*Article* **A New Algorithm for Medical Color Images Encryption Using Chaotic Systems**

#### **Seyed Shahabeddin Moafimadani \*, Yucheng Chen and Chunming Tang \***

School of Mathematics and Information Science, Guangzhou University, Guangzhou 510006, China; yuchengchen@e.gzhu.edu.cn

**\*** Correspondence: ctang@gzhu.edu.cn (C.T.); Shahabmadani@e.gzhu.cn (S.S.M.)

Received: 11 May 2019; Accepted: 4 June 2019; Published: 10 June 2019

**Abstract:** In this paper, we present a new algorithm based on chaotic systems to protect medical images against attacks. The proposed algorithm has two main parts: A high-speed permutation process and adaptive diffusion. After the implementation of the algorithm in the MATLAB software, it is observed that the algorithm is effective and appropriate. Also, to quantitatively evaluate the uniformity of the histogram, the chi-square test is done. Key sensitivity analysis demonstrates that images cannot be decrypted whenever a small change happens in the key, which indicates that the algorithm is suitable. Clearly, part of special images is selected to test the selected plain-text, like an all-white image and an all-black image. Entropy results obtained from the implementation of the algorithm on this type of images show that the proposed method is suitable for this particular type of images. In addition, the obtained results from noise and occlusion attacks analysis show that the proposed algorithm can withstand against these types of attacks. Moreover, it can be seen that the images after encryption and decryption are of good quality; the measures such as the correlation coefficients, the entropy, the number of pixel change rate (NPCR), and the uniform average change intensity (UACI) have suitable values; and the method is better than previous methods.

**Keywords:** image encryption; medical color images; RGB; chaotic system

#### **1. Introduction**

The confidentiality of patient information is one of the vital security aspects of electronic health services. For example, the confidentiality of patients' medical records is necessary. In addition, the methods of protection should be improved due to the rapid advancement of technologies for accessing the personal information of individuals. The security and privacy of medical image transferring is one of the acute subjects that should be seriously considered in telecare medical information systems (TMIS). In the past years, medical images were grayscale, but today, color images have entered the medical arena, and they can show more accurate information about body conditions. Color images that are acquired by new scanners using the Medipix3RX chip technology are very important in the medical arena. Image-data transferring from a position to another via an unsafe network are usually determined in qualifications of privacy, validity, totality, and confidentiality. Therefore, more significance should be given to the security of the sensitive data that are included in medical images by DICOM (digital imaging communication in medicine). In this textuality, many problems using various cryptographic techniques have been proposed in the literature to overcome this problem [1–4]. In their paper, Abdel-Nabi and Al-Haj proposed a hybrid encryption algorithm using watermarking that offers high embedding capabilities for medical images. The proposed algorithm is a combination of reversible data-caching techniques with standard encryption techniques for ensuring the security requirements for transferred and stored medical images [5]. In their paper, Abdmouleh et al. presented a partial cryptographic approach that was based on the digital wavelet transform (DWT) and was

JPEG2000 compliant to ensure the safe transfer and storage of medical images [6]. Lakshmi et al. presented a similar algorithm using a discrete wavelet transform (DWT), with the difference being that they used a fuzzy chaotic map for the watermarking [7]. In their paper, Cao et al. presented a medical image encryption algorithm using edge maps that were derived from a source image. The algorithm consists of three parts: Bit-plane decomposition, a random-sequence generator, and permutation [8]. Ismail et al. presented the double-humped (DH) logistic map to produce pseudorandom numbers keys (PRNG) in their paper. The generalized parameter that is added to the map provides more control on the map chaotic range [9]. Jeong et al. proposed a new medical image encrypting method using a 2D chaotic map and C-MLCA in their article. The 2D chaotic map is a construction with selfguarding attributes, which moves the location of the pixel and encrypts the image [10]. In their method, Ke et al. offered an encryption algorithm that was based on reversible data using the MSB-based prediction [11]. In their study, Nematzadeh et al. proposed an encryption method for medical images based on a hybrid pattern of the improved genetic algorithm (IGA) and paired map lattices. First, the assumed way employs a paired map lattice to produce a some of secure cipher-images as a primitive population of the IGA. Then, it exerts the IGA to both increase the entropy of the cipher images and reduce the algorithm's calculations time [12]. In their paper, Singh et al. proposed a medical image encryption scheme algorithm using the improved ElGamal encryption technique. Their proposed method made a new contribution since the necessity for separate calculations for encoding plain messages to elliptic curve coordinates was removed. The algorithm using the improved version of the ElGamal encryption scheme is designed to encrypt medical images [13]. Suganya and Amudha's proposed method uses two encryption algorithms, namely, RC4 and AES, which are the stream cipher and block cipher algorithms, respectively. The main objective of this method is to provide integrity control for medical images, although they are encrypted. Experimental security analysis is conducted using 8-bit ultrasound images and 16-bit positron emission tomography (PET) images [14]. The chaos systems that have become popular today have been used in many types of research. For example: Liang and Qi investigated mechanical analysis of generates the Chen chaotic system to the extensile Kolmogorov system. In Hu et al.'s research, the Chen chaotic system is designed as a pseudorandom sequence producer. In their research, Wang et al. used the memristor chaotic systems (MCSs). Gong et al. provided a method for image encryption based on hyper-chaotic system and discrete fractional random transform. Michail et al.'s research was based on chaotic systems and hash functions to implement totally self-checking (TSC). James et al., in their research based on chaotic systems and hash functions, discussed the performance of SHA-3 256- bit core. Ahmad and Das, based on chaos and hash algorithms, discussed Hardware performance analysis of SHA-256 and SHA-512 algorithms on FPGAs. In their research, Xu et al. improved chaotic cryptosystem based on circular bit shift and XOR operations. Pareek and Patidar, in their research, designed medical image protection based on genetic algorithm and chaotic system. Hua et al., in their study, designed medical image encryption using hash algorithm high-speed scrambling [15–24]. Also, Chai et al. designed a color image encryption method based on dynamic DNA encryption and chaotic system [25] and Ma et al. provided a new method of plaintext-related and chaos-based image encryption [26]. Niyat et al. offered an image encryption algorithm with the rule of cellular automata (CA). CA is a self- establishing construction with a group of cells in which any cell is updated based on certain regulation that are to depend on a limited number of neighboring cells [27]. Chen et al. designed an image encryption method based on hyperchaotic system in the turner transfigure domain. The RGB ingredients of the main color image are encrypted into 1D circulation. [28]. The method in [5] focused on the embedding capacity, but no results are given with respect to other criteria, such as the correlation coefficients entropy, the number of pixel change rate (NPCR), or the uniform average change intensity (UACI). The methods in [6,7] are based on the digital wavelet transform (DWT) and allow for safe transport, but they do not provide suitable results with respect to the correlation coefficients. The results that were obtained in [8] are only suitable for the NPCR, and other values are not suitable. In the method in [9], the values that are obtained are appropriate, but they are only suitable for grayscale images. The results of the methods

