Cryptanalyzing an image encryption algorithm based on autoblocking and electrocardiography (1711.01858v3)

Abstract: This paper analyzes the security of an image encryption algorithm proposed by Ye and Huang [\textit{IEEE MultiMedia}, vol. 23, pp. 64-71, 2016]. The Ye-Huang algorithm uses electrocardiography (ECG) signals to generate the initial key for a chaotic system and applies an autoblocking method to divide a plain image into blocks of certain sizes suitable for subsequent encryption. The designers claimed that the proposed algorithm is "strong and flexible enough for practical applications". In this paper, we perform a thorough analysis of their algorithm from the view point of modern cryptography. We find it is vulnerable to the known plaintext attack: based on one pair of a known plain-image and its corresponding cipher-image, an adversary is able to derive a mask image, which can be used as an equivalent secret key to successfully decrypt other cipher-images encrypted under the same key with a non-negligible probability of 1/256. Using this as a typical counterexample, we summarize security defects in the design of the Ye-Huang algorithm. The lessons are generally applicable to many other image encryption schemes.

• The paper reveals critical vulnerabilities in the ECG-based encryption scheme, showing that a single known plaintext can yield an equivalent decryption key.
• The analysis demonstrates that digital degradation and finite-precision chaotic maps compromise the randomness necessary for secure encryption.
• The study’s experimental and theoretical findings underscore the need for robust cryptographic validation in biometric-based image encryption systems.

Analysis of a Cryptanalysis on an ECG-Based Image Encryption Algorithm

The paper under discussion provides a rigorous analysis of an image encryption algorithm proposed by Ye and Huang, which employs autoblocking and electrocardiogram (ECG) signals for cryptographic purposes. The authors critically evaluate the security claims made by Ye and Huang regarding their algorithm's resistance to differential and known-plaintext attacks, offering a comprehensive examination from the standpoint of modern cryptography.

Cryptanalysis of Ye-Huang Algorithm

The central contribution of this paper lies in its identification of vulnerabilities within the Ye-Huang algorithm, despite initial assertions of robustness. The analysis reveals that the encryption scheme is susceptible to known-plaintext attacks. This vulnerability arises because an adversary can derive a mask image from a single known plain-image and its corresponding cipher-image. This mask serves as an equivalent secret key, capable of decrypting other cipher-images under the same cryptographic conditions with a probability of success of 1/256.

The authors further substantiate their claim through theoretical and experimental validation. They demonstrate that the purported sensitivity to differential attacks, which the original authors based on the keystream's dependency on the plain-image, fails due to the inherent properties of the modulo operations applied within the encryption process. This observation underscores the potential for exploitation when the encryption design allows patterns in the plain-image to carry over unprotected to the cipher-image.

Examination of Security Defects

The paper explores underlying components contributing to the cryptosystem's security flaws, focusing on:

1. Digital Implementation of Chaotic Maps: The authors highlight the degradation of chaotic map dynamics when implemented in finite-precision digital environments. The logistic map, utilized in the algorithm, exhibits predictable behavior due to its functional graph's limitations on digital hardware. This degradation impacts the system's ability to generate truly random and complex sequences, a foundational requirement for secure encryption.
2. Inefficient Pseudorandom Number Generation: The computational inefficiency due to the method used to generate pseudorandom numbers is examined. The high computational overhead and inefficient use of generated bits lessen the scheme's practicality for real-time applications.
3. Generalized Arnold Map Behavior: The authors illustrate the periodicity and limited complexity of the generalized Arnold map's permutations within the fixed-precision arithmetic domain. Such characteristics introduce predictable patterns that can be exploited in cryptanalysis.
4. Insufficient Security Metrics: The paper critiques the superficial application of metrics in evaluating the algorithm's security, asserting that metrics such as key space size, histograms, and correlation coefficients are insufficient if the underlying encryption process lacks robustness.

Implications and Future Directions

This analysis emphasizes important lessons for the design of image encryption algorithms, particularly those using biometric signals like ECG. The findings stress the need for rigorous cryptographic validation of both the functional components and holistic performance of such algorithms. This includes ensuring the thorough examination of chaotic dynamics and recognizing the consequences of reduced precision in digital implementations.

The stratagem presented suggests a redirection towards focusing on efficient data selection in the compression domain, to balance security, usability, and computational demands. For future developments in AI, particularly in secure cryptographic communications and privacy technologies, this paper highlights the critical importance of integrating well-tested cryptographic principles with innovative biometric applications.

In summary, while the Ye-Huang algorithm proposed a novel approach to image encryption using ECG signals, this critical analysis underscores the significance of adhering to fundamental cryptographic tenets to ensure resilient and secure encryption schemes.