Color Image Encryption Based on an Evolutionary Codebook and Chaotic Systems

Abstract

Encryption of images is an important method that can effectively improve the security and privacy of crucial image data. Existing methods generally encrypt an image with a combination of scrambling and encoding operations. Currently, many applications require highly secure results for image encryption. New methods that can achieve improved randomness for both the scrambling and encoding processes in encryption are thus needed to further enhance the security of a cipher image. This paper proposes a new method that can securely encrypt color images. As the first step of the proposed method, a complete bit-level operation is utilized to scramble the binary bits in a color image to a full extent. For the second step, the bits in the scrambled image are processed with a sweeping operation to improve the encryption security. In the final step of encryption, a codebook that varies with evolutionary operations based on several chaotic systems is utilized to encrypt the partially encrypted image obtained in the second step. Experimental results on benchmark color images suggest that this new approach can securely encrypt color images and generate cipher images that remain secure under different types of attacks. The proposed approach is compared with several other state-of-the-art encryption approaches and the results show that it can achieve improved encryption security for cipher images. Experimental results thus suggest that this new approach can possibly be utilized practically in applications where color images need to be encrypted for content protection.

1. Introduction

Nowadays, images have become an important form of digital data that can accurately store a large amount of information. The contents in many images contain crucial information and thus need to be made available only to certain groups of individuals. The security of such images is generally improved by algorithms designed to encrypt images [1,2]. To achieve satisfactory security levels for cipher images, numerous computational methods have been developed for the encryption of images [3,4,5,6,7]. So far, three important types of computational methods have been developed for image encryption, including approaches that perform encryption by pixel permutations [3,8], methods that encrypt images by transformations of pixel values [4,9,10], and encryption techniques based on chaotic systems [5,11].

For methods based on pixel permutations, the pixels in an image are relocated to new positions for encryption. For instance, the work in [12] encrypts an image by changing pixel locations based on ergodic matrices. In [13], the positions of pixels are changed with Peano–Hilbert curves to significantly reduce the spatial correlations among them. In [14], images are encrypted by combining a variety of permutation techniques with edge maps constructed from source images. In [8], locations and pixel values are both changed to process a plain image to generate its cipher image. The work in [3] utilizes a permutation–diffusion architecture together with a skew tent map system to encrypt images. In [15], an elliptic curve random generator is employed to significantly enhance the security of cipher images.

Another method applies transformations to pixel values in an image to perform its encryption. For example, the gyrator transform is utilized together with the Arnold transform to generate cipher images [16]. In [9], the Arnold transform is combined with the discrete fractional random transform (DFRNT) to encrypt color images. In [17], deoxyribonucleic acid (DNA) encoding is used along with elliptic curve cryptography (ECC) to obtain cipher images with improved security. In [18], images are encrypted by a method that integrates compressive sensing with information hiding. The work in [19] proposes a novel type of discrete fractional Fourier transforms (DFrFs) based on a random-matrix scheme for the encryption of images. In [10], encryption of an image is performed by changing the pixel values in the image by the fractional Fourier transform (FRFT). The work in [20] encrypts color images based on a method that utilizes a Mandelbrot set along with DNA sequence operations and the Arnold map. In [4], images are iteratively encrypted with an approach that uses random phase encoding and gyrator transform. The work in [21] develops an approach that can encrypt images with a constructed nonlinear S-box. In [22], images are adaptively encrypted by using a self-adaptive permutation–diffusion approach together with DNA random encoding. The work in [23] shows that DNA coding and compressive sensing can be combined to generate cipher images with significantly improved security.

Recently, chaotic systems have provided an important tool that can securely encrypt images [5,7]. Specifically, due to the fact that chaotic systems can generate outputs that are sensitive to their inputs to a high degree, cipher images with high security can be obtained by processing plain images with information generated from one or several chaotic systems. In [24], a piecewise linear chaotic transformation is utilized for the construction of a pseudo-random key stream sequence to encrypt an image. In [25], a system based on a neotype chaotic product trigonometric map (PTM) is proposed for the encryption of images. In [26], an image is encrypted by modifying the gray values and locations of pixels in the image based on several one-dimensional logistic systems. In [6], a plain image is processed with the information generated from a few chaotic systems to change the locations of its pixels for its encryption. In [27], a particle swarm optimization method is used along with chaotic systems to improve the security of cipher images. The approach proposed in [11] encrypts images with a high-dimensional chaotic system and several sequences of pseudo-random numbers obtained based on a simple perception. In [28], a few chaotic systems are utilized to control an evolutionary process that can encrypt color images.

Since the randomness associated with the outputs of chaotic systems generally leads to improved security for cipher images, methods that can effectively combine chaotic systems with other encryption techniques have been proposed for image encryption [20,29,30,31,32]. For instance, a method that utilizes both fractal sorting matrices (FSMs) and global chaotic pixel diffusion is proposed in [32] to encrypt images. In [29], DNA sequence operations are effectively combined with chaotic systems to process a plain image for its encryption. The method developed in [33] constructs a two-dimensional logistic tent modular map (2D-LTMM) to improve the security of a cipher image. In [34], a secure hash algorithm (SHA), SHA-2, is utilized with DNA operations and hyper-chaotic systems to encrypt images. The method proposed in [35] integrates a chaotic system that contains a hidden attractor with the Knuth–Durstenfeld algorithm to enhance encryption security. In [36], DNA sequence operations are used with hyper-chaotic systems for image fusion encryption. The work in [37] encrypts images using the information obtained based on the mixed linear–nonlinear coupled map lattices (MLNCMLs). The work in [38] proposes an approach that employs DNA sequence operations and chaotic systems to significantly enhance encryption security. In [39], the security of cipher images can be enhanced by the integration of a permutation–substitution (SP) network with chaotic systems. In [31], the security of cipher images is improved by using DNA operations with a 5D hyper chaotic system for encryption.

Although most of the computational methods that have been proposed for image encryption can achieve excellent performance on encryption security, new encryption approaches that can further enhance the security of encryption are highly desirable to further upgrade the security level of cipher images. Encryption security can potentially be improved in two aspects. Firstly, the scrambling process utilized to eliminate the local correlations that usually exist among pixels in a plain image can be performed with new bit-level operations to completely remove the information in a plain image. In addition, the encryption security can possibly be further improved by applying an additional bit-level transformation to the bits in a scrambled image. Secondly, transformations that can enhance the randomness of a cipher image can be utilized to further improve the security of encryption.

In this paper, a new method is proposed to securely encrypt color images using an evolutionary codebook determined based on the information generated by a number of chaotic systems. The proposed method encrypts a color image in three phases. In the first phase, binary bits that represent the values of pixels in a plain image are partitioned into a few sequences with a number of mappings generated from a one-dimensional logistic system. The binary bits in each sequence are placed into a rectangular structure constructed from the output of a second one-dimensional logistic system. Each bit in the rectangular structure is relocated to a new position in the structure based on a set of operations performed on each row and column in the structure. The bits in the rectangular structure are mapped back to the sequence based on the transformation utilized to construct the rectangular structure. The scrambling process is complete when the bits in each sequence have been relocated to new positions in the sequence. In the second phase, a sequence of bit exclusive-or operations is accumulatively applied to the bits in each column and row of a scrambled image to further improve the plain image sensitivity of a cipher image. A partially encrypted image can be obtained as a result. In the third phase, the binary bits in a partially encrypted image are sequentially divided into several subsequences with the same length. All subsequences are encoded sequentially based on an evolutionary codebook generated from several chaotic systems. After the encoding of a subsequence is performed, the codebook is updated by a cross-over operation and a mutation operation determined by the outputs of the chaotic systems. A cipher image can be obtained by combining the encoded sequences of all subsequences in the partially encrypted image.

A summary of the major contributions of the paper can be listed as follows.

• A new approach that can fully scramble the bits in a plain image and significantly reduce the local correlations that usually exist among pixels in the image is proposed.
• A bit-level sweeping approach that can improve the plain image sensitivity of a cipher image is proposed.
• A novel method that can securely encrypt the values of pixels in a scrambled image with a codebook constructed and varied using a number of chaotic systems is proposed.

Estimation suggests that the proposed method has a key space that is large in size, which indicates that attacks based on an exhaustive search cannot decipher a cipher image obtained using the proposed method. For testing, a number of benchmark color images and color images selected from the BSD dataset [40] are encrypted with the proposed method. Evaluations based on several different measures of security show that the proposed approach is capable of generating cipher images with high security. A comparison of the proposed approach with a few other state-of-the-art methods for encryption suggests that this new approach can provide cipher images that have improved overall security.

2. Materials and Methods

The proposed approach processes a plain color image in three phases to obtain its cipher image. For the first phase, the binary bits that represent the values of pixels in the plain image are partitioned into sequences and the bits in each sequence are scrambled with a rectangular structure constructed based on a one-dimensional logistic system. The scrambled sequences are then combined into a scrambled image. In the second phase, the bits in each row of a scrambled image are accumulatively processed by a sequence of exclusive-or bit operations, followed by a set of exclusive-or bit operations accumulatively applied to the bits in each column of the scrambled image. A partially encrypted image is generated as a result. In the third phase, the binary bits in a partially encrypted image are grouped into subsequences, and all subsequences are sequentially encoded with an evolutionary codebook. After a subsequence is encoded, the codebook is modified by a cross-over operation and a mutation operation determined from the information generated by a number of chaotic systems. A cipher image is obtained when the encoding of all subsequences is complete.

Figure 1 provides a description of the major steps of the first phase of the proposed approach. From the information generated by a one-dimensional logistic system, a mapping is generated for each pixel in a plain image. Based on these mappings, the binary bits that represent the values of pixels in the plain image are partitioned into several sequences of bits. For each sequence, a rectangular structure is constructed from the output of another logistic system, and the bits in the sequence are sequentially mapped into the rectangular structure. The bits in each row of the rectangular structure are relocated to new positions in the same row based on a positive integer key that is associated with the row. Similarly, the locations of the bits in each column of the structure are changed to new values using a map constructed from the integer key for the column. After the relocations of all bits are performed, the bits in the rectangular structure are mapped back to the sequence to complete the scrambling operation on the sequence. A scrambled image is obtained after the scrambling operations on all sequences have been performed.

The major steps that implement the second phase of the proposed approach are shown in Figure 2. Firstly, for each row in a scrambled image, a left-to-right sweeping operation is performed on all bits in the row such that each bit is replaced by the exclusive-or of all bits to the left of the bit and itself. A similar right-to-left sweeping operation is then applied to all bits in the same row, where each bit is replaced by the exclusive-or of all bits to the right of the bit and itself. Secondly, for each column in a scrambled image, all bits in the column are processed such that each bit is replaced by the exclusive-or of all bits above the bit and itself. All bits in the same column are then processed in a bottom-up order, where each bit is replaced by the exclusive-or of all bits below the bit and itself. A partially encrypted image is obtained after the operations on all rows and columns are complete.

Figure 3 illustrates the major steps in the third phase of the proposed approach. For encoding, the binary bits in a partially encrypted image are sequentially divided into a number of subsequences of a given length. Each subsequence is encoded with a codebook constructed from the information generated by a number of chaotic systems. After a subsequence is encoded, the entries in the codebook are relocated to new positions based on a cross-over operation and a mutation operation determined by the information generated by the chaotic systems. For the cross-over operation, an integer key obtained from the output of a chaotic system is utilized to partition the codebook into two different parts, the entries in each part are then relocated to new positions based on the outputs of two other chaotic systems. The entries in both parts are combined into a new codebook. For the mutation operation, each entry in a codebook is moved to a new position in the codebook using a mapping based on the output of another chaotic system. A cipher image is generated after all subsequences are sequentially encoded with the evolutionary codebook.

