A New Image Encryption Algorithm Based on Chaos and Secure Hash SHA-256

In order to overcome the difficulty of key management in “one time pad” encryption schemes and also resist the attack of chosen plaintext, a new image encryption algorithm based on chaos and SHA-256 is proposed in this paper. The architecture of confusion and diffusion is adopted. Firstly, the surrounding of a plaintext image is surrounded by a sequence generated from the SHA-256 hash value of the plaintext to ensure that each encrypted result is different. Secondly, the image is scrambled according to the random sequence obtained by adding the disturbance term associated with the plaintext to the chaotic sequence. Third, the cyphertext (plaintext) feedback mechanism of the dynamic index in the diffusion stage is adopted, that is, the location index of the cyphertext (plaintext) used for feedback is dynamic. The above measures can ensure that the algorithm can resist chosen plaintext attacks and can overcome the difficulty of key management in “one time pad” encryption scheme. Also, experimental results such as key space analysis, key sensitivity analysis, differential analysis, histograms, information entropy, and correlation coefficients show that the image encryption algorithm is safe and reliable, and has high application potential.


Introduction
In recent years, with the rapid development of computer technology, digital image processing technology has also rapidly developed and penetrated into all aspects of life, such as remote sensing, industrial detection, medicine, meteorology, communication, investigation, intelligent robots, etc. Therefore, image information has attracted widespread attention. Image data security is very important, especially in the special military, commercial and medical fields. Image encryption has become one of the ways to protect digital image transmission. However, the image data has the characteristics of large amounts of data, strong correlation and high redundancy, which lead to low encryption efficiency and low security, so the traditional encryption algorithms, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES), cannot meet the needs of image encryption [1]. Chaos has the characteristics of high sensitivity to the initial conditions and system parameters, no periodicity, pseudo randomness, ergodicity and chaotic sequences can be generated and regenerated accurately, so it is especially suitable for image encryption. Therefore, many image encryption algorithms have been put forward using chaotic system. In 1998, the American scholar Fridrich put forward the classical substitution-diffusion architecture for image encryption [2]. This structure subsequently has drawn

Adding Surrounding Pixels
A hash function is any function that can be used to map data of arbitrary size to data of a fixed size. Here, we use SHA-256 to generate the 256-bit hash value V, which can be divided into 32 blocks with the same size of 8-bit, the i-th block v i ∈ [0, 255], i = 1, 2, . . . , 32, so V can be expressed as V = v 1 , v 2 , . . . , v 32 . Suppose the size of the plain-image P is m × n, obtain an integer k as: k = f ix(2(m + n + 1)/32) + 1 (1) where, fix(x) rounds the elements of x to the nearest integers towards zero. Then we generate a sequence H that has (32k) elements by: where, repmat(V, [1, k]) creates a large matrix H consisting of a 1 × k tiling of copies of V, e.g., repmat( [3,6,9], [1,2]) = [3,6,9,3,6,9]. Then, matrix RI of size 2 × (n + 2) is formed by taking the first 2n + 4 numbers of the sequence H, and the CI matrix of size 2 × m is formed by taking the remaining 2m numbers of H. The elements of RI and CI have the same representation format as the pixels of P. For example, The SHA-256 hash value of the plaintext image "cameraman" of size 256 × 256 is the character string S, which is: S = "d6f35e24b1f70a68a37c9b8bfdcd91dc3977d7a98e67d453eb6f8003b6c6 9443". According to the string S, we can get a sequence V of length 32. V = (214, 243, 94, 36,177,247,10,104,163,124,155,139,253,205,145,220,57,119,215,169,142,103,212,83,235,111,128,3,182,198,148,67 RI and CI will surround the plaintext image. These values will affect all pixels after the confusion and diffusion operation. Figure 1 shows a numerical example of using RI and CI to add pixels to the image "cameraman". Figure 1b shows the result of the operation. It can be seen that the underscore is derived from RI and the value of bold is from CI. where, repmat(V, [1, k]) creates a large matrix H consisting of a 1 × k tiling of copies of V, e.g., repmat( [3,6,9], [1,2]) = [3,6,9,3,6,9]. Then, matrix RI of size 2 × (n + 2) is formed by taking the first 2n + 4 numbers of the sequence H, and the CI matrix of size 2 × m is formed by taking the remaining 2m numbers of H. The elements of RI and CI have the same representation format as the pixels of P. For example, The SHA-256 hash value of the plaintext image "cameraman" of size 256 × 256 is the character string S, which is: S = "d6f35e24b1f70a68a37c9b8bfdcd91dc3977d7a98e67d453eb6f8003b6c6 9443". According to the string S, we can get a sequence V of length 32. V = (214, 243, 94, 36,177,247,10,104,163,124,155,139,253,205,145,220,57,119,215,169,142,103,212,83,235,111,128,3,182,198,148,67). So, the sequence H of length 1028 can be obtained as H = (214, 243, 94, 36, 177, 247, 10, …, 214, 243). Similarly, matrices RI and CI are also obtained, as shown below: RI and CI will surround the plaintext image. These values will affect all pixels after the confusion and diffusion operation. Figure 1 shows a numerical example of using RI and CI to add pixels to the image "cameraman". Figure 1b shows the result of the operation. It can be seen that the underscore is derived from RI and the value of bold is from CI.

