An Image Encryption Algorithm Using Cascade Chaotic Map and S-Box

This paper proposed an image algorithm based on a cascaded chaotic system to improve the performance of the encryption algorithm. Firstly, this paper proposed an improved cascaded two-dimensional map 2D-Cosine-Logistic-Sine map (2D-CLSM). Cascade chaotic system offers good advantages in terms of key space, complexity and sensitivity to initial conditions. By using the control parameters and initial values associated with the plaintext, the system generates two chaotic sequences associated with the plaintext image. Then, an S-box construction method is proposed, and an encryption method is designed based on the S-box. Encryption is divided into bit-level encryption and pixel-level encryption, and a diffusion method was devised to improve security and efficiency in bit-level encryption. Performance analysis shows that the encryption algorithm has good security and is easily resistant to various attacks.


Introduction
After decades of development, digital information has grown extensively in capacity, and various electronic devices are changing gradually, accompanied by a large amount of data for transmission and communication [1], which brings various kinds of security risks in this background, especially image data and video. While traditional encryption techniques such as DES and AES have achieved good results in text encryption, they are not ideal for encrypting large amounts of modern image data [2,3].
Due to chaotic sensitivity to initial state and control value, good pseudo-randomness, ergodicity and unpredictable trajectory [4], the combination of chaos and encryption technology has produced many different chaos and applications: The chaotic system that has the property crosses a pre-define cylinder repeatedly and proposes the XOR approach for diffusion encryption of images. Despite receiving good encryption performance, this scheme lacks the appropriate scrambling operations, and the encryption scheme is independent of the plaintext image, making it difficult to resist chosen-plaintext attacks [5]. The encryption algorithm uses 3Dchua's system with a combination of DWT transform and compressed sensing [6], and its experiments have shown its good encryption effect. The method NCCS, which generates new maps by combining methods, is able to overcome the shortcomings of a traditional one-dimensional chaotic map and gives a bit-level confusion and diffusion scheme while incorporating plaintexts in the keys used, which are shown to be well secured. However, when operating on the bit level, a large number of chaotic sequences are required, which creates some time consumption [7]. In addition, a cascaded chaotic system, as a form of chaos, is also a research hotspot; different chaos and encryption schemes are proposed: Zheng et al. [8] used an encryption scheme based on cascaded chaos, which generates new chaos through a cascaded one-dimensional chaotic map, so as to improve the performance of chaos and be used in encryption. Encryption methods

Introduction of Chaotic Map
In nonlinear dynamic systems, chaos is a stochastic process that is frequently employed in cryptography research [24]. One-dimensional Logistic and Sine map is classical chaotic map with a simple structure. They are defined as follows.
The chaotic behavior of a chaotic system can be measured by the bifurcation diagram and the Lyapunov exponent. Figure 1a,b shows that the chaotic range of the onedimensional Logistic chaotic map is restricted. From Figure 1b, we are able to find that µ is in the range of [0.89, 1], and its Lyapunov exponent is greater than 0. Figure 1c,d show that the chaotic range of the one-dimensional Sine map is similarly constrained, with k in Figure 1d in the range [0.87, 1] before its Lyapunov exponent is greater than 0 to be chaotic. Hence the classical Logistic and Sine maps are limited in terms of key space and are not resistant to brute force cracking.

Cascade Chaotic Map
A cascade map is a form of a chaotic map; the use of cascades can effectively improve the performance of chaotic systems. In order to solve the problem of small chaotic intervals and uneven distribution, we designed a two-dimensional cascade chaotic map, which has a more complex chaotic behavior than one-dimensional chaos and a faster iteration speed than two-dimensional chaos. The cascade system is shown in Figure 2, where f 1 (x n ), f 2 (x n ) are two different subsystems.

Cascade Chaotic Map
A cascade map is a form of a chaotic map; the use of cascades can effectively improve the performance of chaotic systems. In order to solve the problem of small chaotic intervals and uneven distribution, we designed a two-dimensional cascade chaotic map, which has a more complex chaotic behavior than one-dimensional chaos and a faster iteration speed than two-dimensional chaos. The cascade system is shown in Figure 2 The essence of cascading is that the output of a certain initial value after the iteration of system 1 is taken as the iterative output of system 2, and the iterative output of system 2 is taken as the iterative output of system 1, thus forming a circular iteration between two subsystems. Chaotic systems are generated by the cascade method, where the Lyapunov value of the system is the sum of the Lyapunov exponents of the cascaded subsystems, and the sequential trajectory of the system output deviates sharply as the number of iterations increases [25].

