4.3.3. Correlation

Strong correlation among neighboring pixels is a key attribute of plain images. A practical image encryption scheme should reduce such correlation significantly. The lower the correlation in cipher images, the better an encryption scheme. Given two sequences *s*1 and *s*2, the correlation (*γ*) between them can be computed by:

$$\gamma = \frac{\rho(s\_1, s\_2)}{\sqrt{D(s\_1)D(s\_2)}},\tag{12}$$

where *ρ* denotes the covariance of two sequences, and *D* is the standard deviation of a sequence. According to this equation, the highest value of correlation will be 1 if *s*1 and *s*2 are identical, while it will be 0 if they are independent.

Given an image, there are many ways to construct *s*1 and *s*2. Typically, when a pixel is put into *s*1, its horizontal, vertical, or diagonal adjacent pixel can be placed in *s*2. In this way, we can use Equation (12) to calculate the correlations at the horizontal (*γh*), vertical

(*γv*), and diagonal (*γd*) directions. We use all the pixels in an image to construct *s*1, and then construct corresponding *s*2 to compute *γh*, *γ<sup>v</sup>*, and *γd*. The correlations of plain images and cipher images are shown in Table 5, where the best results are in bold.


**Table 5.** The correlation coefficients *γ* of the testing images.

From this table, we can observe that all the plain images have high correlations. In particular, the *γh* of plain Bw512 is equal to the highest value, i.e., 1. However, these high correlations are reduced to a very low level by the encryption schemes. More specifically, the correlations by the encryption schemes are very close to or even equal to 0, showing that all the schemes can break the high correlations in plain images. As far as the four schemes, MBPD achieves the lowest correlations in 15 out of 48 times, followed by CDCP's 13 times, DFDLC's 12 times, and HCDNA's 11 times, indicating that MBPD performs better than the compared encryption schemes.

To further analyze the correlations, we randomly pick up 4000 pairs of horizontally adjacent pixels from plain images and cipher images by the proposed MBPD and then plot their gray levels as *x*-values and *y*-values in a 2D plane, as shown in Figure 7. We can observe that the plots of all the plain images except for Bw512 appear near the main diagonals, showing that there exist strong correlations in the cipher images. Since Bw512 has only two gray levels: 0 and 255, most points are piled up at (0, 0) and (255, <sup>255</sup>), which are also on the main diagonal. In contrast, the plots of all the cipher images fill with the whole planes, suggesting low correlations in cipher images.

**Figure 7.** Horizontal correlations of plain images and their corresponding cipher images.

#### *4.4. Differential Attack Analysis*

Differential attacks compare the variations in a plain image with variations in the cipher image to find the plain image and/or desired security key. To resist differential attacks, a well-designed image encryption scheme must produce a completely different cipher image even for a tiny change in the corresponding plain image.

There are two popular indicators in the community of image security to measure image encryption schemes' capability of resisting differential attacks. One is the number of pixels change rate (NPCR), which can be defined as Equation (13). And the other is the unified average changing intensity (UACI) defined by Equation (14).

$$NPCR = \frac{\sum\_{l=1}^{H} \sum\_{w=1}^{W} d(h\_{\prime}w)}{H \cdot W} \times 100\% \tag{13}$$

$$LICI = \frac{\sum\_{h=1}^{H} \sum\_{w=1}^{W} |\mathbb{C}\_1(h, w) - \mathbb{C}\_2(h, w)|}{255 \cdot H \cdot W} \times 100\% \tag{14}$$

where *H* and *W* denote the height and the width of the cipher images *C*1 and *C*2, and *d*(*h*, *w*) is used to judge whether the gray levels of *C*1 and *C*2 at the position (*h*, *w*) are different, as formulated by Equation (15).

$$d(w,h) = \begin{cases} 0, & \mathbb{C}\_1(h,w) = \mathbb{C}\_2(h,w) \\ 1, & \mathbb{C}\_1(h,w) \neq \mathbb{C}\_2(h,w) \end{cases} \tag{15}$$