Hyper-Chaotic System and Chebyshev Map
The scheme is based on a hyper-chaotic system and two Chebyshev maps. We will use a four dimensional hyper-chaotic system with five system parameters and four initial conditions [29], which can be modeled by Equation (3): where, a, b, c, d and e are parameters of the system. When a = 35, b = 3, c = 12, d = 7 and e ∈ (0.085, 0.798), the system is hyper-chaotic and has two positive Lyapunov exponents, LE1 = 0.596, LE2 = 0.154. So the system is in a hyper-chaotic state. The system attractor curves are presented in Figure 2.

Hyper-Chaotic System and Chebyshev Map
The scheme is based on a hyper-chaotic system and two Chebyshev maps. We will use a four dimensional hyper-chaotic system with five system parameters and four initial conditions [29], which can be modeled by Equation (3): dx dt a y x w dy dt dx xz cy dz dt xy bz dw dt yz ew (3) where, a, b, c, d and e are parameters of the system. When a = 35, b = 3, c = 12, d = 7 and e ∈ (0.085, 0.798), the system is hyper-chaotic and has two positive Lyapunov exponents, LE1 = 0.596, LE2 = 0.154. So the system is in a hyper-chaotic state. The system attractor curves are presented in Figure 2. The two Chebyshev maps are modeled by Equation (4): where, u1(1) and u2 (1) are initial values.

The Generation of Random Sequences of the Encryption System
The initial values of the chaotic system are given, then we iterate the hyper-chaotic system (1) to produce four sequences denoted as X = [x(i)], Y= [y(i)], Z = [z(i)] and W = [w(i)], respectively, where, i = 1, 2, … At the same time, u1(1) and u2(1) are given, the two Chebyshev maps from Equation (4) are iterated to generate two sequences denoted as U1 and U2, respectively. To further enhance the complexity of sequences, These six chaotic sequences X, Y, Z, W, U1 and U2 are transformed into three real value sequences D1, D2 and D3 in the interval [0, 1] by the following Formulas (5)-(7), then The two Chebyshev maps are modeled by Equation (4): where, u 1 (1) and u 2 (1) are initial values.

The Generation of Random Sequences of the Encryption System
The initial values of the chaotic system are given, then we iterate the hyper-chaotic system (1) to produce four sequences denoted as X = [x(i)], Y= [y(i)], Z = [z(i)] and W = [w(i)], respectively, where, i = 1, 2, . . . At the same time, u 1 (1) and u 2 (1) are given, the two Chebyshev maps from Equation (4) are iterated to generate two sequences denoted as U 1 and U 2 , respectively. To further enhance the complexity of sequences, These six chaotic sequences X, Y, Z, W, U 1 and U 2 are transformed into three real value sequences D 1 , D 2 and D 3 in the interval [0, 1] by the following Formulas (5)-(7), then transform three real value sequences D 1 , D 2 and D 3 into three integer value sequences S, V and T by  (1), v(2), . . . , v(l)}, T = {t(1), t(2), . . . , t(l)}, which will be used in the later encryption process, where, s(i), v(i) and t(i) ∈ {0, 1, . . . , 255}, i = 1,2, . . . , l: where, round(x) rounds x to the nearest integer, and mod(x, y) returns the remainder after x is divided by y. The sequence D 1 is used to scramble images, while D 2 , S, V and T are used for image diffusion operation. Figure 3 is the numerical distribution curve of chaotic key sequence S, V and T. the abscissa represents 256 gray levels and the ordinate represents the frequency of each gray level. From Figure 3, it can be seen that the key flow S, V and T distribute evenly, and the pseudo-randomness is good.
Entropy 2018, 20, x 5 of 18 transform three real value sequences D1, D2 and D3 into three integer value sequences S, V and T by the following Formulas (8)-(10), so we get three sequences S = {s(1), s(2), …, s(l)}, V = {v(1), v(2), …, v(l)}, T = {t(1), t(2), …, t(l)}, which will be used in the later encryption process, where, s(i), v(i) and t(i) ∈ {0, 1, …, 255}, i = 1,2, …, l: ( ) where, round(x) rounds x to the nearest integer, and mod(x, y) returns the remainder after x is divided by y. The sequence D1 is used to scramble images, while D2, S, V and T are used for image diffusion operation. Figure 3 is the numerical distribution curve of chaotic key sequence S, V and T. the abscissa represents 256 gray levels and the ordinate represents the frequency of each gray level. From Figure 3, it can be seen that the key flow S, V and T distribute evenly, and the pseudo-randomness is good.

