Security Analysis of a Color Image Encryption Scheme Based on a
Fractional-Order Hyperchaotic System
George Tes¸eleanu
1,2 a
1
Advanced Technologies Institute, 10 Dinu Vintil
˘
a, Bucharest, Romania
2
Simion Stoilow Institute of Mathematics of the Romanian Academy, 21 Calea Grivitei, Bucharest, Romania
Keywords:
Image Encryption Scheme, Chaos Based Encryption, Cryptanalysis.
Abstract:
In 2022, Hosny et al. introduce an image encryption scheme that employs a fractional-order chaotic system.
Their approach uses the hyper-chaotic system to generate the system’s main parameter, namely a secret permu-
tation which is dependent on the size and the sum of the pixels of the source image. According to the authors,
their scheme offers adequate security (i.e. 498 bits) for transmitting color images over unsecured channels.
Nevertheless, in this paper we show that the scheme’s security is independent on the secret parameters used
to initialize the hyper-chaotic system. More precisely, we provide a chosen plaintext/ciphertext attack whose
complexity is O (6(W H)
2
) and needs WH oracle queries, where W and H are the width and the height of the
encrypted image. For example, for an image of size 4000 × 3000 (12 megapixels image) we obtain a security
margin of 49.61 bits, which is 10 times lower than the claimed bound.
1 INTRODUCTION
The widespread use of social media has raised con-
cerns about the security of digital images, particularly
the risk of theft and unauthorized distribution. As a
result, this issue has raised significant attention, lead-
ing researchers to develop various techniques for en-
crypting images. Among these approaches, chaotic
maps have become a popular choice due to their high
sensitivity to initial conditions and previous states.
This desirable property makes it difficult to predict
their behavior, leading to the development of several
novel cryptographic algorithms based on chaos. How-
ever, many of these image encryption schemes suf-
fer from critical security vulnerabilities due to inad-
equate security analysis and a lack of design guide-
lines. In fact, there have been numerous compro-
mised schemes, which we provide in a non-exhaustive
list in Table 1. For more information, please refer to
(Zolfaghari and Koshiba, 2022; Muthu and Murali,
2021; Hosny, 2020;
¨
Ozkaynak, 2018).
In (Hosny et al., 2022), the authors propose a
novel encryption scheme based on the 4D hyper-
chaotic Chen system combined with a Fibonacci Q-
matrix. Before encrypting the image, the authors first
decompose it into its primary color channels: red,
a
https://orcid.org/0000-0003-3953-2744
green and blue. Then they process each channel inde-
pendently. More precisely, they use six secret param-
eters, the size of the image and the sum of its pixels
to initialize the hyper-chaotic system. Then they dis-
card a part of the system’s outputs and the remaining
ones are used to generate a random permutation. Af-
ter scrambling the image according to the computed
permutation, they apply the Fibonacci Q-matrix for
each 2 × 2 image blocks. Finally, they recombine
the resulting three encrypted images into one image.
Since the Chen system is simply used as a pseudo-
random number generator (PRNG) and the scheme’s
weakness is independent of the employed generator,
we omit its description.
In this paper, we conduct a security analysis of the
Hosny et al. scheme (Hosny et al., 2022). We de-
scribe a chosen plaintext attack and a chosen cipher-
text attack, which would allow an attacker to decrypt
all images of a specific size. To execute such attacks,
the attacker would need to access the ciphertexts or
plaintexts of at most W H chosen plaintexts or chosen
ciphertexts. Once the attacker has this information in
his possession, he can proceed to running his attack.
Note that the attack’s complexity is not related to the
size of secret parameters of the PRNG used in the en-
cryption scheme. It is solely determined by the size of
the image being attacked. In the case of 2 megapix-
564
Te¸seleanu, G.
Security Analysis of a Color Image Encryption Scheme Based on a Fractional-Order Hyperchaotic System.
DOI: 10.5220/0013218900003899
Paper published under CC license (CC BY-NC-ND 4.0)
In Proceedings of the 11th International Conference on Information Systems Security and Privacy (ICISSP 2025) - Volume 2, pages 564-570
ISBN: 978-989-758-735-1; ISSN: 2184-4356
Proceedings Copyright © 2025 by SCITEPRESS – Science and Technology Publications, Lda.
Table 1: Broken chaos based image encryption algorithms.
