*Article* **An Efficient Plaintext-Related Chaotic Image Encryption Scheme Based on Compressive Sensing**

**Zhen Li 1,2, Changgen Peng 1,\*, Weijie Tan <sup>1</sup> and Liangrong Li <sup>2</sup>**


**Abstract:** With the development of mobile communication network, especially 5G today and 6G in the future, the security and privacy of digital images are important in network applications. Meanwhile, high resolution images will take up a lot of bandwidth and storage space in the cloud applications. Facing the demands, an efficient and secure plaintext-related chaotic image encryption scheme is proposed based on compressive sensing for achieving the compression and encryption simultaneously. In the proposed scheme, the internal keys for controlling the whole process of compression and encryption is first generated by plain image and initial key. Subsequently, discrete wavelets transform is used in order to convert the plain image to the coefficient matrix. After that, the permutation processing, which is controlled by the two-dimensional Sine improved Logistic iterative chaotic map (2D-SLIM), was done on the coefficient matrix in order to make the matrix energy dispersive. Furthermore, a plaintext related compressive sensing has been done utilizing a measurement matrix generated by 2D-SLIM. In order to make the cipher image lower correlation and distribute uniform, measurement results quantified the 0∼255 and the permutation and diffusion operation is done under the controlling by two-dimensional Logistic-Sine-coupling map (2D-LSCM). Finally, some common compression and security performance analysis methods are used to test our scheme. The test and comparison results shown in our proposed scheme have both excellent security and compression performance when compared with other recent works, thus ensuring the digital image application in the network.

**Keywords:** image encryption; compressive sensing; plaintext related; chaotic system

#### **1. Introduction**

Nowadays, digital images are becoming one of the most important data formats in our daily life. The risk of information leakage is inevitable when we share photos with others on the social network platform. Therefore, the security of digital images attracts a great of scholars' attention.

The image encryption is an important method in image security. Many text structure encryption schemes, such as advanced encryption standard (AES), data encryption standard (DES), etc., have poor performance on image encryption. These schemes cannot break the correlation among adjacent pixels that may leak some geometric distribution of plain image. Image data are different from text data, which have some specific features, so the image encryption scheme must be designed according to these characteristics. At the beginning, the researchers used some special transformation matrixes, such as magic cube transformation, Arnold cat map, etc., in order to permutate the plain image without under security keys controlling. However, they are against Kerckhoffs's principle, which requires the cryptosystem to be a white box, except for security keys.

Chaos theory as a cornerstone of nonlinear dynamic that is wildly used in many fields was first proposed by Lorenz [1]. The chaotic system has many good characteristics, such

**Citation:** Li, Z.; Peng, C.; Tan, W.; Li, L. An Efficient Plaintext-Related Chaotic Image Encryption Scheme Based on Compressive Sensing. *Sensors* **2021**, *21*, 758. https:// doi.org/10.3390/s21030758

Academic Editor: Hyoungsik Nam Received: 30 December 2020 Accepted: 20 January 2021 Published: 23 January 2021

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional clai-ms in published maps and institutio-nal affiliations.

**Copyright:** © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

as randomness, ergodicity, sensitivity to initial values, and parameters [2], so it is suitable for the design of the cryptosystem. Matthews [3] first introduced a chaotic system into designing image cryptosystem. After that, a variety of image encryption algorithms have been put forward in the sspatial domain. These image encryption methods can be roughly classified as: (1) image encryption that is based on transformation matrixes [4–6]. This kind of algorithm mainly used the transformation matrix like magic cube transformation and Arnold cat map to permutation, and then used the chaotic system for diffusion. (2) The image encryption scheme that is based on deoxyribonucleic acid (DNA) encoding and chaotic system [7–9]. In this kind of scheme, the authors usually used DNA rules to encode the plain-image and controlled permutation and diffusion process on encoded data by the chaotic system. (3) Image encryption that is based on chaotic S-box [10–12]. Researchers usually used chaotic systems to design an S-box and encrypted image data by the nonlinear component. (4) Other spatial domain image encryption schemes [13–16].

Generally, the online transmission of image data requires a larger bandwidth. Therefore, image compression is very important for network applications, which can improve the efficiency of image transmission. In general, image compression not only utilizes the correlation between adjacent pixels, but it also encodes the non-uniform distribution of image pixels. However, image encryption will totally break the correlation among adjacent pixels and make its distribution uniform. Thus, the cipher image is not suitable for image compression. Not only that, the loss of image compression can also make the image impossible to be decrypted. Therefore, the compression must be executed early or at the same time as encryption.

Compressed sensing (CS) is a kind of effective data compression technology [17] when the data satisfy sparsity in a certain domain. When compared with Nyquist theory, CS can recover the entire signal from a smaller number of measurements [18]. In CS theory, when the signal is sparse in a transformation domain, a measurement matrix can be used to project the signal randomly, and then the original signal can be reconstructed by convex optimization algorithm. Fortunately, the images are sparse in many transform domains and are well suited to apply to CS theory. Therefore, based on compressed sensing, how to perform the image encryption also is a topical issue. Chai et al. [19] proposed an image encryption scheme that is based on magnetic-controlled memristive chaotic system and compressive sensing. This scheme first transform image to discrete wavelet transform (DWT) domain. Subsequently, some permutations have been done with this coefficient matrix. Finally, the compressive sensing used a measurement matrix that was generated by a chaotic system. In this scheme, although the generation of measurement matrix is related to plain image information, the plain image sensitivity of the scheme is still not good enough. In addition, the uneven energy distribution of cipher images generated by the scheme may also cause the leakage of some plain image information. Zhu et al. [20] proposed an image encryption scheme, which uses the random Gaussian matrix generated by Chebyshev mapping to execute compressive sensing. Chai et al. [21] proposed a chaotic image encryption scheme, which uses elementary cellular automata and block compressive sensing. In this scheme, a plain image is transformed by DWT at first, then compressive processing under the measurement matrix generated by a parameter-varying chaotic system is done. The plain image sensitivity of this scheme is good, because all of the initial values of chaotic system are related to the plain image. However, the randomness of cipher image seems not good enough. Zhu et al. [22] proposed an image encryption scheme, which is based on nonuniform sampling by block CS. In this scheme, the discrete cosine transform (DCT) is used to generate the coefficients matrix, and then perform compressive sensing processing by two measurement matrices that are generated by the logistic map. Finally, undertake the diffusion and permutation under logistic map controlling. However, the whole diffusion process is related to the result that is calculated in previous pixels; thus, the robustness must not be as good as mentioned. Gong et al. [23] proposed an image compression and encryption algorithm. In this scheme, the plain image is first permuted by the Arnold transform to reduce the block effect in the compression process, and then