Given two 8-bit gray images, if they are identical, their both NPCR and UACI obtain the minimal value, 0. If one is all-white and the other is all-black, their NPCR and UACI values will be the maximal value, 1. Since the cipher images are all random-like, the NPCR and UACI values of a pair of cipher images usually fall into a certain range. The study by Wu et al. reveals that, given a significance level *α* = 0.05 and a 256 × 256 8-bit gray levels image, if the NPCR is greater than N 10.05 = 99.5693% and the UACI falls into the range of U<sup>11</sup> 0.05, <sup>U</sup>1*<sup>u</sup>*0.05 = (33.2824%, 33.6447%), the encryption scheme is said to pass NPCR test and UACI test separately at *α* = 0.05 [54]. Similarly, for a 512 × 512 image, the corresponding NPCR threshold and UACI range are N 20.05 = 99.5893% and U<sup>21</sup> 0.05, <sup>U</sup>2*<sup>u</sup>*0.05 = (33.3703%, 33.5541%), respectively.

We compute NPCR and UACI values from the cipher image by the exact plain image and a cipher image by a slightly changed plain image generated by adding one to the least significant bit of a random pixel. The computation procedure is repeated 20 times, and the average NPCR and UACI are reported in Tables 6 and 7, respectively, where the values that pass the tests are shown in bold. Moreover, the times of passing the test, the standard deviation, and the average value of the 16 test images by each scheme are shown in the last three lines of the tables.

From Table 6, we can find that the MBPD passes the NPCR test on all images, following by DFDLC and CDCP's in 15 out of 16 cases. The HCDNA fails to the test because it has no operations to expand a tiny change in the plain images to the whole cipher images. Although CDCP achieves the highest average NPCR value (99.6773%) for the 16 test images, but its standard deviation (0.0723%) is not as low as that of MBPD (0.0037%), indicating that the MBPD achieves the stablest NPCR values. Regarding UACI, again, MBPD passes the test on all test images and achieved the lowest standard deviation, and CDCP and DFDLC fails one image, i.e., Bw512 and Pirate512, respectively. HCDNA performs the worst and fails all the test images. To summarize, the proposed MBPD outperforms the other compared schemes in terms of NPCR and UACI and can effectively resist differential attacks.


**Table 6.** The average NPCR (%) of running the schemes 20 times.


**Table 7.** The average UACI (%) of running the schemes 20 times.

## *4.5. Robustness*

From the above analysis, we know that a tiny change in a plain image will result in a completely different cipher image for a well-designed image encryption scheme. However, contamination in cipher images is unavoidable during transmission and storage. Therefore, a good encryption scheme should recover a contaminated cipher image to some extent. Noise and cropping are two typical types of contamination.

To validate the robustness to noise and cropping, we first add 0.5%, 1%, 2%, 4%, and 10% salt-and-pepper noise to the cipher images, and decrypt them with the proposed MBPD. The results are shown in Figure 8, where we can find that when the noise level is less than 4%, the MBPD can recover the cipher images very well and even for 10% noise level, the profile of Lena can be clearly recognized. Then, we crop the images with 1%, 2.78%, 6.75%, 11.11%, and 25% data loss, the cropped cipher images and the corresponding decrypted images are shown in Figure 9. We can see that Lena can be easily recognized when the data loss levels are less than 11.11%. When the level equals to 25%, it is hard to recognize the profile of Lena. Another finding is that, even if the data loss is concentrated in the center of an encrypted image, the contaminated locations in the decrypted image are evenly distributed throughout the image.

To summarize, the MBPD can effectively resist noise and cropping attacks to some extent.

**Figure 8.** Noise test. The first row, from left to right: cipher images with 0.5%, 1%, 2%, 4%, and 10% salt-and-pepper noise added. The second row: the decrypted images from the corresponding cipher images in the first row.

**Figure 9.** Cropping test. The first row, from left to right: cipher images with 1%, 2.78%, 6.75%, 11.11%, and 25% data loss. The second row: the decrypted images from the corresponding cipher images in the first row.

#### *4.6. Running Time*

Running time is used to measure the efficiency of the encrypted algorithms. Table 8 lists the running time of encryption and decryption operations on images with sizes 256 × 256 and 512 × 512. We can find that CDCP takes the least time among the four schemes, while the HCDNA takes the most time. The running time of HCDNA is about 30 times that of CDCP. The results of MBPD and DFDLC are somewhere in between and are very close but the former is slightly less than the latter. The major reasons why MBPD is somewhat time-consuming are that it conducts encryption at multiple bit levels and the operations with most multi-bit levels involve string operations. Two possible directions for decreasing running time are: using parallel computing and reducing the number of bit levels for multi-bit operations, e.g., encrypting images only with 1-bit permutation and 4-bit diffusion.


