Color Image Encryption Based on an Evolutionary Codebook and Chaotic Systems

Encryption of images is an important method that can effectively improve the security and privacy of crucial image data. Existing methods generally encrypt an image with a combination of scrambling and encoding operations. Currently, many applications require highly secure results for image encryption. New methods that can achieve improved randomness for both the scrambling and encoding processes in encryption are thus needed to further enhance the security of a cipher image. This paper proposes a new method that can securely encrypt color images. As the first step of the proposed method, a complete bit-level operation is utilized to scramble the binary bits in a color image to a full extent. For the second step, the bits in the scrambled image are processed with a sweeping operation to improve the encryption security. In the final step of encryption, a codebook that varies with evolutionary operations based on several chaotic systems is utilized to encrypt the partially encrypted image obtained in the second step. Experimental results on benchmark color images suggest that this new approach can securely encrypt color images and generate cipher images that remain secure under different types of attacks. The proposed approach is compared with several other state-of-the-art encryption approaches and the results show that it can achieve improved encryption security for cipher images. Experimental results thus suggest that this new approach can possibly be utilized practically in applications where color images need to be encrypted for content protection.


Introduction
Nowadays, images have become an important form of digital data that can accurately store a large amount of information.The contents in many images contain crucial information and thus need to be made available only to certain groups of individuals.The security of such images is generally improved by algorithms designed to encrypt images [1,2].To achieve satisfactory security levels for cipher images, numerous computational methods have been developed for the encryption of images [3][4][5][6][7].So far, three important types of computational methods have been developed for image encryption, including approaches that perform encryption by pixel permutations [3,8], methods that encrypt images by transformations of pixel values [4, 9,10], and encryption techniques based on chaotic systems [5,11].
For methods based on pixel permutations, the pixels in an image are relocated to new positions for encryption.For instance, the work in [12] encrypts an image by changing pixel locations based on ergodic matrices.In [13], the positions of pixels are changed with Peano-Hilbert curves to significantly reduce the spatial correlations among them.In [14], images are encrypted by combining a variety of permutation techniques with edge maps constructed from source images.In [8], locations and pixel values are both changed to process a plain image to generate its cipher image.The work in [3] utilizes a permutationdiffusion architecture together with a skew tent map system to encrypt images.In [15], approaches that can further enhance the security of encryption are highly desirable to further upgrade the security level of cipher images.Encryption security can potentially be improved in two aspects.Firstly, the scrambling process utilized to eliminate the local correlations that usually exist among pixels in a plain image can be performed with new bit-level operations to completely remove the information in a plain image.In addition, the encryption security can possibly be further improved by applying an additional bitlevel transformation to the bits in a scrambled image.Secondly, transformations that can enhance the randomness of a cipher image can be utilized to further improve the security of encryption.
In this paper, a new method is proposed to securely encrypt color images using an evolutionary codebook determined based on the information generated by a number of chaotic systems.The proposed method encrypts a color image in three phases.In the first phase, binary bits that represent the values of pixels in a plain image are partitioned into a few sequences with a number of mappings generated from a one-dimensional logistic system.The binary bits in each sequence are placed into a rectangular structure constructed from the output of a second one-dimensional logistic system.Each bit in the rectangular structure is relocated to a new position in the structure based on a set of operations performed on each row and column in the structure.The bits in the rectangular structure are mapped back to the sequence based on the transformation utilized to construct the rectangular structure.The scrambling process is complete when the bits in each sequence have been relocated to new positions in the sequence.In the second phase, a sequence of bit exclusive-or operations is accumulatively applied to the bits in each column and row of a scrambled image to further improve the plain image sensitivity of a cipher image.A partially encrypted image can be obtained as a result.In the third phase, the binary bits in a partially encrypted image are sequentially divided into several subsequences with the same length.All subsequences are encoded sequentially based on an evolutionary codebook generated from several chaotic systems.After the encoding of a subsequence is performed, the codebook is updated by a cross-over operation and a mutation operation determined by the outputs of the chaotic systems.A cipher image can be obtained by combining the encoded sequences of all subsequences in the partially encrypted image.
A summary of the major contributions of the paper can be listed as follows.

1.
A new approach that can fully scramble the bits in a plain image and significantly reduce the local correlations that usually exist among pixels in the image is proposed.

2.
A bit-level sweeping approach that can improve the plain image sensitivity of a cipher image is proposed.

3.
A novel method that can securely encrypt the values of pixels in a scrambled image with a codebook constructed and varied using a number of chaotic systems is proposed.
Estimation suggests that the proposed method has a key space that is large in size, which indicates that attacks based on an exhaustive search cannot decipher a cipher image obtained using the proposed method.For testing, a number of benchmark color images and color images selected from the BSD dataset [40] are encrypted with the proposed method.Evaluations based on several different measures of security show that the proposed approach is capable of generating cipher images with high security.A comparison of the proposed approach with a few other state-of-the-art methods for encryption suggests that this new approach can provide cipher images that have improved overall security.

Materials and Methods
The proposed approach processes a plain color image in three phases to obtain its cipher image.For the first phase, the binary bits that represent the values of pixels in the plain image are partitioned into sequences and the bits in each sequence are scrambled with a rectangular structure constructed based on a one-dimensional logistic system.The scrambled sequences are then combined into a scrambled image.In the second phase, the bits in each row of a scrambled image are accumulatively processed by a sequence of exclusive-or bit operations, followed by a set of exclusive-or bit operations accumulatively applied to the bits in each column of the scrambled image.A partially encrypted image is generated as a result.In the third phase, the binary bits in a partially encrypted image are grouped into subsequences, and all subsequences are sequentially encoded with an evolutionary codebook.After a subsequence is encoded, the codebook is modified by a cross-over operation and a mutation operation determined from the information generated by a number of chaotic systems.A cipher image is obtained when the encoding of all subsequences is complete.
Figure 1 provides a description of the major steps of the first phase of the proposed approach.From the information generated by a one-dimensional logistic system, a mapping is generated for each pixel in a plain image.Based on these mappings, the binary bits that represent the values of pixels in the plain image are partitioned into several sequences of bits.For each sequence, a rectangular structure is constructed from the output of another logistic system, and the bits in the sequence are sequentially mapped into the rectangular structure.The bits in each row of the rectangular structure are relocated to new positions in the same row based on a positive integer key that is associated with the row.Similarly, the locations of the bits in each column of the structure are changed to new values using a map constructed from the integer key for the column.After the relocations of all bits are performed, the bits in the rectangular structure are mapped back to the sequence to complete the scrambling operation on the sequence.A scrambled image is obtained after the scrambling operations on all sequences have been performed.The major steps that implement the second phase of the proposed approach are shown in Figure 2. Firstly, for each row in a scrambled image, a left-to-right sweeping operation is performed on all bits in the row such that each bit is replaced by the exclusive-or of all bits to the left of the bit and itself.A similar right-to-left sweeping operation is then applied to all bits in the same row, where each bit is replaced by the exclusive-or of all bits to the right of the bit and itself.Secondly, for each column in a scrambled image, all bits in the column are processed such that each bit is replaced by the exclusive-or of all bits above the bit and itself.All bits in the same column are then processed in a bottom-up order, where each bit is replaced by the exclusive-or of all bits below the bit and itself.A partially encrypted image is obtained after the operations on all rows and columns are complete.Figure 3 illustrates the major steps in the third phase of the proposed approach.For encoding, the binary bits in a partially encrypted image are sequentially divided into a number of subsequences of a given length.Each subsequence is encoded with a codebook constructed from the information generated by a number of chaotic systems.After a subsequence is encoded, the entries in the codebook are relocated to new positions based on a cross-over operation and a mutation operation determined by the information generated by the chaotic systems.For the cross-over operation, an integer key obtained from the output of a chaotic system is utilized to partition the codebook into two different parts, the entries in each part are then relocated to new positions based on the outputs of two other chaotic systems.The entries in both parts are combined into a new codebook.For the mutation operation, each entry in a codebook is moved to a new position in the codebook using a mapping based on the output of another chaotic system.A cipher image is generated after all subsequences are sequentially encoded with the evolutionary codebook.
generated after all subsequences are sequentially encoded with the evolutionary codebook.A cipher image can be decrypted in three major phases.In the first phase of decryption, the binary bits that represent the values of pixels in the cipher image are sequentially divided into subsequences based on the length of the subsequences used in encoding.The evolutionary codebook used to encode the pixel values in a partially encrypted image is sequentially constructed and searched to determine the decrypted subsequence for each subsequence in the cipher image.A partially decrypted image is obtained by combining the decrypted subsequences into a color image.
In the second phase of decryption, the bits in each column of the partially decrypted image are first processed based on a sequence of accumulative bit exclusive-or operations.Specifically, each bit in the column is first replaced by the exclusive-or of all bits below it and itself.After the operation is complete, each bit in the column is replaced by the exclusive-or of all bits above it and itself.Each row is processed similarly after all columns are processed.Each bit in a row is first replaced by the exclusive-or of all bits to the right of the bit and itself.After the operation is complete, each bit in the row is replaced by the exclusive-or of all bits to the left of the bit and itself.A scrambled image is obtained as a result.
In the third phase of decryption, the binary bits in the scrambled image are partitioned into several sequences based on the mappings used to partition the plain image in the scrambling process.For each sequence, the rectangular structure used to relocate the bits in the sequence for scrambling is constructed and the mapped position for each bit location in the sequence is obtained based on the scrambling operations performed in each row and column of the rectangular structure.An array can be maintained to store the mapped position for each bit location in the sequence.Based on the array, each bit in the sequence can be moved to its original position in the plain image.The plain image of the cipher image is recovered when the bits in all sequences have been moved to their original positions in the plain image.

