Scaling Analysis of an Image Encryption Scheme Based on Chaotic Dynamical Systems

Despite that many image encryption systems based on chaotic or hyperchaotic systems have been proposed to protect different kinds of information, it has been crucial to achieve as much security as possible in such systems. In this sense, we numerically implement a known image encryption system with some variants, making special emphasis when two operations are considered in the scrambling stage. The variants of such an encryption system are based on some hyperchaotic systems, which generated some substitution boxes and the keys of the system. With the aim to have a more complete evaluation, some internal stages of the image encryption scheme have been evaluated by using common statistical tests, and also the scaling behavior of the encrypted images has been calculated by means of a two-dimensional detrended fluctuation analysis (2D-DFA). Our results show that the image encryption systems that include two operations or transformations in the scrambling stage present a better performance than those encryption systems that consider just one operation. In fact, the 2D-DFA approach was more sensitive than some common statistical tests to determine more clearly the impact of multiple operations in the scrambling process, confirming that this scaling method can be used as a perceptual security metric, and it may contribute to having better image encryption systems.


Introduction
Nowadays, the way in which society communicates has radically changed with the fast development of computers and the internet. In particular, multimedia communication has been gaining momentum in the exchange of information at all social levels. Therefore, in recent years, security and confidentiality have been of considerable interest. Text encryption has been found to be very different from image encryption due to some inherent image characteristics, such as data-rich capacity, high redundancy, and high correlation between adjacent pixels. Due to the demand to have a secure transmission through any means of communication, a great variety of encryption systems has been proposed [1][2][3][4][5].
Chaos theory is used in many fields of science due to its special properties, and cryptography is no exception. Many visual data encryption systems based on chaos theory consider the principle of applying chaotic maps to obtain highly mixing properties, which are similar to cryptographic systems. Encryption systems that involve chaotic systems have been extensively studied due to the large number of properties they present such as ergodicity, pseudo-randomness, and sensitivity to initial conditions, among others. These properties are analogous to the confusion and diffusion stages, which a general encryption system requires. In fact, for an image encryption system to be secure, it must have confusion and diffusion properties [6,7]. The confusion mechanism rearranges the pixel values, while the diffusion mechanism changes the values of each image pixel. To obtain a higher security level, the confusion and diffusion process can be repeated many times [8]. Then, the chaotic systems take a fundamental role to implement new encryption systems, where the system's performance would be very good against any attack [1,3].
Moreover, with the aim to add more security, some image chaotic encryption algorithms have been included or considered additional stages such as a disturb process at the pixel level. One such example is based on the ZigZag transformation [3][4][5]9]. In [7], another image encryption scheme, with an improvement in security issues that considers a block scrambling and a modified zigzag transformation, has been implemented before encryption, and a key generator based on an enhanced logistic-tent map. Mansouri and Wang [10] presented an encryption system with a new Sine chaotic maps generator, where one-dimensional chaotic maps are used as seed maps to produce new chaotic maps. In fact, these authors consider a one preprocessing scheme on the plain image using different operations. Based on a ZigZag transformation and a three-dimensional logistic chaotic map, the authors of [11] present an encryption system, where at first an scrambling pixel position is considered, and then how the logistic map can be used to diffuse the pixel values in an image. Ahmad and Hwang [12] present a new image encryption system based on chaotic maps and affine transformation with provides a higher key space and removes correlation between adjacent pixels via random chaotic sequences. A new technique of image protection is presented in [1], which decomposes an image into bit-planes by means of XOR-operations between the scrambled images and chaotic map matrix, then the encrypted image is obtained. Karawia [13] presents an algorithm for multiple images using the two-dimensional economic map to get the combination of mixed images elements. As the size of the key space is huge, the latter approach is secure to many different attacks.
Obviously, there are more similar image encryption systems, and one of their typical characteristic is that multiple operations in the scrambling stage are considered, but also with certain advantages or disadvantages when more operations are included in the encryption process. For instance, the process will be more complex and the execution time will be affected, but its security is increased. In this case, it is necessary to find a balance between the security of the encryption system and the processing time. In addition, a few attempts have been made to establish how many operations or transformations are required in an image encryption system, or if an evaluation of internal stages of the complete encryption process may be helpful in the design of image encryption systems. This work is devoted to enhance the safety of image encryption algorithms, and reveal weaknesses in such algorithms. In this sense, we consider the encryption system in [3] and some variants that modify the scrambling stage of the encryption system. In this stage, the original image goes through a process where initially a ZigZag transform is used to get a distorted image. After that, a sorting scramble algorithm or the use of a substitution box (S-box) is applied to the latter image. This allows us to have higher levels of security in the image encryption content, compared to other systems. In particular, in the encryption variants, we combine a ZigZag transform with a S-box, because the S-box substitutes the information content and provides the diffusion properties while maintaining high entropy levels [14]. Despite the chaotic encryption systems presenting a good performance, this study is devoted to measuring the impact of the scrambling process on the quality of the encrypted images and to making an assessment of some stages in the encryption process to see if we can have a stronger encryption system. In addition, to consider some common statistical tests in the assessment, we make usage of the two-dimensional Detrended Fluctuation Analysis (2D-DFA), a tool that can characterize and reveal weaknesses of the content of the encrypted images, where a correlation degree between the surface pixels is obtained. This method has been used to measure the entropy of noisy or textured encrypted images [15], which present values close to unity for this kind of content. It has been also used to measure the similarity between two images [16], where the 2D-DFA value will depend on the content of the processed images, and the similarity degree of the difference of the respective values. Besides, the 2D-DFA complemented the results with some statistical tests to analyze the encrypted image content.
The paper is organized in the following way. In Section 2, a concise presentation of the main elements used in the image encryption systems is given. In Section 3, the image encryption systems and their variants are described, whereas Section 4 contains the results obtained by applying some statistical tests and the two-dimensional DFA technique to the images in different encryption stages. Section 5 is devoted to discuss our main findings, a comparison with some existing works, and some limitations of our proposal. Finally, the conclusions are drawn in Section 6.

