Cryptanalyzing a class of image encryption schemes based on Chinese remainder theorem
Introduction
Both the transmission and the storage of digital data have dual requirements of high operating efficiency and security, which lead to the joint operations of compression and encryption. According to the order of the operations, joint compression and encryption schemes can be categorized into three classes: encryption on compressed data [1], [2], [3]; simultaneous compression and encryption [4], [5], [6], [7], [8]; compression on encrypted data [9], [10], [11]. Recently, Chinese Remainder Theorem (CRT) is used in constructing simultaneous compression and encryption schemes or the basis of some efficient encryption schemes.
The earliest known example of CRT can be found in the book, The Mathematical Classic of Sunzi, written by Chinese mathematician Sun Tzu in the fifth century. In 1247, another Chinese mathematician Jiushao Qin generalized it into a statement about simultaneous congruences and provided the complete solution in Mathematical Treatise in Nine Sections [12]. Antiquity of Chinese mathematicians’ study on the remainder problem (and maybe sparsity of Chinese mathematicians’ contribution to classic mathematics) made the complete form of the statement be called Chinese Remainder Theorem. As a fundamental theorem in number theory, it has been widely used in various fields of information security, e.g. speed up implementation of the RSA algorithm [13], [14], secret sharing [15], and secure code [16]. For a comprehensive survey of the cryptographic applications of CRT and chaos-based cryptanalysis, refer to [17] and [18], respectively.
As reviewed in [19, Sec. 4.3.2], CRT supports the modular representation of a large number (dividend) as a set of numbers (remainders) in some given small domains. It converts the addition, subtraction, and multiplication of large numbers into very simple operations on small numbers. In addition, the conversion provides simultaneous operations on different moduli for parallel computing. Considering these benefits, a number of symmetric encryption schemes based on CRT have been proposed since 2001. The schemes designed in [20], [21], [22], [23] all consider the gray level of some plain-image pixels as remainders, and the summing divisor of CRT as the cipher-element, where the moduli sequences are considered as the secret key or key stream. Conversely, the scheme proposed in [24] combines the gray levels of some plain-image pixels into a big divisor and stores the smaller remainder as the cipher-elements. Reference [25] follows this idea and further encrypts the remainders in a stream cipher mode, using two pseudo-random number sequences (PRNS). In 2013, an image encryption scheme, called CECRT in this paper, was proposed [26]. It first permutes the pixels of the plain-image and then performs the CRT operations as reported in [20], [21], [22], [23]. In [22], [26], the authors claimed that their schemes possess the feature of simultaneous compression and encryption. As shown in [27], cryptanalysis is an integral work to evaluate security level of any encryption scheme, it is important to analyze security properties of the encryption schemes based on CRT.
As CECRT is a typical example of the class of symmetric encryption schemes based on CRT and almost all security defects of other schemes can be found in it, we will focus on breaking CECRT. We found a property of CRT on the relationship among the product of some moduli, the divisor corresponding to a special set of remainders, and the divisor. To the best of our knowledge, this is the first time that the property of CRT is reported. Based on it, we prove that the diffusion part of CECRT can be compromised efficiently using only a pair of chosen-plaintext and the corresponding ciphertext. Then, the permutation part of CECRT can be broken using the existing standard cryptanalysis methods. In addition, the following security defects of CECRT are also reported: (1) the compression performance of CECRT is marginal and even negative; (2) the ciphertext is not sensitive to changes in the plaintext; (3) the moduli of CRT are not suitable to be used as sub-key.
The rest of this paper is organized as follows. In Section 2, CECRT is briefly described. Then, the comprehensive cryptanalyses on CECRT are presented in Section 3, together with detailed experimental results. The last section concludes the paper.
Section snippets
Description of CECRT
The kernel of CECRT relies on the Chinese Remainder Theorem, which states that the system of linear congruenceshas unique solutionwhen are coprime integers, where , , , , and t is an integer larger than or equal to one. Let and denote the plaintext and the corresponding ciphertext, respectively, where k is the number of plaintext symbols encrypted at one time. Without loss of
Cryptanalysis
To carry out an efficient chosen-plaintext attack on CECRT, some properties of Chinese Remainder Theorem are introduced first.
Conclusion
The security of a class of encryption schemes using the Chinese Remainder Theorem has been analyzed in detail. Based on some properties of CRT, the sub-key used in the confusion part of CECRT can be easily recovered with only one pair of chosen plaintext and the corresponding ciphertext. Then, the permutation part can be broken with the reported general method. In addition, other defects of CECRT are reported to facilitate the proper use of CRT in cryptography. The work in this paper may be
Acknowledgements
This research was supported by the National Natural Science Foundation of China (No. 61100216), Hunan Provincial Innovation Foundation For Postgraduate (No. CX2014B277), and the Alexander von Humboldt Foundation of Germany.
References (32)
- et al.
Compression-unimpaired batch-image encryption combining vector quantization and index compression
Inf. Sci.
(2010) - et al.
Cryptanalysis of an encryption scheme for binary images
Pattern Recognit. Lett.
(2002) - et al.
A novel image encryption–compression scheme using hyper-chaos and Chinese remainder theorem
Signal Process.: Image Commun.
(2013) - et al.
Algebraic break of image ciphers based on discretized chaotic map lattices
Inf. Sci.
(2011) - et al.
Optimal quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks
Signal Process.
(2011) - et al.
A general quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks
Signal Process.: Image Commun.
(2008) - et al.
Cryptanalysis of an image encryption scheme
J. Electron. Imaging
(2006) - et al.
Design of integrated multimedia compression and encryption systems
IEEE Trans. Multimed.
(2005) - et al.
Security analysis of multimedia encryption schemes based on multiple Huffman table
IEEE Signal Process. Lett.
(2007) - et al.
Comments on “a novel compression and encryption scheme using variable model arithmetic coding and coupled chaotic system”
IEEE Trans. Circuits Syst. I Reg. Pap.
(2008)
Cryptanalysis of some multimedia encryption schemes
IEEE Trans. Multimedia
A modified chaos-based joint compression and encryption scheme
IEEE Trans. Circuits Syst. II
Lossy compression and iterative reconstruction for encrypted image
IEEE Trans. Inf. Forensics Secur.
On compression of data encrypted with block ciphers
IEEE Trans. Inf. Theory
Historical development of the Chinese remainder theorem
Arch. Hist. Exact Sci.
Cited by (38)
A chaos based image encryption algorithm using Rubik's cube and prime factorization process (CIERPF)
2022, Journal of King Saud University - Computer and Information SciencesImage compression–encryption scheme using SPIHT and chaotic systems
2021, Journal of Information Security and ApplicationsA novel hybrid image encryption–compression scheme by combining chaos theory and number theory
2021, Signal Processing: Image CommunicationAn overview of encryption algorithms in color images
2019, Signal ProcessingImage compression-encryption algorithms by combining hyper-chaotic system with discrete fractional random transform
2018, Optics and Laser Technology