The Scrambling of Bits
Let P be a plain color image that contains h rows and w columns, P(i, j, 1), P(i, j, 2), and P(i, j, 3) represent the R, G, and B components of the pixel in row i and column j of P, respectively, where 1 ≤ i ≤ h and 1 ≤ j ≤ w hold for integers i and j.Since the R, G, and B components associated with a pixel contain 24 bits in total, the binary bits in P are partitioned into 24 different sequences based on the outputs of a one-dimensional logistic system L 1 .
A one-dimensional logistic system can generate a real number sequence x 1 , x 2 , . . ., x n . . .from an initial value x 0 that satisfies 0 < x 0 < 1.For integer k ≥ 0, the recursion relation between x k and x k+1 is shown in Equation (1).
It has been shown that the one-dimensional logistic system defined in Equation ( 1) is chaotic if there does not exist a real number θ 0 such that x 0 = sin 2 θ 0 and In the rest of the paper, it is assumed that all initial values selected for Equation (1) lead to chaotic one-dimensional logistic systems.An initial value slightly different from x 0 would lead to a significantly different value for x k when k is sufficiently large.Let N be a positive integer, y 0 and z 0 be the initial values of L 1 , y 1 , y 2 , . . ., y N , . . .and z 1 , z 2 , . . ., z N , . . .be the sequences of real numbers generated from y 0 and z 0 with Equation (1), respectively.From Equation (2), integer X can be obtained with a large positive integer N 0 .
Let c 1 , c 2 , . . ., c hw be the first hw integers that are larger than X and coprime with 24, Based on Equation (3) and N 0 , let r(i, j) = (i − 1)w + j, integer b r(i,j) is generated for the pixel that is located in column j and row i of P.
b r(i,j) = z r(i,j)+N × N 0 mod 24 (3) A mapping σ r(i,j) is constructed for the pixel in row i and column j of P. For an integer s that satisfies 1 ≤ s ≤ 24, σ r(i,j) (s) is the mapped integer for s based on Equation (4).
Otherwise, the following equation must hold for s 1 and s 2 , where k 0 is a positive integer.
From Equation ( 5), since c r(i,j) and 24 are coprime, 24 must be an integer factor of |s 1 − s 2 |.This contradicts the fact that 1 ≤ |s 1 − s 2 | < 24 holds, σ r(i,j) (s 1 ) and σ r(i,j) (s 2 ) thus must be different.In other words, σ r(i,j) is a one-to-one mapping for integers between 1 and 24.
The binary bits that represent the values of all pixels in P can be partitioned into 24 different sequences based on the mappings that have been constructed for pixels in P. Specifically, an array of 24 bits can be constructed by combining the R, G, and B components of each pixel in P. Let F r(i,j) be the array of binary bits for the pixel in column j and row i in P. The first, second, and third 8 bits in F r(i,j) are binary representations for the R, G, and B components in the pixel value.F r(i,j) (k) denotes the bit in the kth location in F r(i,j) .Given an integer k such that 1 ≤ k ≤ 24 holds, for each integer t that satisfies 1 ≤ t < hw, Equations ( 6) and (7) recursively define a mapping µ t .
For each k that satisfies 1 ≤ k ≤ 24, a sequence S k of hw bits can be formed such that the bit in position t of S k is set to be F t (µ t (k)) for each positive integer t such that 1 ≤ t ≤ hw holds.Since σ t is a one-to-one mapping, S 1 , S 2 , . . ., S 24 is a disjoint partition of the bits in the pixel values of P.
For each k that satisfies 1 ≤ k ≤ 24, the binary bits in S k are relocated for scrambling at the bit level.Let S k (l) be the bit in position l, where 1 ≤ l ≤ hw.The relocation of bits in S k is performed based on a rectangular structure R k .For a real number 0 < l 0 < 1, a sequence of real numbers l 1 , l 2 , . . ., l N , . . . is generated using Equation (1).The number of rows r k in R k is determined from l N+ f (k) as shown in Equation (8), where f (k) is an integer function of k and its definition is provided later in the paper.
The number of columns u k in R k is obtained from r k as shown in Equation (9).
For each integer l that satisfies 1 ≤ l ≤ hw, S k (l) is placed into a location in R k based on the mappings described by Equations ( 10) and (11), where p l is the row number of the location in R k and q l is its column number in R k .
A position in R k that is not mapped to a bit in S k is assigned a value of −1.Each row and column in R k is associated with a positive integer key.Let s 1 , s 2 , . . .s r k be the first r k integers that are larger than l N+ f (k) × N and coprime with u k .The integer key for row m in R k is s m .In addition, an integer v m is determined for row m as shown in Equation (12).
The scrambling process first changes the positions of bits in each row of R k to new positions in the same row.The bit in position d of row m is relocated to position f d in the same row.f d is determined from d as shown in Equation (13).
Since s m and u k are coprime, no two different positions in the same row are relocated to the same position.
After the scrambling of all rows in R k are complete, the bits in each column of R k are moved to new positions in the same column.Let g 1 , g 2 , . . .g u k be the first u k integers that are larger than s r k and coprime with r k .g n is the integer key for column n.The bit in position e of column n is relocated to position h e in the same column.h e is obtained from e with Equation ( 14), where w n is obtained for column n based on Equation (15).
Since g n is coprime with r k , no two different positions in the same column are relocated to the same position.Function f (k) in Equation ( 12) can be recursively defined based on Equations ( 16) and (17).f (1) = 0 ( 16) After the scrambling operations on all columns in R k are completely performed, the bits in R k are mapped to the corresponding positions in S k .A sequence T k that contains r k u k bits and values is constructed.For the position in row i r and column j r of R k , let m r (i r , j r ) be its corresponding location in T k .m r (i r , j r ) is determined from Equation (18) as follows.
m r (i r , j r ) = (i r − 1) The bit or value in row i r and column j r of R k is thus assigned to position m r (i r , j r ) in T k .The scrambled sequence for S k can be obtained from T k by eliminating the positions that contain a value of −1 from T k .A scrambled image D can be obtained from the scrambled sequences for S 1 , S 2 , . . ., S 24 .Specifically, for each pair of integers (k, t) that satisfies 1 ≤ k ≤ 24 and 1 ≤ t ≤ hw, set F t (µ t (k)) to be the bit in position t of the scrambled sequence for S k .The resulting image is a scrambled image D for P.

