1 Introduction
The need to hide sensitive information has existed since ancient times. Nowadays, it has become even more important due to the rapid development of technology and multimedia. Transmissions of images and videos play an important role in medical systems, military image databases, and other areas (Li, 2006). Furthermore, our everyday electronic devices are used to transmit images, video clips, or music over wireless networks. Therefore, various algorithms based on mathematical calculations were proposed to securely hide this information, which gave birth to modern cryptography.
One of the simplest ideas was introduced in 1919 by Vernam. In modern terms, his proposal can be formalized as follows: given the message bit string μ, the sender can use the key string k of the same length and add it to the original message bit-wise to obtain the ciphertext $c=\mu \oplus k$. Here, we used ⊕ to denote the XOR operation. The receiver uses the ciphertext c to restore the original message by adding k to it bit-wise, i.e. we have $\mu =c\oplus k$. The presented idea is now known as the Vernam cipher.
Modern cryptography has gone a long way since then. In this work, we focus on the symmetric cryptography branch, which covers block and stream ciphers to encrypt messages. For implementation purposes, block ciphers are usually converted into stream ciphers by applying them in various modes of encryption to obtain the ciphertext.
One of the most popular block ciphers was standardized in Dworkin et al. (2001) and is now known as the Advanced Encryption Standard (AES). It uses a 128, 192, or 256-bit secret key to encrypt a $4\times 4$ block of 16-bit entries. Depending on the size of the secret key, either 10, 12 or 14 rounds of four steps are performed.
Symmetric encryption is also a tool for hiding visual information. Over the years, many image encryption techniques have been proposed. One of the most popular ways to encrypt an image is by applying some chaotic mapping, e.g. the logistic map (Zia et al., 2022; Zhang and Liu, 2023). We use one of such maps, namely Arnold’s cat mapping, in our paper. These mappings can produce satisfactory results when used with statistically independent sampling and binary key derivation (Dinu and Frunzete, 2025). Many researchers recommend chaos-based encryption techniques for images due to their computational efficiency (Zia et al., 2022). However, generating large chaotic sequences is time-consuming, and, therefore, the real-time application of such schemes is problematic. For this reason, parallelization of computations is used in Daoui et al. (2023) to speed up the running time. This is where the matrix computations can be helpful due to the natural parallelization of matrix operations. We view it as one of the advantages of our scheme over other schemes.
Other researchers incorporate elliptic curves into their work (Hernández-Díaz et al., 2021; Chillali and Oughdir, 2023; Nagaraj et al., 2015; Singh et al., 2024). For example, in Hernández-Díaz et al. (2021), elliptic curves are used to generate encryption keys, while in Singh et al. (2024), elliptic curve points combined with a hash function are utilized to create dynamic S-boxes. However, calculations in elliptic curves are more complex than the structures discussed in this paper. Additionally, our approach relies solely on a highly non-linear mapping called the matrix power function (MPF), rather than a combination of two different methods.
In our paper (Dindiene et al., 2022), we presented a block cipher based on MPF. We have shown how to encrypt a single block of data using MPF as opposed to the multiple rounds approach used in AES. Later, in our papers (Levinskas and Mihalkovich, 2021; Mihalkovich et al., 2022a), we analysed the statistical properties and performance of our proposal implemented in various modes of encryption. The results obtained in Mihalkovich et al. (2022a) have shown that by carefully choosing the parameters of the system, our proposal can be executed in time comparable to the AES cipher. Moreover, in Mihalkovich et al. (2022c) and Mihalkovich et al. (2022b), we have extended our research to non-commuting algebraic structures.
While the obtained results have shown some promise, in this paper, we make several changes as compared to the original idea. The most significant change comes from applying an extra mapping to the original data prior to encrypting it with our cipher. We demonstrate how this additional step affects the quality of encryption and compare our results to AES. The proposed changes can be summarized as follows:
The rest of the paper is organized as follows: in Section 2 we present the key definitions of the algebraic structures and functions we use throughout the paper; in Section 3 we introduce the changes to the original idea; in Section 4 we investigate the quality of encryption in two modes, where the finite field of integers ${\mathbb{Z}_{p}}$ is used as a platform group; in Section 5 we implement Galois Fields in our proposal and compare the quality of encryption to the results of the previous section. As mentioned previously, we also compare our results to analogous modes of AES in both sections. Conclusions are presented at the end of the paper.
2 Mathematical Background
First, we consider the finite field of integers ${\mathbb{Z}_{p}}$, where p is a prime.
Definition 1 (Detomi et al., 2025).
If ${q^{k}}$ is the highest power of a prime q dividing $p-1$, then a multiplicative subgroup ${\mathbb{G}_{q}}$ of order ${q^{k}}$ in ${\mathbb{Z}_{p}^{\ast }}$ is called a Sylow q-subgroup of ${\mathbb{Z}_{p}^{\ast }}$.