Statistical Test Analysis of the Three CPRNG Sequences S, V and T
In order to measure randomness of the three CPRNG sequences S, V and T, we use the NIST SP800-22 statistical test suite (Rev1a, Information Technology Laboratory, Computer Security Resource Center, Gaithersburg, MD, USA), which consists of 15 statistical tests. Each test result is converted to a p-value for judgement, and when applying the NIST test suite, a significance level α = 0.01 is chosen for testing. If the p-value ≥ α, then the test sequence is considered to be pseudo-random.
Setting different initial conditions of chaotic system, and using systems (3) and (4) as well as Equation

Statistical Test Analysis of the Three CPRNG Sequences S, V and T
In order to measure randomness of the three CPRNG sequences S, V and T, we use the NIST SP800-22 statistical test suite (Rev1a, Information Technology Laboratory, Computer Security Resource Center, Gaithersburg, MD, USA), which consists of 15 statistical tests. Each test result is converted to a p-value for judgement, and when applying the NIST test suite, a significance level α = 0.01 is chosen for testing. If the p-value ≥ α, then the test sequence is considered to be pseudo-random.
Setting different initial conditions of chaotic system, and using systems (3) and (4) as well as Equations (5)-(10), 1000 sequences S, 1000 sequences V and 1000 sequences T are generated, respectively. The parameters used in the test are set as: a = 35, b = 3, c = 12, d = 7, e = 0.1583, x(0) = 0.398, y(0) = 0.45, z(0) = 0.78, w(0) = 0.98, u 1 (1) = 0.58 and u2(1) varies from 0.0005 to 0.9995 with a variable step size of 0.0001. Hence, 1000 sequences of {S, V, T} can be generated. The length of each integer sequence is 125,000 and each integer has 8 bits. Then three decimal integer sequences are turned into three binary sequences by converting each decimal number into an 8-bit binary number and connecting them together. Therefore, each binary sequence has the length of 1,000,000 bits (125,000 × 8 = 100,000). Unlike the bit sequence generation method introduced in the related literature [30], the method of generating bit sequences in our scheme can be demonstrated by the following simple example.  Table 1. From Table 1, we can see that all the p-values from all 1000 sequences are greater than the significance level α = 0.01, indicating that the tests meet the requirements of SP800-22 randomness, and the pass rate is also in acceptable range. Compared with the results of relevant literature [30], the overall result is not very different. However, the linear complexity index of our scheme is obviously better than that of reference [30], but the Rank index is slightly worse than that of reference [30].

Architecture of the Proposed Cryptosystem
In this paper, we use the classical permutation-diffusion image encryption structure. During the permutation process, we use the permutation sequence generated by the chaotic system to shuffle the pixels. However, the permutation does not change the pixel value, but makes the statistical relationship between cyphertext and key complicated, so that the opponent cannot infer the key statistics from the statistical relationship between cyphertext. Diffusion means that each bit of the plaintext affects many bits of the cyphertext, or that each bit of the cyphertext is affected by many bits of the plaintext, thus enhancing the sensitivity of the cyphertext.

