Joint Lossless Image Compression and Encryption Scheme Based on CALIC and Hyperchaotic System

For efficiency and security of image transmission and storage, the joint image compression and encryption method that performs compression and encryption in a single step is a promising solution due to better security. Moreover, on some important occasions, it is necessary to save images in high quality by lossless compression. Thus, a joint lossless image compression and encryption scheme based on a context-based adaptive lossless image codec (CALIC) and hyperchaotic system is proposed to achieve lossless image encryption and compression simultaneously. Making use of the characteristics of CALIC, four encryption locations are designed to realize joint image compression and encryption: encryption for the predicted values of pixels based on gradient-adjusted prediction (GAP), encryption for the final prediction error, encryption for two lines of pixel values needed by prediction mode and encryption for the entropy coding file. Moreover, a new four-dimensional hyperchaotic system and plaintext-related encryption based on table lookup are all used to enhance the security. The security tests show information entropy, correlation and key sensitivity of the proposed methods reach 7.997, 0.01 and 0.4998, respectively. This indicates that the proposed methods have good security. Meanwhile, compared to original CALIC without security, the proposed methods increase the security and reduce the compression ratio by only 6.3%. The test results indicate that the proposed methods have high security and good lossless compression performance.


Introduction
With the development of network technology, more and more image files are accessed and shared over the network. To ensure the security of image files, the security protection on images is very important. An efficient way to protect images is image encryption. In recent years, due to the good cryptography properties of chaos, chaos-based image encryption methods have been proposed [1][2][3][4][5][6][7][8][9][10][11]. Masood et al. [10] used three-dimensional Lorenz chaotic maps for diffusion processes. Zhang et al. [11] proposed several image encryption schemes for popular image formats based on chaotic maps. However, the chaotic map is a low-dimensional chaotic system, and the key space is limited. Due to a larger key space and more complex dynamical characteristics, the hyperchaotic system is introduced to image encryption [12][13][14][15][16]. Tong et al. [14,15] proposed a new four-dimensional hyperchaotic system to achieve image encryption. However, the maximum Lyapunov exponent of the new four-dimensional hyperchaotic system is small. In Ref. [14], selected chaotic sequences based on plain image pixels at the fixed position are vulnerable to attack. Moreover, due to the failed design of the encryption process, some of these methods are insecure [17,18].
In the environment of information explosion, the image also occupies a large amount of storage space. To improve the efficiency of image transmission and storage, the effective than the UCM (Universal Context Modeling) method. The implementation of the CALIC algorithm is simple, involving mostly integer arithmetic and simple logic. In the application scenarios with high image correlation, compared with lossless compression and encryption methods based on frequency domain transformation proposed in Refs. [39,44], the compression ratio can be greatly improved by using prediction mode. In addition, the compression method based on prediction mode only transmits and encodes the final prediction error and the predicted values of pixels. The coding does not involve more complex operations and is suitable for hardware with less complex computation. In this paper, a joint lossless image compression and encryption scheme based on CALIC and hyperchaotic system is designed, in which the encryption algorithm is embedded in four locations of the compression process. A new hyperchaotic system with larger maximum Lyapunov exponent is constructed to perform encryption. The encryption process with a hyperchaotic system is designed according to the characteristics of CALIC to ensure compression efficiency. Moreover, plaintext-related encryption based on table lookup is used to enhance the security. This paper is organized as follows: Section 2 describes the principles of CALIC lossless image compression and gives an analysis for the encryption locations in CALIC. Section 3 illustrates the joint compression and encryption scheme in detail. Section 4 analyses the compression efficiency and security of proposed algorithm. Finally, Section 5 provides a conclusion for this paper.

Research on Encryption Locations for CALIC
Firstly, we research the principles of CALIC. Then based on the principle of CALIC, feasibility analyses of the encryption locations are given.

Brief Description of CALIC
CALIC is a sequential coding scheme which encodes and decodes in raster scan order. It uses prediction and context templates only involving the two previous scan lines of coded pixels. Two-stage adaptive prediction scheme via context modeling of errors and error feedback are used in CALIC.
CALIC is operated in two modes: binary and continuous tone. Binary mode is for situations in which the current locality of the input image has no more than two distinct intensity values; hence it is designed for a more general class of images than the traditional class of black and white images. The system selects one of the two modes during the coding process, depending on the context of the current pixel. Mode selection is automatic and completely transparent to the user. The detailed descriptions of the two modes are as follows.

Continuous-Tone Mode
In continuous-tone mode, the system has four major integrated components: gradientadjusted prediction (GAP), context selection and quantization, context modeling of prediction errors, and entropy coding of prediction errors. Generation of prediction errors and coding process are as follows.

1.
Gradient-adjusted prediction (GAP) GAP predictor can adapt itself to the intensity gradients near the predicted pixel. One predicted value requires seven pixels around it. They are on the north, west, northeast, northwest, north-north, west-west, and north-northeast of the pixel. Figure 1 shows the location of the seven pixels. The neighboring pixels are shown as [45]: (1) The gradient of the intensity function at the current pixel by the following quantities [45]: N  NN  NE  NNE   d  I  I  I  I  I  I   d  I  I  I  I  I  I  . ( In Equation (2), dh and dv are estimates of the gradients of the intensity function near the pixel I [i,j] in the horizontal and vertical directions. According to Equation (2), the current pixel value can be predicted, and the prediction algorithm is shown in Algorithm 1 [45].

Algorithm 1 Pixel gradient prediction algorithm
Input Original pixels I Output The predicted value Î (a gradient-adjusted prediction Î of I) The prediction step does not completely remove the statistical redundancy in the image. The variance of prediction errors = −ê I I strongly correlates to the smoothness of the image around the predicted pixel I [i,j]. To model this correlation at a small computational cost, an error energy estimator is defined as follows [45]: where ew is the previous prediction error, The neighboring pixels are shown as [45]: (1) The gradient of the intensity function at the current pixel by the following quantities [45]: In Equation (2), d h and d v are estimates of the gradients of the intensity function near the pixel I[i,j] in the horizontal and vertical directions. According to Equation (2), the current pixel value can be predicted, and the prediction algorithm is shown in Algorithm 1 [45].