Scheme (Yen and Guo, 2000) (Matoba and Javidi, 2004) (Wang et al., 2012) (Huang et al., 2014) (Khan, 2015)
Broken by (Li and Zheng, 2002) (Wang et al., 2019) (Arroyo et al., 2013) (Wen et al., 2021) (Alanazi et al., 2021)
Scheme (Song and Qiao, 2015) (Essaid et al., 2019b) (Hu et al., 2017) (Niyat et al., 2017) (Hua and Zhou, 2017)
Broken by (Wen et al., 2019) (Tes¸eleanu, 2024b) (Li et al., 2019a) (Li et al., 2018) (Yu et al., 2021)
Scheme (Pak and Huang, 2017) (Liu et al., 2018) (Shafique and Shahid, 2018) (Sheela et al., 2018) (Wu et al., 2018)
Broken by (Wang et al., 2018) (Ma et al., 2020) (Wen and Yu, 2019) (Zhou et al., 2019) (Chen et al., 2020)
Scheme (Khan and Masood, 2019) (Pak et al., 2019) (Mondal et al., 2021) (Essaid et al., 2019a) (Mfungo et al., 2023)
Broken by (Fan et al., 2021) (Li et al., 2019b) (Li et al., 2021) (Tes¸eleanu, 2023) (Tes¸eleanu, 2024a)
Algorithm 1: Encryption algorithm.
Input: A plaintext P and a secret key K
Output: A ciphertext C
1 Generate a random permutation S using PRNG(K, IC).
2 %image scrambling
3 for i ∈ [0, L) do R
i
← P
S
i
4 %add diffusion
5 for i ∈ [0, L) and at each step increment i with 2 do
6 C
i
← 89 ·R
i
+ 55 ·R
i+1
mod 256
7 C
i+1
← 55 ·R
i
+ 34 ·R
i+1
mod 256
8 return C
els
1
images, the complexity of the attack is estimated
to be O(2
44.33
). On the other hand, in the case of 12
megapixels
2
, we obtain an estimate of O(2
49.61
). The
security gap between the estimated complexity of the
attack and the claimed security level of the Hosny et
al.’s scheme is quite large in both cases (i.e. 10 times
lower). According to (Barker, 2020), a security of 80
bits is considered only for legacy systems, and thus it
should not be used for applying cryptographic protec-
tion. Therefore, Hosny et al. scheme does not provide
sufficient assurances in order to be used in practice.
Structure of the Paper. We provide the necessary
preliminaries in Section 2. In Sections 3 and 4 we
show how an attacker can recover the secret permu-
tation in a chosen plaintext/ciphertext scenario. We
conclude in Section 5.
2 PRELIMINARIES
Notations. In this paper, the subset {1,. .. ,s − 1} ∈
N is denoted by [1,s). The action of selecting a ran-
dom element x from a sample space X is represented
by x
$
←− X, while x ← y indicates the assignment of
value y to variable x. By H and W we denote an im-
age’s height and width.
1
W × H = 1600 × 1200
2
W × H = 4000 × 3000
Algorithm 2: Decryption algorithm.
Input: A ciphertext C and a secret key K
Output: A plaintext P
1 %remove diffusion
2 for i ∈ [0, L) with increment step 2 do
3 R
i
← 34 ·C
i
+ 201 ·C
i+1
mod 256
4 R
i+1
← 201 ·C
i
+ 89 ·C
i+1
mod 256
5 Generate permutation S using PRNG(K, IC) and compute its
inverse S
−1
.
6 %image descrambling
7 for i ∈ [0, L) do P
i
← R
S
−1
i
8 return P
2.1 Hosny et al. Image Encryption
Scheme
In this section we present Hosny et al.’s encryption
(Algorithm 1) and decryption (Algorithm 2) algo-
rithms as described in (Hosny et al., 2022). Let W be
even. Before the encryption/decryption process starts,
the image of size W × H × 3 is split into three chan-
nels each of size W × H. Afterwards each channel
image is converted into a vector of size L = W ·H and
is processed independently. At the end, the resulting
vectors are translated back into images of size W × H
and then they are recombined into a final image of
size W × H × 3. Please note that the PRNG has as
input a secret key K and a public function f depen-
dent on the sum of the image’s pixels and L. For sim-
plify, we refer to f (
∑
L−1
i=0
P
i
,L) as the initial condition
of the PRNG and we denote it by IC. Remark that
in the processes of encryption and decryption we use
the following Fibonacci Q-matrix Q
10
and its inverse
Q
−10
modulo 256
Q
10
=
89 55
55 34
and Q
−10
=
34 201
201 89
.
An important remark is that the sum of the image’s
pixels can be easily recovered from the encrypted im-
age.
3
More precisely, since S only switches the pix-
els’ position, we can compute the sum by removing
the diffusion step. The exact method is presented in
Algorithm 3.
3
Note that this is not mentioned in the original paper.
Security Analysis of a Color Image Encryption Scheme Based on a Fractional-Order Hyperchaotic System
565
Algorithm 3: Computing the sum of the image’s
pixels.