Hyperchaotic Systems
In this section, we briefly present the two hyperchaotic systems considered in this work. These kinds of systems, despite their simplicity, exhibit more complex dynamics than chaotic systems. They have received wide coverage in different areas of mathematics, physics, and engineering, among others [17][18][19]. The existence of the hyperchaos is verified by checking that there are at least two positive Lyapunov exponents [18]. Besides, according to the Kaplan-Yorke conjecture [20], the Lyapunov dimension (d L ) of any system in the hyperchaotic regime should be 3 < d L < 4.

ZigZag Transformation
One way to scramble image pixels is to use a ZigZag operation or transform [23]. This operation is usually performed to confuse the elements of the respective matrix data of a plain image. It can reduce the high correlation among image pixels to increase the security level of some encryption systems. To perform the ZigZag transform to the data matrix corresponds to sequentially read the elements of the matrix in a "Z" shape, followed by sequential saving within a data vector, which is reshaped in a certain way into a twodimensional matrix. Figure 2 shows a standard ZigZag operation [23]. Obviously, there are other ways to implement a different version of the ZigZag transform to avoid that some element positions do not change. For instance, in [3], some improved ZigZag transformations have been considered with change of the scan order of the element positions.

Substitution Box (S-Box) Generation
To shuffle the information of any image, some articles have considered a substitution table known as substitution box (S-box), which is a nonlinear key component in block ciphers of encryption systems [2,14]. Recall that any S-box makes the statistical relationship between the ciphertext and the key as difficult as possible. In this work, we considered the hyperchaotic approach in [2] to generate two particular S-boxes based on the hyperchaotic systems of Lorenz and Chen, whose dynamics are very well modeled by the set of differential equations of (1)-(2), respectively. A reason to choose these hyperchaotic systems is that a persistent scaling behavior was observed in the fourth state of these systems, which may be useful in this kind of applications, see the works in [21,22].
The mechanism to generate the S-box is as follows: 1. Select four initial conditions such that any system of (1) or (2) presents a hyperchaotic behavior, and obtain a state vector x i , x i , x (4) i , for i = 0, . . . , 255, corresponding to the normalized state vector of any system of (1) or (2).

