Fast and Efficient Image Encryption Algorithm Based on Modular Addition and SPD

Bit-level and pixel-level methods are two classifications for image encryption, which describe the smallest processing elements manipulated in diffusion and permutation respectively. Most pixel-level permutation methods merely alter the positions of pixels, resulting in similar histograms for the original and permuted images. Bit-level permutation methods, however, have the ability to change the histogram of the image, but are usually not preferred due to their time-consuming nature, which is owed to bit-level computation, unlike that of other permutation techniques. In this paper, we introduce a new image encryption algorithm which uses binary bit-plane scrambling and an SPD diffusion technique for the bit-planes of a plain image, based on a card game trick. Integer values of the hexadecimal key SHA-512 are also used, along with the adaptive block-based modular addition of pixels to encrypt the images. To prove the first-rate encryption performance of our proposed algorithm, security analyses are provided in this paper. Simulations and other results confirmed the robustness of the proposed image encryption algorithm against many well-known attacks; in particular, brute-force attacks, known/chosen plain text attacks, occlusion attacks, differential attacks, and gray value difference attacks, among others.

cloud storage. This has led to the rise of encryption as the most popular technique for protecting the privacy of users and their digital images. Various image encryption algorithms have been developed, which have utilized different kinds of techniques for this purpose [2][3][4][5][6][7][8].
Over the last decade, a variety of chaotic systems have been developed [9,10] for the construction of image cryptosystems, including and not limited to the 3D baker map [11], the 2D logistic map [12], the 3D cat map [13], the 2D standard map [14], the 3D LCA map [15], and the 2D henon map [16]. Moreover, some chaotic systems have been combined with other approaches for this purpose, such as DNA computing [17,18], one-time keys [19], cellular automata [20], and the perceptron model [21], which have been used for the specific objective of enhancing image cryptosystem security.
There are two main stages in chaos-based image encryption systems, with respect to their composition: permutation and diffusion. The repetition of these two stages multiple times can attain a desirable security level. The first stage (called the permutation stage) tends to decrease strong relationships between pixels that are adjacently located. Permutation methods can be classified into two further categories: bit-level and pixel-level, corresponding to the smallest processing entity in each case.
In the first category, a pixel is considered the smallest scrambling element in permutation; for example, a new block image encryption algorithm that was proposed by Wang et al. [22] used a random grouping technique to scramble the image pixels with the help of the Arnold cat map. This particular method generally eliminated the drawback of periodicity of the Arnold cat map. Another method, proposed by Hua et al. [23] known as the high-speed image scrambling method, changes the positions of rows and columns of pixels at the same time, thereby efficiently reducing strongly correlated neighboring pixels.
Parvin et al. [24] came up with and implemented a new strategy for scrambling images by shifting the pixels in rows and columns through a chaotic sequence. Their strategy is very easy to implement, along with being very efficient. Usually, pixel-based permutation uses the strategy of shuffling the image by changing pixel positions without having to modify the pixel values; thus, the histograms of the permuted images and the original images tend to be identical, in most cases, making these pixel-level based permutations susceptible to histogram attacks and known or chosen plain text attacks, if these images do not go through diffusion or have bad diffusions [25,26].
A bit is regarded as the building block and basic operating element in the second category of permutation. For this purpose, the plain image's pixel matrix is usually transformed into a binary matrix. For example, a discriminatory image encryption system based on bit-level permutation was proposed by Tao et al. [27], as each bit tends to contribute different information to an image under consideration of encrypting the first four most significant bits of each of pixel and leaving the remaining (i.e., least significant) four bits unaffected. Some other researchers [28,29] have proposed other improved schemes, in which they applied two distinct methods for permuting the most significant four bits and least significant four bits.
Liu and Wang [9] pointed out some weaknesses in these improved schemes [30], such as the schemes requiring a square original image for encryption and that they are able to permute these bits merely inside each bit-plane. High dimensional chaotic maps and bit-level permutation has also been proposed by Liu et al. for encrypting color images, but these methods tend to take more computational time than pixel-based scrambling techniques.
The fundamental characteristics of bit distribution have been analyzed by Zhang et al. [31], who proposed a multiplication and shrink scheme in the permutation phase to reduce the high correlation and dependency among significant bits and to make the distribution for each bit-plane smooth. However, such basic image characteristics at bit-level, as proposed by Zhang, have been regarded to be inapplicable to medical-related images by Chen et al. [32]. Uniform bit distribution, along with certain different image diffusion performance, could also be achieved at the same time in the permutation stage by use of a non-linear inter-pixel computing and substitution methodology.
Apart from chaos theory, various other techniques have been used to design image ciphers [33][34][35]. Some examples of such techniques include an image encryption scheme developed by the authors that utilizes Latin sequences for pixel permutation and substitution [36], and an innovative image encryption technique that uses a gray code for pixel permutation and a plain pixel diffusion structure for achieving the diffusion property [37].
A new hybrid encryption scheme based on FSM and cellular automata, which accompanied a DNA sequence, has also been introduced by Sajid et al. [38]. Their particular scheme provided good results, along with the concept of creating and using a local rule regarding algorithm efficiency; however, their particular technique had limitations, as its usage was confined to gray-scale images.

