Journal of Information Security and Applications 80 (2024) 103694

Contents lists available at ScienceDirect

Journal of Information Security and Applications

journal homepage: www.elsevier.com/locate/jisa

Cryptanalysis of cross-coupled chaotic maps multi-image encryption scheme

Laiphrakpam Dolendro Singh a , Rohit Thingbaijam a , Ripon Patgiri a , Khoirom Motilal Singh b ,∗
a
Department of Computer Science and Engineering, National Institute of Technology, Silchar, 788010, Assam, India
b
Department of Computer Science and Engineering, Indian Institute of Information Technology, Imphal, 795002, Manipur, India

ARTICLE INFO ABSTRACT

Keywords: Recently, Patro et al. proposed a multiple gray-scale image encryption scheme based on cross-coupled chaotic
Multiple image encryption maps. The authors claimed the scheme could withstand known plain-text attacks and chosen-plaintext attacks.
Cryptography In this paper, we have thoroughly analysed the Patro et al. algorithm and reported the crucial loopholes. Patro
Cryptanalysis
et al. algorithm uses a row-wise and column-wise scrambling operation based on a secret sequence followed
Cipher-text only attack
by a feed-forward XOR operation generating the cipher image. Exploiting the loopholes of feed-forward XOR
Chaotic system
operation and high correlation of pixels in standard images, a cryptanalysis algorithm is developed that
deciphers the ciphered images generated by Patro et al. algorithm based on cipher-text only attack. Without
using the secret keys, the proposed cryptanalysis algorithm successfully deciphers the cipher image and reveals
the secret images.

1. Introduction complete cipher image XOR operation. Since the cipher is made up of
feed-forward data as input, the whole image (scrambled image) except
Images are one of the most commonly transferred data in today’s for the first row and column can be recovered precisely without any
digital world. Some of these images related to military, medical, sci- key through the cipher-text-only attack. Since Patro et al. method [1]
entific studies, blueprints, etc., are confidential. These data need to uses row-wise and column-wise scrambling, it is possible to recover
be protected from unauthorized external advisory. These led to the back utilizing the property of high horizontal and vertical correlation
development of a cryptographic algorithm such that only the indented in the normal image. Using any random row/column of the scrambled
authorities can access these confidential data. Researchers have pro- image as the initial row/column, we search for that row(s)/column(s)
posed several cryptographic encryption schemes with high execution in the scrambled image whose pixel values are very close to the initial
speeds, low computing costs, and diverse structures. Many new encryp- row/column. We keep on iterating the search to recover the unscram-
tion schemes have been developed that use DNA encoding, wavelet bled image completely. The unscrambled image may not be precisely
transformation, chaotic maps, compression techniques, machine learn- row-wise or column-wise same as the original image. Still, the overall
ing algorithms, etc., to encrypt highly correlated data like images. information of the 𝑘 images can be obtained, and re-arrangement of
The encryption schemes on chaotic structures are commonly used the correlated row/column blocks can provide the best match for the
for their ergodicity, simplicity, and other advantages. Though many original image. A detailed explanation with pictorial representation of
new encryption techniques are developed, it turns out that not all of Patro et al. method [1] cryptanalysis is given in Section 5.
these encryption techniques can withstand cryptanalysis. Cryptanalysis
explores the design or mathematics weaknesses used in a cryptosystem,
2. Related works
thereby leaking partial or complete information about the confidential
data even if the secret key or keys involved are unknown.
In this paper, we examine Patro et al. method [1] and notice that Fridrich [2], pioneered the chaotic system as a cryptographic en-
their encryption method is insecure. In Patro et al. method [1], mul- cryption method. Several statistical tests are carried out to analyse the
tiple 𝑘 images are taken and scrambled along both rows and columns strength of a chaos-based cryptosystem. Preishuber et al. [3] expressed
separately using a permutation table generated using cross-coupled of that several security analyses on chaos-based cryptosystems need to be
PWLCM. An initial key sequence (key1 for row and key2 for column) is reconsidered. The statistical analyses on chaos-based image encryption
used to encrypt the first row/column of the scrambled image followed are usually a standard matrix demonstrating the computational and se-
by a feed-forward of the previous row/column output to generate the curity benefits. But several such chaos-based encryption schemes have

∗ Corresponding author.
E-mail address: [email protected] (K.M. Singh).

https://doi.org/10.1016/j.jisa.2023.103694

Available online 3 January 2024

2214-2126/© 2023 Elsevier Ltd. All rights reserved.
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