the coefficient matrix is compressed and encrypted by CS, simultaneously. The keys in this scheme are generated by a plain image without any external keys; it means that each cipher image corresponds to a unique key, which is not conducive to key distribution management and batch image encryption. Kayalvizhi et al. [24] proposed an image encryption scheme, which is based on compressive sensing, fractional order hyper chaotic Chen system, and DNA operations. In this scheme, block compressive sensing is executed to the plain image, and then execute DNA encoding to the measurement matrix. After that, complete some diffusion operation in DNA sequences. The whole process is not related to the plain image and the sensitivity of plain image has weak resistance to differential attack. Moreover, DNA encoding and decoding may consume a large amount of computing time, which results in the low efficiency of this algorithm.

To conquer the drawback what mentioned above, a plaintext related image encryption scheme is given using compressive sensing and two hyper chaotic systems. The detailed contributions are as follows:


This paper is organized, as follows: in Section 2, the preliminary for this paper is given, such as compressive sensing and chaotic system. In Section 3, an efficient image encryption scheme that is based on chaos and compressive sensing is introduced. In Section 4, some common compression analyses and security analyses of the proposed image cryptosystem are given. In Section 5, we conclude this paper.

#### **2. Preliminary**

#### *2.1. Compressive Sensing*

The aim of CS model [25] is to recover a sparse image signal *X* <sup>∈</sup> <sup>R</sup>*n*×*<sup>n</sup>* from fewer measurements *Y* <sup>∈</sup> <sup>R</sup>*m*×*<sup>n</sup>* is given by:

$$\mathcal{Y} = \Phi \mathcal{X} = \Phi \mathbf{\Psi} \mathbf{P} \tag{1}$$

where <sup>Φ</sup> <sup>∈</sup> <sup>R</sup>*m*×*<sup>n</sup>* is a measurement sensing matrix whose distribution satisfies Gaussian distribution. Let *A* <sup>=</sup> ΦΨ, where the columns satisfy the linearly independent condition. When *A* satisfies a certain condition, i.e., Restricted Isometry Constant (RIC), the restricted isometry property(RIP), the CS theory shows that only a sufficiently sparse signal *P* can be recovered with a high probability exactly from *Y*. The linear measurement process is expressed as a regularized form, as

$$\min \| \text{vec}(\mathbf{P}) \|\_{0} \quad \text{s.t.} \quad \| AP - \mathbf{Y} \|\_{2} \le \eta \tag{2}$$

where · <sup>0</sup> denotes the *l*<sup>0</sup> norm as a sparsity constraint and *η* is a constant. This form aims to find the most sparse solution that fits the observation model well. However, it is Nondeterministic Polynomial (NP)-hard problem to solve Equation (2). A convex relaxation method is to apply the *l*<sup>1</sup> norm of the *l*<sup>0</sup> norm, as follows:

$$\min \| \text{vec}(\mathbf{P}) \|\_{1} \quad \text{s.t.} \quad \| \mathbf{AP} - \mathbf{Y} \|\_{2} \le \eta \tag{3}$$

Theoretical analysis has shown that the *l*<sup>1</sup> norm can also approach the most sparse solution under some conditions [25,26]. Equation (3) can be solved by some optimization algorithms, such as the gradient descent method (GDM) [27] abd orthogonal matching pursuit (OMP) [28].

#### *2.2. Chaotic System*

The chaotic systems in our proposed scheme are used to control the permutation and diffusion process, and to generate a measure matrix of compressive sensing, which are the key points of encryption and compression performance. Therefore, our cryptosystem is required to choose hyper chaotic systems that have better chaotic characteristics.

The two-dimensional Sine improved Logistic iterative chaotic map (2D-SLIM) [29] is given by

$$\begin{cases} x\_{i+1} = \sin(by\_i)\sin(50/x\_i) \\ y\_{i+1} = a\left(1 - 2x\_{i+1}^2\right)\sin(50/y\_i) \end{cases} \tag{4}$$

where *a* and *b* are the system parameters. When *a* ∈ (0, 3] and *b* = 2*π* or when *a* = 1 and *b* ∈ [4, 7], the system becomes hyper chaotic.

The two-dimensional Logistic-Sine-coupling map (2D-LSCM) [30] is given by

$$\begin{cases} \mathbf{x}\_{i+1} = \sin(\pi(4\theta \mathbf{x}\_i(1-\mathbf{x}\_i) + (1-\theta)\sin(\pi y\_i))) \\\ y\_{i+1} = \sin(\pi(4\theta y\_i(1-y\_i) + (1-\theta)\sin(\pi \mathbf{x}\_{i+1}))) \end{cases} \tag{5}$$

where *θ* is the control parameter. When *θ* ∈ (0, 1), the system has hyper chaotic behavior.