Algorithm 1 Pixel gradient prediction algorithm
Input Original pixels I Output The predicted value Î (a gradient-adjusted prediction Î of I) The predicted values of pixels are used for coding context selection and quantization.
Coding context selection and quantization The prediction step does not completely remove the statistical redundancy in the image. The variance of prediction errors e = I −Î strongly correlates to the smoothness of the image around the predicted pixel I[i,j]. To model this correlation at a small computational cost, an error energy estimator is defined as follows [45]: where e w is the previous prediction error, Quantize ∆ to L levels. L = 8 is found to be sufficient in practice. Denote the ∆ quantizer by Q, i.e., Q : ∆ → {0, 1, 2, ..., 7} . The quantization criterion is to minimize conditional entropy of errors. According to the definition of entropy, such that [45] − ∑ e p(e) log p(e|q d ≤ ∆ ≤ q d + 1). is minimized, where 0 = q 0 < q 1 < ... < q L−1 < q L = ∞ is used to part ∆ into L intervals. When a = b = 1, c = 2, after training using all ISO test images, the value of the variable q can be determined as follows [45].
Thus, error energy estimator is put into error energy quantizer, which makes preparation for context modeling of prediction errors.

3.
Context modeling and prediction errors Some of the relationships between the predicted pixel I[i,j] and its surroundings cannot be characterized by gradients alone. In order to improve the compression performance, context modeling of the predicted error e = I −Î is performed. Context modeling of the prediction error mainly includes formation and quantification of context, estimation of error magnitude within a context, and error feedback and sign flipping.

•
Formation and quantization of contexts Contexts for error modeling are constructed to form compound contexts by combining 144 texture contexts with four error energy contexts. Texture context C includes the neighborhood of pixel values, which is shown as follows [45]: Then C is quantized into an 8-bit binary number B, and the quantization rule is shown as follows [45]: After that, quantized texture pattern B = b 7 b 6 ...b 0 is formed. By combining the quantized error energy with the quantized texture pattern, compound modeling contexts are determined, denoted by C(δ, β).

•
Estimation of error magnitude within a context The sample mean e(δ, β) in Equation (8) for different compound contexts is used to estimate conditional expectations E{e|C(δ, β) } within each compound context [45].

• Error feedback and sign flipping
In a given compound context C(δ, β), correct the bias in prediction by feedback e(δ, β) [45]: The final prediction error e is obtained in Equation (10) [45].
By checking the symbol of e(δ, β) before encoding e, the symbol of e is flipped. Sign flipping is used to improve the code efficiency.

Entropy Coding
Entropy coding is performed on final prediction error e and arithmetic coding is used in CALIC.  (11) [45].
The algorithm switches binary mode to continuous-tone mode in the escape case T = 2.
In the binary mode, context prediction model is also needed for the design. It is simpler than continuous-tone mode. Only pixels in six directions are recorded as follows [45].
Then C is quantized to a 6-bit binary number After quantization, entropy encoding is used to code three symbols.

Feasibility Analysis on Image Encryption Based on CALIC
Through the analysis of the CALIC, we find the possible encryption locations and carry out a feasibility analysis.

Feasibility Analysis of Plaintext Image in Encoder
Plaintext image is the input of the Encoder. The CALIC encoder compresses images in a raster scan order, so the encrypted image can also be coded, and the encryption is feasible. However, the encrypted image destroys the correlation between pixels, which will greatly affect the compression efficiency, so the images can be encrypted but are not desirable.

Feasibility Analysis of the Predicted Values of Pixels
In gradient-adjusted prediction, the predicted valueÎ is obtained, and then the error energy is quantized. Encrypting the predicted valueÎ can not only impact the subsequent model establishment but also scramble the coding process. Thus, encrypting the predicted valueÎ can enhance the security of the compression.

Feasibility Analysis of the Final Predicted Errors
In context modeling and prediction errors, correcting the bias in prediction by feedback forms the final prediction error e. The final prediction error is the last output before entropy coding. If encrypting the final prediction error e, it will affect the entropy coding which will definitely improve the security of the compressed image files.

Feasibility Analysis of Two Lines of Pixel Values
In CALIC, the first two lines of pixel values of the image as the initial value of coding are finally written into the coding file. Moreover, the first two lines of pixel values after encoding do not perform any operation. Therefore, the information needs to be encrypted to prevent the plaintext information leakage which is feasible.

Feasibility Analysis of Compressed File after Entropy Coding
After the completion of the entropy coding, compressed files can also be encrypted. This is equivalent to encrypting the compressed file, so it is obviously feasible to encrypt this file. Moreover, designing complex encryption algorithms will not affect the compression ratio, which greatly improves the security of the compression algorithm. Table 1 shows the feasibility of encryption locations and their impact on compression efficiency. According to the analysis in Section 2, four encryption positions are found, and the corresponding encryption algorithms are designed according to the characteristics of different encryption locations.

Design of Lossless Image Compression and Encryption Scheme
According to the analysis of the encryption locations of CALIC, we give the flow chart of the image compression and encryption scheme as shown in Figure 2. After the completion of the entropy coding, compressed files can also be encrypted. This is equivalent to encrypting the compressed file, so it is obviously feasible to encrypt this file. Moreover, designing complex encryption algorithms will not affect the compression ratio, which greatly improves the security of the compression algorithm. Table 1 shows the feasibility of encryption locations and their impact on compression efficiency. According to the analysis in Section 2, four encryption positions are found, and the corresponding encryption algorithms are designed according to the characteristics of different encryption locations.

