**1. Introduction**

In the current era of Internet and big data, billions of images are produced, stored and transmitted every day. How to protect image content from illegal acquisition, especially for military, medical, and privacy purposes, has become a hot topic in recent years. Because of some attributes of images, such as high redundancy, strong correlation, and bulky data, traditional encryption methods for common text and data are usually not the best choice for image encryption. In recent years, various chaos-based image encryption approaches have emerged and they have been demonstrated very effective in improving image security. The reason why chaotic image encryption has become so popular is that chaotic systems have some characteristics that are very suitable for image encryption, such as extreme sensitivity to initial values, unpredictability, pseudorandomness, and ergodicity [1–3].

In chaotic image encryption, chaotic sequences are generated from the chaotic systems and they usually are applied to change the positions and/or values of image data. Early schemes usually used single low-dimensional chaotic systems, such as Logistic map, Tent map, Baker map, Cat map, etc., to encryp<sup>t</sup> images [4–8]. For example, Chen et al. extended 2D Cat map to a 3D one and designed a fast symmetric encryption approach, and the experiments demonstrated the approach was superior to the compared methods in terms of security and speed [4]. Pisarchik et al. proposed a pixel-by-pixel image encryption with Logistic maps [7]. Although these schemes achieved satisfactory encryption results at that time, the relatively simple structure of low-dimensional chaotic systems made them have a certain risk of being cracked. To solve this issue, possible directions are to use a more complex chaotic system or to combine two or more simple chaotic systems. In recent years, a variety of researchers have attempted to improve the performance of image encryption in

these two directions. According to the theory of chaos, Lyapunov exponent (LE) can be used to characterize the variable of a chaotic/hyperchaotic system. A dynamic system is chaotic if it has one positive LE, while it is hyperchaotic if it has two or more positive LEs. In general, image encryption schemes based on hyperchaotic systems are more secure than those with chaotic systems. In real-world encryption, Lorenz system and its extensions are among the most popular chaotic/hyperchaotic systems [9–12]. Wang and Zhang applied a 4D Lorenz-like hyperchaotic system with two positive LEs and genetic recombination to image encryption [10]. Li et al. used 5D and 7D hyperchaotic systems, dynamic filtering, DNA permutation and bit cuboid operations for image encryption, and the experimental results prove the effectiveness [13,14]. Unlike most schemes that carry out encryption in spatial domain, Wu et al. used 2D discrete wavelet transform (2D DWT) and a 6D hyperchaotic system to encryp<sup>t</sup> images in both spatial domain and frequency domain [15]. In addition to integer-order hyperchaotic systems, fractional-order hyperchaotic systems are becoming more and more popular with image encryption [16–19]. Zhu and Sun proposed a Logistic-Tent map for image encryption [20]. Luo et al. cooperated a piecewise linear chaotic map and a 4D hyperchaotic map for parallel image encryption [21]. Other combinations include Henon-Sine map [22], Logistic map and Lu system [23], Logistic-Sine map [24–29], Logistic-Tent-Sine map [30,31], Rossler-Sine map [32], etc. These combinations have been proven effective in improving the security of encryption.

The aim of image encryption is to prevent unauthorized users from discovering any meaningful content in the image. In other words, encrypted images are entirely randomlike for them. There are many operations to convert informative images (plain images) to random-like ones (cipher images), among which permutation and diffusion are two major ones. Permutation changes the positions of image content, while diffusion changes the values of images. Most existing image encryption schemes adopted both the operations, separately or jointly, to achieve good security [33–37]. Among them, pixel-level (8 bits) data or bit-level (1 bit) data are the most widely used encryption units. In recent years, DNA computing has been introduced into image encryption; hence, DNA-level (2 bits) data has also be used to encryp<sup>t</sup> images [38–42]. Most studies focus on one or two bit levels in image encryption and the bit levels of encrypted data need to be enhanced to improve the effectiveness of image encryption. In fact, besides the mentioned 1 bit, 2 bit and/or 8 bit encryption operations, other multiple bit data, such as 3–7 bit data, can also be used to permutate and/or diffuse images. More bit-level data enhances the diversity of encrypted units and may have the potential to improve encryption performance. However, few existing studies have paid attention to this point.