in [10–12] are only suitable with respect to their correlation coefficients, but there are no improvements with respect other criteria. The results that are obtained in [13,14] are only suitable with respect to entropy. The methods in [27,28] perform well in color images encrypting and can be used to encrypt medical images. Nevertheless, our method is better in terms of the correlation coefficients, the entropy, the NPCR, and the UACI.

Our aim in this paper is to provide an algorithm that protects medical color images based on chaotic systems and SHA-256 systems. The algorithm is composed of two parts: A high-speed permutation process and adaptive diffusion. For this reason, in Section 2, we will present the basic concepts of chaotic systems and SHA-256 systems. In Section 3, we will describe the proposed algorithm's equations, and in Section 4, the empirical results from the implementation of the proposed algorithm that is simulated in the MATLAB software will be given. In Section 5, we compare the results of the proposed method with previous methods, and in Section 6, we will explain the quality and appropriateness of this method.

#### **2. Preliminary Work**

#### *2.1. Chaotic Systems*

Chaos theory is a chapter of mathematics centralization on the action of dynamical systems that are highly sensitive to initial situation. "Chaos" is a notion denoting that within the obvious accidentalness of chaotic systems, there are basically models, stable feedback rings, iteration, selflikeness, fractals, self- formation, and dependence on programming at the initial part, which is known to have sensitive to depend on initial situation.

Little differences in initial situation, like those owing to rounding errors in numerical calculations, output widely in different outcomes for dynamical systems, thus, generally interpretation of the long-term oracle of their action impossible. This action is known as certain chaos, or simply chaos. The theory was tabloid by Edward Lorenz as follows:

Chaos: When the design specifies the future, but the proximate present does not proximately specify the future.

In 1963, Lorenz studied chaotic systems using a nonlinear differential equation, which is one of the first examples of algebraic chaotic systems in dissipative systems. Chaotic systems are very abundant in nature and they are used in many branches of science, such as the physics of dynamics and photonics, medical sciences, chemistry, and demography. In recent years, much research has been done on chaotic systems by scientists and more practical systems have been introduced, such as Chen's system, Lu's system, and Qi's 3D four-wing chaotic system [15–17]. The chaotic system that is used in this algorithm is the Chen-based hyper-chaotic system. The Chen-based hyper-chaotic system in [18] is described as follows: .

$$\begin{cases} \dot{\mathbf{s}} = \mathbf{a}(\mathbf{t} - \mathbf{s}) \\ \dot{\mathbf{t}} = \mathbf{d}\mathbf{s} - \mathbf{s}\mathbf{u} + \mathbf{c}\mathbf{t} - \mathbf{v} \\ \dot{\mathbf{u}} = \mathbf{s}\mathbf{t} - \mathbf{b}\mathbf{u} \\ \dot{\mathbf{v}} = \mathbf{s} + \mathbf{w} \end{cases} \tag{1}$$

where s, t, u, and v are the fixed variables and a, b, c, d, and w are the controlling parameters of the system. The dynamical cycle will be hyper-chaotic when a = 36, b = 3, c = 28, d = −16, and −0.7 < w < 0.7.

#### *2.2. SHA-256 (Secure Hash Algorithm 256)*

A cryptographic hash (sometimes called a "digest") is a type of 'signature' for a text or data file. The SHA-256 products an almost-unique 256-bit (32-byte) signature for a text. The SHA-256 is a type of the deputy hash functions to the SHA-1 (referential to as SHA-2) and is one of the existing powerfulness hash functions. The SHA-256 is not much more complicated to code than the SHA-1 and has not yet been agreement in any path. The 256-bit key makes it a good common-function for the AES. It is explained in the NIST (National Institute of Standards and Technology) standard 'FIPS 180-4'. The NIST also prepared a number of test vectors to investigate the validity of its execution [19–21].

