A Hyper-Chaotically Encrypted Robust Digital Image Watermarking Method with Large Capacity Using Compress Sensing on a Hybrid Domain

The digital watermarking technique is a quite promising technique for both image copyright protection and secure transmission. However, many existing techniques are not as one might have expected for robustness and capacity simultaneously. In this paper, we propose a robust semi-blind image watermarking scheme with a high capacity. Firstly, we perform a discrete wavelet transformation (DWT) transformation on the carrier image. Then, the watermark images are compressed via a compressive sampling technique for saving storage space. Thirdly, a Combination of One and Two-Dimensional Chaotic Map based on the Tent and Logistic map (TL-COTDCM) is used to scramble the compressed watermark image with high security and dramatically reduce the false positive problem (FPP). Finally, a singular value decomposition (SVD) component is used to embed into the decomposed carrier image to finish the embedding process. With this scheme, eight 256×256 grayscale watermark images are perfectly embedded into a 512×512 carrier image, the capacity of which is eight times over that of the existing watermark techniques on average. The scheme has been tested through several common attacks on high strength, and the experiment results show the superiority of our method via the two most used evaluation indicators, normalized correlation coefficient (NCC) values and the peak signal-to-noise ratio (PSNR). Our method outperforms the state-of-the-art in the aspects of robustness, security, and capacity of digital watermarking, which exhibits great potential in multimedia application in the immediate future.


Introduction
The excessive spread of Internet is a double-edged sword. On the one hand, information accessing and sharing are more convenient than ever. On the other hand, illegal data copying, reproduction, and editing are more rampant as well [1]. From social media to government online management, from telemedicine to cloud services, from commercial activities to military, all the important information storage and communication which heavily relies on the Internet are prone to be collected and undermined by unpermitted malicious attackers. The protection, certification, and authentication of the Information Sovereignty are particularly urgent.
Digital watermark embedding is one of the promising solutions for data security, which has been widely used in various scenes. By embedding specific relevant information into the host data, the digital watermarking scheme could be used as an information hiding means to ensure the reliability and origination of online data transformation, so that the multimedia data are protected and secured [2]. The categories of digital watermark can be classified as the visible and imperceptible one according to its visibility. The former often suffers from insufficient robustness, and does not constitute a proof of ownership either [3]. For practical reasons, the latter are preferred by academic researchers [4].
Imperceptible watermarks involve the spatial domain one and the transform domain one referring to distinctions of embedding methods [5]. In the spatial domain, watermarks are embedded via modifying the pixel values of the original image. Harahap et al. [6] proposed a spatial domain watermarking scheme, that in which pictures or text in binary form are embedded into the host data. They manage to embed a 150 × 150 grayscale watermark into a 518 × 649 color image, and pursue low time cost on the embedding process. Although most spatial domain watermarking schemes have less computational complexity than the transform domain schemes to perform, their anti-attack characteristics is far poorer than the latter which has a higher robustness on average [7].
In the transform domain, watermarks are first embedded by changing the frequency coefficients of image transformed mainly by discrete wavelet transform (DWT), discrete cosine transform (DCT) or Contourlet Transform. Then, the embedded coefficients are inverse-processed to form the watermarked image. Thus, the watermark often owns better invisibility and stronger robustness to some common image-processing operations and attacks [8]. Vaidya and Mouli [9] proposed a method based on hybrid transformation with DWT, Contour transformation, Schur transformation, and SVD to embed a 62 × 62 gray watermark image into a 512 × 512 × 3 color image, which reveals good resistance to signal processing attacks. Kumar et al. [10] proposed an enhanced transform domain watermark scheme based on DWT, DCT, and SVD with set partitioning in a hierarchical tree (SPIHT), which can restore a 256 × 256 watermark from a 512 × 512 host image with a high resistance under various attacks. Ambadekar et al. [11] encrypted a 90 × 90 watermark image, and then embedded it into a 228 × 228 host image through DWT transformation, who claimed a high robustness of their method against various types of attacks. However, with all these schemes listed above, only a very limited size of watermark images are embedded into the host image.
The invisible watermarking techniques can be further divided into three types: blind, semi-blind, and non-blind ones according to the amount of information of the original watermark required for extracting. Non-blind methods need the original signal, whose application is limited due to the unsure access to the original signal. Blind methods require no information of the original signal at all for watermark recovering, but are full of challenges [12]. For semi-blind watermarking techniques, side information rather than the whole original watermark is needed for watermark recovery [13], which aims to make a compromise between the blind and the non-blind schemes.
Note that an imperceptible image watermark scheme should be built with large capacity, strong robustness, high security, and good imperceptibility [7]. A watermarking scheme with great capacity could surely contain more information, offering more essential and detailed materials supporting its function like providing authentication or information hidden, e.g., embedding different copyrights into images like digital collections with more than one author [14], or during the distribution of the media content from producers, retailers, and customers to protect the benefits of both the producer and the middle distributors [15]. Unfortunately, most state-of-the-art schemes as discussed above are insufficient, especially in the capacity. Therefore, putting forward algorithms for preserving the desired properties of a watermarking procedure is quite essential.
In this paper, we proposed a hyper-chaotically encrypted robust digital image watermarking scheme which has a high capacity by using compressive sensing (CS) on a hybrid domain. The main contributions of our work are summarized as follows: (1) Capacity: CS is introduced into our scheme to compress the watermark for pursuing high capacity. Compared with those existing grayscale watermark algorithms, our scheme is eight times over them in capacity, which brings a great improvement to the watermark capacity.
(2) Robustness: The proposed scheme combining DWT with SVD has high robustness, which can effectively restore all the embedded watermarks with high NCC values when confronting with the threats of several typical strong attacks.
(3) Security: A hyperchaotic system with a broad chaos range is introduced for watermark image encryption, which can provide a huge secret key space. The proposed scheme is capable of guaranteeing the security of the watermarks in the host image. Even if the embed algorithm is cracked, the attacker would never be able to restore the encrypted watermark images validly from the host image without the correct secret keys, thus overcoming the FPP of SVD-based watermarking techniques.
The rest of our paper is organized as follows: Section 2 refers to preliminaries including a few fundamentals of CS, SVD, DWT, and the hyperchaotic system TL-COTDCM. In Section 3, the proposed scheme is elaborated in detail. In Section 4, experiment results and discussions are given. In Section 5, we present conclusions for the whole work.