2.
Multiply the state vector of step 1 by a factor of 10 8 to obtain a new vector i , x i , x  Apply a permutation σ of the values {1, . . . , 255} to sequence S such that s σ(k−1) < s σ(k) for k = 1, . . . , 255.
The respective two S-boxes obtained with this scheme are shown in Tables A1 and A2 of the Appendix A, which are in the conventional representation format.

Two-Dimensional Detrending Fluctuation Analysis
The two-dimensional detrended fluctuation analysis (2D-DFA) algorithm was proposed by Gu and Zhou [24]. A modified and improved version of the 2D-DFA has been used by Vargas-Olmos et al. [15] to analyze encrypted images, as it has been a flexible and efficient method to measure the quality of the encrypted image content. This procedure consists of the following steps by taking into account that an image I of size M × N is considered as a surface and denoted by a matrix X(i, j), where the number of rows and columns is represented by i = 1, 2, . . . , M and j = 1, 2, . . . , N, respectively.

1.
Divide the surface X(i, j) into M s × N s disjoint square windows of the same size s × s, where M s = M/s and N s = N/s . Each window can be denoted by X m,n such that X m,n (i, j) = X(i + l 1 , j + l 2 ) for 1 ≤ i, j ≤ s, where l 1 = (m − 1)s and l 2 = (n − 1)s.

2.
Compute the cumulative sum for each window X m,n , positioned by m and n, as where X m,n (k 1 , k 2 ) is the average of the sub-image X m,n , for 1 ≤ i, j ≤ s.

3.
Determine the trend of the obtained sub-image by fitting the set of data to the plane P m,n (i, j) = ai + bj + c, where a, b, and c are parameters which are estimated using the least square method. Subsequently, one calculates the local variances associated to each sub-image P m,n as 4.
Next, averaging over all sub-images, the overall detrended fluctuation is obtained as This procedure is repeated for a broad range of segment lengths s, considering the range 6 ≤ s ≤ min(M, N)/4. In order to assess a fractal scaling property of the pixelated surface, the fluctuation function F 2 (s) should display a power law scaling where α is called the scaling fluctuation exponent. This scaling exponent can be found as the slope of a double logarithmic plot of F 2 as a function of s, and it is a measure of the degree of correlation among the pixels of the surface. As is pointed out in [15], the fluctuation scaling exponent can be used as an appropriate and objective measure of the quality of encryption algorithms. When the α exponent of the encrypted image is close to 1, then it is supposed that the encryption system is secure from the perceptual point of view. Furthermore, in [16], it is is established that the visual quality of the final encrypted image will be better if the scaling exponent α of the final encrypted image is closer to that of the carrier image.

Encryption System
In this work, we consider the encryption system employed in [3], which is based on an improved ZigZag transform and a compound of dynamical chaotic systems. The general structure of such an encryption process is shown in Figure 3. This scheme consists of three parts: (1) of an improved ZigZag transform and the chaotic Lü system to scramble the original image pixels, which were complemented by a sorting scramble algorithm and (2) the chaotic Lü system and chaotic logistic map (LL compound) to generate a secure key.
(3) Finally, an adjacent-side XOR method is used to complete the image encryption scheme.

Modified Encryption System
Similarly to the encryption system used by Xingyuan et al. [3], Figure 4 depicts a schematic diagram of the steps involved in our proposal to generate a modified image encryption system, where an S-box and the key generation are based on a hyperchaotic system. Basically, there are two main differences to compute some encryption stages or transformations in the complete encryption system. The first main difference of the previous encryption system is the way to compute the image I S from the original image I O .
In this modification, we just apply one ZigZag transformation to the image I O and after that an S-box is applied to obtain I S . The other difference is the way to carry out the key generation, which takes advantage of the process to compute the S-box, see Section 2.2.1. The main processes of this proposal are described in detail in the following.
Consider an original image I o (or plain-text image) of dimensions M × N, where M and N are the number of rows and columns, respectively.
Then, proceed with the following steps.
Step 1 Apply the scrambling block to the plain text image I O , which consists of the application of the standard ZigZag transformation to the image I O and followed by the generated S-box, as is described in Section 2.2.1, to obtain the image I S .
Step 2 The key generation process is carried out by means of the following approach.

