Double Quantum Image Encryption Based on Arnold Transform and Qubit Random Rotation

Quantum image encryption offers major advantages over its classical counterpart in terms of key space, computational complexity, and so on. A novel double quantum image encryption approach based on quantum Arnold transform (QAT) and qubit random rotation is proposed in this paper, in which QAT is used to scramble pixel positions and the gray information is changed by utilizing random qubit rotation. Actually, the independent random qubit rotation operates once, respectively, in spatial and frequency domains with the help of quantum Fourier transform (QFT). The encryption process accomplishes pixel confusion and diffusion, and finally the noise-like cipher image is obtained. Numerical simulation and theoretical analysis verify that the method is valid and it shows superior performance in security and computational complexity.


Introduction
Quantum computation has shown great potential for improving information processing speed and enhancing communication security [1][2][3]. The quantum image encryption technology exploits quantum mechanics principles, such as parallel and entanglement, to further protect the security of information transmission and decrease computational resource [4][5][6][7].
Due to the promising prospect of quantum image encryption, various kinds of algorithms are gradually proposed [8][9][10][11][12][13]. Among the existing algorithms, most of them are designed in spatial domain. For example, Zhou proposed a quantum image encryption algorithm using three geometric transformations, including image translation, image mirror transformation, and image sub-block swapping, which changes pixel position to some extent [14]. However, this method relies solely on geometric transformation, which leads to the increase of correlation of adjacent pixels and therefore the encryption performance is seriously affected. Except using geometric transformation to scramble pixel positions, Song proposed a novel quantum image encryption method by introducing additional color transformations, which realized pixel values diffusion and obtained better encryption results [15]. Moreover, Zhou introduced hyper-chaotic system to encrypt quantum image through XOR operation implemented with control-NOT gate [16]. Li proposed a simple color image encryption method by using 24 qubits to represent color information and employing controlled rotation gates to transform the basic state into balanced superposition state, which makes the encrypted image like a uniform white noise [17].
The quantum version of classical frequency transform tools, such as quantum Fourier transform (QFT) [18], quantum wavelet transform (QWT) [19], quantum discrete cosine transform (QDCT) [20], and promote the development of quantum image processing algorithm in frequency domain [21,22]. These quantum transforms mentioned above have lower computational complexity than their classical counterpart. Utilizing these quantum transform tools, some efficient quantum image encryption methods are investigated. Yang proposed novel quantum image encryption algorithms based on double random phase encoding framework [23], where the QFT substitutes the Fourier transform and the encryption performance of which surpasses its classical counterparts in terms of statistical analyses, robustness, and computational complexity. After that, Yang extended the quantum double random phase encoding scheme to encrypt color image [24], which introduces color image encryption into quantum scenarios in frequency domain. Recently, Li proposed a quantum encryption and compression scheme based on QDCT and a five-dimensional hyper-chaotic system [25].
Whether the quantum image encryption algorithms devised in spatial domain or frequency domain, image scrambling operation plays an important role. Jiang investigated quantum Arnold transform and Fibonacci transform method, where the quantum circuits are given and computational complexity is analyzed [26,27]. The chaos theory is also widely used in image encryption schemes [28][29][30][31][32]. Diaconu proposed a chaos based image encryption scheme by employing the circular inter-intra permutation strategy [33]. Stoyanov presented a Chebyshev polynomial based image encryption scheme, which shows the advantage in terms of key space [34]. Parvees utilized logistic map and key image to efficiently encrypt large size image [35]. Soon afterwards, Zhou suggested the generalized Arnold transform with feature of chaotic mapping [36,37]. In addition, a generalized quantum affine transform is proposed to scramble images, which can encode pixel positions effectively [38]. Quantum Hilbert scrambling method is also introduced and achieves good permutation effect [39]. These scrambling methods adopt position space scrambling strategies, which do not change color space. To overcome this defect, Zhou proposed a bit-plane scrambling method that is based on Gray-code [40], which simultaneously changes the pixel positions and pixel values, and it even can be used directly to encrypt images. By combining the bit-plane scrambling method and the Hilbert scrambling method, Naseri proposed a quantum gray-scale image encoding scheme, where a randomly generated binary key is used to select encoding scheme [41].
The existing quantum image encryption algorithms mainly focus on single gray or color image, while the research on double quantum image encryption or multiple quantum image encryption is still scarce. In view of this, a double quantum image encryption algorithm that is based on quantum Arnold transform (QAT) and qubit random rotation is proposed. Firstly, the two images to be encrypted are represented through a flexible quantum image representation model called flexible representation for quantum images (FRQI). Next, the two quantum states are scrambled using QAT with different parameters, and one of the scrambled quantum images is encoded into amplitude part and another is encoded into phase part. Then the independent random qubit rotation operates once, respectively, in spatial and frequency domains with the help of quantum Fourier transform (QFT) to accomplish pixel confusion and diffusion. The noise-like cipher image can be finally obtained by performing inverse QFT. The original images can be exactly recovered without cross-talk. The quantum parallel computation speeds up the process of double image encryption and decryption. Numerical simulation results and theoretical analyses demonstrate that the proposed algorithm is effective and the computational complexity is decreased.

