mopdf.com

3C3 and hence the CBM entry for C3 is a ’0’. Similarly, the CBM entries corresponding to C4 and C5 are’1’ and ’0’. Hence, CBM [1, 1, 1, 0, 1, 0]It can be noted that the vectors P os and CBM together, completely represent the input image img.This can be shown by reconstructing img using only P os and CBM . The decoding process is describedbelow.The first entry of CBM is a ’1’ and hence colour C0 is present in img. Since the same colour orderC0 through C5 is used to create both P os and CBM , the first entry {(0, 0) , 0} in P os corresponds to C0 .Hence, the pixel with position (0, 0) bears colour C0 . Hence, img (0, 0) C0 . Since, the first P os entrybears a f lg value of ’0’, it is not the last pixel bearing C0 . Hence, the pixel corresponding to the secondentry {(2, 1) , 0} in P os also bears colour C0 , img (2, 1) C0 . Similarly, corresponding to the third and thefourth entry in P os, img (0, 2) C0 and img (1, 2) C0 . But the f lg value of the fourth entry in P os is ’1’meaning that there are no more pixels bearing colour C0 . For the fifth entry in P os, the next colour inCBM is considered. The second entry in CBM corresponds to colour C1 and has a value ’1’. Hence, forthe the fifth entry in P os, colour C1 is considered. Similarly, img (2, 0) C1 , img (0, 1) C2 , img (1, 1) C2 , img (2, 2) C2 and img (1, 0) C4 .It can be noted that the pixel position information and the colour information are completely separatedand have been encoded as two distinct ordered vectors. Though it is straight forward to reconstruct theinput image using P os and CBM , the advantage of such a representation of images ( or any form ofdigital data ) is as follows:1) The P os vector is composed of numbers from 0 to W and 0 to H . This information is obvious ifthe image width and height is known.2) no information regarding the colours is revealed. CBM encodes the colours as a bit sequence3) the Pixel Position-Colour correlation that defines the semantics of an image, is completely disturbed.Digital Representation of P os and CBM : Each entry in the P os vector is composed of three elements.The ’x’ and the ’y’ co-ordinates of the pixel considered and the flag f lg indicating if the pixel is thelast entry for that colour. Since the flag f lg can take only two values ’0’ or ’1’, one digital memory bitis sufficient to represent it. The value of the ’x’ co-ordinate defines the relative horizontal distance of apixel from the origin (0, 0) and can not exceed the image width W . Hence the number of bits necessaryto represent the ’x’ co-ordinate of any pixel is given by bw.bw If (W 2), then 1, else, (dlog2 (W )e) bitsSimilarly, the number of bits necessary to represent the ’y’ co-ordinate of any pixel is given by bh.bh If (H 2), then 1, else, (dlog2 (H)e) bitsHence, the number of bits used to represent an entry in the P os vector is (bw bh 1) bits. Consideringall the W H entries in the P os vector, the number of bytes required to represent the P os vector isSize (P os) d((bw bh 1) (W H)) /8e bytesFor the image img, bw bh 2. Hence, each entry in P os vector is represented using 5 bits and theentire vector is represented using 45 bits. The P os vector can be represented as:P os [(00000) , (10010) , (00100) , (01101) , (10001) , (00010) , (01010) , (10101) , (01001)]Finally, the P os vector is represented as an ordered set of integers by packing 8 bits in sequence. Forexample, the first integer with value ’4’ is formed by packing 5 bits of the first P os entry and 3 bits ofthe second entry. The second integer with value ’136’ is formed by packing 2 bits from the second P osentry, 5 from the third and one bit from the fourth P os entry. Similarly, the encoding continues until thelast bit in P os. Since the P os vector is composed of 45 bits, the last 5 bits (last P os entry) are paddedwith three ’0’ bits. The final representation of the P os vector is given by P os [4, 136, 216, 137, 85, 72].The CBM vector, by definition is a set of 224 flags (considering 24 bit RGB colours), each of which canbe represented by a single bit. Since CBM is a sequence of ’1’s and ’0’s, it can be coded as a sequenceof bytes representing runs of subsequent ’1’s and ’0’s. It can be noted that the exact number of bytesrequired to represent CBM depends on the composition of CBM . The CBM vector for image img can becoded as CBM [1, 3, 1, 1, 1], indicating that the first 3 bits are ’1’s followed by ’0’, ’1’ and ’0’. The techniqueused in this example encodes the first byte with the value of the first bit in CBM . The second byteencodes the run of the bit type represented by the first byte. Subsequent bytes alternatively encode theruns of 1s and 0s (0s and 1s). It shall be noted that the encryption technique is independent of the codingtechnique used.