In this paper, we use a special case of Sylow q-subgroup, where $k=1$ and two primes p and q are linked via a relation $p=2q+1$. Therefore, the Sylow subgroup has the following representation:
where g is a generator of the multiplicative group ${\mathbb{Z}_{p}^{\ast }}$. Notably, each non-identity element of $\mathbb{G}$ generates the whole group. We also define a mapping $\gamma :{\mathbb{Z}_{q}}\mapsto {\mathbb{G}_{q}}$ as follows:
Clearly, γ is an invertible mapping. In this paper, we use this mapping to interchange between the elements of ${\mathbb{Z}_{q}}$ and ${\mathbb{G}_{q}}$ to fit our needs.
(1)
\[ {\mathbb{G}_{q}}=\big\langle {g^{2i}}\hspace{0.1667em}\big|\hspace{0.1667em}i=0,1,\dots ,q-1\big\rangle ,\]Note that the Sylow subgroup can be defined in a more general case. However, our research does not require considering it.
Using the multiplicative group ${\mathbb{G}_{q}}$ and a ring of integers ${\mathbb{Z}_{q}}$, we can define the following mapping:
Definition 2 (Sakalauskas et al., 2008).
Assume that $\mathbf{W}\in {\mathbb{G}_{q}^{m\times m}}$ is an $m\times m$ matrix with entries in ${\mathbb{G}_{q}}$, and $\mathbf{X},\mathbf{Y}\in {\mathbb{Z}_{q}^{m\times m}}$ are two matrices with entries in ${\mathbb{Z}_{q}}$. We define the two-sided matrix power function (MPF) as a mapping ${\mathbb{Z}_{q}^{m\times m}}\times {\mathbb{G}_{q}^{m\times m}}\times {\mathbb{Z}_{q}^{m\times m}}\mapsto {\mathbb{G}_{q}^{m\times m}}$ denoted by $\mathbf{E}{=^{\mathbf{X}}}{\mathbf{W}^{\mathbf{Y}}}$, where the entries of the MPF value matrix E are calculated as follows:
Definition 3 (Sakalauskas and Mihalkovich, 2014).
We refer to the group ${\mathbb{G}_{q}}$ in Definition 2 as a platform group.
Definition 4 (Sakalauskas and Mihalkovich, 2014).
We refer to the group ${\mathbb{Z}_{q}}$ in Definition 2 as a power ring.
In this paper, we compare two platform groups: the Sylow q-subgroup ${\mathbb{G}_{q}}$ and the Galois Field $\mathbb{GF}({q^{k}})$.
In our previous paper (Dindiene et al., 2022), we considered a symmetric block cipher based on the MPF, where we used the Sylow q-subgroup ${\mathbb{G}_{q}}$ as a platform group along with an additional one-to-one mapping Γ (an entry-wise application of γ), which was used to map the initial values of the pixels to the elements of ${\mathbb{G}_{q}}$. However, as we have shown in Levinskas and Mihalkovich (2021), the function Γ does not help to achieve good statistical properties of our cipher. Therefore, here we use a so-called Arnold’s cat map defined below:
Definition 5 (Pardede et al., 2018).
The generalized form of Arnold’s cat map for digital $N\times N$ image applications is a chaotic discrete map:
where each element of the set $\{x,{x^{\prime }},y,{y^{\prime }}\}$ comes from ${\mathbb{Z}_{N}}$, whereas a and b are two integers.
(3)
\[ \left(\begin{array}{c}{x^{\prime }}\\ {} {y^{\prime }}\end{array}\right)=\left(\begin{array}{c@{\hskip4.0pt}c}1& a\\ {} b& ab+1\end{array}\right)\left(\begin{array}{c}x\\ {} y\end{array}\right)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}N,\]In this paper, we use the parameter values $a=1$ and $b=1$. Note that Arnold’s cat map is invertible since the determinant of the transformation matrix is equal to 1.
Furthermore, in our research, we use the Hadamard product, otherwise known as the entry-wise multiplication of two matrices, and its inverse, denoted by an upper index H. In other words, we have:
Also, we define the $3\times 3$ correlation matrix ${\Sigma _{\text{avg}}}$, where each row corresponds to a distinct channel, and each column represents a different direction of a neighbouring pair: horizontal, vertical, or diagonal. Each entry in the matrix corresponds to the correlation coefficient between neighbouring pixel intensities for the respective pair type.
Definition 7 (Broumandnia, 2020).
For an $m\times m$ matrix, the types of neighbouring pairs are defined as follows:
-
• For each row i, the horizontal neighbouring pair consists of pixels at positions $\{(i,j),(i,j+1)\}$, where $1\leqslant j\lt m$.
-
• For each column j, the vertical neighbouring pair consists of pixels at positions $\{(i,j),(i+1,j)\}$, where $1\leqslant i\lt m$.
-
• For each pixel at position $(i,j)$, the diagonal neighbouring pair consists of pixels at positions $\{(i,j),(i+1,j+1)\}$, where $1\leqslant i,j\lt m$.
We use this correlation matrix as one of the tools to investigate relations between the entries of the encrypted blocks.
3 MPF-Based Block Cipher with Arnold’s Cat Map
In this section, we revise the block cipher considered in Dindiene et al. (2022). We present here a modified version of our cipher, since we implement Arnold’s cat map together with the previously used function Γ. Therefore, we introduce an additional step applied to the whole image to improve the quality of encryption.