The Sweeping Operations
A partially encrypted image can be obtained by accumulatively applying a set of bit exclusive-or operations to the bits in a scrambled image.The operations are performed on the bits in each row of the scrambled image first.After the operations on all rows are complete, similar operations are applied to each column in the scrambled image.As a result, a partially encrypted image is obtained after the sweeping operation is complete.
Given a bit value b 0 and an array A of s z binary bits, a sweeping operation A s = SW(b 0 , A) generates a new array A s of the same size as that of A. Let p z be an integer that satisfies 1 < p z ≤ s z , A(p z ) and A s (p z ) are the bits in position p z of A and A s , respectively.A s (p z ) can be recursively obtained based on bit exclusive-or operations with Equations ( 19) and (20).
For row i r in D, where i r is an integer that satisfies 1 ≤ i r ≤ h, a left-to-right sweeping operation on row i r is performed by sequentially applying a sweeping operation to the array of bits of all pixels in row i r from left to right.The operations are described in Equations ( 21) and (22), where b r = (i r − 1)w and k is a positive integer such that 1 < k ≤ w holds.
After V l,1 , V l,2 , . . .V l,w are obtained, the bits in F b r +k are set to be those in V l,k for each k.A right-to-left sweeping operation is then applied to the pixels in row i r based on Equations ( 23) and ( 24).K l,w = SW(0, F b r +w ) After K l,1 , K l,2 , . . .K l,w are determined, the bits in F b r +k are reset to be those in K l,k for each k.
After each row in D has been processed by the sweeping operation, similar sweeping operations are performed on the pixels in each column of D. Let j c be an integer that satisfies 1 ≤ j c ≤ w, the pixels in column j c are sequentially processed with a top-down sweeping operation described by Equations ( 25) and ( 26), where k is a positive integer such that 1 After H c,1 , H c,2 , . . .H c,h are obtained, the bits in F (k−1)w+j c are set to be those in H c,k for each k.A bottom-up sweeping operation is then utilized to process the pixels in column j c with Equations ( 27) and (28).
After T c,1 , T c,2 , . . .T c,h are determined, the bits in T c,k are assigned to F (k−1)w+j c for each k.A partially encrypted image E p is obtained when the sweeping operations have been applied to all columns in D.

The Encoding of Pixels
The encoding of pixels in a partially encrypted image E p is performed with the information generated by a number of one-dimensional chaotic systems based on Equation (29), where k ≥ 0 is an integer.
Since x 0 = (1 + sin θ 0 )/2, the equation holds when k = 0. Now, if Equation ( 30) holds when k = l, from Equation ( 29), x l+1 can be obtained by x l+1 = 3sin 3 l θ 0 − 4(sin 3 l θ 0 3 it is thus clear that x l+1 = 1 + sin 3 l+1 θ 0 )/2 , the equation holds for k = l + 1.From the principle of induction, Equation ( 30) holds for all integers k ≥ 0. Since −π/2 < θ 0 < π/2 and there are no existing integers 30) suggests that the system is chaotic and a tiny amount of perturbation in x 0 would lead to a significantly different value for x k when k is a positive integer that is sufficiently large.In the rest of the paper, all initial values for Equation ( 30) are chosen such that the corresponding systems are chaotic.
The bits in the pixel values of E p are sequentially divided into subsequences of length 4. Specifically, for positive integers i and j such that 1 ≤ i ≤ h and 1 ≤ j ≤ w hold, an array F r(i,j) of 24 bits can be obtained by combining the binary bits in the R, G, and B components of the pixel in column j and row i of E p , where r(i, j) = (i − 1)w + j.The bits in F r(i,j) are sequentially divided into 6 subsequences and Q 6r(i,j) .Starting with subsequence Q 1 , the subsequences are sequentially encoded.For each positive integer t such that 1 ≤ t < 6hw holds, Q t+1 is encoded after the encoding of Q t is complete.
A codebook C b,t that contains the encoding of each possible binary sequence of length 4 is utilized to encode subsequence Q t .C b,t contains 16 entries in total and can be queried based on the integer value of the subsequence that needs to be encoded.Let v(Q t ) be the integer value represented by Q t , the entry in the position of v(Q t ) + 1 in C b,t is the encoded subsequence for Q t , such an entry is denoted by C b,t (v(Q t ) + 1).C b,t is obtained from C b,t−1 based on a cross-over operation and a mutation operation.C b,0 is a codebook where the encoded subsequence for each subsequence is the subsequence itself.

The Cross-Over Operation
A cross-over operation utilizes two integer keys 1 ≤ K p < 255 and 1 ≤ L p < 255 to partition a codebook C into two arrays C 0 and C 1 .Specifically, an array K a of 16 bits is constructed by combining the 8-bit binary representations of K p and L p .The first 8 bits in K a are the binary representation of K p and the remaining 8 bits are that of L p .For each integer i d that satisfies 1 ≤ i d ≤ 16, the entry at The relative orders for the entries in C 0 and C 1 remain the same as their relative orders in C.
Let s z,0 and s z,1 be the sizes of C 0 and C 1 , respectively.Two other integer keys I 0 and I 1 are utilized to change the locations of the entries in C 0 and C 1 , respectively.I 0 is required to be coprime with s z,0 and I 1 must be coprime with s z,1 .Each entry in C 0 is relocated to a new position in C 0 .The entry in position j d of C 0 is relocated to a new location m 0,j d in C 0 , where 1 ≤ m 0,j d ≤ s z,0 and Equation (31) holds for m 0,j d , where x j d is an integer.
Indeed, since s z,0 and I 0 are coprime, a well-known fact is that there exist two integers x z and y z such that s z,0 x z + I 0 y z = 1 holds.If α j d = ⌊y z j d /s z,0 ⌋, m 0,j d = y z j d − α j d s z,0 + 1, and Therefore, there exists an integer solution x j d , m 0,j d for Equation (31) and 1 ≤ m 0,j d ≤ s z,0 holds.For a given integer j d , there exists only one integer 1 ≤ m 0,j d ≤ s z,0 that can satisfy Equation (31).If this is not the case, two different integer solutions x j d , 0 , m 0,j d and x j d , 1 , m 1,j d exist for Equation (31) such that both 1 ≤ m 0,j d ≤ s z,0 and 1 ≤ m 1,j d ≤ s z,0 hold.m 0,j d and m 1,j d thus must satisfy the following equation.
However, since s z,0 and I 0 are coprime, s z,0 must be an integer factor of m 0,j d − m 1,j d , which contradicts the fact that 1 ≤ m 0,j d − m 1,j d < s z,0 .Therefore, there exists only one integer 1 ≤ m 0,j d ≤ s z,0 that can satisfy Equation ( 31) for a given integer j d .
In addition, the integer solutions m 0,i d and m 0,j d for two different integers 1 ≤ i d ≤ s z,0 and 1 ≤ j d ≤ s z,0 are different.Otherwise, the following equation must hold for i d and j d , where k is a positive integer.
Equation ( 33) contradicts the fact that 1 ≤ |i d − j d | < s z,0 .m 0,i d and m 0,j d thus must be two different integers.
The above argument suggests that the mapping from j d to m 0,j d based on Equation ( 31) is a one-to-one mapping for each integer j d that satisfies 1 ≤ j d ≤ s z,0 .Each entry in C 0 can thus be relocated to a new position in C 0 based on the mapping.Similarly, since s z,1 is coprime with I 1 , a similar mapping can be constructed for C 1 based on I 1 and each entry in C 1 can be relocated to a new position in C 1 .After the relocation operations are completed for both C 0 and C 1 , the entries in C 0 and C 1 are merged to construct a new codebook C n based on K a .The entries in C 0 are sequentially placed into positions in C n that have a bit of 0 in K a , and the entries in C 1 are sequentially placed into positions in C n that have a bit of 1 in K a .
The cross-over operation applied to C b,t−1 is determined by the outputs of several chaotic systems described in Equation (29).Let x r,0 , y r,0 , z r,0 , w r,0 , x g,0 , y g,0 , z g,0 , w g,0 , x b,0 , y b,0 , z b,0 , and w b,0 be 12 positive real numbers less than 1 and none of them are equal to 1/2.Using them as the initial values, 12 different sequences of real numbers can be generated with the recursive relation in Equation (29).For an integer k > 0, x r,k , y r,k , z r,k , w r,k , x g,k , y g,k , z g,k , w g,k , x b,k , y b,k , z b,k , and w b,k are the kth number in the sequences, respectively.
In cases where t mod 6 = 1 or t mod 6 = 2, the integer keys associated with the cross-over operation on C b,t−1 are obtained from x r,N+δ t , y r,N+δ t , z r,N+δ t , and w r,N+δ t based on Equations ( 34)- (37), where K 0 is a positive integer and δ t is determined based on Equation (38), where τ 0 is a positive integer.K p,r and L p,r are the integer keys utilized to construct the array for the partition operation in the cross-over operation on C b,t−1 , I 0,r is the first integer that is larger than I p,r and coprime with s z,0 , and I 1,r is the first integer that is larger than J p,r and coprime with s z,1 .I 0,r and I 1,r are the keys used to relocate the entries in the two parts of C b,t−1 for cross-over.
Similarly, in cases where t mod 6 = 3 or t mod 6 = 4, the integer keys used for the cross-over operation on C b,t−1 are obtained from x g,N+γ t , y g,N+γ t , z g,N+γ t , and w g,N+γ t based on Equations ( 39)- (42).γ t is determined based on Equation (43).K p,g and L p,g are the integer keys utilized to perform the partition on C b,t−1 for cross-over.Let I 0,g be the first integer that is larger than I p,g and coprime with s z,0 , and I 1,g be the first integer that is larger than J p,g and coprime with s z,1 .I 0,g and I 1,g are the keys used to relocate the entries in the two parts of C b,t−1 for cross-over.
Finally, in cases where t mod 6 = 5 or t mod 6 = 0, the integer keys used for the crossover operation on C b,t−1 are obtained from x b,N+ϵ t , y b,N+ϵ t , z b,N+ϵ t , and w b,N+ϵ t based on Equations ( 44)- (47).ε t is determined with Equation (48), where h t = 0 if t mod 6 = 5, and h t = 1 if t mod 6 = 0. K p,b and L p,b are the integer keys used to partition C b,t−1 for cross-over.Let I 0,b be the first integer that is larger than I p,b and coprime with s z,0 , and I 1,b be the first integer that is larger than J p,b and coprime with s z,1 .I 0,b and I 1,b are the keys employed to perform the relocation of the entries in the two parts of C b,t−1 for cross-over.
The value of v(Q 0 ) is set to be 0 when integer keys for the cross-over operation on C b,0 are computed.As a result of the cross-over operation on C b,t−1 , a new codebook T b,t−1 can be obtained.C b,t is generated by applying a mutation operation to T b,t−1 .