Contributions
After analysis of the above-mentioned research, we found that the complexity of the particular encryption technique and number of confusion-diffusion rounds are the main reasons for the high encryption times of some of the earlier image encryption algorithms. Thus, to address the problems of high complexity and encryption time in the above-mentioned algorithms, we propose a new simple, fast, and efficient image encryption algorithm, based on segmentation of the image into m × n blocks, modular addition between the pixels, and a novel method for pixel diffusion. Together, these steps increase the security level of the ciphered images against well-known cryptanalysis attacks. We have made three major contributions with this model: First, adaptive block-based modular pixel addition is performed. In every 4 × 4 block, the pixels are diffused by modular addition in such a way that, for every forthcoming block (n), the pixels of the former block (n−1) are added with integer values of a hexadecimal key entity to form a direct relationship between the previous block and the upcoming block.
Second, a card trick-based scrambling plus diffusion (SPD) method is proposed. For every channel, the key bit-plane can be the same or different, which can be chosen. The SPD method efficiently diffuses the pixels and reduces the correlation among the pixels, thereby enhancing the security of the key.
Third, the SHA-512 hexadecimal key (K) value is used for both modular addition and generating a seed value for the random matrix. Depending on the image size, the integer values of hexadecimal key pairs can be used in repetition or only once by taking a huge hexadecimal key (i.e., the key can be "K ≥ M × N" the size of an image). This also provides us a choice of whether to enlarge the key length. The rest of the paper is organized as follows: in Section 2, the preliminary work is presented. In Section 3, the proposed image encryption scheme is detailed. Our simulations and discussion are presented in Section 4, and our security analysis is in Section 5. Finally, our conclusions are given in Section 6.

Preliminary Work
Every decimal number can be denoted by a binary number. As an image matrix is in decimal matrix form, a binary sequence { bin (0) + bin (1) +, . . . , +bin (l−2) + bin (l−1) } can be used to represent a particular image in the following way: (1) As an RGB image is comprised of three channels, each having decimal values between 0-255, its pixels can also be denoted by a binary sequence. By doing so, the RGB image encompasses 8 bit-planes for each channel, for a total of 24 bit-planes for the image [39]. In bit-plane representation form, the ith bit-plane contains all the ith binary values of every pixel in the particular image.

Scrambling Plus Diffusion (SPD)
An effective practice to diminish the correlation between neighboring pixels is scrambling. In this paper, we introduce a novel method for bit-plane scrambling plus diffusion (SPD). In the proposed method, bit-planes are scrambled, but at the same time, the pixels values are diffused by altering the binary sequence of every pixel; hence, the technique is called SPD. The proposed novel method of SPD is based on a card trick. A video of this trick can be seen in the following link: (https://www.youtube.com/watch?v=2E-FNqICDgg). The scrambling is comprised of two phases.
First, before performing the SPD and modular addition, simple scrambling is performed over the plain image to shuffle the plain pixel values. The code for ordinary scrambling can be found in the Supplementary Materials. Second, the proposed SPD method is basically designed for 8 bit-planes, but, because in a color image there are three channels and each channel has 8 bit-planes for a total of 24 bit-planes, we have a choice to either use the same key bit-plane for all three channels or different keys to enlarge the key size and make it stronger. In the procedure below, instead of elaborating a lengthy sequence combination for all 24 bit-planes, we explain the process for just one channel. First of all, we map the 8 bit-planes of a particular channel of the image with the eight variables given below: If the key bit-plane is KL, the arrangement will be as follows.
If the key bit-plane is KH, the arrangement will be as follows.
If the key bit-plane is KP, the arrangement will be as follows.
If the key bit-plane is KD, the arrangement will be as follows.
If the key bit-plane is QL, the arrangement will be as follows.
If the key bit-plane is QH, the arrangement will be as follows.
If the key bit-plane is QP, the arrangement will be as follows.
If the key bit-plane is QD, the arrangement will be as follows.

