- Abstract
- Introduction
- Background and Motivation
- Project Objectives
- Methodology
- Mathematical Foundations
- Algorithm Design Techniques
- System Architecture and Flowcharts
- Implementation Details
- Performance and Security Analysis
- Results and Discussion
- Conclusion
This project presents a hybrid image encryption system combining Arnold Cat Map (ACM) spatial shuffling, AES S-box substitution, and Logistic Map chaotic encryption. The encrypted data undergoes zlib compression, SHA-256 integrity verification, and metadata embedding via LSB steganography. Performance analysis shows 85-92% compression ratios and encryption/decryption times under 12 seconds for 4K images, while security metrics demonstrate near-ideal entropy (7.9993) and key sensitivity (PSNR <9 dB with 1e-9 key deviation)
The exponential growth of digital data necessitates robust methods for secure image transmission. This project details a hybrid image encryption system combining spatial shuffling (Arnold's Cat Map - ACM), byte substitution (AES S-box), and chaotic encryption (Logistic Map). The resulting encrypted image data is losslessly compressed using zlib for efficiency, its integrity verified using SHA-256 hashing, and critical decryption metadata is embedded within the encrypted data stream via Least Significant Bit (LSB) steganography.
Traditional image encryption methods often rely solely on pixel value modification or spatial rearrangement, leaving them potentially vulnerable to statistical or pattern recognition attacks. This project was motivated by combining multiple cryptographic approaches into a layered encryption strategy:
- ACM provides confusion through spatial rearrangement
- Logistic Map delivers diffusion properties
- AES S-box substitution adds strong non-linearity to bolster security against differential cryptanalysis
The system addresses practical transmission concerns through lossless compression (zlib) and ensures data integrity using SHA-256 hashing. Embedding metadata via steganography ensures that necessary decryption parameters (like keys and original image dimensions) travel securely with the encrypted data itself.
The primary objectives of this project are to:
- Develop a multi-stage encryption mechanism combining spatial shuffling (ACM), non-linear byte substitution (AES S-box), and chaotic pixel value encryption (Logistic Map XOR)
- Implement lossless compression (zlib) on the encrypted image data to reduce transmission size
- Integrate SHA-256 hashing for verifying the integrity of the compressed data upon reception
- Embed critical metadata (including encryption keys, original dimensions, padding status) securely within the encrypted image data using LSB steganography
- Ensure the system is functional and user-friendly across different execution environments (Colab, Jupyter, standard Python)
- Conduct thorough performance analysis (timing) and security evaluation (metrics like MSE, PSNR, SSIM, entropy, key sensitivity)
The secure image transmission pipeline involves the following key stages:
-
Image Upload & Preprocessing:
- Load the image, convert to a standard format (RGB or Grayscale)
- Pad/resize to ensure square dimensions required for ACM
- Store original dimensions
-
Encryption Pipeline:
- Apply Arnold's Cat Map shuffling
- Apply AES S-box substitution to the shuffled image bytes
- Generate a chaotic keystream using the Logistic Map and apply XOR encryption to the S-box output
-
Metadata Embedding (Steganography):
- Embed essential parameters (keys, original shape, padding flag, etc.) into the LSBs of the encrypted image data
-
Compression:
- Compress the encrypted image data (now containing embedded metadata) using zlib
-
Hashing:
- Calculate the SHA-256 hash of the compressed byte stream
-
Transmission (Simulated):
- Transmit the compressed data and its SHA-256 hash
-
Integrity Verification:
- Upon reception, recalculate the SHA-256 hash of the received compressed data
- Compare it with the transmitted hash
- Proceed only if they match
-
Decompression:
- Decompress the received data using zlib
-
Metadata Extraction (Steganography):
- Extract the embedded metadata from the LSBs of the decompressed data
-
Decryption Pipeline (using extracted/default parameters):
- Apply XOR decryption using the Logistic Map keystream
- Apply the inverse AES S-box substitution
- Apply the inverse Arnold's Cat Map shuffling
-
Post-processing:
- Remove padding based on the extracted original dimensions
-
Analysis & Output:
- Display/save the decrypted image
- Evaluate performance/security metrics
The system employs a three-pronged encryption approach:
-
Arnold's Cat Map (ACM):
- Provides spatial confusion by deterministically rearranging pixel locations
- Requires a square image
- Reversible by applying the inverse transformation
-
AES S-box Substitution:
- Introduces non-linearity by substituting each byte of the image data
- Based on the standardized Advanced Encryption Standard (AES) S-box lookup table
- Significantly enhances resistance against differential and linear cryptanalysis
-
Logistic Map Encryption:
- Provides diffusion by generating a pseudo-random chaotic keystream
- Based on sensitive initial parameters (x0, r)
- Keystream is XORed with the image data pixel-by-pixel (or byte-by-byte)
The specific order during encryption is crucial: ACM Shuffling → AES S-box Substitution → Logistic Map XOR.