The Mutation Operation
A mutation operation changes a codebook T b,t−1 in two steps.In the first step, the order of the entries in T b,t−1 is altered with an approach similar to the one used in a crossover operation.In the second step, all entries in T b,t−1 are circularly shifted by a given number of positions.
A positive integer key J 0 is needed to perform the mutation operation on T b,t−1 .J 0 is required to be coprime with 16.For each integer 1 ≤ i m ≤ 16, the entry in position i m of T b,t−1 is relocated to position n i m .The integer 1 ≤ n i m ≤ 16 satisfies Equation (49), where y i m is an integer.
Since J 0 and 16 are coprime, from an argument that is similar to the one in Section 2.3.1, the mapping from i m to n i m is a one-to-one mapping.Each entry in T b,t−1 is relocated to a new position based on the mapping.After all entries in T b,t−1 have been relocated based on the mapping determined by Equation (49), each entry is circularly shifted by s h positions, where s h is determined based on Equation (50).
The entry in position j m of T c,b is shifted to position l j m as described in Equation (51).The resulting codebook is C b,t .
The integer key used to perform the mutation operation on T b,t−1 is obtained from the information generated by the three chaotic systems defined in Equation (29).Let u r,0 , u g,0 , and u b,0 be the initial values of the three chaotic systems.Three sequences of real numbers can be generated from u r,0 , u g,0 , and u b,0 .For a positive integer k, u r,k , u g,k , and u b,k are the kth real numbers of the three sequences, respectively.For a positive integer t that satisfies 1 ≤ t ≤ hw, when t mod 6 = 1 or t mod 6 = 2 holds.The integer key J r,0 for the mutation operation on T b,t−1 is the first integer that is larger than H p,r and coprime with 16.H p,r is determined with Equation ( 52), where δ t is defined based on Equation (38).
In cases where t mod 6 = 3 or t mod 6 = 4, the first integer that is larger than I p,g and coprime with 16 is set to be the integer key J g,0 for the mutation operation on T b,t−1 .H p,g is computed with Equation (53), where γ t is defined as shown in Equation ( 43).
In cases where t mod 6 = 5 or t mod 6 = 0, the integer key J b,0 for the mutation operation on T b,t−1 is chosen to be the first integer that is larger than H p,b and coprime with 16.H p,b is computed with Equation (54), where ε t is defined by Equation ( 48).
C b,t is obtained by applying the mutation operation to T b,t−1 .

The Encoding of Subsequences
Starting with t = 1, C b,t is constructed from C b,t−1 by applying the cross-over operation in Section 2.3.1 and the mutation operation in Section 2.3.2 to C b,t−1 .C b,t is queried to obtain the encoded subsequence E t for Q t .E t can be obtained from C b,t and Q t by Equation ( 55).
After E t has been obtained, the value of t is incremented by 1.The above operations are repeated for the new t.A cipher image C r is obtained for P when all subsequences in E p have been encoded.

The Decryption Process
A cipher image C r can be decrypted by reversing the encryption operations applied to its plain image in a reversed order.Each pixel in C r is first decoded to generate a partially encoded image E p .A set of sweeping operations is then applied to E p to obtain its corresponding scrambled image D. Finally, the bits in D are relocated to reverse the scrambling operations during encryption to obtain the plain image P.

The Decoding of Pixels
The decoding of pixels in C r needs the values of x r,0 , y r,0 , z r,0 , w r,0 , x g,0 , y g,0 , z g,0 , w g,0 , x b,0 , y b,0 , z b,0 , w b,0 utilized to implement the cross-over operations on a codebook and the values of u r,0 , u g,0 , and u b,0 used to mutate a codebook during encryption.
The bits in the pixel values of C r are sequentially divided into subsequences of length 4. Specifically, for integers i and j such that 1 ≤ i ≤ h and 1 ≤ j ≤ w hold, an array G r(i,j) of 24 bits can be generated by merging the binary representations of the R, G, and B component values for the pixel in column j and row i of C r , where r(i, j) = (i − 1)w + j.Six subsequences E 6r(i,j)−5 , E 6r(i,j)−4 , E 6r(i,j)−3 , E 6r(i,j)−2 , E 6r(i,j)−1 , and E 6r(i,j) can be obtained by sequentially dividing the bits in G r(i,j) into regions of 4 bits.The decoding process starts with subsequence E 1 and sequentially decodes the other subsequences.For each positive integer t such that 1 ≤ t < 6hw holds, the decoding of E t+1 is performed after the decoding of E t is complete.
Entropy 2024, 26, 597 14 of 31 Let C b,0 be a codebook where the encoded subsequence of each subsequence is the subsequence itself.Starting with t = 1, C b,t can be obtained by processing C b,t−1 by the cross-over operation in Section 2.3.1 and the mutation operation in Section 2.3.2.C b,t is queried to obtain the decoded subsequence Q t for E t .Q t can be determined by searching C b,t to find the location of the entry that matches E t .After Q t has been determined, increment the value of t by 1 and repeat the above operations for the new t.The partially decrypted image E p is obtained from C r when the decoding of all subsequences in C r has been performed.

Reversing the Sweeping Operations
The scrambled image D that corresponds to E p can be obtained by reversing the accumulative bit exclusive-or operations utilized to generate E p from D. An array of 24 bits can be constructed by merging the binary representations of the R, G, and B component values for each pixel in E p .Let U r(i,j) denote the bit array for the pixel in column j and row i of E p , where r(i, j) = (i − 1)h + j, the bits in each column of E p are processed by a bottom-up accumulative bit exclusive-or operation.For column j c in E p , where 1 ≤ j c ≤ w holds, the bit array of each pixel in the column is processed by a sweeping operation as described by Equations ( 56) and (57), where k is a positive integer such that 1 < k ≤ h holds.
For each k, the bits in M c,k are assigned to U (k−1)w+j c after M c,1 , M c,2 , . . .M c,h are determined.
A top-down accumulative bit exclusive-or operation is applied to the bit arrays of all pixels in each column of E p .For column j c in E p , the bit array of each pixel in the column is processed by a sweeping operation as described by Equations ( 58) and ( 59), where k is an integer that satisfies 1 < k ≤ h.
N c,1 = SW 0, U j c (58) For each k, U (k−1)w+j c contains the bits in N c,k after N c,1 , N c,2 , . . .N c,h are determined.
After the sweeping operations on all columns in E p have been reversed, a right-to-left accumulative bit exclusive-or operation is used to process the bit arrays of all pixels in each row of E p .For row i r in E p , where i r is an integer that satisfies 1 ≤ i r ≤ h, the bit array of each pixel in the row is processed by a sweeping operation as shown in Equations ( 60) and (61), where b r = (i r − 1)w and k is a positive integer such that 1 < k ≤ w holds.
The bits in U b r +k are assigned to be those in P l,k for each k after P l,1 , P l,2 , . . .P l,w have been determined.
Finally, a left-to-right accumulative bit exclusive-or operation is applied to the bit arrays of all pixels in each row of E p .For row i r in E p , a sweeping operation described by Equations ( 62) and ( 63) is utilized to process the bit array of each pixel in the row.Similarly, k is a positive integer such that 1 < k ≤ w holds.
After Q l,1 , Q l,2 , . . .Q l,w are determined, U b r +k are set to contain the bits in Q l,k for each k.
The scrambled image D is recovered from E p when all sweeping operations that convert D into E p are reversed.