been identified, which were cryptanalysed through various identified cipher data. Aasawari and Laiphrakpam [22] introduced a 3D image
flaws. Regardless of these new encryption schemes, there is always encryption technique using 3D scrambling and a hyper-chaotic system.
a demand to enhance the flaws of the existing methods. As a result, The hyper-chaotic system is utilized for permutation and substitution
cryptanalysis attacks have become a serious threat to the cryptosystem operations in their approach, which combines n-images to produce a 3D
that has been developed without rigorous security analyses. image. The cryptographic SHA-512 and ECC point multiplication are
Moreover, algorithms’ security and structural issues are frequently used to construct the hyper-chaotic system’s initial parameters. Finally,
overlooked. For example, Feng et al. [4] perform the cryptanalysis the encrypted 3D picture is created by combining the scrambled 3D
of two image encryption methods [5] based on an integrated chaotic image with the chaotic 3D image using the XORed procedure. On the
system (ICS) using a chosen-plaintext attack. Furthermore, Feng et al. other hand, researchers have also developed measures to thwart cyber-
[4] pointed out the necessary improvements by identifying the issues in attacks, such as intrusion detection systems [23], which improve the
ICS. Also, chaotic systems are widely prevalent in the field of medical cryptosystem’s security. The main contributions of our work are as
image encryption. Hua et al. [6] proposed a medical image encryption follows:
method based on pixel adaptive diffusion and high-speed scrambling.
In their method, the plain image is surrounded by random pixels from 1. A technique to cryptanalyse and decipher the secret image in
the outside. But Chen et al. [7] cryptanalysed and improved the method Patro et al. encryption scheme without using the secret key is
in [6] by performing a chosen plain image attack. Similarly, the hybrid proposed.
image encryption method was also introduced by Wu et al. [8]. The 2. The method proposed by Patro et al. is cryptanalysed using
proposed approach combined the Henon map with the Sinemap to cipher-text only attack.
generate a new 2D map that improved image permutation and diffusion 3. A novel technique of generating the unscrambled image from the
efficiency, which was then coupled with DNA encoding. Yet, Chen et al. scrambled image without the information of the secret sequence
[9] cryptanalysed [8] by performing a chosen-plaintext attack. Another is proposed.
chosen-plaintext attack was proposed by Liu et al. [10] to break the
security and enhanced the method in [11]. The scheme in [11] used The rest of the paper is organized as follows. Section 3 presents
a 1-D chaotic coupled Sine map for the scrambling and encryption Patro’s et al. [1] multiple-image encryption using cross-coupled chaotic
processes, and a dynamic scrambling process based on the size of blocks maps. Section 4 explains the hypothesis and limitations of the proposed
was also introduced. Utilizing two known 1-D chaotic maps, Pak and cryptanalysis algorithm. Section 5 explains the detailed cryptanalysis
Huang [12] proposed chaotic image encryption based on confusion of Ref. [1]. Section 6 presents the experimental results and discussion
and diffusion linear transformation. Their method is more efficient followed by a conclusion in Section 7.
and has better security than the previous chaotic maps. However,
3. Patro’s et al. multiple-image encryption scheme [1]
Wang et al. [13] cryptanalysed it using the algebraic weakness and
proved that the method in [12] is at risk of a chosen-plaintext attack.
A brief description of Patro’s et al. encryption scheme [1] is speci-
Moreover, their analysis of the flaws in [12] further improves the
fied in this section.
algorithm’s security. Later, Huang et al. [14] still breaks the method
in [13] by using a collision-based inference algorithm. In their method
3.1. Key generation
in [13] it was further improved by adopting a cryptographic hash
function to generate a new private parameter and claimed to resist the
The keys (initial parameters for two PWLCM systems) used in
chosen-plaintext attacks. Though a chaos-based system is suitable for
Patro’s et al. encryption scheme is derived from the hash value ob-
encryption operation, many authors [15–17] have crypt-analysed the
tained using SHA-256 on the combined multiple 𝑘 input images. The
cryptosystem with attacks such as chosen-plaintext attack or finding a
256-bits hash value (ℎ𝑣1 , ℎ𝑣2 , … , ℎ𝑣256 ) from 𝑆𝐻𝐴 − 256 is converted
loophole in the key generation process.
into 64-hexadecimal (ℎ𝑑1 , ℎ𝑑2 , … .., ℎ𝑑64 ) and the keys are generated
Researchers progressed from a single-image encryption scheme to
using Eq. (1).
multiple-image encryption to meet the demands of the big data era.
Zhang and Wang [18] proposed multiple-image encryption using DNA ⎧
encoding and a chaotic system. In their method, the big 2D image ⎪𝑥(1) = 𝑥𝑚 − 𝛼1 − ⌈𝛼1 ⌉ × 0.01
⎪ 𝑢𝑥 = 𝑥𝑥1 − 𝛼2 − ⌈𝛼2 ⌉ × 0.01
is generated by combining multiple 2D images, and DNA encoding ⎨ 𝑦(1) = 𝑦𝑚 − 𝛽 − ⌈𝛽 ⌉ × 0.01 (1)
was performed. After pixel shuffling with the PWLCM and DNA de- ⎪ 1 1
⎪ 𝑦𝑥 = 𝑦𝑥1 − 𝛽2 − ⌈𝛽2 ⌉ × 0.01
coding, the bigger 2D is further decomposed into 𝑘 encrypted images. ⎩
Another cross-coupled multiple-image encryption method Piece-wise where,
Linear Chaotic Maps (PWLCM) was proposed by Patro’s et al. [1]. In 𝑥𝑚 = 0.25686446985353 and 𝑥𝑥1 = 0.35488659076447
their method, k-images were taken to form a bigger 2D image. The 𝑦𝑚 = 0.26457834689785 and 𝑦𝑥1 = 0.36789543267894
bigger image undergoes a row-wise and column-wise permutation to 𝛼1 = (ℎ𝑑1 + ℎ𝑑2 + ⋯ + ℎ𝑑16 ) × 10−15 ,
generate a scrambled image using two chaos sequences generated from 𝛼2 = (ℎ𝑑17 + ℎ𝑑18 + ⋯ + ℎ𝑑32 ) × 10−15 ,
PWLCM. The initial parameters of the chaotic system are generated 𝛽1 = (ℎ𝑑33 + ℎ𝑑34 + ⋯ + ℎ𝑑48 ) × 10−15 ,
using the cryptographic SHA-256. Zhang and Zhang [19] proposed a 𝛽2 = (ℎ𝑑49 + ℎ𝑑50 + ⋯ + ℎ𝑑64 ) × 10−15 .
multiple-image encryption algorithm based on bit planes and a chaotic
system. The 5th to 8th bit planes of every image are scrambled using 3.2. Patro’s et al. cross-coupled PWLCM
Chen’s chaotic system and 2D Logistic map. The remaining 1st to 4th bit
planes are randomly combined with the scrambled bit planes. Finally, Patro’s et al. encryption/decryption scheme uses two PWLCM in a
an XOR operation is conducted between the scrambled images and the cross-coupled manner, as shown in Fig. 1.
chaotic image to obtain the cipher image. The output of PWLCM system-1 is utilized as an input for PWLCM
Public-key cryptosystems like Elliptic curve cryptography (ECC) system-2, and the output of PWLCM system-2 is utilized as an input for
are also used along with the chaotic system to provide better se- PWLCM system-1. The mathematical expression for the PWLCM system
curity. Banik et al. [20] based on the enhanced ElGamal cryptosys- used in Patro’s et al. scheme is described as follows:
tem [21], presented a 3D image encryption method and Mersenne
⎧ 𝜎𝑛
0 ≤ 𝜎𝑛 < 𝑎
Twister’s chaotic system. In their method, a single 3D image is gen- ⎪ 𝑎
𝜎𝑛 −𝑎
erated by combining several 2D medical images and performing en- 𝜎𝑛+1 = 𝑓 (𝜎𝑛 , 𝑎) = ⎨ 0.5−𝑎
𝑎 ≤ 𝜎𝑛 < 0.5 (2)
cryption. Their method provides faster execution speed and smaller ⎪𝑓 (1 − 𝜎 , 𝑎) 0.5 ≤ 𝜎𝑛 < 1
⎩ 𝑛