1.
Choose four initial conditions such that any system of (1) or (2) presents a hyperchaotic behavior, depending on which system is used in the S-box gen-eration, and obtain a state vector x , for i = 0, . . . , n 1, corresponding to the state vector of the considered hyperchaotic system.

2.
Convert each state vector of step 1 into a new state vector of integer values, i × 10 8 , for j = 1, . . . , 4, and the function fix(x) rounds the x value to the nearest integer toward zero.

4.
Generate the keys by means of . . , n, and the symbol represents the exclusive OR operation bit-by-bit.
Step 3 The encryption function comprises two parts: The first part is called the confusion stage, which is described as . The second part of the encryption function, called the diffusion stage, is described by the following equations: where x (4) i is the value of the i-th iteration of the fourth state of the hyperchaotic system. I c in (9) is the final result of the encryption system. The encryption key can be represented by an array of six elements: key = (x (1) The first four elements of the key, x 0 , correspond to the initial conditions of the hyperchaotic dynamical system, whereas ϕ and λ are control parameters of the encryption system.
In order to improve the sensitivity of the cipher, the value of ϕ should not be too small. In such a case, some adjustments are proposed. For example, considering that the original image to be encrypted is is the value of the pixel at position (i, j), then, the following values are calculated: where H 1 is the exclusive OR operation of all the grayscale values in the original image I O , whereas H 2 is the sum of all pixels modulo 256. With the H 1 and H 2 values, then ϕ = K + H 1 H 2 and λ = (λ + H 1 H 2 )mod 256 are calculated. The ϕ and λ values will be replaced by the values of ϕ and λ, respectively.

Results and Performance Analysis
To measure the impact of the scrambling process on the quality and the robustness of the image encryption system, some common statistical tests have considered such as the histogram analysis, the correlation among the adjacent pixels, the entropy, and the 2D-DFA metric. In order to make a comparison, we consider the image encryption systems discussed in Section 3.1: the system used in [3], called E 1 ; our modification with the hyperchaotic Lorenz and Chen system, denominated as E 2 and E 3 , respectively; and one more system based on our modification, called E 4 , which considers the S-box from [2].
The complete numerical implementation of the image encryption algorithms were performed under the MATLAB R2017b software on a Mac mini with Intel i3 quad-core, CPU 3.6 GHz, and 8 GB RAM memory. In addition, all the hyperchaotic systems considered here were simulated numerically with the classical fourth-order Runge-Kutta algorithm.

Database of the Images
With the aim to evaluate the performance of our proposal, a representative test bank of images with different characteristics is considered. In particular, a total of six gray-level images were used in this study. All of them have dimensions of 512 × 512 pixels, and they have been chosen because they are widely used as standard test images in the field of image processing. These original images I O are shown in Figure 5, which are freely available at http://www.imageprocessingplace.com/root_files_V3/image_databases.htm (accessed on 15 April 2021).

Histogram Analysis
Histogram analysis is an important statistical feature of the images, which is generally used to evaluate the performance of image encryption systems. An image histogram shows how pixels in an image are distributed by plotting the number of pixels at each color intensity level. If the histogram of an encrypted image has a uniform distribution, then the encryption system is able to hide the redundancy of original image [3,16].
We calculate the histograms for all gray-level images of the image database, and their respective images I S and I C considering the four image encryption systems. As an example, the histograms of the Lena test image and its respective images I S are shown in Figure 6. We can observe in Figure 6c,d acceptable levels of confusion in the visual form of the data when an S-box is considered in the encryption systems E 2 , E 3 , and E 4 , respectively. It is clear that in these cases we cannot achieve a complete unintelligible form as the E 1 system achieved, see Figure 6e. We will see that the previous results with another encryption stage or transformation, then we can achieve a better unintelligible form. In the bottom row of the same figure, their respective histograms images are displayed. One can see that there is no difference between the histograms of images I O and I S of E 1 system, Figures 6f,g, respectively, whereas the rest of them do not present a similarity between the histogram of the original image I O with its respective histograms of images I S .
Similarly to the previous case, the histograms of the Lena test image and its encrypted images I C are shown in Figure 7. In these cases, the encrypted images I C achieved an unintelligible form. Moreover, one can see that the histograms of the encrypted images are uniformly distributed and significantly different from the respective histogram of the Lena test image. Therefore, all of the image encryption schemes can make statistical analysis unfeasible to some extent.
With the aim to verify that the encrypted image histogram follows a uniform distribution, and as is pointed out in [25], we consider the chi-square test using where O j and µ j are the observed and the expected occurrence frequencies of each pixel (0-255), respectively. Using a level of significance of α = 0.05, the p-values for each of the encrypted images are shown in Table 1, where the null hypothesis is not rejected if the p-value is greater than α = 0.05. Therefore, it is concluded that the histograms present a uniform distribution for this level of significance.

