A Dynamic DNA Color Image Encryption Method Based on SHA-512

This paper presents a dynamic deoxyribonucleic acid (DNA) image encryption based on Secure Hash Algorithm-512 (SHA-512), having the structure of two rounds of permutation–diffusion, by employing two chaotic systems, dynamic DNA coding, DNA sequencing operations, and conditional shifting. We employed the SHA-512 algorithm to generate a 512-bit hash value and later utilized this value with the natural DNA sequence to calculate the initial values for the chaotic systems and the eight intermittent parameters. We implemented a two-dimensional rectangular transform (2D-RT) on the permutation. We used four-wing chaotic systems and Lorentz systems to generate chaotic sequences and recombined three channel matrices and chaotic matrices with intermittent parameters. We calculated hamming distances of DNA matrices, updated the initial values of two chaotic systems, and generated the corresponding chaotic matrices to complete the diffusion operation. After diffusion, we decoded and decomposed the DNA matrices, and then scrambled and merged these matrices into an encrypted image. According to experiments, the encryption method in this paper not only was able to withstand statistical attacks, plaintext attacks, brute-force attacks, and a host of other attacks, but also could reduce the complexity of the algorithm because it adopted DNA sequencing operations that were different from traditional DNA sequencing operations.


Introduction
With the advent of the big data era, numerous digital images, carrying a large amount of information, are generated daily. Accordingly, the security issues of digital images have become increasingly critical. Traditional data encryption algorithms [1], such as RSA, Data Encryption Standard (DES), and Advanced Encryption Standard (AES), however, are not suitable for image encryption because of their large data capacity and the strong correlation between pixel points. Therefore, researchers have begun to look for new solutions for image encryption [1].
As a result of the special characteristics of DNA, excellent parallelism, and large information density, DNA coding [2,3] is popular in image encryption research. Hu et al. [4] proposed DNA-based image cryptography by implementing the DNA cycle operation in the diffusion process, thereby overcoming the limitations of the DNA complementary operation. Chai et al. [5] proposed an image encryption algorithm by employing DNA coding for the diffusion of pixel values. Meanwhile, Liu et al. [6] proposed a remote-sensing image encryption scheme by utilizing a two-dimensional (2D) logistic map to generate DNA masks; this was then used to generate the DNA matrix. Enayatifar et al. [7] proposed a robust multiple-image encryption with a DNA sequence operation implemented to diffuse the image. Belazi et al. [8] proposed an efficient medical image encryption scheme based on the combination of chaotic systems and DNA computation. Huo et al. [9] proposed a two-round image encryption algorithm utilizing DNA complementary rules. Furthermore, Revathy et al. [10] proposed an authenticated biomedical image transaction based on DNA. Wang et al. [11] used the DNA sequence operation to diffuse the image. Chen et al. [12] proposed a DNA-based image encryption algorithm based on the combination of self-adaptive permutation-diffusion. Liu et al. [13] proposed a color image encryption based on the dynamic DNA and 4-D memresistive hyper chaos. Aashiq et al. [14] presented an image encryption method based on chaotic attractors; on the frequency domain they used the integer wavelet transform to encrypt the image while on the spatial domain they used the DNA sequence. Ballesteros et al. [15] presented a novel method that deviated from traditional schemes, in which variable-length codes based on the Collatz conjecture were used to transform the content of the image into unintelligible audio. Moreover, Ouyang et al. [16] proposed a color image encryption method using the memristive hyperchaotic system and DNA encryption, and Zhu et al. [17] reported an image encryption algorithm based on a matrix of Kronecker products and DNA operations over finite fields. Zhu et al. [18] constructed a five-dimensional continuous hyperchaotic system, and proposed an image encryption scheme based on the hyperchaotic system; this system adopted a dynamic DNA coding mechanism and classical scrambling diffusion encryption structure.
However, some of these DNA-based image cryptography methods pose risks. First, for some DNA-based image encryption schemes, their parameters of the chaotic maps remain unchanged. Second, dynamic DNA coding with different rules is more secure than using only a single rule. Third, a simple confusion or diffusion process is not secure enough. Fourth, an image encryption scheme is not secure enough if the key streams are independent of the plain images.
A secure image encryption scheme should utilize a dynamic permutation and dynamic diffusion process. Moreover, dynamic DNA coding utilizing all rules is more secure than using only a single DNA coding rule. Furthermore, selecting an appropriate chaotic system is also necessary. In addition, the key streams should be dependent of the plain image so that it can resist plaintext attacks. To address these limitations, we proposed a new image encryption algorithm with the structure of two rounds of permutation-diffusion by employing Secure Hash Algorithm-512 (SHA-512), two chaotic systems, dynamic DNA coding, DNA sequencing operations, and conditional shifting.

Lorenz System
In 1963, Lorenz tried to explain the unpredictable behavior of the weather by setting up a system of differential equations. In this paper, the image encryption scheme utilizes this system [4]: where α, β, and γ are the system parameters. When α = 10, β = 8/3, and γ = 28, the system is chaotic.