1 Function compute sum(C)
2 for i ∈ [0,L) with increment step 2 do
3 R
i
← 34 ·C
i
+ 201 ·C
i+1
mod 256
4 R
i+1
← 201 ·C
i
+ 89 ·C
i+1
mod 256
5 Σ = 0
6 for i ∈ [0,L) do Σ ← Σ + R
i
7 return Σ
3 CHOSEN PLAINTEXT ATTACK
A chosen plaintext attack (CPA) is a scenario in which
the attacker A briefly gains access to the encryption
machine O
enc
and is permitted to query it with vari-
ous inputs. In this way, A generates specific plaintexts
that can facilitate his attack and uses O
enc
to obtain
the corresponding ciphertexts. We demonstrate in this
paper that Hosny et al.’s image encryption scheme is
vulnerable to such attacks.
To help convey the intuition behind our CPA at-
tack, we will begin by presenting a toy example be-
fore formally presenting our attack. We recommend
the reader read the examples and Algorithms 4 to 7 in
parallel. Therefore, we assume that we work with an
image that only has pixel values between 0 and 7. We
devise an attack in the following four cases.
In the first case, we work with an image that has
all its pixel values equal to i, for an i ∈ [0,8). If we
apply a random permutation to this image, the result-
ing vector R has all its values equal to i. Therefore, if
we receive a ciphertext C, we can easily remove the
diffusion step and then check if the resulting R vector
has all its values equal to an i. If this is the case, then
the encrypted image has all its pixels equal to i. In the
case of Hosny et al.’s image encryption scheme, this
part of the attack is presented in Algorithm 4.
Algorithm 4: Check for images with all pixel value
equal.
1 Function check equal values(C)
2 for i ∈ [0,L) with increment step 2 do
3 R
i
← 34 ·C
i
+ 201 ·C
i+1
mod 256
4 R
i+1
← 201 ·C
i
+ 89 ·C
i+1
mod 256
5 for j ∈ [0,256) do
6 if all R
i
= i then return R
7 return ⊥
For the remaining cases, we assume that we know
the sum Σ of the pixels of the target image
4
. In the
second case we consider images whose pixel sum is
between 3 and 6 · 7/2. As an example, we consider
4
It can be easily computed using Algorithm 3 when we
have access to its corresponding ciphertext.
Algorithm 5: Check sum interval.
1 Function check interval(Σ, L)
2 moth ← ⊥
3 for i ∈ [0,254) do
4 if L > i and i(i +1)/2 ≤ Σ < (i +1)(i + 2)/2 then
5 moth ← i
6 f lea ← 0
7 Σ
′
← Σ −i(i + 1)/2
8 α ← Σ
′
mod (i +1)
9 break
10 else if L ≥ 254 and
254 · 255/2 ≤ Σ < 254 · 255/2+(L−254)·255 then
11 moth ← 254
12 f lea ← 0
13 Σ
′
← Σ −254 · 255/2
14 α ← Σ
′
mod 255
15 break
16 else if L ≥ 254 − i and
(254 − i)(255+i)/2 + (L− 254 + i)· 255 ≤ Σ <
(253 − i)(256+i)/2 + (L− 253 + i)· 255 then
17 moth ← 253 − i
18 f lea ← i + 1
19 Σ
′
← Σ −(253 − i)(256 +i)/2
20 α ← Σ
′
mod 255
21 break
22 return moth, f lea,Σ
′
,α
the following target image of length L = 6
P
0
= 1, P
1
= 3, P
2
= 1, P
3
= 4, P
4
= 6, P
5
= 2.
Then Σ = 17. We now use a greedy approach to con-
struct two plaintext that can aid us in computing the
secret permutation S. First we check to see the inter-
val for the sum
5 · 6/2 = 15 ≤ Σ < 6 · 7/2 = 21
and we set the following parameters
5
moth = 5,
f lea = 0, Σ
′
= Σ − 15 = 2 and α = Σ
′
mod 6 = 2.
Then we generate the following intermediary attack
plaintexts
P
0
= 1, P
1
= 3, P
2
= 4, P
3
= 5, P
4
= 0, P
5
= 0
P
0
= 4, P
1
= 5, P
2
= 0, P
3
= 0, P
4
= 1, P
5
= 3.
We can see that their sum is 13 = Σ − 2α. Now we
add the two αs to obtain the final attack plaintexts
P
0
= 1, P
1
= 3, P
2
= 4, P
3
= 5, P
4
= 2, P
5
= 2
P
0
= 4, P
1
= 5, P
2
= 2, P
3
= 2, P
4
= 1, P
5
= 3.
