ZigZag transform with Durstenfeld shuffle for fast and secure image encryption

In this study, we propose an image encryption algorithm based on ZigZag transform with Durstenfeld Shuffling Algorithm (DSA), where we adopt confusion–diffusion architecture. Our encryption method is simpler to implement than high-dimensional chaos-based approaches, and its computational complexity is very low, which make it very fast and suitable for real-world applications. Additionally, its dependence on plaintext image makes it adaptive and hence very robust against brute force and differential attacks. Experimental analyses using histogram, correlation, NIST, NPCR, UACI and PSNR values suggest that our proposed algorithm is strong and secure against statistical and differential attacks.


Introduction
Developments in information and communication technologies have enabled easier and low-cost generation, transmission and storage of vast amounts of data at every aspect of business, industry and daily life.Especially in the last two decades, due to the growth of the Internet and the use of mobile devices, primary type of data being generated and shared has become images (Ben Slimane et al., 2018).In addition, security of images must be ensured to protect them against unauthorised access and to keep their confidentiality as they may contain highly sensitive and personal information.Therefore, secure storage and sharing of image data has become more important than ever, and image encryption has become a topic of high interest among researchers and practitioners (Li et al., 2019).
Image data has some intrinsic characteristics that make it more challenging for encryption approaches.First, size of images in practical applications is very large in general, which makes it difficult to encrypt them in a reasonable amount of time.Second, image data contains too much redundancy and very high correlation between adjacent pixels, which renders encryption schemes useless if they are not sufficiently strong because attackers can easily discover ways to reveal information in decrypted images via some statistical approaches.Because of these characteristics, traditional encryption methods such as Data Encryption Standard (DES), Triple DES (TDES), Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA), which are commonly employed in secure communication of textual data, are not appropriate for encrypting image data (Lyle et al., 2022).Image data requires the development of encryption methods that particularly consider its special characteristics.
Image encryption methods usually follow a common architecture proposed by Fridrich (1998) and divided into two distinct phases known as confusion (permutation) and diffusion (substitution) (Elghandour et al., 2021).The goal of the confusion phase is to eliminate the correlation between adjacent pixels of the plaintext image by scrambling the positions of them without modifying their values.In the diffusion phase, on the other hand, pixel values are systematically modified to alter the statistical properties of the image.Chaos-based encryption schemes have been very popular for image encryption since they propose solutions to provide necessary mechanisms needed in these two phases.Especially their high sensitivity to initial conditions, randomness and non-periodicity have placed chaos-based schemes into the focus of the image encryption research.Despite their effectiveness in image encryption, high-dimensional chaotic systems are known to be very costly to implement in both software and hardware due to their high computational complexity (Elghandour et al., 2021).Low-dimensional ones, on the other hand, provide lower chaotic performance and, as a result, lower security.We can see in the literature that a large body of research is focused on combining chaotic systems of different dimensionalities or combining chaos-based methods with other methods to achieve both computational efficiency and high security.Interested readers are referred to Kumari et al. (2017), Ben Slimane et al. (2018), Zhou et al. (2021), Lyle et al. (2022) and Fang et al. (2022) for a very comprehensive and complete literature on image encryption and particularly on chaosbased encryption.Additionally, there are other representative methods such as based on one-time keys (Liu & Wang, 2010), bit-level permutation (Liu & Wang, 2011), DNA rule (Liu et al., 2012;X. Y. Wang et al., 2015), based on mathematical model (X.Y. Wang et al., 2010), based on parallel computing (X.Wang et al., 2019), based on piecewise coupled map lattice (X.Wang & Yang, 2021), based on matrix semi-tensor product theory (X.Wang & Gao, 2020a, 2020b), based on fractal sorting matrix (Xian & Wang, 2021;Xian et al., 2022), based on compressive sensing (X.Wang et al., 2021), based on dynamic random growth technique (X.Wang et al., 2015) and based on Anti-Dynamic Degradation Theorem (X.Wang & Liu, 2022).
In this study, we propose an image encryption method based on ZigZag transform (Chai et al., 2018) with Durstenfeld Shuffling Algorithm (DSA) (Durstenfeld, 1964, July), respecting the special requirements of encrypting image data.Our method utilises ZigZag transform with DSA in different steps to achieve necessary level of confusion.Additionally, we employ a series of XOR operations to achieve required level of diffusion to be secure and robust against statistical attacks.Our encryption method is simpler to implement than high-dimensional chaos-based approaches, and its computational complexity is very low, which make it very fast and suitable for real-world applications.The main contributions and novelty of our encryption method are as follows: (1) Our proposed method has low computational complexity due to its simple structure and non-reliance on complex operations, however, it has better or similar performance characteristics than chaos-based encryption methods.
(2) It is suitable for real-world applications where real-time encryption/decryption performance is a key requirement, since it takes only 0.25 s to encrypt or decrypt a colour image of dimensions 512 × 512.(3) It is adaptive in nature because the plaintext image is used for generating encryption keys, therefore, a small change in the plaintext creates an extremely different ciphertext, making statistical and differential attacks ineffective.(4) It has a very large key space, and it is extremely sensitive to keys.
(5) It is very robust to noise and occlusion attacks.(6) The histograms and correlation charts of the encrypted images do not reveal any useful information to attackers.( 7) With systematic experimentation, we present and verify the effectiveness and robustness of our proposed method, comparing it with recent different methods.
The rest of this paper is organised as follows.In Section 2, we provide an essential background on ZigZag transform and Durstenfeld Shuffle Algorithm.In Section 3, we give an elaborate description of our proposed algorithm.In Section 4, we present our experimental results, security analyses and discussion.Finally, in Section 5, we conclude this paper.