Four-Wing System
A four-wing system is a four-dimensional hyperchaotic system. The four-wing hyperchaotic system is defined as follows [19]: x . = ax + byz y . = cy + dz z . = exy + kz + mxw w . = ny Because there are two positive Lyapunov exponents, the system has hyperchaotic characteristics.

DNA Coding and Decoding Rule
A DNA sequence consists of four nucleic acid bases, A (adenine), G (guanine), C (cytosine), and T (thymine), which satisfy the Watson-Crick structure [20]. The structure of a DNA sequence is a binary string; on each side of the string, every two nucleic acid bases are complementary, following the rules that A and T are complementary and G and C are complementary. Based on the Watson-Crick structure, only eight combinations can be used for DNA coding [20]. These are listed in Table 1.

DNA Complementary Rules
The DNA complementary rule operation is popular for diffusing a DNA matrix. To satisfy the Watson-Crick structure of the DNA sequence, the complementary rules are defined as follows [21]: In Equation ( In this paper, the complementary rules are defined as follows: where A and B are the nucleic acid base before and after the DNA complementary operation, respectively, and times denotes a matrix which indicates how many times the complementary operation is implemented on a nucleic base in the matrix A, and rules denotes a matrix about which rule is chosen for the operation of the DNA complementary operation.

DNA Cycle Operation
Hu et al. [4] defined another method for DNA matrix diffusion. We use this method in this paper. The DNA cycle function is defined as follows: New nucleic acid base = L(original nucleic acid base, h), Original nucleic acid base = L_1(new nucleic acid base, h), where L is the function of the DNA cycle operation, and h is how many times the DNA cycle operation is performed on the original nucleic acid base to get the new nucleic acid base. Figure 1 shows the process of DNA cycle operation and the inverse DNA cycle operation. To explain the Figure 1 in details, for instance, L(A, 3) = T, since mod(3, 4) = 3; and L_1(A, 7) = G, since mod (7,4).

Mandelbrot Set
A Mandelbrot set is a plane in which all points belong to a complex plane and whose boundary forms a fractal. The Mandelbrot set is defined as M. Set M is used for the conditional shifting operation, which is defined later. A typical M set is defined as follows [22]: where = 0.
In this paper, a modified Mandelbrot set is defined as follows: where () denotes the Mandelbrot set M, = 1,2, …, M and = 1, 2, …, N, and the size of the image is M × N; is constant, and can be any large number. Considering the computational precision on Matlab, in this paper, set C = 10 14 , which is the most popular choice [22].

2D-RT
To solve the limitation of the traditional Arnold maps (i.e., that it cannot permutate the non-square image), this paper used 2D-RT (two-dimensional rectangular transform). The improved 2D-RT can be defined as follows [23]: and the inverse operation of the improved 2D-RT is expressed as where m and n are the sizes of the image. Since 2D-RT was derived from the traditional Arnold map, 2D-RT was an enhanced Tent map and could permutate the non-square image. In this paper, the size of the RGB image P is transformed from M × N × 3 into M × 3N. 2D-RT is implemented t times to permutate the plain images. In Ref. [23], the system parameters a, b, c, and d satisfy ad − bc = 1. In the decryption process, we use the inverse matrix of the original matrix consisting of a, b, c, and d. In the encryption process: while in the decryption process: In this paper, P is the plaintext image. In the encryption process, the zero matrix PST with size M × 3N is defined in previous then the 2D-RT is performed on P for t times to generate the new matrix PST according to Equation (9).

Mandelbrot Set
A Mandelbrot set is a plane in which all points belong to a complex plane and whose boundary forms a fractal. The Mandelbrot set is defined as M. Set M is used for the conditional shifting operation, which is defined later. A typical M set is defined as follows [22]: where Z 0 = 0. In this paper, a modified Mandelbrot set is defined as follows: where W() denotes the Mandelbrot set M, i = 1,2, . . . , M and j = 1, 2, . . . , N, and the size of the image is M × N; C is constant, and C can be any large number. Considering the computational precision on Matlab, in this paper, set C = 10 14 , which is the most popular choice [22].

2D-RT
To solve the limitation of the traditional Arnold maps (i.e., that it cannot permutate the non-square image), this paper used 2D-RT (two-dimensional rectangular transform). The improved 2D-RT can be defined as follows [23]: x y = a b c d x y + r m r n mod m n (9) and the inverse operation of the improved 2D-RT is expressed as where m and n are the sizes of the image. Since 2D-RT was derived from the traditional Arnold map, 2D-RT was an enhanced Tent map and could permutate the non-square image. In this paper, the size of the RGB image P is transformed from M × N × 3 into M × 3N. 2D-RT is implemented t times to permutate the plain images. In Ref. [23], the system parameters a, b, c, and d satisfy ad − bc = 1. In the decryption process, we use the inverse matrix of the original matrix consisting of a, b, c, and d. In the encryption process: while in the decryption process: P(x, y) = PST(x , y ). (12) In this paper, P is the plaintext image. In the encryption process, the zero matrix PST with size M × 3N is defined in previous then the 2D-RT is performed on P for t times to generate the new matrix PST according to Equation (9).