A cipher image can be decrypted in three major phases. In the first phase of decryption, the binary bits that represent the values of pixels in the cipher image are sequentially divided into subsequences based on the length of the subsequences used in encoding. The evolutionary codebook used to encode the pixel values in a partially encrypted image is sequentially constructed and searched to determine the decrypted subsequence for each subsequence in the cipher image. A partially decrypted image is obtained by combining the decrypted subsequences into a color image.

In the second phase of decryption, the bits in each column of the partially decrypted image are first processed based on a sequence of accumulative bit exclusive-or operations. Specifically, each bit in the column is first replaced by the exclusive-or of all bits below it and itself. After the operation is complete, each bit in the column is replaced by the exclusive-or of all bits above it and itself. Each row is processed similarly after all columns are processed. Each bit in a row is first replaced by the exclusive-or of all bits to the right of the bit and itself. After the operation is complete, each bit in the row is replaced by the exclusive-or of all bits to the left of the bit and itself. A scrambled image is obtained as a result.

In the third phase of decryption, the binary bits in the scrambled image are partitioned into several sequences based on the mappings used to partition the plain image in the scrambling process. For each sequence, the rectangular structure used to relocate the bits in the sequence for scrambling is constructed and the mapped position for each bit location in the sequence is obtained based on the scrambling operations performed in each row and column of the rectangular structure. An array can be maintained to store the mapped position for each bit location in the sequence. Based on the array, each bit in the sequence can be moved to its original position in the plain image. The plain image of the cipher image is recovered when the bits in all sequences have been moved to their original positions in the plain image.

2.1. The Scrambling of Bits

Let $P$ be a plain color image that contains $h$ rows and $w$ columns, $P(i,j, 1)$, $P\left(i,j,2\right)$, and $P\left(i,j,3\right)$ represent the R, G, and B components of the pixel in row $i$ and column $j$ of $P$, respectively, where $1\le i\le h$ and $1\le j\le w$ hold for integers $i$ and $j$. Since the R, G, and B components associated with a pixel contain 24 bits in total, the binary bits in $P$ are partitioned into 24 different sequences based on the outputs of a one-dimensional logistic system $L_1$.

A one-dimensional logistic system can generate a real number sequence $x_1,x_2,\dots ,x_n\dots$ from an initial value $x_0$ that satisfies $0<x_0<1$. For integer $k\ge 0$, the recursion relation between $x_k$ and $x_{k+1}$ is shown in Equation (1).

$$x_{k+1}=4x_k(1-x_k)$$

(1)

It has been shown that the one-dimensional logistic system defined in Equation (1) is chaotic if there does not exist a real number ${\theta }_0$ such that $x_0={\sin }^2{\theta }_0$ and ${\theta }_0=h_d\pi /(2^{d_1}-2^{d_2})$ hold, where $h_d$, $d_1$, $d_2$ are integers that satisfy $h_d>0$ and $d_1>d_2\ge 0$ [41]. In the rest of the paper, it is assumed that all initial values selected for Equation (1) lead to chaotic one-dimensional logistic systems. An initial value slightly different from $x_0$ would lead to a significantly different value for $x_k$ when $k$ is sufficiently large. Let $N$ be a positive integer, $y_0$ and $z_0$ be the initial values of $L_1$, $y_1,y_2,\dots ,y_N,\dots$ and $z_1,z_2,\dots ,z_N,\dots$ be the sequences of real numbers generated from $y_0$ and $z_0$ with Equation (1), respectively. From Equation (2), integer $X$ can be obtained with a large positive integer $N_0$.

$$X=⌊y_N\times N_0⌋$$

(2)

Let $c_1,c_2,\dots ,c_{hw}$ be the first $hw$ integers that are larger than $X$ and coprime with 24, Based on Equation (3) and $N_0$, let $r\left(i,j\right)=\left(i-1\right)w+j$, integer $b_{r(i,j)}$ is generated for the pixel that is located in column $j$ and row $i$ of $P$.

$$b_{r(i,j)}=⌊z_{r(i,j)+N}\times N_0⌋ mod 24$$

(3)

A mapping ${\sigma }_{r(i,j)}$ is constructed for the pixel in row $i$ and column $j$ of $P$. For an integer $s$ that satisfies $1\le s\le 24$, ${\sigma }_{r(i,j)}\left(s\right)$ is the mapped integer for $s$ based on Equation (4).

$${\sigma }_{r(i,j)}\left(s\right)=\left(c_{r(i,j)}(s-1)+b_{r(i,j)}\right) mod 24+1$$

(4)

It is clear from Equation (4) that $1\le {\sigma }_{r(i,j)}\left(s\right)\le 24$ holds and ${\sigma }_{r(i,j)}\left(s_1\right)$ and ${\sigma }_{r(i,j)}\left(s_2\right)$ are different for two different integers $s_1$ and $s_2$ that satisfy $1\le s_1\le 24$ and $1\le s_2\le 24$. Otherwise, the following equation must hold for $s_1$ and $s_2$, where $k_0$ is a positive integer.

$$c_{r(i,j)}\left|s_1-s_2\right|=24k_0$$

(5)

From Equation (5), since $c_{r(i,j)}$ and $24$ are coprime, 24 must be an integer factor of $|s_1-s_2|$. This contradicts the fact that $1\le \left|s_1-s_2\right|<24$ holds, ${\sigma }_{r(i,j)}\left(s_1\right)$ and ${\sigma }_{r\left(i,j\right)}\left(s_2\right)$ thus must be different. In other words, ${\sigma }_{r(i,j)}$ is a one-to-one mapping for integers between 1 and 24.

The binary bits that represent the values of all pixels in $P$ can be partitioned into 24 different sequences based on the mappings that have been constructed for pixels in $P$. Specifically, an array of 24 bits can be constructed by combining the R, G, and B components of each pixel in $P$. Let $F_{r(i,j)}$ be the array of binary bits for the pixel in column $j$ and row $i$ in $P$. The first, second, and third 8 bits in $F_{r(i,j)}$ are binary representations for the R, G, and B components in the pixel value. $F_{r(i,j)}\left(k\right)$ denotes the bit in the $k$th location in $F_{r(i,j)}$. Given an integer $k$ such that $1\le k\le 24$ holds, for each integer $t$ that satisfies $1\le t<hw$, Equations (6) and (7) recursively define a mapping ${\mu }_t$.

$${\mu }_1\left(k\right)={\sigma }_1\left(k\right)$$

(6)

$${\mu }_{t+1}\left(k\right)={\sigma }_t\left({\mu }_t\left(k\right)\right)$$

(7)

For each $k$ that satisfies $1\le k\le 24$, a sequence $S_k$ of $hw$ bits can be formed such that the bit in position $t$ of $S_k$ is set to be $F_t\left({\mu }_t\left(k\right)\right)$ for each positive integer $t$ such that $1\le t\le hw$ holds. Since ${\sigma }_t$ is a one-to-one mapping, $S_1, S_2,\dots ,S_{24}$ is a disjoint partition of the bits in the pixel values of $P$.

For each $k$ that satisfies $1\le k\le 24$, the binary bits in $S_k$ are relocated for scrambling at the bit level. Let $S_k\left(l\right)$ be the bit in position $l$, where $1\le l\le hw$. The relocation of bits in $S_k$ is performed based on a rectangular structure $R_k$. For a real number $0<l_0<1$, a sequence of real numbers $l_1,l_2,\dots ,l_N,\dots$ is generated using Equation (1). The number of rows $r_k$ in $R_k$ is determined from $l_{N+f\left(k\right)}$ as shown in Equation (8), where $f\left(k\right)$ is an integer function of $k$ and its definition is provided later in the paper.

$$r_k=\left(⌊l_{N+f\left(k\right)}\times N_0⌋-1\right) mod h+1$$

(8)

The number of columns $u_k$ in $R_k$ is obtained from $r_k$ as shown in Equation (9).

$$u_k=⌈\frac{hw}{r_k}⌉$$

(9)

For each integer $l$ that satisfies $1\le l\le hw$, $S_k\left(l\right)$ is placed into a location in $R_k$ based on the mappings described by Equations (10) and (11), where $p_l$ is the row number of the location in $R_k$ and $q_l$ is its column number in $R_k$.

$$p_l=⌈\frac{l}{u_k}⌉$$

(10)

$$q_l=\left(l-1\right) mod u_k+1$$

(11)

A position in $R_k$ that is not mapped to a bit in $S_k$ is assigned a value of −1. Each row and column in $R_k$ is associated with a positive integer key. Let $s_1,s_2,\dots s_{r_k}$ be the first $r_k$ integers that are larger than $⌊l_{N+f\left(k\right)}\times N⌋$ and coprime with $u_k$. The integer key for row $m$ in $R_k$ is $s_m$. In addition, an integer $v_m$ is determined for row $m$ as shown in Equation (12).

$$v_m=\left(⌊l_{N+f\left(k\right)+m}\times N_0⌋-1\right) mod u_k+1$$

(12)

The scrambling process first changes the positions of bits in each row of $R_k$ to new positions in the same row. The bit in position $d$ of row $m$ is relocated to position $f_d$ in the same row. $f_d$ is determined from $d$ as shown in Equation (13).

$$f_d=\left(\left(d-1\right)s_m+v_m\right) mod u_k+1$$

(13)

Since $s_m$ and $u_k$ are coprime, no two different positions in the same row are relocated to the same position.

After the scrambling of all rows in $R_k$ are complete, the bits in each column of $R_k$ are moved to new positions in the same column. Let $g_1,g_2,\dots g_{u_k}$ be the first $u_k$ integers that are larger than $s_{r_k}$ and coprime with $r_k$. $g_n$ is the integer key for column $n$. The bit in position $e$ of column $n$ is relocated to position $h_e$ in the same column. $h_e$ is obtained from $e$ with Equation (14), where $w_n$ is obtained for column $n$ based on Equation (15).

$$h_e=\left(\left(e-1\right)g_n+w_n\right) mod r_k+1$$

(14)

$$w_n=\left(⌊z_{N+hw+e}\times N_0⌋-1\right) mod r_k+1$$

(15)

Since $g_n$ is coprime with $r_k$, no two different positions in the same column are relocated to the same position. Function $f\left(k\right)$ in Equation (12) can be recursively defined based on Equations (16) and (17).

$$f\left(1\right)=0$$

(16)

$$f\left(k\right)=f\left(k-1\right)+u_k+1$$

(17)

After the scrambling operations on all columns in $R_k$ are completely performed, the bits in $R_k$ are mapped to the corresponding positions in $S_k$. A sequence $T_k$ that contains $r_k{u}_k$ bits and values is constructed. For the position in row $i_r$ and column $j_r$ of $R_k$, let $m_r(i_r,j_r)$ be its corresponding location in $T_k$. $m_r(i_r,j_r)$ is determined from Equation (18) as follows.

$$m_r\left(i_r,j_r\right)=\left(i_r-1\right)u_k+j_r$$

(18)

The bit or value in row $i_r$ and column $j_r$ of $R_k$ is thus assigned to position $m_r(i_r,j_r)$ in $T_k$. The scrambled sequence for $S_k$ can be obtained from $T_k$ by eliminating the positions that contain a value of −1 from $T_k$.