FRQI Representation Model
The first step of quantum image processing is to design a suitable representation model, which can be run on quantum computers for compiling digital image. Nowadays, several efficient representation models are proposed [3]. The FRQI representation model [42] is widely used, as it is similar with pixel representation in classical computer and accord with human perception of vision. The FRQI representation model stores gray and geometric information using a normalized quantum state. For a gray image M of size 2 n × 2 n , the representation can be expressed, as follows, where θ = θ 1 , θ 2 , · · · , θ 2 2n −1 is the vector used to encode phase information of gray values and |i = |y |x = |y n−1 y n−2 · · · y 0 |x n−1 x n−2 · · · x 0 is used to encode corresponding pixel positions of θ.
The symbol ⊗ denotes tensor product. There are only 2n + 1 qubits required when encoding image and the computational complexity of preparation process is O 2 4n .

Quantum Arnold Transform (QAT)
The Arnold transform, used as method for image pixel scrambling, is built on the research of ergodic theory and it was extended to quantum image processing in 2014 by Jiang et al. [26]. QAT aims to transform the image into a confused form through changing the coordinates of pixels.
Suppose that the image of size 2 n × 2 n to be scrambled is denoted as I(x, y), where (x, y) represent pixel positions. A two-dimensional Arnold transform is described, as follows, i.e., x = (x + y)mod 2 n y = (x + 2y)mod 2 n (4) The output (x , y ) is the scrambled position information and the inverse transform can be deduced as follows, The scrambling period of Arnold transform is associated with the size of image, and some determined values for particular cases are given in Table 1. Although the period of Arnold transform cannot be accurately computed, it can be seen that the period grows with the increase of image size. The quantum circuits shown in Figure 1 are used to accomplish the QAT scrambling. The detailed information of quantum adder module and adder-mod2 n module is presented in [27].

Proposed Double Quantum Image Encryption Scheme
In this section, the proposed double quantum image encryption scheme based on QAT and qubit random rotation is illustrated in detail. Let the two images to be encrypted be respectively denoted as

Proposed Double Quantum Image Encryption Scheme
In this section, the proposed double quantum image encryption scheme based on QAT and qubit random rotation is illustrated in detail. Let the two images to be encrypted be respectively denoted as I 1 and I 2 . According to the FRQI representation model, the original images can be represented as follows, where the gray values are represented as The whole double quantum image encryption algorithm consists the following five steps.
Step 1. Scramble the two original images |I 1 and |I 2 in spatial domain using QAT to get I 1 and |I 2 . The parameters of QAT corresponding to |I 1 and |I 2 are respectively denoted as p 1 and p 2 , which represent the iteration times of scrambling.
where QAT(|yx ) = |(x + 2y)mod 2 n |(x + y)mod 2 n . There are a total of p 1 times scrambling operations for quantum image |I 1 and p 2 times for |I 2 .
Step 2. Encode the scrambled image |I 2 into a phase function and the scrambled image I 1 is regarded as amplitude. Then, a new complex image |I involving all the information of the two original images can be expressed, as follows, Entropy 2018, 20, 867