Cascade Chaotic Map
A cascade map is a form of a chaotic map; the use of cascades can effectively improve the performance of chaotic systems. In order to solve the problem of small chaotic intervals and uneven distribution, we designed a two-dimensional cascade chaotic map, which has a more complex chaotic behavior than one-dimensional chaos and a faster iteration speed than two-dimensional chaos. The cascade system is shown in Figure 2 The essence of cascading is that the output of a certain initial value after the iteration of system 1 is taken as the iterative output of system 2, and the iterative output of system 2 is taken as the iterative output of system 1, thus forming a circular iteration between two subsystems. Chaotic systems are generated by the cascade method, where the Lyapunov value of the system is the sum of the Lyapunov exponents of the cascaded subsystems, and the sequential trajectory of the system output deviates sharply as the number of iterations increases [25]. The essence of cascading is that the output of a certain initial value after the iteration of system 1 is taken as the iterative output of system 2, and the iterative output of system 2 is taken as the iterative output of system 1, thus forming a circular iteration between two subsystems. Chaotic systems are generated by the cascade method, where the Lyapunov value of the system is the sum of the Lyapunov exponents of the cascaded subsystems, and the sequential trajectory of the system output deviates sharply as the number of iterations increases [25].
Using cosine functions is proposed and demonstrated in [26], where existing chaotic maps are cascaded by using cosine functions to improve their chaotic performance and extend the chaotic space, the expression as shown in Equation (3): where G(·) is the subsystem 2 and F(·) is the subsystem 1. In order to extend it to two dimensions, the general form expression is shown in Equation (4): where x i , y i are two variables and G is the cosine that it can be represented as Equation (5): In Equation (3), to increase the chaotic complexity of the cosine function-based system, a new control parameter h is introduced as part of the exponential function. When the angle of the cosine function is large enough that even small differences can lead to large output differences such as cos 2 10 = 0.0001557636 and cos 2 10.00001 = 0.987355203504, also reducing the complexity of the calculation to make h ∈ [10,24].
are Logistic map and Sine map, respectively, and A(x i , We made them as subsystem 1 of Equation (4) and used it as the argument of subsystem 2, and then we derived Equation (6): Further, controlling the value of the parameter θ enables Logistic and Sine to be in chaos, which, according to Figure 1, makes k 1 = k 2 = 1 − 1 9 θ [27], and when using mod1 to control the iteration value between (0, 1), the chaotic map 2D-CLSM expression is shown in Equation (7): where x i ∈ (0, 1), y i ∈ (0, 1) are the control parameters h ∈ [10,24], θ ∈ [0, 1].

Performance Evaluation
In order to analyze the 2D-CLSM's performance, we compared it with another existing 2D chaotic map for image encryption, i.e., the 2D Logistic-Sine-Coupling Map (2D-LSCM) [28].

Chaotic Trajectory
The trajectory of a 2D-CLSM shows how motion increases over time from a specific initial state. In the case of periodic motion, the trajectory would be a closed curve, whereas the trajectory of chaotic behavior would theoretically never close or repeat. Therefore, chaotic trajectories usually occupy a part of the phase space and can reflect the randomness of the chaotic system output. If a chaotic trajectory can occupy a larger portion of the phase space, the chaotic system has a better stochastic output.
From Figure 3a-f, we can see that the 2D-CLSM is able to occupy the full phase plane for all trajectories within the parameter range, and the ability to occupy the full phase plane with both different θ and h indicates that the improved chaotic system has a better random output. On the contrary, 2D-LSCM is influenced by control parameters, which are not able to occupy full space.

Bifurcation Diagram
We set initial value as x 0 = 0.4, y 0 = 0.3 and the 2D-CLSM h = 15. As shown in Figure 4a-d, 2D-CLSM is in a chaotic state in the whole parameter domain, and it is more uniform. On the contrary, the 2D-LSCM does not occupy the entire plane, where the control parameters are at [0. 3, 0.43], and values between [0, 0.1] cannot be generated iteratively. ness of the chaotic system output. If a chaotic trajectory can occupy a larger portion of the phase space, the chaotic system has a better stochastic output.
From Figure 3a-f, we can see that the 2D-CLSM is able to occupy the full phase plane for all trajectories within the parameter range, and the ability to occupy the full phase plane with both different θ and h indicates that the improved chaotic system has a better random output. On the contrary, 2D-LSCM is influenced by control parameters, which are not able to occupy full space.