Initial Values and Intermittent Parameters
In the proposed scheme, SHA-512 is exploited and all the initial values of the chaotic system and the intermittent parameters are generated by the SHA-512 hash function of the plain image.
When the plain image is input, the hash sequence of the plain image with 512 bits is generated: K = [k1, k2, . . . , k64]. Next, the initial values are generated for the chaotic system.
First, h1, h2, h3, h4, h5, h6, and h7 are computed as follows: Second, one natural DNA sequence is selected, and then it is converted to a decimal number d s . According to given values of four bases, the corresponding decimals of all bases in the DNA sequence are added. Then, the integer part of the product is removed, and the decimal part is retained. We can get the natural DNA sequence in http://www.ncbi.nlm.nih.gov/ according to geneID, the starting position and the length. For example, we chose a natural DNA sequence with the gene ID of 1054, the starting position of 1022, and the length of 17. The DNA sequence is {TGAAGTTTATACTGTAA}. Then, set A to 0.125112478141254, T to 0.58021545574585, C to 0.98754127451874, and G to 0.96148854586747. The corresponding decimals of all bases in the DNA sequence are added, and the sum is 8.68418997118962. Then, the integer part of 8.68418997118962 is removed, and the decimal part is retained. We can obtain d s = 0.68418997118962. Here, given values, the gene ID, the starting position and the length can all be regarded as part of the key, and they all are set manually.
Next, h1-h4 defined in Equation (13) and d s are used to calculate the initial values x 0 , y 0 , z 0 , and ω 0 for the hyperchaotic system, and are is defined as follows: Meanwhile, h5-h7 defined in Equation (13) and d s are used to calculate the initial values c 1 , c 2 , and c 3 for the Lorenz system: Finally, the intermittent parameters of index 1 to index 8 are calculated by the following: According to Equations (13)- (16), all the initial values of the chaotic systems and the intermittent parameters were determined by the plain image. If there was a one-bit difference between two images, the initial values of the chaotic systems and the intermittent parameters were totally different. Moreover, the chaotic matrices and even the permutated plain images were totally different. Hence, the proposed scheme was sensitive to the plain image.

Conditional Shifting Operation
In this section, the Mandelbrot set is used for the conditional shifting operation. The conditional shifting operating is defined below Algorithm 1.

1:
for I = 1:n 2: find the maximum value of ith column elements of M and denote it as max i 3: find the maximum values of the ith row elements of R 2 , G 2 , and B 2 and denote them as max ri , max gi and max bi , respectively, as follows:

Whole Image Encryption Process
The complete encryption algorithm had a two-round permutation-diffusion structure. In the first round of the permutation-diffusion process, we implemented 2D-RT for permutating the plain image P for t times. Then we decomposed the permutated image P into R 1 , G 1 , and B 1 . The DNA complementary operation was used for the diffusion of the encoded plain image; meanwhile, the DNA cycle operation was implemented for the diffusion of the encoded chaotic matrices. In the second round of the permutation-diffusion process, the conditional shifting was implemented on the decoded images R 2 , G 2 , and B 2 , and we obtained the permutated matrices R 3 , G 3 , and B 3 . Finally, we used the decoded matrices XR, XG, and XB for diffusing matrices R 3 and G 3 . The whole encryption process is demonstrated in Figure 2, and the encryption procedures are described in the subsequent subsections. DNA cycle operation was implemented for the diffusion of the encoded chaotic matrices. In the second round of the permutation-diffusion process, the conditional shifting was implemented on the decoded images R2, G2, and B2, and we obtained the permutated matrices R3, G3, and B3. Finally, we used the decoded matrices XR, XG, and XB for diffusing matrices R3 and G3. The whole encryption process is demonstrated in Figure 2, and the encryption procedures are described in the subsequent subsections.

First Round of Permutation
Step 1: Input the RGB plain image PM × N × 3.
Step 2: Make use of the plain image in the SHA-512 hash function to obtain the initial values for the chaotic systems and the intermittent parameters.
Step 3: Transform the plain image PM ×N ×3 into PM ×3N. Perform 2D-RT on P to permutate the Pt times and obtain the PST.

Process of DNA Encoding
Step 1: Iterate the four-wing chaotic system, with the initial values of x0, y0, z0, and w0, 4MN + l0 times. Remove the first l0 terms to avoid the transient effect. Four sequences X, Y, Z, and W with the length of 4MN are obtained. Next, obtain the sequences X1, Y1, and Z1 by:

First Round of Permutation
Step 1: Input the RGB plain image P M × N × 3 .
Step 2: Make use of the plain image in the SHA-512 hash function to obtain the initial values for the chaotic systems and the intermittent parameters.
Step 3: Transform the plain image P M × N × 3 into P M × 3N . Perform 2D-RT on P to permutate the Pt times and obtain the PST.
Step 4: Divide the PST into three channels: R 1 , G 1 , and B 1 .