ZigZag transform
ZigZag transform is a form of permutation to scramble the pixels of an image.In ZigZag transform, pixels are traversed beginning from the top left corner of the image and following a Z-shaped path until the bottom right corner; hence the name (Chai et al., 2018;Xingyuan et al., 2019).Scanned pixels are stored in an one-dimensional array and then they are read from this array in a certain order to form a two-dimensional matrix.The order that the pixels are traversed is always the same for classical ZigZag transforms with a regular and predictable pattern (X.Wang & Guan, 2020).Traversal of the pixels can also begin from the other corners of the image, but the idea is the same.ZigZag transform is widely used to scramble image pixels for image encryption purposes.Classical ZigZag transform is shown in Figure 1 applied to a sample 4 × 4 matrix.

Durstenfeld shuffle algorithm
Shuffling is a process of randomising the positions of the elements in a list or array.In cryptology, shuffling is used to randomise the order of symbols in a message to make it more difficult for an attacker to discover the original message (Beimel et al., 2020).In statistics, shuffling is used to randomly permute the order of a sample, so that different orderings can be used to estimate the same quantity (Herranz et al., 2021).
In this study, we employed Durstenfeld Shuffle Algorithm (DSA) in our encryption process, which is a very efficient shuffle algorithm known to have O(n) time and space complexity for a list of n items (Durstenfeld, 1964, July;S. Wang, Wang et al., 2020) for k ← n downto 2 do 5: end for 10: end procedure To improve the ZigZag transform, we use DSA to shuffle an image such that the pixels are traversed following a totally random path unlike the classical ZigZag transform which always uses regular and predictable path.Our improved version of ZigZag transform with DSA is seen in Figure 2.

