日一本_ -|五马六猴├酒泉宅急送
淘宝减肥药排行榜十强
只推淘宝安全有效的减肥药

当前位置:日一本 > 减肥产品

日一本

时间:2020-07-09 06:38  编辑:兴安建设局

日一本

北京理工大学本科生毕业设计(翻译)摘要最近,针对图像加密提出了多种基于混沌的算法。然而,它们都无法在并行计 算环境中有效工作。在本文中,我们提出了一个并行图像加密的框架。基于此框架 内,一个使用离散柯尔莫哥洛夫流映射的新算法被提出。它符合所有并行图像加密 算法的要求。此外,它是安全、快速的。这些特性使得它是一个很好的基于并行计 算平台上的图像加密选择。 关键字:图像 加密1

北京理工大学本科生毕业设计(翻译)第 1 章 介绍最近几年,通过计算机网络尤其是互联网传输的数字图像有了快速增长。在大 多数情况下,传输通道不够安全以防止恶意用户的非法访问。因此,数字图像 的安全性和隐私性已成为一个重大问题。许多图像加密方法已经被提出,其中基于 混沌的方法是一种很有前途的方向[1-9]。总的来说,混沌系统具有使其成为密码系 统建设中重要组成部分的几个属性: (1)随机性:混沌系统用确定的方法产生长周期、随机的混沌序列。 (2)敏感性:初始值或系统参数的微小差异导致混沌序列的巨大变化。 (3)易用性:简单的公式可以产生复杂的混沌序列。 (4)遍历性:一个混沌状态的变量能够遍历它的相空间里的所有状态,通常这些状 态都是均匀分布的。 除了上述性能,有些二维(2D)的混沌映射是图像像素置换天生的优良替代者。 Pichler 和 Scharinger 提出一种在扩散操作[1,2]之前使用柯尔莫哥洛夫流映射的图像 排列方式。后来,Fridrich 将此方法扩展到更广义的方式[3]。陈等人提出基于三维猫 映射的图像加密算法[4]l。Lian 等人提出基于标准映射的另一种算法[5]。其实,这些 算法在相同的框架下工作:所有的像素在用密码分组链接模式(CBC)模式下的加 密之前首先被用离散混沌映射置换,当前像素密文由以前的像素密文影响。上述过 程重复几轮,最后得到加密图像。 这个框架可以非常有效的实现整个图像的扩散。但是,它是不适合在并行计算 环境中运行。这是因为当前像素的处理无法启动直到前一个像素已加密。即使有多 个处理元素(PE) ,这种计算仍然是在一个串行模式下工作。此限制了其应用平台, 因为许多基于 FPGA / CPLD 或者数字电路的设备可以支持并行处理。随着并行计算 技术的应用,加密速度可以大大加快。 基于混沌的图像加密方案的另一个缺点是运算速度相对较慢。主要原因是基于 混沌的密码通常需要大量的实数乘法和除法运算,计算成本巨大。加密算法在并行 处理平台上执行计算效率将大幅提升。 在本文中,我们提出了一个并行图像加密的框架。在这样的框架下,我们设计 了一个安全快速算法满足并行图像加密所有要求。本文的其余部分安排如下:第 2 部分介绍了并行的操作模式和其要求。第 3 节给出加密解密中四个转换的定义和属 性。在第 4 节,加密、解密的过程和密钥调度会加以详细说明。第 5 和第 6 节,提 供实验结果与理论分析。最后,我们总结本文。2

北京理工大学本科生毕业设计(翻译)第 2 章 并行模式2.1 并行模式及其要求在并行计算模式下,每个 PE 是负责图像数据的一个子集,并拥有自己的内存。 在加密时, 可能会有一些 PE 之间的通信(见图 1) 。要允许并行图像加密,传统 CBC 样的模式必须予以打破。然而,这将导致新的问题,即如何实现不在这种模式下的 扩散要求。此外,也出现了一些额外针对并行图像加密的要求: 1.计算负载平衡:并行图像加密方案的总时间是由最慢的 PE 决定,因为其它 PE 不 得不等待直至这个 PE 完成其工作。因此,良好的并行计算模式可以平衡分配给每个 PE 的任务。 2.通信负载平衡:通常存在有大量的 PE 之间的通信。基于和计算负载同样的原因, 通信负载应认真平衡。 3.临界区管理:在并行模式计算时,许多的 PE 可以同时读取或写入相同的内存 区域(即临界区) ,这往往会导致意想不到的执行程序。因此,有必要在关键区域使 用一些并行技术管理。2.2 并行图像的加密框架为了满足上述要求,我们提出了一个并行图像加密的框架,这是一个四个步骤 的过程: 步骤 1:整个图像被划分成若干块。 步骤 2:每个 PE 负责确定数量块。一个区域内的像素可以充分使用有效的混乱和扩 散进行操作加密。 步骤 3:通过 PE 之间的通信交换加密数据块从块到更大范围的扩散。 步骤 4:转到第 2 步,直到加密图像达到所需的安全级别。 在第 2 步,已经实现扩散,但只有一个块的一个小部分。但在第 3 步的帮助下, 这样的扩散效应被扩大。请注意,从加密的角度,在步骤 3 中的数据交换本质上是 一个置换。经过多次迭代步骤 2 和 3,扩散效应蔓延到整个图像。这意味着在一个普 通的图像像素的微小变化会波及到了大量的加密图像的像素。为了使框架足够安全, 两个要求必须被满足: 1.第 2 步中的加密算法混乱和扩散的特点应该是足够安全的,而且对明文和密钥敏 感。 2.在步骤 3 中的置换在几个回合变化中必须从局部蔓延到所有部分。 结合不同的加密元素可以满足第一个要求,如 S-盒,Feistel 结构,矩阵乘法和 混沌映射等,或者我们可以只使用一个传统的加密标准,如 AES 或 IDEA。然而,3