Motivated by the above analysis, this paper proposes multiple bit permutation and diffusion, namely MBPD, for hyperchaotic image encryption. We first extend a modified 3D Lorenz chaotic system to a 4D hyperchaotic system with 3 positive LEs, and its characteristics are analyzed. Second, the hyperchaotic system is used to generate a hyperchaotic sequence for the consequent encryption operations. The initial values of the hyperchaotic system are considered as keys for the purpose of encryption. Then, the operations of multiple bit permutation and multiple bit diffusion are presented to encryp<sup>t</sup> images. The MBPD treats several bits (e.g., 3 bits) as a processing unit for permutation and diffusion, and different lengths of bits can be chosen for encryption. For the permutation, the order of the hyperchaotic sequence is used to scramble the multiple bit data, while the sequence will be converted into an integer mask for the diffusion. Finally, the proposed MBPD with different lengths of bits is applied to image encryption to improve security.

The contributions of this paper are the following:


(3) Extensive experiments demonstrate that the proposed MBPD significantly outperforms the state-of-the-art compared image encryption schemes in terms of the evaluation indicators.

The rest of this paper is organized as follows: Section 2 presents a new 4D hyperchaotic system with 3 positive LEs. Section 3 proposes MBPD and details the encryption steps. In Section 4, experimental results are reported and analyzed. Finally, we conclude the paper in Section 5.

#### **2. Presented 4D Hyperchaotic System**

#### *2.1. Lorenz System*

Since the chaotic attractor was first found by Lorenz in 1963, chaos theory has attracted researchers from many fields, such as economics, mathematics, physics, and communications [9]. The initial Lorenz system has been extended to many versions. One modified generalized Lorenz system is formulated as Equation (1) [43].

$$\begin{cases} \dot{x} = -ax + by\\ \dot{y} = cx + dy - xz\\ \dot{z} = -cz + x^2 \end{cases} \tag{1}$$

where *a*, *b*, and *e* are positive real constants, and *c* and *d* are real parameters meeting *d* > −*bca* [44]. By introducing a 1D linear system to Equation (1), a new 4D system can be obtained, as Equation (2).

$$\begin{cases} \dot{x} = -a\mathbf{x} + ay \\ \dot{y} = b\mathbf{x} + cy - x\mathbf{z} \\ \dot{z} = -d\mathbf{z} + \mathbf{x}^2 \\ \dot{w} = cy + fw \end{cases} \tag{2}$$

In this system, *a*, *b*, *c*, *d*, and *f* are real constant parameters, while *f* is a coupling parameter. When the parameters (*a*, *b*, *c*, *d*,*e*, *f*)=(35, 7, 35, 5, 1.5, <sup>1</sup>), the system has the following LEs: *LE*1 = 1.284559, *LE*2 = 0.937533, *LE*3 = 0.007986, and *LE*4 = −38.230078. Since three LEs are positive, the system is hyperchaotic [44].

#### *2.2. 4D Hyperchaotic System*

Although Equation (2) is hyperchaotic, the introduced component *w* will increase exponentially after a certain number of iterations, and then its value will become positive infinity and its applications will be limited. To cope with this issue, we modify the fourth item of Equation (2) and add the component *w* to the first equation. A new 4D system can be obtained, as shown in Equation (3).

$$\begin{cases} \dot{\mathbf{x}} = -a\mathbf{x} + a\mathbf{y} + w \\ \dot{\mathbf{y}} = b\mathbf{x} + c\mathbf{y} - \mathbf{x}z \\ \dot{z} = -dz + \mathbf{x}^2 \\ \dot{w} = cy + fw\sin(w) \end{cases} \tag{3}$$

where parameters *a* − *f* are the same as Equation (2).

We use the 4th-order Runge-Kutta method to plot the attractors of the presented 4D hyperchaotic system with parameters (*a*, *b*, *c*, *d*,*e*, *f*)=(35, 7, 35, 5, 1.5, 1) and initial values (*<sup>x</sup>*0, *y*0, *z*0, *<sup>w</sup>*0)=(0.12, 0.23, 0.34, 0.45) in 2D space and 3D space, as shown in Figure 1. From this figure, we can see that the component *w* falls within an appropriate range.