Correlation between Adjacent Pixels
It is known that plain images usually present a high correlation between their adjacent pixels, a feature that exposes their security making it vulnerable to statistical attacks [3]. If the coefficient is close to 0, it suggests that there is no linear correlation or a weak linear correlation. Therefore, a well-designed encryption system should not present a high correlation in the horizontal, vertical, and diagonal directions. To show that the encrypted image is independent of the test plain image, we calculate the correlation coefficient between the adjacent pixels of both images using where cov(x, y) In the last expressions, x and y represent the corresponding pixels between the two images; N is the total number of pixels; and cov(x, y), D(·), and E(·) represent covariance, variance and mean, respectively. Note that we randomly select 5000 pairs of adjacent pixels in each direction from the plain images I O and their respective images I S or I C . Then, for each case, we have computed the correlation coefficient of each pair. In Figure 8, the distribution of adjacent pixels at the horizontal direction in the Lena test image and their I S versions is illustrated. The plain image, Figure 8a, presents a strong correlation between adjacent pixels since most of the pixels are on the identity line y = x. As is shown in Figure 8b-e, and after the scrambling stage, independently of the image encryption system, the pixels of images I S are scattered more uniformly, but preserves many pixels on the identity line. This situation is different after the encryption stage, where the pixels of the images I C are scattered very uniformly as is displayed in Figure 9b-e.  The correlation coefficients of the image dataset and the respective I S images with different scrambling processes are listed in Tables 2-7, considering the horizontal(h), vertical(v), and diagonal(d) directions. In Tables 2 and 3 are the results when one operation is applied to the I O images in the scrambling stage the standard and improved ZigZag operation, and the S-box of the E 2 , E 3 , and E 4 systems, respectively. For the case of the ZigZag transformation, we can observe in both cases a strong correlation in the horizontal direction, but a weak correlation in the rest of the directions, whereas for the I S images obtained with the S-box in the scrambling stage are exhibited just weak correlations. Then, it seems that the application of the S-box in the scrambling stage decreases the correlation coefficients. In addition, we can find that the correlation between adjacent pixels in images I S becomes low when the scrambling process combines a ZigZag transformation with a sorting scrambling algorithm or an S-box, see Tables 4 and 5. On the other hand, as is shown in Tables 6 and 7, the correlation coefficients of the encrypted images I C are close to 0, and therefore there is no correlation among the pixels independently of the used encryption scheme, which suggests that such encryption systems can resist statistical attacks.

NPCR and UACI Analysis
In image encryption, the cipher resistance to differential attacks is commonly analyzed with the two measures: the number of pixels changing rate (NPCR) and the unified averaged changed intensity (UACI). Both measures are based on slight changes of two images keeping the key unchanged.
For the original (I O ) and encrypted (I C ) images of dimensions M × N, the NPCR make the assessment of the pixel difference between them as follows: where D(i, j) is calculated as In a similar way, the UACI evaluates the mean intensity of differences between the I O and I C images as follows where L is the largest value pixel value of both images. A value of 99% for the NPCR test and a value of 33% for UACI are interpreted as success criteria. As is pointed out in [10,26], for a significance level α, the obtained results are accepted if the NPCR values are greater than the critical NPCR value N * α , and the UACI values should be in the critical interval [U * − α , U * + α ]. Table 8 shows the N * α , U * − α and U * + α values for some cases, where, in accordance to the works in [10,26], we also set α = 0.05. It seems that the encryption system with two operations at the scrambling stage achieves a better performance, as the critical NPCR value is greater than the encryption system with just one operation at the scrambling stage. To illustrate the evaluation results of the NPCR and UACI, Tables 9-13 present the evaluation results of NPCR and UACI at the scrambling stage and the encryption stage. We can observe a better performance when two operations are considered at the scrambling stage. Such a situation indicates that our conjecture will provide good resistance against differential attacks. Table 8. Expected NPCR (%) and UACI (%) values for some cases when the standard ZigZag (S-ZZ) and improved ZigZag (I-ZZ) transformation are applied to images I O in the scrambling and encryption stages.

