Research Article

An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants

Volume: 6 Number: 4 July 9, 2026

An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants

Abstract

Chaotic image cryptography studies, which are quite popular, are often presented with robust statistical metrics, but how a scheme behaves under active attack is rarely analyzed. This paper examines this gap in a fixed chaotic image encryption kernel by considering three versions derived from the same design: a deterministic basis, a random number-based variant, and an authenticated variant. The variants are diversified without altering the internal permutation-diffusion stages, making the effect of random number insertion and ciphertext authentication directly observable. Experiments were performed on 39 images from the USC SIPI miscellaneous set. To maintain a common processing path, grayscale images were converted to RGB form where necessary, and 325 dimensionally compatible left-right oracle pairs were generated. The evaluation was designed to combine three components: traditional statistical image encryption metrics, empirical oracle game experiments compatible with CPA, CCA1, and CCA2-focused attack settings, and cost-of-implementation metrics. Across the three variants, the statistical profile remained broadly similar. Mean ciphertext entropy stayed near 7.992, while effective one-pixel NPCR and UACI averages remained near 99.61% and 33.46%, respectively, very close to ideal values. Full dataset ablation that retained three null-perturbation cases yielded lower pooled values near 91.94% and 30.89%. However, the security results provided a clearer differentiation between the variants. While the deterministic basis was observed to be completely vulnerable, the nonce-based variant eliminated deterministic replay vulnerability but remained distinguishable in CPA and CCA1-aligned experiments, with average success rates of 0.7754 and 0.7292, respectively. The authenticated variant did not eliminate distinguishability on the CPA side, but the modified challenge reduced the CCA2-aligned success rate to 0.4969, consistent with random guessing, and rejected all tampering attempts tested. This added layer of protection resulted in a limited additional cost. The ciphertext expansion increased from 0.02722% to 0.03903%, and the average total latency increased by approximately 1.16 ms. When the results are considered together, it is concluded that strong statistical image encryption performance alone does not necessarily translate to stronger practical security; the decisive improvement stems from the addition of ciphertext authentication.

Keywords

References

  1. Hasan, F., Simpson, L., Baee, M. A. R., Islam, C., Rahman, Z., Armstrong, W., Gauravaram, P., & McKague, M. A. (2024). A framework for migrating to post-quantum cryptography: Security dependency analysis and case studies. IEEE Access, 12, 23427–23450. https://doi.org/10.1109/ACCESS.2024.3360412
  2. Bellare, M., Desai, A., Pointcheval, D., & Rogaway, P. (1998). Relations among notions of security for public-key encryption schemes. In H. Krawczyk (Ed.), Advances in Cryptology — CRYPTO ’98 (Lecture Notes in Computer Science, Vol. 1462, pp. 26–45). Springer. https://doi.org/10.1007/BFb0055718
  3. Cramer, R., & Shoup, V. (1998). A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In H. Krawczyk (Ed.), Advances in Cryptology — CRYPTO ’98 (Lecture Notes in Computer Science, Vol. 1462, pp. 13–25). Springer. https://doi.org/10.1007/BFb0055717
  4. Fujisaki, E., & Okamoto, T. (1999). Secure integration of asymmetric and symmetric encryption schemes. In M. Wiener (Ed.), Advances in Cryptology — CRYPTO ’99 (Lecture Notes in Computer Science, Vol. 1666, pp. 537–554). Springer. https://doi.org/10.1007/3-540-48405-1_34
  5. Bellare, M., & Namprempre, C. (2008). Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology, 21, 469–491. https://doi.org/10.1007/s00145-008-9026-x
  6. Bellare, M., Desai, A., Jokipii, E., & Rogaway, P. (1997). A concrete security treatment of symmetric encryption. In Proceedings of the 38th Annual Symposium on Foundations of Computer Science (pp. 394–403). IEEE. https://doi.org/10.1109/SFCS.1997.646128
  7. Fridrich, J. (1998). Symmetric ciphers based on two-dimensional chaotic maps. International Journal of Bifurcation and Chaos, 8, 1259–1284. https://doi.org/10.1142/S021812749800098X
  8. Alghamdi, Y., Munir, A., & Ahmad, J. (2022). A lightweight image encryption algorithm based on chaotic map and random substitution. Entropy, 24(10), 1344. https://doi.org/10.3390/e24101344

Details

Primary Language

English

Subjects

Electrical Engineering (Other)

Journal Section

Research Article

Publication Date

July 9, 2026

Submission Date

March 30, 2026

Acceptance Date

July 3, 2026

Published in Issue

Year 2026 Volume: 6 Number: 4

APA
İnce, C., & İnce, K. (2026). An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants. Engineering Perspective, 6(4), 511-525. https://doi.org/10.64808/engineeringperspective.1919463
AMA
1.İnce C, İnce K. An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants. engineeringperspective. 2026;6(4):511-525. doi:10.64808/engineeringperspective.1919463
Chicago
İnce, Cemile, and Kenan İnce. 2026. “An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher With Nonce-Based and Authenticated Variants”. Engineering Perspective 6 (4): 511-25. https://doi.org/10.64808/engineeringperspective.1919463.
EndNote
İnce C, İnce K (July 1, 2026) An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants. Engineering Perspective 6 4 511–525.
IEEE
[1]C. İnce and K. İnce, “An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants”, engineeringperspective, vol. 6, no. 4, pp. 511–525, July 2026, doi: 10.64808/engineeringperspective.1919463.
ISNAD
İnce, Cemile - İnce, Kenan. “An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher With Nonce-Based and Authenticated Variants”. Engineering Perspective 6/4 (July 1, 2026): 511-525. https://doi.org/10.64808/engineeringperspective.1919463.
JAMA
1.İnce C, İnce K. An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants. engineeringperspective. 2026;6:511–525.
MLA
İnce, Cemile, and Kenan İnce. “An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher With Nonce-Based and Authenticated Variants”. Engineering Perspective, vol. 6, no. 4, July 2026, pp. 511-25, doi:10.64808/engineeringperspective.1919463.
Vancouver
1.Cemile İnce, Kenan İnce. An Empirical Oracle-Game Study of CPA and CCA2 Oriented Tradeoffs in a Chaotic Image Cipher with Nonce-Based and Authenticated Variants. engineeringperspective. 2026 Jul. 1;6(4):511-25. doi:10.64808/engineeringperspective.1919463

download?token=eyJhdXRoX3JvbGVzIjpbXSwiZW5kcG9pbnQiOiJqb3VybmFsIiwib3JpZ2luYWxuYW1lIjoiQ2l0ZVNjb3JlMjAyNV9FbmdpbmVlcmluZ19QZXJzcGVjdC5wbmciLCJwYXRoIjoiMjk0YS81N2EyLzlmYzcvNmEyMDA1NTk1OTk0NjMuMTIyOTg1NTEucG5nIiwiZXhwIjoxNzgwNDg3MDE3LCJub25jZSI6ImFjOTI3ZGIxMTUyNGUwZWRhYTlmMzc4ZDk4ZWIwOWQ0In0.VU0eXdFjkzGH_RYBvG3PsXcGoypETO7r1qIe7dMExbU