A scrambled image $D$ can be obtained from the scrambled sequences for $S_1,S_2,\dots ,S_{24}$. Specifically, for each pair of integers $(k,t)$ that satisfies $1\le k\le 24$ and $1\le t\le hw$, set $F_t\left({\mu }_t\left(k\right)\right)$ to be the bit in position $t$ of the scrambled sequence for $S_k$. The resulting image is a scrambled image $D$ for $P$.

2.2. The Sweeping Operations

A partially encrypted image can be obtained by accumulatively applying a set of bit exclusive-or operations to the bits in a scrambled image. The operations are performed on the bits in each row of the scrambled image first. After the operations on all rows are complete, similar operations are applied to each column in the scrambled image. As a result, a partially encrypted image is obtained after the sweeping operation is complete.

Given a bit value $b_0$ and an array $A$ of $s_z$ binary bits, a sweeping operation $A_s=SW(b_0,A)$ generates a new array $A_s$ of the same size as that of $A$. Let $p_z$ be an integer that satisfies $1<p_z\le s_z$, $A\left(p_z\right)$ and $A_s\left(p_z\right)$ are the bits in position $p_z$ of $A$ and $A_s$, respectively. $A_s\left(p_z\right)$ can be recursively obtained based on bit exclusive-or operations with Equations (19) and (20).

$$A_s\left(1\right)=A\left(1\right)\oplus b_0$$

(19)

$$A_s\left(p_z\right)=A_s\left(p_z-1\right)\oplus A\left(p_z\right)$$

(20)

For row $i_r$ in $D$, where $i_r$ is an integer that satisfies $1\le i_r\le h$, a left-to-right sweeping operation on row $i_r$ is performed by sequentially applying a sweeping operation to the array of bits of all pixels in row $i_r$ from left to right. The operations are described in Equations (21) and (22), where $b_r=\left(i_r-1\right)w$ and $k$ is a positive integer such that $1<k\le w$ holds.

$$V_{l,1}=SW(0,F_{b_r+1})$$

(21)

$$F_{l,k}=SW(V_{l,k-1}\left(24\right), F_{b_r+k})$$

(22)

After $V_{l,1}, V_{l,2},\dots V_{l,w}$ are obtained, the bits in $F_{b_r+k}$ are set to be those in $V_{l,k}$ for each $k$. A right-to-left sweeping operation is then applied to the pixels in row $i_r$ based on Equations (23) and (24).

$$K_{l,w}=SW(0,F_{b_r+w})$$

(23)

$$K_{l,k-1}=SW(K_{l,k}\left(24\right), F_{b_r+k-1})$$

(24)

After $K_{l,1}, K_{l,2},\dots K_{l,w}$ are determined, the bits in $F_{b_r+k}$ are reset to be those in $K_{l,k}$ for each $k$.

After each row in $D$ has been processed by the sweeping operation, similar sweeping operations are performed on the pixels in each column of $D$. Let $j_c$ be an integer that satisfies $1\le j_c\le w$, the pixels in column $j_c$ are sequentially processed with a top-down sweeping operation described by Equations (25) and (26), where $k$ is a positive integer such that $1\le k\le h$ holds.

$$H_{c,1}=SW(0,F_{j_c})$$

(25)

$$H_{c,k}=SW(H_{c,k-1}\left(24\right), F_{\left(k-1\right)w+j_c})$$

(26)

After $H_{c,1}, H_{c,2},\dots H_{c,h}$ are obtained, the bits in $F_{\left(k-1\right)w+j_c}$ are set to be those in $H_{c,k}$ for each $k$. A bottom-up sweeping operation is then utilized to process the pixels in column $j_c$ with Equations (27) and (28).

$$T_{c,h}=SW(0,F_{\left(h-1\right)w+j_c})$$

(27)

$$T_{c,k-1}=SW(T_{c,k}\left(24\right), F_{(k-2)w+j_c})$$

(28)

After $T_{c,1}, T_{c,2},\dots T_{c,h}$ are determined, the bits in $T_{c,k}$ are assigned to $F_{\left(k-1\right)w+j_c}$ for each $k$. A partially encrypted image $E_p$ is obtained when the sweeping operations have been applied to all columns in $D$.

2.3. The Encoding of Pixels

The encoding of pixels in a partially encrypted image $E_p$ is performed with the information generated by a number of one-dimensional chaotic systems based on Equation (29), where $k\ge 0$ is an integer.

$$x_{k+1}=(3\left(2x_k-1\right)-4{\left(2x_k-1\right)}^3+1)/2$$

(29)

The system described in Equation (29) is chaotic when the initial value $x_0$ satisfies $0<x_0<1$ and there does not exist a real number $\alpha$ such that $x_0=(1+\sin \alpha )/2$ and $\alpha ={2k}_d\pi /(3^{d_1}-3^{d_2})$ hold, where $k_d,d_1,d_2$ are integers and $d_1$, $d_2$ satisfy $d_1>d_2\ge 0$. Indeed, since $0<x_0<1$ holds for $x_0$, there exists a real number ${\theta }_0$ such that $-\pi /2<{\theta }_0<\pi /2$ and $x_0=(1+\sin {\theta }_0)/2$. It is straightforward to see that Equation (30) holds for $x_k$.

$$x_k=(1+\sin {(3}^k{\theta }_0\left)\right)/2$$

(30)

Since $x_0=(1+\sin {\theta }_0)/2$, the equation holds when $k=0$. Now, if Equation (30) holds when $k=l$, from Equation (29), $x_{l+1}$ can be obtained by $x_{l+1}=(3\sin \left(3^l{\theta }_0\right)-4{(\sin \left(3^l{\theta }_0\right))}^3+1)/2$, it is thus clear that $x_{l+1}=(1+\sin \left(3^{l+1}{\theta }_0\right))/2$, the equation holds for $k=l+1$. From the principle of induction, Equation (30) holds for all integers $k\ge 0$. Since $-\pi /2<{\theta }_0<\pi /2$ and there are no existing integers $k_d,d_1,d_2$ such that ${\theta }_0={2k}_d\pi /(3^{d_1}-3^{d_2})$ and $d_1>d_2\ge 0$ hold, Equation (30) suggests that the system is chaotic and a tiny amount of perturbation in $x_0$ would lead to a significantly different value for $x_k$ when $k$ is a positive integer that is sufficiently large. In the rest of the paper, all initial values for Equation (30) are chosen such that the corresponding systems are chaotic.

The bits in the pixel values of $E_p$ are sequentially divided into subsequences of length 4. Specifically, for positive integers $i$ and $j$ such that $1\le i\le h$ and $1\le j\le w$ hold, an array $F_{r(i,j)}$ of 24 bits can be obtained by combining the binary bits in the R, G, and B components of the pixel in column $j$ and row $i$ of $E_p$, where $r\left(i,j\right)=\left(i-1\right)w+j$. The bits in $F_{r(i,j)}$ are sequentially divided into 6 subsequences $Q_{6r\left(i,j\right)-5}$, $Q_{6r\left(i,j\right)-4}$, $Q_{6r\left(i,j\right)-3}$, $Q_{6r\left(i,j\right)-2}$, $Q_{6r\left(i,j\right)-1}$, and $Q_{6r\left(i,j\right)}$. Starting with subsequence $Q_1$, the subsequences are sequentially encoded. For each positive integer $t$ such that $1\le t<6hw$ holds, $Q_{t+1}$ is encoded after the encoding of $Q_t$ is complete.

A codebook $C_{b,t }$ that contains the encoding of each possible binary sequence of length 4 is utilized to encode subsequence $Q_t$. $C_{b,t}$ contains 16 entries in total and can be queried based on the integer value of the subsequence that needs to be encoded. Let $v\left(Q_t\right)$ be the integer value represented by $Q_t$, the entry in the position of $v\left(Q_t\right)+1$ in $C_{b,t }$ is the encoded subsequence for $Q_t$, such an entry is denoted by $C_{b,t}(v\left(Q_t\right)+1)$. $C_{b,t}$ is obtained from $C_{b,t-1}$ based on a cross-over operation and a mutation operation.$C_{b,0}$ is a codebook where the encoded subsequence for each subsequence is the subsequence itself.

2.3.1. The Cross-Over Operation

A cross-over operation utilizes two integer keys ${1\le K}_p<255$ and ${1\le L}_p<255$ to partition a codebook $C$ into two arrays $C_0$ and $C_1$. Specifically, an array $K_a$ of 16 bits is constructed by combining the 8-bit binary representations of $K_p$ and $L_p$. The first 8 bits in $K_a$ are the binary representation of $K_p$ and the remaining 8 bits are that of $L_p$. For each integer $i_d$ that satisfies $1\le i_d\le 16$, the entry at $C\left(i_d\right)$ is included in $C_0$ if $K_a\left(i_d\right)$ is bit 0; otherwise, the entry is included in $C_1$. The relative orders for the entries in $C_0$ and $C_1$ remain the same as their relative orders in $C$.

Let $s_{z,0}$ and $s_{z,1}$ be the sizes of $C_0$ and $C_1$, respectively. Two other integer keys $I_0$ and $I_1$ are utilized to change the locations of the entries in $C_0$ and $C_1$, respectively. $I_0$ is required to be coprime with $s_{z,0}$ and $I_1$ must be coprime with $s_{z,1}$. Each entry in $C_0$ is relocated to a new position in $C_0$. The entry in position $j_d$ of $C_0$ is relocated to a new location $m_{0,j_d}$ in $C_0$, where $1\le m_{0,j_d}\le s_{z,0}$ and Equation (31) holds for $m_{0,j_d}$, where $x_{j_d}$ is an integer.

$$s_{z,0}{x}_{j_d}+I_0\left(m_{0,j_d}-1\right)=j_d$$

(31)

Indeed, since $s_{z,0}$ and $I_0$ are coprime, a well-known fact is that there exist two integers $x_z$ and $y_z$ such that $s_{z,0}{x}_z+I_0{y}_z=1$ holds. If ${\alpha }_{j_d}=⌊y_z{j}_d/s_{z,0}⌋$, $m_{0,j_d}=y_z{j}_d-{\alpha }_{j_d}{s}_{z,0}+1$, and $x_{j_d}={\alpha }_{j_d}{I}_0+x_z{j}_d$, it is clear that $s_{z,0}{x}_{j_d}+I_0\left(m_{0,j_d}-1\right)=(s_{z,0}{x}_z+I_0{y}_z$)$j_d=j_d$. Therefore, there exists an integer solution $(x_{j_d},m_{0,j_d})$ for Equation (31) and $1\le m_{0,j_d}\le s_{z,0}$ holds.

For a given integer $j_d$, there exists only one integer $1\le m_{0,j_d}\le s_{z,0}$ that can satisfy Equation (31). If this is not the case, two different integer solutions $(x_{j_d, 0},m_{0,j_d})$ and $(x_{j_d, 1},m_{1,j_d})$ exist for Equation (31) such that both $1\le m_{0,j_d}\le s_{z,0}$ and $1\le m_{1,j_d}\le s_{z,0}$ hold. $m_{0,j_d}$ and $m_{1,j_d}$ thus must satisfy the following equation.

$$s_{z,0}\left|x_{j_d,0}-x_{j_d,1}\right|=I_0|m_{0,j_d}-m_{1,j_d}|$$

(32)

However, since $s_{z,0}$ and $I_0$ are coprime, $s_{z,0}$ must be an integer factor of $|m_{0,j_d}-m_{1,j_d}|$, which contradicts the fact that $1\le \left|m_{0,j_d}-m_{1,j_d}\right|<s_{z,0}$. Therefore, there exists only one integer $1\le m_{0,j_d}\le s_{z,0}$ that can satisfy Equation (31) for a given integer $j_d$.