4This section has clearly described the concept of Pixel Property Separation and the representation ofimages using the vectors P os and CBM . The next section develops the encryption algorithm based onthis technique.3E NCRYPTIONBYP IXEL P ROPERTY S EPARATIONThe Encryption scheme is a Secret Key Algorithm requiring 2 keys . It operates on the input plain imageimg with width W and height H , the two encryption keys key1 and key2 and generates the encryptedimage img0 with width W 0 and height H 0 (representing the ciphertext as img 0 with W 0 H 0 pixels isoptional, the ciphertext can be represented as a byte sequence). The input plain image uses a coloursystem S composed of s colours, the number of distinct colours in img being s. For a 24 bit RGBcolour space, S is the set of all colour values from 0 to 224 1 and s 224 . The scheme uses theencryption keys to generate a set of Random Permutation RP s to separately encode the pixel positionand colour. The composition of the RP s cannot be determined by the keys alone. This is because, thegeneration of a permutation in any iteration not only depends on the key, but also depends on the resultsof the previous iteration. Hence, the RP s used in this encryption scheme depend both on the key andthe plaintext. This renders the technique robust against Plaintext Attacks.Encryption by Pixel Property Separation (EA) is completely based on the technique of separating pixelposition and colour. To achieve better encryption strength, the basic design (BD) of separating pixelproperties, explained in the previous section has been modified. The following enlists the modifications.1) EA uses N RP number of RP s (RP1 , RP2 , . . . , RPN RP ) to create the P os vector while BD used onlyone permutation with colour order [C0 , C1 .Cs ]2) EA uses one of the s! (224 ! for 24 bit RGB colours) random colour permutations composed of allthe colours in S as its first permutation. This is used as the first permutation RP1 in the creationof the P os vector and is also used to create the CBM . BD uses a known colour order [C0 , C1 .Cs ]which is not randomly picked.3) For any colour C S considered for processing in an RP , EA places exactly one pixel’s position(x, y) in the P os vector, while BD placed the positions of all the pixels bearing colour CAt any stage in the encryption scheme, the RP s are used to define a random colour order. The numberof elements in the first permutation RP1 is equal to that of the set S . RP1 needs to consider all the coloursin S as it is also used to generate the vector CBM . RP1 defines a random colour order for all the coloursin S . The size and the composition of the remaining (N RP 1) RP s, RP2 through RPN RP , depend onthe number of colours available for processing at the point of generation of the RP . In the illustrationof Section 2, the colour order [C0 , C1 , C2 , C3 , C4 , C5 ] can be regarded as RP1 and it defines an order forall the colours C0 through C5 . Hence, the size of RP1 is 6. Applying modification 3 to this illustrationwould result in the consideration of one pixel each of colours C0 , C1 , C2 and C4 in the first iterationusing RP1 . It can be noted that the order of colours considered is same as that in RP1 . For the seconditeration, colours C1 , C3 , C4 , and C5 can be discarded as there are no pixels bearing these colours. Hencefor RP2 , there remain only two colours C0 and C2 that need an order. RP2 would then be composed oftwo elements. After the second iteration, there remain three pixels for processing, bearing two distinctcolours C0 and C2 . Hence, the number of elements in RP3 is 2.It can be noted that each RP defines a colour order for the pixels considered for processing. However,after the third iteration, there remains only one pixel at position (1, 2) bearing C0 . Since there is onlyone colour available for processing, there cannot be a colour order defined. Hence, for the image imgin Figure 