Encryption Algorithm
The encryption process consists of three stages. Firstly, generating key streams by using the hyper-chaotic system and adding surrounding pixels to the plaintext image. Secondly, performing the permutation process. Thirdly, performing the diffusion process. The architecture of the encryption process is shown in Figure 4, and the operation procedures are described as follows: Step 1: Assume that the size of the plaintext image is m × n, adding surrounding pixels to the plaintext image matrix P m×n According to the method described in Section 2.1 to get image matrix P (m+2)×(n+2) . The matrix P (m+2)×(n+2) is converted to a one dimensional vector P 0 = {p 0 (1), p 0 (2), . . . , p 0 (l)}, where l = (m + 2) × (n + 2).
Step 2: Produce the required chaotic sequences D 1 , D 2 , S, V and T of length l for encryption according to the method described in Section 2.3.
Step 3: Permuting P 0 obtained in step 1 according to Equations (11) and (12). In order to make the scrambling sequence related to plaintext to prevent the chosen plaintext attack, a disturbance term g associated with the plaintext is added according to Equation (10) when the scrambling sequence h is generated, where g = sum(P 0 )/(256 × l), Therefore, the scrambling sequence h = {h(1), h(2), . . . , h(l)} is different when encrypting different plaintext images. In Equation (11), floor(x) rounds x to the nearest integers towards minus infinity: Step 4: Perform confusion and diffusion. Encrypt the first element in p 0 by Equation (13): Step 5: Set i = 2, 3, . . . , l, calculate the dynamic indexes kt 1 and kt 2 by Equations (14) and (15), which are used for encrypting the i-th element in p 0 . Obviously, Step 6: Encrypt the i-th element according to the following Equations (16)- (18): From Equation (16), for different plain images, the sequence [tt(i)] will be different, that will lead to the different i-th encrypted value.

Decryption Algorithm
The decryption process is the process of transforming cyphertext into plaintext, and the reverse process of encryption. The decryption process is described as follows: Step 1: Produce the required chaotic sequences D1, D2, S, V and T of length l for decryption according to the method described in Section 2.3 and calculate the dynamic indexes kt1 and kt2 according to Equations (14) and (15).

Decryption Algorithm
The decryption process is the process of transforming cyphertext into plaintext, and the reverse process of encryption. The decryption process is described as follows: Step 1: Produce the required chaotic sequences D 1 , D 2 , S, V and T of length l for decryption according to the method described in Section 2.3 and calculate the dynamic indexes kt 1 and kt 2 according to Equations (14) and (15).
Step 2: The cyphertext image is translated into a one dimensional vector CC = [cc(1), cc (2), . . . , cc(l)]. The intermediate cyphertext C is obtained by: Step 3: Calculate the sequence tt according to Equation (16) and decrypt the last element in p 0 by: Step 4: In the opposite direction, we decrypt the plaintext pixel P 0 (l − 1), P 0 (l − 2), . . . , P 0 (2) by Equation (22). Finally, the pixel P 0 (1) is decrypted as: Step 5: Perform inverse permutation. Because the sum of pixel values before and after scrambling remains unchanged, the g value can be calculated by the sequence P 0 decrypted in Step 4, Thus, the sequence H = {h(1), h(2), . . . , h(l)} can be obtained by Equation (11). It should be noted that this process is reversed in the direction of encryption, from the last pixel to the first pixel, that is: Finally, the decrypted sequence P 0 is transformed into a matrix P of size (m + 2) × (n + 2). Discarding the first row, the last row, and the first column and the last column of the matrix P , and we can obtain a matrix P of size m × n. P is the recovered plaintext image.

Application of the Algorithm for Color Images
A color image is composed of three main components, i.e., R, G and B. The hash values of R, G and B matrices are computed respectively, and then the hash values are transformed into sequences according to the method of Section 2.1. Then adding surrounding pixels to R, G and B by using the sequences to obtain three new matrices R , G and B , respectively. Then R , G and B are encrypted in parallel and similar to the encryption of gray level image. Decryption process of matrixes R, G and B is also similar to the proposed decryption process in Section 3.2. (2) In the permutation process, by adding a perturbation g (g = sum(P 0 )/(256 × l)) to the chaotic sequence D 1 , the permutation sequence h is generated by Equation (10). Therefore, h is related to plaintext, which can resist the chosen plaintext attack. At the same time, g is not part of the decryption key, which reduces the difficulty of key management. (3) From Equation (16), it is known that the sequence tt is related to the transition cyphertext c, so the sequence tt is different when encrypting different images, which further strengthens the ability of the encryption system to resist chosen plaintext attack. (4) From the cyphertext feedback mechanism of Equation (17), It can be seen that our encryption algorithm is sensitive to plaintext.

