Cryptanalysis and improvement in a chaotic image cipher using two-round permutation and diffusion

Cryptanalysis is significant for the design of secure image cryptosystem. Recently, a chaotic image encryption scheme using two rounds of Latin square-based permutation and diffusion was proposed. Although two-round encryption is used, the cryptosystem has still been cracked successfully by the combined attack using both chosen-plaintext attack (CPA) and chosen-ciphertext attack due to the inherent flaw that the same key was used in both permutation and diffusion phases of each round. Therefore, different keys are used in each encryption phase of the improved cryptosystem. However, in this paper, we further attacked the two-round encryption with different keys using only CPA. By counting the number of the diffused pixels in the first diffusion phase from the processed encrypted image, the first permutation of one pixel is confirmed, and then the whole equivalent key stream of the first permutation can be obtained by limited CPA. Based on this, the key stream of the third permutation phase is obtained in a similar way. Meanwhile, all the mappings of the fourth diffusion are collected by 256 CPA, and 17 possible mappings in average are selected by verification. Finally, the key stream of the second diffusion is obtained using two pairs of chosen images. Experiments show that the encrypted image can be cracked successfully by the proposed attack. This work is instructive to the cryptanalysis of multi-round encryption. In order to remedy the security weakness, an improved cryptosystem is also proposed, followed by thorough security analysis.