In addition, the integer solutions $m_{0,i_d}$ and $m_{0,j_d}$ for two different integers $1\le i_d\le s_{z,0}$ and $1\le j_d\le s_{z,0}$ are different. Otherwise, the following equation must hold for $i_d$ and $j_d$, where $k$ is a positive integer.

$$s_{z,0}k=|i_d-j_d|$$

(33)

Equation (33) contradicts the fact that $1\le \left|i_d-j_d\right|<s_{z,0}$. $m_{0,i_d}$ and $m_{0,j_d}$ thus must be two different integers.

The above argument suggests that the mapping from $j_d$ to $m_{0,j_d}$ based on Equation (31) is a one-to-one mapping for each integer $j_d$ that satisfies $1\le j_d\le s_{z,0}$. Each entry in $C_0$ can thus be relocated to a new position in $C_0$ based on the mapping. Similarly, since $s_{z,1}$ is coprime with $I_1$, a similar mapping can be constructed for $C_1$ based on $I_1$ and each entry in $C_1$ can be relocated to a new position in $C_1$. After the relocation operations are completed for both $C_0$ and $C_1$, the entries in $C_0$ and $C_1$ are merged to construct a new codebook $C_n$ based on $K_a$. The entries in $C_0$ are sequentially placed into positions in $C_n$ that have a bit of 0 in $K_a$, and the entries in $C_1$ are sequentially placed into positions in $C_n$ that have a bit of 1 in $K_a$.

The cross-over operation applied to $C_{b,t-1}$ is determined by the outputs of several chaotic systems described in Equation (29). Let $x_{r,0}$, $y_{r,0}$, $z_{r,0}$, $w_{r,0}$, $x_{g,0}$, $y_{g,0}$, $z_{g,0}$, ${ w}_{g,0}$, ${ x}_{b,0}$, ${ y}_{b,0}$, $z_{b,0}$, ${ \mathrm{a}\mathrm{n}\mathrm{d} w}_{b,0}$ be 12 positive real numbers less than 1 and none of them are equal to $1/2$. Using them as the initial values, 12 different sequences of real numbers can be generated with the recursive relation in Equation (29). For an integer $k>0$, ${ x}_{r,k}$, $y_{r,k}$, $z_{r,k}$, ${ w}_{r,k}$, $x_{g,k}$, ${ y}_{g,k}$, ${ z}_{g,k}$, ${ w}_{g,k}$, ${ x}_{b,k}$, ${ y}_{b,k}$, $z_{b,k}$, ${ \mathrm{a}\mathrm{n}\mathrm{d} w}_{b,k}$ are the $k$th number in the sequences, respectively.

In cases where $t mod 6=1$ or $t mod 6=2$, the integer keys associated with the cross-over operation on $C_{b,t-1}$ are obtained from $x_{r,N+{\delta }_t}$, $y_{r,N+{\delta }_t}$, $z_{r,N+{\delta }_t}$, $\mathrm{a}\mathrm{n}\mathrm{d} w_{r,N+{\delta }_t}$ based on Equations (34)–(37), where $K_0$ is a positive integer and ${\delta }_t$ is determined based on Equation (38), where ${\tau }_0$ is a positive integer. $K_{p,r}$ and $L_{p,r}$ are the integer keys utilized to construct the array for the partition operation in the cross-over operation on $C_{b,t-1}$, $I_{0,r}$ is the first integer that is larger than $I_{p,r}$ and coprime with $s_{z,0}$, and $I_{1,r}$ is the first integer that is larger than $J_{p,r}$ and coprime with $s_{z,1}$.$I_{0,r}$ and $I_{1,r}$ are the keys used to relocate the entries in the two parts of $C_{b,t-1}$ for cross-over.

$$K_{p,r}=(\left(⌊x_{r,N+{\delta }_t}\times N_0⌋ mod K_0\right)\times (v\left(Q_{t-1}\right)+1\left)\right)mod 254+1$$

(34)

$$L_{p,r}=\left(\right(⌊y_{r,N+{\delta }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1\left)\right) mod 254+1$$

(35)

$$I_{p,r}=(⌊z_{r,N+{\delta }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(36)

$$J_{p,r}=(⌊w_{r,N+{\delta }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(37)

$${\delta }_t=(2⌊t/6⌋+t mod 6-1){\tau }_0$$

(38)

Similarly, in cases where $t mod 6=3$ or $t mod 6=4$, the integer keys used for the cross-over operation on $C_{b,t-1}$ are obtained from $x_{g,N+{\gamma }_t}$, ${ y}_{g,N+{\gamma }_t}$, $z_{g,N+{\gamma }_t}$, ${ \mathrm{a}\mathrm{n}\mathrm{d} w}_{g,N+{\gamma }_t}$ based on Equations (39)–(42). ${\gamma }_t$ is determined based on Equation (43). $K_{p,g}$ and $L_{p,g}$ are the integer keys utilized to perform the partition on $C_{b,t-1}$ for cross-over. Let $I_{0,g}$ be the first integer that is larger than $I_{p,g}$ and coprime with $s_{z,0}$, and $I_{1,g}$ be the first integer that is larger than $J_{p,g}$ and coprime with $s_{z,1}$. $I_{0,g}$ and $I_{1,g}$ are the keys used to relocate the entries in the two parts of $C_{b,t-1}$ for cross-over.

$$K_{p,g}=(\left(⌊x_{g,N+{\gamma }_t}\times N_0⌋ mod K_0\right)\times (v\left(Q_{t-1}\right)+1\left)\right)mod 254+1$$

(39)

$$L_{p,g}=\left(\right(⌊y_{g,N+{\gamma }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1\left)\right) mod 254+1$$

(40)

$$I_{p,g}=(⌊z_{g,N+{\gamma }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(41)

$$J_{p,g}=(⌊w_{g,N+{\gamma }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(42)

$${\gamma }_t=(2⌊t/6⌋+t mod 6-3){\tau }_0$$

(43)

Finally, in cases where $t mod 6=5$ or $t mod 6=0$, the integer keys used for the cross-over operation on $C_{b,t-1}$ are obtained from $x_{b,N+{ϵ}_t}$, ${ y}_{b,N+{ϵ}_t}$, $z_{b,N+{ϵ}_t}$, ${ \mathrm{a}\mathrm{n}\mathrm{d} w}_{b,N+{ϵ}_t}$ based on Equations (44)–(47). ${\epsilon }_t$ is determined with Equation (48), where $h_t=0$ if $t mod 6=5$, and $h_t=1$ if $t mod 6=0$. $K_{p,b}$ and $L_{p,b}$ are the integer keys used to partition $C_{b,t-1}$ for cross-over. Let $I_{0,b}$ be the first integer that is larger than $I_{p,b}$ and coprime with $s_{z,0}$, and $I_{1,b}$ be the first integer that is larger than $J_{p,b}$ and coprime with $s_{z,1}$. $I_{0,b}$ and $I_{1,b}$ are the keys employed to perform the relocation of the entries in the two parts of $C_{b,t-1}$ for cross-over.

$$K_{p,b}=(\left(⌊x_{b,N+{\epsilon }_t}\times N_0⌋ mod K_0\right)\times (v\left(Q_{t-1}\right)+1\left)\right)mod 254+1$$

(44)

$$L_{p,b}=\left(\right(⌊y_{b,N+{\epsilon }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1\left)\right) mod 254+1$$

(45)

$$I_{p,b}=(⌊z_{b,N+{\epsilon }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(46)

$$J_{p,b}=(⌊w_{b,N+{\epsilon }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(47)

$${\epsilon }_t=(2⌊t/6⌋-h_t){\tau }_0$$

(48)

The value of $v\left(Q_0\right)$ is set to be 0 when integer keys for the cross-over operation on $C_{b,0}$ are computed. As a result of the cross-over operation on $C_{b,t-1}$, a new codebook $T_{b,t-1}$ can be obtained. $C_{b,t}$ is generated by applying a mutation operation to $T_{b,t-1}$.

2.3.2. The Mutation Operation

A mutation operation changes a codebook $T_{b,t-1}$ in two steps. In the first step, the order of the entries in $T_{b,t-1}$ is altered with an approach similar to the one used in a cross-over operation. In the second step, all entries in $T_{b,t-1}$ are circularly shifted by a given number of positions.

A positive integer key $J_0$ is needed to perform the mutation operation on $T_{b,t-1}$. $J_0$ is required to be coprime with 16. For each integer $1\le i_m\le 16$, the entry in position $i_m$ of $T_{b,t-1}$ is relocated to position $n_{i_m}$. The integer $1\le n_{i_m}\le 16$ satisfies Equation (49), where $y_{i_m}$ is an integer.

$$16y_{i_m}+J_0{n}_{i_m}=i_m$$

(49)

Since $J_0$ and 16 are coprime, from an argument that is similar to the one in Section 2.3.1, the mapping from $i_m$ to $n_{i_m}$ is a one-to-one mapping. Each entry in $T_{b,t-1}$ is relocated to a new position based on the mapping.

After all entries in $T_{b,t-1}$ have been relocated based on the mapping determined by Equation (49), each entry is circularly shifted by $s_h$ positions, where ${ s}_h$ is determined based on Equation (50).

$$s_h=J_0 mod 16$$

(50)

The entry in position $j_m$ of $T_{c,b}$ is shifted to position $l_{j_m}$ as described in Equation (51). The resulting codebook is $C_{b,t}$.

$$l_{j_m}=\left(j_m+s_h\right) mod 16+1$$

(51)

The integer key used to perform the mutation operation on $T_{b,t-1}$ is obtained from the information generated by the three chaotic systems defined in Equation (29). Let $u_{r,0}$, ${ u}_{g,0}$, and $u_{b,0}$ be the initial values of the three chaotic systems. Three sequences of real numbers can be generated from $u_{r,0}$, ${ u}_{g,0}$, and $u_{b,0}$. For a positive integer $k$, $u_{r,k}$, $u_{g,k}$, and $u_{b,k}$ are the $k$th real numbers of the three sequences, respectively.

For a positive integer $t$ that satisfies $1\le t\le hw$, when $t mod 6=1$ or $t mod 6=2$ holds. The integer key $J_{r,0}$ for the mutation operation on $T_{b,t-1}$ is the first integer that is larger than $H_{p,r}$ and coprime with 16. $H_{p,r}$ is determined with Equation (52), where ${\delta }_t$ is defined based on Equation (38).

$$H_{p,r}=(⌊u_{r,N+{\delta }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(52)

In cases where $t mod 6=3$ or $t mod 6=4$, the first integer that is larger than $I_{p,g}$ and coprime with 16 is set to be the integer key $J_{g,0}$ for the mutation operation on $T_{b,t-1}$. $H_{p,g}$ is computed with Equation (53), where ${\gamma }_t$ is defined as shown in Equation (43).

$$H_{p,g}=(⌊u_{g,N+{\gamma }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(53)

In cases where $t mod 6=5$ or $t mod 6=0$, the integer key $J_{b,0}$ for the mutation operation on $T_{b,t-1}$ is chosen to be the first integer that is larger than $H_{p,b}$ and coprime with 16. $H_{p,b}$ is computed with Equation (54), where ${\epsilon }_t$ is defined by Equation (48).

$$H_{p,b}=(⌊u_{b,N+{\epsilon }_t}\times N_0⌋ mod K_0)\times (v\left(Q_{t-1}\right)+1)$$

(54)

$C_{b,t}$ is obtained by applying the mutation operation to $T_{b,t-1}$.