Image encryption process
In this paper, we consider a plaintext image P and an encrypted image P with dimensions of M × N, where M is the height and N is the width in pixels.The image P can be a colour image with RGB layers (24-bit) or it can be a greyscale image with a single layer (8-bit).The encryption process we propose is shown in Figure 3.It mainly consists of seven steps as explained as follows.In addition to P, a private key K is used as an input to the process.
Step 1 -Secret Key Generation: As the first step of the encryption process, we calculate the SHA256 hash of the private key K and obtain an intermediate key of length 256 bits, as SHA256 algorithm always produces 256-bit hashes regardless of the length of K.Then, we split this hash into 8 equal length blocks of 32 bits and convert each block into its decimal value as D 0 . . .D 7 .
We combine pairs of the block values D 0 . . .D 7 in a series of XOR operations to compute the key values K R , K G and K B to encrypt RGB channels of P separately.At this point, to decide which block to XOR with which other block, we use the reference information given in Table 1.For example, we XOR D 0 and D 1 to obtain K R 1 which is one of the three intermediate key values for R channel.Note that generated intermediate keys are different from each other.This process is illustrated in Figure 4 diagrammatically.
We use the following formulae to compute all encryption keys for R channel: Similarly, we use the following formulae to compute all encryption keys for G channel: Figure 3. System architecture of the proposed encryption process.
Table 1.Guiding information to select pairs of blocks to XOR.
Input Output Then, we use the following formulae to compute all encryption keys for B channel: Finally, we combine these three keys to obtain a single key to use in Step 5 as follows: Step 2 -Hidden Key Generation: In this step, we first generate MD5 hashes of the RGB channels separately as MD5 R , MD5 G and MD5 B .Then, we combine different bytes of these hashes with each other in a series of XOR operations to obtain our hidden keys as MD R , MD G and MD B . Figure 5 shows one possible configuration for this process in detail.We use these hidden keys to make our system resistant to differential attacks as single pixel change in plaintext images causes significant differences in the generated ciphertext images.
Step 3 -XOR Keys Generation: In Step 1, we generate three different encryption keys K R , K G and K B for RGB channels, respectively.In the coming steps, we use these key values to XOR with pixel values in corresponding channels.We, however, do not use these key values directly for XOR because they may be greater than 255 which is the maximum pixel value in a channel.Therefore, we take the modulo 256 of each key value before using with XOR and obtain XOR keys K RX , K GX and K BX as follows: Step 4 -ZigZag Transform with DSA: In Step 1, we generate three different encryption keys K R , K G and K B , and in Step 2, we generate three hidden keys MD R , MD G and MD B for RGB channels, respectively.In this step, we XOR these keys with each other respectively to obtain seed values SD R , SD G and SD B .Using these seeds and DSA, we shuffle the pixels of each channel separately.DSA requires a random number generator (RNG), and we use SD R as the seed of RNG for shuffling the R channel.Similarly, we shuffle G and B channels using SD G and SD B .After the shuffling, we obtain shuffled channels as R Z , G Z and B Z .Then, we XOR the pixels in each shuffled channel with the corresponding XOR keys K RX , K GX and K BX , respectively.As a result of this, we obtain XORed RGB channels as R Z , G Z and B Z .The process is shown in the following equations: Step 5 -Mixing Between RGB Layers: In Step 4, the image P is already strongly encrypted.In this step, we increase the complexity and the strength of the encryption by mixing R Z , G Z and B Z channels among themselves.First, we concatenate them and obtain a singledimensional array.Then, we shuffle this array using DSA to get the desired inter-channel mixing effect.Note that, pixels in a channel not only change their places across other channels but also change their places within their own channels due to the randomisation.Since we employ a single DSA in this step, we use K RGB as the seed of RNG.Next, we extract RGB channels back from this array by taking the first one third part of it for R, subsequently the rest for G and B channels as R ZL , G ZL and B ZL , as given in the following equation, where represents concatenation: Step 6 -XORing RGB Channels with XOR Key: In this step, we XOR the pixels in each channel R ZL , G ZL and B ZL with XOR keys K RX , K GX and K BX to obtain R ZL , G ZL and B ZL , as follows: Step 7 -Final Ciphertext Generation: Finally, we generate a single-channel dummy image P D with the same dimensions as P using RNG with the seed K RGB .This dummy image is used to further modify the pixel values of the encrypted image as part of the diffusion process.
This provides an extra level of resistance to statistical attacks.Then, we XOR the pixels in each channel R ZL , G ZL and B ZL with the corresponding pixel values of P D .As a result, we obtain final encrypted RGB channels R , G and B to make up the final encrypted image P as follows: The encryption process explained in this section deals with only 24-bit colour image with RGB layers.However, when it comes to a 8-bit greyscale image, the same process can be used without making any changes.The only requirement is that all RGB layers must contain the same 8-bit layer of the greyscale image.

Image decryption process
To decrypt an encrypted image, we need to employ the same operations in reverse direction.However, there is a requirement that the hidden keys MD R , MD G and MD B must be supplied to the receiver by the sender to use them in the decryption process.With these hidden keys and the private key, it is a straightforward process to decrypt a ciphertext image.

Encryption and decryption results
We conducted encryption and decryption experiments with common colour benchmark images Lena Pepper, Baboon and Barbara of size 512 × 512 on a workstation with Intel Core i7-4700 CPU at 2.4 GHz with 4 cores, 16 GB RAM and MS Windows 10 Pro 64 bit OS.
The algorithm was implemented and tested in MATLAB 2020b environment.We used the private key K ="maltepe@" for encryption.We present the results in Figure 6.It is clearly seen that the original plaintext images were obtained after decryption without any loss.We tested our method on all white and all black images as well, showing that encryption and decryption were performed successfully as seen in Figure 7.