2
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

Fig. 1. Patro’s et al. cross-coupling of PWLCM.

Fig. 2. The flow chart of the Patro’s et al. encryption scheme [1].

where 𝜎0 ∈ (0,1) is the initial value and the control parameter 𝑎 ∈ 3. Using 𝑃𝑥 , the rows in the input image 𝐼 are scrambled.
(0, 0.5). 4. Using 𝑃𝑦 , the columns in the output of Step[3] are scrambled,
resulting in row-wise and column-wise scrambled image 𝐼𝑠𝑐𝑚 .
3.3. Encryption method

The schematic structure of Patro’s et al. encryption method is shown

3.3.2. Enciphering
in Fig. 2.
The input image 𝐼(𝑀1 × 𝑁1 ) is formed by combining 𝑘 gray-scale In order to get the cipher image from the scrambled image 𝐼𝑠𝑐𝑚 , the
images of the same size where 𝑘 is a perfect square. The cipher image following steps are performed:
in Patro’s et al. encryption method is obtained after a scrambling
operation and enciphering using XOR operation. 1. Chaotic sequence 𝑥1𝑖 and 𝑦1𝑖 are generated as:
𝑥1𝑖 = 𝑅𝑜𝑢𝑛𝑑(𝑥𝑖 × 106 ) mod 256
3.3.1. Scrambling 𝑦1𝑖 = 𝑅𝑜𝑢𝑛𝑑(𝑦𝑖 × 106 ) mod 256
In order to get the scrambled image from the input image 𝐼, the where, 1 ≤ 𝑖 ≤ 𝑚𝑎𝑥
following steps are performed: 2. Using 𝑥1𝑖 , the first row of the scrambled image 𝐼𝑠𝑐𝑚 is XORed.
This output is used to XOR the next row. Overall, the previous
1. Using the initial parameters, the cross couple PWLCM is exe-
output is XORed with the next row till all rows in the scrambled
cuted for 𝑚𝑎𝑥 = 𝑀𝑎𝑥(𝑀1 , 𝑁1) iteration where 𝑀𝑎𝑥() selects
image 𝐼𝑠𝑐𝑚 are exhausted.
the maximum between 𝑀1 or 𝑁1. The iteration generates two
sequences: 3. Using 𝑦1𝑖 , the first column of the output from Step[2] is XORed.
𝑥𝑖 = 𝑥1 , 𝑥2 , 𝑥3 , … , 𝑥𝑚𝑎𝑥 This output is used to XOR the next column. Overall, the previ-
𝑦𝑖 = 𝑦1 , 𝑦2 , 𝑦3 , … , 𝑦𝑚𝑎𝑥 ous output is XORed with the next column till all columns are
2. The sequence in 𝑥𝑖 and 𝑦𝑖 are sorted and their positions are used exhausted. The resulting image is the cipher image in Patro’s
to generate the permutation table 𝑃𝑥 and 𝑃𝑦 . et al. encryption scheme.

3
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

Fig. 3. Illustration of loophole in Patro’s et al. sample encryption method using an input image of 8 × 8.

4. Hypothesis and limitations of the proposed cryptanalysis algo- The limitation of the proposed cryptanalysis algorithm is that the
rithm exact order of the row and column of the plain image may not be
achieved; however, the general information of the plain images can
Based on Kerckhoffs’s principle, an encryption algorithm is known be obtained as shown in Fig. 7. It is an expected output as the secret
to all except for the secret key or keys used. To cryptanalyse Patro’s sequence is not known and the unscrambling is performed based on the
et al. encryption scheme and reproduce the plain image from the cipher
concept of high correlation in normal plain images.
image, we consider that the algorithm is known to all except for the
secret keys used. Generation of the cipher image using Patro’s et al.
encryption scheme involves a row-wise and column-wise scrambling
5. Cryptanalysis of Patro’s et al. algorithm
operation using a secret sequence followed by a feed-forward XOR
operation using an initial key sequence. As feed-forward XOR operation
is used, the exact scrambled image can be obtained without using Patro’s et al. [1] achieved the scrambled-encrypted image by con-
the initial key sequence except for the first row and first column ducting row-wise and column-wise scrambling operations, then XOR
XORed with the initial key sequence. The unscrambled operation is operation with the chaotic sequence created by the cross-coupled
performed without using the secret sequence, considering that normal
PWLCM. The scrambled image is formed using the permutation table
plain images are highly correlated. The hypothesis formulated after a
𝑃𝑥 and 𝑃𝑦 generated using 𝑥𝑖 and 𝑦𝑖 . The scrambled image is encrypted
thorough analysis of the Patro’s et al. encryption scheme is ‘‘If C is the
cipher image obtained after applying encryption algorithm on a plain using the Key sequence 𝑥1𝑖 and 𝑦1𝑖. The first row and the first column
image P using Patro’s et al. encryption scheme, then the plain image are XORed with 𝑥1𝑖 and 𝑦1𝑖, respectively. The XOR output of the
information can be retrieved without using the secret keys’’. Algorithms previous row/column is used to encrypt the next row/column, which
and experimental results are shown in Sections 5 and 6 to ascertain the leads to a loophole. An adversary can reverse the same row/column
hypothesis we claimed. except for the first row/column, which is XORed with 𝑥1𝑖 and 𝑦1𝑖.