2.3.3. The Encoding of Subsequences

Starting with $t=1$, $C_{b,t}$ is constructed from $C_{b,t-1}$ by applying the cross-over operation in Section 2.3.1 and the mutation operation in Section 2.3.2 to $C_{b,t-1}$. $C_{b,t}$ is queried to obtain the encoded subsequence $E_t$ for $Q_t$. $E_t$ can be obtained from $C_{b,t}$ and $Q_t$ by Equation (55).

$$E_t=C_{b,t}(v\left(Q_t\right)+1)$$

(55)

After $E_t$ has been obtained, the value of $t$ is incremented by 1. The above operations are repeated for the new $t$. A cipher image $C_r$ is obtained for $P$ when all subsequences in $E_p$ have been encoded.

2.4. The Decryption Process

A cipher image $C_r$ can be decrypted by reversing the encryption operations applied to its plain image in a reversed order. Each pixel in $C_r$ is first decoded to generate a partially encoded image $E_p$. A set of sweeping operations is then applied to $E_p$ to obtain its corresponding scrambled image $D$. Finally, the bits in $D$ are relocated to reverse the scrambling operations during encryption to obtain the plain image $P$.

2.4.1. The Decoding of Pixels

The decoding of pixels in $C_r$ needs the values of $x_{r,0}$, $y_{r,0}$, $z_{r,0}$, $w_{r,0}$, $x_{g,0}$, $y_{g,0}$, $z_{g,0}$, $w_{g,0}$, $x_{b,0}$, $y_{b,0}$, $z_{b,0}$, $w_{b,0}$ utilized to implement the cross-over operations on a codebook and the values of $u_{r,0}$, ${ u}_{g,0}$, and $u_{b,0}$ used to mutate a codebook during encryption.

The bits in the pixel values of $C_r$ are sequentially divided into subsequences of length 4. Specifically, for integers $i$ and $j$ such that $1\le i\le h$ and $1\le j\le w$ hold, an array $G_{r(i,j)}$ of 24 bits can be generated by merging the binary representations of the R, G, and B component values for the pixel in column $j$ and row $i$ of $C_r$, where $r\left(i,j\right)=\left(i-1\right)w+j$. Six subsequences $E_{6r\left(i,j\right)-5}$, $E_{6r\left(i,j\right)-4}$, $E_{6r\left(i,j\right)-3}$, $E_{6r\left(i,j\right)-2}$, $E_{6r\left(i,j\right)-1}$, and $E_{6r\left(i,j\right)}$ can be obtained by sequentially dividing the bits in $G_{r(i,j)}$ into regions of 4 bits. The decoding process starts with subsequence $E_1$ and sequentially decodes the other subsequences. For each positive integer $t$ such that $1\le t<6hw$ holds, the decoding of $E_{t+1}$ is performed after the decoding of $E_t$ is complete.

Let $C_{b,0}$ be a codebook where the encoded subsequence of each subsequence is the subsequence itself. Starting with $t=1$, $C_{b,t}$ can be obtained by processing $C_{b,t-1}$ by the cross-over operation in Section 2.3.1 and the mutation operation in Section 2.3.2. $C_{b,t}$ is queried to obtain the decoded subsequence $Q_t$ for $E_t$. $Q_t$ can be determined by searching $C_{b,t}$ to find the location of the entry that matches $E_t$. After $Q_t$ has been determined, increment the value of $t$ by 1 and repeat the above operations for the new $t$. The partially decrypted image $E_p$ is obtained from $C_r$ when the decoding of all subsequences in $C_r$ has been performed.

2.4.2. Reversing the Sweeping Operations

The scrambled image $D$ that corresponds to $E_p$ can be obtained by reversing the accumulative bit exclusive-or operations utilized to generate $E_p$ from $D$. An array of 24 bits can be constructed by merging the binary representations of the R, G, and B component values for each pixel in $E_p$. Let $U_{r(i,j)}$ denote the bit array for the pixel in column $j$ and row $i$ of $E_p$, where $r\left(i,j\right)=\left(i-1\right)h+j$, the bits in each column of $E_p$ are processed by a bottom-up accumulative bit exclusive-or operation. For column $j_c$ in $E_p$, where $1\le j_c\le w$ holds, the bit array of each pixel in the column is processed by a sweeping operation as described by Equations (56) and (57), where $k$ is a positive integer such that $1<k\le h$ holds.

$$M_{c,h}=SW(0,U_{\left(h-1\right)w+j_c})$$

(56)

$$M_{c,k-1}=SW(M_{c,k}\left(24\right), U_{(k-2)w+j_c})$$

(57)

For each $k$, the bits in $M_{c,k}$ are assigned to $U_{\left(k-1\right)w+j_c}$ after $M_{c,1},M_{c,2},\dots M_{c,h}$ are determined.

A top-down accumulative bit exclusive-or operation is applied to the bit arrays of all pixels in each column of $E_p$. For column $j_c$ in $E_p$, the bit array of each pixel in the column is processed by a sweeping operation as described by Equations (58) and (59), where $k$ is an integer that satisfies $1<k\le h$.

$$N_{c,1}=SW(0,U_{j_c})$$

(58)

$$N_{c,k}=SW(N_{c,k-1}\left(24\right), U_{\left(k-1\right)w+j_c})$$

(59)

For each $k$, $U_{\left(k-1\right)w+j_c}$ contains the bits in $N_{c,k}$ after $N_{c,1},N_{c,2},\dots N_{c,h}$ are determined.

After the sweeping operations on all columns in $E_p$ have been reversed, a right-to-left accumulative bit exclusive-or operation is used to process the bit arrays of all pixels in each row of $E_p$. For row $i_r$ in $E_p$, where $i_r$ is an integer that satisfies $1\le i_r\le h$, the bit array of each pixel in the row is processed by a sweeping operation as shown in Equations (60) and (61), where $b_r=\left(i_r-1\right)w$ and $k$ is a positive integer such that $1<k\le w$ holds.

$$P_{l,w}=SW(0,U_{b_r+w})$$

(60)

$$P_{l,k-1}=SW(P_{l,k}\left(24\right), U_{b_r+k-1})$$

(61)

The bits in $U_{b_r+k}$ are assigned to be those in $P_{l,k}$ for each $k$ after $P_{l,1}, P_{l,2},\dots P_{l,w}$ have been determined.

Finally, a left-to-right accumulative bit exclusive-or operation is applied to the bit arrays of all pixels in each row of $E_p$. For row $i_r$ in $E_p$, a sweeping operation described by Equations (62) and (63) is utilized to process the bit array of each pixel in the row. Similarly, $k$ is a positive integer such that $1<k\le w$ holds.

$$Q_{l,1}=SW(0,U_{b_r+1})$$

(62)

$$Q_{l,k}=SW(Q_{l,k-1}\left(24\right), U_{b_r+k})$$

(63)

After $Q_{l,1}, Q_{l,2},\dots Q_{l,w}$ are determined, $U_{b_r+k}$ are set to contain the bits in $Q_{l,k}$ for each $k$. The scrambled image $D$ is recovered from $E_p$ when all sweeping operations that convert $D$ into $E_p$ are reversed.

2.4.3. Recovery of a Plain Color Image

The operations for scrambling can be reversed to recover the plain image $P$ of $C_r$ from $D$. Specifically, the binary bits that represent the values of pixels in $D$ are partitioned into 24 sequences $L_1,L_2,\dots ,L_{24}$ with the approach in Section 2.1. Two sequences of real numbers $y_1,y_2,\dots ,y_N,\dots$ and $z_1,z_2,\dots ,z_N,\dots$ are generated based on the initial values $y_0$ and $z_0$ used in the scrambling process. For each pair of integers $(i,j)$ that satisfy $1\le i\le h$ and $1\le j\le w$, the mapping ${\sigma }_{r(i,j)}$ in Equation (4) is constructed for the pixel that is in column $j$ and row $i$ of $P$.

Based on the mappings for all pixels in $D$, the partition of the bits in $D$ can be performed using the mappings recursively defined in Equations (6) and (7). For each $k$ that satisfies $1\le k\le 24$, a sequence $L_k$ of $hw$ bits is generated by setting the bit in position $t$ of $L_k$ to be $U_t\left({\mu }_t\left(k\right)\right)$ for each integer $t$ such that $1\le t\le hw$ holds. The bits in $L_k$ need to be relocated to their original positions in the plain image $P$ to recover $P$. Specifically, an array $A_c$ that consists of $hw$ integers are constructed. For each integer $i_l$ such that $1\le i_l\le hw$ holds, $A_c\left(i_l\right)$ is set to be $i_l$. The scrambling operation described in Section 2.1 on $S_k$ is performed on $A_c$. The resulting array $A_s$ thus contains the original position of each bit in $L_k$. A sequence $S_k$ can be obtained by relocating the bits in $L_k$ to their original positions by applying the operation defined in Equation (64) for each integer $i_l$ such that $1\le i_l\le hw$ holds.

$$S_k\left(A_s\left(i_l\right)\right)=L_k\left(i_l\right)$$

(64)

The plain image $P$ can be constructed from the recovered sequences $S_1,S_2,\dots ,S_{24}$. Specifically, $S_k\left(t\right)$ is assigned to the position ${\mu }_t\left(k\right)$ of $U_t$ for each pair of integers $(k,t)$ that satisfies $1\le k\le 24$ and $1\le t\le hw$. As a result, the plain image $P$ for $C_r$ can be obtained.

2.5. Computational Complexity

Given a color image that contains $w$ columns and $h$ rows, the binary bits in such an image can be partitioned into 24 sequences of bits in $O\left(hw\right)$ time. It is also clear that $O\left(hw\right)$ time is needed to relocate the bits in each sequence. A scrambled image can thus be obtained in $O\left(hw\right)$ time.

The sweeping operations defined in Equations (21) and (22) require $O\left(w\right)$ time to process the pixels in one row of a scrambled image. Similarly, the sweeping operations defined in Equations (23) and (24) need $O\left(w\right)$ time to process one row. The sweeping operations defined by Equations (25) and (26) can be accomplished in $O\left(h\right)$ time. In addition, $O\left(h\right)$ time is needed to complete the bit exclusive-or operations described in Equations (27) and (28). The sweeping process can thus be accomplished in $O\left(hw\right)$ time.

The encoding of a pixel in a partially encrypted image requires the construction of a codebook based on the information generated by a number of chaotic systems. Since both the cross-over and mutation operations can be performed in $O\left(1\right)$ time, the codebook for the encryption of a single subsequence can thus be constructed in $O\left(1\right)$ time. Therefore, the encoding of a subsequence can be accomplished in $O\left(1\right)$ time. The encoding of all subsequences in a partially encrypted image needs $O\left(hw\right)$ time. The total amount of computation time needed to encrypt a plain color image is thus $O\left(hw\right)$.