Image Encryption
The general structural diagram of our proposed algorithm is given in Figure 1. The proposed image encryption is comprised of two stages: the first is modular addition and the second is SPD over the binary bit-planes for each of the RGB channels. The detailed encryption steps are discussed below.
Step 1: Obtain an image of size H × W and take the SHA-512 to get its 128 bit hexadecimal key; arrange the hexadecimal key, and get the decimal value of each key entity.
Step 2: Take the seed value from the hash key value to generate a random matrix equal in size to the input image (H × W). Perform the scrambling operation.
Step 3: Divide the scrambled image into RGB channels, as shown below: GreenChannel. BlueChannel.
Step 4: Subdivide each channel, and the random matrix, into 4 × 4 blocks as follows: where B i = (1, 2, 3, . . . , n) represents the particular block; r, g, and b represent the red, green, and blue channels, respectively; B RM(i) = (1, 2, 3, . . . , n) represents the particular random matrix block; and n is the total number of blocks in the particular image.
Step 5: Take the red channel and perform modular addition over the pixels in every block to encrypt the blocks, as described below: . . E r(n−1) = [B RM(n−1) + Br (n−1) + E r(n−2) + I N k(n−1) ]mod256 E rn = [B RM(n) + Br n + E r(n−1) + I N kn ]mod256, (6) where E rn represents an encrypted pixel of the red channel block, I N kn represents the integer value of a particular hexadecimal key entity, and mod is the modular function, which returns a pixel value between 0 and 255.
Step 6: For the green channel, repeat Step 5 over all blocks to encrypt the green blocks, as described below: Perform the modular addition on the blue channel to encrypt its pixels, as described in Step 5. In Equations (6) and (7) in each step, sum the original block, random block, key, and previous encrypted block resemble the cipher block chaining mode [40].
Step 7: Join all the encrypted sub-blocks to obtain an image matrix and divide each channel into binary bit-planes, as given below: Green i,j = Bin g1 , Bin g2 , Bin g3 , . . . , Bin g8 where Bin ij represents the ith bit window of particular channel.
Step 8: Select the key bit-planes (i.e., KL, QL, KP, and so on) for each of the RGB channels and perform bit-plane scrambling, as described in Section 2.1.
Step 9: Join all the bit-planes to the respective sequences to obtain the cipher image: where M and N represent the height and width of the cipher image.

Simulation Results and Discussion
Simulation was carried out using the JetBrains PyCharm Edu 2019.1.1 × 64 software installed on a PC with 4 GB memory, an Intel Core I5 Processor, and the Windows 10 Enterprise operating system. For the histograms, Matlab R2017a was used.
The main test image (fruits), along with its cipher and decrypted image, are displayed in Figure 2, while all the test images that we used are shown in Figure 3. The key and other experimental parameters are given in Table 1.
Before performing decryption, the secret key needs to be transferred to the receiver through a secure channel, and the three key bit-planes for the red, green, and blue channels. In decryption, all steps are performed in the reverse direction, while the modular addition phase equation in the decryption process is as follows: where PI c(i) represents the plain image blocks of the channel c ∈ R, G, B and E c(i) represents an encrypted block of the particular channel.