Process of DNA Encoding
Step 1: Iterate the four-wing chaotic system, with the initial values of x 0 , y 0 , z 0 , and w 0 , 4MN + l0 times. Remove the first l0 terms to avoid the transient effect. Four sequences X, Y, Z, and W with the length of 4MN are obtained. Next, obtain the sequences X 1 , Y 1 , and Z 1 by: Step 2: Iterate the Lorenz chaotic system, with the initial values of c 1 , c 2 , and c 3 , 4MN + l0 times. Remove the first l 0 terms to avoid the transient effect. The three sequences C 1 , C 2 , and C 3 with the length of 4MN are thus obtained. Next, we obtain the sequences L 1 , L 2 , and L 3 : Step 3: Convert all the pixels of R 1 , G 1 , and B 1 into binary numbers, and obtain three M × 8N matrices R_bin, G_bin, and B_bin. Then, recombine these three matrices into a single matrix T of 3M × 8N by T = T i (i = 1, 2, . . . , 6), where i = index 1 and Step 4: Transform the sequence X1, X2 and X3 into the M × 4N matrices and transform the sequence L1, L2 and L3 into the M × 4N matrices L_1, L_2 and L_3.

Diffusion and DNA Decoding
Step 1: Calculate the hamming distance d 1 -d 8 by: Update the initial parameters x 0 , y 0 , z 0 , w 0 , c 1 , c 2 , and c 3 by: Step 2: Utilize the updated initial parameters x 0 , y 0 , z 0 , and w 0 to iterate the four-wing chaotic system 4MN + l1 times. Remove the first l1 times and obtain four sequences X , Y , Z , and W of 4MN. Next, use X , Y , and Z to generate sequences X 2 , Y 2 , and Z 2 : Step 3: Convert sequences X 2 , Y 2 , and Z 2 into matrices X_2, Y_2, and Z_2 of M × 4N. Next, use the intermittent parameter index 4 and mod (index 4 , 6) +1 to construct and select the DNA decoding matrix by DR_T = DR i1 , DR_CT = DR i2 (i1 = 1, 2, . . . , 6, i2 = 1, 2, . . . , 6), i1 = index 4 , i2 = mod (index 4 , 6) + 1 and: Step 4: Use the initial parameters c 1 , c 2 , and c 3 to iterate the Lorenz chaotic system 4MN + l1 times. Remove the first l1 terms to obtain the three sequences C 1 , C 2 , and C 3 of 4MN. C 1 , C 2 , and C 3 are used to obtain the three sequences L 1 , L 2 , and L 3 by: Entropy 2020, 22, 1091 11 of 23 Step 5: Use d 5 , d 6 , d 7 , and d 8 to update the initial parameters x 0 , y 0 , z 0 , and w 0 to obtain x 0 , y 0 , z 0 , and w 0 by: Then, use the updated initial parameters x 0 , y 0 , z 0 , and w 0 to iterate the four-wing hyperchaotic system 4MN + l2 times. Remove the first l2 terms and obtain the four sequences X , Y , Z , and W of 4MN. Employ X , Y , and Z to calculate the new sequences X 3 , Y 3 , and Z 3 : Step 6: Transform sequences W, W , and W into M × 4N matrices W_1, W_2, and W_3, respectively. Then, use the intermittent parameter index 5 to construct matrix Times, which is used in the DNA complementary operation to determine how many times the operation is performed on a nucleic acid base. Times = Times i (i = 1, 2, . . . , 6), i = index 5 and: The final matrix Times is calculated by: Times = mod(floor(Times − fix(Times)) × 10 14 , 4) + 1 Step 7: Convert sequences X , Y , and Z into M × 4N matrices X_3, Y_3, and Z_3, respectively. Then, use the intermittent parameter index 6 to construct and select the complementary rule matrix CR, which is used to determine which rule is selected in the DNA complementary operation. CR = CR i (i = 1, 2, . . . , 6), i = index 6 and: Step 8: Convert sequences L 1 , L 2 , and L 3 into matrices L_1 , L_2 , and L_3 , respectively. Then utilize the intermittent parameter index 7 for the construction of the matrix Cycle, which is used to determine how many times the DNA cycle operation is performed on a nucleic acid base. Cycle = Cycle i (i = 1, 2, . . . , 6), i = index 7 and: Step 9: Perform the DNA complementary operation on matrix T_DNA to generate matrix DNA_N: where i = 1, 2, . . . , 3M and j = 1, 2, . . . , 4N.
Step 11: Utilize the DNA decoding matrix DR_T to decode DNA matrix DNA_N, which is further converted into decimal matrix F of 3M × N. Meanwhile, utilize DNA decoding matrix DR_CT to decode matrix DNA_C, which is further converted into decimal matrix X of 3M × N.

Second Round of Permutation and Diffusion
Step 1: Use intermittent parameter index 8 to decompose matrix F into R 2 , G 2 , and B 2 of M × N.
Step 2: Calculate the Mandelbrot set M by utilizing the introduced method. Use set M for the conditional shifting performed on R 2 , G 2 , and B 2 . Finally, R 3 , G 3 and B 3 are obtained.
Step 3: Obtain cipher image C by: The proposed cryptosystem was symmetric. We decrypted the encrypted image by applying the encryption in reverse order. Note that we implemented the reverse DNA cycle operation, reverse DNA complementary operation, and reverse 2D-RT instead of the DNA complementary operation, DNA cycle operation, and 2D-RT, respectively. To decrypt the cipher image, the secret keys calculated