北京理工大学本科生毕业设计(翻译)第二个是由于这一框架而产生的一个新课题。此外,这样的置换应有助于实现 2.1 节 中提出的三个附加目标。因此,置换操作是本文的重点之一,应认真研究。 这种并行图像加密框架下,我们提出了一种新的算法,这是基于四个基本的转 换。因此,我们将描述我们的算法之前,先介绍这些转换。4

北京理工大学本科生毕业设计(翻译)第 3 章 转换3.1 A-转换在 A 转换中,A 代表加,能被形式化的定义如下: a+b=c (1) 加法被定义为按位与操作 转换 A 有三个基本性质: (2.1)a+a=0 (2.2)a+b=b+a (2) (2.3)(a+b)+c=a+(b+c)3.2 M-转换在 M 转换中,M 代表混合数据 首先,我们介绍和转换: sum:定义 sum(I) : (3) sum(I)= 然后给出 M 转换的定义 M: 让 M(I)=C 让 I= (4) 容易证明 M 转换有如下性质: (5.1)M(M(I) )=I (5) (5.2)M(I+J)=M(I)+M(J) (5.3)M(kj)=kM(I) ,where kI= ,k C=需要指出的是,从所有从(3)—(5)的加法运算其实是 A 转换。5

北京理工大学本科生毕业设计(翻译)3.3 S-转换在 S-变换中, “S”代表 S 盒置换。有很多方法来构造 S 盒,其中混沌的做法是 一个很好的选择。例如,唐等人提出了一个基于离散逻辑映射和 Baker 映射[10]的设 计 S-盒的方法。之后,陈等人提出另一种方法来构造 S 盒,具有更好的性能[11]。 该 过程描述如下: 步骤 1:选择一个 Chebyshev 映射的初始值,然后迭代映射生成初始的 S-盒表。 步骤 2:把二维表加载到三维表上。 步骤 3: 多次应用离散化的三维 Baker 映射使表格混乱。 最后, 把三维表转换成二维, 以获得所需的 S-盒。 实验结果表明,由此产生的 S-盒是加密应用程序的理想选择。该方法也被称为“动 态”的,当 Chebyshev 映射的初始值被改变时得到不同的 S-盒。然而,为了简化和 性能,我们使用一个固定的 S-盒,即在[11]给出的例子见表 1。3.4 K-转换在 K-转换中, “K”代表柯尔莫哥洛夫流,通常被称为广义 Baker 映射[3]。图像 加密应用程序的 Kolmogorov 流由 Picher 和 Scharinger 首次提出 [1,2]。 离散形的 K-流如(6) : y) = + (x, ( (x- ) (y mod ) , + (y div ) ) (6), 是一个正整数 其中 =(n1,n2,…..nk) 一个垂直的 s 的范围:=N, 划分把 s 和 N 分开, == 需要注意的是 (6)可以用图 2 中的几何变换来解释。N*N 图像可以划分为高 N 和宽度 Ns 的垂直矩形。然后又进一步分为箱子每一个垂直的矩高度 Ps 宽度 Ns。 K -映射后,从同一个盒子的像素实际上是映射到一个单行的。表(1)提及的 s 盒是[11]中给出的例子161 130 152 106 238 180 54 107 85 124 153 94 22 119 21 88 129 203 83 81 63 166 183 55 224 58 96 139 99 18 118 8 176 145 86 151 80 141 15 221 50 14 133 134 217 20 114 65 207 115 228 245 164 17 36 185 177 189 136 72 178 97 253 234 48 235 175 172 0 254 197 162 205 142 23 171 154 181 2 210 68 4 109 62 240 184 9 250 60 43 252 79 188 47 165 179 1 13 236 77 150 146 132 61 160 51 49 231 157 233 204 202 117 52 167 82 215 113 226 248 46 19 92 32 232 120 64 2476

北京理工大学本科生毕业设计(翻译)213 143 174 140 156 103 128 19889 67 135 211 168 126 87 26101 93 91 112 222 38 239 159108 123 104 75 34 200 3 6102 11 196 190 241 44 191 12745 137 208 73 70 209 158 20156 249 148 187 255 42 199 1445 170 24 244 229 29 138 206212 27 251 182 246 41 227 9810 223 39 122 90 218 59 3312 186 40 193 53 71 69 35243 95 31 131 225 155 220 7216 169 16 194 100 78 195 105242 116 219 149 30 125 66 14784 163 214 121 37 173 192 57111 25 74 76 237 28 230 110图 2 每个盒子里的像素都要被 k 流划分成单行7

北京理工大学本科生毕业设计(翻译)第 4 章 MASK- 一个并行的图像加密体系4.1 加密方案的概要假设的 N·N 图像是由 n 个 PE 同时加密的,我们描述并行加密方案如下: 1.每个 PE 负责图像中像素的一些固定行。 2.每行的像素分别使用 M,A,S 进行加密。 3.根据置位转型 K 进一步扩散的所有像素。 4.转到第二步进行另一轮的加密,直到密文足够安全。 如上所述,在第 3 步中的置换是非常重要的,因为它有助于满足安全性和速度 要求。因此,置换的映射和它的参数,一定要慎重选择。在我们的算法中, 是常数 向量其长度为 q,其中 q = N / n。向量的每个元素都等于 n: =(n,n,….n)1q (7)每个 PE 负责 q 个连续的行,或者更具体地说,第 i 个 PE 行负责从(i-1)*q 到 i*q-1 的行。该算法可以实现并行加密的所有要求,分析如下。 1.整个图像的扩散效应 假设在第 2 步的操作有足够的安全。第 2 步后,明文像素的微小变化会扩散到 整行的 N 个像素。如果我们根据 Eq(7)选用 ,很容易证明,这 N 个加密的像素会 在第 3 步 K 变换中会置换到不同的 q 行。同样,另一轮加密过后,改变会扩散到 q 行,第 3 轮后,整个加密图像已经改变。因此,在我们的方案中,任何单个像素的 最小变化会在 3 轮后扩散到整个图像。 2.通讯负载平衡 如果参数(6)中的参数 (7)那样选择,很容易证明,两个 PE 之间的数据交换是不变的,即等于图像的像素总数的 1/q2。对于每个 PE,这个数量变为(q-1) / 。因此,在我们的方案中,每个 PE 的通信负载是等效的,并没有任何通讯负载不平衡。 3.平衡负载的计算 每个 PE 将要加密的数据都是像素 q 行,因此计算负载平衡自然实现。 4.临界区管理 在我们的体制中,不会发生两个 PE 读取或写入到相同的内存。因此,我们不必 像其他并行计算体制经常做的一样需要施加任何关键领域的管理技术。 上述讨论表明,该方案能实现并行图像加密的所有要求,这主要归因于混沌柯 尔莫哥洛夫映射和其参数的选择。8