We can easily see that both attack plaintexts have the
same pixel sum and the same size as the target image.
Therefore, the PRNG will generate the same random
permutation S as in the case of the target plaintext.
The advantage of the attack plaintexts is that we can
track how the values 1,3, 4 and 5 are permuted by S,
5
please see Algorithm 6 for their exact usage
ICISSP 2025 - 11th International Conference on Information Systems Security and Privacy
566
Algorithm 6: Compute attack image.
1 Function set attack image( j, L, B, moth, f lea,Σ
′
,α)
2 for i ∈ [0,L) do P
i
← 0
3 if α = 0 then
4 for i ∈ [ jB,( j + 1)B) do
P
i mod L
← f lea + (i mod B) +1
5 else
6 for i ∈ [ jB,( j + 1)B) do
7 if f lea +(i mod B) + 1 < α then
P
i mod L
← f lea + (i mod B) +1
8 else P
i mod L
← f lea + (i mod B) +2
9 i ← 0, k ← 0
10 while k < Σ
′
/(moth + 1) and i < L do
11 if P
i
= 0 then
12 if f lea = 0 then P
i
=← moth +1
13 else P
i
← 255
14 k ← k +1
15 i ← i + 1
16 if α ̸= 0 then
17 t ← i,k ← 0
18 while k < 2 and i < L do
19 if P
i
= 0 then
20 P
i
← α
21 k ← k +1
22 i ← i + 1
23 if k < 2 then
24 i ← t
25 while k < 2 and i ≥ 0 do
26 if P
i
= 255 then
27 P
i
← α
28 k ← k +1
29 i ← i − 1
30 return P
and thus recover S. Thus, after receiving the corre-
sponding ciphertexts, we first remove the diffusion
step and then we track the resulting positions of the
values 1,3,4 and 5. Corroborated with the initial po-
sitions we can recover the secret permutation S, and
hence recover the target plaintext.
In the third case we consider images whose pixel
sum is between 6 · 7/2 and 6 · 7/2 + (L − 6) · 7. As an
example, lets consider the following target image of
length L = 8
P
0
= 5, P
1
= 0, P
2
= 1, P
3
= 3,
P
4
= 7, P
5
= 4,P
6
= 6, P
7
= 2.
Then Σ = 28. First we set our parameters moth = 6,
f lea = 0, Σ
′
= Σ − 21 = 7 and α = Σ
′
mod 7 = 0.
Then we generate the following intermediary attack
plaintexts
P
0
= 1, P
1
= 2, P
2
= 3, P
3
= 4,
P
4
= 5, P
5
= 6, P
6
= 0, P
7
= 0
P
0
= 2, P
1
= 3, P
2
= 4, P
3
= 5,
P
4
= 6, P
5
= 0, P
6
= 0, P
7
= 2.
Algorithm 7: Recover secret permutation.
1 Function recover s(R,nb, j,L,B, moth, f lea, Σ
′
,α)
2 if f lea = 0 then val ← moth + 1
3 else val ← 255
4 if α = 0 then
5 for i ∈ [0,L) do
6 f lag ← false
7 if j < nb then f lag ← true
8 else if R
i
≤ (L mod B) + f lea then
f lag ← true
9 if f lag = true and R
i
̸= 0 and R
i
̸= val then
S
i
← jB +R
i
− 1 − f lea mod L
10 else
11 for i ∈ [0,L) do
12 f lag ← false
13 if j < nb then f lag ← true
14 else if R
i
≤ (L mod B) +1 + f lea then
f lag ← true
15 if f lag = true and R
i
̸= 0 and R
i
̸= val and
R
i
̸= α then
16 if R
i
< α then
S
i
← jB +R
i
− 1 − f lea mod L
17 else S
i
← jB +R
i
− 2 − f lea mod L
18 return S
Algorithm 8: Chosen plaintext attack once Σ is
known.
1 Function cpa sum(Σ)
2 moth, f lea,Σ
′
,α ← check interval(Σ, L)
3 if moth = ⊥ or moth = 0 or moth = 1 then
4 return ⊥
5 if α = 0 then B ← moth
6 else B ← moth − 1
7 nb ← L/B
8 nb
r
← ⌈L/B⌉ −nb
9 for j ∈ [0,nb + nb
r
) do
10 P ← set attack image( j,L, B,moth, f lea, Σ
′
,α)
11 Send the plaintext P to the encryption oracle O
enc
.
12 Receive the ciphertext C from the encryption oracle
O
enc
.