Discrete Wavelet Transform
DWT is used to transform an image from spatial to frequency domain, which can decompose an image into four sub-bands known as LL, LH, HL, and HH sub-bands, and provide the low resolution, the horizontal, diagonal, and vertical details of the image separately in the spatial domain [16]. Compared with the discrete cosine transform (DCT), DWT has less computational complexity and is more favorable in image processing for the utilization of informative wavelets with details from both spatial and frequency domains rather than merely frequency as in DCT. In particular, the precise spatial frequency localization of DWT allows for the exploitation of the masking effect of the human visual system (HVS) so that only the region corresponding to a modified DWT coefficient would be changed [17]. Several wavelet filters could be chosen to perform the 2D-DWT, such as Coiflets, Haar and Daubechies, etc. As shown in Figure 1, DWT could be iteratively executed on a signal to split it into low and high-frequency sub-bands level by level until a sufficient decomposition is obtained [18]. In our scheme, we choose 1-level DWT [19,20] with the Haar wavelet filter for the low computing complexity and high image resolution.  CS believes sparse signals, which are thought of as an incomplete description of the original signals before, could be used to reconstruct original signals [21]. It was firstly introduced by Candes and Donoho in 2006 [22]. According to the CS theory, a 2D signal A of size a × a could be measured by: where α is the sparse coefficient, Φ 1 is a b × a measurement matrix, and Ψ is an a × a orthogonal basis [23]. Let β be the sparse coefficient vector of α in the Ψ domain; then, β could be obtained by: where γ = Ψ T A T Ψ, which is a 2D Ψ transformation of signal A T . The M × M measurement value B is obtained by measuring β with another measurement matrix Φ 2 : where B is the result of the 2D CS transformation. The original signal A could be recovered from the measurement value B by solving the following convex optimization problem: The CS theory enables the signal storage to consume quite a lot less memory, which also can be viewed as a symmetric cryptosystem with the original signal, the measurement matrix and measurement value corresponding to the plaintext, secret key and ciphertext, respectively [24]. It performs sampling, compression, and encryption simultaneously possessing a wide range of application scenarios, such as image compression and data encryption.

