Abstract

Chaos based image encryption cryptosystems have garnered much attraction in the recent past. In this regard, recently, two chaos-based image encryption algorithms have been proposed. Both the cryptosystems exhibit very good cryptographic metrics. The first cryptosystem utilizes cryptographic tweaks and other cryptographic primitives to encrypt digital images. This cryptosystem also relies on the idea that a tweak can make the cryptosystem secure. Our paper points out that merely using a tweak doesn’t make the cryptosystem secure and additionally, the structure and stages in the algorithm bear inability to preserve confidentiality of sensitive data. The second cryptosystem is an enhancement of another cryptosystem. Our work indicates that the enhancement in the second cryptosystem is also weak and allows an adversary to retrieve the exact key itself. Both the cryptosystems have similar weaknesses and don’t follow the guidelines laid down by National Institute of Standards and Technology (NIST). It is observed that both the cryptosystems can be broken, to reveal the exact chaotic sequence used for encryption, using a Chosen Plaintext Attack. From this work, it is realized that the weaknesses in the methods can be partially avoided by strictly following the rules laid down by the cryptographic community and NIST. Apart from this, it is expected that future cryptosystems follow all the suggestions mentioned in our work so that, before the cryptosystem is out for attack by cryptanalysts, it is scrutinized sufficiently.

摘要

近来，基于混沌的图像加密密码系统引起了广泛关注。对此，最近提出了两种基于混沌的图像加密算法。两种密码系统都表现出非常好的密码指标。第一个密码系统利用密码调整和其他加密原语来加密数字图像。该密码系统还依赖于调整可以使密码系统安全的想法。我们的论文指出，仅仅使用调整并不能使密码系统安全，此外，算法中的结构和阶段无法保护敏感数据的机密性。第二个密码系统是另一个密码系统的增强。我们的工作表明，第二个密码系统中的增强功能也很弱，并且允许攻击者自己检索确切的密钥。这两种密码系统都有类似的弱点，并且不遵循美国国家标准与技术研究院 (NIST) 制定的准则。据观察，这两个密码系统都可以使用选择明文攻击来破解，以揭示用于加密的确切混沌序列。从这项工作中可以看出，通过严格遵守密码社区和 NIST 制定的规则，可以部分避免这些方法的弱点。除此之外，预计未来的密码系统会遵循我们工作中提到的所有建议，以便在密码系统受到密码分析员攻击之前，对其进行充分审查。