Recovery of a Plain Color Image
The operations for scrambling can be reversed to recover the plain image P of C r from D. Specifically, the binary bits that represent the values of pixels in D are partitioned into 24 sequences L 1 , L 2 , . . ., L 24 with the approach in Section 2.1.Two sequences of real numbers y 1 , y 2 , . . ., y N , . . .and z 1 , z 2 , . . ., z N , . . .are generated based on the initial values y 0 and z 0 used in the scrambling process.For each pair of integers (i, j) that satisfy 1 ≤ i ≤ h and 1 ≤ j ≤ w, the mapping σ r(i,j) in Equation ( 4) is constructed for the pixel that is in column j and row i of P.
Based on the mappings for all pixels in D, the partition of the bits in D can be performed using the mappings recursively defined in Equations ( 6) and (7).For each k that satisfies 1 ≤ k ≤ 24, a sequence L k of hw bits is generated by setting the bit in position t of L k to be U t (µ t (k)) for each integer t such that 1 ≤ t ≤ hw holds.The bits in L k need to be relocated to their original positions in the plain image P to recover P. Specifically, an array A c that consists of hw integers are constructed.For each integer i l such that 1 ≤ i l ≤ hw holds, A c (i l ) is set to be i l .The scrambling operation described in Section 2.1 on S k is performed on A c .The resulting array A s thus contains the original position of each bit in L k .A sequence S k can be obtained by relocating the bits in L k to their original positions by applying the operation defined in Equation (64) for each integer i l such that The plain image P can be constructed from the recovered sequences S 1 , S 2 , . . ., S 24 .Specifically, S k (t) is assigned to the position µ t (k) of U t for each pair of integers (k, t) that satisfies 1 ≤ k ≤ 24 and 1 ≤ t ≤ hw.As a result, the plain image P for C r can be obtained.

Computational Complexity
Given a color image that contains w columns and h rows, the binary bits in such an image can be partitioned into 24 sequences of bits in O(hw) time.It is also clear that O(hw) time is needed to relocate the bits in each sequence.A scrambled image can thus be obtained in O(hw) time.
The sweeping operations defined in Equations ( 21) and ( 22) require O(w) time to process the pixels in one row of a scrambled image.Similarly, the sweeping operations defined in Equations ( 23) and (24) need O(w) time to process one row.The sweeping operations defined by Equations ( 25) and ( 26) can be accomplished in O(h) time.In addition, O(h) time is needed to complete the bit exclusive-or operations described in Equations ( 27) and (28).The sweeping process can thus be accomplished in O(hw) time.
The encoding of a pixel in a partially encrypted image requires the construction of a codebook based on the information generated by a number of chaotic systems.Since both the cross-over and mutation operations can be performed in O(1) time, the codebook for the encryption of a single subsequence can thus be constructed in O(1) time.Therefore, the encoding of a subsequence can be accomplished in O(1) time.The encoding of all subsequences in a partially encrypted image needs O(hw) time.The total amount of computation time needed to encrypt a plain color image is thus O(hw).
A cipher image with h rows and w columns is decrypted by reversing the operations in the encryption process.It is clear that all operations in the encryption can be reversed in O(hw) time.The plain image of a cipher image thus can be obtained in O(hw) time.

Results
An implementation of this encryption approach has been generated based on MATLAB.Seven benchmark images and a number of color images in the BSD dataset [40] have been utilized to test and evaluate its performance.Cipher images provided by this encryption approach are evaluated using a few measures and its performance is compared with that of several state-of-the-art encryption methods [3, 22,27,28,35,[42][43][44][45][46][47][48] based on these measures.The values of parameters N, N 0 , K 0 , and τ 0 are set to be 100, 10 8 , 1000, and 2, respectively, for all the experiments.

Attacks That Utilize Brutal Forces
Attacks that utilize brutal forces generally exhaustively search within the key space for encryption and determine the combination of keys that can recover the plain image from a cipher image.The key space size of an approach is thus a measure of its ability to protect cipher images from attacks that utilize brutal force.The proposed approach partitions the binary bits in a plain image into 24 subsequences for scrambling.A rectangular structure is constructed to relocate the bits in each subsequence.For a rectangular structure with r h rows and c w columns, the relocation performed on the rectangular structure requires r h + c w integers to move the bits in the rectangular structure to new locations.In practice, integers for scrambling 20 of the 24 subsequences are considered parameters that can be optimized for improved encryption security.The integers needed to scramble the remaining 4 subsequences are used as encryption keys.Let M 1 be the number of integers that an integer key associated with a column or row can be chosen from, M 1 4(r h +c w ) different combinations of integer keys for the rows and columns in a rectangular structure thus need to be considered in an exhaustive search.The encoding process requires the outputs of 15 different chaotic systems to change the codebook for encoding.Let M 2 be the size of the set of numbers that can be chosen as the initial value for the chaotic system, an exhaustive search needs to consider M 2 15 different combinations.The key space of the proposed approach thus has a lower bound of M 1 4(r h +c w ) M 2 15 for its size.In the case where a color image that needs to be encrypted contains at least 10 4 pixels, a lower bound of 2 √ r h r w ≥ 200 exists for the value of r h + r w .For practical applications, 50 , the key space of the proposed approach thus has a lower bound of 2 850 for its size.The key space size of the proposed encryption approach is compared with those of several other state-of-the-art encryption methods.Table 1 shows the comparison.Table 1 clearly shows that the key space of the proposed approach is larger than most other encryption methods in size.It is thus more secure than most other methods under attacks of brutal force.
Table 1.A comparison of the proposed approach and a few other methods for image encryption on key space sizes.

Encryption Approaches Key Space Size
The proposed 2 850 Ref. [28] 2 3320 Ref. [27] 2 2092 Ref. [22] 2 199 Ref. [ In cases where a key is represented by 32 binary bits, Equation (30) suggests that the number of keys that can generate a given value for x k is not larger than 32.In addition, it is clear from Equations ( 34)-(54) that at most ⌈N 0 /K 0 ⌉ different values of x k can lead to the same integer key for encoding.In practice, N 0 and K 0 can be selected such that ⌈N 0 /K 0 ⌉ ≤ 2 20 holds.Since 15 different chaotic systems are altogether utilized for the encoding of a partially encrypted image, the total number of combinations of keys that are equivalent is at most 32 × 2 20 15 = 2 375 .Since the size of the key space is at least 2 850 , at least 2 475 combinations of keys are mutually not equivalent.

Statistical Attacks
As part of the experiments, the proposed approach is utilized to encrypt seven benchmark color images and the cipher images obtained on them are analyzed to evaluate their security under statistical attacks.Figure 4a-g show the seven color benchmark images.Two of these images, with the names Girl and Monarch, are 768 × 512 images.The remaining five images, with names Lena, Fruits, Baboon, Peppers, and Airplane, are 512 × 512 images.
In cases where a key is represented by 32 binary bits, Equation (30) suggests that the number of keys that can generate a given value for  is not larger than 32.In addition, it is clear from Equations ( 34)-(54) that at most ⌈ / ⌉ different values of  can lead to the same integer key for encoding.In practice,  and  can be selected such that ⌈ / ⌉ ≤ 2 holds.Since 15 different chaotic systems are altogether utilized for the encoding of a partially encrypted image, the total number of combinations of keys that are equivalent is at most (32 × 2 ) = 2 .Since the size of the key space is at least 2 , at least 2 combinations of keys are mutually not equivalent.