Simulation Results
In this paper, the standard 256 × 256 image of "cameraman" is used as the input image. Matlab 2014a (MathWorks, Natick, MA, USA) is utilized to simulate the encryption and decryption operations and set parameters (x(0), y(0), z(0), w(0)) = (0.398, 0.456, 0.784, 0.982). The continuous hyper-chaotic system (3) was solved by the ode45 solver of Matlab. The time step used in this algorithm is the adaptive variable step size instead of fixed step size. Figure 5a is the scrambled image, Figure 5b is the encrypted image and the decrypted image is shown in Figure 5c. It can be seen that the cyphertext image is a chaotic image, and has nothing to do with the original image. Therefore, the encryption effect of the algorithm is good. then the image is not an image of all the same pixel values. On the other hand, the hash value of the image is not needed in decryption, which reduces the difficulty of key management.
(2) In the permutation process, by adding a perturbation g (g = sum(P0)/(256 × l)) to the chaotic sequence D1, the permutation sequence h is generated by Equation (10). Therefore, h is related to plaintext, which can resist the chosen plaintext attack. At the same time, g is not part of the decryption key, which reduces the difficulty of key management. (3) From Equation (16), it is known that the sequence tt is related to the transition cyphertext c, so the sequence tt is different when encrypting different images, which further strengthens the ability of the encryption system to resist chosen plaintext attack. (4) From the cyphertext feedback mechanism of Equation (17), It can be seen that our encryption algorithm is sensitive to plaintext.

Simulation Results
In this paper, the standard 256 × 256 image of "cameraman" is used as the input image. Matlab 2014a (MathWorks, Natick, MA, USA) is utilized to simulate the encryption and decryption operations and set parameters (x(0), y(0), z(0), w(0)) = (0.398, 0.456, 0.784, 0.982). The continuous hyper-chaotic system (3) was solved by the ode45 solver of Matlab. The time step used in this algorithm is the adaptive variable step size instead of fixed step size. Figure 5a is the scrambled image, Figure 5b is the encrypted image and the decrypted image is shown in Figure 5c. It can be seen that the cyphertext image is a chaotic image, and has nothing to do with the original image. Therefore, the encryption effect of the algorithm is good.

Security Analysis
In this section, we will discuss the security analysis of the proposed encryption scheme with the traditional 8-bit gray image as an example.

Key Space
In cryptography, the larger the key space, the stronger the ability to resist brute force attacks. In the proposed cryptosystem, the keys are the initial value x(0), y(0), z(0), w(0) of the chaotic system (3), the chaotic system parameter e and the initial values u 1 (1), u 2 (1) of the two Chebyshev maps (4). The precision of x(0), y(0), z(0), w(0), u 1 (1) and u 2 (1) is 10 −15 , while the precision of the parameter e is 10 −12 for e∈(0.085, 0.798), so the key space size will be (10 15 ) 6 × 10 12 = 10 102 ≈ 2 339 . In Reference [1], Li pointed out that the effective key space of the image encryption system should be greater than 2 100 in order to prevent brute force attacks, so the key space of our algorithm is sufficiently large to resist against brute-force attacks. Table 2 lists the key space of several similar algorithms. By comparison, the key space of this algorithm is better than most algorithms' key space. The size of the key space depends not only on the number of keys, but also on the number of possible values for each key. The problem of numerical chaotic systems is that the finite precision of the machines (e.g., computers) leads to performance degradation [31][32][33][34], such as: the key space is reduced, some weak keys appear, and the randomness of the sequence is reduced. In order to identify and avoid weak keys, we need to calculate the Lyapunov exponents of chaotic systems, or plot the phase space trajectories of the system.

Key Sensitivity
The key sensitivity can be evaluated in two aspects: First, the cyphertext image will be completely different when encrypting the same plaintext image with slightly different keys, which is measured by the change rate t of the cyphertext image. Second, no information about the plaintext image is available in the image decrypted from the wrong key, even though there is a very small difference between the wrong key and the correct key.
The specific method of calculating the change rate t of cyphertext image is as follows: first, the change of the key is kh, and the other parameters remain unchanged. For example, when calculating the sensitivity of the key a, the cyphertext C 1 is obtained by encrypting the plaintext image with the key a. In the same way, the cyphertext image C 2 and the cyphertext image C 3 are obtained by encrypting the plaintext image with the key a + kh and the key a − kh, respectively. We can calculate the pixel difference rate t 1 between C 1 and C 2 and the pixel difference rate t 2 between C 1 and C 3 , respectively. Then, the change rate of cyphertext image t = (t 1 + t 2 )/2 is obtained. The sensitivity of each key is calculated by this method, as shown in Table 3, where the change kh is 10 −15 for each key x(0), y(0), z(0), w(0). The calculated results show that the new algorithm is very sensitive to the initial secret key values.
The sensitivity test results of Table 3 confirmed that the sensitivity of the proposed algorithm to the keys x(0), y(0), z(0), w(0) is very high, and can reach more than 10 −15 . In order to evaluate the Table 3. Sensitivity tests for each initial secret key value.