Let μ be a string of bits representing the initial message. We cut this string into ${m^{2}}$ 8-bit chunks and therefore obtain its representation in the following form:
\[ \mu ={\mu _{11}}\| {\mu _{12}}\| \dots \| {\mu _{1m}}\| {\mu _{21}}\| {\mu _{22}}\| \dots \| {\mu _{2m}}\| \dots {\mu _{mm}},\]
where ‖ is the concatenation operation. Furthermore, if the message is too short, we append the appropriate amount of random bits at the end of the message. We can now construct the matrix representation M of the initial message, where the entries of M are integers ${\mu _{ij}}\in [0,255]$. We apply Arnold’s cat map to the matrix M a fixed number of times and denote the obtained result by ${\mathbf{M}^{\prime }}=\text{ACM}(\tau ,\mathbf{M})$, where τ is the number of iterations. We now encrypt ${\mathbf{M}^{\prime }}$ using a secret key – a triplet of matrices $(\mathbf{X},\mathbf{Y},\mathbf{Z})$, where $\mathbf{X},\mathbf{Y}\in {\mathbb{Z}_{q}^{m\times m}}$, $\mathbf{Z}\in {\mathbb{G}_{q}^{m\times m}}$, $q\gt 255$, matrix X does not contain any zero entries and Y is invertible. For application purposes, we want to keep the values of q and p as small as possible. Hence, in this paper, we set $q=281$ and $p=563$.The encryption algorithm consists of the following steps:
\[\begin{array}{l}\displaystyle {\mathbf{S}_{1}}\equiv \big(\mathbf{X}+{\mathbf{M}^{\prime }}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}q;\\ {} \displaystyle {\mathbf{S}_{2}}\equiv \big(\mathbf{Z}{\odot ^{\mathbf{Y}}}\Gamma {({\mathbf{S}_{1}})^{\mathbf{Y}}}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}p;\\ {} \displaystyle \mathbf{S}\equiv \big({\Gamma ^{-1}}(\mathbf{{\mathbf{S}_{2}}})+\mathbf{X}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}q,\end{array}\]
where $\Gamma (\mathbf{X}):{\mathbb{Z}_{q}^{m\times m}}\mapsto {\mathbb{G}_{q}^{m\times m}}$ is a publicly known one-to-one mapping which replaces entries of matrix X with elements from ${\mathbb{G}_{q}}$ – a Sylow subgroup of ${\mathbb{Z}_{p}}$. Clearly, ${\Gamma ^{-1}}({\mathbf{S}_{2}})$ is the inverse transformation. We use ⊙ to denote the Hadamard product of two matrices.Note that we use both q and p to perform modular operations. Therefore, we specify the modulus for each step of the encryption algorithm. Clearly, the modular arithmetic is applied entry-wise.
The decryption algorithm works similarly in reverse, i.e.:
\[\begin{array}{l}\displaystyle {\mathbf{D}_{1}}\equiv (\mathbf{S}-\mathbf{X})\hspace{0.2em}\mathrm{mod} \hspace{0.2em}q;\\ {} \displaystyle {\mathbf{D}_{2}}{\equiv ^{{\mathbf{Y}^{-1}}}}{\big(\Gamma ({\mathbf{D}_{1}})\odot {\mathbf{Z}^{H}}\big)^{{\mathbf{Y}^{-1}}}}\hspace{0.2em}\mathrm{mod} \hspace{0.2em}p;\\ {} \displaystyle {\mathbf{M}^{\prime }}\equiv \big({\Gamma ^{-1}}({\mathbf{D}_{2}})-\mathbf{X}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}q.\end{array}\]
Now all that remains is to apply Arnold’s cat map to ${\mathbf{M}^{\prime }}$ in reverse to obtain the initial message in the matrix form M and then concatenate its entries as presented above to restore the message μ.Previously, in Dindiene et al. (2022), we have shown that the considered block cipher is perfectly secure, i.e. it satisfies the following property:
where ${c_{0}}$ and ${\mu _{0}}$ are some fixed ciphertext and plaintext values. In other words, the ciphertext is statistically independent of the original message.
Perfect secrecy property was previously proven for the Vernam cipher. However, due to one-time secret keys and several other disadvantages, the Vernam cipher remains a purely theoretical algorithm: while easy to understand, it is never used in the real world.
One disadvantage of any perfectly secure cipher is the size of the secret key, since it has to be at least as long as the plaintext. This, together with one-time use of the key, prevents applying any modes of encryption to long messages. On the other hand, we have shown in Dindiene et al. (2022) that in our case, the secret key can be reused. Therefore, the perfectly secure block cipher we consider can be transformed into a stream cipher by applying modes of symmetric encryption. We consider two of these modes in this paper.