**Figure 1.** Attractors of the presented 4D hyperchaotic system with the parameters (*a*, *b*, *c*, *d*,*e*, *f*) = (35, 7, 35, 5, 1.5, 1) and initial values (*<sup>x</sup>*0, *y*0, *z*0, *<sup>w</sup>*0)=(0.12, 0.23, 0.34, 0.45).

By using Wolf's method [45], we fix (*a*, *b*, *c*, *d*,*<sup>e</sup>*)=(35, 7, 35, 5, 1.5) and let *f* vary from 0 to 2 to plot the dynamics of LEs, as shown in Figure 2. We can see that the new system has three positive LEs in many ranges. For example, when *f* = 1, the LEs of the system are *LE*1 = 2.253019, *LE*2 = 1.406374, *LE*3 = 0.054342, and *LE*4 = −38.339706 and the three positive LEs (*LE*1, *LE*2, and *LE*3) are much larger than the corresponding positive LEs of Reference [43]. Therefore, the new system is also hyperchaotic, and it is better than Equation (2).

**Figure 2.** Dynamics of Lyapunov exponents of the proposed 4D hyperchaotic system with the parameters (*a*, *b*, *c*, *d*,*<sup>e</sup>*)=(35, 7, 35, 5, 1.5), variable *f* from 0 to 2, and initial values (*<sup>x</sup>*0, *y*0, *z*0, *<sup>w</sup>*0) = (0.12, 0.23, 0.34, 0.45).

In this paper, we will use the new 4D hyperchaotic system for image encryption. The reasons lie in: (1) Although it has only 4 dimensions in total, it has 3 positive LEs. The hyperchaotic characteristics make it very suitable for image encryption. (2) It has a simpler mathematical form when compared with some hyperchaotic systems of higher dimensions. (3) All the components fall within appropriate ranges, making it easy to sort for permutation and convert hyperchaotic sequences into integers for diffusion.

#### **3. MBPD: Multiple Bit Permutation and Diffusion**

This section will detail the steps of multiple bit permutation and diffusion for image encryption, including how to generate the hyperchaotic sequence, operations of multiple bit permutation and multiple bit diffusion, and the encryption algorithm.

#### *3.1. Hyperchaotic Sequence Generation*

In chaotic image encryption, a chaotic sequence is required to generate index for permutation and a mask for diffusion. Given the parameters and the initial values, we use the Fourth-order Runge-Kutta method and an interval of 0.001 to solve the presented 4D hyperchaotic system in Section 2.2 and then construct the hyperchaotic sequence for encryption. The detailed steps are as follows:


$$\begin{split} H = \{ \mathbf{s}\_1, \mathbf{s}\_2, \dots, \mathbf{s}\_N \} &= \{ \mathbf{x}\_1, \mathbf{y}\_1, \mathbf{z}\_1, \mathbf{w}\_1, \dots, \mathbf{x}\_N, \mathbf{y}\_N, \mathbf{z}\_N, \mathbf{w}\_N \} \\ &= \{ h\_1, h\_2, h\_3, h\_4, \dots, h\_{4N-3}, h\_{4N-2}, h\_{4N-1}, h\_{4N} \}, \end{split} \tag{4}$$

where *N* is the iteration times excluding *it*0.

Step 4: Since the elements in *H* come from different equations in Equation (3) and, hence, have different ranges, we use the following formulation to further map each element in *H* to a uniform interval [0, <sup>1</sup>).

$$h\_i = \left| h\_i \times 10^8 \right| - \left\lfloor \left| h\_i \times 10^8 \right| \right\rfloor. \tag{5}$$

where |·| and · are the mathematical computation of absolute value and flooring, respectively.

It can be seen that each element in *H* is a real value in [0, <sup>1</sup>). With an element *hi* , we can use the following formula to map it to an integer *I* in the range of [0, *<sup>N</sup>*]:

$$I = \lfloor ((|h\_i| - \lfloor |h\_i| \rfloor) \times 10^{14}) \rfloor \% \text{N} \tag{6}$$

where % is the modulo operation.