A cipher image with $h$ rows and $w$ columns is decrypted by reversing the operations in the encryption process. It is clear that all operations in the encryption can be reversed in $O\left(hw\right)$ time. The plain image of a cipher image thus can be obtained in $O\left(hw\right)$ time.

3. Results

An implementation of this encryption approach has been generated based on MATLAB. Seven benchmark images and a number of color images in the BSD dataset [40] have been utilized to test and evaluate its performance. Cipher images provided by this encryption approach are evaluated using a few measures and its performance is compared with that of several state-of-the-art encryption methods [3,22,27,28,35,42,43,44,45,46,47,48] based on these measures. The values of parameters $N,{ N}_0$, ${ K}_0$, and ${\tau }_0$ are set to be 100, ${10}^8$, 1000, and 2, respectively, for all the experiments.

3.1. Attacks That Utilize Brutal Forces

Attacks that utilize brutal forces generally exhaustively search within the key space for encryption and determine the combination of keys that can recover the plain image from a cipher image. The key space size of an approach is thus a measure of its ability to protect cipher images from attacks that utilize brutal force. The proposed approach partitions the binary bits in a plain image into 24 subsequences for scrambling. A rectangular structure is constructed to relocate the bits in each subsequence. For a rectangular structure with $r_h$ rows and $c_w$ columns, the relocation performed on the rectangular structure requires $r_h+c_w$ integers to move the bits in the rectangular structure to new locations. In practice, integers for scrambling 20 of the 24 subsequences are considered parameters that can be optimized for improved encryption security. The integers needed to scramble the remaining 4 subsequences are used as encryption keys. Let $M_1$ be the number of integers that an integer key associated with a column or row can be chosen from, ${M_1}^{{4(r}_h+c_w)}$ different combinations of integer keys for the rows and columns in a rectangular structure thus need to be considered in an exhaustive search. The encoding process requires the outputs of 15 different chaotic systems to change the codebook for encoding. Let $M_2$ be the size of the set of numbers that can be chosen as the initial value for the chaotic system, an exhaustive search needs to consider ${M_2}^{15}$ different combinations. The key space of the proposed approach thus has a lower bound of ${M_1}^{4(r_h+c_w)}{M_2}^{15}$ for its size.

In the case where a color image that needs to be encrypted contains at least ${10}^4$ pixels, a lower bound of $2\sqrt{r_h{r}_w}\ge 200$ exists for the value of $r_h+r_w$. For practical applications, $M_1\ge 2$ and $M_2\ge 2^{50}$, the key space of the proposed approach thus has a lower bound of $2^{850}$ for its size. The key space size of the proposed encryption approach is compared with those of several other state-of-the-art encryption methods.

Table 1. A comparison of the proposed approach and a few other methods for image encryption on key space sizes.

Encryption Approaches	Key Space Size
The proposed	$2^{850}$
Ref. [28]	$2^{3320}$
Ref. [27]	$2^{2092}$
Ref. [22]	$2^{199}$
Ref. [35]	$2^{170}$
Ref. [43]	$2^{241}$
Ref. [3]	$2^{104}$
Ref. [44]	$2^{128}$
Ref. [45]	$2^{128}$
Ref. [46]	$2^{128}$

shows the comparison. Table 1 clearly shows that the key space of the proposed approach is larger than most other encryption methods in size. It is thus more secure than most other methods under attacks of brutal force.

In cases where a key is represented by 32 binary bits, Equation (30) suggests that the number of keys that can generate a given value for $x_k$ is not larger than 32. In addition, it is clear from Equations (34)–(54) that at most $⌈N_0/K_0⌉$ different values of $x_k$ can lead to the same integer key for encoding. In practice, $N_0$ and $K_0$ can be selected such that $⌈N_0/K_0⌉\le 2^{20}$ holds. Since 15 different chaotic systems are altogether utilized for the encoding of a partially encrypted image, the total number of combinations of keys that are equivalent is at most ${(32\times 2^{20})}^{15}=2^{375}$. Since the size of the key space is at least $2^{850}$, at least $2^{475}$ combinations of keys are mutually not equivalent.

3.2. Statistical Attacks

As part of the experiments, the proposed approach is utilized to encrypt seven benchmark color images and the cipher images obtained on them are analyzed to evaluate their security under statistical attacks. Figure 4a–g show the seven color benchmark images. Two of these images, with the names Girl and Monarch, are 768 × 512 images. The remaining five images, with names Lena, Fruits, Baboon, Peppers, and Airplane, are 512 × 512 images.

3.2.1. Histogram Analysis of Cipher Images

Figure 5a–g show the cipher images generated on all benchmark images with the proposed approach. It is clear from Figure 5 that the cipher images contain randomized data and the original contents in the benchmark images are invisible in their cipher images.

The histograms of the cipher images for R, G, and B component values are shown in Figure 6a–c). Figure 6 clearly shows that the distributions of the values of R, G, and B components in all cipher images are close to a uniform distribution. The image contents in the benchmark images cannot be obtained by analyzing the histograms of their cipher images.

The variance of histograms is a measure often utilized to compare the distribution described in a histogram with a uniform distribution [31]. Let $H_c$ be a histogram that provides a distribution over integers from 0 to 255. The variance of histogram $Var\left(H_c\right)$ of $H_c$ is defined as shown in Equation (35).

$$Var\left(H_c\right)=\frac{1}{2m^2}{\sum }_{i=1}^m{\sum }_{j=1}^m{(h_i-h_j)}^2$$

(65)

where $m=256$ is the number of integers that can be the value of an R, G, or B component in a pixel. $h_i$ is the integer associated with value $i$ in $H_c$ and $h_j$ is the integer associated with value $j$ in $H_c$. Equation (65) clearly shows that a lower variance of histograms indicates that the corresponding histogram is closer to a distribution that is uniform.

Table 2. The variance of histograms for cipher images generated with all tested methods for image encryption.

Images	The Proposed	Ref. [28]	Ref. [31]	Ref. [20]	Ref. [48]	Ref. [47]
Lena	984.56	1040.39	1054.78	1047.40	1027.59	1043.21
Fruits	996.16	951.94	1034.23	1026.51	1082.34	1013.32
Baboon	953.27	1024.29	901.22	1098.64	1058.13	1061.04
Peppers	970.79	1146.23	1037.78	1046.25	946.67	1105.72
Airplane	957.15	1082.83	1268.02	1132.27	1103.16	1141.38
Monarch	1537.37	1409.30	1607.51	1564.39	1563.72	1653.27
Girl	1533.70	1536.50	1543.23	1513.42	1530.21	1620.12

shows the variances of histograms for the cipher images provided by the proposed approach and the encryption methods developed in [20,28,31,47,48]. Table 2 suggests that the performance of the proposed approach on Lena and Airplane is the highest of all tested methods. In addition, its performance is the second best on Fruits, Baboon, Peppers, and Monarch. The overall performance of the proposed method on the variance of histograms is thus better than that of the other tested approaches.

3.2.2. Analysis of Correlations

Pixels that are close in a plain image are often strongly correlated in their pixel values. Ideally, the correlations that exist locally among such pixels in a cipher image must be significantly reduced to ensure its strength against statistical attacks. In practice, the local correlations among pixels in a cipher image cannot be removed completely and their values are thus important measures for the security of an encryption result. Figure 7a–c show the correlations of neighboring pixels in four different directions in Lena for the R, G, and B components. The four directions include the horizontal, vertical, diagonal, and anti-diagonal directions. Figure 8a–c show the correlations of pixels that are adjacent in these four directions for the component values of R, G, and B. The plots in both figures are generated with 3000 pixels chosen in the corresponding image at random. Figure 7 and Figure 8 suggest that the proposed encryption method can significantly reduce the correlations that often exist locally in a plain image.

Table 3. The correlations between pixels that are adjacent in four directions in the testing benchmark images and their encryption results provided by the proposed approach.

Images	Directions	Plain Image			Cipher Image
		R	G	B	R	G	B
Lena	V	0.9753	0.9666	0.9334	−0.0003	0.0017	−0.0007
	H	0.9853	0.9802	0.9558	−0.0026	−0.0003	−0.0006
	D	0.9734	0.9630	0.9264	0.0022	−0.0014	0.0002
	A	0.9648	0.9536	0.9198	−0.0007	0.0019	−0.0019
Fruits	V	0.9936	0.9855	0.9265	0.0027	−0.0010	−0.0020
	H	0.9928	0.9848	0.9192	−0.0001	−0.0007	0.0013
	D	0.9897	0.9783	0.8809	0.0013	0.0011	−0.0008
	A	0.9868	0.9694	0.8531	0.0002	0.0029	−0.0028
Baboon	V	0.9235	0.8668	0.9067	−0.0028	−0.0020	0.0010
	H	0.8740	0.7759	0.8844	0.0009	0.0025	−0.0004
	D	0.8649	0.7432	0.8544	0.0015	−0.0020	−0.0028
	A	0.8670	0.7494	0.8540	−0.0007	0.0025	0.0029
Peppers	V	0.9635	0.9811	0.9665	−0.0012	−0.0018	−0.0027
	H	0.9663	0.9817	0.9664	−0.0004	−0.0007	−0.0022
	D	0.9563	0.9686	0.9477	−0.0043	−0.0006	−0.0038
	A	0.9585	0.9708	0.9477	0.0008	0.0020	0.0015
Airplane	V	0.9726	0.9578	0.9640	−0.0003	−0.0008	0.0019
	H	0.9568	0.9678	0.9353	0.0001	−0.0007	0.0041
	D	0.9343	0.9326	0.9146	0.0018	0.0044	−0.0010
	A	0.9350	0.9300	0.9075	−0.0022	−0.0017	−0.0027
Monarch	V	0.9648	0.9523	0.9566	−0.0002	0.0015	0.0013
	H	0.9597	0.9453	0.9506	−0.0004	−0.0016	−0.0009
	D	0.9450	0.9252	0.9309	0.0028	−0.0003	0.0007
	A	0.9245	0.8984	0.9118	−0.0011	−0.0003	−0.0004
Girl	V	0.9811	0.9887	0.9866	0.0048	0.0021	0.0009
	H	0.9901	0.9937	0.9927	0.0032	−0.0008	−0.0002
	D	0.9750	0.9848	0.9823	0.0036	0.0021	−0.0012
	A	0.9772	0.9858	0.9832	0.0001	0.0008	−0.0005

shows the local correlations between neighboring pixels in the benchmark images and their encryption results. It is clear from Table 3 that, for all benchmark images, the correlations in the four directions have been reduced to values near zero after encryption. The encryption results provided by the proposed method are thus highly secure under statistical attacks.

Table 4. The correlations for neighboring pixels in three directions in the encryption results provided by the proposed encryption method and several other approaches for Lena.

Methods	H	V	D
The Proposed	−0.0026	−0.0003	0.0022
Ref. [28]	0.0028	0.0019	−0.0011
Ref. [35]	0.0046	−0.0028	0.0014
Ref. [31]	0.0012	0.0035	0.0056
Ref. [20]	0.0021	0.0018	−0.0026
Ref. [32]	−0.0026	−0.0038	0.0017
Ref. [27]	0.0023	−0.0020	0.0013

compares the correlations for R components in the encryption results generated by all tested approaches on Lena. Table 4 clearly demonstrates that the proposed encryption method achieves the lowest correlation in a vertical direction and its performance on correlations in other directions is comparable with the best performance that can be achieved by the other tested approaches.