4 Modes of Symmetric Encryption
Like AES, our cipher operates on blocks. Therefore, to convert our idea to a stream cipher, we have to apply one of the encryption modes. Two of such modes considered in this paper are the electronic codebook (ECB) mode and the cipher block chaining (CBC) mode. A well-known fact is that the ECB mode is considered insecure even for such ciphers as AES. In this paper, we explore how Arnold’s cat mapping affects the quality of the ECB mode of our block cipher. Moreover, we perform a comparison of CBC modes for AES and our proposal.
4.1 ECB Mode
ECB mode of symmetric encryption is the simplest of modes, since it is applied block-wise (Elashry et al., 2012). The encrypted blocks are restored using the same key by performing the actions in reverse as shown in the previous section. The general idea of ECB mode is presented in Fig. 1.
Since the digital images are in RGB format, we perform the algebraic process for each of the three colours separately. Therefore, the whole image’s information is stored in a three-dimensional array. Block size is set by default to 4, i.e. the size of the single-coloured sub-image is $4\times 4$. The same size is inherited for the ciphers and other inter-components of the encryption. We encrypt each of the colour matrices using separate keys rather than the same one as we did in our previous papers.
Note that since all intensities of the image pixels are represented as 8-bit integers, we can interpret them as elements of ${\mathbb{Z}_{q}}$ and map them to the multiplicative Sylow q-subgroup ${\mathbb{G}_{q}}$ using a mapping γ.
We generate matrices $\mathbf{X}\in {\mathbb{Z}_{q}^{4\times 4}}$, $\mathbf{Y}\in {\mathbb{Z}_{q}^{4\times 4}}$, $\mathbf{Z}\in {\mathbb{G}_{q}}$ with random entries uniformly distributed in the appropriate sets. We also remove 0 from the set of possible values when generating Y. Therefore, we obtain a key triplet $\vec{\mathbf{K}}=(\mathbf{X},\mathbf{Y},\mathbf{Z})$. We generate a separate key for each colour, thus obtaining a 3-part key ${\mathbf{K}_{rgb}}=({\vec{\mathbf{K}}_{r}},{\vec{\mathbf{K}}_{g}},{\vec{\mathbf{K}}_{b}})$. Then we perform the ECB mode of our block cipher for each of the colour matrices using an appropriate key. Example results for various images1 are shown in Figs. 2a–2d.
Let us compare this result to the ECB mode of the AES cipher. Using the same images as the original plaintexts, we get the results presented in Figs. 3a–3d.
We can see that the ciphertexts produced using both ciphers in ECB mode look chaotic. However, this is not always the case for other images. A well-known downside of the ECB is noticeable patterns in the encrypted image. For this reason, this mode of encryption is not used even for such secure ciphers as AES. These patterns can also be seen if our previous version of the MPF-based block cipher is applied in ECB mode, where only the mapping Γ was used. We present an example of this below in Fig. 4.
We can observe that the generated cipher has obvious patterns in the form of noticeable strips. This is the consequence of the ECB mode: repeatable low-intensity blocks produce a pattern in the encrypted image, which reduces the quality of encryption. Interestingly enough, even using three separate keys instead of one does not improve the result by much.
Let us now plot the distribution of the colour intensities for the original Linux penguin image and its ciphertext in Fig. 5a and 5b, respectively. We can see from Fig. 5a that intensities greater than 250 dominate in the initial picture. After applying the ECB mode (Fig. 5b), roughly one third of intensity probabilities are higher than 3 times the uniform probability, which strongly suggests a non-uniform distribution.
Let us observe the average correlation between the pixels. In reference to Definition 7, we output the ${\Sigma _{\text{avg}}}$ matrix as:
We can see that the maximum absolute correlation was 0.259, which shows a weak, yet statistically significant, positive correlation for the green channel vertically. Also, for each row, the value in the second column is the largest one, which suggests that vertical correlation dominates in the initial picture. This is correct because the low-intensity block pattern repeats mostly vertically.
Furthermore, we perform the analysis of the entropy for each channel. Asif et al. (2022) We output the vector that consists of entropies for each channel.
Since the maximum theoretical entropy is
so the result is far from a statistically sufficient one.
The main difference between the Linux penguin and the presented images is that the latter image can be viewed as somewhat monochromatic since there is a dominating white colour. We can also see a similar problem of encryption quality with the AES cipher in ECB mode presented in Fig. 6a. Wherever there are more colours in the original image, the ciphertext looks more chaotic than the areas of dominating white colour. This can be clearly seen if we consider a blank (totally white) image and apply the AES cipher in the ECB mode to it. The result is presented in Fig. 6b.
Now we apply the ECB mode of encryption with the same parameters on an image transformed by Arnold’s cat map, where $\tau =5$. In other words, for each colour, we first view the whole image as a large matrix and apply Arnold’s cat map to it. Then we split the obtained output matrix into blocks for encryption using ECB mode. The results for various images are presented below in Figs. 7a–7d.
The implementation of Arnold’s cat map to the Linux penguin image reduced the maximum absolute correlation to 0.009, and the average entropy for a channel is 8.131. Therefore, we can see that Arnold’s cat map enhances the statistical results of the ECB mode. This is due to the removal of dominance of the white colour (see the middle image in Fig. 7d).
