessment of key space made in [9]. To eliminate the identified vulnerabilities, we propose to modify the discretized standard map by entering additional nonlinearity. Also, we estimate the key space of permutations for double-precision arithmetic and we show that the key space is very small compared to the theoretically possible maximum. Please note that we consider changes as only one stage of the chaotic algorithms.
In section 1 specifics of pixels permutations based on discretized standard map and power of key space are described. In section 2 shown is a cryptographic attack on the encrypted image by permutation of pixels and reduced key space.

Specifics of permutations based on discretized standard map
As noted above, in [5] was introduced discretized standard map for pixels permutations, that is given by the following iterative equations: Properties of the discretized map (1) are not as perfect as the original [3], but it can be implemented in the integer i x and i y values of intervals, which reduce the computational complexity and are more convenient to encryption data applications [5].
The procedure of one cycle of pixels permutation for bitmap with dimension N  N in RGB format is as follows:

Features of permutations
Any picture with dimension N  N has 21 N  diagonals (see Permutations based on discretized standard map have following properties: a) The first pixel in coordinates   0; 0 does not change its position at any number of permutation cycles, it can be used by cryptanalyst to crack the encrypted images [9]. When we use (1) and calculate that b) Each column after one cycle of permutation consists of two diagonals with numbers n and N + n, It is because the diagonal N consists of N elements. This property of the permutation is shown in Fig. 2b, where each column of the image after one permutation cycle contains pixels with two colors. Each square is a pixel in an image sized 1010 (see Fig. 2a). All pixels in the diagonal after the permutation will always be placed in one column. Consistently placed diagonal elements (see Fig. 2b) for which the original image: it means that after permutation, pixels coordinates which satisfy (2) are placed in one column consecutively, but are shifted in relation to the initial position, which depends on the parameters K and C 1 . c) Pixels for which coordinates the equation is true: (4) always after the permutation will be in the first column. By doing so, the coordinates of the rows will not change because of (1). Let's take into account (4) 2b). Each pixel diagonal can be uniquely identified by a column number that forms this diagonal. Using properties (2-4), a cryptanalyst can try to reproduce the original image by moving the pixels in columns to the place of pixels in diagonals.

Analysis of key space
The row number where a pixel may be moved after the permutation by ii x y N , 0 ii xy  depends on the value of the parameter K and term KC 1 in (3). Thus, for pixels that are in the first column, their position in the original image is uniquely known. Two consecutive columns contain the pixels of two neighboring diagonals. Therefore, there are possible only N variants to shift elements of the second column in relation to the first. Given the fact that the pixels of adjacent diagonals slightly differ among themselves, shift between them can be determined by the maximum of the correlation function.
Given the map properties (2) and (3), the number of combinations of a brute force attack that is needed to restore the original image after one permutation cycle equals to 1 N N  which is much less than 2 ! N as was considered in the evaluated key space for this map in [9,12].

Subkeys properties
Let's consider another property of the standard map (1) that can be used to break pixels permutations. Let's assume that: However, these properties of subkeys can be used by an attacker to select the most likely key at the beginning of attacks, and thus increase their chances of success. Reducing key space of (1) through dependence between the N and m according to (5) is shown in Table 1.

The effect of limiting precision of calculations
As it is known, a set of different states of chaotic system is defined by precision of calculations [9] and increases with increased precision. For permutations using (1), this effect is also true. We estimate the key space using system (1), provided that the parameter K is a positive integer. In calculations of double precision, the mantissa is 52 bits. The range of integers that can be accurately represented in the form of double precision is 1...2 53 [14]. Given the possible steps 2, the number of different positive integer values of K is 2 61.9 . In [9] it is recommended to use for permutations an image which size is of at least 128 N 

Cryptographic attack based on the correlation between adjacent pixels
Considering the facts that there are possible only N variants of shifting elements of the second column in relation to the first and that pixels in adjacent diagonals differ slightly from each other, we can find a shift between pixels of adjacent columns by the maximum of the correlation function.

Cryptographic attack based on the correlation between adjacent pixels
We organized our cryptographic attack on permutations based on (1) as follows: a) For two adjacent columns we calculated the value of crosscorrelation function: The algorithm has been tested on the image in Fig. 4.

Fig. 4. Original test image
After the first and second permutation cycles, the original image is successfully restored (see Fig. 5). However, there is a slight distortion. After three permutation cycles, the correlation between adjacent pixels is lost and the restoration of the original image by this method is impossible. Thus, considering the correlation, image properties can be broken by 2 cycles of permutations.

Modified standard map with a maximum key space for permutations
In order to get the maximum size of the key space of permutation for the system (1), it is necessary to introduce nonlinearity in the variable 1 i x  . Our proposed map in the discretized form is described by the following recurrent system of equations:  (10) is the need to have two sinus functions computed. Considering that value of trigonometric functions in digital means are calculated using the Taylor series of desired functions, the number of mathematical operations in system (1) is less complex in comparison to (10).
Let us consider the effectiveness of permutations based on (10). The encrypted image after one cycle of permutations is shown in Fig. 6. Fig. 6. Permutation of pixels of a test image using (10) In the encrypted image contours are not observed and pixels of different colors are uniformly distributed within its size. To evaluate the similarity of two images, we use the correlation coefficient [7]. Correlation coefficient close to zero means that two images are independent and use the map characterized by good mixing properties.
The calculation results for different number of permutation cycles using (1) and (10) are presented in the Table 2. Systems (1) and (10) are explored with the parameters K = K x = K y = 10000 For the original image (Fig. 4) the correlation coefficient between the adjacent pixels in columns and rows equals to 0.9759 and 0.9857 respectively. One cycle of permutations with a standard map does not lead to uniform dissemination of pixels (Fig. 5 a), because preserved was a strong correlation between pixels in columns.
From Tab. 2 it can be deduced that system (10) compared to (1) has better correlation properties. Efficiency of permutations with (1) and (10) is seen in Fig 7. a b c d e f Fig. 7. The relationship between the adjacent pixels: a; bin the horizontal and vertical for test image (Fig. 4); c; dafter one cycle of permutations using the map (1); e; fafter one cycle of permutations using the map (10) For one cycle permutations performed by system (1), pixels are grouped along the diagonal (see Fig. 7 c, d). After one cycle permutations (10), relationships between adjacent pixels in rows (Fig. 7 e) and columns (Fig. 7 f) have the form of a square, which means no statistical relationship between them.

Conclusion
We analyzed permutations of pixels based on discretized Chirikov standard map considering its geometric features. We discovered specific properties of a map that can be used by an attacker to recover the original image. It is shown that the permutations are much weaker before brute force attacks, and it is possible to recover the original image without setting the key value (key) permutations. For images with dimension N  N the number of combinations is 1 N N  for one permutation cycle instead of 2 ! N as was previously thought. In order to get the maximum size of key space of permutation for the discretized standard map, we proposed to introduce additional nonlinearity. Please note that the evaluation of key space of permutations is received on the condition that calculations are made with absolute precision.