The TVAL3 Algorithm
There have been many effective reconstruction algorithms such as the orthogonal matching pursuit (OMP) [25], subspace pursuit (SP) [26], and stochastic gradient pursuit (SGP) [27] to pursue a favorable reconstruction quality. In our scheme, we apply the TVAL3 algorithm for compressive sensing implementation.
The TVAL3 algorithm developed by Li [28] uses the total variation (TV) regularization to solve the CS problems, which improves the recovered image visual quality by preserving the edges or boundaries more accurately. It has been proved that this algorithm could recover the original signal within an affordable running time for noise-free images with various of measurement matrices [28].

The Hyperchaotic System TL-COTDCM
A hyperchaotic system is defined as chaos with more than one positive Lyapunov exponent, which indicated that the dynamics of the system are expanded in more than one direction and give rise to a more complex attractor. The enhanced behaviors of the hyperchaotic system offer it a wider application in nonlinear circuits, secure communications, lasers, and synchronizations [29].
The TL-COTDCM we proposed in our previous work [30] has two large positive Lyapunov exponents, indicating a quite complex dynamics behavior, which is defined as follows: where a, b, c, d, and e are the control parameters, and a is defined in the range [0,1]. We set a = 0.5, b = 4, c = 4, d = 2, and e = 2, the phase diagram and bifurcation of TL-COTDCM is shown in Figure 2. It is obvious that the phase diagram of this system is able to fill the whole 2D space, indicating the complex nonlinear dynamics characteristics of TL-COTDCM. In this paper, the initial values of state variables are set as (x 0 , y 0 ) = (0.6, 0.98), which is used to yield measurement matrix for compressive sensing as well as secret keys for sampled image encryption.

SVD
SVD, a common linear algebra tool which is widely utilized in signal processing, artificial intelligence and image compression, etc. One merit of applying SVD is that the singular values of an image vary minimally when it is marginally disturbed [31].
An image could be viewed as a matrix, an array of nonnegative scalar, from the point of view of linear algebra [32]. Assuming that A is an N × N grayscale image, then the SVD of it is depicted as where both U and V are N × N orthogonal matrices and S is an N × N diagonal matrix containing singular values of the original image matrix A. SVD is widely used in watermarking algorithms as it adapts to different rectangular size images. The watermarks would be embedded effectively on an SVD executed host image.

Methods
In this section, we present our watermark scheme in detail. The proposed watermarking scheme is composed of four main steps: compression and encryption, embedding, extracting, and decryption and decompression process. The first two procedures are performed at the sending site, while the other two are done at the receiving site after obtaining the watermarked image from the public channel. Each procedure is elaborated in detail as follows.

Compression and Encryption
To maximize utilization of the capacity of host image, we perform CS on original watermark images to compress them into smaller sizes for embedding. Here, we use a sampling rate ρ of 0.25 for a trade off between image quality and compression ratio, which means that only 25% of the information of the original watermark images are used for embedding. Then, the compressed watermarks are encrypted by using the order of a sorted TL-COTDCM sequence again to achieve a higher level of security. Two initial values are defined as secret keys for the TL-COTDCM to generate the chaotic sequence.
The flowchart of this procedure is shown in Figure 3. More details are described as Initialize the control parameters of TL-COTDCM, input two states x 0 and y 0 to actuate the hyperchaotic system; 3.