**Remark 1.** *In our proposed scheme, we used 2D-SLIM and 2D-LSCM, two discrete hyper chaotic systems, to control the encryption process. In fact, other discrete hyper chaotic systems can also be extended in our scheme, and the only difference in those selection is the size of key space. Furthermore, the reason why we select the two different hyper chaotic systems to control the encryption and compression process is that it can avoid, as much as possible, some unexpected situations occurring, such as dynamical degradation of chaotic systems [31,32], weak real keys, etc.*

#### **3. Our Proposed Scheme**

The image cryptosystem is proposed in this section. First, a plaintext related internal keys generation method is introduced in Section 3.1. Afterwards, we present the encryption scheme in Section 3.2. Finally, we propose the decryption scheme in Section 3.3.

#### *3.1. Plaintext-Related Internal Keys Generation*

In this subsection, we proposed a method for generating the internal keys that are related to plaintext. The internal keys are used to generate the initial values and parameters of hyper chaotic systems that are used to control all processes of encryption and decryption. Therefore, the plaintext-related internal key generation method can make our proposed image cryptosystem more plaintext sensitive to resisting differential attack. There are two parts in plaintext-related internal key generation: plaintext information extraction and internal keys generation.

Algorithm 1 shows the plain image information extraction algorithm.

The detailed description are as follows:

*Step 1:* input plain image matrix *P* and initial key *K* into algorithm, and begin.

*Step 2:* expand the plain image matrix *P* into a vector *P(:)* in rows, and then change this vector to a string *SP*.

*Step 3:* input string *SP* into hash function SHA256, and denote the hash value as *HP*.

*Step 4:* input initial key *K* into hash function SHA256, and denote the hash value as *HK*.

*Step 5:* put hash values *HP* and *HK* together and input them into hash function SHA256. The hash value is extracted plain image information *EPI*.

*Step 6:* output the extracted plain image information *EPI*, and finished.



**Output:** Extracted plain image information *EPI*.

1: *String SP* <sup>←</sup> *P(:)*


Algorithm 2 shows the internal keys generation algorithm.

**Input:** Extracted plain image information *EPI*, initial key *K*

**Output:** Internal keys *[K1,K2,K3,K4]*.


The detailed description are as follows:

*Step 1:* input extracted plain image information *EPI* and initial key *K*, and begin.

*Step 2:* input initial key *K* into hash function SHA256, and denote the hash value as *HK*.

*Step 4:* split *INKEY* into four parts, and everypart with 64 bits, denoted as *I1*, *I2*, *I3* and *I4*.

*Step 5:* calculate the control values as *CN1* <sup>=</sup> *mod*(*I1*/108, 256), *CN2*<sup>=</sup> *mod*(*I2*/108, 256), *CN3*<sup>=</sup> *mod*(*I3*/108, 256), and *CN4*<sup>=</sup> *mod*(*I4*/108, 256).

*Step 6:* bit cyclic shift *INKEY CN1* bits to right direction, and generate 256 bits internal key *K1*, after that, at same operation to bit cyclic shift *INKEY* under *CN2*, *CN3*, *CN4* control, and generate internal keys *K2,K3,K4*.

*Step 7:* output internal keys *[K1,K2,K3,K4]*, and finished.

*Step 3:* put extracted plain image information *EPI* and hash value *HK* together and input them into hash function SHA256. Denote the hash value as *INKEY*.

#### *3.2. Encryption Scheme*

In this subsection, we will introduce our proposed encryption scheme. The encryption scheme takes, as inputs, plain image *P*, initial key *K*, and compression ratio **CR**, and put outputs, such as cipher image and some additional ciphertext information. The compression ratio (CR) means the ratio of the number of pixels in the compressed image to that in the original image. Figure 1 shows the block diagram of the encryption scheme, and the detailed description are as follows:

**Figure 1.** The block diagram of the encryption scheme.

*Step 1:* input plain image *P* (*<sup>N</sup>* <sup>×</sup> *<sup>N</sup>*), initial key *K* and compression ratio **CR**, and the encryption process begins.

*Step 2:* input plain image matrix *P* and initial key *K* into Algorithm <sup>1</sup> to get extracted plain image information *EPI*. After that, input extracted plain image information *EPI* and initial key *K* into Algorithm <sup>2</sup> to generate internal keys *[K1,K2,K3,K4]*.

*Step 3:* input plain image *P* into discrete wavelet transform (DWT) to sparse representation, and we denote sparse coefficient matrix as *CM*.

*Step 4:* input coefficient matrix *CM* and internal key *K1* into Algorithm <sup>3</sup> to make plaintext energy evenly distributed.

**Algorithm 3** Permutation I algorithm

**Input:** Coefficient matrix *CM* and internal key *K1*

**Output:** Permutated coefficient matrix *PM*.


3: *<sup>x</sup>*<sup>11</sup> <sup>←</sup> *mod*(*I2*/1014, 1); *<sup>y</sup>*<sup>11</sup> <sup>←</sup> *mod*(*I3*/1014, 1)


*Step 5:* Calculate the threshold value *TS* by Algorithm 4.


**Output:** Threshold value *TS*.


*Step 6:* if the element in the permutated coefficient matrix *PM* absolute value less than threshold *TS*, then set this element to 0. The new generated matrix is denoted as *PM2*.

*Step 7:* input matrix *PM2*, compression ratio **CR**, and internal key *K2* into Algorithm <sup>5</sup> to obtain the measurements *CSM*.

#### **Algorithm 5** Compressive sensing algorithm

**Input:** The matrix *PM2*, compression ratio *CR*, and internal key *K2*

**Output:** The compressive sensing measurements *CSM*.


*Step 8:* quantize the compressive sensing measurements *CSM* to the range of [0, 255] and generate quantized matrix *QM* by

$$QM = \text{round}\left(255 \times (\text{CSM} - \text{MAX}) / (\text{MAX} - \text{MIN})\right) \tag{6}$$

where *round*(*x*) represents the nearest integer with *<sup>x</sup>*, and *MIN* and *MAX* are the minimum and maximum numbers of *CSM*.

*Step 9:* input quantized matrix *QM* and internal keys *K3,K4* into Algorithm <sup>6</sup> to do diffusion and permutation II.