To the SHA-256, the message is decomposed to n blocks with 512 bits, and at the end of its the final block, bit '1' is added to be followed by k zero bits, where k is the least nonnegative the answer path of the equation l + 1 + k = 448mod512. Next, a 64-bit binary block that is equivalent to l is added. Clearly, a "1" followed by k "0" s that is followed by 64 bits are added at the end of M to generate a crooked message of length 512 ∗ *n* bits. For instance, the 8-bit ASCII message "abc" has a length of l = 8 × 3 = 24. Therefore, the message is padded with a one bit, then 448 − (24 + 1) = 423 zero, and then the 64 bits of the length of message (11000)<sup>2</sup> = (24)10. Then, one message plan carries out on the blocks of M, generating the *Wt* amount, any of which is to the corresponding t-th repetition of the transmutation. The transmutation takes *Wt*, a fixed value, *Kt* and the primary amounts *H*(0) (in the repetition one) or the values generated in the past repetition; carries out the transmutation procedure; and produces a series of hash values via a number of repetitions. The last produced hash value is considered as the message digest, h [19]. The SHA-256 needs 64 repetition to generate its message digest. The round contains additives and rational functions that are set to generate the round's output values. The included NLFs are shown in Equation (2):

$$\begin{aligned} \text{Ch}(\mathbf{x}, \ y, z) &= (\mathbf{x} \bullet y) \oplus (\mathbf{\bar{x}} \bullet y) \\ \text{Maj}(\mathbf{x}, \ y, z) &= (\mathbf{x} \bullet y) \oplus (\mathbf{x} \bullet z) \oplus (\mathbf{x} \bullet z) \\ \stackrel{256}{\sum}(\mathbf{x}) &= \text{ROTR}^2(\mathbf{x}) \oplus \text{ROTR}^{13}(\mathbf{x}) \oplus \text{ROTR}^{22}(\mathbf{x}) \\ \stackrel{0}{256} \\ \sum\_{1}(\mathbf{x}) &= \text{ROTR}^6(\mathbf{x}) \oplus \text{ROTR}^{11}(\mathbf{x}) \oplus \text{ROTR}^{25}(\mathbf{x}) \end{aligned} \tag{2}$$

where ⊕, •, and ¯ denote the XOR, AND, and NOT bitwise rational functions, respectively, and *x*, *y*, and *z* are 32-bit words. *ROTRX* Shows x right round bit spin. According to the 64 *Wt* values that are necessary, the first 16 are organized by the 512-bit input block whereas the remaining 48 *Wt* amounts are calculated using Equation (3). The functions σ<sup>0</sup> and σ<sup>1</sup> are computed using Equation (4).

$$\mathcal{W}\_{t} = \sigma\_{1}^{\{256\}} (\mathcal{W}\_{t-2}) + \mathcal{W}\_{t-7} + \sigma\_{0}^{\{256\}} (\mathcal{W}\_{t-15}) + \mathcal{W}\_{t-16} 16 \le t \le 63 \tag{3}$$

$$\begin{array}{l} \sigma\_0^{\langle 256 \rangle} = ROTR^{\langle 7 \rangle}(x) \oplus ROTR^{\langle 18 \rangle}(x) \oplus SHR^3(x) \\ \sigma\_1^{\langle 256 \rangle} = ROTR^{\langle 17 \rangle}(x) \oplus ROTR^{\langle 19 \rangle}(x) \oplus SHR^{\langle 10 \rangle}(x) \end{array} \tag{4}$$

Here, *SHRx* stands for the right bit shift. The SHA-256 base transformation rounds are shown in Figure 1.

**Figure 1.** Secure hash algorithm 256 (SHA-256) base transformation rounds.

#### *2.3. SHA-256 Architectures*

The performance of the SHA-256 construction's transformation round is shown in Figure 1. It takes, as inputs, eight 32-bit characters, (*at*−<sup>1</sup> − *ht*−1), the value *Wt*−1, and the stable value *Kt*−1, performs the calculations shown in Figure 1, and generates the values (*at* − *ht*) after 64 repetitions [19].

#### **3. Proposed Algorithm**

The proposed algorithm has two parts: A high-speed permutation process and adaptive diffusion.

#### *3.1. High-Speed Permutation Process*

⎧ ⎪⎪⎪⎪⎪⎪⎨ ⎪⎪⎪⎪⎪⎪⎩

Step 1. First, the plain image P of size *M* × *N* × *D* is used as the input; it has the initial state values of *a*0, *b*0, *c*0, and *d*0; and uses the SHA-256 function, which is constructed according to the plain image. We consider *DM* = *D* × *M* and *s* = *sum*(*sha*256)/(64 × 256), which reshape matrix P into the 2D matrix P1. Then, the new values of the chaos system *a*0, *b*0, *c*0, and *d*0 are generated using Equation (4) as follows:

$$\begin{cases} \begin{array}{l} a0 = s + a0 - s + a0 \\ b0 = s + b0 - s + b0 \\ c0 = s + c0 - s + c0 \\ d0 = s + d0 - s + d0 \end{array} . \end{cases} \tag{5}$$