Statistical Attacks
As part of the experiments, the proposed approach is utilized to encrypt seven benchmark color images and the cipher images obtained on them are analyzed to evaluate their security under statistical attacks.Figure 4a-g

Histogram Analysis of Cipher Images
Figure 5a-g show the cipher images generated on all benchmark images with the proposed approach.It is clear from Figure 5 that the cipher images contain randomized data and the original contents in the benchmark images are invisible in their cipher images.The histograms of the cipher images for R, G, and B component values are shown in Figure 6a-c).Figure 6 clearly shows that the distributions of the values of R, G, and B components in all cipher images are close to a uniform distribution.The image contents in the benchmark images cannot be obtained by analyzing the histograms of their cipher images.
The histograms of the cipher images for R, G, and B component values are shown in Figure 6a-c).Figure 6  The variance of histograms is a measure often utilized to compare the distribution described in a histogram with a uniform distribution [31].Let  be a histogram that provides a distribution over integers from 0 to 255.The variance of histogram ( ) of  is defined as shown in Equation (35).
where  = 256 is the number of integers that can be the value of an R, G, or B component in a pixel.ℎ is the integer associated with value  in  and ℎ is the integer associated with value  in  .Equation ( 65) clearly shows that a lower variance of histograms indicates that the corresponding histogram is closer to a distribution that is uniform.Table 2 shows the variances of histograms for the cipher images provided by the proposed approach and the encryption methods developed in [20,28,31,47,48].Table 2 suggests that the performance of the proposed approach on Lena and Airplane is the highest of all tested methods.In addition, its performance is the second best on Fruits, Baboon, Peppers, and Monarch.The overall performance of the proposed method on the variance of histograms is thus better than that of the other tested approaches.The variance of histograms is a measure often utilized to compare the distribution described in a histogram with a uniform distribution [31].Let H c be a histogram that provides a distribution over integers from 0 to 255.The variance of histogram Var(H c ) of H c is defined as shown in Equation (35).
where m = 256 is the number of integers that can be the value of an R, G, or B component in a pixel.h i is the integer associated with value i in H c and h j is the integer associated with value j in H c .Equation ( 65) clearly shows that a lower variance of histograms indicates that the corresponding histogram is closer to a distribution that is uniform.Table 2 shows the variances of histograms for the cipher images provided by the proposed approach and the encryption methods developed in [20,28,31,47,48].Table 2 suggests that the performance of the proposed approach on Lena and Airplane is the highest of all tested methods.In addition, its performance is the second best on Fruits, Baboon, Peppers, and Monarch.The overall performance of the proposed method on the variance of histograms is thus better than that of the other tested approaches.
Table 2.The variance of histograms for cipher images generated with all tested methods for image encryption.

Images
The Proposed Ref. [28] Ref. [31] Ref. [20] Ref. [48] Ref. [47] correlations among pixels in a cipher image cannot be removed completely and their values are thus important measures for the security of an encryption result.Figure 7a-c show the correlations of neighboring pixels in four different directions in Lena for the R, G, and B components.The four directions include the horizontal, vertical, diagonal, and anti-diagonal directions.Figure 8a-c show the correlations of pixels that are adjacent in these four directions for the component values of R, G, and B. The plots in both figures are generated with 3000 pixels chosen in the corresponding image at random.Figures 7 and 8 suggest that the proposed encryption method can significantly reduce the correlations that often exist locally in a plain image.Pixels that are close in a plain image are often strongly correlated in their pixel values.Ideally, the correlations that exist locally among such pixels in a cipher image must be significantly reduced to ensure its strength against statistical attacks.In practice, the local correlations among pixels in a cipher image cannot be removed completely and their values are thus important measures for the security of an encryption result.Figure 7a-c show the correlations of neighboring pixels in four different directions in Lena for the R, G, and B components.The four directions include the horizontal, vertical, diagonal, and anti-diagonal directions.Figure 8a-c show the correlations of pixels that are adjacent in these four directions for the component values of R, G, and B. The plots in both figures are generated with 3000 pixels chosen in the corresponding image at random.Figures 7 and 8 suggest that the proposed encryption method can significantly reduce the correlations that often exist locally in a plain image.Table 3 shows the local correlations between neighboring pixels in the benchmark images and their encryption results.It is clear from Table 3 that, for all benchmark images, the correlations in the four directions have been reduced to values near zero after encryption.The encryption results provided by the proposed method are thus highly secure under statistical attacks.Table 4 compares the correlations for R components in the encryption results generated by all tested approaches on Lena.Table 4 clearly demonstrates that the proposed encryption method achieves the lowest correlation in a vertical direction and its performance on correlations in other directions is comparable with the best performance that can be achieved by the other tested approaches.Table 3 shows the local correlations between neighboring pixels in the benchmark images and their encryption results.It is clear from Table 3 that, for all benchmark images, the correlations in the four directions have been reduced to values near zero after encryption.The encryption results provided by the proposed method are thus highly secure under statistical attacks.Table 4 compares the correlations for R components in the encryption results generated by all tested approaches on Lena.Table 4 clearly demonstrates that the proposed encryption method achieves the lowest correlation in a vertical direction and its performance on correlations in other directions is comparable with the best performance that can be achieved by the other tested approaches.
Table 3.The correlations between pixels that are adjacent in four directions in the testing benchmark images and their encryption results provided by the proposed approach.Table 3.The correlations between pixels that are adjacent in four directions in the testing benchmark images and their encryption results provided by the proposed approach.