*Step 10:* output cipher image *C1* and additional cipher information *C2* = [*EPI*, *MAX*, *MIN*]. The encryption process is finished.

**Algorithm 6** Diffusion and permutation II algorithm **Input:** Quantized matrix *QM* and internal keys *K3,K4* **Output:** Cipher image *C1*. 1: *I1* <sup>←</sup> *K3*(1:64); *I2* <sup>←</sup> *K3*(65:128); *I3* <sup>←</sup> *K3*(129:192); *I4* <sup>←</sup> *K4*(1:64); *I5* <sup>←</sup> *K4*(65:128); *I6* <sup>←</sup> *K4*(129:192). 2: *<sup>θ</sup>*<sup>1</sup> <sup>←</sup> *mod*(*I1*/1014, 1); *xx*<sup>0</sup> <sup>←</sup> *mod*(*I2*/1014, 1); *yy*<sup>0</sup> <sup>←</sup> *mod*(*I3*/1014, 1). 3: *<sup>θ</sup>*<sup>2</sup> <sup>←</sup> *mod*(*I4*/1014, 1); *xx*<sup>1</sup> <sup>←</sup> *mod*(*I5*/1014, 1); *yy*<sup>1</sup> <sup>←</sup> *mod*(*I6*/1014, 1). 4: **if** 0.33 < *θ*1 < 0.66 **then** 5: *θ*1 ← *mod*(*θ*1 + 0.33, 1) 6: **end if** 7: **if** 0.33 < *θ*2 < 0.66 **then** 8: *θ*2 ← *mod*(*θ*2 + 0.33, 1) 9: **end if** 10: [*M*, *<sup>N</sup>*] <sup>←</sup> *size*(*QM*) 11: Put *<sup>θ</sup>*1, *xx*0, *yy*0 into Equation (5) to generate a sequence *S0* by iterating *<sup>M</sup>* <sup>×</sup> *<sup>N</sup>* times. 12: *KM* <sup>←</sup> *floor*(*mod*(*S0* <sup>×</sup> 1013, 256)) 13: *DM* <sup>←</sup> *QM* & *KM* 14: Put *<sup>θ</sup>*2, *xx*1, *yy*1 into Equation (5) to generate a sequence *X1* and *Y1* by iterating *max*(*M*, *N*) times. 15: *U1* <sup>←</sup> *floor*(*mod*(*X1*(1 : *<sup>M</sup>*) <sup>×</sup> <sup>10</sup>5,(*<sup>M</sup>* <sup>−</sup> <sup>1</sup>))) + <sup>1</sup> 16: *U2* <sup>←</sup> *floor*(*mod*(*Y1*(1 : *<sup>N</sup>*) <sup>×</sup> <sup>10</sup>5,(*<sup>N</sup>* <sup>−</sup> <sup>1</sup>))) + <sup>1</sup> 17: **for** *i* = 1 **to** *M* **do** 18: *DM*(*i*, :) <sup>←</sup> *CircleShi f t*(*DM*(*i*, :), *U1*(*i*)) 19: **end for** 20: **for** *i* = 1 **to** *N* **do** 21: *DM*(:, *<sup>i</sup>*) <sup>←</sup> *CircleShi f t*(*DM*(:, *<sup>i</sup>*), *U2*(*i*)) 22: **end for** 23: *C1* <sup>←</sup> *DM 3.3. Decryption Scheme*

The decryption process is the inverse process of encryption, and it takes input as cipher image *C1*, additional cipher information *C2*, and initial key *K*, and put the output as recovering plain image. Figure 2 shows the block diagram of the decryption scheme, and the detailed description is as follows:

*Step 1:* input cipher image *C1*(*<sup>M</sup>* <sup>×</sup> *<sup>N</sup>*), additional cipher information *C2*, and initial key *K* and the decryption process begins.

*Step 2:* input *EPI* and initial key *K* into Algorithm <sup>2</sup> to generate internal keys *[K1,K2,K3,K4]*.

*Step 3:* input cipher image *C1* and internal keys *K3,K4* into Algorithm <sup>7</sup> to do reverse permutation II and reverse diffusion.

#### **Algorithm 7** Reverse permutation II and reverse diffusion algorithm

**Input:** Cipher image *C1* and internal keys *K3,K4*

**Output:** Reverse permutation and diffusion matrix *RPDM*.

	- *I4* <sup>←</sup> *K4*(1:64); *I5* <sup>←</sup> *K4*(65:128); *I6* <sup>←</sup> *K4*(129:192).

*Step 4:* Do reverse quantization to the matrix *RPDM*, and generate reverse quantized matrix *RQM* by

$$RQM = \frac{RPDM \times (MAX - MIN)}{255} + \text{MIN} \tag{7}$$

*Step 5:* Input matrix *RQM* and internal keys *K2* into Algorithm <sup>8</sup> to reconstruct matrix *RCM*.

*Step 6:* input reconstruct matrix *RCM* and internal key *K1* into Algorithm <sup>9</sup> to undertake reverse permutation I.

*Step 7:* input matrix *RPM* into inverse discrete wavelet transform (IDWT) in order to recover plain image *P*.

*Step 8:* output recover plain image *P* and the decryption process is finished.