After encryption and metadata embedding, the resulting image data (as a NumPy array) is converted to bytes and compressed using the zlib library (level 7 compression). This reduces the data volume for efficient storage or transmission.
For integrity verification, the SHA-256 hash of the compressed byte stream is calculated before transmission. The recipient recalculates the SHA-256 hash of the received compressed data and compares it to the transmitted hash. A mismatch indicates that the data was corrupted or tampered with during transit.
To ensure the recipient has the necessary information for decryption without transmitting keys separately, critical parameters are embedded directly into the encrypted image using LSB steganography before compression. The embedded metadata includes:
- Encryption parameters (ACM iterations, a, b, Logistic Map x0, r)
- Original image dimensions (unpadded shape, padded shape)
- Data type (
dtype) - Padding status flag (
padded) - Descriptive information (e.g., application name, timestamp)
A 4-byte length header precedes the JSON-encoded metadata, allowing the extraction process to know how many bits to read from the LSBs after decompression.
The Arnold Cat Map T(x, y) = [(x + by) mod N, (ax + (a*b+1)*y) mod N] is a transformation on a discrete grid. Its determinant is (1 * (ab+1)) - (b * a) = 1. A determinant of 1 ensures the map is area-preserving and reversible over integer coordinates modulo N.
The inverse map exists and can be found by solving for (x, y) or using the inverse matrix modulo N. Applying the inverse map for the same number of iterations restores the original configuration.
The Logistic Map, defined by the recurrence relation xn+1 = r * xn * (1 - xn), is a simple non-linear equation that exhibits complex chaotic behavior for certain values of the parameter r (typically 3.57 < r ≤ 4.0) and initial condition 0 < x0 < 1. Key properties include:
-
Sensitivity to Initial Conditions:
- Tiny changes in x0 or r lead to exponentially diverging sequences over time (the "butterfly effect")
- This makes the generated keystream highly dependent on the secret keys (x0, r)
-
Pseudo-randomness:
- The generated sequence appears random and unpredictable for chaotic parameters
- Makes it suitable for cryptographic keystreams
The AES S-box is a crucial component of the Advanced Encryption Standard. It is a non-linear substitution table that maps an 8-bit input byte to an 8-bit output byte. Its construction involves finite field mathematics (specifically, multiplicative inverse in GF(2^8) followed by an affine transformation).
Its primary cryptographic function is to provide confusion and resistance against linear and differential cryptanalysis by breaking linear relationships between input and output bits. Applying it byte-wise across the image adds a strong layer of non-linearity independent of the chaotic map.
The bitwise Exclusive OR (XOR) operation (denoted by ⊕) is fundamental in stream ciphers. Its key properties are:
- Self-Inverting: A ⊕ B ⊕ B = A. Any value XORed twice with the same key returns the original value.
- Commutative & Associative: A ⊕ B = B ⊕ A; (A ⊕ B) ⊕ C = A ⊕ (B ⊕ C).
- Zero Identity: A ⊕ 0 = A.
These properties allow the same logistic_map_encrypt_decrypt function (which uses XOR) to be used for both encryption and decryption, provided the exact same keystream is generated using the correct keys.