Stimulation Results
In this section, we conducted stimulation experiments on Windows 7, with 4.00 GB RAM and an i5-4440 CPU. We implemented the scheme in Matlab 2017a (MathWorks, Natick, USA). Images 256 × 256 in size were used for the encryption and decryption: Lena, Pepper, Baboon, an all-black image, and an all-white image. The three images of objects were in color.  Figure 3, the encrypted images were all noise-like images from which we could not obtain any useful information, but the decrypted images were identical to their plain images, which illustrated that the algorithm was secure and effective.  Figure 3, the encrypted images were all noise-like images from which we could not obtain any useful information, but the decrypted images were identical to their plain images, which illustrated that the algorithm was secure and effective.
Additionally, Table 2 shows the system parameters of the 2D-RT, four-wing hyperchaotic system, and Lorenz chaotic system, and the abandoned numbers of the chaotic sequence. We selected one natural DNA sequence (GeneID is 154, and the starting position is 101, and the length is 1213.) to calculate the initial values. Aiming at the natural DNA sequence selected, we set A to 0.125112478141254, T to 0.58021545574585, C to 0.98754127451874, and G to 0.96148854586747.

Key Space Analysis
We used key space analysis to verify the image encryption scheme's ability to resist brute-force attacks. According to [24,25], the key space must be larger than 2 100 to guarantee the security of the image encryption scheme. In this paper, there are seven initial conditions. If the precision of the computer was 10 14 , the total key space was 10 14×7 = (10 3 ) 32.6 ≈ (2 10 ) 32.6 = 2 326 . The key space of our algorithm is much larger than the theoretical value, so it can resist the exhaustive attack very well. Comparing our key space with others, our key space is also satisfactory. Table 3 shows the comparision of key space. From Table 3, it can be seen that our key space is as good as the key space of others' algorithms, or even better.  Additionally, Table 2 shows the system parameters of the 2D-RT, four-wing hyperchaotic system, and Lorenz chaotic system, and the abandoned numbers of the chaotic sequence. We selected one natural DNA sequence (GeneID is 154, and the starting position is 101, and the length is 1213.) to calculate the initial values. Aiming at the natural DNA sequence selected, we set A to 0.125112478141254, T to 0.58021545574585, C to 0.98754127451874, and G to 0.96148854586747. Figure 3a

Item Value
System parameters of the four-wing hyperchaotic system

Key Space Analysis
We used key space analysis to verify the image encryption scheme's ability to resist brute-force attacks. According to [24,25], the key space must be larger than 2 100 to guarantee the security of the image encryption scheme. In this paper, there are seven initial conditions. If the precision of the computer was 10 14 , the total key space was 10 14×7 = (10 3 ) 32.6 ≈ (2 10 ) 32.6 = 2 326 . The key space of our algorithm is much larger than the theoretical value, so it can resist the exhaustive attack very well. Comparing our key space with others, our key space is also satisfactory. Table 3 shows the comparision of key space. From Table 3, it can be seen that our key space is as good as the key space of others' algorithms, or even better.

Key Sensitivity Results
A secure encryption scheme is sensitive to a slight change of the keys. In the proposed encryption scheme, all the keys were generated from the SHA-512 hash function. Therefore, to test the key sensitivity of the proposed encryption scheme, we used the new hash value to change the last bit of the original hash value. The test image was Lena (256 × 256). In this paper, the hash value with the right key was denoted as K (K = 9f63791ec64b3bb5bcf1d6e1272557c9779b37575f33a72e0fbf7 3a8339bba94d0e3de2ab82ae305ee0a71a122123407227708ff0bc0296768566c2cc59e7d37), with the last bit changed being denoted as K1 (K1 = 9f63791ec64b3bb5bcf1d6e1272557c9779b37575f33a72e0fbf73a 8339bba94d0e3de2ab82ae305ee0a71a122123407227708ff0bc0296768566c2cc59e7d38) and the whole new hash value denoted as K2 (K2 = a1100bff91ac78cb8910aafcea1290fc99a3001cbbac73ef31ff23dd 1347f90 c60ad23fe26bd4133bad0501a273f0170adfe301261dc3df034ad00ff127526ff). The other encryption keys of the three experiments are the same. GeneID is 154, and the starting position is 22, and the length is 217. Set A to 0.98736273, T to 0.58021545, C to 0.1245737896434, and G to 0.0002356644. Figure 4a-c show the results obtained upon encrypting Figure 3a with K1, K2, and K, respectively. Figure 5a-c show the results when K was used to decrypt all encrypted images (Figure 4a-c), respectively. Table 4 lists NPCR (number of pixels change rate) values between the encrypted images with changed keys and the one with the right key. Table 5 lists NPCR values between the decrypted images with changed keys and the original image.
A secure encryption scheme is sensitive to a slight change of the keys. In the proposed encryption scheme, all the keys were generated from the SHA-512 hash function. Therefore, to test the key sensitivity of the proposed encryption scheme, we used the new hash value to change the last bit of the original hash value. The test image was Lena (256 × 256). In this paper, the hash value with the right key was denoted as K (K = 9f63791ec64b3bb5bcf1d6e1272557c9779b37575f33a72e0fbf7 3a8339bba94d0e3de2ab82ae305ee0a71a122123407227708ff0bc0296768566c2cc59e7d37), with the last bit changed being denoted as K1 (K1 = 9f63791ec64b3bb5bcf1d6e1272557c9779b37575f33a72e0fbf73a 8339bba94d0e3de2ab82ae305ee0a71a122123407227708ff0bc0296768566c2cc59e7d38) and the whole new hash value denoted as K2 (K2 = a1100bff91ac78cb8910aafcea1290fc99a3001cbbac73ef31ff23dd 1347f90 c60ad23fe26bd4133bad0501a273f0170adfe301261dc3df034ad00ff127526ff). The other encryption keys of the three experiments are the same. GeneID is 154, and the starting position is 22, and the length is 217. Set A to 0.98736273, T to 0.58021545, C to 0.1245737896434, and G to 0.0002356644. Figure 4a-c show the results obtained upon encrypting Figure 3a with K1, K2, and K, respectively. Figure 5a-c show the results when K was used to decrypt all encrypted images ( Figure  4a-c), respectively. Table 4 lists NPCR (number of pixels change rate) values between the encrypted images with changed keys and the one with the right key. Table 5 lists NPCR values between the decrypted images with changed keys and the original image.
As the figures and tables show, a slight change in the original hash value or a whole new key leads to different encryption and decryption results. In Tables 4 and 5, NPCR values with different keys are all close to the expected value of 0.9960, demonstrating that only the complete right hash value generates the right keys that can encrypt and decrypt the images correctly. Therefore, the proposed scheme is sensitive to a slight change in the hash value, which generates totally different keys and leads to totally different encryption and decryption results. Table 4. NPCR values of the encrypted images.

