*4.3. Histogram*

Because a histogram reflects each pixel's times in an image, histograms of meaningful images are fluctuated, while cipher images' histogram should be flat and uniform. That is to say, if an encryption scheme is well-designed, the histograms of cipher images should be as flat as possible. For the proposed HCZRNA, a histogram of Baboon and its cipher image are placed in Figure 9.

**Figure 9.** Histogram. image (**<sup>a</sup>**,**c**,**<sup>e</sup>**) are the histograms of three channels of Baboon, and image (**b**,**d**,**f**) are the histograms of corresponding channels of encrypted Baboon.

From this figure, it could find that histograms of all channels in plaintext image are fluctuated, while histograms of cipher image's different channels are almost distributed in a narrow range, and their values are around 1000. For more accurate results, histogram statistics are introduced to evaluate the variance and standard deviation of plaintext and cipher images [48,49]. Variance is used to calculate the average difference in each gray level frequency with respect to mean value *x*¯, which could be formulated as Equation (18).

$$\begin{aligned} \alpha &= \frac{1}{256} \sum\_{i=1}^{256} (x\_i - \bar{x})^2, \\ \bar{x} &= \frac{h \times w}{256} \end{aligned} \tag{18}$$

where *h*, *w* represent the image's height and width respectively, *x* is the frequency of different gray levels of pixels in a image, and the *x*¯ is the mean value of *x*s. And *α* is the variance, the higher is *α*, the more fluctuate is the graphic histogram. Accordingly, if a encryption is well-designed, the *α* of encrypted image should be low.

As *α* is always very high in plaintext image, a standard deviation is used to evaluate histogram's fluctuations, which is stated as Equation (19).

> *β*

$$
\overline{a} = \sqrt{a} \tag{19}
$$

where *β* is the standard deviation. For all test images, Table 5 describes the results of histogram statistics.


**Table 5.** Histogram statistics.

In the table, the variances and standard deviations of plaintext images are very high,while they are extremely different in cipher images. All of these performances indicate that the proposed HCZRNA could effectively resist histogram attack.

## *4.4. Correlation*

The correlation test refers to adjacent pixels' relationship. A meaningful image has high correlation because values of adjacent pixels are close to each other. This attribute could be utilized to crack. Therefore, a well-designed encryption scheme should have low enough correlations in three directions: horizontal, vertical, and diagonal directions. Given a pixel sequence that is represented by *X* = {*<sup>x</sup>*1, *x*2, ... , *xN*} and its adjacent pixel sequence *Y* = {*y*1, *y*2, ... , *yN*} in an image, correlation between *X* and *Y* could be denoted as *γX*,*<sup>Y</sup>* in Equation (20).

$$\begin{aligned} \gamma\_{X,Y} &= \frac{\frac{1}{N} \sum\_{i=1}^{N} (\mathbf{x}\_i - D(\mathbf{X}))(y\_i - D(Y))}{\sqrt{D(\mathbf{X})D(Y)}} \\ D(\mathbf{X}) &= \frac{\sum\_{i=1}^{N} (\mathbf{x}\_i - E(\mathbf{X}))^2}{N} \\ E(\mathbf{X}) &= \frac{\sum\_{i=1}^{N} \mathbf{x}\_i}{N} \end{aligned} \tag{20}$$

where *E*(*X*) is *X*s mathematical expectation and *D*(*X*) is standard deviation.

If *X* and *Y* are identical, *γX*,*<sup>Y</sup>* would be a maximum of 1. On the contrary, *γX*,*<sup>Y</sup>* would be close to 0 when *X* and *Y* have few correlations.

Figure 10 depicts the correlation test results. It is obvious that the adjacent pixels' distributions in plaintext images are concentrated, while the distributions in the cipher images are opposite.