13 for i ∈ [0,L) with increment step 2 do
14 R
i
← 34 ·C
i
+ 201 ·C
i+1
mod 256
15 R
i+1
← 201 ·C
i
+ 89 ·C
i+1
mod 256
16 S ← recover s(R,nb, j,L,B, moth, f lea, Σ
′
,α)
17 return S
We can see that their sum is 21 = Σ−(moth+1). Now
we add the moth + 1 value to obtain the final attack
plaintexts
P
0
= 1, P
1
= 2, P
2
= 3, P
3
= 4,
P
4
= 5, P
5
= 6, P
6
= 7, P
7
= 0
P
0
= 2, P
1
= 3, P
2
= 4, P
3
= 5,
P
4
= 6, P
5
= 7, P
6
= 0, P
7
= 2.
As in the previous case, we can track the 1 to 6 values,
and thus determine the secret permutation S. Note that
we do not track the moth +1 value, since there can be
Security Analysis of a Color Image Encryption Scheme Based on a Fractional-Order Hyperchaotic System
567
more than one. Also, if α ̸= 0, we also remove this
value from the tracked ones, since there will be two
of them.
The last case is for images whose pixel sum is be-
tween 6·7/2+(L −6)·7 and 7·L. As an example, lets
consider the following target image of length L = 6
P
0
= 4, P
1
= 6, P
2
= 5, P
3
= 7, P
4
= 5, P
5
= 6.
Then Σ = 33. First we check to see the interval for the
sum
(6 − 2) · (7 + 2)/2 + (6 − 6 + 2) · 7 = 32 ≤ Σ
Σ < (5 − 2) · (8 + 2)/2 + (6 − 5 + 2) · 7 = 36
and we set moth = 3, f lea = 3, Σ
′
= Σ − 15 = 18 and
α = Σ
′
mod 7 = 4. Then we generate the following
intermediary attack plaintexts
P
0
= 5, P
1
= 6, P
2
= 0, P
3
= 0, P
4
= 0, P
5
= 0
P
0
= 0, P
1
= 0, P
2
= 5, P
3
= 6, P
4
= 0, P
5
= 0
P
0
= 0, P
1
= 0, P
2
= 0, P
3
= 0, P
4
= 5, P
5
= 6.
Now we add the requires number of 7s
P
0
= 5, P
1
= 6, P
2
= 7, P
3
= 7, P
4
= 7, P
5
= 0
P
0
= 7, P
1
= 7, P
2
= 5, P
3
= 6, P
4
= 7, P
5
= 0
P
0
= 7, P
1
= 7, P
2
= 7, P
3
= 0, P
4
= 5, P
5
= 6.
We can see that their sum is 32 = Σ − 2α + 7. Now
we add the two αs and remove a 7 to obtain the final
attack plaintexts
P
0
= 5, P
1
= 6, P
2
= 7, P
3
= 7, P
4
= 4, P
5
= 4
P
0
= 7, P
1
= 7, P
2
= 5, P
3
= 6, P
4
= 4, P
5
= 4
P
0
= 7, P
1
= 7, P
2
= 4, P
3
= 4, P
4
= 5, P
5
= 6.
As in the previous case, we can track the 5 and 6 val-
ues, and hence determine the secret permutation S.
This exhausts all the possible cases that we can attack,
when the sum of the target plaintext is known. In the
case of Hosny et al.’s image encryption scheme, Al-
gorithm 5 describes the part of the attack that checks
which of the three cases we are in. The construc-
tion of the attack images is presented in Algorithm 6,
while the recovery of the secret permutation is given
in Algorithm 7. Once the sum of the target image is
known, Algorithm 8 includes all the necessary steps
needed to recover the target image. The full chosen
plaintext attack is given in Algorithm 9.
To compute the complexity of our attack we con-
sider that the operations modulo 256 have constant
complexity O(1). Also, we consider the worst case
possible B = 1. Therefore, we obtain that the com-
plexities of Algorithms 3 to 7 are O(4L), O(259L),
O(1), O(L) and O(L), respectively.
In the case of Algorithm 8, we make at most L
oracle queries and we have a complexity of O(2L
2
).
Algorithm 9: Chosen plaintext attack.
Input: A ciphertext C
Output: The targeted plaintext P
1 Function cpa main(C)
2 temp ← check equal values(C)
3 if temp ̸= ⊥ then return temp
4 Σ ← compute sum(C)
5 S ← cpa sum(Σ)
6 Compute the inverse permutation S
−1
.