Design of Lossless Image Compression and Encryption Scheme
According to the analysis of the encryption locations of CALIC, we give the flow chart of the image compression and encryption scheme as shown in Figure 2.  According to Figure 2, the four encryption locations are distributed in the CALIC lossless image compression algorithm. To ensure the security, in two modes of CALIC encryption is carried out, respectively. The detailed description of the image compression and encryption scheme is given below.

Design of Hyperchaotic System
Nonlinear characteristics of chaotic systems can be used in many fields and have made great progress. Chaotic systems have natural links with cryptography systems in initial value sensitivity and long-term unpredictability. In this paper, a new hyperchaotic system is designed based on the Lorenz chaotic system. Compared with a low-dimensional chaotic system, the hyperchaotic system has more complex dynamical characteristics, a larger key space and better randomness. The hyperchaotic system can be used for encryption. Construction rules of the hyperchaotic system are as follows.

1.
The necessary condition for the hyperchaotic system based on the Lorenz chaotic system is in differential equations: where Add the nonlinear term. Add a new variable and its first-order dynamic differential equation and introduce its nonlinear term and increase the dimension of the system.

3.
Lyapunov function V of differential equations satisfies: Only in this way can the dynamic system produce the dissipative structure and chaotic attractor.
According to the above principle, a new four-dimensional hyperchaotic system is constructed. The new hyperchaotic system introduces a nonlinear term w, which is fed back to the other three equations. The new hyperchaotic system is shown as follows.

Lyapunov exponent of Hyperchaotic system
Lyapunov exponent indicates the degree of chaos of the chaos system. The greater the Lyapunov exponent is, the better the chaotic characteristics are. Four Lyapunov exponents of four-dimensional hyperchaotic system satisfy that two Lyapunov exponents are greater than 0, one Lyapunov exponent is 0, and one Lyapunov exponent is less than 0. The Lyapunov exponent test is shown in Table 2. In four-dimensional hyperchaotic system, the maximum Lyapunov exponent characterizes the maximum exponential separation rate of the system orbit. Other Lyapunov exponents are ignored because of largest Lyapunov exponent. Therefore, the maximum Lyapunov exponent characterizes the typical characteristics of chaotic system, and it can also show the character of the chaotic system. From Table 2, compared with the Lorenz system, Rossler system and hyperchaotic system mentioned in Refs. [12,13,15,46], we can see that the maximum Lyapunov exponent of the proposed system is larger than that of other systems. Therefore, the complexity of the proposed hyperchaotic system is greater than that of Lorenz system and some conventional hyperchaotic systems. The new hyperchaotic system has a greater Lyapunov exponent. Dynamics of Lyapunov exponents for new hyperchaotic systems are shown in Figure 3. In four-dimensional hyperchaotic system, the maximum Lyapunov exponent characterizes the maximum exponential separation rate of the system orbit. Other Lyapunov exponents are ignored because of largest Lyapunov exponent. Therefore, the maximum Lyapunov exponent characterizes the typical characteristics of chaotic system, and it can also show the character of the chaotic system. From Table 2, compared with the Lorenz system, Rossler system and hyperchaotic system mentioned in Refs. [12,13,15,46], we can see that the maximum Lyapunov exponent of the proposed system is larger than that of other systems. Therefore, the complexity of the proposed hyperchaotic system is greater than that of Lorenz system and some conventional hyperchaotic systems. The new hyperchaotic system has a greater Lyapunov exponent. Dynamics of Lyapunov exponents for new hyperchaotic systems are shown in Figure 3.

Dissipativity of hyperchaotic system
86 < 0, which indicates that the system is a dissipative system. The volume element of the system shrinks at an exponential rate , the trajectory of the equation will evolve into an invariant set of attractors.
The hyperchaotic system has two characteristics: contraction and divergence. Contraction is the result of dissipation, and divergence is the result of instability. For a hyperchaotic system, due to the existence of dissipation term, the system will shrink to a limited range. However, in the local orbit, the close orbits will be separated because of mutual exclusion, which will lead to the boundedness of the hyperchaotic system and the complexity of the motion in the bounded orbit. As shown in Figure 4, the existence of a chaotic attractor can be clearly seen from the projection of the hyperchaotic system on each plane.

2.
Dissipativity of hyperchaotic system w ∂w = −22.35 + 10.7 − 3.5 + 0.29 = −14.86 < 0, which indicates that the system is a dissipative system. The volume element of the system shrinks at an exponential rate dV dt = e −14.86 . With t → ∞ , the trajectory of the equation will evolve into an invariant set of attractors.
The hyperchaotic system has two characteristics: contraction and divergence. Contraction is the result of dissipation, and divergence is the result of instability. For a hyperchaotic system, due to the existence of dissipation term, the system will shrink to a limited range. However, in the local orbit, the close orbits will be separated because of mutual exclusion, which will lead to the boundedness of the hyperchaotic system and the complexity of the motion in the bounded orbit. As shown in Figure 4, the existence of a chaotic attractor can be clearly seen from the projection of the hyperchaotic system on each plane.  3. Stability and periodicity of equilibrium for hyperchaotic system Equilibrium of hyperchaotic system should be unstable. In the new four-dimensional hyperchaotic system, the equilibrium point is unstable when at least one of the real parts of all eigenvalues of the Jacobian matrix corresponding to the equilibrium is greater than 0. The equilibrium and corresponding eigenvalues of the new four-dimensional hyperchaotic system are shown in Table 3. From Table 3, it can be seen that the eigenvalues of each equilibrium have positive numbers, which indicates that the equilibrium of the chaotic system is unstable.
Through the above analysis and simulation, it can be seen that the dimension of the new hyperchaotic system is greater than 4. Moreover, there are two positive Lyapunov exponents; at least two equations have at least one nonlinear term. The new hyperchaotic system has a singular attractor, dissipative structure and the instability of equilibrium. All these show that the new system is a hyperchaotic system.