Step 2. Then, the initial values and parameters are used to iterate the chaotic systems to obtain the vectors *a*1, *a*2, *a*3, and *a*4 and quantize to generate four different vectors *PR*1, *PC*1, *PR*2, and *PC*2, which are as follows:

$$\begin{aligned} PR1 &= (|a1| - a1) \times 10^{15} \bmod N + 1\\ PC1 &= (|a2| - a2) \times 10^{15} \bmod DM + 1\\ PR2 &= (|a3| - a3) \times 10^{15} \bmod N + 1\\ PC2 &= (|a4| - a4) \times 10^{15} \bmod DM + 1 \end{aligned} \tag{6}$$

Here, we have to use the *circshi f t* (shift array circularly) rule and its definition is as follows: If A and B are matrixes, *B* = *circshi f t*(*A*, *shi f tsize*) circularly shifts the values in the array A using the shift size elements [22].

Step 3. We consider *PR*, *PC* ∈ N*DM*×*<sup>N</sup>* and for *i* = 1 to *DM*, if *i* is odd, then we get the following:

$$\begin{cases} \text{PR}(:,i) = \text{circshift } \text{P1}(i,:) \text{ by step } \text{PR1}(i) \\ \quad \text{and else} \\ \text{PR}(:,i) = \text{circshift } \text{P1}(i,:) \text{by step } - \text{PR2}(i) \end{cases} \tag{7}$$

Step 4. For *j* = 1 to *N*, if *j* is odd, then we get the following:

$$\begin{cases} \text{PC}(:,j) = \text{circshift } \text{IR}(:,j) \text{ by step } \text{IC1}(j) \\ \quad \text{and } \text{else} \\ \text{PC}(:,j) = \text{circshift } \text{IR}(:,j) \text{by step } -\text{IC2}(j) \end{cases} \tag{8}$$

Now, *P*2 = *PC* is the permutated image.

This Process explained in Algorithm 1 with the title: High-speed Permutation Process.

#### **Algorithm 1** High-speed Permutation Process

Input: Image P of size M × N × D, Initial state: a0, b0, c0, d0, and Sha256 value of P Output: Permutated Image


```
14. PC(:,j) = circshift PR(:,j) by step PC1(j)
```

⎧ ⎪⎪⎪⎪⎪⎪⎨ ⎪⎪⎪⎪⎪⎪⎩


#### *3.2. Adaptive Di*ff*usion*

Step 1. First, the other initial values and parameters are used to iterate the chaotic systems to obtain the vectors *a*110, *b*110, *c*110, and *d*110, and they are quantized to generate four different vectors *a*11, *b*11, *c*11, and *d*11.

We set *N*0 as a random number, *N*00 = *N*0 + 1 and *nn* = (*DM* × *N*)/2.

$$\begin{array}{l} a11 = |(a110 + b110) \times 10^{15})|m \text{od} 2^3 + 1\\ b11 = |(b110 - a110) \times 10^{15})|m \text{d} 2^3 + 1\\ c11 = |(c110 + d110) \times 10^{15})|m \text{d} 2^8\\ d11 = |(c110 + d110) \times 10^{15})|m \text{d} 2^8 \end{array} \tag{9}$$

Step 2. Set A, B ∈ N*DM*×*<sup>N</sup>* and *i* = 1 *to DM*. If *i* ≥ 1 and *i* ≤ *DM*/2, then we get the following:

$$\begin{cases} A(i,:) = a11 \left( \left( (i-1) \times N + 1 \right) : (i \times N),: \right) \\ B(i,:) = c11 \left( \left( (i-1) \times N + 1 \right) : (i \times N),: \right) \end{cases} \tag{10}$$

Otherwise,

$$\begin{cases} A(i,:) = b11(((i-1-(DM/2))\times N+1):((i-(DM/2))\times N),:)\\ B(i,:) = d11(((i-1-(DM/2))\times N+1):((i-(DM/2))\times N),:) \end{cases} \tag{11}$$

Step 3. Here, we have to apply *bitcircshift* rule, which is an action that is done on all of the bits of a binary amount, in which they are transformed by a determined number of locations to the left or right. *Bitcircshift* is used when the operand is being used as a series of bits relatively than generally. In other words, the operand behaves as single bits that show something and are not values [22].

Let *P*2 = *PC*, and *P*3 ∈ N*DM*×*N*. If *i* = 1 *to DM and j* = 1 *to N*, then we get the following:

$$P\mathbf{3}(i,j) = b \mathbf{it} \mathbf{circ} \mathbf{h} \mathbf{if} \text{ P2}(i,j) \mathbf{by} \text{ step } \mathbf{A}(i,j). \tag{12}$$

Step 4. Let *keyr*<sup>0</sup> = (*a*110(1 : *N*) + *b*110(1 : *N*)) /2 and *keyc*<sup>0</sup> = (*c*110(1 : *DM*) + *d*110(1 : *DM*))/2, and quantize them as *keyr* and *keyc*, respectively, in [0, 255].

$$\begin{cases} \,\,\,key\_r = |\mathbf{k}ey\_{r0}| \times 10^{15} \,\,mod 256\\ \,\,key\_\ell = |\mathbf{k}ey\_{c0}| \times 10^{15} \,\,mod 256 \end{cases} \tag{13}$$