7 for i ∈ [0, L) with increment step 2 do
8 R
i
← 34 ·C
i
+ 201 ·C
i+1
mod 256
9 R
i+1
← 201 ·C
i
+ 89 ·C
i+1
mod 256
10 for i ∈ [0, L) do P
i
← R
S
−1
i
11 return P
Since Algorithm 8’s complexity dominates Algo-
rithm 9 we obtain the same performance for the full
attack. Note that Algorithm 9 recovers only a single
color channel. Thus, to perform the full attack on the
entire image, L queries are needed, and the overall
runtime is approximately O(6L
2
). For example, if we
encrypt 2 megapixels
6
images we obtain a complexity
of O(2
44.33
) and 2
20.87
oracle queries. In the case of
12 megapixels
7
, we obtain O(2
49.61
) and 2
23.51
oracle
queries.
4 CHOSEN CIPHERTEXT
ATTACK
In contrast to a chosen plaintext attack, a chosen ci-
phertext attack (CCA) assumes that the attacker A
briefly gains access to the decryption machine O
dec
.
A then generates specific ciphertexts that can assist
his attack and uses O
dec
to obtain the corresponding
plaintexts. In this scenario, we describe an attack on
Hosny et al.’s cryptosystem.
The main difference between the CPA and the
CCA is that in the first case we have to remove the
diffusion step after receiving the ciphertext for O
enc
in order to get to our markers, while in the second we
have to add the diffusion step before sending the ci-
phertexts to O
dec
. We present our proposed attack in
Algorithm 11. Note that in the case of the CCA we do
not have to compute the inverse permutation. Also,
the CCA’s complexity and number of oracle queries
are the same as in the case of the CPA.
6
W × H = 1600 × 1200
7
W × H = 4000 × 3000
ICISSP 2025 - 11th International Conference on Information Systems Security and Privacy
568
Algorithm 10: Chosen ciphertext attack once Σ is
known.
1 Function cca sum(Σ)
2 moth, f lea, Σ
′
,α ← check interval(Σ, L)
3 if moth = ⊥ or moth = 0 or moth = 1 then
4 return ⊥
5 if α = 0 then B ← moth
6 else B ← moth − 1
7 nb ← L/B
8 nb
r
← ⌈L/B⌉ −nb
9 for j ∈ [0,nb + nb
r
) do
10 R ← set attack image( j,L, B,moth, f lea, Σ
′
,α)
11 for i ∈ [0,L) with increment step 2 do
12 C
i
← 89 ·R
i
+ 55 ·R
i+1
mod 256
13 C
i+1
← 55 ·R
i
+ 34 ·R
i+1
mod 256
14 Send the plaintext C to the decryption oracle O
dec
.
15 Receive the plaintext P from the decryption oracle
O
dec
.
16 S
−1
← recover s(P, nb, j,L, B, moth, f lea,Σ
′
,α)
17 return S
−1
Algorithm 11: Chosen ciphertext attack.
Input: A ciphertext C
Output: The targeted plaintext P
1 Function cpa main()
2 temp ← check equal values(C)
3 if temp ̸= ⊥ then return temp
4 Σ ← compute sum(C)
5 S
−1
← cca sum(Σ)
6 for i ∈ [0, L) with increment step 2 do
7 R
i
← 34 ·C
i
+ 201 ·C
i+1
mod 256
8 R
i+1
← 201 ·C
i
+ 89 ·C
i+1
mod 256
9 for i ∈ [0, L) do P
i
← R
S
−1
i
10 return P
5 CONCLUSIONS
The authors of (Hosny et al., 2022) introduced an im-
age encryption scheme based on a hyperchaotic sys-
tem that they claimed to have a security strength of
498 bits. However, our security analysis revealed that
the true security strength of Hosny et al.’s scheme is
roughly O(2
50
). Additionally, our analysis shows that
the attack requires at most 2
24
oracle queries. Conse-
quently, according to (Barker, 2020), the system fails
to meet the necessary security strength needed to pro-
tect sensitive information.
REFERENCES
Alanazi, A. S., Munir, N., Khan, M., Asif, M., and Hus-
sain, I. (2021). Cryptanalysis of Novel Image Encryp-
tion Scheme Based on Multiple Chaotic Substitution
Boxes. IEEE Access, 9:93795–93802.
Arroyo, D., Diaz, J., and Rodriguez, F. (2013). Cryptanaly-
sis of a One Round Chaos-Based Substitution Permu-
tation Network. Signal Processing, 93(5):1358–1364.
Barker, E. (2020). NIST SP800-57 Recommendation for
Key Management, Part 1: General. Technical report,
NIST.
Chen, J., Chen, L., and Zhou, Y. (2020). Cryptanalysis of a
DNA-Based Image Encryption Scheme. Information
Sciences, 520:130–141.
Essaid, M., Akharraz, I., Saaidi, A., and Mouhib, A.