Keys
Change Rate of Cyphertext Image t

Plaintext Sensitivity
The sensitivity of the algorithm to plaintext means that a small change in plaintext will cause a huge change in the corresponding cyphertext. This is one of the criteria for cryptographic security analysis. From the encryption process, we can see that the algorithm is sensitive to plaintext: first, if the image has a little difference, the hash value will be completely different. Therefore, the two matrices RI and CI generated in Section 2.1 and the disturbance term g will be different, so the scrambled image will be different and will lead to the great change of pseudo-random sequence tt. Experimentally, NPCR (number of pixels change rate) and UACI (unified average changing intensity) are used to measure the degree of sensitivity of image encryption algorithms to plaintext. NPCR and UACI respectively represent the percentage and change degree of the number of pixels in the encrypted image after the pseudo-random change of the gray value of a pixel in the original image. The formulas for the calculation of NPCR and UACI are as follows: where, M × N is the size of the image. x(i, j) represent the pixel in a coordinate (i, j) of the cyphertext image corresponding to the original plaintext image, and x′(i, j) represent the pixel in a coordinate (i, j) of the cyphertext image corresponding to the changed plaintext image. For 256 bit grayscale images, the expected values of NPCR and UACI are 99.6094% and 33.4635%, respectively. In this paper, four classical images ("cameraman", "pepper", "rice" and "autumn") are selected to be tested. In each image, the pixel values of randomly selected 200 pixels are changed, and their maximum, minimum, and average values of NPCR are listed in the Table 4. In order to show the

Plaintext Sensitivity
The sensitivity of the algorithm to plaintext means that a small change in plaintext will cause a huge change in the corresponding cyphertext. This is one of the criteria for cryptographic security analysis. From the encryption process, we can see that the algorithm is sensitive to plaintext: first, if the image has a little difference, the hash value will be completely different. Therefore, the two matrices RI and CI generated in Section 2.1 and the disturbance term g will be different, so the scrambled image will be different and will lead to the great change of pseudo-random sequence tt. Experimentally, NPCR (number of pixels change rate) and UACI (unified average changing intensity) are used to measure the degree of sensitivity of image encryption algorithms to plaintext. NPCR and UACI respectively represent the percentage and change degree of the number of pixels in the encrypted image after the pseudo-random change of the gray value of a pixel in the original image. The formulas for the calculation of NPCR and UACI are as follows: where, M × N is the size of the image. x(i, j) represent the pixel in a coordinate (i, j) of the cyphertext image corresponding to the original plaintext image, and x (i, j) represent the pixel in a coordinate (i, j) of the cyphertext image corresponding to the changed plaintext image. For 256 bit grayscale images, the expected values of NPCR and UACI are 99.6094% and 33.4635%, respectively. In this paper, four classical images ("cameraman", "pepper", "rice" and "autumn") are selected to be tested. In each image, the pixel values of randomly selected 200 pixels are changed, and their maximum, minimum, and average values of NPCR are listed in the Table 4. In order to show the superiority of our encryption algorithm, the maximum and minimum values of NPCR and UACI for each image calculated by the encryption algorithm of Referemce [35] are shown in Table 5. As shown in Tables 4 and 5, the average values of NPCR and UACI of the four images of the new algorithm are higher than the average of NPCR and UACI in Reference [31], thus proving that our algorithm has better performance in resisting differential attacks.

Statistical Analysis
Statistical analysis mainly includes: histogram analysis, chi-square test, adjacent pixel correlation analysis and information entropy analysis. In this part we will evaluate the algorithm from above aspects.