Step 5. Set *P*4*R*, *P*4*C* ∈ N*DM*×*N*. If *i* = 1 *to DM*, *r*1 = *circshi f t*(*B*(*i*, ;), [0, *i*]) and *i* = 1, then we get the following:

$$\begin{cases} \text{P4R}(i,:) = \left( (P3(i,:) + r1) \bmod 256 \right) \oplus kry\_r \\ \quad \text{and else} \\\ P4R(i,:) = \left( (P3(i,:) + r1) \bmod 256 \right) \oplus P4R((i-1),:) \end{cases} \tag{14}$$

Step 6. If *j* = 1 *to N*, *c*1 = *circshi f t*(*B*(*j*, :), [*j*, 0]) and *j* = 1, then we get the following:

$$\begin{cases} \text{P4C}(:,j) = \left( (P4\text{R}(:,j) + c1) \text{mod256} \right) \oplus kxy\_c \\ \quad \text{and else} \\\ \text{P4C}(:,j) = \left( (P4\text{R}(:,j) + c1) \text{mod256} \right) \oplus \text{P4C}(:, (j-1)) \end{cases} \tag{15}$$

P4C, the final image, is encrypted.

This Process explained in Algorithm 2 with the title: Adaptive diffusion.

Our proposed algorithm is a symmetric algorithm. The decryption procedure is the opposite of the encryption method and decryption is done using the encryption method's formulas. This is shown in Figure 2.

**Remark 1.** *The proposed algorithm is suitable for all color images (RGB). Because medical images are very important in today's technological world, we decided to use the proposed algorithm for medical images.*

#### **Algorithm 2** Adaptive diffusion

Input: Input data from permutation procession Output: Encrypted Image 1: Use other initial values and parameters to iterate the chaotic system again to get the vectors: a110, b110, c110, d110, and quantize them to generate four different vectors: a11, b11, c11, d11. 2: Set A, B <sup>∈</sup>NDM×<sup>N</sup> 3: for i = 1 to DM do 4: if i ≥ 1 and i ≤ DM/2 then 5: A(i,:) = a11(((i − 1) × N + 1) : (i × N),:) 6: B(i,:) = c11(((i − 1) × N + 1) : (i × N),:) 7: else 8: A(i,:) = b11(((i − 1 − (DM/2)) × N + 1) : ((i − (DM/2)) × N),:) B(i,:) = d11(((i − 1 − (DM/2)) × N + 1) : ((i − (DM/2)) × N),:) 9: end if 10: end for 11: Let P2 <sup>=</sup> PC, and set P3 <sup>∈</sup>NDM×<sup>N</sup> 12: for i = 1 to DM do 13: for j = 1 to N do 14: P3(i,j) = bitcircshift P2(i,j) by step A(i,j) 15: end for 16: end for 17: Let key\_r0 = (a110(1 : N)+b110(1 : N)) /2, key\_c0 = (c110(1 : DM)+d110(1 : DM))/2, and quantize them key\_r, key\_c, in [0, 255] 18: Set P4R, P4C <sup>∈</sup>NDM×<sup>N</sup> 19: for i = 1 to DM do 20: r1 = circshift (B(i,;),[0,i]) 21: if i = 1 then 22: P4R(i,:) = bitxor(mod((P3(i, :)+r1), 256), key\_r) 23: else 24: P4R(i,:) = bitxor(mod((P3(i, :)+r1), 256), P4R((i-1), :)) 25: end if 26: end for 27: for j = 1 to N do 28: c1 = circshift (B(j,:),[j,0]) 29: if j = 1 then 30: P4C(:,j) = bitxor(mod((P4R(:, j)+c1), 256), key\_c) 31: else 32: P4C(:,j) = bitxor(mod((P4R(:, j)+c1), 256), P4C(:, (j-1))) 33: end if 34: end for 35: Let P4C be the final encrypted image 36: return Encrypted Image The decryption process is inverse encryption process. Input: Input data from permutation procession Output: Encrypted Image

(b)

**Figure 2.** Schematic of the proposed encryption algorithm (**a**), and schematic of the proposed decryption algorithm (**b**).

#### **4. Experiment Result and Security Analysis**

In this section, we implemented the proposed algorithm on two medical color images using the MATLAB 2017a software environment (in personal computer with core i7, 3.4GHz, RAM 16GB). As we stated in the introduction, the medical color images are obtained using the Medipix3RX chip technology that is used in today's imaging devices [1–4].

For example, four color images 256 × 256 in size have been selected as the plain images. In Figure 3, images b, e, h, and k are images that are encrypted by the proposed algorithm for the plain images a, d, g, and j, respectively; and images c, f, i, and l are the decrypted images.

**Figure 3.** (**a**,**d**,**g**,**j**): Plain images. (**b**,**e**,**h**,**k**): Respective encrypted images. (**c**,**f**,**i**,**l**): Respective decrypted images. Initial values for all images: (a0 = 0.1314, b0 = 0.5214, c0 = 0.3698, and d0 = 0.8419). Values of the chaotic system: Image (**a**): sha256 = '9ADBBFB88CFD90C23CE114E4740 2054E6DDC4182510E80980EA7151CD11E6D18', image (**d**): sha256 = '8BF6A886E4B58D2B530749 EE9BAB54A3C360D406DC5B901CC169D7870FA3CA09', image (**g**): sha256 = '49A22186DB65786789 CD1391CDE4D9737039E758F39A45C59D8338DE05353337', and image (**j**): sha256 = '6EB1ADE45F27A 67E09A25265835F05BC11E057255DA81359299631F4724936C8'.