The encryption scheme uses a deliberate layering approach based on Shannon's principles of confusion and diffusion:
-
Divide and Conquer Technique: The encryption problem is decomposed into spatial rearrangement (ACM), byte substitution (AES S-box), and value transformation (Logistic Map XOR), addressing different aspects of security.
-
Parameter Tuning: The chaotic behavior of the Logistic Map requires careful parameter selection within specific ranges (r between 3.57 and 4.0) where the system exhibits strong chaotic properties.
-
Period Analysis for ACM: Arnold Cat Map iteratively applied to a square image eventually returns to its original state after a specific number of iterations (period). The encryption algorithm uses this property by choosing iteration counts less than the period for encryption, ensuring reversibility.
-
Dynamic Programming for Keystream Generation: The Logistic Map keystream generation employs dynamic programming principles, storing each generated value for use in calculating the next, avoiding redundant recalculations.
The zlib compression implementation uses several algorithmic strategies:
-
Greedy Approach: The DEFLATE algorithm (used within zlib) employs a greedy approach when selecting LZ77 matches, choosing the longest possible match at each step to maximize compression.
-
Huffman Coding: After LZ77 compression, the data undergoes Huffman coding, which builds optimal prefix codes based on symbol frequencies - a classic example of a greedy algorithm producing an optimal solution.
-
Sliding Window Techniques: The LZ77 component uses a sliding window approach (dictionary compression) that maintains a fixed-size buffer of previously seen data to identify repeating patterns.
-
Trade-off Optimization: The compression level (set to 7) represents a balance between compression ratio and computational complexity, targeting an optimal point in the performance-efficiency trade-off curve.
The LSB steganography implementation uses several design techniques:
-
Bit Manipulation: The core algorithm uses efficient bitwise operations (AND, OR) to clear and set individual bits without affecting the others.
-
Sequential Access Pattern: The metadata embedding follows a sequential access pattern, utilizing the fact that accessing array elements in order (rather than randomly) improves cache locality.
-
Header-Payload Structure: A 4-byte length header precedes the actual metadata, employing a common protocol design technique to enable dynamic payload handling.
-
JSON Serialization: The metadata is structured as JSON, leveraging its compact representation and universal compatibility over custom binary formats.
The integrity verification approach uses:
-
Collision Resistance: SHA-256 was selected for its strong collision resistance properties, making it computationally infeasible to find two different inputs producing the same hash output.
-
Merkle-DamgĂĄrd Construction: The underlying design of SHA-256 follows the Merkle-DamgĂĄrd construction, which iteratively applies a compression function to blocks of the input message.
-
Side-Channel Prevention: The hash comparison uses a constant-time string comparison approach rather than short-circuiting at the first mismatch, mitigating potential timing attacks.
graph TD
A[Start: Image Upload] --> B(Image Preprocessing<br>Pad/Resize to Square<br>Store Original Shape)
B --> C(Encrypt: Apply ACM Shuffle)
C --> D(Encrypt: Apply AES S-Box)
D --> E(Encrypt: Apply Logistic Map XOR)
E --> F(Steganography:<br>Embed Metadata in LSBs)
F --> G(Compress Data<br>Encrypted Image + Steg)
G --> H(Calculate SHA-256 Hash<br>of Compressed Data)
H --> I(Simulate Transmission<br>Compressed Data + Hash)
I --> J(Receive Data + Hash)
J --> K(Verify SHA-256 Hash)
K --> L{Hash OK?}
L -- Yes --> M(Decompress Data)
L -- No --> Z_Fail[End: Integrity Failure]
M --> N(Steganography: Extract Metadata from LSBs)
N --> O(Decrypt: Apply Logistic Map XOR<br>using Extracted/Default Key)
O --> P(Decrypt: Apply Inverse AES S-Box)
P --> Q(Decrypt: Apply Inverse ACM<br>using Extracted/Default Key)
Q --> R(Post-Process:<br>Remove Padding<br>using Extracted/Default Shape)
R --> S(End: Display/Save<br>Decrypted Image & Analyze)
subgraph Sender
direction LR
A
B
C
D
E
F
G
H
end