#### *3.2. Multiple Bit Permutation*

Permutation is to rearrange the image content on a certain basis. For the permutation in chaotic image encryption, the positions of the image data to be permuted are usually determined by an index vector that can be obtained by sorting a hyperchaotic sequence. Typical permutation is conducted on pixel-level, DNA-level, and/or bit-level data [46]. The pixel-level data and DNA-level data in the current encryption technique actually refer to 8-bit data and 2-bit data, respectively. Few studies have focused on other numbers of bit data for encryption, such as 3–7 bits. In this paper, multiple bit permutation means

conducting permutation on different numbers of bit data. *n*-bit permutation refers to using *n* bits as a minimum permutation unit.

All multiple bit operations require a bit stream of an image. Without loss of generality, given a bit stream *B* of length *L*, a hyperchaotic sequence *H*, and the number of bits to be permutated *n*, the first step is to calculate the number of permutation units *PU* and the remaining bits *RB* by *PU* = *L*/*n* and *RB* = *L*%*<sup>n</sup>*, respectively. It is clear that *RB* < *n*. Then, the *PU* units need to rearrange according to the index of sorting *PU* values in *H* and the *RB* bits can be embedding into the rearranged bit stream at a position decided by a value in *H*.

The *n*-bit permutation can be described as Algorithm 1:

#### **Algorithm 1** *n*-bit permutation.

**Input:** a bit stream *B*, a hyperchaotic sequence *H*, and the number of bits to be permuted in a unit *n*

**Output:** a permutated bit stream *PB*, the number of used elements *PU* in *H* 1:**function** BITPERMUTE(*B*,*H*,*n*)

2:*L*← length(*B*);//lengthof*B*

3:*PU* ←*L*/*n*;

 4:*RB* ← *L*%*n*;



When *n* equals 1 or 8, Algorithm 1 degenerates to bit-level permutation or pixel-level permutation. Hence, the common bit-level permutation and pixel-level permutation are the special cases of Algorithm 1.

Here, we take 2-bit permutation and 3-bit permutation as an example to illustrate the detailed permutation procedure, as shown in Figure 3.

**Figure 3.** Illustration of 2-bit and 3-bit permutation.

A 2 × 2 plain image *P* is firstly converted into a bit stream *B*1 and the bits are grouped into 16 2-bit units. We ge<sup>t</sup> an index vector *idx* from the first 16 elements of the given hyperchaotic sequence *H*. It can be further grouped into two small vectors: *I*1 and *I*2. Then, we use *I*1 to rearrange the 16 units to ge<sup>t</sup> the permutated *PB*1. Since the *RB* is equal to 0 for this 2-bit permutation, there are no remaining bits needed to be embedded. Up to now, the 2-bit permutation completes. The obtained *PB*1 by the 2-bit permutation is actually the cipher image *C*1, which is clearly different from *P*. Then, it starts to conduct 3-bit permutation on the *PB*1. The 32 bits can be grouped into 10 complete 3-bit units and 2 remaining bits, as shown by *B*2. For the 10 3-bit units, we can rearrange them by *I*2, and then obtain the *PB*2 before embedding. *H*27 can be mapped to an integer 5 using Equation (6), and the remaining 2 bits can be inserted after the 5-th 3-bit unit in *PB*2, shown as *PB*3 after embedding in the figure. The final *PB*3 is actually the cipher image *C*2, a totally different image from *P*. From this illustration, we can see that the proposed *n*-bit permutation can also cause the change of the pixel values in plain images.

#### *3.3. Multiple Bit Diffusion*

The purpose of diffusion is to change the values of image data. The existing image encryption schemes mainly conduct diffusion on pixel-level data and/or DNA-level data (two bits). Similar to *n*-bit permutation, we propose *n*-bit diffusion that can be conducted on *n*-bit data per unit.