However, if we apply Arnold’s cat mapping to a blank image, no changes happen since all the values in the image matrix are the same. Therefore, the encryption quality of the ECB mode of our cipher is unaffected in this case. Hence, while we managed to cope with some weaknesses of the ECB mode using an additional mapping, the ciphertext of a monochromatic image still has low quality.
4.2 CBC Mode
The CBC encryption mode is more advanced than the ECB mode. It requires an initialization vector, which is sampled randomly from a uniform distribution (Li et al., 2023). This initialization vector is added to the sub-image using XOR or standard addition. The resulting matrix is then encrypted using a block cipher. This encrypted block is passed on as a new initialization vector for a new iteration. Then we repeat this process for each of the other given sub-images until all blocks are encrypted. Since the process of encrypting each block is dependent on previous iterations, it forms a chain of blocks.
The decryption of CBC starts from the encrypted block that was calculated in the latest iteration. We decrypt the blocks until the step with the initialization vector. We repeat the steps of decryption for each cipher block until we reach the very first deciphered block, where we subtract the public initialization vector.
The general idea of the CBC mode is presented below:
To implement this mode for the MPF-based block cipher, we use the initialization vector in the form of a $4\times 4$ matrix with entries randomly sampled from ${\mathbb{Z}_{256}}$. We denote this matrix by ${\mathbf{C}_{0}}$. Then the encryption is performed as follows:
\[\begin{array}{l}\displaystyle {\mathbf{C}_{i1}}\equiv \big(\mathbf{X}+{\mathbf{C}_{i-1}}+{\mathbf{M}^{\prime }_{i}}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}q\\ {} \displaystyle {\mathbf{C}_{i2}}\equiv \big(\mathbf{Z}{\odot ^{\mathbf{Y}}}\Gamma {({\mathbf{C}_{i1}})^{\mathbf{Y}}}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}p;\\ {} \displaystyle {\mathbf{C}_{i}}\equiv \big({\Gamma ^{-1}}(\mathbf{{\mathbf{C}_{i2}}})+\mathbf{X}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}q,\end{array}\]
where ${\mathbf{C}_{i}}$ is the i-th encrypted block and matrices ${\mathbf{C}_{i1}}$ and ${\mathbf{C}_{i2}}$ are intermediate results corresponding to that block. The obtained matrix ${\mathbf{C}_{1}}$ and all of the upcoming encrypted blocks are used as initialization vectors for the next block encryption.The decryption works similarly, but all encryption steps are reversed, just as in the previous section.
We apply the CBC mode for each colour individually, generating a new initialization vector for each colour matrix. Example results are displayed below in Figs. 9a–9d. We use $\text{ACM}(5,\mathbf{M})$ mapping and apply a CBC mode to the obtained result.
Let us consider the quality of encryption of two images, namely the ‘Woman.png’ and the Linux penguin image presented in Fig. 9c and Fig. 9d. First, we present the correlation matrices ${\Sigma _{\text{avg}}}$ for the obtained encrypted images:
The correlations above indicate significantly low or a lack of correlation. Furthermore, the results are similar for both images. Therefore, the adversary cannot distinguish between two images based on the encrypted image, which is evidence of the semantic security property.
Let us also present the scatter plot for the correlations of the encrypted Linux penguin in Fig. 10.
Fig. 10
Scatter plot for Linux penguin image using MPF-based block cipher in CBC, $\text{ACM}(5,\mathbf{M})$ was used.
We can see that there are no apparent correlations between the observations.
Now we consider the entropy for each channel of the encrypted images:
where the target entropy is 8.134, which means the observed values for each channel are very close to the target entropy. Furthermore, we have obtained the same entropy values for both encrypted images. Therefore, the encrypted images are statistically indistinguishable from the white noise.
Now we repeat the previously described process 5 times with the Linux penguin image, each time generating the keys and initialization vectors at random. We observe how the calculated entropy for each encrypted image relates to the theoretical maximum in Fig. 11. We can see that the entropies remained relatively close to the theoretical maximum, which is represented by a dashed line.
Let us compare the obtained results to the CBC mode of the AES-128 block cipher. We use the same Linux penguin image. The result of AES encryption is given below in Fig. 12.
AES cipher maximum absolute correlation is 0.005, and the entropies for each channel are
whereas the target entropy is 8.0.
We can conclude that for the considered platform group ${\mathbb{G}_{q}}$, the CBC mode of the MPF-based block cipher with Arnold’s cat map is statistically indifferent to the AES cipher.