3.3. Differential Attacks

A tiny amount of change is often introduced to the keys for encryption or the image that needs to be encrypted to test the strength of an encryption approach against differential attacks. Specifically, one of the initial values of the chaotic systems for encoding is changed by a small amount of ${10}^{-16}$ and the other keys remain the same, a new cipher image can be obtained by encrypting Lena based on the new values of keys. Figure 9a shows the cipher image of Lena obtained with the original values of keys and Figure 9b is the cipher image of Lena generated based on the new values of keys. Figure 9c is the decrypted image obtained from the cipher image in Figure 9a with the original key values. Figure 9d is the decryption result generated from the cipher image in Figure 9b with the new key values. Figure 9 clearly shows that encryption results obtained with the proposed approach are highly sensitive to key values and a slightly different set of key values cannot lead to the corresponding plain images by decryption.

Similarly, a component in a pixel of Lena is changed by 1 to obtain a plain image slightly different from Lena. The new plain image is encrypted with the same set of key values. Figure 10a is the cipher image of Lena and Figure 10b shows the cipher image of the perturbed image of Lena. The difference image of the two cipher images in Figure 10a,b is shown in Figure 10c. It is clear from Figure 10 that cipher images generated based on the proposed approach are highly sensitive to plain images and the cipher image of a plain image cannot be obtained from that of a similar plain image.

Figure 11 shows the decrypted images of two highly similar cipher images. A component in a pixel of a cipher image of Lena is changed by 1 and the resulting image is a perturbed cipher image of Lena. Both images are decrypted with the key values used to generate the cipher image. Figure 11a is the cipher image of Lena and Figure 11b shows the decrypted image of the image in Figure 11a. Figure 11c is the decrypted result obtained on the perturbed cipher image. Figure 11 suggests that the plain image of a cipher image cannot be inferred from that of a similar cipher image.

Two sensitivity measures, including the number of pixels change rate (NPCR) and unified average changing intensity (UACI), are generally used to test the sensitivity of an encryption approach to tiny amounts of perturbation in the keys of encryption or plain image [20,31,35,47]. Specifically, let $P$ be a plain color image that contains $w$ columns and $h$ rows, and let $C$ be the cipher image generated based on a given set of values for encryption keys. After one of the encryption keys or a pixel component in the plain color image is changed by a tiny amount, the plain image is encrypted with the same encryption method and a new cipher image $C_1$ is generated. For a component $m$, Equations (66) and (67) can be utilized to compute its NPCR and UACI values, where the value of $F(u,v,m)$ is 0 if $C(u,v,m)$ and $C_1\left(u,v,m\right)$ are equal and is 1 otherwise.

$$N\left(m\right)=\frac{\sum _{u=1}^h{\sum }_{v=1}^{w}F(u,v,m)}{hw}$$

(66)

$$U\left(m\right)=\frac{\sum _{u=1}^h\sum _{v=1}^w|C_1\left(u,v,m\right)-C\left(u,v,m\right)|}{255hw}$$

(67)

For two independent random color images, $C_1$ and $C$, a value of 99.6094 is obtained for NPCR and a value of 33.4635 is obtained for UACI.

The initial value for a chaotic system that performs encoding is changed by an amount of ${10}^{-16}$ to test the key sensitivity of this encryption approach. For each benchmark image, Equations (66) and (67) are utilized to determine the NPCR and UACI for each component. The NPCR and UACI values for key sensitivity can be found in

Table 5. Values of key sensitivities for the proposed encryption method in NPCR and UACI in all three components.

Images	NPCR(%)			UACI(%)
	R	G	B	R	G	B
Lena	99.61	99.62	99.60	33.48	33.49	33.45
Fruits	99.60	99.61	99.61	33.47	33.52	33.38
Baboon	99.60	99.60	99.60	33.46	33.45	33.46
Peppers	99.61	99.61	99.63	33.44	33.49	33.47
Airplane	99.62	99.60	99.60	33.47	33.47	33.44
Monarch	99.60	99.63	99.61	33.47	33.47	33.45
Girl	99.60	99.64	99.61	33.43	33.52	33.43

. Table 5 clearly demonstrates that the key sensitivity values for the benchmark images in all components are near the values that can be obtained on two completely independent random images.

For NPCR randomness tests, the work in [49] suggests that lower bound values of 99.5893, 99.5810, and 99.5717 are used for testing levels of 0.001, 0.01, and 0.05, respectively. From Table 5, it is clear that this encryption method is able to pass the test of NPCR randomness at all three levels for each benchmark image. For the tests of UACI randomness [49], lower bound values of 33.3730, 33.3445, and 33.3115 are used for testing levels of 0.001, 0.01, and 0.05, respectively, while the upper bound values of 33.5541, 33.5826, and 33.6156 are used for the three testing levels. The results in Table 5 clearly indicate that this encryption approach is able to pass the test of UACI randomness at all three levels for each benchmark image.

Table 6. The NPCR and UACI values for the key sensitivity of all tested encryption methods on Lena.

Methods	NPCR(%)			UACI(%)
	R	G	B	R	G	B
The Proposed	99.61	99.62	99.60	33.48	33.49	33.45
Ref. [28]	99.61	99.60	99.63	33.45	33.42	33.51
Ref. [20]	99.57	99.58	99.57	33.35	33.37	33.38
Ref. [27]	99.62	99.62	99.62	33.48	33.45	33.50
Ref. [31]	99.60	99.59	99.61	33.45	33.45	33.45
Ref. [35]	99.61	99.61	99.61	33.47	33.47	33.47

compares the key sensitivity of the proposed encryption method with several other encryption methods in both UACI and NPCR values obtained on Lena. The results in Table 6 show that a mean value of 99.6100 is achieved by the proposed approach on NPCR values for key sensitivity and the mean value of UACI for the proposed approach is 33.4733. Due to the fact that the best values for NPCR and UACI are 99.6064 and 33.4635, respectively, this encryption method can thus achieve performance that is near optimal and comparable with the best performance achieved by other methods on key sensitivity.

With this encryption approach on plain image sensitivity, a pixel is randomly selected in a plain image and one of its pixel components is changed by 1 and the resulting image is encrypted by the proposed approach. Equations (66) and (67) are employed to calculate the UACI and NPCR values for each benchmark image.

Table 7. Plain image sensitivities of the proposed encryption method in NPCR and UACI for all three components.

Images	NPCR(%)			UACI(%)
	R	G	B	R	G	B
Lena	99.62	99.61	99.60	33.46	33.47	33.55
Fruits	99.60	99.61	99.62	33.47	33.48	33.47
Baboon	99.61	99.63	99.61	33.46	33.48	33.45
Peppers	99.60	99.62	99.60	33.40	33.43	33.52
Airplane	99.60	99.61	99.62	33.47	33.43	33.46
Monarch	99.61	99.60	99.62	33.50	33.49	33.44
Girl	99.61	99.61	99.61	33.41	33.51	33.48

shows the NPCR and UACI values obtained on each benchmark image for plain image sensitivity. It is clear that all plain image sensitivity values in Table 7 are close to the values obtained on two completely independent random images.

Table 7 suggests that this encryption approach can pass the randomness tests at all three levels for plain image sensitivity in terms of both UACI and NPCR values. A comparison of the plain image sensitivity values for all tested encryption methods on Lena can be found in

Table 8. The NPCR and UACI values for the plain image sensitivity of all tested encryption methods on Lena.

Methods	NPCR(%)			UACI(%)
	R	G	B	R	G	B
The Proposed	99.62	99.61	99.60	33.46	33.47	33.55
Ref. [28]	99.62	99.62	99.62	33.47	33.43	33.47
Ref. [27]	99.61	99.63	99.61	33.45	33.46	33.45
Ref. [35]	99.60	99.58	99.59	33.44	33.43	33.43
Ref. [20]	99.58	99.57	99.58	33.34	33.34	33.34
Ref. [31]	99.59	99.60	99.59	33.33	33.33	33.33

. Table 8 clearly shows that the proposed encryption method can achieve a mean value of 99.6100 on NPCR values for plain image sensitivity. The mean of the plain image sensitivity UACI values for the proposed encryption method is 33.4933. The proposed encryption method can thus achieve near-optimal performance on plain image sensitivity. In addition, its performance is comparable with that of other encryption methods on plain image sensitivity.

3.4. Information Entropies of Encryption Results

In general, the randomness associated with an encryption result can be effectively measured using its information entropies. The information entropy of a cipher image in all three components can be calculated from its histograms $H_c$ based on Equations (68) and (69), where $m=\mathrm{1,2},3$ is an integer that represents the R, G, and B components of the cipher image, respectively, $w$ and $h$ are the numbers of columns and rows in the image, and $H_c(s,m)$ is the number of pixels that have a pixel value of $s$ for component $m$.

$$p\left(s,C,m\right)=\frac{H_c(s,m)}{hw}$$

(68)

$$E\left(C,t\right)=-{\sum }_{s=0}^{255}p\left(s,C,m\right){\log }_{2}p(s,C,m)$$

(69)

Equation (69) suggests that a uniform distribution over all integers between 0 and 255 has a value of 8.0 for its information entropy, the best information entropy an encrypted image can achieve for a pixel component is thus 8.0.

Table 9. The values of information entropies for the cipher images provided by the proposed encryption approach.

Images	R	G	B
Lena	7.9993	7.9994	7.9993
Fruits	7.9993	7.9994	7.9993
Baboon	7.9993	7.9993	7.9994
Peppers	7.9993	7.9993	7.9994
Airplane	7.9993	7.9993	7.9993
Monarch	7.9995	7.9995	7.9995
Girl	7.9995	7.9995	7.9996

shows the information entropies of all three components in the encryption results obtained with the proposed encryption method. Table 9 demonstrates that the proposed encryption method is able to achieve near-optimal information entropies for all components in cipher images.

Table 10. The information entropies of all components in the encryption results of Lena.

Methods	R	G	B
The Proposed	7.9993	7.9994	7.9993
Ref. [28]	7.9993	7.9992	7.9994
Ref. [27]	7.9992	7.9992	7.9992
Ref. [35]	7.9992	7.9993	7.9994
Ref. [20]	7.9992	7.9992	7.9992
Ref. [31]	7.9976	7.9976	7.9976

compares the information entropies of the encryption results provided by all encryption methods for Lena. It is clear from Table 10 that the proposed encryption method outperforms all other tested methods on the information entropies of components G and R. Its performance on component B is comparable with the best performance that can be achieved by the other tested encryption methods.

3.5. Values of Peak Noise Signal Ratio

The amount of difference between a color image and its encryption result can be represented by the peak signal noise ratio (PSNR). Given a color image $P$ that contains $h$ rows and $w$ columns, let $C$ be its encryption result. The PSNR of $C$ can be obtained with Equations (70) and (71). Cipher images with a higher PSNR value are thus usually more secure [20].

$$MSE\left(P,C\right)={\sum }_{u=1}^h{\sum }_{v=1}^w{\sum }_{m=1}^3{|P\left(u,v,m\right)-C\left(u,v,m\right)|}^2$$

(70)

$$PSNR\left(C,P\right)=20{\log }_{10}\frac{255\sqrt{3hw}}{\sqrt{MSE(P,C)}}$$

(71)

Table 11. A comparison of several encryption methods on the PSNR values of all benchmark images.