Algorithm complexity analysis
Our proposed method consists of seven steps, each of which has contribution to the total complexity of the encryption process with different amounts .In Step 1, we only generate secret encryption keys based on the private key using SHA256.Therefore, this step adds a very small and constant amount of complexity to the whole encryption process.
In Step 2, we generate hidden keys for each channel of the plaintext image using MD5 hashing.To do this, this step requires three iterations, one for each MD5 calculation, over the pixels of the image where there are M × N pixels.Thus time complexity of this step can be expressed as 3 × M × N. Step 3 does not involve any operations on the image pixels as this step only calculates XOR Keys with a few very small modulo operations.Hence, this step can totally be ignored in terms of computational complexity.
Step 4 is one of the most computationally intensive one because we apply ZigZag Transform with DSA to scramble the pixel values of each channel of the plaintext image.Computational complexity of DSA is proportional to the number of elements to shuffle (n) and it is O(n).Therefore, total complexity of this shuffling process is 3 × M × N.After shuffling the channels, we XOR the pixels in each shuffled channel with their corresponding XOR keys.This operation has also the complexity of 3 × M × N as well.
In Step 5, we employ a sort of mixing among the pixel values between the channels of the image encrypted until this step.This operation involves another shuffling with DSA, introducing an additional 3 × M × N complexity.
Step 6 performs a series of XOR operations on the pixels in each channel with their corresponding XOR keys.This operations has the complexity of 3 × M × N.
In Step 7, we first generate a single-channel dummy image with the same dimensions with random pixel values.This has the time complexity of M × N.Then, we XOR the pixels in each channel of the encrypted image with the corresponding pixel values of the dummy image, whose time complexity is 3 × M × N.
When we combine the computational complexities of our proposed method's steps, we find that total time complexity is 20 × M × N, and, therefore, it can simply be expressed as O(M × N).As a result, our proposed method has a linear time complexity with respect to number of pixels in plaintext images, and it can effectively be applied in real-world scenarios where efficiency is a key requirement as well as encryption strength.

Key space
In our proposed method, we first apply SHA256 to a given private key K to obtain a 256bit intermediate key.Then, we use this intermediate key for the subsequent operations.Therefore, the key space of our method is 2 256 , which is comparably larger than the requirement of 2 100 as suggested by Alvarez and Li (2006).

Sensitivity analysis of key
We encrypted colour Lena of size 512 × 512 with the private key K ="maltepe@".Then, we experimented with different keys with slight differences to decrypt the ciphertext image.The keys were "Maltepe@", "malTepe@", "ma1ltepe", "maltrpe_", and "maltePe" as an attacker would possibly try.We present the decrypted images with these incorrect keys as well as the correct key in Figure 8.
When we analyse the experimental results, we find that the original image can only be obtained by decrypting with the correct key.This shows that our method is very sensitive to the key.To present this sensitivity, we computed Number of Pixel Change Rate (NPCR) values for the decrypted images in Figure 8 as given in Table 2. NPCR is calculated between two images P 1 and P 2 as follows (Wu et al., 2011;Zhang & Wang, 2015): where M and N represent the width and height of the images respectively.D(i, j) is 0 if the pixel values of images P 1 and P 2 at coordinate (i, j) are the same, and 1 otherwise.In general,  NPCR values are required to be very close to 99.6093%.As seen in Table 2, the NPCR values of images decrypted by incorrect keys are very close to this ideal value, which demonstrates the sensitivity of our method to the key.

Histogram analysis
Histogram is a powerful tool to analyse the distribution of pixel values of an image.If the distribution of a ciphertext image is uneven, then an attacker can obtain important information through statistical analysis.Therefore, a good encryption algorithm is expected to generate ciphertext images with even distribution to make the ciphertext image resistant to statistical analysis (Zhang & Wang, 2014).In Figure 9, we present the histogram of each channel before and after encryption of colour images Lena, Pepper, Baboon and Barbara.
It is seen that the histograms of plaintext images are uneven before encryption, and the corresponding histograms of ciphertext images are even after encryption.Therefore, our method generates ciphertext images resistant to statistical analysis.