4
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

5.1. Decrypting Patro’s et al. sample encryption method using cipher-text Fig. 4, shows the graphical concept of the unscrambling technique.
only attack Here, 𝑐1 , 𝑐2 , … , 𝑐𝑁 are the columns and 𝑟1 , 𝑟2 , … , 𝑟𝑁 are the rows. For
column unscrambling, a random column 𝑐𝑜𝑙1 = 𝑐𝑖 ∈ 𝑐1 , 𝑐2 , … , 𝑐𝑁 is
The loophole in Patro’s et al. method [1] is illustrated in Fig. 3. selected. 𝑐𝑜𝑙2 is determine by finding the highest correlated column
Here, a square matrix 8 × 8 is taken with each element representing between 𝑐𝑜𝑙1 and 𝑐𝑖 where 𝑐𝑖 ≠ {𝑐𝑜𝑙1 }. Similarly, 𝑐𝑜𝑙3 is determined by
the pixel values of an image. Key1 (𝑥𝑖 ) and Key2 (𝑦𝑖 ) are the two finding the highest correlated column between 𝑐𝑜𝑙2 and 𝑐𝑖 ≠ {𝑐𝑜𝑙1 , 𝑐𝑜𝑙2 }.
keys used to generate the cipher image. The first row 𝑟1 is XORed The process continues till all the 𝑐𝑖 are exhausted. The same technique
with 𝑥𝑖 key giving the first row output 𝑟𝑜1 . The second row 𝑟2 is is applied for row unscrambling.
XORed with previous output 𝑟𝑜1 giving the second row output 𝑟𝑜2 . The algorithm of the proposed unscrambling operation on the inter-
This procedure is carried out with all the remaining rows to get a row mediate crypt-analysed image is given in Algorithm 2.
XORed cipher of size 8 × 8. Now, the row XORed cipher acts as the
input, and the first column of the row XORed cipher is XORed with
Algorithm 2: Row-wise column-wise Unscrambling of Patro’s et
the 𝑦𝑖 key. The resultant is again XORed with the second column of
al. encryption scheme.
the row XORed cipher. This procedure is also carried out with all the
Input: INTERMEDIATE CRYPT-ANALYSED IMAGE, image size
remaining columns to get the final cipher of size 8 × 8. However, the
𝑚−1×𝑛−1
above procedure can be reversed as shown in Fig. 3. Output: FINAL UNSCRAMBLED IMAGE
When the XOR operation is performed between the 8th and 7th col- 1 𝐴𝐿𝐿𝐶𝑂𝐿 = {}
umn of the cipher image, it outputs the 8th column of the row XORed 2 THRESHOLD = 8 (*An arbitrary small integer value can be taken, but
cipher. Similarly, when the XOR operation is performed between the ≠ 0*)
7th and 6th column, it outputs the 7th column of the row XORed cipher. 3 𝐼𝑁𝑇𝐶𝐼 =INTERMEDIATE CRYPT-ANALYSED IMAGE
In this way, the 8 × 7 row XORed cipher image can be extracted except 4 𝑃 𝐴𝑅𝐸𝑁𝑇𝐶𝑂𝐿 = Select any random column from 𝐼𝑁𝑇𝐶𝐼
for the 1st column. When the 8 × 7 Row XORed cipher image is taken 5 𝐶𝑂𝐿𝑆𝐸𝑇 = 𝐼𝑁𝑇𝐶𝐼 − 𝑃 𝐴𝑅𝐸𝑁𝑇𝐶𝑂𝐿
6 for i ←1 to n - 2 do
as input and XOR operation is performed between the 8th and 7th row,
7 𝐶𝑂𝐿𝐷𝐼𝐹 𝐹 [𝑖] = Pixel wise |𝑃 𝐴𝑅𝐸𝑁𝑇𝐶𝑂𝐿 − 𝐶𝑂𝐿𝑆𝐸𝑇 [𝑖]|
it outputs the 8th row of the original image. Similarly, when the XOR
8 𝐶𝑂𝑈 𝑁𝑇 [𝑖] = Count(𝐶𝑂𝐿𝐷𝐼𝐹 𝐹 [𝑖] ≤ THRESHOLD)
operation is performed between the 7th and 6th row, it outputs the 7th 9 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 [𝑖] = MAX(𝐶𝑂𝑈 𝑁𝑇 [𝑖])
row of the original image. Finally, the 7 × 7 exact original data can 10 if 𝑁𝑜.𝑜𝑓 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 == 1 then
be extracted without using the two keys 𝑥𝑖 and 𝑦𝑖 . The algorithm of 11 update 𝑃 𝐴𝑅𝐸𝑁𝑇𝐶𝑂𝐿 = 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 [1]
the proposed cryptanalysis which is used to generate the intermediate 12 update 𝐶𝑂𝐿𝑆𝐸𝑇 = 𝐶𝑂𝐿𝑆𝐸𝑇 − 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 [1]
cryptanalyzed image from the cipher image is given in algorithm 1. 13 if 𝑁𝑜.𝑜𝑓 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 > 1 then