北京理工大学本科生毕业设计(翻译)4.2 加密密文经过数轮加密才能产生。然而,在第一轮中,图像预先经过 K 置换处理。 然后在每一轮中,分别进行 M,A,S,K 的变换。最后一轮与前面不同之处在于 S变换故意遗漏。M,A,S 变换通过 PE 操作一行中的每个像素,而这 K 操作对整个 图像的运作必然涉及到 PE 之间的通信。 加密过程是由伪代码在图 3 中列出所描述的。4.3 轮密钥生成在四个置换中,只有置换 A 需要一个轮密钥。对于 8 位灰度图像的 N*N 像素, 一个包含 N 个字节的轮密钥应在每一轮为置换 A 产生。 一般来说,轮密钥应该是伪随机和敏感的。从这个角度来看,一个混沌映射是 一个很好的选择。在我们的体系中,我们使用斜帐篷映射生成所需的轮密钥。= (8)图 3.MASK 的伪代码混沌序列由系统参数 和混沌映射的初始状态确定, 它们是 0 和 1 之间的实数。虽然混沌映射方程很简单,它生成的伪随机序列对系统参数和初始状态敏感。这个 属性使得映射是密钥生成的理想选择。 在数字计算机实施时,映射状态存储为一个浮点数。第一个轮状态的 8 位被提 取作为一个字节的轮密钥。因此,我们每一轮需要 N 次迭代斜帐篷映射。9

北京理工大学本科生毕业设计(翻译)4.4 解码一般情况下,解密程序是由一个相反的顺序执行加密转换组成。此性质也在我 们的体系中。然而,经过精心的设计,我们体系中解密过程是相同的,而不是 反转,转换为密码。这个令人印象深刻的特征属性归功于以下变换的两个属性: (1)置换-S 和置换 - K 可交换。置换-S 只替换每个像素的值而独立于它的位置。 另 一方面,置换 - K 只改变一个像素的位置其值不变。因此,两者之间的转换关系可 表示为(9) : K(S(I) )=S(K(I) ) 因此, 两者之间的转换关系可表示为(10) : M(A(I,J) )=A(M(I) ,M(J) ) (10) 总之,无论是置换 S 和 K 时,还是置换 M 和 A,可以互换计算顺序对最终结果 没有影响。表 2 说明了这两个属性如何影响置换的顺序,应用简单的 2 轮加密例子 加以证明。 很容易观察到多轮加密组成的密码,解密过程中仍然具有和加密过程相同的序 列。因此,密码和解密共享相同的框架。 但是加密和解密过程之间仍然有一些细微的差异: (1)在解密中使用的轮密钥是加密过程的倒序,这些密钥应首先应用在置换 M。 (2)在解密中 K 和 S 的置换应使用其逆变换。 然而,由于置换 K 和 S 都可以实现查找表操作,其逆变换不同的只是在查找表 的内容。因此,所有在计算上述差异可以转换到数据差异。 对称的特性使得我们的方案非常简洁。它也减少了很多计算机系统实施代码用 于加密和解密。如果硬件实现,这个属性使两种设备的使用成本降低。表 2 在 2 轮加密过程相当于解密(9)(2)根据(5)置换-M 是一个线性操作。此外, (5.2)中定义的加实际上是置换-A。我们的方案结构看起来更简洁,并在实施过程中节省了很多的代码。这绝对是 一个与其他基于混沌的密码的比较优势。10

北京理工大学本科生毕业设计(翻译)第 5 章 实验结果在本节中,举例说明该算法的有效性。在实验中,灰色水平图像“莉娜”的大 小为 256 * 256,如图所示,Fig.4a 为原始图片。PE 数量为 4 个。我们系统的关键点, 即初始状态 和存储系统参数 以浮点方式储存, 具有 56 位精度。 这里介绍的例子, = 0.12345678,和 L = 1.9999。当加密过程完成后得到如图所示 Fig.4b。通常情况 下,我们建议对原始图像进行 9 轮加密。5.1 直方图原始图像和加密图像的直方图的描绘图分别是 Fig.4c 和 Fig.4d。这两个数字表 明:加密图像具和原始图对比具有均匀分布的特点。5.2 两个相邻像素的相关性分析相关分析是由随机选择 1000 对纵向,横向和对角线方向两个相邻像素,分别从 原始图像和加密图像。然后,一对像素的相关系数计算结果见表 3。图 5 显示了两个 水平相邻关系像素。这是显而易见的,加密图像的相邻像素的相关性不大。5.3 NPCR 分析NPCR 意味着当只有一个原始图像的像素改变引起的加密图像的像素数的变化 率。 在我们的例子中, 选定的像素是原始图像的最后一个像素。 它的值从 (01101111) 2 改为(01101110)2。然后经过不同轮 NPCR 计算和表 4 中列出。数据显示,经过 3 轮的加密性能是令人满意的。 经过 9 轮的两个密码的图像不同的像素绘制在图 6 中 表示。图 4(a) (a)原始形象,(b)加密图像,(c)原始图像的直方图,(d)加密图像的直方图。表 3 临近两个像素在原始图像和加密图像中的相关系数11