Pseudo-Random Sequence Generation
The pseudo-random sequence produced by the new hyperchaotic system needs to be quantized to satisfy the encryption operation. In this paper, a new quantization method

3.
Stability and periodicity of equilibrium for hyperchaotic system Equilibrium of hyperchaotic system should be unstable. In the new four-dimensional hyperchaotic system, the equilibrium point is unstable when at least one of the real parts of all eigenvalues of the Jacobian matrix corresponding to the equilibrium is greater than 0. The equilibrium and corresponding eigenvalues of the new four-dimensional hyperchaotic system are shown in Table 3. From Table 3, it can be seen that the eigenvalues of each equilibrium have positive numbers, which indicates that the equilibrium of the chaotic system is unstable.
Through the above analysis and simulation, it can be seen that the dimension of the new hyperchaotic system is greater than 4. Moreover, there are two positive Lyapunov exponents; at least two equations have at least one nonlinear term. The new hyperchaotic system has a singular attractor, dissipative structure and the instability of equilibrium. All these show that the new system is a hyperchaotic system.

Pseudo-Random Sequence Generation
The pseudo-random sequence produced by the new hyperchaotic system needs to be quantized to satisfy the encryption operation. In this paper, a new quantization method is designed to increase the complexity of the generated sequence. The design process is shown in Figure 5. is designed to increase the complexity of the generated sequence. The design process is shown in Figure 5.

Hyperchaotic System
Pseudo-random sequence of real numbers X Pseudo-random sequence of real numbers Y Pseudo-random sequence of real numbers Z Pseudo-random sequence of real numbers W

Random matrix
Logistic quantization Quantized C Figure 5. Pseudo-random sequence generation algorithm based on hyperchaotic system. The pseudo-random sequence generation algorithm based on hyperchaotic system is described in the following steps: Step 1: According to the iteration of each variable of the four-dimensional hyperchaotic system, four sets of iteration values are generated: they are X, Y, Z, W; Step 2: Perform modulo 256 operations for each real number sequence of X, Y, Z, W, as follows: Step 3: Enter the initial value of the logistic chaotic map, generate the real sequence L, quantize L from 1 to 8; Step 4: Generate the two-dimensional random matrix. Each row of the two-dimensional random matrix is 8 non-repeating integers from 1 to 8. Five such rows are randomly generated, and the order of elements in each row is different; Step 5: Select the ith row of random matrix according to the value of logistic quantization sequence L. According to the ith row selected of random matrix, each variable in X, Y, Z, W selects 2 bits to form a new 8-bit binary sequence.
Step 6: The 8-bit binary sequences are converted to decimal, which form an integer from 0 to 255. Thus, the quantization of the sequence is completed, and the pseudo-random sequence is generated.

Encryption Algorithm on Predicted Values and Final Predicted Errors
The initial GAP predicted values of pixels can influence the subsequent context processing and predicted errors can also influence entropy coding. Because predicted values and predicted errors are generated only once each time, scrambling will waste storage space, so only diffusion is performed here. The pseudo-random sequence generation algorithm based on hyperchaotic system is described in the following steps: Step 1: According to the iteration of each variable of the four-dimensional hyperchaotic system, four sets of iteration values are generated: they are X, Y, Z, W; Step 2: Perform modulo 256 operations for each real number sequence of X, Y, Z, W, as follows: Step 3: Enter the initial value of the logistic chaotic map, generate the real sequence L, quantize L from 1 to 8; Step 4: Generate the two-dimensional random matrix. Each row of the two-dimensional random matrix is 8 non-repeating integers from 1 to 8. Five such rows are randomly generated, and the order of elements in each row is different; Step 5: Select the ith row of random matrix according to the value of logistic quantization sequence L. According to the ith row selected of random matrix, each variable in X, Y, Z, W selects 2 bits to form a new 8-bit binary sequence.
Step 6: The 8-bit binary sequences are converted to decimal, which form an integer from 0 to 255. Thus, the quantization of the sequence is completed, and the pseudo-random sequence is generated.

Encryption Algorithm on Predicted Values and Final Predicted Errors
The initial GAP predicted values of pixels can influence the subsequent context processing and predicted errors can also influence entropy coding. Because predicted values and predicted errors are generated only once each time, scrambling will waste storage space, so only diffusion is performed here.
In order to compare whether the diffusion operation has a significant impact on the compression ratio, this paper designs two different encryption methods. One is the feedback diffusion method based on CBC mode, and the other is the XOR operation of plaintext. The pseudo-random sequence is produced by the new hyperchaotic system to implement encryption. In practical application, two encryption methods can be selected flexibly according to the application requirements.

1.
Encryption based on CBC mode The previous cipher text is used as the input to affect the encryption of the subsequent plaintext, and then XOR with the pseudo-random sequence produced by the four-dimensional hyperchaotic system. Diffusion operation is shown as follows.
where B is the pseudo-random sequence produced by the four-dimensional hyperchaotic system, R is the cipher-text, T is the plaintext, C represents the intermediate variable of encryption. The symbol t is an initial random number between 0 to 255 which is used to encrypt the first plaintext.

Encryption based on XOR mode
In this encryption mode, the plaintext and the pseudo-random sequence are performed XOR operation directly. One bit is taken from each value, and so the eight binary bits in eight values from pseudo-random sequence form a new integer between 0 to 255. In order to increase the security, the new integer is used to perform the XOR operation. The operation is shown in Equation (19).
where P stands for the plaintext, B represents the pseudo-random sequence based on the hyperchaotic system and K is a new pseudo-random sequence based on pseudo-random sequence B.