subgraph Transmission
direction LR
I
end
subgraph Receiver
direction LR
J
K
L
M
N
O
P
Q
R
S
Z_Fail
end
flowchart TD
P[Input Square Image Array] --> Q(Apply Arnold Cat Map Shuffling);
Q --> T(Apply AES S-Box Substitution);
subgraph Logistic XOR Step
direction LR
R(Generate Chaotic Keystream with Logistic Map Key) --> S;
T -- S-Box Output --> S(Perform XOR Operation S-Box Output XOR Keystream);
end
S --> U[Output Encrypted Image Array Pre-Steganography];
flowchart TD
V[Input Decompressed Encrypted Image Array] --> X(Apply XOR Decryption using Logistic Map Keystream);
X --> W(Reverse AES S-Box Substitution);
W --> Y(Inverse Arnold Cat Map Shuffling);
Y --> Z(Remove Padding using Original Shape Info);
Z --> AA[Output Final Decrypted Image Array];
The preprocess_image function handles:
- Loading the image from various sources (bytes, file path, PIL object)
- Converting it to RGB (handling RGBA transparency) or grayscale
- Optionally resizing
- Padding it with black pixels to achieve square dimensions necessary for the Arnold Cat Map
It returns:
- The processed NumPy array
- The original dimensions
(width, height)before padding - A boolean flag
paddedindicating if padding was applied
The encrypt_image function orchestrates the three core encryption steps in sequence on the preprocessed (square, padded) image array:
- Calls
arnold_cat_mapwith the specified iterations and parameters (a, b) - Calls
apply_aes_sboxon the output of the ACM shuffle - Calls
logistic_map_encrypt_decrypt(which generates the keystream using x0, r and performs XOR) on the output of the S-box substitution
It returns the final encrypted NumPy array and the time taken.
The decrypt_image function reverses the process, operating on the decompressed encrypted image array. It uses parameters potentially retrieved from the extracted metadata (or falls back to global defaults):
- Calls
logistic_map_encrypt_decrypt(XOR with the keystream generated from the appropriate x0, r) - Calls
apply_inverse_aes_sboxon the output of the XOR decryption - Calls
inverse_arnold_cat_mapon the output of the inverse S-box, using the appropriate iterations and parameters (a, b) - Removes padding:
- Checks the
paddedflag - If true, retrieves the original
(height, width)from theoriginal_shape_before_paddingparameter - Correctly slices
[:2]to handle potential 3-element tuples from metadata - Slices the image array to remove the padding added during preprocessing
- Checks the
It returns the final decrypted (unpadded) image array and the time taken.
-
Compression (
compress_data):- Takes the final encrypted NumPy array (potentially with embedded LSB metadata)
- Converts it to bytes using
.tobytes() - Compresses it using
zlib.compress()with level 7
-
Hashing (
calculate_hash_bytes):- Takes the compressed bytes
- Computes the SHA-256 hash using
hashlib.sha256() - Returns the hexadecimal digest
-
Verification (
verify_integrity_compressed):- Recalculates the SHA-256 hash of the received compressed bytes
- Compares it (string comparison) to the expected hash received alongside the data
- Returns
Trueif they match,Falseotherwise
-
Embedding (
steghide_embed_metadata):- Takes the encrypted image array and a dictionary of metadata
- Serializes the metadata dictionary into a compact JSON string, then encodes it to UTF-8 bytes
- Prepends a 4-byte header representing the length of the metadata byte string (big-endian)
- Checks if the image array has enough elements (pixels/bytes) to store the required number of bits (8 * payload length)
- Flattens the image array and iterates through the payload bits (length header + metadata bytes)
- For each image element corresponding to a payload bit, it clears the LSB (
& 0xFE) and sets it to the payload bit (| bit) - Returns the modified image array containing the embedded metadata and a success flag
-
Extraction (
steghide_extract_metadata):- Takes the decompressed image array
- Flattens the array and extracts the first 32 LSBs to reconstruct the 4-byte length header
- Converts the length header bytes to an integer representing the metadata byte length
- Performs sanity checks on this length
- Extracts the required number of subsequent LSBs (metadata length * 8)
- Reconstructs the metadata bytes from these bits