Image
Changed     A secure encryption scheme is sensitive to a slight change of the keys. In the proposed encryption scheme, all the keys were generated from the SHA-512 hash function. Therefore, to test the key sensitivity of the proposed encryption scheme, we used the new hash value to change the last bit of the original hash value. The test image was Lena (256 × 256). In this paper, the hash value with the right key was denoted as K (K = 9f63791ec64b3bb5bcf1d6e1272557c9779b37575f33a72e0fbf7 3a8339bba94d0e3de2ab82ae305ee0a71a122123407227708ff0bc0296768566c2cc59e7d37), with the last bit changed being denoted as K1 (K1 = 9f63791ec64b3bb5bcf1d6e1272557c9779b37575f33a72e0fbf73a 8339bba94d0e3de2ab82ae305ee0a71a122123407227708ff0bc0296768566c2cc59e7d38) and the whole new hash value denoted as K2 (K2 = a1100bff91ac78cb8910aafcea1290fc99a3001cbbac73ef31ff23dd 1347f90 c60ad23fe26bd4133bad0501a273f0170adfe301261dc3df034ad00ff127526ff). The other encryption keys of the three experiments are the same. GeneID is 154, and the starting position is 22, and the length is 217. Set A to 0.98736273, T to 0.58021545, C to 0.1245737896434, and G to 0.0002356644. Figure 4a-c show the results obtained upon encrypting Figure 3a with K1, K2, and K, respectively. Figure 5a-c show the results when K was used to decrypt all encrypted images ( Figure  4a-c), respectively. Table 4 lists NPCR (number of pixels change rate) values between the encrypted images with changed keys and the one with the right key. Table 5 lists NPCR values between the decrypted images with changed keys and the original image.
As the figures and tables show, a slight change in the original hash value or a whole new key leads to different encryption and decryption results. In Tables 4 and 5, NPCR values with different keys are all close to the expected value of 0.9960, demonstrating that only the complete right hash value generates the right keys that can encrypt and decrypt the images correctly. Therefore, the proposed scheme is sensitive to a slight change in the hash value, which generates totally different keys and leads to totally different encryption and decryption results. Table 4. NPCR values of the encrypted images.

Image
Changed    (a) (b) (c) Figure 5. Key sensitivity results in the decryption process. Figure 5. Key sensitivity results in the decryption process. Table 4. NPCR values of the encrypted images.

Image
Changed Key R G B    Tables 4 and 5, NPCR values with different keys are all close to the expected value of 0.9960, demonstrating that only the complete right hash value generates the right keys that can encrypt and decrypt the images correctly. Therefore, the proposed scheme is sensitive to a slight change in the hash value, which generates totally different keys and leads to totally different encryption and decryption results.

Correlation Analysis
Because of the strong correlation among pixels, the traditional encryption scheme could not be directly applied to the images [1]. However, a secure image encryption scheme could eliminate the correlation among pixels. In this section, we used the correlation coefficients to analyze the correlation among pixels between the plain image and encrypted image. Equations (29)-(31) are used to calculate the correlations between pixels in horizontal, vertical and diagonal directions. Figure 6 shows correlation of two adjacent pixels in the R, G, and B channels for the plain and encrypted image Lena in the horizontal direction. Figure 6a-c show correlations of the original image Lena in the R, G, and B channels respectively, and Figure 6d-f show correlations of the encrypted image Lena in the R, G, and B channels respectively. Figure 6 and Table 6 show that the correlation coefficients of the encrypted images are pretty low, and every pixel distributes evenly. From Table 7, we can see that the proposed scheme is comparable to other schemes in terms of correlation coefficients:

Histogram Analysis
A secure image encryption scheme can resist statistical attacks. The elimination of correlation among pixels was necessary, and pixels of the encrypted image had to be distributed evenly. To verify whether the proposed scheme could distribute the encrypted image evenly, we conducted a histogram analysis. Figure 7 shows the R, G, and B channels of the plain image Lena and its encrypted image with the size 256 × 256. Table 8 shows the variance of the constructed histograms (calculated by Equation (32)), and Table 9 compares our histograms with those produced by other schemes: Ours 0.0011 0.0018 0.0024 0.0018 Ref. [29] −0.0027 0.0033 −0.0035 0.0031 Ref. [28] 0.0096 0.0109 0.0122 0.0109

Histogram Analysis
A secure image encryption scheme can resist statistical attacks. The elimination of correlation among pixels was necessary, and pixels of the encrypted image had to be distributed evenly. To verify whether the proposed scheme could distribute the encrypted image evenly, we conducted a histogram analysis. Figure 7 shows the R, G, and B channels of the plain image Lena and its encrypted image with the size 256 × 256. Table 8 shows the variance of the constructed histograms (calculated by Equation (32)), and Table 9 compares our histograms with those produced by other schemes:  From Table 8, we can see that the variances of the original images are very high, while the variances of the encrypted images are greatly reduced. All encrypted variances are reduced by at least 98% compared to the original image variances. Figure 7 shows histograms of the plain and encrypted image Lena.  Figure 7, the histograms of the original images have obvious peaks, and histograms of the encrypted images are very uniform. Attackers cannot use a statistical attack to obtain any useful information by analyzing the histogram of the encrypted image. Therefore, our method can effectively resist statistical attacks. Table 9 shows comparison of histogram variance across methods about image Lena. It can be seen from Table 9 that our algorithm can obtain encrypted images with lower histogram variance.   From Table 8, we can see that the variances of the original images are very high, while the variances of the encrypted images are greatly reduced. All encrypted variances are reduced by at least 98% compared to the original image variances. Figure 7 shows histograms of the plain and encrypted image Lena. Figure 7a-c are histograms of the plain image Lena in the R, G, and B channels, and Figure 7d-f are histograms of the encrypted image Lena in the R, G, and B channels, respectively, where x-axis denotes the pixel values in the image while y-axis denotes the frequency of the pixels in the image. From Figure 7, the histograms of the original images have obvious peaks, and histograms of the encrypted images are very uniform. Attackers cannot use a statistical attack to obtain any useful information by analyzing the histogram of the encrypted image. Therefore, our method can effectively resist statistical attacks. Table 9 shows comparison of histogram variance across methods about image Lena. It can be seen from Table 9 that our algorithm can obtain encrypted images with lower histogram variance.

Information Entropy Analysis
Information entropy is a metric that measures the randomness of an image and the amount of information hidden in an image: Theoretically, a robust encryption scheme has an entropy value of 8. Table 10 shows the information entropy of the plain and encrypted images (size 256 × 256). The entropy is calculated by Equation (33). Our results were very close to 8, and thus were satisfactory. Table 11 compares information entropy across multiple schemes. Our algorithm was superior to other algorithms and was closer to the theoretical value of 8.

Differential Attacks and Chosen Plaintext Attack
Differential attacks crack the symmetric encryption scheme by analyzing the information distribution of the encrypted image. A secure symmetric encryption scheme is capable of resisting such attacks.
The NPCR and UACI (unified average change intensity) values of the R, G, and B channels are calculated as follows:   Table 13 compares these values with those obtained through other schemes. As the tables illustrate, the NPCR and UACI of the R, G, and B channels were very close to the ideal values of 0.996 and 0.3346, respectively. Furthermore, the values of the proposed scheme were as good as the values obtained by the other methods. A secure and efficient encryption method is sensitive to a slight change in the plain image, and hence the encryption scheme is capable of resisting plaintext attacks. Usually, hackers employ all-black and all-white images to perform the chosen plaintext attack. As seen in Table 12, the NPCR and UACI of all-black and all-white images were close to the ideal values, thereby illustrating that the proposed scheme was sensitive to the plaintext and therefore could resist these attacks.