Key Space and Key Sensitivity
First, the key space of an encryption algorithm should be appropriate. In the proposed algorithm, we use SHA-512, which gives an output of 512 bits in hexadecimal form. In SPD, three key bit-planes and their resultant possible combinations, and the long seed value of the hexadecimal key for the random matrix, can be included in the key space. Together, these form the key space of the proposed algorithm; 2 512 means 1.340 × 10 154 . Thus, it has apt size and great capacity for protecting from brute-force attacks [41]. Secondly, the key must be tremendously sensitive to bit changes. If the key is not subtle enough, then a similar key may also be able to decrypt the cipher image [42,43].
Thus, to test the key sensitivity, we checked the number of bit change rate (NBCR) [44]. The NBCRs of the two images B 1 and B 2 are defined as where ham (B 1 , B 2 ) indicates the Hamming distance between B 1 and B 2 , whereas T b is the overall number of bits from B 1 or B 2 . If the acquired NBCR is near to 50%, then B 1 and B 2 are entirely dissimilar images, with no relationship.
For the key sensitivity of the proposed algorithm, our experiments were designed as follows: 1st: Alter one bit of K 1 to obtain K 2 . 2nd: Using K 1 and K 2 , encrypt the plain-image P and generate two cipher-images C 1 and C 2 . Then, compute their NBCR.
3rd: Decrypt the particular cipher-image C 1 by using K 1 and K 2 to get two decrypted images D 1 and D 2 . Then, compute the NBCR. Figure 4 demonstrates the key sensitivity exploration result of the secret key for the fruit test image. We can observe from the graph that any change in the secret key will result in obtaining two cipher-images in the encryption phase and the two decrypted results in the decryption phase in entirely different forms. This shows that our proposed algorithm is extremely sensitive to deviation of the cipher key.  Furthermore, if the encryption algorithm has a less sensitive key, then any insignificant change in the real secret key will also lead to proper decryption of the actual image. Thus, a secret key of algorithm may seem corrupted, and as a result, the real key space will be smaller than the theoretical one [45,46] . Therefore, in order to further analyze the key sensitivity of our algorithm, we performed another experiment over the fruit image, in the encryption and decryption steps, by altering only one bit in the actual key, as shown below: Key o is the actual key, while Key 1 and Key 2 have only a one-bit key difference from the left-most side and the right-most side of the bit, respectively.
We performed experiments for both the encryption and decryption steps. In both cases, we selected keys with only a one-bit difference from the real key. K 1 is the key having a one-bit difference from the left side, while K 2 has a one-bit difference from the right side. Figure 5a,b shows the encrypted images with K 1 and K 2 , respectively. Figure 5c is the subtraction result of (a) and (b). Figure 5d-f are the histograms of Figure 5a-c, respectively. Similarly, on the decryption side, we attempted to decrypt the actual cipher image with a key having one bit difference from the original key; the results are listed in Figure 5g,h. Figure 5i is the subtracted image of (g) and (h), and the respective histograms are shown in in Figure 5j-l. The results show that our proposed algorithm is highly sensitive to the key, and even a bit difference in the key will result in a totally noise-like image. (j) Histogram of (g) (k)Histogram of (h) (l) Histogram of (i) Figure 5. Key sensitivity test: (a) encrypted with K1; (b) encrypted with K2; (c) subtraction of (a,b); (d) histogram of (a); (e) histogram of (b); (f) histogram of (c); (g) decrypted with K1; (h) decrypted with K2; (i) subtraction of (g,h); (j) histogram of (g); (k) histogram of (h); (l) histogram of (i).

Histogram Analysis
The histograms of the images reveal the dissemination of the pixel values. Generally, an interloper can recuperate important information about the cipher image from its (inconsistent) histogram. Therefore, to thwart an impostor from recuperating useful information, it is essential that the histograms of images generated by the cipher show no numerical resemblance with the plain image; in addition, it must have an unvarying distribution of pixels. Figure 6a-j shows the histograms of all the test images that we used, and Figure 7 shows the histograms of corresponding cipher-generated images in the sequence of all test images. The histogram of main test image (fruit) is given in Figure 8.    Likewise, by calculating the variances of the histograms, we assessed the consistency of the encrypted images. If the variance of an encrypted images is smaller, then the uniformity (and the security level) of the particular image encryption algorithm is greater [45,46].
where W = w 1 , w 2 , . . . , w 256 represent the vectors of the histogram values, and w r and w c are pixels with gray values equal to r and c, correspondingly. Table 2 lists the variances of some test images. From the table values, it can be concluded that the variances of the plain images were too high, but for the ciphered images, they were very low. For example, the average variance of the cipher image of Lena (256 × 256) was 229, but it was 81,231 for the plain Lena image. The given comparison also shows that for the majority of test images, the histogram variances of images encrypted by the proposed algorithm were lower than those in [41,43]. On the basis of this comparison, we can say that our proposed algorithm has the ability to make the encryption algorithm more secure.