14 update 𝑃 𝐴𝑅𝐸𝑁𝑇𝐶𝑂𝐿 = 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 [𝑙𝑎𝑠𝑡]
Algorithm 1: Deciphering Patro’s et al. encryption scheme using 15 update 𝐶𝑂𝐿𝑆𝐸𝑇 = 𝐶𝑂𝐿𝑆𝐸𝑇 − 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 [𝑖]
cipher-text only attack 16 𝐴𝐿𝐿𝐶𝑂𝐿 = AppendTo[𝐴𝐿𝐿𝐶𝑂𝐿 , 𝐶𝐻𝐼𝐿𝐷𝐶𝑂𝐿 [𝑖]]
Input: CIPHER IMAGE, image size 𝑚 × 𝑛 17 𝐶𝑂𝐿𝐷𝐸−𝑆𝐶𝑅𝐴𝑀𝐵𝐿𝐸𝐷−𝐼𝑀𝐴𝐺𝐸 = 𝐼𝑚𝑎𝑔𝑒𝐴𝑠𝑠𝑒𝑚𝑏𝑙𝑒[𝐴𝐿𝐿𝐶𝑂𝐿 ]
Output: INTERMEDIATE CRYPT-ANALYSED IMAGE, image size 18 𝐴𝐿𝐿𝑅𝑂𝑊 = {}
𝑚−1×𝑛−1 19 𝑃 𝐴𝑅𝐸𝑁𝑇𝑅𝑂𝑊 = Select any random row from
1 COL[i] = COLUMN-WISE PARTITION(CIPHER IMAGE) 𝐶𝑂𝐿𝐷𝐸−𝑆𝐶𝑅𝐴𝑀𝐵𝐿𝐸𝐷−𝐼𝑀𝐴𝐺𝐸
2 for i ← 1 to n-1 do 20 𝑅𝑂𝑊𝑆𝐸𝑇 = 𝐶𝑂𝐿𝐷𝐸−𝑆𝐶𝑅𝐴𝑀𝐵𝐿𝐸𝐷−𝐼𝑀𝐴𝐺𝐸 - 𝑃 𝐴𝑅𝐸𝑁𝑇𝑅𝑂𝑊
3 𝑁𝐸𝑊𝐶𝑂𝐿 [𝑖] = COL[i] ⊕ COL[i+1] 21 for i ←1 to m - 2 do
4 i++ 22 𝑅𝑂𝑊𝐷𝐼𝐹 𝐹 [𝑖] = Pixel wise |𝑃 𝐴𝑅𝐸𝑁𝑇𝑅𝑂𝑊 − 𝑅𝑂𝑊𝑆𝐸𝑇 [𝑖]|
5 OR 23 COUNT[i] = Count(𝑅𝑂𝑊𝐷𝐼𝐹 𝐹 [𝑖] ≤ THRESHOLD)
6 for i ← n to 2 do 24 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 [𝑖] = MAX(COUNT[i])
7 𝑁𝐸𝑊𝐶𝑂𝐿 [𝑖] = COL[i] ⊕ COL[i-1] 25 if 𝑁𝑜.𝑜𝑓 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 == 1 then
8 i-- 26 update 𝑃 𝐴𝑅𝐸𝑁𝑇𝑅𝑂𝑊 = 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 [1]
27 update 𝑅𝑂𝑊𝑆𝐸𝑇 = 𝑅𝑂𝑊𝑆𝐸𝑇 − 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 [1]
9 𝑅𝐸𝑉𝐶𝑂𝐿 =ImageAssemble(𝑁𝐸𝑊𝐶𝑂𝐿 [𝑖])
10 ROW[i] = ROW-WISE PARTITION(𝑅𝐸𝑉𝐶𝑂𝐿 ) 28 if 𝑁𝑜.𝑜𝑓 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 > 1 then
11 for i ← 1 to m-1 do 29 update 𝑃 𝐴𝑅𝐸𝑁𝑇𝑅𝑂𝑊 = 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 [𝑙𝑎𝑠𝑡]
12 𝑁𝐸𝑊𝑅𝑂𝑊 [𝑖] = ROW[i] ⊕ ROW[i+1] 30 update 𝑅𝑂𝑊𝑆𝐸𝑇 = 𝑅𝑂𝑊𝑆𝐸𝑇 − 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 [𝑖]
13 i++ 31 𝐴𝐿𝐿𝑅𝑂𝑊 = AppendTo[𝐴𝐿𝐿𝑅𝑂𝑊 , 𝐶𝐻𝐼𝐿𝐷𝑅𝑂𝑊 [𝑖]]
14 OR 32 𝑅𝑂𝑊𝐷𝐸−𝑆𝐶𝑅𝐴𝑀𝐵𝐿𝐸𝐷−𝐼𝑀𝐴𝐺𝐸 = ImageAssemble[𝐴𝐿𝐿𝑅𝑂𝑊 ]
15 for i ← m to 2 do 33 where 𝑅𝑂𝑊𝐷𝐸−𝑆𝐶𝑅𝐴𝑀𝐵𝐿𝐸𝐷−𝐼𝑀𝐴𝐺𝐸 is the FINAL UNSCRAMBLED
16 𝑁𝐸𝑊𝑅𝑂𝑊 [𝑖] = ROW[i] ⊕ ROW[i-1] IMAGE
17 i--
18 𝑅𝐸𝑉𝑅𝑂𝑊 =ImageAssemble(𝑁𝐸𝑊𝑅𝑂𝑊 [𝑖])
A random column (parent) is selected, and the closest possible
19 where 𝑅𝐸𝑉𝑅𝑂𝑊 is the INTERMEDIATE CRYPT-ANALYSED IMAGE
with image size 𝑚 − 1 × 𝑛 − 1
column (child) out of all the columns is selected. The closest column
(child) is determined by finding the absolute difference between the
chosen column (parent) and the remaining columns. The one that gives
5.2. Unscrambling Patro’s et al. method without using the keys the least pixels-wise absolute difference concerning all the columns is
selected and appended to the first random column (parent) we chose.
Once the reverse XOR operation is done, the remaining task is to In the next iteration, the latest added column will act as a parent. The
unscramble so that the original images are revealed. We have already next closest column (child) is searched by finding the least pixels-wise
got all the exact pixels but are scrambled along the columns and rows. absolute difference between the parent and the rest of the columns.
The property of high correlation along the horizontal and vertical direc- If there is more than one closest column (child), we append them all
tions in normal images is used to generate back the unscrambled image. to the latest parent and the last appended column (child) serves as
Out of the scrambled image, we start with a random row/column, and a parent for the next iteration. The iteration is performed for all the
we search for highly correlated row(s)/column(s) and cluster them up. columns to get the column unscrambled image.