Images	The Proposed	Ref. [28]	Ref. [31]	Ref. [20]	Ref. [27]	Ref. [48]	Ref. [47]
Lena	83.022	83.022	80.927	81.131	83.021	81.225	81.027
Airplane	83.022	83.022	82.234	82.462	83.022	82.531	82.478
Fruits	83.022	83.022	80.835	81.023	83.023	80.632	81.147
Peppers	83.022	83.022	83.073	82.971	83.021	83.105	82.735
Baboon	83.022	83.022	83.145	82.873	83.023	82.534	82.652
Girl	84.783	84.783	84.641	84.653	84.782	84.685	84.437
Monarch	84.783	84.783	84.697	84.732	84.784	84.746	84.625

provides the PSNR values for the encryption results obtained with all tested encryption methods. It can be seen from Table 11 that the performance of the proposed method is comparable with that of the approaches in [27,28]. In addition, it outperforms most of the other tested encryption approaches on PSNR values for cipher images.

3.6. Encryption of General Color Images

For a more comprehensive evaluation of its performance, 100 color images in the BSD500 dataset [40] are encrypted by the proposed approach. The size of all color images used in the experiment is 481 × 321. In addition, the performance of the methods proposed in [20,27,28,31,35], is evaluated and compared with that of the proposed encryption method using the same set of images.

For the variances of histograms,

Table 12. The statistical data obtained for the encryption results provided by all tested methods on the variances of histograms.

Components		The Proposed	Ref. [20]	Ref. [28]	Ref. [27]	Ref. [31]	Ref. [35]
R	Mean	609.98	637.28	594.79	583.19	625.53	648.91
	STD	46.72	46.76	53.73	44.21	45.94	47.52
G	Mean	588.31	646.37	601.27	586.32	631.13	644.93
	STD	36.30	52.94	49.06	50.37	54.06	55.28
B	Mean	598.01	663.71	617.94	607.25	656.22	666.21
	STD	34.87	96.92	45.06	89.61	95.66	98.91

provides their means and standard deviations for the encryption results obtained with all tested methods. For the variances of histograms, the results in Table 12 clearly show that the proposed encryption method can achieve performance higher than that of the approaches in [20,31,35]. Its performance is comparable with the best performance that can be achieved by the approaches in [27,28] on the variances of histograms.

A comparison of the information entropies of encryption results provided by all tested encryption methods can be found in

Table 13. The statistical data on the information entropies of the encryption results provided by all tested methods.

Methods	R		G		B
	Mean	STD	Mean	STD	Mean	STD
The Proposed	7.9988	0.0001	7.9988	0.0001	7.9988	0.0001
Ref. [28]	7.9988	0.0001	7.9988	0.0001	7.9988	0.0001
Ref. [27]	7.9961	0.0005	7.9962	0.0006	7.9962	0.0005
Ref. [35]	7.9952	0.0004	7.9953	0.0003	7.9954	0.0004
Ref. [20]	7.9947	0.0005	7.9982	0.0004	7.9952	0.0004
Ref. [31]	7.9935	0.0003	7.9936	0.0002	7.9935	0.0003

. Table 13 demonstrates that the proposed encryption method is able to achieve a mean value of 7.9988 for the information entropies of all encryption results. Its overall performance on information entropies is thus comparable with the best performance of the approach in [28] and is slightly better than the best performance of the approaches in [20,27,31,35].

Table 14. The statistical data on the PSNRs of the encryption results generated by all tested encryption approaches.

Methods	PSNR
	Mean	STD
The Proposed	80.7231	0.0000
Ref. [28]	80.7231	0.0000
Ref. [27]	80.7229	0.0001
Ref. [35]	80.6343	0.0002
Ref. [20]	80.4352	0.0001
Ref. [31]	80.2396	0.0002

provides statistical information on the PSNR values of the encryption results generated with all tested methods. Table 14 clearly shows that the proposed encryption method can achieve a performance comparable with the best performance of all other tested approaches on PSNR values.

The overall performance of several encryption methods on key sensitivity is compared in

Table 15. The statistical data on the key sensitivity NPCRs and UACIs in the encryption results generated by all tested methods.

Methods		NPCR (%)			UACI (%)
		R	G	B	R	G	B
The Proposed	Mean	99.6055	99.6060	99.6105	33.4490	33.4780	33.4645
	STD	0.0157	0.0150	0.0193	0.0547	0.0573	0.0610
Ref. [28]	Mean	99.6025	99.6110	99.6130	33.4700	33.4835	33.4555
	STD	0.0152	0.0155	0.0130	0.0439	0.0589	0.0867
Ref. [27]	Mean	99.6233	99.6231	99.6232	33.4512	33.4615	33.4513
	STD	0.0221	0.0232	0.0124	0.1053	0.0733	0.1042
Ref. [35]	Mean	99.6002	99.6003	99.6006	33.4315	33.4326	33.4378
	STD	0.0204	0.0213	0.0193	0.1032	0.0985	0.0927
Ref. [20]	Mean	99.6203	99.6201	99.6202	33.4432	33.4428	33.4527
	STD	0.0225	0.0213	0.0204	0.0923	0.1121	0.1027
Ref. [31]	Mean	99.6152	99.6151	99.6153	33.4302	33.4301	33.4415
	STD	0.0227	0.0208	0.0183	0.0925	0.0834	0.1023

. Table 15 clearly demonstrates that the means of both UACI and NPCR values are near their best values for all components and the overall performance of the proposed encryption method on key sensitivity is better than the overall performance of other methods.

Table 16. The statistical data on the plain image sensitivity NPCRs and UACIs for the R, G, and B components in the cipher images generated with all tested methods.

Methods		NPCR (%)			UACI (%)
		R	G	B	R	G	B
The Proposed	Mean	99.6068	99.6121	99.6116	33.4653	33.4595	33.4421
	STD	0.0153	0.0147	0.0125	0.0375	0.0695	0.0458
Ref. [28]	Mean	99.6033	99.6121	99.6107	33.4642	33.4527	33.4658
	STD	0.0101	0.0098	0.0125	0.1017	0.1032	0.1073
Ref. [27]	Mean	99.6062	99.6053	99.6044	33.4573	33.4582	33.4535
	STD	0.0032	0.0011	0.0023	0.1124	0.1025	0.1327
Ref. [35]	Mean	99.5842	99.5837	99.5842	33.4435	33.4483	33.4216
	STD	0.0026	0.0034	0.0015	0.1127	0.1103	0.1114
Ref. [20]	Mean	99.5873	99.5852	99.5973	33.4592	33.4519	33.4612
	STD	0.0015	0.0026	0.0031	0.0833	0.1015	0.0954
Ref. [31]	Mean	99.5851	99.5842	99.5862	33.4532	33.4518	33.4526
	STD	0.0023	0.0021	0.0017	0.0903	0.0874	0.1217

provides a comparison of the overall performance on plain image sensitivity for all tested methods. Table 16 indicates that the overall performance of the proposed encryption method is comparable with that of the other methods on plain image sensitivity.

3.7. Analysis of Classical Attacks

Four different categories of classical attacks have been identified and summarized in previous work [50], the major features of these attacks can be described as follows.

• Known plaintext attacks. In these attacks, a certain amount of plaintext and its ciphertext are available and can be utilized during attacks.
• Chosen ciphertext attacks. In such attacks, a computer program that implements the decryption algorithm can be accessed by an attacker to decrypt some selected special ciphertext and its plaintext can be obtained.
• Chosen plaintext attacks. In attacks of this type, a computer program that implements the encryption algorithm can be utilized by an attacker to encrypt some special plaintext and its ciphertext can be generated.
• Ciphertext-only attacks, in such types of attacks, a certain amount of ciphertext is available to an attacker.

It is clear from the above descriptions of the four classical attacks that chosen ciphertext attacks and chosen plaintext attacks are more powerful than the other types of attacks. An encryption approach can properly handle all four types of classical attacks if it is capable of defending its cipher images against the chosen ciphertext attacks and chosen plaintext attacks. In these two different types of attacks, an attacker obtains equivalent encryption keys by analyzing the plaintext of some special ciphertext or the ciphertext of some special plaintext. Section 2 clearly shows that the equivalent encryption keys of the proposed approach are dependent on the contents of a plain image. The equivalent keys obtained by an attacker thus cannot lead to the plain image of a cipher image since a different set of equivalent keys is needed to decipher the cipher image. Cipher images provided by the proposed approach are thus secure under both chosen ciphertext attacks and chosen plaintext attacks. The proposed approach is thus able to properly handle classical attacks from all four categories.

4. Discussion

The proposed encryption method has been evaluated based on several benchmark color images and a set of images from the BSD dataset. However, its overall performance on all possible types of plain color images remains uncertain and thus needs to be evaluated by experiments that are more comprehensive. The encoding operations in the proposed encryption method are based on a codebook that is under constant evolution and updates determined by a set of chaotic systems. It is expected that encodings performed on longer subsequences can possibly further improve the randomness of an encryption result and thus lead to improved security for a cipher image. However, for a subsequence of $l$ bits, a codebook with $2^l$ entries needs to be constructed and maintained for encryption. Such an exponential growth in the size of a codebook requires that $l$ must be a small integer. The exponential size of the codebook used for encoding is thus an important disadvantage of the proposed approach. Further improvements in this aspect may need to be considered in future work.

In [51], an encryption method that combines bit-level scrambling with multiplication diffusion is proposed for image encryption. Similar to the proposed approach, the bit-level scrambling operations developed in [51] partitions the bits in an image into eight sets for scrambling. However, the method in [51] scrambles bits based on a combination of flip scrambling, improved circle index scrambling, and binary tree while the bit-level scrambling method proposed in this paper utilizes a rectangular structure and a set of logistic systems to scramble the bits. The techniques developed in [51] for bit-level scrambling can potentially be used together with the proposed approach to further improve the security of cipher images.

5. Conclusions

A new method is proposed in this paper to generate secure encryption results for color images. A color image can be encrypted in three phases. In the first phase, the proposed approach partitions the binary bits in the pixel values of an image into a few sequences and scrambles the bits in each sequence to obtain a fully scrambled color image. In the second phase of the approach, a scrambled image is processed with a set of accumulative bit exclusive-or operations performed on all columns and rows the image contains. The resulting image is an image that is partially encrypted. The third phase of the approach utilizes an evolutionary codebook to encode the partially encrypted image and generate the encryption result. The codebook is constantly updated with the cross-over and mutation operations determined by the outputs of a number of chaotic systems. Analysis of the proposed encryption method on its key space demonstrates that it is secure under attacks that utilize brutal forces. Testing results show that the encryption results provided by the proposed method are secure under different types of attacks. Its performance is also compared with that of several other encryption methods based on several different measures for security. The results of the comparison suggest that it is able to achieve overall performance higher than that of several other approaches developed to encrypt images. The proposed approach can thus be used in various applications that require the secure encryption of color images.

For future research, more comprehensive analysis and experiments are needed to evaluate the overall performance of the proposed approach. In addition, more sophisticated cross-over and mutation operations can be developed to further improve the security of encryption. The work in [52] analyzes the bit-level scrambling operations used in an encryption approach based on chaotic systems and develops a chosen ciphertext attack method that can crack the approach. It is, therefore, necessary to consider the bit-level operations developed in other research work [51,52] to further improve the randomness of scrambled images.