5 Galois Field
We can also use the Galois fields in our approach for better comparison with AES. In this paper, we consider the Galois field $\mathbb{GF}({2^{9}})$ as the platform group. We use the irreducible polynomial $\phi (x)={x^{9}}+{x^{4}}+1$ due to the adjusted default parameter in the Python library for the Galois field. As in the case of AES, the private key matrices $\mathbf{X},\mathbf{Y},\mathbf{Z}$ have size $4\times 4$ with their entries ${x_{ij}}\in [1,256]$, ${y_{ij}}\in [1,510]$, ${z_{ij}}\in \mathbb{GF}({2^{9}})\setminus \{0\}$. Moreover, Y is an invertible matrix. The entries of the message block matrix M are integers in the range $[0,255]$. As previously, we apply Arnold’s cat map to the matrix M τ times and denote the obtained result by ${\mathbf{M}^{\prime }}=\text{ACM}(\tau ,\mathbf{M})$. We now use the secret key $\vec{\mathbf{K}}=(\mathbf{X},\mathbf{Y},\mathbf{Z})$ to encrypt a single block ${\mathbf{M}^{\prime }}$ as follows:
\[\begin{array}{l}\displaystyle {\mathbf{S}_{1}}=\mathbf{X}+{\mathbf{M}^{\prime }};\\ {} \displaystyle {\mathbf{S}_{2}}\equiv \big(\mathbf{Z}{\odot ^{\mathbf{Y}}}\Gamma {({\mathbf{S}_{1}})^{\mathbf{Y}}}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}\phi (x);\\ {} \displaystyle \mathbf{S}\equiv \big({\Gamma ^{-1}}(\mathbf{{\mathbf{S}_{2}}})+\mathbf{X}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}{2^{9}},\end{array}\]
where $\Gamma ({\mathbf{S}_{1}}):{(1+{\mathbb{Z}_{511}})^{4\times 4}}\mapsto {\mathbb{GF}^{4\times 4}}({2^{9}})$ is a publicly known one-to-one mapping which replaces entries of matrix ${\mathbf{S}_{1}}$ with elements from $\mathbb{GF}({2^{9}})$. Clearly, ${\Gamma ^{-1}}({\mathbf{S}_{2}})$ is the inverse transformation. Of course, the simplest case of Γ is to interpret entries of ${\mathbf{S}_{1}}$ as polynomials in $\mathbb{GF}({2^{9}})$. However, Γ can also permute elements of $\mathbb{GF}({2^{9}})$.Note that the first step of encryption does not use modular arithmetic, i.e. since the entries of key matrix X are in the range $[1,256]$, whereas the entries of ${\mathbf{M}^{\prime }}$ are in the range $[0,255]$ their sum ${\mathbf{S}_{1}}$ contains entries in the range $[1,511]$ and therefore can be interpreted as an element of ${(1+{\mathbb{Z}_{511}})^{4\times 4}}$.
The decryption algorithm is as follows:
\[\begin{array}{l}\displaystyle {\mathbf{D}_{1}}\equiv (\mathbf{S}-\mathbf{X})\hspace{0.2em}\mathrm{mod} \hspace{0.2em}{2^{9}};\\ {} \displaystyle {\mathbf{D}_{2}}{\equiv ^{{\mathbf{Y}^{-1}}}}{\big(\Gamma ({\mathbf{D}_{1}})\odot {\mathbf{Z}^{H}}\big)^{{\mathbf{Y}^{-1}}}}\hspace{0.2em}\mathrm{mod} \hspace{0.2em}\phi (x);\\ {} \displaystyle {\mathbf{M}^{\prime }}={\Gamma ^{-1}}({\mathbf{D}_{2}})-\mathbf{X},\end{array}\]
where we see that at the last step, no modular arithmetic is used.5.1 ECB Mode
Let us consider digital images from the previous section and encrypt them using $\mathbb{GF}({2^{9}})$ as a platform group. We implement the ECB mode.
We can see from the encryption algorithm that the entries of the encrypted block S are integers in the range $[0,511]$. Therefore, the maximum pixel intensity is 511. These intensities have to be normalized for plotting and visualization by taking the integer part of ${s_{ij}}$ divided by 2, i.e. we have:
We can then visualize the normalized block ${\mathbf{S}^{\prime }}$.
Let us present several images encrypted using the ECB mode (see Fig. 13).
Now, let us consider the two monochromatic images from the previous section. The results are presented below in Figs. 14a–14b.
Fig. 14
ECB Mode of our cipher with $\mathbb{GF}({2^{9}})$ platform group applied to monochromatic image.
We can see that the low quality of the ECB mode for monochromatic images is still an issue regardless of the algebraic structure used. Therefore, we implement Arnold’s cat mapping as previously for the Linux penguin image. The result is presented below in Fig. 15.
We can see from the entries of the correlation matrix ${\Sigma _{\text{avg}}}$ that $|{\sigma _{ij}}|\lt 0.010$, which means there is slim to no correlation in the cipher.