#### **Algorithm 8** Matrix reconstruction algorithm

**Input:** Matrix *RQM* and internal keys *K2*

**Output:** Reconstruct matrix *RCM*.


#### **Algorithm 9** Reverse permutation I algorithm

**Input:** Reconstruct matrix *RCM* and internal key *K1*

**Output:** Reverse permutated matrix *RPM*.


**Figure 2.** The block diagram of the decryption scheme.

#### **4. Simulation and Analysis**

In this section, we will evaluate our proposed image cryptosystem. The simulations and performance evaluations are implemented in MATLAB R2016a. Our hardware environment for tests was a personal computer with Inter(R) Core i7-6700k CPU 4.00 GHz, 32 GB memory, and the operation system is Windows 7 home edition. For simulation and tests, the initial key is selected as 'a2b235c5dd4345d2445e33e25ef255f524235ec' in hexadecimal, and one of the parameters of 2D-SLIM, which is given in Equation (4), is set as *b* = 2*π*. We first select 512 × 512 8-bit level gray images 'Lena', 'Pepper', and 'Cameraman' for simulation, and encrypt them with CR = 0.1, 0.2, ··· , 0.9, respectively. Figure 3 shows the simulation result. In the following subsections, we first discussed the performance of compression, and then provided the common security analysis result of our proposed image cryptosystem. Finally, we compared our work with other recent works in order to make our proposed image cryptosystem more convincing.

#### *4.1. Compression Analyses*

#### 4.1.1. Peak Signal to Noise Ratio (PSNR)

For measuring the difference between the decrypted image and the original image to evaluate the recovery quality, we use the peak signal to noise ratio (PSNR) as a measurement for evaluation. PSNR is given by

$$\text{PSNR} = 10 \log\_{10} \frac{255 \times 255}{\frac{1}{N^2} \sum\_{i=1}^{N} \sum\_{j=1}^{N} \left( I(i,j) - I'(i,j) \right)^2} \tag{8}$$

where *I* and *I* are the decrypted image and original image, respectively. In this test, we first encrypt 256 × 256 and 512 × 512 plain images at different CRs, and then decrypt these cipher images to obtain recovery images. Finally, we calculate PSNR between plain images and recovery images. Table 1 and Figure 4 show the test result. According to the results, the PSNR values between plain images and recovery images are increasing with the growth of CRs, and the minimum of the PSNR is 31.7675 dB when the image is 256 × 256 and be encrypted in CR = 0.2. Therefore, our proposed scheme has a very good compression recovery performance.

#### 4.1.2. Structural Similarity Index Measurement (SSIM)

The structural similarity index measurement (SSIM) is another important indictor for evaluating the compression performance. The SSIM value can be calculated by

$$\text{SSIM} = \frac{(2\mu\_I \mu\_{I'} + \mathbb{C}\_1)(2\sigma\_{II'} + \mathbb{C}\_2)}{\left(\mu\_I^2 + \mu\_{I'}^2 + \mathbb{C}\_1\right)\left(\sigma\_I^2 + \sigma\_{I'}^2 + \mathbb{C}\_2\right)}\tag{9}$$

where *<sup>C</sup>*<sup>1</sup> = (*k*<sup>1</sup> × *<sup>L</sup>*)2, *<sup>C</sup>*<sup>2</sup> = (*k*<sup>2</sup> × *<sup>L</sup>*)2, *<sup>k</sup>*<sup>1</sup> = 0.01, *<sup>k</sup>*<sup>2</sup> = 0.03, *<sup>L</sup>* = 255. The *<sup>μ</sup><sup>I</sup>* and *<sup>μ</sup>I* are the average values of the decrypted image *I* and the original image *I*. The *σ<sup>I</sup>* and *σI* are the variance values, and *σI I* is the covariance value between *I* and *I* . In this test, we also first encrypt 256 × 256 and 512 × 512 plain images at different CRs, and then decrypt these cipher images to obtain recovery images. Finally, we calculate the SSIM value between recovery images and plain images. Table 2 and Figure 5 show the SSIM result. The SSIM values are also increasing with CRs and the minimum value is also over 0.7, according to the results. It means that, in this indicator, our scheme also has very good compression recovery performance.

**Figure 3.** Encryption simulation. Rows (**a**–**d**) are the simulation results of image 'Lena', Rows (**e**–**h**) are the simulation results of image 'Pepper' and Rows (**i**–**l**) are the simulation results of image 'Cameraman'. Column (**1**) are plain images. Columns (**2**–**10**) are the simulation results of CR = 0.1, ··· , CR = 0.9, respectively.


**Table 1.** The peak signal to noise ratio (PSNR) test results.

**Figure 4.** The Peak Signal to Noise Ratio (PSNR) test result. (**a**) shows the results of images with the size of 256 × 256. (**b**) shows the results of images with the size of 512 × 512.

#### *4.2. Key Space Analysis*

The image cryptosystem requires enough key space to resist the brute-force attack. In our proposed image cryptosystem, the two 2D-SLIM and two 2D-LSCM hyper chaotic systems are used for controlling the permutation and diffusion process and for generating a measure matrix of compressive sensing. Hence, the real keys are two system parameters *a*01 ∈ (0, 3], *a*02 ∈ (0, 3] and four initial values *x*11 ∈ (0, 1), *y*11 ∈ (0, 1), *x*12 ∈ (0, 1), *y*12 ∈ (0, 1) of two 2D-SLIM systems, and two system parameters *θ*1 ∈ (0, 0.33) '(0.66, 1), *θ*2 ∈ (0, 0.33) ' (0.66, 1) and four initial values *xx*0 ∈ (0, 1), *yy*0 ∈ (0, 1), *xx*1 ∈ (0, 1), *yy*1 ∈ (0, 1) of two 2D-LSCM systems. The change step of each initial value and parameters are 10<sup>−</sup>15, the key space can be calculated as *<sup>S</sup>* = (<sup>3</sup> × <sup>10</sup>15)<sup>2</sup> × 0.662 × (1015)<sup>10</sup> = 3.9204 × 10180 ≈ <sup>2</sup>600. Usually, if the key space is more than 2100, then we can consider that the image cryptosystem is good at resisting the brute-force attack [34].