Differential Attacks
A tiny amount of change is often introduced to the keys for encryption or the image that needs to be encrypted to test the strength of an encryption approach against differential attacks.Specifically, one of the initial values of the chaotic systems for encoding is changed by a small amount of 10 −16 and the other keys remain the same, a new cipher image can be obtained by encrypting Lena based on the new values of keys. Figure 9a shows the cipher image of Lena obtained with the original values of keys and Figure 9b is the cipher image of Lena generated based on the new values of keys. Figure 9c is the decrypted image obtained from the cipher image in Figure 9a with the original key values.Figure 9d is the decryption result generated from the cipher image in Figure 9b with the new key values.Figure 9 clearly shows that encryption results obtained with the proposed approach are highly sensitive to key values and a slightly different set of key values cannot lead to the corresponding plain images by decryption.
Similarly, a component in a pixel of Lena is changed by 1 to obtain a plain image slightly different from Lena.The new plain image is encrypted with the same set of key values.Figure 10a is the cipher image of Lena and Figure 10b shows the cipher image of the perturbed image of Lena.The difference image of the two cipher images in Figure 10a,b is shown in Figure 10c.It is clear from Figure 10 that cipher images generated based on the proposed approach are highly sensitive to plain images and the cipher image of a plain image cannot be obtained from that of a similar plain image.Similarly, a component in a pixel of Lena is changed by 1 to obtain a plain image slightly different from Lena.The new plain image is encrypted with the same set of key values.Figure 10a is the cipher image of Lena and Figure 10b shows the cipher image of the perturbed image of Lena.The difference image of the two cipher images in Figure 10 a,b is shown in Figure 10c.It is clear from Figure 10 that cipher images generated based on the proposed approach are highly sensitive to plain images and the cipher image of a plain image cannot be obtained from that of a similar plain image.Figure 11 shows the decrypted images of two highly similar cipher images.A component in a pixel of a cipher image of Lena is changed by 1 and the resulting image is a perturbed cipher image of Lena.Both images are decrypted with the key values used to generate the cipher image.Figure 11a is the cipher image of Lena and Figure 11b shows the decrypted image of the image in Figure 11a.Figure 11c is the decrypted result obtained on the perturbed cipher image.Figure 11 suggests that the plain image of a cipher image cannot be inferred from that of a similar cipher image.Figure 11 shows the decrypted images of two highly similar cipher images.A component in a pixel of a cipher image of Lena is changed by 1 and the resulting image is a perturbed cipher image of Lena.Both images are decrypted with the key values used to generate the cipher image.Figure 11a is the cipher image of Lena and Figure 11b shows the decrypted image of the image in Figure 11a.Figure 11c is the decrypted result obtained on the perturbed cipher image.Figure 11 suggests that the plain image of a cipher image cannot be inferred from that of a similar cipher image.Figure 11 shows the decrypted images of two highly similar cipher images.A component in a pixel of a cipher image of Lena is changed by 1 and the resulting image is a perturbed cipher image of Lena.Both images are decrypted with the key values used to generate the cipher image.Figure 11a is the cipher image of Lena and Figure 11b shows the decrypted image of the image in Figure 11a.Figure 11c is the decrypted result obtained on the perturbed cipher image.Figure 11 suggests that the plain image of a cipher image cannot be inferred from that of a similar cipher image.Figure 11 shows the decrypted images of two highly similar cipher images.A component in a pixel of a cipher image of Lena is changed by 1 and the resulting image is a perturbed cipher image of Lena.Both images are decrypted with the key values used to generate the cipher image.Figure 11a is the cipher image of Lena and Figure 11b shows the decrypted image of the image in Figure 11a.Figure 11c is the decrypted result obtained on the perturbed cipher image.Figure 11 suggests that the plain image of a cipher image cannot be inferred from that of a similar cipher image.Two sensitivity measures, including the number of pixels change rate (NPCR) and unified average changing intensity (UACI), are generally used to test the sensitivity of an encryption approach to tiny amounts of perturbation in the keys of encryption or plain image [20,31,35,47].Specifically, let P be a plain color image that contains w columns and h rows, and let C be the cipher image generated based on a given set of values for encryption keys.After one of the encryption keys or a pixel component in the plain color image is changed by a tiny amount, the plain image is encrypted with the same encryption method and a new cipher image C 1 is generated.For a component m, Equations (66) and (67) can be utilized to compute its NPCR and UACI values, where the value of F(u, v, m) is 0 if C(u, v, m) and C 1 (u, v, m) are equal and is 1 otherwise.
For two independent random color images, C 1 and C, a value of 99.6094 is obtained for NPCR and a value of 33.4635 is obtained for UACI.
The initial value for a chaotic system that performs encoding is changed by an amount of 10 −16 to test the key sensitivity of this encryption approach.For each benchmark image, Equations (66) and (67) are utilized to determine the NPCR and UACI for each component.The NPCR and UACI values for key sensitivity can be found in Table 5.Table 5 clearly demonstrates that the key sensitivity values for the benchmark images in all components are near the values that can be obtained on two completely independent random images.For NPCR randomness tests, the work in [49] suggests that lower bound values of 99.5893, 99.5810, and 99.5717 are used for testing levels of 0.001, 0.01, and 0.05, respectively.From Table 5, it is clear that this encryption method is able to pass the test of NPCR randomness at all three levels for each benchmark image.For the tests of UACI randomness [49], lower bound values of 33.3730, 33.3445, and 33.3115 are used for testing levels of 0.001, 0.01, and 0.05, respectively, while the upper bound values of 33.5541, 33.5826, and 33.6156 are used for the three testing levels.The results in Table 5 clearly indicate that this encryption approach is able to pass test of UACI randomness at all three levels for each benchmark image.
Table 6 compares the key sensitivity of the proposed encryption method with several other encryption methods in both UACI and NPCR values obtained on Lena.The results in Table 6 show that a mean value of 99.6100 is achieved by the proposed approach on NPCR values for key sensitivity and the mean value of UACI for the proposed approach is 33.4733.Due to the fact that the best values for NPCR and UACI are 99.6064 and 33.4635, respectively, this encryption method can thus achieve performance that is near optimal and comparable with the best performance achieved by other methods on key sensitivity.With this encryption approach on plain image sensitivity, a pixel is randomly selected in a plain image and one of its pixel components is changed by 1 and the resulting image is encrypted by the proposed approach.Equations (66) and (67) are employed to calculate the UACI and NPCR values for each benchmark image.Table 7 suggests that this encryption approach can pass the randomness tests at all three levels for plain image sensitivity in terms of both UACI and NPCR values.A comparison of the plain image sensitivity values for all tested encryption methods on Lena can be found in Table 8.Table 8 clearly shows that the proposed encryption method can achieve a mean value of 99.6100 on NPCR values for plain image sensitivity.The mean of the plain image sensitivity UACI values for the proposed encryption method is 33.4933.The proposed encryption method can thus achieve near-optimal performance on plain image sensitivity.In addition, its performance is comparable with that of other encryption methods on plain image sensitivity.

Mean STD
The Proposed 80.7231 0.0000 Ref. [28] 80.7231 0.0000 Ref. [27] 80.7229 0.0001 Ref. [35] 80.6343 0.0002 Ref. [20] 80.4352 0.0001 Ref. [31] 80.2396 0.0002 The overall performance of several encryption methods on key sensitivity is compared in Table 15.Table 15 clearly demonstrates that the means of both UACI and NPCR values are near their best values for all components and the overall performance of the proposed encryption method on key sensitivity is better than the overall performance of other methods.Table 16 provides a comparison of the overall performance on plain image sensitivity for all tested methods.Table 16 indicates that the overall performance of the proposed encryption method is comparable with that of the other methods on plain image sensitivity.

Analysis of Classical Attacks
Four different categories of classical attacks have been identified and summarized in previous work [50], the major features of these attacks can be described as follows.

1.
Known plaintext attacks.In these attacks, a certain amount of plaintext and its ciphertext are available and can be utilized during attacks.

2.
Chosen ciphertext attacks.In such attacks, a computer program that implements the decryption algorithm can be accessed by an attacker to decrypt some selected special ciphertext and its plaintext can be obtained.

3.
Chosen plaintext attacks.In attacks of this type, a computer program that implements the encryption algorithm can be utilized by an attacker to encrypt some special plaintext and its ciphertext can be generated.4.
Ciphertext-only attacks, in such types of attacks, a certain amount of ciphertext is available to an attacker.
It is clear from the above descriptions of the four classical attacks that chosen ciphertext attacks and chosen plaintext attacks are more powerful than the other types of attacks.An encryption approach can properly handle all four types of classical attacks if it is capable of defending its cipher images against the chosen ciphertext attacks and chosen plaintext attacks.In these two different types of attacks, an attacker obtains equivalent encryption keys by analyzing the plaintext of some special ciphertext or the ciphertext of some special plaintext.Section 2 clearly shows that the equivalent encryption keys of the proposed approach are dependent on the contents of a plain image.The equivalent keys obtained by an attacker thus cannot lead to the plain image of a cipher image since a different set of equivalent keys is needed to decipher the cipher image.Cipher images provided by the proposed approach are thus secure under both chosen ciphertext attacks and chosen plaintext attacks.The proposed approach is thus able to properly handle classical attacks from all four categories.

Discussion
The proposed encryption method has been evaluated based on several benchmark color images and a set of images from the BSD dataset.However, its overall performance on all possible types of plain color images remains uncertain and thus needs to be evaluated by experiments that are more comprehensive.The encoding operations in the proposed encryption method are based on a codebook that is under constant evolution and updates determined by a set of chaotic systems.It is expected that encodings performed on longer subsequences can possibly further improve the randomness of an encryption result and thus lead to improved security for a cipher image.However, for a subsequence of l bits, a codebook with 2 l entries needs to be constructed and maintained for encryption.Such an exponential growth in the size of a codebook requires that l must be a small integer.The exponential size of the codebook used for encoding is thus an important disadvantage of the proposed approach.Further improvements in this aspect may need to be considered in future work.
In [51], an encryption method that combines bit-level scrambling with multiplication diffusion is proposed for image encryption.Similar to the proposed approach, the bit-level scrambling operations developed in [51] partitions the bits in an image into eight sets for scrambling.However, the method in [51] scrambles bits based on a combination of flip scrambling, improved circle index scrambling, and binary tree while the bit-level scrambling method proposed in this paper utilizes a rectangular structure and a set of logistic systems to scramble the bits.The techniques developed in [51] for bit-level scrambling can potentially be used together with the proposed approach to further improve the security of cipher images.

Conclusions
A new method is proposed in this paper to generate secure encryption results for color images.A color image can be encrypted in three phases.In the first phase, the proposed approach partitions the binary bits in the pixel values of an image into a few sequences and scrambles the bits in each sequence to obtain a fully scrambled color image.In the second phase of the approach, a scrambled image is processed with a set of accumulative bit exclusive-or operations performed on all columns and rows the image contains.The resulting image is an image that is partially encrypted.The third phase of the approach utilizes an evolutionary codebook to encode the partially encrypted image and generate the encryption result.The codebook is constantly updated with the cross-over and mutation operations determined by the outputs of a number of chaotic systems.Analysis of the proposed encryption method on its key space demonstrates that it is secure under attacks that utilize brutal forces.Testing results show that the encryption results provided by the proposed method are secure under different types of attacks.Its performance is also compared with that of several other encryption methods based on several different measures for security.The results of the comparison suggest that it is able to achieve overall performance higher than that of several other approaches developed to encrypt images.The proposed approach can thus be used in various applications that require the secure encryption of color images.
For future research, more comprehensive analysis and experiments are needed to evaluate the overall performance of the proposed approach.In addition, more sophisticated cross-over and mutation operations can be developed to further improve the security of encryption.The work in [52] analyzes the bit-level scrambling operations used in an encryption approach based on chaotic systems and develops a chosen ciphertext attack method that can crack the approach.It is, therefore, necessary to consider the bit-level operations developed in other research work [51,52] to further improve the randomness of scrambled images.
Entropy 2024, 26, x FOR PEER REVIEW 5 of 31 generated after all subsequences are sequentially encoded with the evolutionary codebook.