Information Entropy
To measure the randomness of images, the information entropy test was carried out. This test provides us information on the texture of an image and returns a scalar value H which is calculated as [27] where p(s i ) denotes the probability of the appearance of the symbol s i . For each image of 256 gray levels, the more entropy value H gets close to the ideal theoretical value of 8, the less possible for attackers to decode encrypted images. Tables 14-16 show the numerical entropy values of the I O , I S , and I C images when the ZigZag transformation, the S-box, and both of them have been applied to images I O in the scrambling stage, respectively. We can observe that the entropy values obtained for the I S images are close or greater than 7, but the I C images present an increment in their entropy values, for all encryption systems, and are close to the ideal value, which also means high resistance to entropy attacks.  Table 16. The comparison of information entropies for the I S and I C images when the complete scrambling stage is applied to images I O .

Entropy
Image

Peak Signal to Noise Ratio (PSNR) Analysis
The peak signal to noise ratio (PSNR) has been considered as an objective metric to measure the quality of an image [15]. The PSNR metric is computed as where I O is the original image, I C is the encrypted image, and b is the number of bits required to represent each pixel of the images, which is equal to 8. The mean squared error, which is denoted by MSE, is defined by Equation (17), where MN is the size of the images, whereas (i, j) corresponds to the coordinates of the pixel. The value of the PSNR represents the similarity between the images I O and I C , where the higher the value of PSNR, the lesser error or greater similarity between them [7,15,16]. Table 17 shows the results of the PSNR between the original images I O with their respective images at the scrambling and encryption stages, I S and I C , respectively, when two operations are considered at the scrambling stage. It is observed that the obtained values of PSNR are low for all the encrypted images, hence they also show that our proposals are good.

2D-DFA Metric
To carry out the scaling analysis of the different encryption systems, we apply the 2D-DFA to the I O , I S , and I C images when the scrambling stage considers one or two operations. Tables 18 and 19 provide the scaling exponents when the standard or improved version of the ZigZag operation or an S-box is applied to I O images, respectively. For this metric, the scaling exponents present similar values for I S and I C versions, where the scaling exponent has a lower value compared to the obtained of the I O images, and some information of the original image may be revealed.
On the other hand, Table 20 shows the results of the scaling analysis for all encryption systems considered in this work with a scrambling stage with two operations. For this metric, the values of the scaling exponents of the I S images are lower than the obtained for the I O images. Even more, the scaling exponent values of the encrypted images are close to 1, which means that the analyzed information presents a persistent behavior, and according to the work in [15], the encrypted images do not reveal any piece of information that can allow to distinguish the original images. As an example, Figure 10 shows the results of the performance of the 2D-DFA of the Lena test image. In Figure 10a are the I O image and its respective scaling exponent α ≈ 2.2121; Figure 10b,c corresponds to I S and I C when the S-box of E 2 is considered in the scrambling stage with scaling exponents α ≈ 1.5664 and α ≈ 1.4754, respectively. In this case, we can observe acceptable levels of confusion in the visual form of the encrypted image, but we cannot achieve a complete unintelligible form. On the other hand, Figure 10d,e corresponds to I S and I C when the complete scrambling stage in the E 2 system with scaling exponents α ≈ 1.4223 and α ≈ 1.0028, respectively. For this case, we notice that the scaling exponent α is close to unity, and the encrypted image does not reveal information. Therefore, we consider that this 2D-DFA method is an efficient tool to describe this kind of image in terms of the scaling exponent values, which are in agreement with those obtained in [15].