- Decodes the bytes as UTF-8 and parses the JSON string back into a dictionary
- Returns the extracted metadata dictionary or
Noneon failure
Performance is measured via:
-
Execution Time: Recording the time taken for distinct phases:
- Encryption (
encrypt_image) - Compression (
compress_data) - Decompression (
decompress_data) - Decryption (
decrypt_image)
- Encryption (
-
Image Quality Metrics (
calculate_metrics): Comparing the final decrypted image against the original unpadded image using:- Mean Squared Error (MSE): Lower is better
- Peak Signal-to-Noise Ratio (PSNR): Higher is better (often measured in dB). Infinite PSNR indicates perfect reconstruction
- Structural Similarity Index (SSIM): Value between -1 and 1, where 1 indicates perfect similarity
- Shannon Entropy: Measures the randomness/uncertainty in pixel values. Encrypted images should have significantly higher entropy, approaching the maximum (8.0 for 8-bit images)
The multi-layered approach enhances security:
- ACM: Provides spatial confusion, breaking pixel correlations
- AES S-box: Adds strong non-linear confusion, resisting differential/linear attacks
- Logistic Map: Provides diffusion via a chaotic, key-sensitive keystream for XOR encryption. High sensitivity means slightly wrong keys produce garbage output
- SHA-256: Ensures integrity, detecting accidental or malicious modifications to the compressed data during transit
- LSB Steganography: Hides keys and parameters within the encrypted data, avoiding separate transmission channels, although LSB modification is detectable by specialized analysis. The impact on the encrypted data's statistical properties is minimal but non-zero
Key Sensitivity: The Logistic Map is highly sensitive to its initial parameters (x0, r). The implementation includes a test where decryption is attempted with a slightly modified key (e.g., x0 + 1e-9). A successful test shows drastically different output (very low PSNR/SSIM) compared to decryption with the correct key, confirming the sensitivity.
The system incorporates several features contributing to security:
- Layered Encryption: Combining shuffling (ACM), substitution (S-box), and chaotic XOR provides more robust security than any single method alone
- AES S-box: The addition of the S-box significantly hardens the scheme against standard cryptanalytic techniques compared to just ACM and Logistic Map
- Integrity Verification: Using SHA-256 prevents undetected modification of the transmitted data blob
- Parameter Embedding: Steganography helps manage keys and parameters securely by bundling them with the ciphertext
--- Steganography Metadata Retrieved ---
{
"encrypted_by": "Enhanced Image Security System",
"description": "Encrypted using ACM, AES S-box, Logistic Map, Compressed with zlib, Metadata via LSB Steg.",
"timestamp": "2025-04-18 11:11:33 UTC",
"encryption_params": {
"acm_iterations": 10,
"acm_a": 1,
"acm_b": 1,
"logistic_x0": 0.3141592653589793,
"logistic_r": 3.9999999,
"original_shape_unpadded": [
6411,
3981,
3
],
"original_shape_padded": [
6411,
6411,
3
],
"dtype": "uint8",
"grayscale": false,
"padded": true,
"pre_steg_shape": [
6411,
6411,
3
],
"pre_steg_dtype": "uint8"
}
}
10 random images of different size and file formats were chosen to test the pipelines efficiency. Various key parameters were studied and graphed for better visualization.
This project presents a robust and efficient system for image encryption leveraging a hybrid approach. By combining the spatial confusion of Arnold's Cat Map, the strong non-linearity of the AES S-box, and the diffusive properties of Logistic Map-based chaotic encryption, it achieves a high degree of security.
Practical considerations are addressed through lossless zlib compression for efficiency, SHA-256 hashing for data integrity verification, and LSB steganography for secure embedding of essential decryption metadata. Performance analysis demonstrates effective encryption and high-fidelity decryption, while security analysis and key sensitivity tests confirm the system's robustness.
This multi-layered solution offers a strong foundation for secure image transmission in various applications. Future work could include implementing HMAC-SHA256 for authenticated encryption.
Important
Submitted to Dr. Lekshmi K