1, three permutations RP1 , RP2 and RP3 suffice to create the P os vector. Hence, the value ofN RP for img is 3. The value N RP (Number of Random Permutations) makes sure that there are enoughRP s available to define a colour order for pixels, processed at the rate of ’one pixel per colour per RP ’,until there are pixels to be processed in the plaintext bearing at least two colours. The key key1 is usedto generate the N RP permutations RP1 to RPN RP . The derivation of N RP for an image can be foundin the Appendix.It can be noted that the value of N RP , the number of elements and the composition of the permutationsRP2 through RPN RP depends on the number of colours available for processing at any point in theencryption process. This in turn depends on the number of pixels bearing each colour C S in theplaintext. Hence, the size and the composition of the random permutations used to create the P os vectordepends on both the key1 and the plaintext. This greatly increases the cryptanalytic complexity andrenders the technique robust against Plaintext Attacks.The vector CBM is created using the first permutation RP1 , coded and digitally represented asdescribed in the previous section. The ciphertext is formed by concatenating the P os and the CBMvectors. The ciphertext bytes are finally shuffled using a random permutation. However, before the finalshuffle, the encryption technique carries out two steps described below.

5If the ciphertext needs to be represented as an image img’, the ciphertext bytes needs to be padded torender img’ as a rectangular image with integral values for W 0 and H 0 and with each pixel composedof 3 bytes (considering 224 colours). The values for the padding bytes needs to be randomly chosen andshould not follow any pattern. The padding bytes are augmented to the ciphertext bytes before applyingthe final shuffle. Vector P [P0 , P1 , . . . , Pp 1 ] gives the padding bytes where p is the number of paddingbytes necessary. It shall be noted that this is an optional step and hence need not be carried out by animplementation. The determination of the number and the values for the padding bytes is not discussedin this paper.From the previous section, it can be noted that each entry in the P os vector can be digitally representedusing (bw bh 1) bits. To correctly decode such a bit-packed P os vector, the knowledge of bw and bhis necessary. Without these values, it is not possible to discern how many bits are to be considered forthe ’x’ and the ’y’ co-ordinate entries. Hence, the image width W and the height H values need toencoded as part of the ciphertext. The cryptanalytic complexity can be greatly increased if these valuesare randomly placed within the ciphertext. Since the values of W and H is not known, the cryptanalystneeds to attempt decryption considering all possible combination of bw and bh values to decode the P osvector. Section 4.2 derives an equation for the number of ciphertext byte combinations that need to beextracted from the ciphertext to list all possible candidates for W and H . Assuming a maximum value of65535 for W and H , the encryption technique uses two bytes each (W1 , W2 ) and (H1 , H2 ) to represent Wand H respectively, with W1 , H1 being the lower and W2 , H2 , the higher bytes. The technique randomlyplaces the four size bytes in the ciphertext after padding. It can be noted that the technique is not limitedto using two bytes to represent W and H . The following example illustrates the encryption technique.Fig. 2: Plaintext Dependent Random PermutationsThe example depicted in Figure 1 has been used to illustrate the technique. Figure 2 depicts the randompermutations used to encrypt img. For img, bw bh 2, N RP 3, W1 H1 0 and W2 H2 3.The first entry in RP1 is ’3’. But from the colour vector CV (Figure 1), it can be noted that no pixelbears C3 . Hence, there are no P os entries corresponding to C3 . Since no pixels bear C5 , there are