Discussion
Despite that the main architecture of the encryption system as well as the main operations that we consider are well known from literature, only a few attempts have been made to establish how many operations or transformations are required in an image encryption system, or if an evaluation of internal stages of the complete encryption process may be helpful in the design of image encryption systems.
There are some missing tests to assess the performance of our proposals, and with the aim to carry out a performance comparison of some existing works with our proposals, we apply the encryption system E 2 for a color Lena image (256 × 256). In Figure 11, we illustrate the histograms for the Lena test image, its encrypted version, and their respective histograms for each color intensity level. From the figures, one can see that the histograms of the encrypted versions are uniformly distributed and significantly different from the respective histograms of the original image, which indicates that it would be difficult for the attacker to decipher the image content.
In Figure 12, the distribution of adjacent pixels at the horizontal, vertical and diagonal directions for the color Lena image (top row) and its encrypted version (bottom row) is shown. Figure 12a-c illustrate a strong correlation between adjacent pixels along the three directions, whereas there is no correlation among the pixels for the encrypted version, see Figure 12d-f. Figure 13 shows the scaling results when the 2D-DFA is applied to the color Lena image in the E 2 system. The results are very similar to the case of the grayscale Lena image presented in Figure 10, as the scaling exponent α is closer to unity, the encrypted image does not reveal information.   Furthermore, Table 21 contains the results of the comparison of our proposals with other methods proposed by Li et al. [11], Ahmad et al. [12], and Ramasamy et al. [7], where the correlation analysis, entropy, NPCR, UACI, and PSNR were considered. The bold values shown in Table 21 indicate that our results are quite comparable with the other methods. Moreover, Table 22 shows a speed analysis test, where the algorithms in [7,13,28,29] were considered. The results show that our proposals are computationally efficient. In this context, it is observed that through certain tests we analyzed the impact of considering two operations in the scrambling block in some image encryption systems that are based on hyperchaotic systems. Our main observations are as follows: (a) To consider more than one operation or transformation in the scrambling stage present an increment in security; (b) the use of a hyperchaotic dynamical system to remove pixel correlation and the key generation is desirable to exploit the chaotic characteristics in image encryption algorithms; and (c) although some standard tests make a good evaluation, the scaling analysis outperforms as an objective metric.
However, we still cannot establish how many operations are optimal in the scrambling stage without affect substantially the execution time; which operations will provide a better performance, or which is the best hyperchaotic system. In addition, a larger number of images must be considered in the analysis.

Conclusions
In this work, we have used some statistical tests and some quality metrics to analyze a known encryption system and some variants, which are based on hyperchaotic dynamical systems. In those variants, such hyperchaotic systems are used to generate S-boxes as well as the key generation in the encryption systems. Although many similar encryption systems have been proposed, little attention has been paid to evaluate some internal encryption stages or processes. Our results show that the encryption systems improve the performance when the scrambling block includes two operations or transformations. This could help in the design or implementation of this kind of encryption system.
In addition, the 2D-DFA method seems to be more sensitive than some statistical tests to characterize images in different stages of the encryption process. In our opinion, this is an efficient metric to indicate if the encrypted images may reveal or not any image information. Thus, it is suggested that such a scaling exponent can be used as an objective metric of the quality in different encryption schemes. In fact, a good image encryption method should obtain a scaling exponent close to unity independently of what encryption system is used. As is pointed out in [15], one cannot fully guarantee so far that an encrypted image with such values of the scaling exponent is absolutely immune to any type of attack, but we consider that this tool with the help of other metrics can provide enhanced security to encryption systems.
Although many image encryption algorithms based on chaotic dynamical systems have been proposed, we believe that our approach can be helpful in the design and analysis of such systems, as it shows a performance that is comparable with other similar systems. From the security point of view, the results show that the scaling analysis used here can be an appropriate measure to assess the quality of encryption methods. In the future, we aim to evaluate different kinds of operations in the scrambling stage to increase the security without affecting drastically the processing time. We are also considering to carry out an extensive examination of which chaotic or hyperchaotic dynamical systems may improve the protection of the image content, as well as to make a better assessment based on a larger set of images. Table A2. Elements of the S-box based on the hyperchaotic Chen system (2) in the form of a 16 × 16 matrix.