of 16
Step 3. Perform qubit random rotation on quantum image |I to transform its each gray value angle into a new angle. The rotation matrix R yx φ yx defined as follows is used to change angles in spatial domain, where φ yx is uniformly distributed in the interval [0, 2π]. The controlled rotation matrix CR YX (φ YX ) defined as follows is used to change angles in position (Y, X), The controlled rotation matrix CR YX (φ YX ) is a unitary matrix because of CR YX CR † YX = I⊗ 2n+1 . The CR † YX represents the Hermitian conjugate of CR YX and the symbol I denotes unit matrix. In order to complete the rotation of all positions, the products of 2 2n controlled rotation matrices are applied on quantum image |I and obtain |E 1 .
Step 4. Transform the obtained |E 1 into frequency domain using QFT. The QFT is the identical transform of discrete Fourier transform, which is defined as follows, Similar to the rotation in spatial domain, qubit random rotation is employed in the frequency domain. Another rotation matrix T yx ψ yx defined as follows is used, where ψ yx is also uniformly distributed in the interval [0, 2π]. The controlled rotation matrix CT YX ψ yx is defined, as follows, The controlled rotation matrix CT YX (ψ YX ) is also a unit matrix and CT YX CT † YX = I⊗ 2n+1 . The rotation of frequency domain can be accomplished using the product of 2 2n controlled rotation matrices operate on quantum image |E 1 and obtain |E 2 .
Step 5. Execute the inverse quantum Fourier transform (iQFT) and the final encrypted quantum image |E is obtained.
The decryption scheme is just the inverse of the aforementioned encryption scheme as the quantum transformations used are unitary and invertible. The keys including parameters of QAT p 1 and p 2 , two rotation matrices R(φ) and T(ψ) are needed to correctly decrypt the cipher image. Corresponding to the encryption procedure, the decryption process can be expressed, as follows.
Step 1. Perform QFT on the encrypted quantum image |E and obtain |E 2 , Step 2. Execute quantum rotation on |E 2 using the key T(ψ).
Step 3. Apply iQFT on the result that was obtained in previous step and |E 1 is attained. Then, the qubit rotation is operated on |E 1 with the key R yx φ yx . This step can be expressed as follows, Step 4. Extract two quantum images I 1 and |I 2 from |I , I 1 = abs(|I ) |I 2 = angle(|I )/π (22) where abs(·) and angle(·) denote the extraction of amplitude and phase, respectively.
Step 5. Execute inverse QAT (iQAT) on quantum images I 1 and |I 2 with keys p 1 and p 2 , thus the original images |I 1 and |I 2 are decrypted. (24) where iQAT p 1 denotes operate p 1 times iQAT on pixel position |y x and iQAT p 2 operates in a similar way. The iQAT can be expressed, as follows,

Numerical Simulation and Discussion
Due to the lack of quantum hardware to implement the proposed double image encryption algorithm, numerical simulations are made on a classical computer with the MATLAB software (R2017a, MathWorks, Natick, MA, USA). The quantum states and quantum transformations can be simulated using complex vectors and unitary matrices. Therefore, the MATLAB is good at dealing with linear algebra is selected as the simulation tool. The size of all the original images is 256 × 256 and the period of QAT is 192. The image is scrambled when the parameter of QAT is not exactly equal to the multiple of period. The randomly selected iteration times of QAT can be severed as keys and they are set to p 1 = 42 and p 2 = 73 in the experiment. The rotation matrices R(φ) and T(ψ) are randomly generated. Three pairs of original images and corresponding cipher images are shown in Figure 2, from which can be seen that the encrypted images are noise-like and security analyses are given in the following subsections.  Figure 2, from which can be seen that the encrypted images are noise-like and security analyses are given in the following subsections

Histogram Analysis
The gray histogram is generally used to view the pixel distribution by count the frequency of pixels in all gray level. The histograms corresponding to Figure 2 are plotted in Figure 3, from which can be seen that the histogram of each original image is different from each other, but the histograms of all the cipher images are similar. In addition, the histograms of the cipher images are smoother. Therefore, there is no clue for eavesdroppers performing statistical attack or differential attack on the encrypted images and any useful information cannot be obtained.

Histogram Analysis
The gray histogram is generally used to view the pixel distribution by count the frequency of pixels in all gray level. The histograms corresponding to Figure 2 are plotted in Figure 3, from which can be seen that the histogram of each original image is different from each other, but the histograms of all the cipher images are similar. In addition, the histograms of the cipher images are smoother. Therefore, there is no clue for eavesdroppers performing statistical attack or differential attack on the encrypted images and any useful information cannot be obtained.