More accurately, Table 6 provides correlation coefficients between plaintext images and cipher images. Additionally Table 7 demonstrates comparisons with references [44,45]. Through this test, it could find that the correlation coefficients of the proposed HCZRNA are extremely close to 0, which means that HCZRNA could effectively break correlations existing in plaintext images. While the comparisons show that the proposed HCZRNA achieves the best results with [44,45] in all cases. This reveals that HCZRNA outperforms when compared schemes in terms of reducing correlations.

**Figure 10.** Correlations.The first row is correlations of plaintext images, and the second row is correlations of cipher images.


**Table 6.** The correlation coefficients of the testing images.

**Table 7.** Comparisons of correlation coefficients.


#### *4.5. Information Entropy*

Information Entropy shows the randomness and uncertainty of image's pixels. If pixels in an image have uniform distribution, this image could resistant statistical attacks. Because there are 256 gray levels in each channel of color image, the Entropy calculation could be formulated as Equation (21):

$$H(\mathbb{C}) = -\sum\_{i=0}^{255} p(i) \log\_2 p(i) \tag{21}$$

where *C* denotes channels of color image and *p*(*i*) is probability of gray level in whole channel.

The bigger *<sup>H</sup>*(*C*), the bigger uncertainty of image. While the theoretical value of *H*(*C*) is 8.

Table 8 shows the entropies of all channels of plaintext color images and corresponding cipher images through encryptions by proposed HCZRNA. It is obvious that cipher images have increased entropies a lot from plaintext images and their entropies are very close to the theoretical value. Moreover, a comparison is held between HCZRNA and Ref. [23,29,44–46], and the results are stated in Table 9. Among all of the encryption schemes, the proposed HCZRNA achieves the highest entropies in four out of six cases. It could conclude that HCZRNA has the ability to resist statistical attack.

**Table 8.** Information Entropies of testing images.


**Table 9.** Comparison of entropies.


#### *4.6. Differential Attack*

The differential attack test is an important security test for image encryption, which reveals the influence on the cipher image caused by a minor change in pixels of plaintext image. If a tiny change on pixels in plaintext image leads to significant different cipher image, that is to say the encryption scheme could resist differential attack.

Two important indices are introduced to measure the ability of differential attack resistance, which is called the number of pixel change rate (NPCR) and the unified average changing intensity (UACI). Additionally, they are defined as Equations (22) and (23):

$$NPCR = \frac{\sum\_{i=0}^{h} \sum\_{j=0}^{w} F(i, j) \times 100\%}{w \times h} \tag{22}$$

$$dIACI = \frac{\sum\_{i=0}^{l} \sum\_{j=0}^{w} |c\_1(i,j) - c\_2(i,j)|}{255 \times w \times h} \tag{23}$$

where *e*1 and *e*2 are two cipher images, and *<sup>e</sup>*(*<sup>i</sup>*, *j*) means the pixel's value at coordinate *i*, *j* in image *e*. *<sup>F</sup>*(*<sup>i</sup>*, *j*) denotes whether the same coordinate's pixel values in *e*1 and *e*2 are independent or not, which could be formulated as Equation (24):

$$F(i,j) = \begin{cases} 0, & \text{if } \quad e\_1(i,j) = e\_2(i,j) \\ 1, & \text{if } \quad e\_1(i,j) \neq e\_2(i,j) \end{cases} \tag{24}$$

For two random images, NPCR and UACI's expected values are stated as: *NPCR* = 99.6094% and *UACI* = 33.4635% for an 8-bit gray image [30].

Hence, to realize the test, one bit would be changed on a random pixel in plaintext image. And both the plaintext image and changed image are encrypted to two different cipher images. Table 10 lists the average results of ten times tests. It could find that all NPCR values and UACI values of cipher images' different channels exceed the theoretical values. Additionally, comparisons with Ref. [23,29,44–46] are shown in Tables 11 and 12. Through the comparisons, the proposed HCZRNA encryption scheme has better performances on NPCR and UACI, which indicates that HCZRNA could resist differential attack well.