北京理工大学本科生毕业设计(翻译)图 5 水平两个像素的相关系数(a)是原始图像(b)是加密图像,x,y 分别代表两个相邻像素 的灰度水平。 表 4 两个加密图像在不同轮的 NPCR5.4 UACI 分析统一平均变化强度(UACI)指数衡量的是两个图像平均强度差异。同样,我们 做与 5.3 节中相同的变化并计算两个加密图像之间的 UACI。结果如表 5 所示。经过 三轮的加密 UACI 被汇聚到 1/3。应当注意到,如果它们完全与对方无关,两个随机 序列的平均误差均匀分布在[0,1]之间的平均误差为 1/3。12

北京理工大学本科生毕业设计(翻译)图 6.经过九轮加密过后两个不同加密图像之间的差异。白色的点(约占整个图像像素的的 1/256)表示这两个加 密图像在这个位置的值相等。表 5 两个加密图像的 UACI13

北京理工大学本科生毕业设计(翻译)第 6 章 安全性和性能分析6.1 扩散NPCR 分析显示, 当原始像素只有 1 位改变时, 几乎所有的加密像素都变得不一 样,两个加密像素相等的可能性只有 1/256。这种扩散到置换 S,因为任何的 S 盒的 输入位变化会影响所有输出位变化,概率为 50%。然后,扩散传播到置换 M 的整个 行,置换 K 有助于扩散放大至 2 轮的图像 25%,并在 3 轮达到整个图像。6.2 混淆相邻像素的直方图和相关分析都表明,我们的方案具有良好的混淆属性。这主 要是由于伪随机性的关键时间表和置换 M 和 A。他们共同工作,引进随机的效果来 加密图像。 K 置换也有利于摧毁本地原始图像的相似性。6.3 蛮力攻击建议方案使用的密钥即初始状态 X0 和系统参数 的位数是 112。这是迄今为止 非常安全以应用于适合普通商业应用程序。因此,我们的方案是强大的,足以抵御 蛮力攻击。此外,也很容易增加 X0 和 的位数。6.4 其他安全问题有人可能会争辩说,在我们的方案中,置换 K 不属于任何密钥管辖。然而,这 样对我们的方案的安全性影响很小。 事实上,最传统的加密算法如 DES 和 AES 使用 公共排列。它至少有两个原因。首先,受密钥支配的序列使加密速度减慢,因为它 花费时间来产生关键的序列。其次,也是最重要的,不可靠的序列可能会产生一些 密钥,危害到系统的安全性。其实,一个有助于实现扩散和混乱置换是一个更好的 选择。更具体地说,在一个并行的加密系统中,如果置有助于实现计算和通信负载 平衡就是一个很好的选择。从这点来看,选择置换 K 是一个正确的选择。6.5 性能分析该算法的运行速度非常快,只有逻辑 XOR 加密查表操作和解密过程。虽然置换 K 中要进行乘法和除法运算,但 PE 一旦确定转换也随之确定。因此,他们可以预先 计算并存储在查找表中。 更准确地说, 在每一轮中的每个像素有只有 3 个 XOR 操作 (2 个在置换 M 和 1 个在置换 A)和 2 个查找表操作(1 个在置换 S 和另一个在置 换 K 中) 。相反,最简单的具有 56 位精度状态变量的逻辑映射,乘法平均增加约 28 倍成本。我们的主要方案中,还需要在斜帐篷映射中应用乘法。然而,在每一轮只 有 N 多乘法还有平均每轮每个像素的 1 / N 乘法运算。 此外, 当算法在并行平台运行,14

北京理工大学本科生毕业设计(翻译)其性能可以比普通的序列图像加密方案提高近 n 倍。因此,考虑到可实现的性能, 我们的方案是比现有的优越。15

北京理工大学本科生毕业设计(翻译)第 7 章 结论在本文中,我们介绍了并行图像加密的概念,并提出了几项要求。然后在并行 图像加密的框架中,提出了一个基于这个框架设计的新算法。该算法在柯尔莫哥洛 夫离散映射的帮助下成功满足并行图像加密算法的所有要求。此外,实验结果和理 论分析表明,该算法具有较高的安全性。该算法运算速度也快;只有一对每个像素 的异或运算和查表操作。最后,解密过程相对于加密是相同的。考虑到上述所有的 特性,该算法是在并行计算平台上进行图像加密不错的选择。16

北京理工大学本科生毕业设计(翻译)Parallel image encryption algorithm based on discretized chaotic mapAbstractRecently, a variety of chaos-based algorithms were proposed for image encryption. Nevertheless, none of them works efficiently in parallel computing environment. In this paper, we propose a framework for parallel image encryption. Based on this framework, a new algorithm is designed using the discretized Kolmogorov flow map. It fulfills all the requirements for a parallel image encryption algorithm. Moreover, it is secure and fast. These properties make it a good choice for image encryption on parallel computing platforms.1. IntroductionIn recent years, there is a rapid growth in the transmission of digital images through computer networks especially the Internet. In most cases, the transmission channels are not secure enough to prevent illegal access by malicious listeners. Therefore the security and privacy of digital images have become a major concern. Many image encryption methods have been proposed, of which the chaos-based approach is a promising direction [1–9]. In general, chaotic systems possess several properties which make them essential components in constructing cryptosystems: (1) Randomness: chaotic systems generate long-period, random-like chaotic sequence in a deterministic way. (2) Sensitivity: a tiny difference of the initial value or system parameters leads to a vast change of the chaotic sequences. (3) Simplicity: simple equations can generate complex chaotic sequences. (4) Ergodicity: a chaotic state variable goes through all states in its phase space, and usually those states are distributed uniformly. In addition to the above properties, some two-dimensional (2D) chaotic maps are inherent excellent alternatives for permutation of image pixels. Pichler and Scharinger proposed a way to permute the image using Kolmogorov flow map before a diffusion operation [1,2]. Later, Fridrich extended this method to a more generalized way [3]. Chen et al. proposed an image encryption scheme based on 3D cat maps [4]. Lian et al. proposed another algorithm based on standard map [5]. Actually, those algorithms work under the same framework: all the pixels are first permuted with a discretized chaotic map before they are encrypted one by one under the cipher block chain (CBC) mode where the cipher of the current pixel is influenced by the cipher of previous pixels. The above processes repeat for several rounds and finally the cipher-image1