#### *4.1. Security Analysis*

As seen, it is not possible to visually compare the plain images with images that were obtained from the decryption process, and the measures such as the correlation coefficients of two adjacent pixels in the plain image and the cipher image, the entropy, the NPCR (number of pixel change rate), and the UACI (uniform average change intensity) should be mathematically examined. We consider an example of a baby's image.

#### *4.2. Histogram Analysis*

Color images include three main color channels (red, green, and blue), and these images are called RGB images. Figure 4 shows the histograms of these three channels that are observed for the baby's image.

**Figure 4.** (**a**): Plain image baby, and (**b**–**d**): R, G, and B histograms, respectively.

In Figure 5, we can see the baby's decrypted image from the three-channel color histograms.

**Figure 5.** (**a**): Baby's decrypted image, and (**b**–**d**): R, G, and B histograms, respectively.

Chi-square Analysis

Statistical analysis is a type of the commonplace cryptology procedures. The monotony of the histogram of cipher demonstrates the strength of the encryption path to statistical analysis. The ocular effect of the histogram is not sufficient to verify the accident of a cipher image's pixel values [26]. To quantitatively measure the monotony of the histogram, we use the chi-square test as a metric. The description of the chi-square is as follows:

$$\begin{array}{c} \chi^2\_{\exp} = \sum\_{i=1}^{Q} \frac{(Q\_i - c\_i)^2}{c\_i},\\ c\_i = \frac{M \times \mathcal{N}}{Q}, \end{array} \tag{16}$$

where *Q* = 256 in our method, *oi* is the observed incidence frequency of each rate on the histogram of the ciphered image, *ei* is the envisage incidence frequency of the uniform distribution, and *M* × *N* is the length of an image trail. For an ideal image encryption system, the empirical chi-square value should be less than the theoretic amount. With the importance level of 0.05, the theoretic chi-square value is 293 [26]. The chi-square test conclusions and transition rates are listed in Tables 1 and 2. All the test images transition the test, which shows that our plan has a satisfying encryption effect.


**Channels R G B R G B**

*test* 285.8359 261.9980 247.2793 250.0836 210.7622 231.1039

255.0.05 293 293 293 293 293 293 Passor not Yes Yes Yes Yes Yes Yes

**Images g j**


#### *4.3. Correlation Analysis*

*x*2

*x*2

The correlation coefficient of two adjacent pixels in the plain image and the cipher image is one of the important factors in determining the quality of image encryption algorithms [23]. In Figure 6, we can see the correlation histograms for the plain image and cipher image, and the correlation histograms are shown in three directions: Horizontal, vertical, and diagonal.

**Figure 6.** Correlation histograms. (**a**–**c**): For the plain image; and (**d**–**f**): For the cipher image.

In Table 3, the numerical values of the correlation for the plain image and the cipher image are given, and the values in the table are calculated for three directions: Horizontal, vertical, and diagonal. We can specifically see that the correlation coefficients of the plain image are near to 1, however the correlation coefficients of the cipher-image are about equal 0, which may explain why the designed encrypted algorithm has a powerful resistance to possible statistical attacks. The table specifies that the proposed algorithm has the required quality. The correlation coefficient of two adjacent pixels in the plain image and the cipher image is obtained as follows:

$$r\_{xy} = \frac{E((\mathbf{x}\_i - E(\mathbf{x}))(y\_i - E(y))}{\sqrt{D(\mathbf{x})D(y)}} \tag{17}$$

where

$$\begin{array}{c} E(\mathbf{x}) = \frac{1}{N} \sum\_{i=1}^{n} \boldsymbol{\pi}\_{i\prime} \\ D(\mathbf{x}) = \frac{1}{N} \sum\_{i=1}^{n} (\boldsymbol{\pi}\_{i} - E(\mathbf{x}))^{2} \dots \end{array}$$

*<sup>E</sup>*((*xi* <sup>−</sup> *<sup>E</sup>*(*x*))(*yi* <sup>−</sup> *<sup>E</sup>*(*y*)) = *cov*(*x*, *<sup>y</sup>*), *<sup>E</sup>*(*x*) = <sup>1</sup> *N <sup>N</sup> <sup>i</sup>*=<sup>1</sup> *xi* is the expected value, *N* is the number of image pixels, and *D*(*x*) = <sup>1</sup> *N <sup>N</sup> <sup>i</sup>*=1(*xi* <sup>−</sup> *<sup>E</sup>*(*x*))<sup>2</sup> is the variance. *<sup>x</sup>* and *<sup>y</sup>* are the gray values of two adjacent pixels, and *N* is the total number of pixels that are chosen from the image.


**Table 3.** Correlation coefficients in the plain image and the cipher image.


**Table 3.** *Cont.*

#### *4.4. Entropy Analysis*

The entropy randomly measures the data sequence and is defined as follows [24]:

$$H(S) = \sum\_{i=0}^{2^N - 1} P(s\_i) \log \left(\frac{1}{P(s\_i)}\right) \tag{18}$$

where *N* is the number of grayscale levels in an image, and *P*(*si*) is the incidence possibility of grayscale "I" in the image. The entropy amount will be 8 for images that are wholly accidentally generated. The nearer the entropy of an encryption method is to 8, the less foreseeable it is, and thus, the more secure the plan. The entropies for the designed encryption method have been measured for a sample image and the conclusions are shown in Table 4.