5
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

Fig. 4. COLUMN unscrambled and ROW unscrambled operation.

For the row unscrambling operation, the column unscrambled im- W-2133 CPU @ 3.60 GHz 32 Gb RAM. The images were taken from the
age is taken as input. A random row (parent) is selected, and the USC-SIPI database [24]. The total key space of Patro’s et al. encryption
closest possible row(child) out of all the rows is selected. Using a scheme is 1.2446 × 2327 . Some of the sample multiple images, encrypted
similar operation performed for column unscrambled, the rows are also images using Patro’s et al. technique and the cryptanalysed multiple
unscrambled. images using cipher-text only attacks are shown in Fig. 6. Figs. 6(a),
The simulated outputs of Patro’s et al. encryption scheme and the 6(d) and 6(g) are generated by combining four plain images each of
proposed cryptanalysis is shown in Fig. 5. In Fig. 5, four input images image dimension 512 × 512, 256 × 256 and 128 × 128 respectively.
with the same image dimension are used to form a combined image. Figs. 6(b), 6(e) and 6(h) are the cipher images generated using Patro
The combined image undergoes a row scrambling followed by a column et al. encryption method corresponding to the plain images Figs. 6(a),
scrambling operation using the secret permutation table (𝑃𝑥 ) and (𝑃𝑦 ) 6(d) and 6(g) respectively. Figs. 6(c), 6(f) and 6(i) are the recovered
respectively. The row and column scrambled image is converted to the plain images from the cipher images Figs. 6(b), 6(e) and 6(h) respec-
final cipher image by an XOR operation using two initial keys (𝑥1𝑖 and tively using the proposed cryptanalysis technique based on cipher-text
𝑦1𝑖 ) where 𝑖 is the image dimension of the combined image. The cipher
only attack, where the secret keys are not known.
image generated using Patro’s et al. encryption scheme is cryptanalyed
From the simulated experiments, we can see that the Patro’s et al.
with the proposed cryptanalysis technique revealing the secret image
encrypted images are revealed and it is not secure irrespective of the
information. The output of the final cryptanalysed image may not be
keys used. The cryptanalysed outputs are not exactly the same as the
exactly the same as the original image, but the proposed method has
combined image, but all the information is obtained, and the exact
deciphered the contents and just a simple rearrangement of the blocks
individual images can be obtained by partitioning and combining the
will reveal the individual’s images. So, we have successfully deciphered
the cipher image generated using Patro’s et al. encryption scheme [1] required blocks from the crypt-analysed image. During the unscram-
based on cipher-text-only attack. bling stage, we randomly selected a row/column as a parent to search
for the closest row/column. So, depending on the randomly chosen
6. Experimental results and discussion row/column, the output of each execution may differ, but the overall
secret contains of the images is revealed. Fig. 7 illustrates some of
We have simulated the proposed cryptanalysis using Wolfram Math- the crypt-analysed images with different values of row/column chosen.
ematica 12.3 on a Fujitsu Celsius Workstation with Intel(R) Xeon(R) In Fig. 7, the original image is converted to a cipher image using

6
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

Fig. 5. The figure shows the process of Patro et al. encryption method and the cryptanalysis attack which breaks the encryption based on a cipher-text only attack.

or 𝑃 𝐴𝑅𝐸𝑁𝑇𝐶𝑂𝐿 in Algorithm 2, the original image information is

retrieved using the proposed cryptanalysis algorithm without using the
secret keys.

6.1. Time complexity of the proposed cryptanalysis

To perform the cryptanalysis on Patro’s et al. technique two main

operations are performed: reversed XOR and unscrambling.

1. Reversed XOR: In reversed XOR, the pixels along the

rows/columns are XOR as (𝑖 ⊕ 𝑖 + 1), where 1 ≤ 𝑖 ≤ 𝑁 − 1 is the
row/column index and 𝑁 is the dimension of the multiple-image
cipher. So, the reversed XOR operation has got time complexity
as 𝑂(𝑛).
2. Unscrambling: In unscrambling, a random row/column (parent)
is selected from the output of reversed XOR operation. The
closest row/column(child) is selected and appended to form the
unscrambled image. To avoid redundancy in searching for the
closest row/column (child), once a particular row(s)/column(s)
(child/children) is identified as the closest, it is removed from
the set of scrambled rows/columns. So, the unscrambling opera-
tion has got time complexity as 𝑂(𝑛)+𝑂(𝑛−1)+𝑂(𝑛−2)+⋯+1 =
𝑂(𝑛2 ).

Overall, the time complexity of the proposed cryptanalysis is 𝑂(𝑛2 ). The

Fig. 6. (a, d, g) Combined image1, image2 and image3. (b, e, h) Cipher image of execution time of the proposed cryptanalysis for the sample images in
Figs. 6(a), 6(d) and 6(g). (c, f, i) Crypt-analysed image of Figs. 6(b), 6(e) and 6(h). Fig. 6 are tabulated in Table 1. Table 1 shows the time taken to crypt-
analyse different images with different image dimensions 1024 × 1024,
512 × 512 and 256 × 256. As the time complexity of the proposed crypt-
Patro’s et al. encryption technique. Irrespective of the first selected analysis algorithm is 𝑂(𝑛2 ), the time taken to cryptanalyse increases
row (𝑆𝑅1 ) or first selected column (𝑆𝐶1 ) that act as 𝑃 𝐴𝑅𝐸𝑁𝑇𝑅𝑂𝑊 with an increase in image dimension.