Design of Image Pixels and Entropy Coding Encryption
The two lines of image pixels are the basis of prediction. After the prediction and coding, the first two lines of pixels need to be read and encapsulated. We can perform strong encryption on the two lines of pixels.
Diffusion and scrambling are performed on two lines of pixels and the entropy coding file. Scrambling is performed based on the two-dimensional baker map.

1.
Scrambling with the two-dimensional baker map The transformation of the two-dimensional baker map is similar to the "kneading" process, and the principle diagram is shown in Figure 6. strong encryption on the two lines of pixels.
Diffusion and scrambling are performed on two lines of pixels and the entropy coding file. Scrambling is performed based on the two-dimensional baker map.

Scrambling with the two-dimensional baker map
The transformation of the two-dimensional baker map is similar to the "kneading" process, and the principle diagram is shown in Figure 6 .  From Figure 6, permutation based on the two-dimensional baker map is designed and shown in Equation (20).
Based on the pixel scrambling method shown in Equation (20), set the times of scrambling, and perform scrambling.

Pixel diffusion with table lookup method
In order to prevent the attack caused by the same type of operation on different pixels, a nonlinear method based on encryption operation table is designed. In the method, the encryption is related to the plaintext, which can enhance the security of diffusion operation. The principle of pixel diffusion is shown in Figure 7. From Figure 6, permutation based on the two-dimensional baker map is designed and shown in Equation (20).
Based on the pixel scrambling method shown in Equation (20), set the times of scrambling, and perform scrambling.

Pixel diffusion with table lookup method
In order to prevent the attack caused by the same type of operation on different pixels, a nonlinear method based on encryption operation table is designed. In the method, the encryption is related to the plaintext, which can enhance the security of diffusion operation. The principle of pixel diffusion is shown in Figure 7.  Figure 7, cipher-text after scrambling is performed on the XOR operation with two results. The two results include the pseudo-random sequence based on the hyperchaotic system and the output result of the encryption operation table. The security of the encryption operation table has a great impact on the security of the whole diffusion system. In order to enhance the security, the table lookup and operation in the table are related to the chaotic map and plaintext. The specific encryption operation table is shown in Table 4.  From Figure 7, cipher-text after scrambling is performed on the XOR operation with two results. The two results include the pseudo-random sequence based on the hyperchaotic system and the output result of the encryption operation table. The security of the encryption operation table has a great impact on the security of the whole diffusion system. In order to enhance the security, the table lookup and operation in the table are related to the chaotic map and plaintext. The specific encryption operation table is shown in Table 4. Table 4. Encryption operation table. From Table 4, the operation included in the non-linear operation table includes six different operations. They are bitwise NOT, recycle shift, XOR operation and the combination of different operation modes. As shown in Figure 7, the encryption really achieved the relevance to plaintext. The encryption operation is decided by the plaintext, which increases the security of the algorithm. In terms of specific operation, the pseudo-random sequence between 0 and 5 is generated by logistic map, which is used to select the entry of encryption operation table for each diffusion operation. The shift operation in the encryption operation table is also related to plaintext, and the number of bits of shift operation is determined by the result of modulo 8 operations for plaintext. Diffusion encryption based on the encryption table is shown in Equation (21).

Operation Number Encryption Operation
where C represents cipher-text, P for plaintext, B for the pseudo-random sequence based on hyperchaotic system and T for output value from encryption operation table.
The image compression and encryption scheme include encryption of the four encryption locations mentioned above. Decryption operation is the reverse process of encryption operation, which will not be described in detail here. The only thing to note is that in the decryption process, the structure of the encryption operation table will be changed. For example, rotating left operation should be changed to rotating right operation, and vice versa.

Performance Analysis of Lossless Image Compression and Encryption Scheme
The experimental environment is Windows 7 32-bit systems, running memory is 2G, and main program running software is Visual Studio 2010 together with Opencv1.0. The test images are 512 × 512 standard test grayscale image Lena, Barbara and obtained from USC-SIPI image database, as shown in Figure 8. tion, and vice versa.

Performance Analysis of Lossless Image Compression and Encryption Scheme
The experimental environment is Windows 7 32-bit systems, running memory is 2G, and main program running software is Visual Studio 2010 together with Opencv1.0. The test images are 512 × 512 standard test grayscale image Lena, Barbara and obtained from USC-SIPI image database, as shown in Figure 8.
In two lines of original pixel and entropy coding encryption, the initial value of logistic map for selecting the entry of encryption operation table is x = 0.361846592847235.
To prove the lossless property of the proposed image encryption and compression scheme, we used MSE in Equation (23) to evaluate the differences between an original imagef (i, j) and the corresponding reconstructed image f (i, j).
where M and N represent the height of image and the width of image, respectively. Obviously, the value of MSE equaling to 0 means lossless property. Table 5 lists the value of MSE for the six images. From Table 5, the values of the six images are all 0. This means the proposed compression and encryption scheme is lossless.

1.
Compression ratio analysis Because encryption on predicted values and predicted errors can influence compression, we compare the compression ratio of two encryption schemes proposed in Section 3.2. The comparison result is shown in Table 6. Here, the unit of compression ratio is bpp (bit per pixel) which is the required number of bits for each pixel. As can be seen from the Table 6, encryption with XOR mode has less influence on the compression ratio than encryption with CBC mode. Although encryption with CBC mode is more secure than encryption with XOR mode, it has obvious impacts on compression ratio and does not have the advantage of the CALIC compression algorithm in the compression ratio.
Because there are still pixel encryption and entropy coding encryption, choosing the encryption with XOR mode can make the compression and encryption algorithm more efficient.