(2019a). A New Approach of Image Encryption Based
on Dynamic Substitution and Diffusion Operations. In
SysCoBIoTS 2019, pages 1–6. IEEE.
Essaid, M., Akharraz, I., Saaidi, A., and Mouhib, A.
(2019b). Image Encryption Scheme Based on a
New Secure Variant of Hill Cipher and 1D Chaotic
Maps. Journal of Information Security and Applica-
tions, 47:173–187.
Fan, H., Zhang, C., Lu, H., Li, M., and Liu, Y. (2021).
Cryptanalysis of a New Chaotic Image Encryption
Technique Based on Multiple Discrete Dynamical
Maps. Entropy, 23(12):1581.
Hosny, K. M. (2020). Multimedia Security Using Chaotic
Maps: Principles and Methodologies, volume 884.
Springer.
Hosny, K. M., Kamal, S. T., and Darwish, M. M. (2022).
Novel encryption for color images using fractional-
order hyperchaotic system. Journal of Ambient Intel-
ligence and Humanized Computing, 13(2):973–988.
Hu, G., Xiao, D., Wang, Y., and Li, X. (2017). Cryptanal-
ysis of a Chaotic Image Cipher using Latin Square-
Based Confusion and Diffusion. Nonlinear Dynamics,
88(2):1305–1316.
Hua, Z. and Zhou, Y. (2017). Design of Image Cipher Using
Block-Based Scrambling and Image Filtering. Infor-
mation sciences, 396:97–113.
Huang, X., Sun, T., Li, Y., and Liang, J. (2014). A Color
Image Encryption Algorithm Based on a Fractional-
Order Hyperchaotic System. Entropy, 17(1):28–38.
Khan, M. (2015). A Novel Image Encryption Scheme
Based on Multiple Chaotic S-Boxes. Nonlinear Dy-
namics, 82(1):527–533.
Khan, M. and Masood, F. (2019). A Novel Chaotic Im-
age Encryption Technique Based on Multiple Discrete
Dynamical Maps. Multimedia Tools and Applications,
78(18):26203–26222.
Li, M., Lu, D., Wen, W., Ren, H., and Zhang, Y. (2018).
Cryptanalyzing a Color Image Encryption Scheme
Based on Hybrid Hyper-Chaotic System and Cellular
Automata. IEEE access, 6:47102–47111.
Li, M., Lu, D., Xiang, Y., Zhang, Y., and Ren, H. (2019a).
Cryptanalysis and Improvement in a Chaotic Image
Cipher Using Two-Round Permutation and Diffusion.
Nonlinear Dynamics, 96(1):31–47.
Li, M., Wang, P., Liu, Y., and Fan, H. (2019b). Crypt-
analysis of a Novel Bit-Level Color Image Encryp-
tion Using Improved 1D Chaotic Map. IEEE Access,
7:145798–145806.
Li, M., Wang, P., Yue, Y., and Liu, Y. (2021). Cryptanaly-
sis of a Secure Image Encryption Scheme Based on a
Security Analysis of a Color Image Encryption Scheme Based on a Fractional-Order Hyperchaotic System
569
Novel 2D Sine–Cosine Cross-Chaotic Map. Journal
of Real-Time Image Processing, 18(6):2135–2149.
Li, S. and Zheng, X. (2002). Cryptanalysis of a Chaotic
Image Encryption Method. In ISCAS 2002, volume 2,
pages 708–711. IEEE.
Liu, L., Hao, S., Lin, J., Wang, Z., Hu, X., and Miao, S.
(2018). Image Block Encryption Algorithm Based on
Chaotic Maps. IET Signal Processing, 12(1):22–30.
Ma, Y., Li, C., and Ou, B. (2020). Cryptanalysis of an
Image Block Encryption Algorithm Based on Chaotic
Maps. Journal of Information Security and Applica-
tions, 54:102566.
Matoba, O. and Javidi, B. (2004). Secure Holographic
Memory by Double-Random Polarization Encryption.
Applied Optics, 43(14):2915–2919.
Mfungo, D. E., Fu, X., Wang, X., and Xian, Y. (2023).
Enhancing Image Encryption with the Kronecker Xor
Product, the Hill Cipher, and the Sigmoid Logistic
Map. Applied Sciences, 13(6).
Mondal, B., Behera, P. K., and Gangopadhyay, S. (2021). A
Secure Image Encryption Scheme Based on a Novel
2D Sine–Cosine Cross-Chaotic (SC3) Map. Journal
of Real-Time Image Processing, 18(1):1–18.
Muthu, J. S. and Murali, P. (2021). Review of Chaos De-
tection Techniques Performed on Chaotic Maps and
Systems in Image Encryption. SN Computer Science,
2(5):1–24.