4.
Omit the first 800 elements of U to avoid transient effect in the later scrambling procedure. Reorder the rest elements of U in ascending order, and record the position of them each element in the new sequence. Define the position sequence as L 8×64×64 ; 5.
Utilize L for shuffling P and yield the scrambled sequence CI; 6.
Reshape CI into a tensor composed of eight matrices of size 64 × 64. Then, we obtain the compressed and encrypted images; 7.
Transform the aforementioned watermarks by where x k (i, j), xx k (i, j) and CI k (i, j) are the elements located at the ith row and jth column in the kth matrix of tensor x, xx, and CI, respectively. 1 ≤ i ≤ 64, 1 ≤ j ≤ 64, 1 ≤ k ≤ 8. α is a retaining factor (RF) for controlling the embedding accuracy, a greater value of which may bring better recovery quality but induce worse imperception. It is empirically set as 7 in our schemes. · denotes round down operation.

Watermarks Embedding
In this process, eight encrypted images are embedded into the host image to obtain a visually meaningful image. The diagram in Figure 4 displays the whole processing in detail, which can be accomplished via eight main steps.

1.
To avoid the distortion of the host image caused by the probable data overflow after the embedding procedure, the pixel values of the host image are normalized in 10 to 245 according to where H and H represent the original and adjusted host image, respectively. · denotes a round-up operation.

2.
Perform 2D DWT on H 3. Perform SVD on the aforementioned DWT components via where i = a, h, v, d.

4.
Generate T i1 and T i2 of size [256, 256] by recombining the tensor i(i = x, xx) with the following equation to prepare for embedding: where i n (n = 1, 2, . . . , 8) represents the nth matrix in tensor i.

5.
Embed T i1 and T i2 into S i obtained in Step 3 to generate S i1 according to where β is a scaling factor (SF) for embedding strength controlling. A greater β benefits anti-attack robustness but also harms imperception. It is empirically set as 6 in this paper. 6.
Apply SVD on S i1 once again where U i 2 and V i 2 are stored for reconstruction. 7.
Calculate the embedded DWT components with U and V obtained in Step 3: where i = a, h, v, d.

8.
Generate the watermarked host image H e by performing inverse discrete wavelet transformation (IDWT) on the embedded components

Watermarks Extracting
Watermark extraction is mainly to execute an inverse operation of embedding process on the watermarked host image, which is illustrated in Figure 5. In the extracting process, we perform DWT on the watermarked image, and SVD and recombination operations are executed subsequently.
Perform SVD on the obtained DWT components where i = a, h, v, d.

3.
Calculate the new approximate coefficient matrices C newi , where i = a, h, v, d

Calculate the scrambled coefficients
where i = a, h, v, d 5.
Reconstruct the scrambled images via utilizing coefficients in Step 4 6. Split the aforementioned SP 1 and SP 2 into four matrices separately with a size of 64 × 64. Then, form these eight matrices into a tensor CI , which is the extracted encrypted watermark images. This step is illustrated in Figure 6.

Decryption and Decompression Process
To obtain the plain watermarks from the ciphertext obtained from extraction, first, the tensor CI is reshaped into a vector with a size of 1 × 32,768 and scrambled subsequently by the reverse order of the hyperchaotic sequence produced by TD-COTDCM. Finally, the eight watermark images will be recovered from the decrypted tensor through CS reconstruction tools. The diagram of the process is shown in Figure 7. More descriptions are detailed as

1.
Reshape the tensor CI into a row vector with a length of 8 × 64 × 64; 2.
Generate chaotic sequence U and obtain the position sequence L as described in Step 3 and Step 4 of part A in the Methods section; the only difference is that elements of U are in descending order; 3.
Perform the shuffle operation to CI by using L ; 4.
Reshape the shuffled CI into a tensor with eight matrices of size 64 × 64; 5.
Recover eight grayscale watermarks of 256 × 256 one by one by executing the TVAL3 reconstruction tool on each block of CI with the compression ratio ρ of 0.25.

Experimental Results and Discussion
The experiments are conducted on a PC running Windows 11 OS with x64 processor, 16 GB RAM, and 2.11 GHz CPU, and the corresponding codes are executed on the Matlab R2021a. As shown in Figure 8, the test images include the 512 × 512 grayscale host image "baboon" and eight grayscale watermark images with a size of 256 × 256, which are downloaded from the widely used public image database USC-SIPI. We compare our method with several existing recent ones which include the hybrid blind digital image watermarking methods [33], visually meaningful image encryption scheme based on a single chaotic map [18], blind color image watermarking method based on DWT and DCT [34], blind digital image watermarking based on Henon Chaotic Map and Elliptic Curve Cryptography [35], and secure and robust digital watermarking scheme based on logistic and RSA encryption [36]. The evaluated indicators involve capacity, imperceptibility, robustness, and security.