With the *B*, *L*, *H*, and *n* given for *n*-bit permutation, the number of *n*-bit units to be diffused *DU* is equal to *L*/*n* and the length of the last unit *LL* is *L*%*<sup>n</sup>*. If *LL* equals 0, the last unit is null; otherwise, its length is less than *n* (we call it non-*n*-bit unit) and it needs special handling. In this paper, we use a ciphertext diffusion in crisscross pattern (CDCP)-like idea to conduct *n*-bit diffusion [47]. Specifically, the bit stream *B* is transformed into a vector *P* of *n*-bit unit and then divided into two parts, and the two parts are diffused in crisscross pattern with two rounds. A mask vector *M* and an initial *n*-bit integer *V* can be mapped from *H*. When *DU* is an even, the first *n*-bit unit of each part can be initialized by Equation (7).

$$\begin{cases} \mathbb{C}\_{1} = P\_{1} \otimes \left( (V - M\_{1}) \% 2^{n} \right) \\ \mathbb{C}\_{D1l/2 + 1} = P\_{Dl1/2 + 1} \otimes \left( (\mathbb{C}\_{1} - M\_{Dl1/2 + 1}) \% 2^{n} \right) \end{cases} \tag{7}$$

where ⊗ is the bitwise XOR (exclusive or) operation, and *C* is the vector of an cipher image. After that, the other *n*-bit units of each part can be updated as Equation (8):

$$\begin{cases} \mathsf{C}\_{i} = P\_{i} \otimes \left( (\mathsf{C}\_{\mathrm{DLI}/2 + i - 1} - M\_{i}) \% 2^{n} \right) \\\ \mathsf{C}\_{\mathrm{DLI}/2 + i} = P\_{\mathrm{DLI}/2 + i} \otimes \left( (\mathsf{C}\_{i} - M\_{\mathrm{DLI}/2 + i}) \% 2^{n} \right) \end{cases}, i = 2, 3, \cdots, \mathrm{DLI}/2. \tag{8}$$

There are two cases that need to be handled specially. When *DU* is an odd, we use the following formulation to encryp<sup>t</sup> the (*DU* + 1)/2-th unit.

$$C\_{(DII+1)/2} = P\_{(DII+1)/2} \otimes ((C\_{DII} - M\_{(DII+1)/2}) \% 2^n). \tag{9}$$

Another case is about the non-*n*-bit unit. When it exists, we use the following formulation which is similar to Equation (9) to handle it.

$$\mathbb{C}\_{DII+1} = P\_{DII+1} \otimes \left( (\mathbb{C}\_{DII} - M\_{DII+1}) \% \mathbb{2}^{LL} \right). \tag{10}$$

The second round diffusion is the same as the first round, except that *CDU* is used as the initial value to replace *V* in Equation (7).

The *n*-bit diffusion can be described as Algorithm 2.

#### **Algorithm 2** *n*-bit diffusion.

**Input:** a bit stream *B*, a hyperchaotic sequence *H*, and the number of bits to be diffused in a unit *n*

**Output:** a diffused bit stream *DB*, the number of used elements *PU* in *H B*


**Figure 4.** Illustration of 2-bit and 3-bit diffusion.

As done in Figure 3, the same plain image *P* is transformed into a binary sequence *B*1. A hyperchaotic sequence *H* having 10 elements are mapped into 8-bit integers and a further binary sequence ("binary" in the figure) by Equation (6). The sequence can also be split into *I*1 and *I*2. Note that some elements in *H* only show their first four digits to save spaces of the figure. The *I*1 can be further shown in a two-bit format as *M*1. The initial values *V*1 is extracted from the last 2 bits from *<sup>I</sup>*<sup>1</sup>(5), as shown in red. When the 2-bit diffusion completes using Equation (7)/Equation (8) for the first/second round, we can obtain *R*1 and *R*2, respectively. *R*2 is actually the cipher image *C*1, which is totally different from the plain image *P*. Similarly, *C*1 can be encrypted by performing 3-bit diffusion. Note that since it has a 2-bit unit, when all the 3-bit units are encrypted, the remaining 2-bit unit needs to be encrypted by Equation (10). After the first and the second round 3-bit diffusion, we can obtain *R*3 and *R*4, respectively. *R*4 represents the final cipher image *C*2, where we can not find any visually information of the plain image *P*.