Compression efficiency analysis
The time of the secure CALIC scheme includes the compression time and the encryption time of each encryption part. To improve the measurement accuracy, the compression time is measured before adding the encryption algorithm, and then the compression and encryption time is measured. Finally, encryption time and the percentage of encryption time in the total time are calculated. The running time of different images is shown in Table 7. CALIC lossless image compression algorithm based on prediction mode only scans the image once and for one code residual, therefore, the efficiency is very high, and it is easy to implement in hardware. After the addition of the encryption algorithm, the encryption algorithm time does not greatly affect the compression time and accounts for about 20% of the total time with higher efficiency.

Key Space
For a good encryption algorithm, key space should be large enough to resist the brute force attack. In our algorithm, there are two keys: the pseudo-random sequence generator key and image pixels and the entropy coding encryption key.
For the pseudo-random sequence generator key, there are four real numbers for initial parameters of the four-dimensional hyperchaotic system and one real number for initial parameter of logistic map. To avoid the negative effects caused by discretization, the real numbers should be stored and transmitted using a real data type with high precision. If the implementation language complies with IEEE Standard 754-2008, then it is recommended to use the double data type. The double data type stores real numbers in 8 bytes with an accuracy of 15 decimals. Thus, the length of key will be of 320 bits, which means the size of key space will be equal to 2 320 . In addition, for a random matrix used in pseudo-random sequence generator, there are 8! = 40,320 non repetitive permutations. Five permutations are randomly selected, and there are A 5 40,320 selections in total. For image pixels and the entropy coding encryption key, there is a real number for the initial parameter of logistic map used in pixel diffusion with table lookup method. Thus, the length of key will be of 64 bits, which means the size of key space will be equal to 2 64 . Therefore, the total key space is 2 384 , together with A 5 40,320 random matrix space, which is strong enough to resist the brute force attack.

2.
Fault tolerance of algorithm Fault tolerance of algorithm indicates whether the compressed file of the image can be recognized by the image reader in the case of error decryption. The image compression and encryption algorithm proposed in this paper adds an encryption mechanism to the original CALIC compression algorithm. A small error occurring in the decryption process will lead to the destruction of file format so that the image reader cannot correctly recognize the image. Therefore, it can further enhance the security. We judge whether the compressed file of the image can be recognized by the image reader by introducing small changes to keys in the decryption process of different encryption locations. The results are shown in Table 8. Table 8. Fault tolerance of algorithm.

Predicted Values Predicted Errors Image Pixels Entropy Coding
In Table 8, the symbol √ indicates an image file that can be recognized, symbol × indicates an unrecognized image file. As can be seen from Table 8, in the four encryption locations, only the image pixels with a wrong key will not interfere with the final integrity, which can achieve effective recognition. Predicted values, predicted errors and entropy coding encryption with the wrong key all will cause image damage which cannot be recognized by the image reader. This shows that the proposed algorithm has low fault tolerance but high security. The two lines of pixels are written to the coding file after coding and they are not involved in the coding process, so it has no effect on the file format.

Key sensitivity analysis
A good encryption scheme should be sensitive to the key. A tiny modification of 1 bit to the keys is used to encrypt the image. Each bit in the resultant cipher-text is compared with the corresponding bit in the cipher-text with the original key, and the number of different bits is counted. The mean values of bit change rate of the cipher-text for the different keys are shown in Table 9.  Table 9, bit change rate of the cipher-text is about 50%. It shows that the compression algorithm can also have a strong key sensitivity after the embedding of the encryption algorithm.

Statistical analysis
The pixel distribution of the image containing the valid information is not uniform. After encryption, the pixel distribution is uniform and can resist statistical analysis. Figure 9 depicts the histograms of the original images and the corresponding cipher-texts.
From Figure 9, distribution histogram is uniform after the compression and encryption. Therefore, attackers cannot attack the file with the statistical characteristics of the histogram of the cipher-text, which means the algorithm can effectively resist statistical attack.

Correlation Analysis
Correlation between adjacent pixels is one of the important characteristics of images that are different from other common files. Plain image has a strong correlation. A good encryption algorithm can eliminate the correlation between the adjacent elements of the encrypted file so that the value of other elements cannot be inferred through one element. Correlation calculation is shown in Equation (24).
where C r represents pixel correlation degree, x j and y j represent the gray values of two adjacent pixels and N represents the number of pixels in the sample. The maximum absolute value of the correlation coefficient is 1, and the minimum absolute value is 0. The lower the correlation coefficient is, the lower the correlation of the image pixels. A good encryption algorithm should remove correlation of the image pixels to improve the resistance against an attack. The pixel distribution of the plain images and cipher-images in horizontal, vertical and diagonal formats are shown in Figure 10, and the correlation test results in different directions of the test images are shown in Table 10.

Encryption Location Predicted Values Predicted Errors Image Pixels Entropy Coding
In Table 8, the symbol √ indicates an image file that can be recognized, symbol × indicates an unrecognized image file. As can be seen from Table 8, in the four encryption locations, only the image pixels with a wrong key will not interfere with the final integrity, which can achieve effective recognition. Predicted values, predicted errors and entropy coding encryption with the wrong key all will cause image damage which cannot be recognized by the image reader. This shows that the proposed algorithm has low fault tolerance but high security. The two lines of pixels are written to the coding file after coding and they are not involved in the coding process, so it has no effect on the file format.

Key sensitivity analysis
A good encryption scheme should be sensitive to the key. A tiny modification of 1 bit to the keys is used to encrypt the image. Each bit in the resultant cipher-text is compared with the corresponding bit in the cipher-text with the original key, and the number of different bits is counted. The mean values of bit change rate of the cipher-text for the different keys are shown in Table 9.  Table 9, bit change rate of the cipher-text is about 50%. It shows that the compression algorithm can also have a strong key sensitivity after the embedding of the encryption algorithm.

Statistical analysis
The pixel distribution of the image containing the valid information is not uniform. After encryption, the pixel distribution is uniform and can resist statistical analysis. Figure  9 depicts the histograms of the original images and the corresponding cipher-texts.   From Figure 9, distribution histogram is uniform after the compression and encryption. Therefore, attackers cannot attack the file with the statistical characteristics of the histogram of the cipher-text, which means the algorithm can effectively resist statistical attack.