**Table 4.** Information entropies results for plain and cipher images.


#### *4.5. NPCR (Number of Pixel Change Rate) and UACI (Uniform Average Change Intensity)*

In a differential attack, a little variation is built to the plain image, and the designed algorithm is employed to encrypt the plain image before and after this variation. These two encrypted images have been evaluated to detect any possible connection between the plain image and the cipher image. The (UACI) and the (NPCR) are two indicator that are regularly used by researchers to test the differential attack resistor of any image encryption method [12].

Suppose that *C*<sup>1</sup> and *C*<sup>2</sup> are two cipher images that are encrypted from two plain images with only one-bit difference. The NPCR and UACI are defined as follows:

$$\text{NPCR}(\mathbf{C}\_1, \mathbf{C}\_2) = \sum\_{i,j} \frac{H(i,j)}{M} \times 100\% \tag{19}$$

and

$$\text{LLACI}(\text{C}\_1, \text{C}\_2) = \sum\_{i,j} \frac{|\text{C}\_1(i, j) - \text{C}\_2(i, j)|}{(S - 1) \times M} \times 100\% \tag{20}$$

where *M* shows the total number of pixels in any cipher-image, S illustrates the number of allowed pixels, and *H*(*i*, *j*) demonstrates the difference between *C*<sup>1</sup> and *C*2, which is specified as follows.

$$H(i,j) = \begin{cases} \ 0, & \text{if } \quad \mathbb{C}\_1(i,j) = \mathbb{C}\_2(i,j) \\\ 1, & \text{if } \quad \mathbb{C}\_1(i,j) \neq \mathbb{C}\_2(i,j) \end{cases} \tag{21}$$

The larger the NPCR and UACI are, the better the quality of the algorithm. For four randomly selected points, the NPCRs and UACIs are listed in Table 5.

**Table 5.** Number of pixel change rates (NPCRs) and uniform average change intensities (UACIs) of different positions (%).


#### *4.6. Key Space*

The key space for encryption algorithms should be large enough to withstand potential attacks. The minimum key space should be 2100. The input values of (*x*0, *y*0, *z*0, *h*0, *SHA*256) act as a secret key, and, based on this, the secret key space is 10<sup>14</sup> <sup>×</sup> 1014 <sup>×</sup> 1014 <sup>×</sup> 1014 <sup>×</sup> 2128 = 1056 <sup>×</sup> 2128. This indicates that the designed method has good key space.

#### *4.7. Key Sensibility Analysis*

A safe encryption system must be sensitive to the key; for example, the little change of encryption keys can lead to very different cipher image, and a small change of the decryption keys cannot decrypt the image. Several key sensitivity tests are performed. Figure 7 shows the encrypted images of the baby (plain image b). Figure 3a shows the encrypted image using user keys with a 1-bit difference. The plain encrypted image is indicated in Figure 3b. When the keys of the initial state *x*0, *y*0, *z*0, *h*0, and *SHA*256 are changed by one bit (i.e., 10−<sup>14</sup> for *x*0, *y*0, *z*0, and *h*<sup>0</sup> and 2−<sup>128</sup> for SHA256), the five new encrypted images are obtained and shown in Figure 7a–e. We compare them with the image in Figure 7e, and the five differential images are shown in Figure 7f–j. This shows that there are very big differences between the images in Figure 7e,f–j.

In addition, to experience the capability of the designed method to resist the cipher text attack, the keys *x*0, *y*0, *z*0, and *h*<sup>0</sup> will be modified by 10 <sup>−</sup><sup>14</sup> and SHA256 will be changed by 2−<sup>128</sup> to decrypt the plain encrypted image. The decrypted images are indicated in Figure 7, which are wholly different from the plain image. Therefore, it can be seen that the cipher text cannot be suitably decrypted without the correct keys, which shows that the proposed method can effectively hamper the cipher text merely attack.

**Figure 7.** Cipher-images within authentic primary keys and the differences between them and the plain encrypted images: (**a**–**e**) Five new encrypted images with the keys *x*<sup>0</sup> + 10<sup>−</sup>14, *y*<sup>0</sup> + 10<sup>−</sup>14, *z*<sup>0</sup> + 10<sup>−</sup>14, *h*<sup>0</sup> + 10<sup>−</sup>14, and SHA256+2<sup>−</sup>128, respectively; and (**f**–**j**) differences between the unauthentic encrypted images and the plain image.

#### *4.8. Known-Plain Image and Chosen-Plain Image Analysis*

Clearly, some specific images are selected to test the selected plain-text attack, like a full-white image in Figure 8a and a full-black image in Figure 8d. The results are shown in Figure 8, which indicate that the cryptology is appropriate for these specific images and can resist the chosen-plain-text attack. In Table 6, we can see the entropy values for all-white and all-black images. It can be seen that all the values that are obtained are close to 8, indicating the suitability of the proposed algorithm.

**Figure 8.** *Cont.*

**Figure 8.** Selected plain-image test for white and black images, display (**a**) the full-white image, (**b**) the cipher image of panel (**a**), (**c**) the histogram of channel R (**b**), (**d**) the full-black image, (**e**) the cipher image of panel (**d**), and (**f**) the histogram of channel R. **Table 6.** Information entropy of the full-black image and full-white image.