Niyat, A. Y., Moattar, M. H., and Torshiz, M. N. (2017).
Color Image Encryption Based on Hybrid Hyper-
Chaotic System and Cellular Automata. Optics and
Lasers in Engineering, 90:225–237.
¨
Ozkaynak, F. (2018). Brief Review on Application of Non-
linear Dynamics in Image Encryption. Nonlinear Dy-
namics, 92(2):305–313.
Pak, C., An, K., Jang, P., Kim, J., and Kim, S. (2019). A
Novel Bit-Level Color Image Encryption Using Im-
proved 1D Chaotic Map. Multimedia Tools and Ap-
plications, 78(9):12027–12042.
Pak, C. and Huang, L. (2017). A New Color Image En-
cryption Using Combination of the 1D Chaotic Map.
Signal Processing, 138:129–137.
Shafique, A. and Shahid, J. (2018). Novel Image Encryption
Cryptosystem Based on Binary Bit Planes Extraction
and Multiple Chaotic Maps. The European Physical
Journal Plus, 133(8):1–16.
Sheela, S., Suresh, K., and Tandur, D. (2018). Image En-
cryption Based on Modified Henon Map Using Hy-
brid Chaotic Shift Transform. Multimedia Tools and
Applications, 77(19):25223–25251.
Song, C. and Qiao, Y. (2015). A Novel Image Encryption
Algorithm Based on DNA Encoding and Spatiotem-
poral Chaos. Entropy, 17(10):6954–6968.
Tes¸eleanu, G. (2023). Security Analysis of a Color Im-
age Encryption Scheme Based on Dynamic Substitu-
tion and Diffusion Operations. In ICISSP 2023, pages
410–417. SCITEPRESS.
Tes¸eleanu, G. (2024a). Security Analysis of an Image En-
cryption Based on the Kronecker Xor Product, the Hill
Cipher and the Sigmoid Logistic Map. In ICISSP
2024, pages 467–473. SCITEPRESS.
Tes¸eleanu, G. (2024b). Security Analysis of an Image En-
cryption Scheme Based on a New Secure Variant of
Hill Cipher and 1D Chaotic Maps. In ICISSP 2024,
pages 745–749. SCITEPRESS.
Wang, H., Xiao, D., Chen, X., and Huang, H. (2018). Crypt-
analysis and Enhancements of Image Encryption Us-
ing Combination of the 1D Chaotic Map. Signal pro-
cessing, 144:444–452.
Wang, L., Wu, Q., and Situ, G. (2019). Chosen-Plaintext
Attack on the Double Random Polarization Encryp-
tion. Optics Express, 27(22):32158–32167.
Wang, X., Teng, L., and Qin, X. (2012). A Novel Colour
Image Encryption Algorithm Based on Chaos. Signal
Processing, 92(4):1101–1108.
Wen, H. and Yu, S. (2019). Cryptanalysis of an Image
Encryption Cryptosystem Based on Binary Bit Planes
Extraction and Multiple Chaotic Maps. The European
Physical Journal Plus, 134(7):1–16.
Wen, H., Yu, S., and L
¨
u, J. (2019). Breaking an Image
Encryption Algorithm Based on DNA Encoding and
Spatiotemporal Chaos. Entropy, 21(3):246.
Wen, H., Zhang, C., Huang, L., Ke, J., and Xiong, D.
(2021). Security Analysis of a Color Image Encryp-
tion Algorithm Using a Fractional-Order Chaos. En-
tropy, 23(2):258.
Wu, J., Liao, X., and Yang, B. (2018). Image Encryption
Using 2D H
´
enon-Sine Map and DNA Approach. Sig-
nal processing, 153:11–23.
Yen, J.-C. and Guo, J.-I. (2000). A New Chaotic Key-Based
Design for Image Encryption and Decryption. In IS-
CAS 2000, volume 4, pages 49–52. IEEE.
Yu, F., Gong, X., Li, H., and Wang, S. (2021). Differ-
ential Cryptanalysis of Image Cipher Using Block-
Based Scrambling and Image Filtering. Information
Sciences, 554:145–156.
Zhou, K., Xu, M., Luo, J., Fan, H., and Li, M. (2019).
Cryptanalyzing an Image Encryption Based on a
Modified Henon Map Using Hybrid Chaotic Shift
Transform. Digital Signal Processing, 93:115–127.
Zolfaghari, B. and Koshiba, T. (2022). Chaotic Image
Encryption: State-of-the-Art, Ecosystem, and Future
Roadmap. Applied System Innovation, 5(3):57.
ICISSP 2025 - 11th International Conference on Information Systems Security and Privacy
570