Correlation Analysis
The adjacent pixels in natural images are highly correlated while such correlation should be break for an ideal image encryption scheme. To verify the confusion and diffusion effect of the proposed double quantum image encryption algorithm, the correlation coefficients (CC) in horizontal, vertical, and diagonal directions are computed. Moreover, the correlation distributions are plotted.
The CC value of adjacent pixels is defined, as follows, where u and v represent two adjacent pixel values. The u and v denote mean value, i.e., Take the images shown in Figure 2 as example to test the correlation of adjacent pixels, and the CC values in three directions are listed in Table 2. It can be seen that the CC values in the cipher image are close to 0 in three directions, which means that the correlation is greatly decreased in cipher images.

Correlation Analysis
The adjacent pixels in natural images are highly correlated while such correlation should be break for an ideal image encryption scheme. To verify the confusion and diffusion effect of the proposed double quantum image encryption algorithm, the correlation coefficients (CC) in horizontal, vertical, and diagonal directions are computed. Moreover, the correlation distributions are plotted.
The CC value of adjacent pixels is defined, as follows, Take the images shown in Figure 2 as example to test the correlation of adjacent pixels, and the CC values in three directions are listed in Table 2. It can be seen that the CC values in the cipher image are close to 0 in three directions, which means that the correlation is greatly decreased in cipher images.  In addition, in order to visualize the correlation distribution of original images and the cipher image, 16,000 pairs of adjacent pixels are randomly selected from each direction. Take the images in third group as example, the distributions in horizontal, vertical, and diagonal directions are respectively shown in Figure 4a-i. The first row shows the horizontal distributions and second row shows the vertical distribution, and the diagonal direction is shown in the last row. From the distribution, figures of adjacent pixels can be seen that the proposed algorithm breaks the high correlation in original images and therefore the eavesdroppers cannot obtain information from the statistical analysis.

Information Entropy
The information entropy can reflect the spatial feature of gray distribution, which is defined using the probability of gray value. As the gray level of experimental images is 0-255, suppose that the probability of gray value i is P(i), then the information entropy IE can be calculated as The value of IE grows with the degree of confusion and the ideal value for encrypted image should be 8. Table 3 lists the IE values of original images and cipher images, from which can be seen that information entropy is increased. The results of information entropy coincided with the correlation analysis. Table 3. The information entropy of original and cipher images.

Noise Robustness
The images are usually interfered with noises during processing or transmission, which decrease the quality of decrypted images. In order to value the robustness of anti-noise of the proposed algorithm, Gussian noises with different intensity are added to the encrypted images. Take the second group of image as example, let E denote the encrypted image and E represents the noisy encrypted image, then the noise adding process can be expressed as where G denotes (0, 1) Gussian noise and k is noise intensity. The decrypted images with different noise intensity are shown in Figure 5a-f. Although the noise intensity increases to 120, the original information can still be recognized. In addition, the mean square error (MSE) is introduced to quantitative compare the difference of between the decrypted image and the original image. The MSE is defined as where D(i, j) and I(i, j) denote the decrypted image and the original image, respectively. The MSE curves under different intensities of noise are plotted in Figure 6. In combination with the decrypted images that are shown in Figure 5, it can be seen that the proposed algorithm performs good in resisting noise attacks. It also can be concluded that the QAT scrambling process improves the performance of anti-noise in some degree.   Figure 6. In combination with the decrypted images that are shown in Figure 5, it can be seen that the proposed algorithm performs good in resisting noise attacks. It also can be concluded that the QAT scrambling process improves the performance of anti-noise in some degree.   Figure 6. In combination with the decrypted images that are shown in Figure 5, it can be seen that the proposed algorithm performs good in resisting noise attacks. It also can be concluded that the QAT scrambling process improves the performance of anti-noise in some degree.    Figure 6. In combination with the decrypted images that are shown in Figure 5, it can be seen that the proposed algorithm performs good in resisting noise attacks. It also can be concluded that the QAT scrambling process improves the performance of anti-noise in some degree.

Key Sensitivity Analysis
For a good image cryptosystem, the cipher key should be sensitive to secure it against brute-force attack. In the proposed algorithm, the keys include two independent random rotation matrices and two parameters of QAT. Take the first group of image as an example, the decrypted images with correct keys are shown in Figure 7a. Figure 7b shows the decrypted images with incorrect random rotation matrix    R , from which can be seen that the recovered images are blurry. Figure 7c shows the decrypted images with incorrect random rotation matrix    T , from which can be seen that the recovered images are noise-like and any useful information cannot be obtained. The decrypted images with incorrect parameters of QAT are shown in Figure 7d and Figure 7e, where the deviations of parameters are 3 and 8 respectively. Obviously, the original image can be successfully recovered when all the keys are correct.

