On the security defects of an image encryption scheme

TL;DR

This paper critically analyzes a chaos-based image encryption scheme, revealing multiple security vulnerabilities including weak keys, susceptibility to chosen-plaintext and known-plaintext attacks, and partial key recovery.

Contribution

It identifies specific security flaws in a recent chaos-based encryption scheme and demonstrates practical attack methods exploiting these weaknesses.

Findings

Existence of invalid and weak keys in the scheme

Ability to guess subkey $K_{10}$ with reduced complexity

Challenged the scheme's resistance to chosen-plaintext and known-plaintext attacks

Abstract

This paper studies the security of a recently-proposed chaos-based image encryption scheme, and points out the following problems: 1) there exist a number of invalid keys and weak keys, and some keys are partially equivalent for encryption/decryption; 2) given one chosen plain-image, a subkey $K_{10}$ can be guessed with a smaller computational complexity than that of the simple brute-force attack; 3) given at most 128 chosen plain-images, a chosen-plaintext attack can possibly break the following part of the secret key: $\{K_i\bmod 128\}_{i=4}^{10}$, which works very well when $K_{10}$ is not too large; 4) when $K_{10}$ is relatively small, a known-plaintext attack can be carried out with only one known plain-image to recover some visual information of any other plain-images encrypted by the same key.