(f)


#### *4.9. Noise Attack and Occlusion Attack*

In the digital world, the images will unexpectedly experience noise and occlude attacks in the transition process, and an effective cryptology must be strong against them. The baby image is used as the test image. Figure 9 shows the noisy cipher images that are contaminated by Gaussian noise (GN), salt and pepper noise (SPN), and speckle noise (SN) with different noise compression and their decrypted images. As seen from Figure 10, the most information of the plain image can be intuitively identified from the decrypted image's presentation of the cipher images with different occlusion effects and their corresponding retrieved images. Specifically, the decrypted images still include most date of the baby image. The PSNR (peak signal-to-noise-ratio) is employed to compute the condition of the decrypted image after a possible attack. For a gray image, the PSNR and MSE can be computed as follows:

$$PSNR = 10 \times \log\_{10} \left( \frac{255 \times 255}{MSE} \right) (db) \tag{22}$$

$$MSE = \frac{1}{mn} \sum\_{i=1}^{m} \sum\_{j=1}^{n} \left\| I\_1(i,j) - I\_2(i,j) \right\|^2\\MSE = \frac{1}{mn} \sum\_{i=1}^{m} \sum\_{j=1}^{n} \left\| I\_1(i,j) - I\_2(i,j) \right\|^2 \tag{23}$$

where MSE shows the mean square error between the cipher image *I*1(*i*, *j*) and the plain image *I*2(*i*, *j*), and *m* and *n* are the width and height, respectively [25]. The results are explained in Tables 7 and 8.

**Figure 9.** Noise attack test results. (**a**,**b**) Gaussian noise (GN); (**c**,**d**) salt and pepper noise (SPN); (**e**,**f**) speckle noise (SN).


**Table 7.** Noise attack test results.

**Figure 10.** *Cont.*

**Figure 10.** Occlude attack test results.

**Table 8.** Occlude attack test results.


#### **5. Comparison**

In this section, we will compare the results that were obtained from the proposed algorithm with previous algorithms. The results that were obtained from the designed method are measured with the methods in References [10,24] with respect to their correlation, entropy, NPCR, and UACI, and the key space was compared with references [9,12,24]. The results of the comparison are shown in Tables 9–14.

**Table 9.** Correlation coefficients results in the original image and the encrypted image for the proposed method and the two methods that were presented in existing methods.



**Table 9.** *Cont.*

**Table 10.** Information entropies of the cipher images and plain images, part 1.



**Table 11.** Information entropies of the cipher images and plain images, part 2.

**Table 12.** NPCRs and UACIs at different positions (%), Part 1.




**Table 14.** Comparison of the proposed algorithm's key space with other algorithms.


#### **6. Conclusions**

In this paper, we present a new algorithm based on chaotic systems to protect these images against attacks. The proposed algorithm has two main parts: A high-speed permutation process and adaptive diffusion, which lead to a very efficient and reliable approach in this regard. By examining the results that were obtained from the implementation of the proposed algorithm in the MATLAB software environment and comparing these results with existing methods, it is observed that the designed method is better than those algorithms with respect to the important factors that are mentioned. Such that, to quantitatively evaluate the uniformity of the histogram, the chi-square test is done and the obtained results are desirable. Also, key sensitivity analysis shows that the image is not decrypted with a small change in the key, which indicates that the algorithm is suitable. Clearly, particular images are selected to experiment the selected plain-text, such as a full-white image and a full-black image. Entropy results obtained from the implementation of the algorithm on this type of images show that the proposed method is suitable for this particular type of images. In the real world, the images will inevitably experience noise and occlude attacks while shifting, and an effective cryptosystem must be powerful versus them. The obtained results from noise and occlusion attacks analyses show that the proposed algorithm can withstand against these types of attacks. It is also observed that the values that are obtained with respect to the entropy, NPCR, and UACI are better than those from the methods in existing papers. As we have already mentioned, the key space should be large enough (at least 2ˆ100). Compared to the old methods, we observe that the key space of our method is very large and more resistant than other methods in dealing with attacks.

**Author Contributions:** For research articles with several authors, a short paragraph specifying their individual contributions must be provided. The following statements should be used "conceptualization, S.S.M., Y.C. and C.T; methodology, S.S.M., Y.C. and C.T.; software, S.S.M., Y.C. and C.T; validation, S.S.M., Y.C. and C.T.; formal analysis, S.S.M., Y.C. and C.T.; investigation, S.S.M., Y.C. and C.T.; resources, S.S.M., Y.C. and C.T.; data curation, S.S.M., Y.C. and C.T.; writing—original draft preparation, S.S.M.; writing—review and editing, S.S.M. and C.T.; visualization, S.S.M., Y.C. and C.T.; supervision, C.T.; project administration, C.T.; funding acquisition, C.T.

**Funding:** This research was funded by the Foundation of National Natural Science of China (No. 61772147), Guangdong Province Natural Science Foundation of major basic research and Cultivation project (No. 2015A030308016), Project of Ordinary University Innovation Team Construction of Guangdong Province (No. 2015KCXTD014), Collaborative Innovation Major Projects of Bureau of Education of Guangzhou City (No. 1201610005) and National Cryptography Development Fund (No. MMJJ20170117).

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **References**


© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