**Table 10.** The mean number of pixel change rate (NPCR) and unified average changing intensity (UACI) of cipher images.


**Table 11.** Average NPCR (%) of running the schemes 10 times.


**Table 12.** Average UACI (%) of running the schemes 10 times.


## *4.7. Robustness*

It is unavoidable that there data loss or noise attack occur when cipher images are transmitting. Hence, a well-designed encryption and decryption scheme should resist contamination on cipher images to recover plaintext images without grea<sup>t</sup> changes.

**Figure 11.** Cropping attack tests. The first row is cipher images with 12.5%, 25% and 50% data loss, and the second row is decrypted images from the first row.

**Figure 12.** Noise attack tests. The first row is cipher images with 1%, 5%, 10% salt and pepper noise, and the second row is decrypted images from the first row.

From the figures, the main information of plaintext images could be identified from decrypted images, which could conclude that HCZRNA has enough robustness for data loss and noise attacks. Here, the Mean Squared Error (MSE) and Peak Signal to Noise Ratio (PSNR) are also utilized to test robustness [48,49], which is formulated as Equation (25).

To demonstrate robustness of proposed HCZRNA scheme, 12.5%, 25%, and 50%data lose tests and 1%, 5%, and 10% salt and pepper noise tests would presented Figures 11 and 12.

in

$$\begin{aligned} MSE &= \frac{1}{h \times w} \sum\_{i=1}^{h} \sum\_{j=1}^{w} [P(i, j) - E(i, j)]^2, \\ PSRR &= 20 \log\_{10} (\frac{255}{\sqrt{MSE}}) \end{aligned} \tag{25}$$

where *P* and *E* represent two different images. MSE is used to evaluate the difference between two images, and PSNR depicts the ratio between the maximum possible power of a signal and the power of distorting noise that affects the quality of its representation. The lower the MSE, the higher PSNR, which indicates that two images have high similarity. Hence, under noise attacks, if the PSNR between the plaintext image and decrypted image is high, the encryption and decryption schemes are good enough. Tables 13 and 14 present the results of plaintext image and decrypted image of Lena under data loss and salt and pepper noise attacks.

**Table 13.** Mean Squared Error (MSE) and Peak Signal to Noise Ratio (PSNR) under data loss.


**Table 14.** MSE and PSNR under salt and pepper noise.


Through the results, we could find there are high MSEs and low PSNRs in these tables, which figures out that HCZRNA could resist attacks of data loss and noise.

#### *4.8. Running Time*

In HCZRNA, the pixels of image would be walked through multiple times in diffusion and RNA operation. Suppose that the size of RGB image is *N* × *N* × 3. For the five parts of encryption processes that are listed in Section 3.1, initial values of hyper-chaotic system are calculated from the security key, which costs *O*(1) time complexity; the hyper-chaotic matrices are computed 3 × *N* × *N* + 64 times iterations; for permutation, reshape and sort operations are implemented three times; while the diffusion process walks through each pixel two times, which costs *O*(2 × *N* × *N* × <sup>3</sup>); at last, as RNA operation walks through all 6-bit codons that are transformed from 8-bit pixels, the times of iteration are increased to 4 3 × *N* × *N* × 3. Hence, the time complexity of HCZRNA could be calculated as *O*(1 + 3 × *N* × *N* + 64 + 3 + 2 × *N* × *N* × 3 + 4 3 × *N* × *N* × 3) = *O*(13 *N*<sup>2</sup> + 68) = *<sup>O</sup>*(*N*<sup>2</sup>). Using the experiment environment that is listed in this section, the running times of encryption and decryption could be stated in Table 15. Although the time costs of encryption and decryption are not very good, the time complexity is also a polynomial time, which could be tolerable. Additionally, the processes of RNA operation on different codons have no correlation with each other, which could improve computational time by computing RNA operation in parallel.


**Table 15.** Running time (unit: second).