Correlation Analysis
Correlation between adjacent pixels is one of the important characteristics of images that are different from other common files. Plain image has a strong correlation. A good encryption algorithm can eliminate the correlation between the adjacent elements of the encrypted file so that the value of other elements cannot be inferred through one element. Correlation calculation is shown in Equation (24).
where r C represents pixel correlation degree, xj and yj represent the gray values of two adjacent pixels and N represents the number of pixels in the sample. The maximum absolute value of the correlation coefficient is 1, and the minimum absolute value is 0. The lower the correlation coefficient is, the lower the correlation of the image pixels. A good encryption algorithm should remove correlation of the image pixels to improve the resistance against an attack. The pixel distribution of the plain images and cipher-images in horizontal, vertical and diagonal formats are shown in Figure 10, and the correlation test results in different directions of the test images are shown in Table 10.   According to correlation analysis from Figure 10, the distribution of the elements after being encrypted and compressed is uniform. From Table 10, correlation of plain image is large, and correlation of cipher-image is close to 0. All these indicate that the correlation between pixels is completely destroyed in the cipher-text, and we cannot obtain the pixels information via the adjacent pixels.  6.
Information entropy analysis The value of image information entropy reflects the degree of confusion. The information entropy of the encrypted file reflects the intensity and quality of the file encryption, while the information entropy of predicted errors reflects the compression ratio. The small, predicted errors indicate that the predicted errors are small and evenly distributed, which directly reflects the compression ratio and shows the advantages and disadvantages of the compression algorithm. The information entropy is shown as: In Equation (25), p(x i ) denotes the probability of symbol x i . Taking 8 bytes as a unit, if the probability of every symbol in accordance with a uniform distribution is 1/8, the entropy should be 8. A good encryption scheme should make the entropy approach 8. The entropies of the encryption file and predicted errors are shown in Table 11. From Table 11, we can see that the information entropy of the encrypted file is close to the ideal value 8, which indicates that the encryption effect is good. Compared with this, the entropy of predicted errors is small, which indicates good compression performance.

7.
Analysis of image processing attack In the field of image processing, some image processing methods can be used to restore or improve the quality of degraded images. If image encryption is regarded as an image degradation, the plaintext image information may be obtained by using these image processing methods. Therefore, the image processing method is used to attack the cipher-image to obtain the plaintext information. Since the filter is a common method, we use four common filters to restore the Lena cipher-image, and the results are shown in Table 12. It can be seen from the results in Table 12 that the image quality restored by these image processing methods is very low, and some are even lower than the original cipherimage, which is not helpful for image information restoration.

8.
Security analysis of pseudo-random sequence The security analysis of the pseudo-random sequence described in Section 3.1 is described below.

•
Entropy test Information entropy, approximate entropy and K entropy can be used to test the randomness of a pseudo-random sequence. The larger the value of information entropy, approximate entropy and K entropy, the better the randomness.
Information entropy indicates the confusion degree of information. The definition of information entropy is shown in Equation (25). Approximate entropy is used to calculate the probability of the new pattern in the pseudo-random sequence. The greater the probability, the larger the corresponding approximate entropy, the better the pseudo-random sequence is. Approximate entropy is shown in Equation (26).
where π i = C j 3 , j = log 2 i . C i m is frequency of N overlapping blocks. The pseudo-random sequence to be tested is divided into innumerable small boxes, and each box contains ε value. τ represents a small time interval. P(i 0 , i 1 , ...i d ) is joint probability of the value of sequence in the box of i 0 when τ= 0 and the value of sequence in the box of i d when τ= 0. The K entropy is defined as: The approximate entropy, information entropy and K entropy of pseudo-random sequence generated by the logistic map are compared with the pseudo-random sequence proposed, as shown in Table 13.  Table 13, the pseudo-random sequence used in this paper is better than the pseudo-random sequence generated by the logistic map except that the information entropy of the pseudo-random key stream length of 800 is slightly less than that of the logistic map. It shows good randomness.

• Autocorrelation test
Autocorrelation test is an important indicator of the randomness of the pseudorandom sequence. Specific definition of sequence correlation is shown in Equation (28). where l 1 and l 2 represent the two pseudo-random sequences, respectively. A is the number of the same bit in l 1 , D is the number of the same bit in l 2 and N represents the total length of the key stream sequences. If l 1 and l 2 are the same sequence, ψ is called autocorrelation. The best state of ψ is close to a horizontal line. If the test result is a horizontal line close to 0, it shows that the test sequence has a good randomness.
The test result of the pseudo-random sequence is shown in Table 14. The test result from Figure 11 indicates that the test result is a horizontal line close to 0, which shows a good autocorrelation of pseudo-random sequence.
where l1 and l2 represent the two pseudo-random sequences, respectively. A is the number of the same bit in l1, D is the number of the same bit in l2 and N represents the total length of the key stream sequences. If l1 and l2 are the same sequence, ψ is called autocorrelation. The best state of ψ is close to a horizontal line. If the test result is a horizontal line close to 0, it shows that the test sequence has a good randomness.
The test result of the pseudo-random sequence is shown in Table 14. The test result from Figure 11 indicates that the test result is a horizontal line close to 0, which shows a good autocorrelation of pseudo-random sequence.  Figure 11. Autocorrelation test on pseudo-random sequence. •

Balance test
The balance test is used to count the ratio of 0 to 1 in the pseudo-random sequence. Ideally, the ratio of 0 to 1 is 1. The balance test is expressed as follows: where Sum(0) represents the total number of 0 in sequence, and Sum(1) represents the total number of 1 in sequence. The results of balance test are shown in Figure 12. •