Correlation between adjacent pixels
There is usually a high correlation between adjacent pixel values in plaintext images, which makes them vulnerable to statistical attacks.Unlike plaintext images, ciphertext images are required to show very low correlation between adjacent pixel values.Therefore, it is necessary for an encryption algorithm to reduce the correlation between adjacent pixels of a ciphertext image.We calculated the correlation coefficients between adjacent pixels of plaintext and ciphertext images of Lena using Equation (31).
We randomly picked 5000 pairs of adjacent pixels of RGB channels in the plaintext image Lena and its corresponding ciphertext image from horizontal, vertical and diagonal directions.The correlations between adjacent pixels are compared from each direction for RGB channels as shown in Figures 10, 11, and 12, respectively.We present the correlation coefficients of plaintext and ciphertext images Lena in all RGB channels in Table 3, comparing our method to several previous studies.It is obvious that there is a high correlation between adjacent pixels in the plaintext image, and that there is a low correlation between adjacent pixels in the ciphertext image.Thus our method can effectively resist statistical attacks.

Information entropy
Information entropy is the degree of randomness of information, and it is calculated as in Equation ( 35).where p(s i ) is the probability of symbol s i , which is the probability of different pixel values (from 0 to 255) in the image.
The information entropy of plaintext and ciphertext images of Lena in all channels is given in Table 4, comparing them with the findings of several previous studies.For a secure encryption algorithm, the entropy of ciphertext images is required to be as close to 8 bits as possible for each RGB channel.As seen in Table 4, our method generates ciphertext images with very high information entropy values.The results from the entropy analysis are in good  agreement with the results from the histogram analysis.Therefore, we can state that it is difficult to disclose information from ciphertext images generated by our method, and those ciphertext images can resist statistical attacks.

Sensitivity analysis to plaintext
As well as being sensitive to key, a good encryption method is required to be sensitive to plaintext, which means a slight change in the plaintext results in entirely different ciphertext.This way, the encryption system can resist against attacks known as differential attacks.In a differential attack, an attacker changes a single pixel in the plaintext image and generates ciphertext images for both plaintext images to analyse the relationship between them to guess the encryption mechanism.When the ciphertext images are completely different, attacker's attempts will reveal no meaningful and useful information.To this end, we changed the pixel value of a random location in Lena from its original value to 0 and generated ciphertexts using the same private key.Then, we compared ciphertexts in terms of NPCR and Unified Average Changing Intensity (UACI) values.UACI is calculated between two images P 1 and P 2 as follows (X.Wang et al., 2012;Wu et al., 2011): where M and N represent the width and height of the images respectively.We present different values of NPCR and UACI for Lena in Table 5 as the average of 500 repetitions for the above process.In general, the values of NPCR and UACI are required to be as close as possible to 99.6093% and 33.4635%, respectively.According to the obtained results, both NPCR and UACI values are very close to these ideal values, which demonstrate our method's sensitivity to the plaintext, and its resistance against differential attacks.

Robustness analysis
Robustness is the resistance of encryption system to disturbances, and thus, it is a crucial attribute.To test the robustness of our proposed encryption algorithm, we employed noise attacks as well as occlusion attacks.First, we tested our algorithm against noise attacks using common noise types such as Gaussian noise and salt-and-pepper noise (Zhou et al., 2021).After encrypting the plaintext image, we added Gaussian noise with different variances as well as salt-and-pepper noise with different intensities to the ciphertext image.Then we decrypted this noiseadded ciphertext with the same private key.In Figure 13, we present decrypted images after adding Gaussian noise with variances of 0.01 and 0.1, and salt-and-pepper noise with intensities of 0.01 and 0.05.It is clear that with a limited amount of noise, decrypted images are comprehensible.Therefore, we can state that our proposed encryption algorithm is robust against noise attacks.We applied occlusion attack as a second type of robustness test.Again after encrypting the plaintext image, we occluded 1/16, 1/4 and 1/2 of the ciphertext images with black pixels in different shapes as rectangles and a plus.Then, we decrypted the ciphertexts with occlusions with the same private key.In Figure 14, we present decrypted images.As seen in the figure, as the size of the occlusion increases, the quality of the decrypted image degrades.However, they are still very well understandable, and the loss of information is at a minimum level.Even half of the ciphertext is occluded, we are able to recover the plaintext as a whole to some extent.Thus we can express that our proposed encryption algorithm is robust against occlusion attacks as well.Besides visual results, we also provide the Peak Signal-to-Noise Ratio (PSNR) (Zhou et al., 2021) results to show the robustness of our method in Table 6 along with NPCR and UACI values.PSNR between plaintext image P 1 where M and N represent the width and height of the images respectively.