Statistical Histogram Analysis
Gray histogram is a function of gray level, which reflects the distribution of gray level in the image and describes the number of pixels of each gray level in the image, but does not contain the position information of these pixels in the image. Figure 7 are the histograms of the Pepper image and the corresponding cipher images. In the histogram, the horizontal axis denotes the gray level, and the vertical axis denotes the pixel number of each gray level. It can be seen that the probability distribution of plaintext image histogram presents a single peak distribution, while the corresponding cyphertext image histogram probability distribution is close to the equal probability distribution, so the cyphertext image is a pseudo-random image.
Entropy 2018, 20, x 12 of 18 superiority of our encryption algorithm, the maximum and minimum values of NPCR and UACI for each image calculated by the encryption algorithm of Referemce [35] are shown in Table 5. As shown in Tables 4 and 5, the average values of NPCR and UACI of the four images of the new algorithm are higher than the average of NPCR and UACI in Reference [31], thus proving that our algorithm has better performance in resisting differential attacks.

Statistical Analysis
Statistical analysis mainly includes: histogram analysis, chi-square test, adjacent pixel correlation analysis and information entropy analysis. In this part we will evaluate the algorithm from above aspects.

Statistical Histogram Analysis
Gray histogram is a function of gray level, which reflects the distribution of gray level in the image and describes the number of pixels of each gray level in the image, but does not contain the position information of these pixels in the image. Figure 7 are the histograms of the Pepper image and the corresponding cipher images. In the histogram, the horizontal axis denotes the gray level, and the vertical axis denotes the pixel number of each gray level. It can be seen that the probability distribution of plaintext image histogram presents a single peak distribution, while the corresponding cyphertext image histogram probability distribution is close to the equal probability distribution, so the cyphertext image is a pseudo-random image.  Figure 7d shows that the histogram of the cyphertext image is uniformly distributed, which can resist statistical attacks and can be proved by the chi-square test [36], which is described by the following expression:

Chi-Square Test
where, vk is the actual frequency of each gray level, and e is the expected frequency of each gray level. For different sizes of images, e is different, for example, e is 256 for the image cameraman of size 256 × 256. however, e is 768 for the image pepper of size 384 × 512. The smaller the chi square value, the better the uniformity of cyphertext images. For the confidence level a = 0.05, if the chi square value does not exceed 295.25, it is considered to pass the test. In this paper, the cyphertext image is generated by changing one bit of the ordinary image. The process is repeated 30 times. for confidence level = 0.05, and the average results for the four images "cameraman", "pepper", "rice" and "autumn" are demonstrated in Table 6. It can be seen that the chi-square value of the histogram of the cyphertext images are less than 295.5, which means that the histogram of the cyphertext image has passed Chi-square test for confidence level =0.05 and better than in Kulsoom [37].

Information Entropy
The entropy of an image is expressed as the average number of bits of the set of gray levels of an image. It also describes the average amount of information of an image source. The greater the entropy, the more confusing the information provided by the image. For discrete two-dimensional images, the formula of information entropy E is shown in Equation (29) where, pi is the probability of the occurrence of gray value i. When the probability distribution of cyphertext is equal probability distribution, that is, the probability of each value of [0, 255] is 1/256, the maximum entropy is 8 bits. The information entropy of four cyphertext images of "rice",  Figure 7d shows that the histogram of the cyphertext image is uniformly distributed, which can resist statistical attacks and can be proved by the chi-square test [36], which is described by the following expression:

Chi-Square Test
where, v k is the actual frequency of each gray level, and e is the expected frequency of each gray level. For different sizes of images, e is different, for example, e is 256 for the image cameraman of size 256 × 256. however, e is 768 for the image pepper of size 384 × 512. The smaller the chi square value, the better the uniformity of cyphertext images. For the confidence level a = 0.05, if the chi square value does not exceed 295.25, it is considered to pass the test. In this paper, the cyphertext image is generated by changing one bit of the ordinary image. The process is repeated 30 times. for confidence level = 0.05, and the average results for the four images "cameraman", "pepper", "rice" and "autumn" are demonstrated in Table 6. It can be seen that the chi-square value of the histogram of the cyphertext images are less than 295.5, which means that the histogram of the cyphertext image has passed Chi-square test for confidence level =0.05 and better than in Kulsoom [37].