#### *4.3. Differential Attack*

Differential attack is a method for analyzing keys from two cipher images that are encrypted by two tiny different plain images. The plain image sensitivity is an important feature for an image cryptosystem to resist differential attack. There are two measurements for evaluating the plain image sensitivity: the number of pixels change rate (NPCR) and unified average changing intensity (UACI) [12,13]. The NPCR and UACI are given by Equations (11) and (12), respectively.

$$\text{NPCR} = \frac{\sum\_{i=1}^{M} \sum\_{j=1}^{N} D(i, j)}{M \times N} \times 100\%\_{\text{\%}} \tag{10}$$

where

$$D(i,j) = \begin{cases} \ 0, & \mathcal{C}\_1(i,j) = \mathcal{C}\_2(i,j) \\ 1, & \mathcal{C}\_1(i,j) \neq \mathcal{C}\_2(i,j) \end{cases} \tag{11}$$

$$\text{UACI} = \frac{1}{M \times N} \left( \sum\_{i=1}^{M} \sum\_{j=1}^{N} \frac{|\mathcal{C}\_1(i,j) - \mathcal{C}\_2(i,j)|}{255} \right) \times 100\% \tag{12}$$

where *C*1(*i*, *j*) and *C*2(*i*, *j*) are denoted as two cipher images that are generated by encrypting one-pixel different two plain images. *M* and *N* are the height and width of images, respectively. In order to evaluate the NPCR and UACI results, the critical values are given by Wu et al. [35]. The critical value of NPCR is given by:

$$\mathcal{N}\_{\mathfrak{a}}^{\*} = \frac{\mathbb{Q} - \Phi^{-1}(\mathfrak{a})\sqrt{\mathbb{Q}/\mathcal{H}}}{\mathbb{Q} + 1},\tag{13}$$

where *H* represents the total pixel numbers of image, *Q* represents the largest value that the pixels allowed in the image, and *α* is the significance level. When the test NPCR value is larger than critical value N <sup>∗</sup> *<sup>α</sup>* , we can consider that the proposed system has good plain image sensitivity.

**Table 2.** The Structural Similarity Index Measurement (SSIM) test results.


**Figure 5.** The Structural Similarity Index Measurement (SSIM) test result. (**a**) is shown the results of images with the size of 256 × 256. (**b**) is shown the results of images with the size of 512 × 512.

The UACI critical interval (U∗− *<sup>α</sup>* , <sup>U</sup>∗<sup>+</sup> *<sup>α</sup>* ) is given by:

$$\begin{cases} \boldsymbol{\mu}\_{\boldsymbol{\alpha}}^{\*-} = \boldsymbol{\mu}\_{\boldsymbol{\mu}} - \boldsymbol{\Phi}^{-1} \begin{pmatrix} \frac{\boldsymbol{\alpha}}{2} \end{pmatrix} \boldsymbol{\sigma}\_{\boldsymbol{\omega}\boldsymbol{\prime}}\\ \boldsymbol{\mu}\_{\boldsymbol{\alpha}}^{\*+} = \boldsymbol{\mu}\_{\boldsymbol{\omega}} + \boldsymbol{\Phi}^{-1} \begin{pmatrix} \frac{\boldsymbol{\alpha}}{2} \end{pmatrix} \boldsymbol{\sigma}\_{\boldsymbol{\omega}\boldsymbol{\prime}} \end{cases} \tag{14}$$

where

$$
\mu\_{\rm u} = \frac{Q+2}{3Q+3},
\tag{15}
$$

and

$$
\sigma\_{\rm u} = \sqrt{\frac{(Q+2)(Q^2+2Q+3)}{18(Q+1)^2 Q H}}.\tag{16}
$$

If the UACI value falls into interval (U∗− *<sup>α</sup>* , <sup>U</sup>∗<sup>+</sup> *<sup>α</sup>* ), then we can consider the two test images have enough difference. We assume significance level *α* = 0.05. When the test image is 512 × 512, the NPCR critical value is N <sup>∗</sup> 0.05 = 99.5893% and the UACI critical interval is (U∗− 0.05, <sup>U</sup>∗<sup>+</sup> 0.05)=(33.3730%, 33.5541%). When the test image is 256 × 256, the NPCR critical value is N <sup>∗</sup> 0.05 = 99.5693% and the UACI critical interval is (U∗− 0.05, <sup>U</sup>∗<sup>+</sup> 0.05) = (33.2824%, 33.6447%).

In this test, we complete the test 100 times for each CRs and calculate the average value, respectively. Table 3 and Figure 6 show the tests results. According to the data and figures, the NPCR and UACI test values are floating with CR changes. Nonetheless, all of the test values are basically within the critical values. The test result has shown that our proposed scheme is plain image enough in resisting the differential attack.

#### *4.4. Statistical Analysis*

#### 4.4.1. Histogram Analysis

A histogram can reflect the statistical feature of cipher image; the histogram is closer to uniform the better security performance. The histogram is shown in Figure 3. In Figure 3 rows (a, e, i), there are some cipher images that are encrypted in deferent CRs, and the corresponding histograms are shown in Figure 3 rows (b, f, j). The corresponding decrypted images are shown in Figure 3 rows (c, g, k). Figure 3 rows (d, h, l) shows the histograms of recovery image. The chi-squared test is used to evaluate the uniformity of cipher image's histogram. Table 4 provides the chi-squared test results of cipher images, when the significance level is *α* = 0.05. According to the results, our scheme has enough good diffused property to resist the statistical attack.

**Table 3.** Number of pixels change rate (NPCR) and unified average changing intensity (UACI) results.


**Figure 6.** The number of pixels change rate (NPCR) and unified average changing intensity (UACI) test result. (**a**,**c**) show the results of images with the size of 256 × 256. (**b**,**d**) show the results of images with the size of 512 × 512. (**a**,**b**) show the results of NPCR tests. (**c**,**d**) show the results of UACI tests.

**Table 4.** Histogram uniformity evaluation by chi-squared test (*p*-value).


4.4.2. Correlation Coefficient

As we all know, encryption is a process breaking the correlation of adjacent pixels. Therefore, correlation coefficient analysis is an important measurement for evaluating the

permutation performance of image cryptosystem. The less correlation in cipher image, the better permutation performance.

