An image-encryption experiment built on chaotic maps, NCA-CML keystreams, and DNA-style transforms.
Overview β’ Pipeline β’ Installation β’ Usage β’ Testing β’ Limitations
Caution
Sphinx is not a secure cryptography library. It is an educational prototype and code-rehabilitation exercise. For any real confidentiality or integrity requirement, use standard authenticated encryption such as AES-GCM or ChaCha20-Poly1305. This scheme has not been formally analyzed or security-proven.
Sphinx is a research-inspired image cipher for studying how design choices affect diffusion, damage locality, and failure modes in custom encryption schemes. It uses:
- SHA-256-derived one-time tokens seeded from an image summary vector plus either local randomness (
secrets) or an optional quantum source (ANU QRNG API). - An NCA-CML-inspired keystream generator for deterministic rule selectors, row/column operations, and per-pixel keystreams.
- DNA-style encoding and operations β one of eight encoding rules per channel, followed by DNA addition, subtraction, or XOR.
The current version is a portfolio cleanup of an earlier prototype, focused on reproducibility, cleaner interfaces, and more honest claims about what the code actually does.
flowchart TD
A[Load RGB image] --> B[Derive 256-bit experiment token\nimage summary + secrets / ANU QRNG]
B --> C[Split into tiles]
C --> D[Per-tile token derivation]
D --> E[NCA-CML rule & keystream generation]
E --> F[DNA encode RGB channels\none of 8 rules per channel]
F --> G[Interleave DNA rows\nshuffle columns]
G --> H[Apply DNA row operations\naddition Β· subtraction Β· XOR]
H --> I[Decode with complementary DNA rules]
I --> J[Pixel diffusion stage]
J --> K[Save encrypted tile]
K --> L{More tiles?}
L -- yes --> D
L -- no --> M[Save encrypted image + token]
Decryption runs the same pipeline in reverse, tile by tile.
The old implementation used a single image-wide permutation. Its failure mode: any localized damage to the ciphertext β a corrupted region, a partial write β was scattered across the entire decrypted image by the inverse permutation.
The current implementation encrypts each tile independently, which means:
- localized ciphertext damage stays localized after decryption,
- damaged regions are easy to visually inspect and isolate,
- the diffusion/locality tradeoff is explicit and configurable via
--tile-size.
Smaller tiles contain damage more aggressively. --tile-size 0 runs a single whole-image block, matching the behavior of the old scheme.
python -m pip install -r requirements.txtEncrypt with the default tile size:
python encrypt.py images/m6kuvrsdpy551.png --token-file output/token.jsonEncrypt with a smaller tile size for tighter damage containment:
python encrypt.py images/m6kuvrsdpy551.png --tile-size 32 --token-file output/token.jsonEncrypt with analysis plots:
python encrypt.py images/m6kuvrsdpy551.png --plot --token-file output/token.jsonDecrypt using the saved metadata file:
python decrypt.py encrypted_output/<encrypted-file>.png --token-file output/token.jsonDecrypt by passing the token directly:
python decrypt.py encrypted_output/<encrypted-file>.png --token <64-hex-token> --tile-size 64To use the ANU quantum RNG source, set the SPHINX_ANU_API_KEY or ANU_API_KEY environment variable before running.
sphinx/
βββ encrypt.py # CLI entrypoint β encryption
βββ decrypt.py # CLI entrypoint β decryption
βββ functions/
βββ pipeline.py # Deterministic tile-local orchestration
βββ generateSecureKey.py # Token derivation and analysis helpers
βββ ncaCml.py # NCA-CML parameter updates, rule selection,
β # permutations, and keystream generation
βββ matrixDNAManipulator.py # 8 DNA rules + addition, subtraction, XOR, inverses
python -m unittest discover -s testsThe test suite covers:
- encrypt/decrypt round-trip correctness,
- DNA encode/decode round-trip,
- RGB channel ordering,
- deterministic NCA-CML key-material generation,
- CLI smoke tests,
- localized damage staying within its originating tile.
- The algorithm is custom and provides no formal security guarantees. Do not use it to protect sensitive data.
- Tile-local processing improves resilience to partial data loss at the cost of reduced global diffusion relative to a whole-image permutation.
- The implementation is inspired by chaos-based image-encryption literature (see Reference), but is a pragmatic reconstruction, not a claim of exact scientific reproduction.
- The ANU QRNG path is optional and requires an API key.
Inspired by chaos-based image-encryption literature, including:
Hua, Z. et al. (2018). 2D Sine Logistic modulation map for image encryption. Information Sciences. doi:10.1016/j.ins.2018.04.013