**Table 8.** Running time of encryption and decryption (in seconds).

## *4.7. Discussion*

From the above experimental results and the corresponding analysis, we can see that the proposed MBPD is a promising scheme for image encryption.

In addition to the proposed 4D hyperchaotic system and the extensive experiments, the major contribution of the paper lies in proposing a novel multiple bit permutation and diffusion scheme for image encryption. The MBPD can encryp<sup>t</sup> images not only with 1-bit, 2-bit, and 8-bit (one pixel) data that are widely processed by existing image encryption schemes but also with 3–7 bit data that few studies have focused on.

The proposed MBPD's main advantage over the existing image encryption schemes is that it can perform permutation and diffusion with multiple different bits. The diversity of each encrypted unit's length is enhanced, and the proposed MBPD finally achieves promising results in terms of the evaluation metrics when compared with four state-of-theart image encryption schemes, as demonstrated by the experiments.

Sixteen publicly accessible 256-level gray images of two sizes are used to evaluate the proposed MBPD. They include 14 natural images in different scenes, as well as two handcrafted images, which are very popular in the evaluation of image encryption schemes. The MBPD performs quite well with all the test images. Although the MBPD is proposed to encryp<sup>t</sup> gray images only in this paper, it can be easily extended for color image encryption. The simplest way is to treat each channel of a color image as a gray image, and each channel

can be separately encrypted by the MBPD. Here, we use miscellaneous images of different sizes, different scenes and different channels (a 3-channel image means a color image) from the SIPI image database (http://sipi.usc.edu/database/database.php?volume=misc, accessed on 19 April 2021) to verify the generality of the proposed MBPD. Note that the data set has 39 images in total, consisting of 24 gray images and 15 color ones. Six of them have been tested in the above experiments; hence, they are excluded in this experiment. The results of entropy, *γh*, *γ<sup>v</sup>*, *γd*, NPCR, and UACI of the rest 33 images obtained by the proposed MBPD are reported in Table 9, where the test images are sorted by size and image name. Note that the table reports the average of the three channels for color images.


**Table 9.** Results obtained by the proposed MBPD on miscellaneous images from the SIPI image database.

From this table, we can find that the experimental results are very ideal in terms of all the evaluation indicators, regardless of the image content, size, and the number of channels. Specifically, the entropies are very close to the theoretical best value, 8, and all the correlations in all directions are close to 0. All the images pass the NPCR and UACI tests. Therefore, the extensive test images demonstrate that the proposed MBPD has good generality.

## **5. Conclusions**

Most existing image encryption schemes involve 1-bit level, 2-bit level (DNA computing), and/or 8-bit level (pixel) data. Few studies focus on other bit-level data, which limits the diversity of encrypted data units and ultimately negatively affects the encryption effect. To this end, this paper proposes a novel multi-bit permutation and diffusion scheme

(MBPD) for image encryption. The key characteristic of MBPD is that it can perform permutation and diffusion at different bit-level data, such as 1-bit permutation, 3-bit diffusion, and 6-bit permutation, to encryp<sup>t</sup> images. The results of extensive experiments demonstrate that the proposed MBPD can resist different types of attacks and has high security. One limitation of the MBPD is that it is somewhat time-consuming. In the future, we will study how to speed it up and apply it to color image encryption.

**Author Contributions:** Conceptualization, T.L.; Formal analysis, T.L.; Funding acquisition, T.L.; Investigation, T.L.; Methodology, T.L.; Software, T.L.; Supervision, T.L.; Validation, T.L.; Visualization, D.Z.; Writing—original draft, T.L.; Writing—review & editing, T.L. and D.Z. Both authors have read and agreed to the published version of the manuscript.

**Funding:** This work was supported by the Ministry of Education of Humanities and Social Science Project (Grant No. 19YJAZH047) and the Scientific Research Fund of Sichuan Provincial Education Department (Grant No. 17ZB0433).

**Institutional Review Board Statement:** Not applicable.

**Informed Consent Statement:** Not applicable.

**Data Availability Statement:** The used test images are all included in the paper.

**Conflicts of Interest:** The authors declare no conflict of interest.