Pixel Correlation Analysis
To check the relationships amongst neighboring pixels in the encrypted and plain images, a pixel correlation analysis test was performed. For an encryption algorithm, it is essential to diminish the correlation amongst neighboring pixels, in order to prevent the leakage of authentic information.
The correlation coefficient C orr. (i,j) between the adjacent pixels of an image can be computed by the following equations: where (h, w) is the gray value of neighboring pixels, L is the entire number of pixels that have been selected from an image, C var. (h, w) is the covariance, D(w) is the variance, and E(h) and E(w) denote the expectation of the variablesh and w, respectively. Table 3 lists the correlations of 1000 pixels in the Lena image. The average value of the pixel correlation in the horizontal, vertical, and diagonal directions is −0.0092375. Comparison with earlier algorithms indicates that the correlation between neighboring pixels in our ciphered image is less than those in [47][48][49], while it was comparable to those of [50,51]. In Table 4, the pixel correlation values of the images of USC-SIPI database, as well as other test images, are given. From the table values, we can see that the correlation in the plain image is too high (almost equal to "1" for each channel), but in the images encrypted by our proposed algorithm, it is very low. This confirms the satisfactory security level of our algorithm. Figure 9a-f shows plots of the correlation of two neighboring pixels in the plain image "tree" and its cipher-generated image. The plot shows the red channel horizontally, the green channel vertically, and the blue channel diagonally distributed. These results also show that the correlation is highly reduced in the cipher image, and thus, we can say that attackers cannot obtain any information from the cipher image in this way.  (e) ciphered green channel pixels, vertical; (f) ciphered blue channel pixels, diagonal. Table 3. Pixel correlation between 1000 random pixels of Lena.

Differential Attack
Usually, a cracker performs a little amendment to the pixels of the plain image and then uses the same encryption approach to encrypt similar images. With this approach, they try to find the association between a plain image and an encrypted image. To check the robustness of our proposed method against differential attacks, we employed the number of pixels change rate (NPCR) and unified average changing intensity (UACI). The NPCR and UACI can be computed by the following equations: where C 1 and C 2 represent two dissimilar ciphered images, before and after one pixel in the plain image is altered, respectively; H and W are the height and width of the image; andĨ(i, j) can be defined as follows:Ĩ The NPCR and UACI values for two images (Lena, pepper) are given in Table 5, from which we can see that NPCR ≥ 99.6 and U ACI ≥ 33.4. From these values, it can be seen that the NPCR values of the proposed encryption algorithm were better than those of [52][53][54][55], while the UACI value was comparable to the others.