no P osentries corresponding to the second entry ’5’. The third entry in RP1 corresponds to colour C0 and hencethe first entry in P os is {(0, 0) , 0}. Similarly, the P os entries corresponding to colours C4 , C2 and C1 (inthat order) are {(1, 0) , 1}, {(0, 1) , 1} and {(2, 0) , 1}. Let noc represent the number of distinct colours inimg (noc 4 in this example). It can be noted that in this technique, RP1 processes exactly noc pixels.For RP2 , only C0 and C2 remain for processing. The first entry in RP2 is ’1’, which picks the secondavailable colour for processing in CV , which is C2 . Hence, the fifth entry in P os is {(1, 1) , 0}. Similarly,after processing all pixels, the P os vector corresponding to img and the permutation set in Figure 2 isgiven byP os [{(0, 0) , 0} , {(1, 0) , 1} , {(0, 1) , 1} , {(2, 0) , 1} , {(1, 1) , 0} , {(2, 1) , 0} , {(0, 2) , 0} , {(2, 2) , 1} , {(1, 2) , 1}] [2, 71, 21, 72, 149, 104]Vector CBM is created using the colour order defined by RP1 . CBM [0, 0, 1, 1, 1, 1] [0, 2, 4].P os and CBM are concatenated to form the vector P B with pb elements.P B [P os, CBM ] [2, 71, 21, 72, 149, 104, 0, 2, 4], pb 9As mentioned earlier, the values W1 , H1 , W2 and H2 need to be placed at random positions within theciphertext. But the size of the ciphertext after placing these bytes would be pb 4 13, which is not amultiple of 3. P B needs to be padded with two bytes P0 and P1 to make the ciphertext size equal to 15.Let P0 157 and P1 43.P B 0 [P B, P0 , P1 ] [2, 71, 21, 72, 149, 104, 0, 2, 4, 157, 43]To determine the random positions for the 4 size bytes within P B 0 , the key key2 is used to generate aRandom Permutation SP composed of (pb p) numbers (11 in this example) with values ranging from 0to (pb p 1). The first four entries of SP are used as byte positions to place W1 , H1 , W2 and H2 withinP B 0 to create vector F 0 with f (pb p 4) elements. Considering SP in Figure 2,

6F 0 [H1, 2, 71, 21, W 2, 72, H2, 149, 104, 0, 2, 4, W 1, 157, 43] [0, 2, 71, 21, 3, 72, 3, 149, 104, 0, 2, 4, 0, 157, 43], f 15Finally, the vector F 0 is transposed using a random permutation T P with f elements with values rangingfrom 0 to (f 1). Key key2 is used to generate T P . F T P (F 0 ) F0 , F1 , . . . , Ff 1 [149, 2, 72, 21, 4, 157, 0, 71, 104, 3, 2, 3, 0, 0, 43]The ciphertext size is f 15 bytes and is composed of nop (f /3) 5 pixels. Starting from the set[F0 , F1 , F2 ], each set of 3 bytes in sequence represents a pixel. The values W 0 and H 0 are any two factorsof nop such that W 0 H 0 nop. Assuming W 0 5 and H 0 1, the cipher image img 0 is given by,9765448413774371828019712343C RYPTANALYSISThis section explicates the different techniques for cryptanalysis. The Brute Force and the Plaintext attackshave been analysed. Differential Cryptanalysis has been discussed as part of Section 5.4.1 Brute Force AttackIn a Brute Force Attack, the algorithm implementation is considered as a black box and all valid keycombinations are attempted until the correct key is discovered. The complexity of such an attack dependson the size of the keys used for encryption.Key Size key1: The maximum size of key1, N BK1 , for a given plain image depends on the valueof N RP and the number of elements in each of the N RP permutations. The first permutation RP1 iscomposed of 224 numbers that can be arranged in 224 ! ways. If noci represents the number of coloursavailable for processing for permutation RPi , then for a given plain image, the maximum number of key bits in key1 is N BK1 log2 224 ! (dnoc2 !e) (dnoc3 !e) . . . , (dnocN RP !e) . However, an implementation canchoose N BK1 independent of the plaintext. The permutation generator generates one of the 2N BK1possible combinations of N RP permutations.Key Size key2: Key key2 is used to generate SP and T P . Like key1, the size of key2, N BK2 , dependson the ciphertext size (f W 0 H 0 3), which is a variable entity. But, the size of key2 can be