Figure 1 .
Figure 1.A description of the first phase of the proposed approach for generating a scrambled image.

Figure 2 .
Figure 2. A description of the sweeping process in the second phase of the proposed approach.

Figure 1 .
Figure 1.A description of the first phase of the proposed approach for generating a scrambled image.

Figure 1 .
Figure 1.A description of the first phase of the proposed approach for generating a scrambled image.

Figure 2 .
Figure 2. A description of the sweeping process in the second phase of the proposed approach.

Figure 3 .
Figure 3.A description of the encoding process in the third phase of the proposed approach.

Figure 2 .
Figure 2. A description of the sweeping process in the second phase of the proposed approach.

Figure 1 .
Figure 1.A description of the first phase of the proposed approach for generating a scrambled image.

Figure 2 .
Figure 2. A description of the sweeping process in the second phase of the proposed approach.

Figure 3 .
Figure 3.A description of the encoding process in the third phase of the proposed approach.Figure 3. A description of the encoding process in the third phase of the proposed approach.

Figure 3 .
Figure 3.A description of the encoding process in the third phase of the proposed approach.Figure 3. A description of the encoding process in the third phase of the proposed approach.
show the seven color benchmark images.Two of these images, with the names Girl and Monarch, are 768 × 512 images.The remaining five images, with names Lena, Fruits, Baboon, Peppers, and Airplane, are 512 × 512 images.

Figure 4 .Figure 4 .
Figure 4. Benchmark color images utilized to test the proposed approach.(a) image Lena; (b) image Fruits; (c) image Baboon; (d) image Peppers; (e) image Airplane; (f) image Monarch; (g) image Girl.3.2.1.Histogram Analysis of Cipher ImagesFigure5a-g show the cipher images generated on all benchmark images with the proposed approach.It is clear from Figure5that the cipher images contain randomized data and the original contents in the benchmark images are invisible in their cipher images.

Figure 5 .
Figure 5. Cipher images obtained by the proposed encryption method.(a-g) are the results of encryption for Lena, Fruits, Baboon, Peppers, Airplane, Monarch, and Girl, respectively.

Figure 6 .
Figure 6.Histograms obtained from the values of R, G, and B components in the cipher images.(ac), respectively, show the histograms for the values of R, G, and B components; in each row, histograms for the cipher images of Lena, Fruits, Baboon, Peppers, Airplane, Monarch, and Girl are shown in order from left to right.

Figure 6 .
Figure 6.Histograms obtained from the values of R, G, and B components in the cipher images.(a-c), respectively, show the histograms for the values of R, G, and B components; in each row, histograms for the cipher images of Lena, Fruits, Baboon, Peppers, Airplane, Monarch, and Girl are shown in order from left to right.

Figure 7 .
Figure 7. Correlations in different directions in Lena for the component values of R, G, and B. (a-c), respectively, are the correlation plots for R, G, and B components.In each row, correlations obtained for the horizontal, vertical, diagonal, and anti-diagonal directions are shown from left to right.

Figure 7 .
Figure 7. Correlations in different directions in Lena for the component values of R, G, and B. (a-c), respectively, are the correlation plots for R, G, and B components.In each row, correlations obtained for the horizontal, vertical, diagonal, and anti-diagonal directions are shown from left to right.

Figure 8 .
Figure 8. Correlations in four different directions for the component values of R, G, and B in the cipher image of Lena.(a-c) are the correlation plots for the component values of R, G, and B, respectively.Correlations in the horizontal, vertical, diagonal, and anti-diagonal directions are shown from left to right in each row.

Figure 8 .
Figure 8. Correlations in four different directions for the component values of R, G, and B in the cipher image of Lena.(a-c) are the correlation plots for the component values of R, G, and B, respectively.Correlations in the horizontal, vertical, diagonal, and anti-diagonal directions are shown from left to right in each row.

Figure 9 .
Figure 9.A comparison of cipher images and decrypted images obtained on Lena with one of the keys slightly perturbed; (a) the cipher image obtained with the original values of keys; (b) the cipher image obtained with the perturbed values of keys; (c) the decrypted image obtained from the cipher image in (a) with the original values of keys; (d) the decrypted image obtained from the cipher image in (b) with the original values of keys.

Figure 10 .
Figure 10.A comparison of cipher images obtained on Lena and a perturbed plain image of Lena; (a) the cipher image obtained on Lena; (b) the cipher image obtained on the perturbed Lena; (c) the difference between the cipher images in (a,b).

Figure 11 .
Figure 11.Decrypted images of a cipher image of Lena and its perturbed cipher image; (a) a cipher image of Lena; (b) the decrypted image of the cipher image in (a); (c) the decrypted image of the perturbed cipher image of Lena.

Figure 9 .Figure 9 .Figure 10 .
Figure 9.A comparison of cipher images and decrypted images obtained on Lena with one of the keys slightly perturbed; (a) the cipher image obtained with the original values of keys; (b) the cipher image obtained with the perturbed values of keys; (c) the decrypted image obtained from the cipher image in (a) with the original values of keys; (d) the decrypted image obtained from the cipher image in (b) with the original values of keys.

Figure 11 .
Figure 11.Decrypted images of a cipher image of Lena and its perturbed cipher image; (a) a cipher image of Lena; (b) the decrypted image of the cipher image in (a); (c) the decrypted image of the perturbed cipher image of Lena.

Figure 10 .
Figure 10.A comparison of cipher images obtained on Lena and a perturbed plain image of Lena; (a) the cipher image obtained on Lena; (b) the cipher image obtained on the perturbed Lena; (c) the difference between the cipher images in (a,b).

Figure 9 .Figure 10 .
Figure 9.A comparison of cipher images and decrypted images obtained on Lena with one of the keys slightly perturbed; (a) the cipher image obtained with the original values of keys; (b) the cipher image obtained with the perturbed values of keys; (c) the decrypted image obtained from the cipher image in (a) with the original values of keys; (d) the decrypted image obtained from the cipher image in (b) with the original values of keys.Similarly, a component in a pixel of Lena is changed by 1 to obtain a plain image slightly different from Lena.The new plain image is encrypted with the same set of key values.Figure10ais the cipher image of Lena and Figure10bshows the cipher image of the perturbed image of Lena.The difference image of the two cipher images in Figure10a,b is shown in Figure10c.It is clear from Figure10that cipher images generated based on the proposed approach are highly sensitive to plain images and the cipher image of a plain image cannot be obtained from that of a similar plain image.

Figure 11 .
Figure 11.Decrypted images of a cipher image of Lena and its perturbed cipher image; (a) a cipher image of Lena; (b) the decrypted image of the cipher image in (a); (c) the decrypted image of the perturbed cipher image of Lena.

Figure 11 .
Figure 11.Decrypted images of a cipher image of Lena and its perturbed cipher image; (a) a cipher image of Lena; (b) the decrypted image of the cipher image in (a); (c) the decrypted image of the perturbed cipher image of Lena.

Table 4 .
The correlations for neighboring pixels in three directions in the encryption results provided by the proposed encryption method and several other approaches for Lena.

Table 5 .
Values of key sensitivities for the proposed encryption method in NPCR and UACI in all three components.

Table 6 .
The NPCR and UACI values for the key sensitivity of all tested encryption methods on Lena.
Table 7 shows the NPCR and UACI values obtained on each benchmark image for plain image sensitivity.It is clear that all plain image sensitivity values in Table 7 are close to the values obtained on two completely independent random images.

Table 7 .
Plain image sensitivities of the proposed encryption method in NPCR and UACI for all three components.

Table 8 .
The NPCR and UACI values for the plain image sensitivity of all tested encryption methods on Lena.

Table 13 .
The statistical data on the information entropies of the encryption results provided by all tested methods.

Table 14 .
The statistical data on the PSNRs of the encryption results generated by all tested encryption approaches.

Table 15 .
The statistical data on the key sensitivity NPCRs and UACIs in the encryption results generated by all tested methods.

Table 16 .
The statistical data on the plain image sensitivity NPCRs and UACIs for the R, G, and B components in the cipher images generated with all tested methods.