北京理工大学本科生毕业设计(翻译)is obtained. This framework is very effective in achieving diffusion throughout the whole image. However, it is not suitable for running in a parallel computing environment. This is because the processing of the current pixel cannot start until the previous one has been encrypted. The computation is still in a sequential mode even if there is more than one processing element (PE). This limitation restricts its application platform since many devices based on FPGA/CPLD or digital circuits can support parallel processing. With the parallel computing technique, the speed of encryption is greatly accelerated. Another shortcoming of chaos-based image encryption schemes is the relatively slow computing speed. The primary reason is that chaos-based ciphers usually need a large amount of real number multiplication and division operations, which cost vast of computation. The computational efficiency will be increase substantially if the encryption algorithms can be executed on a parallel processing platform. In this paper, we propose a framework for parallel image encryption. Under such framework, we design a secure and fast algorithm that fulfills all the requirements for parallel image encryption. The rest of the paper is arranged as follows. Section 2 introduces the parallel operating mode and its requirements. Section 3 presents the definitions and properties of four transformations which form the encryption/decryption algorithm. In Section 4, the processes of encryption, decryption and key scheduling will be described in detail. Experimental results and theoretical analyses are provided in Sections 5 and 6, respectively. Finally, we conclude this paper with a summary.1. Parallel mode2.1. Parallel mode and its requirementsIn parallel computing mode, each PE is responsible for a subset of the image data and possesses its own memory.During the encryption, there may be some communication between PEs (see Fig. 1). To allow parallel image encryption, the conventional CBC-like mode must be eliminated. However, this will cause a new problem, i.e. how to fulfill the diffusion requirement without such mode. Besides, there arise some additional requirements for parallel image encryption: 1. Computation load balance The total time of a parallel image encryption scheme is determined by the slowest PE, since other PEs have to wait until such PE finishes its work. Therefore a good parallel computation mode can balance the task distributed to each PE. 2. Communication load balance2

北京理工大学本科生毕业设计(翻译)There usually exists lots of communication between PEs. For the same reason as of computation load, the communication load should be carefully balanced. 3. Critical area management When computing in a parallel mode, many PEs may read or write the same area of memory (i.e. critical area) simultaneously, which often causes unexpected execution of the program. It is thus necessary to use some parallel techniques to manage the critical area.2.2. A parallel image encryption frameworkTo fulfill the above requirements, we propose a parallel image encryption framework, which is a four-step process: Step 1: The whole image is divided into a number of blocks. Step 2: Each PE is responsible for a certain number of blocks. The pixels inside a block are encrypted adequately with effective confusion and diffusion operations. Step 3: Cipher-data are exchanged via communication between PEs to enlarge the diffusion from a block to a broader scope. Step 4: Go to step 2 until the cipher image reaches the required level of security. In step 2, diffusion is achieved, but only within the small scope of one block. With the aid of step 3, however, such diffusion effect is broadened. Note that from the cryptographic point of view, data exchange in step 3 is essentially a permutation. After several iterations of steps 2 and 3, the diffusion effect is spread to the whole image. This means that a tiny change in one plain-image pixel will spread to a substantial amount of pixels in the cipher-image. To make the framework sufficiently secure, two requirements must be fulfilled: 1. The encryption algorithm in step 2 should be sufficiently secure with the characteristic of confusion and diffusion as well as sensitivity to both plaintext and key. 2. The permutation in step 3 must spread the local change to the whole image in a few rounds of operations. The first requirement can be fulfilled by a combination of different cryptographic elements such as S-box, Feistel-structure, matrix multiplications and chaos map, etc., or we can just use a conventional cryptographic standard such as AES or IDEA. The second one, however, is a new topic resulted from this framework. Furthermore, such permutation should3

北京理工大学本科生毕业设计(翻译)help to achieve the three additional goals presented in Section 2.1. Hence, the permutation operation is one of the focuses of this paper and should be carefully studied. Under this parallel image encryption framework, we propose a new algorithm which is based on four basic transformations. Therefore, we will first introduce those transformations before describing our algorithm.3. Transformations3.1. A-transformationIn A-transformation, ‘ A’ stands for addition. It can be formally defined as follow: a+b=c where , and the addition is defined as the bitwise XOR operation. The transformation A has three fundamental properties: (2.1)a+a=0 (2.2)a+b=b+a (2.3)(a+b)+c=a+(b+c) (2)3.2. M-transformationIn M-transformation, ‘M’ stands for mixing of data. First, we introduce the sum transformation: sum:then sum(I) is defined as:sum(I)= Now we give the definition of M-transformation as follows: M: Let M(I)=C 让 I= C= (4)It is easy to prove the following properties of the M-transformation: (5.1)M(M(I) )=I (5.2)M(I+J)=M(I)+M(J) (5)4