Key Sensitivity Analysis
For a good image cryptosystem, the cipher key should be sensitive to secure it against brute-force attack. In the proposed algorithm, the keys include two independent random rotation matrices and two parameters of QAT. Take the first group of image as an example, the decrypted images with correct keys are shown in Figure 7a. Figure 7b shows the decrypted images with incorrect random rotation matrix R(φ), from which can be seen that the recovered images are blurry. Figure 7c shows the decrypted images with incorrect random rotation matrix T(ψ), from which can be seen that the recovered images are noise-like and any useful information cannot be obtained. The decrypted images with incorrect parameters of QAT are shown in Figure 7d In addition, the key space of the proposed algorithm is analyzed. To resist brute-force attack, the key space should larger than 100 2 under current computation ability. As the keys used are independent, the total key space is the product of a single key space. The key space for QAT is about 15 2 . The key space for random rotation matrix depends on the size of image, which is larger than . Therefore, the key space is large enough to ensure the security of the proposed algorithm. In addition, the key space of the proposed algorithm is compared with several state of art image encryption algorithms [26,27,[32][33][34]. The comparison results that are shown in Table 4 indicate that the proposed algorithm has a larger key space.

Computational Complexity Analysis
The computational complexity of the proposed algorithm and classical counterpart is analyzed in this subsection. The complexity of quantum algorithm depends on the basic logical element such as Control-NOT gate and NOT gate. The complexity of quantum adder is about 28n [25]. The In addition, the key space of the proposed algorithm is analyzed. To resist brute-force attack, the key space should larger than 2 100 under current computation ability. As the keys used are independent, the total key space is the product of a single key space. The key space for QAT is about 2 15 . The key space for random rotation matrix depends on the size of image, which is larger than 2 256×256 . Therefore, the key space is large enough to ensure the security of the proposed algorithm. In addition, the key space of the proposed algorithm is compared with several state of art image encryption algorithms [26,27,[32][33][34]. The comparison results that are shown in Table 4 indicate that the proposed algorithm has a larger key space.

Computational Complexity Analysis
The computational complexity of the proposed algorithm and classical counterpart is analyzed in this subsection. The complexity of quantum algorithm depends on the basic logical element such as Control-NOT gate and NOT gate. The complexity of quantum adder is about 28n [25]. The adder-mod module includes five adder modules and therefore the complexity of QAT is about 140n. As the proposed algorithm uses twice QAT and the computational complexity in QAT scrambling is estimated to 280n. In addition, the quantum circuits of QFT including n(n − 1)/2 basic gates and random rotation operation has a O(n) complexity. Therefore, the complexity of the proposed algorithm is O n 2 . The computational complexity of each step and overall complexity is shown in Table 5. By contrast, if this algorithm runs on a classical computer, all the operations are performed on every pixel, then the complexity of Arnold transform and angle rotation is 2 2n . Besides, the computational complexity of Fourier transform is O n2 2n . Therefore, the complexity of the classical algorithm is O n2 2n , which is more complex than the quantum one. In a conclusion, the proposed double quantum image encryption algorithm performs better than its classical counterpart in the aspect of computational complexity. Table 5. The computational complexity of each step and overall complexity.

Conclusions
In this paper, a double quantum gray image encryption algorithm that is based on QAT and quantum random rotation is proposed. The main contribution of this paper lies in encrypting double quantum gray images by combining quantum permutation and qubits angle random rotation, which further improves the encryption efficiency. The original two images can be completely retrieved without distortion and cross-talk through using correct keys. The key space of the proposed method is larger than the compared methods, which ensures the security to resist brute-force attack. Experimental results and theoretical analysis show that the proposed algorithm is robustness to resist statistical attack and noise attack. Moreover, the proposed algorithm is superior compared with its counterpart in terms of computational complexity.
There are also some disadvantages in the proposed scheme, such as the histogram of the ciphertext image, is not uniformly distributed. In addition, the color image usually presents abundant information, so color image encryption should be paid more attention. We will focus on solving disadvantages and putting forward double color image encryption schemes in our future research.