7
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

Fig. 7. Crypt-analysed images based upon randomly selected initial row and column indexes.

Table 1 Table 2
Execution time of the proposed cryptanalysis. Statistical analyses of Patro et al. encryption technique.
Image Image size Time to crypt-analyse Image Elaine Baboon Boat Couple
Fig. 6(a) 1024 × 1024 516.01 s Histogram variance 993.71 898.64 1044.9 967.30
Fig. 6(d) 512 × 512 64.40 s Chi-square test 248.42 224.66 261.21 241.82
Fig. 6(g) 256 × 256 5.42 s Horizontal correlation −0.0004 −0.0011 −0.0021 −0.0013
Vertical correlation −0.0019 −0.0023 −0.0014 −0.0003
Diagonal correlation 0.0015 −0.0004 −0.0029 0.0028
PSNR 9.29 9.51 9.29 9.62
6.2. Advantage of Patro et al. encryption method Entropy 7.9993 7.9994 7.9993 7.9993
NPCR 99.61 99.61 99.61 99.61
UACI 33.47 33.47 33.47 33.49

The main advantages of Patro et al. encryption method are:

1. Fast execution speed: The chaotic sequences 𝑥𝑖 and 𝑦𝑖 are used 6.3. Disadvantage of Patro et al. encryption method
for scrambling and the chaotic sequences 𝑥1𝑖 and 𝑦1𝑖 are used
for enciphering. The chaotic sequences have a length of 𝑖, where 1. Row scrambling and column scrambling on image: Row scram-
𝑖 is the maximum image dimension of the combined image. As bling and column scrambling can be reversed to get the unscram-
𝑖 is not large enough, the time required to generate the chaotic bled image utilizing the property of high correlation in normal
sequence is fast. For a combined image size of 1024 × 1024, the plain images.
2. Feed-forward XOR operation: A cipher image generated by using
encryption time of Patro et al. encryption method is 0.94 s using
feed-forward XOR operation can be reversed back by performing
Wolfram Mathematica 12.3 on a Fujitsu Celsius Workstation
the XOR operation in reverse sequential order.
with Intel(R) Xeon(R) W-2133 CPU @ 3.60 GHz 32 Gb RAM.
2. Standard values in statistical analyses: The computed values for
Empirical evaluation of cryptosystem based on the statistical traits
Statistical analyses, such as histogram variance of encrypted is not the solution to developing new enciphering techniques. Many
image, the Chi-square test, horizontal, vertical and diagonal cor- chaos based cryptosystems [5,6,8,11–13] that underwent statistical val-
relation of encrypted image, peak signal-to-noise ratio (PSNR), idation has been cryptanalysed. Similarly, irrespective of how fast Patro
entropy, Number of Pixel Change Rate (NPCR), Unified Average et al. encryption method or the standard value obtained on statistical
Changing Intensity (UACI), etc., are in the standard value range. analyses, Patro et al. encryption method is successfully cryptanalysed
The values recorded during statistical analyses for enciphering using the proposed cryptanalysis technique exploiting the loopholes
the plain images Elaine, Baboon, Boat and Couple from USC-SIPI or disadvantages as mentioned in Section 6.3. Empirical statistical
database [24] using Patro et al. encryption technique is given in evaluation should not overlook the security of an encryption technique.
Table 2. An in-depth security analysis is required that can withstand all possible
cryptanalysis attacks.

