International Association for Cryptologic Research

International Association
for Cryptologic Research


Kwok-Tung Lo


Cryptanalysis of an Image Scrambling Scheme without Bandwidth Expansion
Recently, a novel image scrambling (i.e., encryption) scheme without bandwidth expansion was proposed based on two-dimensional (2-D)discrete prolate spheroidal sequences (DPSS). This paper gives a comprehensive cryptanalysis of the image scrambling scheme, and draw a conclusion that it is not sufficiently secure against various cryptographical attacks, including ciphertext-only attack, known/chosen-plaintext attack and chosen-ciphertext attack. The cryptanalytic results suggest that the image scrambling scheme can only be used to realize perceptual encryption, instead of provide content protection for digital images.
A General Cryptanalysis of Permutation-Only Multimedia Encryption Algorithms
In recent years secret permutations have been widely used for protecting different types of multimedia data, including speech files, digital images and videos. Based on a normalized encryption/decryption model, this paper performs a quantitative cryptanalysis on the security of permutation-only image ciphers working in the spatial domain, taking a recently-proposed permutation-only image cipher called HCIE (hierarchical chaotic image encryption) as a typical example. When the plain-image is of size $M\times N$ and with $L$ different levels of pixel values, the following quantitative cryptanalytic findings have been concluded: 1) all permutation-only image ciphers are insecure against known/chosen-plaintext attacks in the sense that only $O\left(\log_L(MN)\right)$ known/chosen plain-images are enough to break the secret permutation mapping; 2) the computational complexity of the known/chosen-plaintext attack is only $O(n\cdot(MN)^2)$, where $n$ is the number of known/chosen plain-images involved. Based on these results, it is found that hierarchical permutation-only image ciphers such as HCIE are less secure than normal (i.e., non-hierarchical) permutation-only image ciphers. Experiments are shown to verify the feasibility of the known/chosen-plaintext attacks. The cryptanalysis result is then generalized to permutation-only image ciphers working in the frequency domain, as well as video ciphers and speech ciphers. Finally, it is suggested that secret permutations have to be combined with other encryption techniques to design highly secure multimedia encryption systems. To the best of our knowledge, for the first time this paper provides a quantitative analysis of such a security principle on the design of multimedia encryption algorithms, from both theoretical and experimental points of view.
Cryptanalysis of RCES/RSES Image Encryption Scheme
Recently, a chaos-based image encryption scheme called RCES (also called RSES) was proposed. This paper analyzes the security of RCES, and points out that it is insecure against the known/chosen-plaintext attacks: the number of required known/chosen plain-images is only one or two. In addition, the security of RCES against the brute-force attack was overestimated. Both theoretical and experimental analyses are given to show the performance of the suggested known/chosen-plaintext attacks. The insecurity of RCES is due to its special design, which makes it a typical example of insecure image encryption schemes. Some lessons are drawn from RCES to show some common principles for ensuring the high level of security of an image encryption scheme.