Information Entropy
The entropy of an image is expressed as the average number of bits of the set of gray levels of an image. It also describes the average amount of information of an image source. The greater the entropy, the more confusing the information provided by the image. For discrete two-dimensional images, the formula of information entropy E is shown in Equation (29): where, p i is the probability of the occurrence of gray value i. When the probability distribution of cyphertext is equal probability distribution, that is, the probability of each value of [0, 255] is 1/256, the

Pixel Correlation Analysis
In a natural image, there is a high correlation between each pixel and its adjacent pixels, which means that there is a small difference in the gray value in the larger area of the image. One of the goals of encrypted image is to reduce the correlation between adjacent pixels, and the smaller the correlation, the better the encryption effect, the higher the security. Correlation mainly includes the correlation between horizontal pixels, vertical pixels and diagonal pixels. Firstly, 4000 pixels are selected randomly from the "cameraman" image and the corresponding cyphertext image as the base points, and 4000 pairs of adjacent pixels are collected along the horizontal, vertical and diagonal directions respectively, and the correlation distribution maps in these three directions are drawn, as shown in Figure 8. It can be seen that there is a strong correlation between adjacent pixels of plaintext image, showing a linear relationship, and for cyphertext image, this correlation is greatly weakened, showing a strong randomness. This indicates that the image encryption effect is good and the security is high. In order to further quantify the linear correlation between the adjacent pixels, the correlation coefficients can be calculated as: where, xi and yi represent the gray values of two adjacent pixels, respectively, and n represents the number of pixel pairs selected. The correlation coefficients of adjacent pixels of the original image and the cyphertext image are shown in Table 8. It can be seen that the absolute values of the correlation coefficients between adjacent pixels in three directions of the plaintext image are very close to 1, while the absolute values of the correlation coefficients between adjacent pixels in each direction of the corresponding cyphertext image are close to 0, and the correlation is weakened.

Computational Speed Analysis
Finally, the time complexity of the algorithm for encryption/decryption is evaluated. Several images for different sizes have been considered and the time complexity is given. The time complexity analysis is achieved on zn Intel(R) Pentium(R) Dual Core processor CPU (2.3 GHz with 2 GB RAM) personal computer. The algorithm is developed in Matlab R2014a and compiled by 7.14 on Windows 7 Home Premium edition. The results are shown in Table 9. This shows that our algorithm In order to further quantify the linear correlation between the adjacent pixels, the correlation coefficients can be calculated as: where, x i and y i represent the gray values of two adjacent pixels, respectively, and n represents the number of pixel pairs selected. The correlation coefficients of adjacent pixels of the original image and the cyphertext image are shown in Table 8. It can be seen that the absolute values of the correlation coefficients between adjacent pixels in three directions of the plaintext image are very close to 1, while the absolute values of the correlation coefficients between adjacent pixels in each direction of the corresponding cyphertext image are close to 0, and the correlation is weakened.

Computational Speed Analysis
Finally, the time complexity of the algorithm for encryption/decryption is evaluated. Several images for different sizes have been considered and the time complexity is given. The time complexity analysis is achieved on zn Intel(R) Pentium(R) Dual Core processor CPU (2.3 GHz with 2 GB RAM) personal computer. The algorithm is developed in Matlab R2014a and compiled by 7.14 on Windows 7 Home Premium edition. The results are shown in Table 9. This shows that our algorithm is faster than most of the algorithms in [39,40,43,44], but it is just slightly slower than that in [40].
In general, the encryption algorithm based on the spatial domain is faster than the algorithm based on the image frequency domain [45].

Conclusions
A new image encryption scheme is proposed, which includes three main components: adding pixels around the image, pixel scrambling and pixel diffusion. Firstly, the hash value of the plaintext image is converted into a pseudo-random sequence, then adding pseudo-random sequences to the surrounding area of plaintext images. The pseudo-random sequences used in the permutation and diffusion process are related to the plaintext image, which can resist chosen plaintext attack. Different from previous algorithms, our algorithm transforms the hash value of the plaintext image into a pseudo-random sequence, which takes the pseudo-random sequence as part of the encrypted image, while the previous algorithm takes the hash value of the plaintext image as a part of the key. In our encryption algorithm, the key of the encryption system is only the initial value of the chaotic system, which reduces the difficulty of key management. In addition, the algorithm also has the following advantages, which can be demonstrated by theoretical analysis and experimental results: the key space is large, the cyphertext is very sensitive to plaintext and keys, the distribution of pixels in encrypted image is uniform, the correlation between adjacent pixels of cyphertext is very low, and the information entropy of cyphertext images is close to the ideal value of 8, Therefore, the proposed algorithm has good application prospects in secure image communication and storage applications.