The correlation coefficient can be calculated by Equation (17).

$$r\_{ab} = \frac{\text{cov}(a, b)}{\sqrt{D(a)D(b)}},\tag{17}$$

where *a* and *b* are two adjacent pixels' gray values, and

$$\text{E}(a) = \frac{1}{N} \sum\_{i=1}^{N} a\_{i\prime} \tag{18}$$

$$\text{D}(a) = \frac{1}{N} \sum\_{i=1}^{N} (a\_i - \text{E}(a))^2 \tag{19}$$

$$\text{cov}(a, b) = \frac{1}{N} \sum\_{i=1}^{N} (a\_i - \text{E}(a))(b\_i - \text{E}(b)). \tag{20}$$

In this test, we first randomly select 10,000 pairs of adjacent pixels in the test image, and then calculate the correlation coefficient among these pixels. The test plain images are 512 × 512 and the cipher images are encrypted on *CR* = 0.5. Table 5 shows the test results. The correlation distributions are shown in Figure 7 and the rows (**1**–**6**) correspond to images of 'Lena', 'Pepper', 'Airplane', 'Boat', 'Cameraman', and 'Barbara', respectively; Column (**a**) shows the corresponding plain images; Columns (**b**–**d**) correspond to the plain images' distributions of 'horizontal direction', 'vertical direction', and 'diagonal direction', respectively; Column (**e**) is the corresponding cipher images by encryption; Columns (**f**–**h**) correspond to the cipher images' distributions of 'horizontal direction', 'vertical direction', and 'diagonal direction', respectively.

**Table 5.** Correlation coefficients.


#### *4.5. Key Sensitivity Analysis*

In this subsection, we will test the key sensitivity of our proposed image cryptosystem. In our scheme, there are 12 real keys, which are parameters and initial values of 2D-SLIM and 2D-LSCM systems. For this test, we select 'Barbara' 512 × 512 as the test image. There are two tests for key sensitivity analysis. The first test we encrypted plain image on *CR* = 0.5, and then decrypted with tiny modified keys. Figure 8 shows the test results. The second test is that we encrypt plain images with tiny modified keys and then compare the corresponding cipher images with without modified cipher images. Figure 9 shows the test results.

We quantitatively measure the difference between cipher images using NPCR and UACI. Table 6 shows the result. As the results of tests, our proposed scheme is very sensitive to the real keys.

**Figure 7.** Correlation distributions. Rows (**1**–**6**) correspond to images of 'Lena', 'Pepper', 'Airplane', 'Boat', 'Cameraman', and 'Barbara', respectively; Column (**a**) shows the corresponding plain images; Columns (**b**–**d**) correspond to the plain images' distributions of 'horizontal direction', 'vertical direction', and 'diagonal direction', respectively; Column (**e**) is the corresponding cipher images by encryption; Columns (**f**–**h**) correspond to the cipher images' distributions of 'horizontal direction', 'vertical direction', and 'diagonal direction', respectively.

**Figure 8.** Decryption with tiny modified keys.


**Figure 9.** Comparison from encrypted images through tiny modified keys.

**Table 6.** Quantitative analysis of key sensitivity.


#### *4.6. Information Entropy*

Global Shannon entropy (GSE) is used to evaluate the randomness of the whole image. The GSE is given by

$$\mathcal{H}(\mathbf{s}) = \sum\_{i=0}^{2^{K}-1} P(s\_i) \log\_2 \frac{1}{P(s\_i)} \,\mathrm{s}\tag{21}$$

where *K* is the gray level of the test image and *P*(*si*) means the probability of *si*. The GSE of 8-bit gray image is 8 bits in the ideal case. Table 7 shows the GSE results in different CRs.


**Table 7.** Global Information entropy.

In order to further measure the randomness of cipher image, Wu et al. [36] introduced a method of local Shannon entropy (LSE). To calculate LSE, *k* non-overlapping image blocks *B*1, *B*2, ··· , *Bk* with *TB* pixels are randomly selected from image *I*, and then the LSE is defined by:

$$\overline{\mathcal{H}\_{k,T\_B}}(I) = \sum\_{i=1}^{k} \frac{H(B\_i)}{k} \,. \tag{22}$$

where *H*(*Bi*) is the GSE of image block *Bi*. For this test, the parameters (*k*, *TB*)=(30, 1936) are selected. In this situation, the ideal value of LSE is 7.902469317. When the significance *α* = 0.05, the tests passed when the test results fell into the interval (7.901901305, 7.903037329). Table 8 shows the LSE test results. Figure 10 shows the global and local entropy analysis. According to this figure, the global entropies are increasing with CRs and the local entropies are floating with CRs. Nevertheless, the minimum of global entropy of 7.9962 entails sufficient security and the local entropies basically fall in security interval. Therefore, the information entropy results show that the cipher images that are generated by our proposed image cryptosystem have excellent randomness.

**Table 8.** The local Shannon entropy test.


**Figure 10.** The information entropy analysis. (**a**) is global entropy. (**b**) is local entropy.

#### *4.7. Robust Analysis*

The robustness of the image cryptosystem means that some useful information can still be recovered when the cipher image is disturbed by noise or part of the data is lost during transmission. The robustness of the image cryptosystem in real communication applications is very important. In the test, some noise and different data loss amounts are added to Lena cipher images that are encrypted on CR = 0.5 to evaluate the robustness of our proposed image cryptosystem. Figure 11 shows the test results. Most of the information in the plain image can still be identified from the decrypted image, as shown in Figure 11. Figure 11a–f are cipher images with 1 × <sup>10</sup>−4, 2 × <sup>10</sup>−4, 3 × <sup>10</sup>−4, 4 × <sup>10</sup>−4, 5 × <sup>10</sup>−4, <sup>1</sup> × <sup>10</sup>−<sup>3</sup> salt & pepper noise, respectively. Figure 11g–l are corresponding decrypted images. Figure 11m–o are the cipher images with 16 × 16 data lost. Figure 11s–u are corresponding decrypted images. Figure 11p–r are the cipher images with 32 × 32 data lost. Figure 11v–x are corresponding decrypted images. It is shown that the algorithm has good robustness and it can be applied to practical scenarios.