5.2 CBC Mode
In the CBC mode, the initialization vector ${\mathbf{C}_{0}}$ is a block-size matrix whose entries are generated from a uniform distribution $\mathcal{U}(0,255)$. Since each cipher consists of 9-bit elements, we append the cipher list by truncating the most significant bit, transforming each newly obtained ${\mathbf{C}_{i-1}}$ to an 8-bit entries matrix. Therefore, the encryption algorithm is as follows:
\[\begin{array}{l}\displaystyle {\mathbf{C}_{i1}}=\mathbf{X}+\big({\mathbf{M}^{\prime }_{i}}\oplus \big({\mathbf{C}_{i-1}}\hspace{0.2em}\mathrm{mod} \hspace{0.2em}{2^{8}}\big)\big)\\ {} \displaystyle {\mathbf{C}_{i2}}\equiv \big(\mathbf{Z}{\odot ^{\mathbf{Y}}}\Gamma {({\mathbf{C}_{i1}})^{\mathbf{Y}}}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}\phi (x);\\ {} \displaystyle {\mathbf{C}_{i}}\equiv \big({\Gamma ^{-1}}(\mathbf{{\mathbf{C}_{i2}}})+\mathbf{X}\big)\hspace{0.2em}\mathrm{mod} \hspace{0.2em}{2^{9}},\end{array}\]
where ⊕ denotes the bit-wise XOR operation. Note that at step ${\mathbf{C}_{i1}}$, only the matrix ${\mathbf{C}_{i-1}}$ is reduced modulo ${2^{8}}$. No modular arithmetic is used when adding the private key matrix X.Decryption algorithm reverses these steps as follows:
\[\begin{array}{l}\displaystyle {\mathbf{D}_{i1}}\equiv ({\mathbf{C}_{i}}-\mathbf{X})\hspace{0.2em}\mathrm{mod} \hspace{0.2em}{2^{9}};\\ {} \displaystyle {\mathbf{D}_{i2}}{\equiv ^{{\mathbf{Y}^{-1}}}}{\big(\Gamma ({\mathbf{D}_{i1}})\odot {\mathbf{Z}^{H}}\big)^{{\mathbf{Y}^{-1}}}}\hspace{0.2em}\mathrm{mod} \hspace{0.2em}\phi (x);\\ {} \displaystyle {\mathbf{D}_{i3}}=\big({\Gamma ^{-1}}({\mathbf{D}_{2}})-\mathbf{X}\big);\\ {} \displaystyle {\mathbf{M}^{\prime }}={\mathbf{D}_{i3}}\oplus \big({\mathbf{C}_{i-1}}\hspace{0.2em}\mathrm{mod} \hspace{0.2em}{2^{8}}\big).\end{array}\]
Similarly to the encryption algorithm, we reduce only the matrix ${\mathbf{C}_{i-1}}$ modulo ${2^{8}}$ when calculating ${\mathbf{M}^{\prime }}$. The reduced matrix is then entry-wise XOR’ed with ${\mathbf{D}_{i3}}$.
Let us now consider the image ‘Skittles.png’. We investigate the statistical results of the CBC mode of encryption for this image. The output of the CBC mode of our cipher is presented in Fig. 16.
Fig. 16
CBC Mode of our cipher with $\mathbb{GF}({2^{9}})$ platform group applied to Skitlles.png image.
These results indicate very low correlations and high chaos among the pixel intensities in the cipher.
Moreover, let us plot the distribution of the unnormalized pixel intensities of the encrypted image in Fig. 17. We can see that the intensity probabilities for all colours fluctuate throughout the intensity interval, but the probability difference from the uniform distribution is less than 0.001 for each intensity. To further analyse the uniformity of the cipher, we perform the Chi-Square Test on each colour intensity set that is divided into 32 bins. We plot the frequency histograms for each colour in Fig. 18. In this case, p-values (up to 3 decimal places) of the Chi-Square test for red, green, and blue channels are: $0.063,0.835$, and 0.600 respectively. Therefore, with $95\% $ probability, we do not reject the null hypothesis that the values are uniformly distributed. However, the results of the Chi-Square test might change drastically if given another private key, so the numerical results of the Chi-Square test only suggest that for this specifically randomly generated key, we cannot reject the null hypothesis with $95\% $ probability.
6 Statistical Characteristics of the MPF-Based Block Cipher
The number of changing pixel rates (NPCR) and the unified average changed intensity (UACI) are the two most common statistical characteristics used to evaluate the strength of image encryption ciphers with respect to differential attacks (Wu et al., 2011). The results of the numerical analysis using these metrics need to be compared to the critical values that these statistics are theoretically expected to reach.
Strict avalanche criterion resides in different fields of cryptography, and it is generalized by the avalanche effect (Castro et al., 2005). It measures the amount of non-linearity in substitution boxes (also known as s-boxes), and it is a key component in AES (Castro et al., 2005).
Let us explore these characteristics for our cipher defined over the Galois field. We consider two images: ‘Skittles.png’ and the Linux penguin. The experiment is based on comparing two ciphertexts of $4\times 4$ block size and is performed as follows:
-
• We settle on the initial block plaintext ${\mathbf{M}_{0}}$ and encrypt it as the ciphertext ${\mathbf{C}_{0}}$.
-
• For each bit in each of the plaintext ${\mathbf{M}_{0}}$ coordinates we change one bit to get ${\mathbf{M}_{i}}$, where i denotes the i-th changed bit. Hence, ${\mathbf{M}_{0}}$ and ${\mathbf{M}_{i}}$ differ by exactly one bit.
-
• We encrypt ${\mathbf{M}_{i}}$ to calculate ciphertext ${\mathbf{C}_{i}}$.
-
• Finally, we compare ${\mathbf{C}_{0}}$ and ${\mathbf{C}_{i}}$.