Capacity
To obtain an objective assessment, we apply grayscale image "baboon" uniformly to verify our proposed methods and the ones in [18,33,35,36] except for [34] require a colorful form.
As shown in Figure 9, our scheme ensures a total of eight watermarks with a size of 256 × 256 to be inserted in a host image with a size of 512 × 512, the works in [33,34] can embedded only 1 watermark with a size of 48 × 48 and 64 × 64, respectively. While the others [18,35,36] are one watermark with a size of 256 × 256. It is clear that our scheme enables maximum utilization of the capacity of the host image, which owns a higher capacity for watermarks than other schemes.

Robustness
Robustness refers to the resistance of an embedded watermark to attacks on the watermarked image. The normalized correlation coefficients (NCC), which can measure the similarity between the original watermark and the extracted one, is usually utilized as a criteria for robustness. NCC has a value in range 0 to 1, a greater value of which reflects a higher quality of watermark recovering. It is calculated as where W and W represent the pixel value of the original watermark and the extracted one, respectively. Note that the evaluation indicators in our experiments correspond to the mean value of eight embedded images in order to show a general performance of the proposed scheme.  Table 1. For Gaussian noise attack, our scheme maintains values of the NCC stably above 0.96 under different noise variance, while others show an apparent descendant tendency. In particular, the scheme in [18] almost has no resistance to Gaussian noise attack. As for Salt and Pepper noise attack, our scheme and [33] maintain NCCs more stably than others. Although the performance of [18] is a little better under this kind of attack than that under Gaussian noise attack, it still obtains the lowest score. Figure 10 also illustrates the comparison of the aforementioned watermarks schemes under different noise attacks. No matter what the attack noise type is, our scheme could resist them well.

Geometric and JPEG Compression Attacks
JPEG compression attack and Geometric attack involving rotation attack and cropping attack are used for testing watermarking schemes robust in this part. The compression ratio is set as 10%, 20%, 30%, 40%, and 70%. The rotation angle is set as 15 • , 25 • , 30 • , and 45 • ; the cropping size is set as 50 × 50, 100 × 100, 150 × 150, and 200 × 200. The experimental results are shown in the latter part of Table 1. For rotation and JPEG compression attacks, the scheme in [33] and ours perform slightly better than in Ref. [35] but are obviously superior to others. As for cropping attack, we can find that the scheme in [33] and ours are still outperforming others. However, when the cropping attack of size 512 × 512, i.e., no information of the watermarked image is involved, the scheme in [33] can recover the watermark well, which seems unreasonable. In fact, the watermarking scheme in [33] must use the wavelet coefficients of the original watermark for extraction, but it is impossible to obtain these coefficients in the watermarked image unless the watermark is accurately extracted, i.e., one must obtain the original watermark to extract the watermark, which is contradictory. Figure 11 also shows a comparison of those watermarking schemes under different attacks. It is clear that our method performs better than others.
In Figure 12, we display some recovery results of our scheme against several attacks, and the recovered watermarks are still in high visual quality even with the host image under some strong attack.