北京理工大学本科生毕业设计(翻译)(5.3)M(kj)=kM(I) ,where kI= ,k It should be noted that all the addition operations from (3)–(5) are the A-transformation indeed.3.3. S-transformationIn S-transformation, ‘S’ stands for S-box substitution. There are lots of ways to construct an S-box, among which the chaotic approach is a good candidate. For example, Tang et al presented a method to design S-box based on discretized logistic map and Baker map [10]. Following this work, Chen et al. proposed another method to obtain an S-box, which leads to a better performance [11]. The process is described as follows: Step 1: Select an initial value for the Chebyshev map. Then iterate the map to generate the initial S-box table. Step 2: Pile up the 2D table to a 3D one. Step 3: Use the discretized 3D Baker map to shuffle the table for many times. Finally, transform the 3D table back to 2D to obtain the desired S-box. Experimental results show that the resultant S-box is ideal for cryptographic applications. The approach is also called ‘dynamic’ as different S-boxes are obtained when the initial value of Chebyshev map is changed. However, for the sake of simplicity and performance, we use a fixed S-box, i.e. the example given in [11] (see Table 1).3.4. K-transformationIn K-transformation, ‘K’ stands for Kolmogorov flow, which is often called generalized Baker map [3]. The application of Kolmogorov flow for image encryption was first proposed by Pichler and Scharinger [1, 2]. The discrete version of K-flow is given by (6): (x,y)=( (x- )+(y mod ) , +(y div ) )(6) where d = (n1,n2, . . . ,nk), ns is an positive integer, and ns divide N for all s, = 1/ns, while Fs is still the left bound of the vertical strip s:= Note that the Eq. (6) can be interpreted by the geometrical transformation shown in Fig. 2. The N · N image is first divided into vertical rectangles of height N and width ns. Then each vertical rectangle is further divided into boxes of height ps and width ns. After K-transformation, pixels from the same box are actually mapped to a single row.Table 1 The proposed S-box is the example given in [11]5

北京理工大学本科生毕业设计(翻译)161 130 152 106 238 180 54 107 213 143 174 140 156 103 128 19885 124 153 94 22 119 21 88 89 67 135 211 168 126 87 26129 203 83 81 63 166 183 55 101 93 91 112 222 38 239 159224 58 96 139 99 18 118 8 108 123 104 75 34 200 3 6176 145 86 151 80 141 15 221 102 11 196 190 241 44 191 12750 14 133 134 217 20 114 65 45 137 208 73 70 209 158 201207 115 228 245 164 17 36 185 56 249 148 187 255 42 199 144177 189 136 72 178 97 253 234 5 170 24 244 229 29 138 20648 235 175 172 0 254 197 162 212 27 251 182 246 41 227 98205 142 23 171 154 181 2 210 10 223 39 122 90 218 59 3368 4 109 62 240 184 9 250 12 186 40 193 53 71 69 3560 43 252 79 188 47 165 179 243 95 31 131 225 155 220 71 13 236 77 150 146 132 61 216 169 16 194 100 78 195 105160 51 49 231 157 233 204 202 242 116 219 149 30 125 66 147117 52 167 82 215 113 226 248 84 163 214 121 37 173 192 5746 19 92 32 232 120 64 247 111 25 74 76 237 28 230 110Fig.2. Pixels in each boxwill be stretched into a single row by discretized Kolmogorovflow.4. MASK – a parallel image encryption scheme4.1. Outline of the proposed encryption schemeAssume the N · N image is encrypted by n PEs simultaneously, we describe the parallel encryption scheme as follows: 1. Each PE is responsible for some fixed rows of pixels in the image. 2. Pixels of each row are encrypted using transformation M, A, S, respectively. 3. Permute all the pixels according to transformation K to have furtherdiffusion.4.Go to step 2 for another round of encryption until the cipher issufficiently secure.As mentioned above, the permutation in step 3 is very important as it helps to fullfil both the security and speed requirements. Therefore both the permutation map and its parameters must be carefully chosen. In our6

北京理工大学本科生毕业设计(翻译)algorithm, d is a constant vector with length q, where q = N/n. Each element of the vector is equal to n: =(n,n, .n)1q (7) Each PE is responsible for q consecutive rows, or more specifically, the ith PE is responsible for rows from (i-1) * q to i * q -1. This algorithm can fulfil all the requirements for parallel encryption, as analyzed below. 1. Diffusion effect in the whole image Assume that the operations in step 2 are sufficiently secure. After step 2, a tiny change of the plain pixel will diffuse to the whole row of N pixels. If we choose d according to Eq. (7), it is easy to prove that those N cipher pixels will be permuted to different q rows with the help of K-transformation in step 3. In the same way, after another round of encryption, the change is spread to q rows, and after the third round, the whole cipher image is changed. Consequently, in our scheme, the smallest change of any single pixel will diffuse to the whole image in 3 rounds. 2. Balance of communication load If the parameter d of (6) is chosen as (7), it is easy to prove that the data exchanged between two PEs are constant, i.e., equal to 1/q2 of the total number of image pixels. For each PE, this quantity becomes (q _ 1)/q2. Therefore, in our scheme, the communication load of each PE is equivalent, and there is no unbalance of communication load for the PEs at all. 3. Balance of computation load The data to be encrypted by each PE is equally q rows of pixels; hence computation load balance is achieved naturally. 4. Critical area management In our scheme, under no circumstances would two PEs read from or write to the same memory. Therefore, we do not need to impose any critical area management technique in our scheme as other parallel computation schemes often do. The above discussions have shown that the proposed scheme fullfil all the requirements for parallel image encryption, which is mainly attributed to the chaotic Kolmogorov map and the choice of its parameters.4.2. CipherThe cipher is made up of a number of rounds. However, before the first round, the image is pre-processed with a K-transformation. Then in each round, the transformation M, A, S, K is carried out, respectively. The final round differs slightly from the previous rounds in that the S-transformation is omitted on purpose. The transformations M, A, S operate on one row of pixels by each PE, while the transformation K operates on the whole image which necessarily involves communication between PEs. The cipher is described by the pseudo-code listed in Fig. 3.7