Known and Chosen Plain Text Analysis
Generally, there are four types of cryptanalysis attacks which can be performed to break an image encryption algorithm: chosen-plain text attack, chosen-cipher text attack, known-plain text attack, and cipher text-only attack [58][59][60]. The cryptanalysis method where the attacker picks certain plain text to obtain the related cipher text is called chosen-plain text attack. By probing the plain text and the related cipher text, they can attempt to deduce some valuable encrypted information. Finally, by means of that information, they can try to convalesce the actual images [61,62].
Of the above-mentioned attacks, the chosen-plain text attack is the most influential, so if an encryption algorithm can successfully withstand this attack, it is believed to have a satisfactory security level against the other three attacks as well. We performed this attack by using all-white and full-black images. We also created special white (SW) and special black (SB) images, having all pixels 255 in the white image and 0 in the black image, except for one pixel at the location 200 × 200, which was different. We created the cipher images and the results are given in Figure 10. In Figure 10a,d, the full white and full black images are shown; Figure 10b,e are the corresponding cipher images, respectively. Additionally, Figure 10c,f shows the histograms of Figure 10b,e; Figure 10g is the cipher image of the special image; and Figure 10h is the subtraction result of the cipher of the all-white image and the cipher of the SW image. Figure 10i shows the histogram of the subtracted image. We can see that the histograms of the cipher-generated images of both the all-white and full-black images are almost uniform and flat, and that the subtracted image is also a noise-like image showing no useful information. In Table 6, the entropy, NPCR, UACI, and correlation values of the all-white, SW, and full-black images are also given. From the results, it is clear that the ciphered image of our proposed algorithm had higher entropy values, better correlation results (in comparison to [63]), and ideal NPCR and UACI values. On the basis of these results, we can conclude that our proposed algorithm has high security against known/chosen plain text attacks, and hence, it can keep images more secure.  (c) cipher image of (a); (d) cipher image of (b); (e) histogram of (c); (f) histogram of (d); (g) cipher of one pixel change of (a); (h) subtraction of (b,g); (i) histogram of (g).

Encryption Quality
The image encryption quality can be determined by the below equation, where E (r,c) and I (r,c) can be taken as the gray values of the image pixels in a grid G (r,c) in the cipher and the plain images, respectively, each having H × W pixels with n gray levels; I (r,c) and E (r,c) ∈ (0, 1, . . . , n − 1); H n (E) and H n (I) are the occurrences of the gray level n in the cipher and plain images, respectively; and E Q depicts the average change rate for each gray level n. The higher the E Q value, the more secure the image is. E Q can be computed by the following formula: Table 7 lists the E Q values of USC-SIPI database images, along with their comparison to [64]. The table values show that the E Q values of the proposed algorithm are higher that those of [64] in the majority of images. Thus, we can say that the proposed algorithm provides a more secure encryption algorithm.

Robustness Against Occlusion Attack
In image processing, the extensively used parameters to check the encryption quality are peak signal to noise ratio (PSNR) and mean square error (MSE). The PSNR and MSE values between the plain (P), decrypted (D), and ciphered images can be computed as follows: where L is the bit-depth of the particular image. The MSE can be defined as A higher PSNR value indicates a smaller difference between the plain and decrypted images. If P and D are the same, their PSNR will be infinity. Table 8 lists the PSNR values between the plain and ciphered images and plain and decrypted images for the different test images, along with comparisons to other methods. The infinity value of PSNR for plain to decrypted shows that the proposed algorithm can efficiently decrypt the actual image, while the method of [65] resulted in loss of some information. Similarly, lower values of PSNR between the plain and cipher images indicate more secure image encryption, as lower values indicate greater differences. The lower PSNR values of plain to ciphered images in Table 8 indicate that the proposed algorithm encrypts better than those of [65][66][67]. An alternative means of quality checking is at the receiver side, where a ciphered image may lose some data or get blurred. Thus, a reliable encryption algorithm or method should be able to get back the actual image without dropping too much substantial information. Figure 11a-d shows the test image Panda with different cropped portions (i.e., 1/16, 1/8, 1/4, and 1/2, respectively), while Figure 11g-j shows the images retrieved from the respective cropped image. Similarly, Figure 11e,f shows the Lena image cropped by 1/4 and 1/2, respectively, with the corresponding retrieved images in Figure 11k,l, respectively. We can see that retrieved image still has visual information, even after half of the ciphered image is destroyed. Table 9 lists a comparison of the PSNR and MSE of the Lena image with different cropped portions. The higher PSNR values and lower MSE values, as compared to [64,68], prove that proposed algorithm can retrieve images without losing substantial information. (g) Retrieved of (a) (h) Retrieved of (b) (i) Retrieved of (c) (j) Retrieved of (d) (k) Retrieved of (e) (l) Retrieved of (f) (g) retrieved image of (a); (h) retrieved image of (b); (i) retrieved image of (c); (j) retrieved image of (d); (k) retrieved image of (e); (l) retrieved image of (f).