Imperceptibility
The NCC is also used to measure the imperceptibility of watermarks in a watermarked image. Except for the aforementioned indicator, the Peak Signal-to-Noise Ratio (PSNR) measures the peak error between the watermarked host image, and the original host image is another popular indicator for imperceptibility. It is defined as where MSE represents the mean square error, H(i, j) and H (i, j) represent the pixel value of the original host image and the watermarked one located at the ith row and jth column, respectively. Table 2 records the PSNR and NCC values of various techniques without any attacks, which is also illustrated in Figure 13 for clarity. Although our scheme shows low indicators of imperceptibility, we consider it still to be acceptable. As shown in Figure 14, there is almost no visual distortion on the watermarked image even though eight watermarks are embedded.   The application of TD-COTDCM makes our scheme very sensitive to slight variations of secret keys. As shown in Figure 15, with the correct secret key, the image can be decrypted successfully; otherwise, one can not decipher any meaningful information visually even if the secret key varies very little. Table 3 shows different encryption mechanisms adopted in each watermarking scheme. It is known that Arnold transform has a limited transformation cycle, the image encrypted by Arnold transform can be deciphered easily by attackers with a continuous shuffling process in finite times [31]. Compared with those ordinary chaotic systems, the hyperchaotic system exploited in our scheme owns higher randomness and more complex nonlinear dynamics as well as a very large secret key space. The merits of TD-COTDCM guarantee higher security of the watermarks in our scheme than others. Most SVD-based watermarking techniques fail to offer authentication due to their FPP [37], and many efforts were made to provide available solutions, e.g., Ganic and Eskicioglu [38] decomposed a host image with one-level DWT and then applied SVD on a grey-scale watermark image and its sub-bands; Rastegar et al. [39] proposed a hybrid SVD-based image watermarking scheme by applying Finite Radon Transform (FRT) and 3-level DWT to the host image. One-way hashing function on U and V is introduced as well in [40] for reducing FFP. However, all these techniques still suffer from FPP [37] as U and V components are stored as secret keys. Therefore, watermark encrypting becomes a valid solution since only a noise-like watermark image could be obtained if the owner could not provide the correct secret keys. In our scheme, we combine the hybrid domain transforming method and encryption method together, and thus to achieve a stronger watermark security, robustness, and higher imperceptibility. The proposed scheme is very sensitive to slight changes in the secret keys and thus is capable of overcoming the FPP [20], and serving for authentication, copyright ownership protection, and digital steganography.

Keyspace Analysis
The TD-COTDCM has five parameters: a, b, c, d, e, which are very sensitive to boundary conditions. Its parameters have a wide range of behaving hyper-chaotically [10]. The secret key space is at least 1 × 100 4 × 2 128×5 , which shows its strong resistance to brute force attacks.

Application in Color Images
In addition, our method is applicable to color image watermarking as well. The processing includes decomposing the color host image into three component matrices referred to as R, G, and B channels, firstly. Each channel is deemed as a grayscale host image for watermarks embedding with the proposed scheme, subsequently. A 512 × 512 × 3 color image can be embedded in a total of 24 grayscale watermark images size 256 × 256. The original color image and grayscale watermarks are shown in the top part of Figure 16, while the bottom of Figure 16 illustrates the watermarked image where one could hardly perceive any visual distortions. Figure 17 displays the watermarks after decryption, which still maintain high visual quality. Indicators include PSNR and NCC values of this part are recorded in Table 4. Note that all NCC values are greater than 0.93, which exhibits a preferable performance.

Conclusions
In this paper, a robust digital watermarking scheme using CS sampling and a hyperchaos encrypting technique on a hybrid domain is proposed, which enables a 512 × 512 grayscale host image to accommodate up to eight grayscale watermark images with a size of 256 × 256. The application of CS in the proposed scheme is to maximize the utilization of capacity, which is equivalent to capacity expansion of the host image. The TD-COTDCM has a very large secret key space and ensures a measurement matrix with the property of preferable pseudo-randomness. The introduction of this hyperchaos into our scheme is another great improvement for the robust and security guarantees as well as the FPP. In addition, the execution of SVD on both watermarks and host images also benefits the capacity, robustness, and security of the proposed scheme to some extent. The experimental results show that our scheme can be effectively resistant against different levels of Gaussian noise, pepper and salt noise, JPEG compression, and cropping attacks, which reveal higher robustness than several existing methods. Although the indicators on imperception of the proposed methods are slightly lower than those of comparison methods, there is no visual distinction between the watermarked image and the host image in our scheme. Furthermore, our scheme ensures a large capacity for watermarks embedding, which applies to both grayscale and color images. It is concluded that the proposed scheme will shine in future watermarking applications.