北京理工大学本科生毕业设计(翻译)4.3. Round key generationAmong the four transformations, only transformation A needs a round key. For an 8-bit grey level image of N · N pixels, a round key containing N bytes should be generated for transformation A in each round. Generally speaking, the round keys should be pseudo-random and key-sensitive. From this point of view, a chaotic map is a good alternative. In our scheme, we use the skew tent map to generate the required round keys. = (8)Fig. 3. Pseudo-codes for the ‘MASK’ cipher.The chaotic sequence is determined by the system parameter l and initial state x0 of the chaotic map either of which is a real number between 0 and 1. Although the chaotic map equation is simple, it generates pseudo-random sequences that are sensitive to both the system parameter and the initial state. This property makes the map an ideal choice for key generation. When implemented in a digital computer, the state of the map is stored as a floating point number. The first 8 bits of each state are extracted as one byte of the round key. Accordingly, we need to iterate the skew tent map for N times in each round.4.4. DecipherIn general, the decryption procedures are composed of a reversed order of the transformations performed in encryption. This property also holds in our scheme. However, with careful design, the decryption process of our scheme can have the same, rather than the reversed, order of transformations as the cipher. This impressive characteristic attributes to two properties of the transformations: (1) Transformation-S and transformation-K are commutable. Transformation-S8

北京理工大学本科生毕业设计(翻译)substitutes only the value of each pixel and is independent of its position. On the other hand, transformation-K changes only a pixel’s position with It’s value unchanged. Consequently, the relation between the two transformations can be expressed in (9): K(S(I))=S(K(I)) (2) Transformation-M is a linear operation according to (5). Moreover, the addition defined in (5.2) is actually transformation A. Thus the relation between the two transformations can be expressed in (10): M(A(I,J))=A(M(I),M(J) (10) In short, either transformations S and K, or transformations M and A can interchange their computation order with no influence on the final result. Table 2 illustrates how these two properties affect the order of the transformations of decipher in a simple example of 2-round cipher. It is easy to observe that for a cipher composed of multiple rounds, the decipher process still has the same sequence of transformations as the cipher. Hence, both the cipher and decipher share the same framework. However, there are still some slight differences between the encryption and decryption processes: (1) The round keys used in decipher is in a reversed order of that in cipher, and those keys should be first applied the transformation M. (2) The transformation K and S in decipher should use their inverse transformations. However, since transformation K and S can both be implemented by look-up table operations, their inverse transformations differ just in content of look-up tables. Consequently, all above difference in computations can be translated into difference in data. The symmetric property makes our scheme very concise. It also reduces lots of codes for a computer system implementing both the cipher and decipher. For hardware implementation, this property results in a reduction of cost for both devices.Table 2 The process of equivalent decipher in 2-round encryptionThe remarkable structure of our scheme looks more concise and saves a lot of codes during implementation. This is definitely an advantage when compared with other chaos-based ciphers.5. Experimental results9

北京理工大学本科生毕业设计(翻译)In this section, an example is given to illustrate the effectiveness of the proposed algorithm. In the experiment, a grey level image ‘Lena’ of size 256 * 256 pixels, as shown in Fig. 4a, is chosen as the plain-image. The number of PEs is chosen as 4. The key of our system, i.e. the initial state x0 and the system parameter l are stored as floating point number with a precision of 56-bits. In the example presented here, x0 = 0.12345678, and l = 1.9999. When the encryption process is completed, the cipher-image is obtained and is shown in Fig. 4b. Typically, we encrypt the plain-image for 9 rounds as recommended.5.1. HistogramHistogram of the plain-image and the cipher-image is depicted in Figs. 4c and d, respectively. These two figures show that the cipher-image possesses the characteristic of uniform distribution in contrast to that of the plain-image.5.2. Correlation analysis of two adjacent pixelsThe correlation analysis is performed by randomly select 1000 pairs of two adjacent pixels in vertical, horizontal, and diagonal direction, respectively, from the plain-image and the ciphered image. Then the correlation coefficient of the pixel pair is calculated and the result is listed in Table 3. Fig. 5 shows the correlation of two horizontally adjacent pixels. It is evident that neighboring pixels of the cipher-image has little correlation.5.3. NPCR analysisNPCR means the change rate of the number of pixels of the cipher-image when only one pixel of the plain-image is modified. In our example, the pixel selected is the last pixel of the plain-image. Its value is changed from (01101111)2 to (01101110)2. Then the NPCR at different rounds are calculated and listed in Table 4. The data show that the performance is satisfactory after 3 rounds of encryption. The different pixels of the two cipher-images after 9 rounds are plotted in Fig. 6.10

北京理工大学本科生毕业设计(翻译)Fig. 4. (a) Plain-image, (b) cipher-image, (c) histogram of plain-image, (d) histogram of cipher-image. Table 3 Correlation coefficient of two adjacent pixels in plain-image and cipher-imageFig.5. Correlation of two horizontally adjacent pixels of (a) plain image; (b) cipher image, x-coordinate and y-coordinate is the grey level of two neighbor pixels, respectively. Table 4 NPCR of two cipher-images at different rounds5.4. UACI analysisThe unified average changing intensity (UACI) index measures the average intensity of differences between two images. Again, we make the same change as in Section 5.3 and calculate the UACI between two cipher-images. The results are shown in Table 5. After three rounds of encryption, the UACI is converged to 1/3. It should be noticed that the average error between two random sequences uniformly distribution in [0, 1] is 1/3 if they are completely uncorrelated with each other.11

北京理工大学本科生毕业设计(翻译)Fig. 6. Difference between two ciphered images after 9 rounds. White points (about 1/256 of the total pixels) indicate the positions where pixels of the two cipher-images have the same values. Table 5 UACI of two cipher-images6. Security and performance analysis6.1. DiffusionThe NPCR analysis has revealed that when there is only 1 bit of the plain pixel changed, almost all the cipher pixels become different although there is still a low possibility of 1/256 that two cipher pixels are equal. This diffusion first attributes to transformation S since change of any bit of the input to the S-box influences all the output bits at a change rate of 50%. Then, the diffusion is spread out to the whole row by transformation M. Finally, transformation K helps to enlarge the diffusion to 25% of the image in 2 rounds, and to the whole image in 3 rounds.6.2. ConfusionThe histogram and correlation analyses of adjacent pixels both indicate that our scheme possesses a good property of confusion. This mainly results from the pseudo-randomness of the key schedule and transformations M and A. They work together to introduce the random-like effect to the cipher image. Transformation K is also helpful in destroying the local similarity of the plain-image.6.3. Brute-force attackThe proposed scheme uses both the initial state x0 and the system parameter l as the secret key whose total number of bits is 112. It is by far very safe for ordinary business applications.12