chosenindependent of the ciphertext size, because, though the value of (f ) is plaintext/ciphertext dependent,the Random Permutation Generator generates one of the 2N BK2 random permutations of composed of(f ) numbers.In the proposed scheme, it is not possible to individually determine key1 or key2 during decryption.This is because the correctness of the decryption attempts involving key1 or key2 cannot be determineduntil the entire decryption process is complete and the result is verified for correctness. Hence, on average, 2N BK1 N BK2 /2 attempts are required to successfully compromise the keys.Also, the presence of any colour in the plaintext is flagged as a bit in the tuple CBM and hence is notknown to the cryptanalyst. While decryption, as each element P osk is considered, if the pixel img (wk , hk )bearing the colour C is the last pixel of that colour (indicated by f lgk 1), then C is discarded for furtherprocessing, as there are no more pixels of colour C available. The information as to what colours haveto be discarded in RPn is known only after all the colours available for the previous permutation RPn 1have been considered for processing. Hence, for a given set of keys and a given ciphertext, decryption isa sequential process and can not be parallelized. This greatly increases the complexity of the Brute ForceAttack.4.2 Ciphertext only AttackThis method considers different stages in the decryption process and determines the candidates for eachstage without using the encryption keys. The right set of candidates will successfully decrypt the cipherimage. The method consists of the following stages.Reverse Transposition: This is the process of deriving F 0 from the transposed encoded byte vector F . Sincethe size of F is f bytes, there are (f !) possible arrangements, one of them being F itself. Therefore thereare (f )! 1 different possible candidates for F 0 . Since the values of the bytes in F are just numbers,there is no specific signature or references that can prove the validity of the reverse transposition resultas a valid candidate for F 0 . Hence, only after the entire decryption process that the validity of anyreverse transposition result be proved. The average number of complete decryptions to successfully getthe correct solution for this stage is ((f ! 1) /2).

7Derivation of W and H: This step involves the extraction of the randomly placed 4 size bytes W1 ,W2 , H1 and H2 in F 0 . Since W and H are unknown, all possible width and height values have to beconsidered for decryption. There are f P4 ways of choosing 4 out of a set of f bytes. Since 2 bytesrepresent W or H , the plaintext can have a maximum of 65536 65536 pixels, which is not the casealways. If the plaintext supports a maximum size of 4096 4096, then the most significant byte of thewidth and the height cannot exceed the threshold value of 16. All values that exceed this threshold inthe higher byte can be discarded. Also, the set of bytes which result in a value 0 for any of W or H canbe discarded. This knowledge assists in eliminating all invalid byte combinations as candidates for thisstage. Assuming that there are z bytes with value zero and u bytes with value greater than the thresholdand if, M is the no. of combinations such that W or H 0, T is the no. of combinations such that W2or H2 t and M T is the no. of combinations satisfying both M and T , the number of valid candidatesfor this stage is given byV f P4 M T M T 1(1)where, - M z P4 4 (f z) (z P3 ) 2 (z P2 ) (f z) P2 - T u P4 4 (f u) (u P3 ) 5 (u P2 ) (f u) P2 2 (u) (f u) P3- M T 2 (u) (f u) (z P2 ) 2 (z P2 ) (u P2 )M T is added to V because these combinations are internally eliminated twice in the equation, once inM and one more time in

Brute Force and Statistical . scanned data, building plans and blue-prints to be safe-guarded against espionage. Considering the . positions of the pixels bearing C is augmented to Pos. Flag flg is als