8
L.D. Singh et al. Journal of Information Security and Applications 80 (2024) 103694

7. Conclusion [4] Feng W, He YG, Li HM, Li CL. Cryptanalysis of the integrated chaotic systems
based image encryption algorithm. Optik 2019;186:449–57. http://dx.doi.org/
Patro’s et al. algorithm generates a good unintelligible image with a 10.1016/j.ijleo.2018.12.103.
[5] Lan R, He J, Wang S, Gu T, Luo X. Integrated chaotic systems for image
good execution speed, but we have proposed a method to cryptanalyst
encryption. Signal Process 2018;147:133–45. http://dx.doi.org/10.1016/j.sigpro.
the technique using cipher-text only attack. Patro’s et al. algorithm 2018.01.026.
consists of scrambling the combined image column-wise, and row- [6] Hua Z, Yi S, Zhou Y. Medical image encryption using high-speed scrambling and
wise and the final encrypted image is obtained through XOR operation pixel adaptive diffusion. Signal Process 2018;144:134–245. http://dx.doi.org/10.
with keys generated using coupled PWLCM. The main drawback of the 1016/j.sigpro.2017.10.004.
Patro’s et al. algorithm is feeding the XOR output to the remaining [7] Chen Y, Tang C, Ye R. Cryptanalysis and improvement of medical image
encryption using high-speed scrambling and pixel adaptive diffusion. Signal
columns/rows in the secret image to generate the cipher image. In
Process 2020;167:107286. http://dx.doi.org/10.1016/j.sigpro.2019.107286.
Fig. 3, we have shown how each pixel except for the first row and
[8] Wu J, Liao X, Yang B. Image encryption using 2D Hénon-Sine map and DNA
column can be reversed back and the algorithm is given in Algorithm approach. Signal Process 2018;153:11–23. http://dx.doi.org/10.1016/j.sigpro.
1. For unscrambling, we have given an algorithm in Algorithm 2 along 2018.06.008.
with Fig. 4 to show how the unscrambling is done. Fig. 5 shows [9] Chen J, Chen L, Zhou Y. Cryptanalysis of a DNA-based image encryption scheme.
the output of the deciphered images using a cipher-text-only attack. Inform Sci 2020;520:130–41. http://dx.doi.org/10.1016/j.ins.2020.02.024.
Fig. 7 shows that irrespective of the random column/row selected as [10] Liu Y, Qin Z, Liao X, Wu J. Cryptanalysis and enhancement of an image
encryption scheme based on a 1-D coupled Sine map. Nonlinear Dynam
the initial parent column/row, the proposed cryptanalysis is successful
2020;100:2917–31. http://dx.doi.org/10.1007/s11071-020-05654-y.
in revealing the secret images. Patro’s et al. algorithm could have [11] Behzad YI, Ayubi P, Jabalkandi FA, Valandar MY, Barani MJ. Digital image
withstood the cipher-text-only attack if separate key streams for each scrambling based on a new one-dimensional coupled Sine map. Nonlinear Dynam
column/row were used instead of feed-forwarding the previous XOR 2019;97:2693–721. http://dx.doi.org/10.1007/s11071-019-05157-5.
output. [12] Pak C, Huang L. A new color image encryption using combination of the
1D chaotic map. Signal Process 2017;138:129–37. http://dx.doi.org/10.1016/j.
sigpro.2017.03.011.
CRediT authorship contribution statement
[13] Wang H, Xiao D, Chen X, Huang H. Cryptanalysis and enhancements of
image encryption using combination of the 1D chaotic map. Signal Process.
Laiphrakpam Dolendro Singh: Conceptualization, Design, Analy- 2018;144:444–52. http://dx.doi.org/10.1016/j.sigpro.2017.11.005.
sis, Writing, Revision of the manuscript. Rohit Thingbaijam: Concep- [14] Huang R, Liao X, Dong A, Sun S. Cryptanalysis and security enhancement
tualization, Design, Writing, Revision of the manuscript. Ripon Pat- for a chaos-based color image encryption algorithm. Multimedia Tools Appl
giri: Conceptualization, Design, Writing, Revision of the manuscript. 2020;79:27483–509. http://dx.doi.org/10.1007/s11042-020-09163-3.
Khoirom Motilal Singh: Conceptualization, Design, Writing, Revision [15] Ma Y, Chengqing L, Ou B. Cryptanalysis of an image block encryption algorithm
based on chaotic maps. J. Inf. Secur. Appl. 2020;54:102566. http://dx.doi.org/
of the manuscript.
10.1016/j.jisa.2020.102566.
[16] Hanouti IE, Fadili HE, Zenkouar K. Breaking an image encryption scheme based
Declaration of competing interest on arnold map and lucas series. Multimedia Tools Appl. 2021;80:4975–97.
http://dx.doi.org/10.1007/s11042-020-09815-4.
We declare that the manuscript is original, has not been full or [17] Xiang Y, Xiao D, Zhang R, Liang J, Liu R. Cryptanalysis and improvement of a
partly published before, and is not currently being considered for reversible data-hiding scheme in encrypted images by redundant space transfer.
Inform Sci 2021;545:188–206. http://dx.doi.org/10.1016/j.ins.2020.08.019.
publication elsewhere. We confirm that the manuscript has been read
[18] Zhang X, Wang X. Multiple-image encryption algorithm based on DNA encoding
and approved by all named authors and that there are no other persons
and chaotic system. Multimedia Tools Appl. 2019;78:7841–69. http://dx.doi.org/
who satisfied the criteria for authorship but are not listed. We further 10.1007/s11042-018-6496-1.
confirm that the order of authors listed in the manuscript has been [19] Zhang L, Zhang X. Multiple-image encryption algorithm based on bit planes and
approved. There is no conflict of interest among the authors. chaos. Multimedia Tools Appl. 2020;79:20753–71. http://dx.doi.org/10.1007/
s11042-020-08835-4.
Data availability [20] Banik A, Shamsi Z, Laiphrakpam DS. An encryption scheme for securing multiple
medical images. J. Inf. Secur. Appl. 2019;49:102398. http://dx.doi.org/10.1016/
j.jisa.2019.102398.
Data will be made available on request. [21] Khoirom MS, Laiphrakpam DS, Tuithung T. Audio encryption using amelio-
rated ElGamal public key encryption over finite field. Wirel Pers Commun
References 2021;117:809–23. http://dx.doi.org/10.1007/s11277-020-07897-9.
[22] Aasawari S, Laiphrakpam DS. Multiple images encryption based on 3D scram-
[1] Patro KAK, Soni A, Netam PK, Acharya B. Multiple grayscale image encryption bling and hyper-chaotic system. Inform Sci 2020;550:252–67. http://dx.doi.org/
using cross-coupled chaotic maps. J. Inf. Secur. Appl. 2020;52. http://dx.doi.org/ 10.1016/j.ins.2020.10.031.
10.1016/j.jisa.2020.102470. [23] Al-Janabi S. Pragmatic miner to risk analysis for intrusion detection (PMRA-
[2] Fridrich J. Symmetric ciphers based on two-dimensional chaotic maps. ID). In: International Conference on Soft Computing in Data Science. Singapore:
Int J Bifurcation Chaos 1998;8(6):1259–84. http://dx.doi.org/10.1142/ Springer; 2017, p. 263–77.
S021812749800098X. [24] The USC-SIPI image database. 2017, http://sipi.usc.edu/database/ accessed 19
[3] Preishuber M, Hütter T, Katzenbeisser S, Uhl A. Depreciating motivation and May 2017.
empirical security analysis of chaos-based image and video encryption. IEEE
Trans Inf Forensics Secur 2018;13(9):2137–50. http://dx.doi.org/10.1109/TIFS.
2018.2812080.