Local and Shannon Information Entropy
Entropy (E) values indicate the degree of chaos in an encryption system by calculating its gray value probability. Information entropy (IE) or entropy can be defined in the following way: Suppose an information source ish. Then, E can be calculated with the following formula: In the above equation, l depicts the gray intensity level and ρ(h i ) represents the probability of the symbolh i . For an image with an intensity level of 2 8 , the ideal value of E is 8 [61]. Therefore, the closer the entropy is to this value, the better the randomness of the image pixels. A higher value ensures that less information will be discovered from the particular encrypted image. Table 10 shows the entropy value of our test images, along with a comparison to some existing image encryption algorithms. The values in the table show that E ≥ 7.996, which is higher than those of [10,58,62,70,71].
In [72], a new uncertainty test was proposed for native image blocks by means of the Shannon entropy. The Shannon entropy for native image pixel blocks (τ, a k ) can be computed in following way: (1): Randomly choose (non-overlapping) blocks in an image (i.e., N 1 , N 2 , N 3 , . . . , N k ) with a k pixels within the image I having intensity L n . (2): Calculate the Shannon entropy for all i ∈ ((k − 1), (k − 2), . . . , 3, 2, 1) using Equation (23). (3): Compute the Shannon entropy by sample mean over all k image pixel blocks N 1 , N 2 , N 3 , . . . , N k with the following formula: We calculated the Shannon entropy values for the ciphered images with k = 32 and a k = 1940 pixels. Table 11 lists the global and Shannon entropy values for the USC-SIPI image database, and some well-known test images. The values were E ≥ 7.998, which is equivalent to the ideal value; furthermore, the Shannon entropy values were between 7.9018 and 7.9034. These results are comparable with those of [73].  Table 11. Global entropy and Shannon entropy.

Images
Our Global R,G,B [73] Shannon C Plain Cipher Shannon C

Gray Value Degree (GVD) Analysis
GVD analysis is a well-known statistical test to check the randomness of an image. It can be calculated by comparing the cipher-generated image of a particular algorithm with the corresponding plain image. The ideal value is 1, and the higher the value, the better the haphazardness and security. The GVD can be calculated using the following Equation: where Γ(i, j) symbolizes the gray score at position (i, j), and (í,j) is as given below: The average neighborhood gray difference of an image can be calculated as follows: In the above equations, M and N represent the rows and columns of the image, respectively, and χ and χ symbolize the average score of the neighborhood gray value, whereχ denotes after encrypting the image and χ denotes before encrypting the image. The final value is termed the GVD, which is 1 for completely dissimilar images but 0 for identical images. The GVD scores for the plain images of the USC-SIPI database and their cipher-generated images by the proposed algorithm are given in Table 12, along with comparisons to existing methods. In our case, the GVD scores indirectly varied with the key bit-planes (i.e., the GVD scores were higher when we selected the least significant bit plane as a key, and lower when we selected the most significant bit-planes as a secret key). The listed comparison shows that the GVD scores of the proposed algorithm were comparable those of [8,64].

Performance Comparison
Efficiency and time are key characteristics of an encryption algorithm. In chaotic, map-based image encryption schemes, the number of rounds for diffusion and permutation impact the encryption time. More rounds means a longer time taken by the algorithm to encrypt an image. As our proposed algorithm was based on modular addition, it took less time compared to many of the other algorithms listed in Table 13. Additionally, the encryption and decryption times (in seconds) for different-sized test images are shown in Figure 12.

Conclusions
To tackle the problems of complexity and encryption time, we have proposed a simple, fast, and secure image encryption algorithm which can ensure better security in less time, in comparison to some older algorithms. Our novel scrambling plus diffusion (SPD) technique is effective in two ways: it diffuses the pixels and scrambles the bit-planes in an efficient manner. The proposed algorithm can withstand many well-known attacks to ensure the security of the ciphered images. The use of modular addition between the pixels of image blocks and bit-plane scrambling provides an advantage in the sense of fast processing compared to binary addition between the pixels and pixel-based scrambling. Experimental results verified that our proposed algorithm can withstand some well-known attacks, such as key sensitivity tests, occlusion attacks, and known/chosen plain text attacks, and obtain satisfactory results from the GVD test. Therefore, we can conclude that the proposed encryption algorithm has demonstrated satisfactory security and efficiency. In further research, we will investigate its prospective applications in image communication.