#### *3.4. MBPD: Multiple Bit Permutation and Diffusion for Image Encryption*

The main characteristic of the proposed MBPD lies in the permutation and diffusion can be conducted on multiple bit level data, which is very different from the common 1-bit, 2-bit (DNA) and/or 8-bit (pixel) permutation and 8-bit diffusion operations in most existing image encryption schemes.

With the aforementioned analysis, the detailed steps of the proposed MBPD are described as Algorithm 3.


**Input:** a plain image *P*, initial values *IV* = (*<sup>x</sup>*0, *y*0, *z*0, *<sup>w</sup>*0) for the hyperchaotic system, and iteration numbers of the discarded sequence *it*0

**Output:** a cipher image *C*

1: **function** MBPD( *P*, *IV*,*it*0)


```
9: B, ul
               ← BITDIFFUSE(B, H(i + 1 : end), n); //n-bit diffusion
```

*ul*;


The key steps of Algorithm 3 consist of a hyperchaotic sequence generation (Line 2), conversion the plain image to a bit stream (Line 3–4), conducting multiple bit permutation and diffusion on the bit stream (Line 6–11), and converting the bit stream back to an image (Line 12). Note that Algorithm 3 is proposed for gray images, but it can be easily extended for color images. The easiest way is to consider an RGB color image as three gray images and encryp<sup>t</sup> each gray image independently. The current proposed algorithm considers 8-bit permutation and diffusion at most, and it might be extended for 9-bit, 10-bit and even more bit permutation and diffusion. In addition, the proposed MBPD can be performed more than one round to enhance the effect of encryption. On the other hand, in real-world applications, it is not necessary to conduct all *n*-bit (*n* = 1, 2, ··· , 8) operations to save time. The proposed MBPD can also be considered as a typical application of the strategy of "divide and conquer" [48,49].

To obtain a decrypted image, it only needs to execute the steps in Algorithm 3 reversely.

#### **4. Experimental Results**

#### *4.1. Experimental Settings*

We select the initial values *IV* = (*<sup>x</sup>*0, *y*0, *z*0, *<sup>w</sup>*0) for the presented 4D hyperchaotic system as the security keys of the MBPD. Instead of conducting all bit levels permutation and diffusion, we only perform 6 types of *n*-bit permutation (*n* = 1, 2, 3, 5, 6, 7) and 2 types of *n*-bit diffusion (*n* = 4, 8). Specifically, we list all the parameters in Table 1. Although we use fixed security keys for all test images, they can also be optimized by evolutionary algorithms for each image [50–52].

**Table 1.** Experiment parameters.


We use 16 publicly accessible 256-level gray images as test images in most experiments. The size of each image is 256 × 256 or 512 × 512. We name each image by the format of "name+width". For example, "Lena512" represents gray Lena image of size 512 × 512. To demonstrate the performance of the proposed MBPD, we compare it with three popular gray image encryption schemes in most experiments: DFDLC [13], HCDNA [38], and CDCP [47].

All the experiments are conducted with MATLAB R2020b on a PC with 64-bit Windows 10 OS, an i5-9500 CPU @3.00 GHz, and 32 GB RAM.

#### *4.2. Security Key Analysis*

The security key is very important in cryptography, regardless of whether the encryption object is text, ordinary data or multimedia information. Key space and key sensitivity are two important indicators for evaluating security keys in image encryption.

#### 4.2.1. Key Space

A good encryption scheme should have an enough large key space. An image encryption scheme with a key space larger than 2<sup>100</sup> is able to resist brute-force attacks from modern computers. As far as the proposed MBPD is concerned, the initial value of the 4D hyperchaotic system can be considered as the security key. According to the IEEE standard, the precision of each element of the initial values is <sup>10</sup>−15; hence, the total key space is (10<sup>15</sup>)<sup>4</sup> ≈ 2199, which is far larger than 2100. In addition, the parameters of the hyperchaotic system, the iteration number to generate discarded sequence, and the combination of permutation and/or diffusion at *n* bits can be thought of as parts of security key to further enlarge the key space. Therefore, the key space of the proposed MBPD is so large that it can resist brute-force attacks.