NIST test of randomness
To create shuffling with DSA, we use random sequence generated by an RNG and we need to test the randomness of the sequences generated to make sure they are suitable for image encryption.We adopted SP800-22 test suit which consists of 15 sub-tests from the National Institute of Standards and Technology (NIST) to measure the randomness of the sequences used in our method (X.Wang, Guan et al., 2020).The test scores represent the corresponding P-values where a test is considered a pass when P−value >= α where α is the significance level and generally is taken as α = 0.01.We present the NIST test results in Table 7.It is clearly seen from the test results that all P-values are greater than α = 0.01 and we can confidently state that the sequences used in the encryption have reasonably good randomness.

Conclusion
We propose an image encryption algorithm based on ZigZag transform with DSA in this paper.Our encryption method is simpler to implement than high-dimensional chaos-based approaches, and its computational complexity is very low.Additionally, its dependence on plaintext image makes it adaptive and hence very robust against brute force and differential attacks.Experimental results with NPCR values suggest that our encryption algorithm is very sensitive to the encryption key.In addition, histograms of the encrypted images are even.Moreover, the correlation coefficients of adjacent pixels in the encrypted images in all three directions are very close to zero.Besides, the entropy values calculated from the encrypted images are significantly close to ideal value of 8.These results of histogram, correlation and entropy analyses show that our method generates ciphertext images resistant to statistical analysis.In addition to these analyses, we performed sensitivity analysis to plaintext using NPCR and UACI metrics, and according to the obtained results, both NPCR and UACI values are remarkably close to the ideal values, which demonstrates our method's sensitivity to the plaintext, and its resistance against differential attacks.Furthermore, we performed robustness analysis with noise and occlusion attacks, and show that our method is secure and robust against these types of attacks according to NPCR, UACI and PSNR values.Finally, according to our timing experiments, both encryption and decryption of a colour image of size 512 × 512 take about 0.25 s which make it very fast and suitable for real-world applications, along with its security and robustness.Secure and fast image encryption is a requirement not only of personal daily use but also of industrial use.For instance, in Internet of Things (IoT) and Internet of Vehicles (IoV) settings, lots of sensitive images are likely to be collected and transmitted, where a simple, fast, efficient, and low-cost encryption and decryption would be a key factor.Our proposed method is highly suitable for such industrial applications with its simple to implement and low-complexity structure.

Figure 4 .
Figure 4. Key generation for RGB channels from the SHA256 hash of private key.

Figure 5 .
Figure 5. Hidden key generation for RGB using MD5 hashing (one of the possible configurations).

Figure 7 .
Figure 7. Experimental results for encryption and decryption with all white and all black images.

Figure 9 .
Figure 9. Histogram analysis: (a) histogram of the plaintext Lena in all channels, (b)-(d) histograms of the ciphertext image Lena in channels R, G and B, respectively, (e) histogram of the plaintext Pepper in all channels, (f)-(h) histograms of the ciphertext image Pepper in channels R, G and B, respectively, (i) histogram of the plaintext Baboon in all channels, (j)-(l) histograms of the ciphertext image Baboon in channels R, G and B, respectively, (m) histogram of the plaintext Barbara in all channels, (n)-(p) histograms of the ciphertext image Barbara in channels R, G and B, respectively.

Figure 13 .
Figure 13.Experimental results for a noise attack.Gaussian noise decryption results with variance of (a) 0.01 and (b) 0.1.Salt-and-pepper noise decryption results with intensity of (c) 0.01 and (d) 0.05.
. DSA works simply as follows.Assume that we have an array A[1 . ..n] with n elements to shuffle.DSA essentially divides A into to two subsequent parts A[1 . ..k] and A[k + 1 . ..n] in an iteration k ← n . ..2,where A[1 . ..k] is the part that needs shuffling while A[k + 1 . ..n] is the part already shuffled.At each iteration k, DSA picks a random number r ∈ [1 . ..k], chooses an item A[r] from the unshuffled part A[1 . ..k] and exchanges it with A[k].With this exchange, the item A[r] is moved into the new shuffled part A[k . ..n],where it does not move anymore in the remaining iterations.We illustrate DSA in Algorithm 1. Random number generators generate the same number sequence for the same seed, which makes it possible to utilise them for encryption and decryption processes.Therefore, DSA algorithm in Algorithm 1 takes a seed parameter along with the array A to shuffle.

Table 5 .
NPCR and UACI values of ciphertext images of Lena for plaintext sensitivity analysis.

Table 6 .
Quantitative results of occlusion attack resistance.