-
• After i runs through all possible values, we consider the next block.
-
• After collecting data from all of the blocks, we calculate the average statistics.
The first comparison is whether the specific coordinate pixel value changed or not – this difference is captured by the NPCR. The expected value for this statistic is given by the following expression:
where $L-1$ is the upper bound of the uniform distribution $\mathcal{U}(0,L-1)$. In our case, we have $L=512$ and therefore $\mathbb{E}(\textit{NPCR})\approx 99.8\% $.
Also, we keep track of the absolute difference in ciphertexts’ pixel intensities and use the UACI metric to measure it. The expected value is:
and therefore in our setup we have $\mathbb{E}(\textit{UACI})=33.4\% $.
We resize both considered images to a $4\times 4$ block size and perform 50 iterations, and calculate the average NPCR and UACI values for all iterations. During the experiment, we do not use Arnold’s cat mapping, since otherwise we would not evaluate the encryption scheme appropriately. We output the values in Table 1.
Table 1
Average NPCR and UACI values.
| Image | Resized image size | Average NPCR, % | Average UACI, % |
| Linux penguin | $16\times 16$ | 99.630 | 33.359 |
| Linux penguin | $32\times 32$ | 99.609 | 33.379 |
| Linux penguin | $64\times 64$ | 99.597 | 33.504 |
| Skittles.png | $16\times 16$ | 99.576 | 33.495 |
| Skittles.png | $32\times 32$ | 99.574 | 33.458 |
| Skittles.png | $64\times 64$ | 99.592 | 33.471 |
We can observe that the obtained values of both characteristics are close to the expected ones. Therefore, we do not reject the hypothesis that the ciphertexts are generated independently of each other.
Now we calculate the avalanche effect of our cipher. Since we consider $4\times 4$ blocks, each entry has 8 bits that can be changed in the initial image, and the block consists of three channels, we perform exactly $4\cdot 4\cdot 8\cdot 3=384$ iterations. For both images, we output the results as heatmaps for each channel and for each coordinate separately.
Fig. 19
Heatmaps for the avalanche criterion of our cipher with $\mathbb{GF}({2^{9}})$ platform group.
We can observe that for both images, the results are similar (see Fig. 19). The variance from the expected value of 0.5 is approximately 0.02, which shows an insignificant difference in value variation during the experiment, despite the coordinate or the channel. Therefore, from the avalanche effect perspective, the theoretically expected value coincided with the experimental result.
We can also observe that there is no clear pattern of higher or lower values. The results are relatively random, although the confidence interval, which includes the value of 0.5, is narrow.
7 Conclusion
In this paper, we have introduced improvements to our original block cipher, presented in Dindiene et al. (2022), e.g. we now use individual keys for each of the RGB colours, and we implemented Arnold’s cat mapping to the initial digital image to improve the quality of encryption. Also, we implemented Galois Fields in our proposal, making it more convenient for practical applications.
We considered both versions of our block cipher in ECB and CBC modes of encryption and analysed the quality of encrypted images using statistical characteristics. The obtained results have shown that the implementation of Arnold’s cat mapping plays an important part in the overall quality of encryption. For example, we have demonstrated in Fig. 9c and 9d that the considered plaintexts are statistically indistinguishable given the ciphertext, which is evidence for the semantic security of our proposal. We calculated the correlation matrices for both images. The maximum absolute correlations of 0.005 and 0.009, respectively, have shown the lack of statistically significant linear relations between the pixels, which is a desirable result for a secure cipher. Also, we saw that the entropy for both images is 8.131, which is close to the theoretical maximum. Therefore, the statistical results obtained for the CBC mode of our block cipher are indistinguishable from the AES.
Implementing Arnold’s cat mapping proved especially useful for monochromatic images. We have shown in Fig. 7 that our proposal, together with Arnold’s cat mapping, surpasses the AES cipher in ECB mode. Moreover, the maximum absolute correlation of the ciphertext was 0.009, which is similar to the result obtained for the CBC mode of encryption. However, as can be seen from Fig. 14b, the ECB mode is still not recommended for our cipher, since Arnold’s cat mapping cannot remove the dominance of one colour in this case. On the other hand, while ciphertexts in Figs. 4 and 14a are still low quality, they seem more chaotic than the ciphertext obtained from the ECB mode of AES (see Fig. 6a), even without additional scrambling.
We also considered the avalanche effect of our proposal. The obtained results have shown that we can expect an average of $99.6\% $ value of NPCR and a $33.5\% $ value of UACI statistical characteristics. These results are fairly close to the desired values of these characteristics. Furthermore, we can expect the avalanche effect in the range $[0.48;0.52]$, which is close to the ideal value of 0.5.
Note, however, that in our paper we have fixed the parameters of Arnold’s cat mapping, as well as the number of its iterations. In the future, it may be interesting to explore the effect of scrambling with other parameter values.
Also, to shorten this paper, we have left out the performance analysis for the enhanced version of our cipher. Though from our previous work, there are indications that our proposal can be executed reasonably fast, it may be necessary to consider the influence of Arnold’s cat mapping and parallelization on the performance of our cipher.