#### 4.2.2. Key Sensitivity

A hyperchaotic system is extremely sensitive to the key. A tiny change in the key will produce a different hyperchaotic sequence and, hence, result in completely different decrypted images. To demonstrate the sensitivity of the proposed MBPD, we use the corrected security *K*1 = (*<sup>x</sup>*0, *y*0, *z*0, *<sup>w</sup>*0)=(0.12, 0.23, 0.34, 0.45) and a slightly different key *K*2 = (*<sup>x</sup>*0 + <sup>10</sup>−15, *y*0, *z*0, *<sup>w</sup>*0) to decrypt some cipher images. The decrypted images with *K*1 and *K*2 are shown in the first row and the second row of Figure 5, respectively.

**Figure 5.** Results of key sensitivity. The first row and the second row show the decrypted images by *K*1 and *K*2, respectively. From left to right: Clock256, Cameraman256, Finger512, Lena512, Baboon512, Bw512, Couple512, and Peppers512.

From this figure, we can find that the MBPD can decrypt the cipher images correctly with *K*1 and even a tiny change (10−15) that occurs in one element of *K*1 will result in random-like images. It reveals that the MBPD is very sensitive to the security key.

To quantitatively demonstrate the sensitivity, we further use the SSIM to measure the structural similarity between the two decrypted images with *K*1 and *K*2 [53]. The lower the SSIM value, the higher the sensitivity. If the SSIM value is very close to 0, it reveals that the two images are almost completely different. Therefore, if a tiny change in the security key produces an SSIM value close to 0, we can say that the security key is very sensitive, from the review of decrypted images. The SSIM values of the decrypted images in Figure 5 are listed in Table 2. From this table, we can observe that all the SSIM values are very close to 0, showing the sensitivity of security keys.


**Table 2.** The SSIM values of decrypted images with *K*1 and *K*2.

We also use the SSIM to verify the structural similarity between the two cipher images by *K*1 and *K*2. The results are shown in Table 3. Again, we can find that the SSIM values are far below 0.01 and very close to 0, indicating that the security keys are very sensitive to cipher images.



In summary, both the visual decrypted images and the quantitative analysis for decrypted images and cipher images show that the proposed MBPD has sensitive security keys for image encryption.

#### *4.3. Statistical Analysis*

In this subsection, we will analyze the MBPD via information entropies, histograms and correlations, which are all among the typical statistical analysis indicators in the area of image encryption.

#### 4.3.1. Information Entropy

Entropy is an important concept in physics, communication, information theory, and others. It is often used to measure the uncertainty or randomness of a specific complex system. Given an *L*-level gray image *I* and the probability *pi* of each gray level *i* occurs in the image, the information entropy of *I*, denoted by *<sup>E</sup>*(*I*), can be calculated by:

$$E(I) = -\sum\_{i=0}^{L-1} p\_i \log\_2(p\_i). \tag{11}$$

For a 256-level test image in the experiment, if it has only one level, for example, all-white image, its information entropy will equal the minimal value, 0. If each level appears with an identical probability, 1256 , the corresponding information entropy is equal to the maximal value, 8. Therefore, the closer the information entropy to 8, the better the encrypted image. We list the information entropies of all plain images and their corresponding cipher images by the MBPD and the other compared schemes in Table 4, where the highest entropy of each image is shown in bold.

**Table 4.** Information entropies of the testing images.


We can see that all plain images' information entropies are much less than those of their cipher images. Specifically, the entropies of plain images fall in the range of [1.0000, 7.6548], where the lower bound and the upper bound are achieved by Bw512 and House512, respectively. However, those values of cipher images of size 256 × 256 are greater than 7.9957. For cipher images of size 512 × 512, except for HCDNA's 7.9154 for Bw512, the lowest information entropy is 7.9920, which is very close to the maximal value, 8. The proposed MBPD, DFDLC, HCDNA, and CDCP achieve the highest information entropies in 8, 10, 1, and 6 out of 16 cases, respectively. In terms of information entropy, the MBPD significantly outperforms HCDNA and achieves comparable results with CDCP and DFDLC, revealing that the MBPD is able to resist entropy attacks effectively.