Balance test
The balance test is used to count the ratio of 0 to 1 in the pseudo-random sequence. Ideally, the ratio of 0 to 1 is 1. The balance test is expressed as follows: where Sum(0) represents the total number of 0 in sequence, and Sum(1) represents the total number of 1 in sequence. The results of balance test are shown in Figure 12. The results show that the 0, 1 distribution curve of pseudo-random sequence is close to 1, and the distribution is relatively uniform. •

Sequence distribution test
The sequence distribution reflects the distribution of the pseudo-random sequence value. The more uniform the sequence distribution is, the better the randomness of the sequence is. As shown in Figure 13, the distribution of sequences is relatively uniform, and there is no large-scale sequence aggregation phenomenon, indicating that the randomness of the pseudo-random sequence is good. • NIST SP800-22 tests NIST SP800-22 tests are a testing standard to detect the deviation of a sequence from a true random sequence. It is issued by the American National Standardization Technical Committee and provides 15 methods for testing statistical characteristics. For each test, if the P-value is greater than a predefined threshold α, then it means the sequence passes the test. Commonly, α is set to 0.01. In this paper, 100 groups of sequence of 10 6 bits are tested. Test results are shown in Table 14. Table 14 shows that the pseudo-random sequence has a good randomness and a high security.

Time complexity analysis
The lossless image compression and encryption scheme are performed on gray image with N pixels. The time complexity of the algorithm is shown in Table 15.  Figure 12. Balance test.
The results show that the 0, 1 distribution curve of pseudo-random sequence is close to 1, and the distribution is relatively uniform.

•
Sequence distribution test The sequence distribution reflects the distribution of the pseudo-random sequence value. The more uniform the sequence distribution is, the better the randomness of the sequence is. As shown in Figure 13, the distribution of sequences is relatively uniform, and there is no large-scale sequence aggregation phenomenon, indicating that the randomness of the pseudo-random sequence is good. The results show that the 0, 1 distribution curve of pseudo-random sequence is close to 1, and the distribution is relatively uniform. •

Sequence distribution test
The sequence distribution reflects the distribution of the pseudo-random sequence value. The more uniform the sequence distribution is, the better the randomness of the sequence is. As shown in Figure 13, the distribution of sequences is relatively uniform, and there is no large-scale sequence aggregation phenomenon, indicating that the randomness of the pseudo-random sequence is good. • NIST SP800-22 tests NIST SP800-22 tests are a testing standard to detect the deviation of a sequence from a true random sequence. It is issued by the American National Standardization Technical Committee and provides 15 methods for testing statistical characteristics. For each test, if the P-value is greater than a predefined threshold α, then it means the sequence passes the test. Commonly, α is set to 0.01. In this paper, 100 groups of sequence of 10 6 bits are tested. Test results are shown in Table 14. Table 14 shows that the pseudo-random sequence has a good randomness and a high security.

Time complexity analysis
The lossless image compression and encryption scheme are performed on gray image with N pixels. The time complexity of the algorithm is shown in Table 15.  Figure 13. The distribution of the pseudo-random sequence.
• NIST SP800-22 tests NIST SP800-22 tests are a testing standard to detect the deviation of a sequence from a true random sequence. It is issued by the American National Standardization Technical Committee and provides 15 methods for testing statistical characteristics. For each test, if the P-value is greater than a predefined threshold α, then it means the sequence passes the test. Commonly, α is set to 0.01. In this paper, 100 groups of sequence of 10 6 bits are tested. Test results are shown in Table 14. Table 14 shows that the pseudo-random sequence has a good randomness and a high security.

9.
Time complexity analysis The lossless image compression and encryption scheme are performed on gray image with N pixels. The time complexity of the algorithm is shown in Table 15. According to Table 15, we can see that the time complexity of the CALIC algorithm is only related to the number of pixels that need to be scanned, and it is linear. Four encryption algorithms are stream ciphered based on different data, so the time complexity is linear. In general, the algorithm has low time complexity and high efficiency.

Performance Comparison with Other Schemes
In this section, we provide performance comparisons with Huffman coding and some recent works [7,8,20,26,39,44,47]. Table 16 shows the comparison results for the information entropy and compression performance. Refs. [7,8] are image encryption schemes. Compared with the results of the information entropy in Refs. [7,8], our scheme shows superior performance.
In Ref. [20], compression and encryption are performed separately. Ref. [26] is a joint compression and encryption scheme based on arithmetic coding. Compared with Refs. [20,26], our proposed scheme shows superior performance regarding compression performance.
Refs. [39,44] propose a lossless image compression and encryption method. Compared with Refs. [39,44], our proposed joint lossless image encryption and compression scheme shows superior performance regarding information entropy and compression performance.
From Table 16, although the proposed algorithm has influence on the CALIC compression ratio, it still better than compression algorithms of Huffman coding and those mentioned in Ref. [47] for the compression ratio.

Conclusions
In this paper, we first analyzed the CALIC scheme and then found four encryption locations according to the CALIC compression algorithm. The four locations in CALIC are encrypted, respectively, as: the predicted values, predicted errors, pixels and entropy cod-ing file. In order to obtain better security, a new four-dimensional hyperchaotic system was constructed. Based on the new hyperchaotic system, a pseudo-random sequence generation algorithm used in four locations encryption was designed, and the security of the sequence was tested. According to the different characteristics of the four encryption locations, CBC mode encryption, XOR mode encryption, scrambling with the two-dimensional baker map and plaintext-related encryption based on table lookup were all used to enhance the security. For encryption based on table lookup, the operation is selected from encryption operation table based on the sequence generated by the logistic map. Each operation is related to plaintext, which can improve the security of the encryption algorithm. The algorithm was tested on compression and security performance. The experiment results show that the proposed algorithm has better security and compression performance. The scheme was tested for grayscale images. In the future, we aim to extend it to color images.