北京理工大学本科生毕业设计(翻译)Therefore, our scheme is strong enough to resist brute-force attack. Moreover, it is very easy to increase the number of bits for both x0 and .6.4. Other security issuesSomeone may argue that, in our scheme, transformation K is not governed by any key. However, this reduces little security of our scheme. As a matter of fact, most conventional encryption algorithms such as DES and AES use public permutations. There are at least two reasons for it. First, permutations governed by key slow down the speed of encryption, for it costs time to generate those permutations from the key. Secondly and the foremost, weak permutations may be generated from some keys, which harm to the security of the system. Actually, a permutation that helps to achieve diffusion and confusion is a better alternative. More specifically, in a parallel encryption system, if the permutation helps to achieve computation and communication load balance, it is a good alternative. From this point of view, transformation K is a proper choice.6.5. Performance analysisThe proposed algorithm runs very fast as there are only logical XOR and table lookup operations in the encryption and decryption processes. Although multiplications and divisions are required in transformation K, the transformation is fixed once the number of PE is fixed. Hence, they can be pre-computed and stored in a lookup table. More accurately, there are only 3 XOR operations (2 for transformation M and 1 for transformation A) and 2 lookup table operations (1 for transformation S and 1 for transformation K) for each pixel in each round. On the contrary, for the simplest logistic map with 56-bit precision state variable, one multiplication costs about 28 additions in average. In our key schedule, multiplications are also required in the skew tent map. However, there are only N such multiplications in each round, and hence an average of 1/N multiplications for each pixel per round. Furthermore, when the algorithm runs on a parallel platform, the performance can increase nearly n times than ordinary sequential image encryption scheme. Therefore, as far as the performance is concerned, our scheme is superior than existing ones.7. ConclusionIn this paper, we introduced the concept of parallel image encryption and presented several requirements for it. Then a framework for parallel image encryption was proposed and a new algorithm was designed based on this framework. The proposed algorithm is successful in accomplishing all the requirements for a parallel image encryption algorithm with the help of discretized Kolmogorov flow map. Moreover, both the experimental results and theoretical analyses show that the algorithm possesses high security. The proposed algorithm is also fast; there are only a couple of XOR operations and table13

北京理工大学本科生毕业设计(翻译)lookup operations for each pixel. Finally, the decryption process is identical to that of the cipher. Taking into account all the virtues mentioned above, the proposed algorithm is a good choice for encrypting images in a parallel computing platform.References[1] Pichler F, Scharinger J. Ciphering by Bernoulli shifts in finite Abelian groups. Contributions to general algebra. Proc. Linzconference 1994. p. 465 –76. [2] Scharinger J. Fast encryption of image data using chaotic Kolmogorov flows. J Electron Image 1998;7(2):318–25. [3] Fridrich J. Symmetric ciphers based on two-dimensional chaotic maps. I J Bifur Chaos 1998;8(6):1259–64. [4] Chen G, Mao Y, Chui C. Symmetric image encryption scheme based on 3D chaotic cat maps. Chaos, Solitons & Fractals 2004;21(3):749–61. [5] Lian S, Shun J, Wang Z. A block cipher based on a suitable use of the chaotic standard map. Chaos, Solitons & Fractals 2005;26(1):117–29. [6] Guan Z, Huang F, Guan W. Chaos-based image encryption algorithm. Phys Lett A 2005;346(1–3):153–7. [7] Zhang L, Liao X, Wang X. An image encryption approach based on chaotic maps. Chaos, Solitons & Fractals 2005;24(3):759–65. [8] Gao H, Zhang Y, Liang S, Li D. A new chaotic algorithm for image encryption. Chaos, Solitons & Fractals 2006;29(2):393–9. [9] Pareek NK, Patidar V, Sud KK. Image encryption using chaotic logistic map. Image Vision Comput 2006;24(9):926–34. [10] Tang Guoping, Liao Xiaofeng, Chen Yong. A novel method for designing S-boxes based on chaotic maps. Chaos, Solitons &Fractals 2005;23:413–9. [11] Chen G, Chen Y, Liao X. An extended method for obtaining S-boxes based on three-dimensional chaotic Baker maps. Chaos,Solitons & Fractals 2007;31(3):571–9.14

。

猜你喜欢

最安全有效的减肥药

最安全有效的减肥药

编辑:小徐

现在的减肥药真的是真假难分,在选择减肥药的同时也应该更加小心,减肥药多种多样,那么如何才能选择最安全有效的减肥药,也成了很多小仙女的内心疑问,下面就跟着日一本小编一起看一下,如何选择最安全有效的减肥药。 最安全有效的减肥药选购方法 1、首先需要观察产品的外包装,在包装中可以看到其配方是不是含有激素,含有激素的减肥药对身体的内..

吃减肥药失眠

吃减肥药失眠

编辑:小徐

随着现在流行以瘦为美,很多人会不顾身体的健康选择减肥药,达到快速减肥瘦身的效果,但是很多减肥药都是有副作用的,副作用比较轻的就是失眠现象,那么吃减肥药出现失眠是怎么回事儿?如果出现失眠后,我们应该怎样缓解? 吃减肥药失眠是怎么回事 减肥药中富含安非他命,所以减肥药服用了太多会有失眠现象,服用减肥药期间,身体会逐渐出现抗药性,身..

最新文章