**Figure 11.** The robustness analysis result. (**a**–**f**) are cipher images with 1 <sup>×</sup> <sup>10</sup>−4, 2 <sup>×</sup> <sup>10</sup>−4, 3 <sup>×</sup> <sup>10</sup>−4, <sup>4</sup> <sup>×</sup> <sup>10</sup><sup>−</sup>4, 5 <sup>×</sup> <sup>10</sup><sup>−</sup>4, 1 <sup>×</sup> <sup>10</sup>−<sup>3</sup> salt & pepper noise, respectively. (**g**–**l**) are corresponding decrypted images. (**m**–**o**) are the cipher images with 16 × 16 data lost. (**s**–**u**) are corresponding decrypted images. (**p**–**r**) are the cipher images with 32 × 32 data lost. (**v**–**x**) are corresponding decrypted images.

#### *4.8. Time Complexity Analysis*

In order to evaluate the efficiency of our proposed image cryptosystem, we give the time complexity analysis and the time consuming of the simulation in this subsection. In this paper, we use two 2D-SLIM and two 2D-LSCM hyper chaotic systems to control the processes of compressive sensing and encryption, and it needs a total of Θ(3*MN* + *N*) iterations of computing floating point number. As we all know, there are many factors that affect the results of the actual test, such as hardware and software environments, programming languages, code optimization, parallel processing, programming skills, etc. Therefore, we give our simulation results of the time consumption under the environments that are mentioned at beginning of Section 4 and while using parallel computing technology. In our test, we encrypt and decrypt the same image 100 times, taking the average time. The encryption time of 256 × 256 Lena is 0.082 s and the decryption with CR = 0.25, 0.5, 0.75

are 0.82 s, 1.23 s and 2.32 s, respectively. The encryption time of 512 × 512 Pepper is 0.336 s and the decryptions with CR = 0.25, 0.5, and 0.75 are 3.23 s, 7.42 s, and 13.36 s, respectively.

#### *4.9. Comparison with Other Works*

In this section, we compare our proposed image cryptosystem with other recent works. For this comparison, we encrypt 512 × 512 8-bit gray level plain images 'Lena' with CR = 0.5. Table 9 shows the comparison result. The cipher image that is generated in Ref. [21] has poor randomness, because the global entropy is too low. Moreover, it also missing local entropy and plaintext sensitivity assessment. Ref. [22] presents the small key space and it is missing the information entropy assessment. Ref.[23] also has a small key space. Ref.[24] is missing the key space and a local entropy assessment. Our proposed image cryptosystem has the advantage of more comprehensive security performance, according to the comparison results.


**Table 9.** The comparison result.

#### **5. Conclusions**

In this paper, an efficient and secure plaintext-related chaotic image encryption scheme that is based on compressive sensing was proposed, which can simultaneously achieve the compression and encryption. In the proposed scheme, we generate the plaintext-sensitive internal keys to control the whole process of compression and encryption, which can make all processes have enough sensitivity to the plain image. The permutation that was controlled by the two-dimensional Sine improved Logistic iterative chaotic map (2D-SLIM) has been applied to the coefficient matrix in order to make the energy of matrix dispersive. A plaintext related compressive sensing was used to reduce the data storage capacity while the privacy of image is guaranteed. Additionally, we make sure the cipher image lower correlation and distribute uniform by quantifying the measurement results to 0∼255 and doing permutation and diffusion under the controlling by two-dimensional Logistic-Sinecoupling map (2D-LSCM). Finally, some common compression and security performance analysis methods are used for testing our scheme. The tests and comparison results have shown that our proposed scheme has both excellent security and compression performance in order to ensure the digital image application in the network. The image encryption combining compressive sensing is still under constant research, and there are still many problems that need to be further studied and solved. In the next stage, we will focus on the multi-image aggregation encryption and parallel block compressed sensing.

**Author Contributions:** Formal analysis, Z.L.; funding acquisition, C.P.; investigation, Z.L.; methodology, Z.L.; project administration, C.P.; software, W.T. and L.L.; writing—original draft preparation, Z.L.; writing—review and editing, C.P., W.T., and L.L. All authors have read and agreed to the published version of the manuscript.

**Funding:** This research received no external funding.

**Institutional Review Board Statement:** Not applicable.

**Informed Consent Statement:** Not applicable.

**Data Availability Statement:** The data used to support the findings of this study are included within the article.

**Acknowledgments:** Our research is supported by the National Natural Science Foundation of China (U1836205, 61662009, and 61772008), the open Foundation of Guizhou Provincial Key Laboratory of Public Big Data (2017BDKFJJ023, 2017BDKFJJ026), the Science and Technology Foundation of Guizhou (Guizhou Science-Contract-Major-Program [2018]3001, Guizhou-Science-Contract-Major-Program [2018]3007, Guizhou-Science-Contract-Major-Program [2017]3002, Guizhou-Science-Contract-Support [2019]2004, Guizhou-Science-Contract-Support [2018]2162, Guizhou-Science-Contract-Support [2018]2159, Guizhou-Science-Contract [2017]1045, Guizhou-Science-Contract 1049, Guizhou-Science-Contract [2019]1249), and Scientific Research Foundation of Guizhou province, China (QKHPTRC[2017]5788). The cultivation project of Guizhou University ([2019] 56). The Project of Innovative Group in Guizhou Education Department ([2013]09). The Youth Science and Technology Talents Growth Project of the Guizhou Provincial Department of Education (Guizhou-Education-Contract-KY-Word [2018]260).

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **Abbreviations**

The following abbreviations are used in this manuscript:


#### **References**