Noise and Occlusion Attack Analysis
During image transmission, noise and occlusion attacks are inevitable, but a robust encryption scheme can resist them. To verify whether the proposed scheme was capable of resisting noise and occlusion attacks, we used the encrypted image of Lena (256 × 256) as the test image. Salt-and-pepper noise (SPN) and Gaussian noise (GN) of varying intensities were added to the test image. In occlusion attack analysis, we added an occlusion effect to the test images; the occluding object occupied different proportions of the image and occurred at different positions.
In addition, we employed the peak-signal-to-noise ratio (PSNR) to calculate the difference between the original image and the decrypted images. The PSNR is calculated as follows: where M and N are the width and height of an image, respectively, and P1 and P2 are the original plain image and the image decrypted from the contaminated cipher image, respectively.  Figure 8a,c,e,g respectively represent the images obtained after Figure 3f suffered the different occlusion attack. Figure 8b,d,f,h respectively represent the decrypted images of Figure 8a,c,e,g Evidently, according to Figure 8 and Table 14, all PSNR values were larger than 27, and the decrypted images were all recognizable despite the various sorts of contamination in the encrypted images. Therefore, the proposed method was capable of resisting noise attacks and occlusion attacks.
where M and N are the width and height of an image, respectively, and P1 and P2 are the original plain image and the image decrypted from the contaminated cipher image, respectively. Figure 8 shows stimulation results of occlusion attacks with Lena. Figure 8a,c,e and g respectively represent the images obtained after Figure 3f suffered the different occlusion attack. Figure 8b,d,f and h respectively represent the decrypted images of Figure 8a,c,e and g Evidently, according to Figure 8 and Table 14, all PSNR values were larger than 27, and the decrypted images were all recognizable despite the various sorts of contamination in the encrypted images. Therefore, the proposed method was capable of resisting noise attacks and occlusion attacks.

Resistance to Some Typical Attacks
A secure cryptosystem should be capable of resisting cipher-text only attack, chosen-ciphertext attack, known-plaintext attack and chosen-plaintext attack. Among them, the chosen-plaintext attack is the most powerful. And if a cryptosystem is capable of resisting the chosen-plaintext attack, this cryptosystem is capable of resisting three other types of attack and we can declare that this cryptosystem is secure enough. In this paper, the encryption algorithm consists of two rounds of permutation-diffusion. In which, DNA encoding, DNA diffusion operation, DNA decoding, chaos and other techniques are used. And in our algorithm, the SHA-512 algorithm and the natural DNA sequence are used to generate the initial values of two chaotic systems. And the different image leads to the different initial values for the chaotic systems. Evidently, our algorithm is dependent on the plain image directly. In addition, if the hackers use the specific images such as all white and all black images to perform chosen-plaintext attack on our algorithm, the stimulation results of the all-white image and all-black image show that these two images all noise-like ones. Therefore, we can conclude that the proposed algorithm is capable of resisting the above mentioned typical attacks.

Contrast Investigation
Contrast investigation [31,32] is usually to calculate the local intensity variance in the image. Contrast is luminescence or color difference, through which objects in the image can be distinguished, and because the observer can recognize different objects. A higher contrast value indicates that the image has significantly different gray levels, while a constant gray level is represented by a lower value. Its mathematical description is: where p(i, j) indicates the number of gray-level co-occurrence matices (GLCM). Table 15 shows contrast values of plain images and encrypted images in R, G, B channels. From Table 15, contrast values of encrypted images are higher than ones of plain images. According to Ref. [31,32], it can prove that our method is satisfactory in terms of comparative investigation.

Energy
Energy calculations [31,32] result in the addition of square elements in GLCM. When the entries of GLCM are almost equal, the value of energy is lower, and when the amplitude of some entries is higher, the value of energy is higher. For encrypted images, the energy must be low: where p(i, j) indicates GLCM. Table 16 shows energy values of plain images and encrypted images in R, G, B channels. According to Ref. [31,32], Table 16 can illustrate that encrypted images have the lower energy, and our method is satisfactory in terms of energy.

Conclusions
In this paper, we proposed an image encryption method with two rounds of permutation and diffusion. First, we employed the SHA-512 algorithm and the natural DNA sequence to generate the initial values for the four-wing hyperchaotic system and the Lorenz chaotic system, and the intermittent parameters. Since the hash value was determined by the plain image, a slight change in the plain image led to a totally different hash value so that the initial values for the chaotic system and the intermittent parameters were totally different, thereby leading to a totally different encrypted image in the end. Therefore, the proposed method was a one-time key pad scheme and was capable of resisting plaintext attacks. Second, we performed 2D-RT on the plain image t times. This was the first round of permutation. Since 2D-RT was derived from the traditional Arnold map, 2D-RT was an enhanced Tent map and could permutate the non-square image. Third, we employed the initial values to generate the chaotic sequences and the chaotic matrices for the construction of the DNA encoding rule matrices. All the DNA encoding rules depended on the plain image. Fourth, we used the intermittent parameters to construct the DNA matrices. Furthermore, the DNA matrices were used to calculate the hamming distances to update the initial values and iterate the chaotic systems for the second time, which eliminated the risk of using the secret keys several times. Fifth, the new chaotic matrices were generated, and the intermittent parameters were used to construct the DNA decoding rule matrices, making all the DNA decoding rules determined by the plain image. All of the rules were used in the first round of diffusion. In contrast to the traditional diffusion operations implemented on DNA matrices, in the proposed scheme, two different DNA diffusion operations were implemented on the encoded plain images and the encoded chaotic matrices: the dynamic DNA complementary rule operation and the DNA cycle operation. Finally, the eighth intermittent parameters were used to decompose the encoded images and encoded chaotic matrices, and in the second round of permutation-diffusion, we performed conditional shifting on the decomposed images and implemented the XOR calculation with the decomposed chaotic matrices to get the final encrypted image. Stimulation results and security analysis illustrated that the proposed scheme was secure and capable of resisting various sorts of attacks, and produced satisfactory stimulation results on image encryption and image decryption.