Lyapunov Exponent
The LE (Lyapunov exponent) describes the sensitivity of a chaotic mapping to initial values. In general, a chaotic map is in a chaotic state when 0 λ > indicates that two adjacent phase points are about to separate and the chaotic map is in a chaotic state. For a

Lyapunov Exponent
The LE (Lyapunov exponent) describes the sensitivity of a chaotic mapping to initial values. In general, a chaotic map is in a chaotic state when λ > 0 indicates that two adjacent phase points are about to separate and the chaotic map is in a chaotic state. For a two-dimensional map, the system of difference equations is assumed to be: Its Jacobian matrix at the point x (i) =(x i , y i ) is as follows: Let , then the eigenvalue of J i may be expressed as λ The Lyapunov exponents of system (9) can be expressed as Equation (11): The larger the value of λ, the faster the separation of point phase points in the phase space and the greater the sensitivity of chaos to initial values. Figure 5 shows the Lyapunov exponent of 2D-CLSM and 2D-LSCM; it is clear that the 2D-CLSM has a better chaotic behavior than 2D-LSCM.

NIST Test
In this paper, 15 NIST tests were used to test the randomness of the generated sequences, and 15 correspond to p-values to show the test result. The sequence is considered random when the p-value is over 0.01. Table 1 contains the NIST test results for the 2D-LSCM map and the 2D-CLSM map. The NIST test results for the 2D-CLSM map are all "Success", as shown in Table 1, and 11 of the 2D-CLSM test results are higher than 2D-LSCM, demonstrating 2D-CLSM map can generate pseudo-random sequences with good random performance.

NIST Test
In this paper, 15 NIST tests were used to test the randomness of the generated sequences, and 15 correspond to p-values to show the test result. The sequence is considered random when the p-value is over 0.01. Table 1 contains the NIST test results for the 2D-LSCM map and the 2D-CLSM map. The NIST test results for the 2D-CLSM map are all "Success", as shown in Table 1, and 11 of the 2D-CLSM test results are higher than 2D-LSCM, demonstrating 2D-CLSM map can generate pseudo-random sequences with good random performance.

Information Entropy
In information theory, information entropy is used to quantify the uncertainty of the information content. It can be used to evaluate how random a set of data is. We transformed the chaotic sequence obtained by iteration into values between 0 and 255 and obtain the information entropy according to Equation (12): where X is a data sequence, x i is the ith possible value in X and Pr(x i ) is the probability of x i . A bigger information entropy value means better randomness; for a set with 256 states, its maximum expected value is log 2 256 = 8. Better randomness is correlated with larger information entropy values, and Figure 6 shows the information entropy of the output sequences generated by 2D-CLSM for different parameter settings. From Figure 6, the mean information entropy value of 2D-CLSM is bigger than 2D-LSCM, and it is close to 8, which means good randomness. Better randomness is correlated with larger information entropy values, and Figure  6 shows the information entropy of the output sequences generated by 2D-CLSM for different parameter settings. From Figure 6, the mean information entropy value of 2D-CLSM is bigger than 2D-LSCM, and it is close to 8, which means good randomness.

New Encryption Algorithm Design
There are four main stages in our encryption algorithm: key generation, S-box generation, bit-level encryption and pixel-level encryption. The size of the plaintext image P is M N × , and , , , , , t x y m µ θ ∆ are the initial keys. The overall process is shown in Figure   7.

New Encryption Algorithm Design
There are four main stages in our encryption algorithm: key generation, S-box generation, bit-level encryption and pixel-level encryption. The size of the plaintext image P is M × N, and t, µ, θ, x, y, ∆m are the initial keys. The overall process is shown in Figure 7.

New Encryption Algorithm Design
There are four main stages in our encryption algorithm: key generation, S-box generation, bit-level encryption and pixel-level encryption. The size of the plaintext image P is M N × , and , , , , , t x y m µ θ ∆ are the initial keys. The overall process is shown in Figure   7. Two different chaotic maps are used in our algorithm: Logistic and 2D-CLSM, which are used in different stages of encryption. In the S-box generation stage, a Logistic map is used to generate the chaotic sequence needed to generate the S-box; a 2D-CLSM map is used in the bit-level operation and pixel-level operation phases. By using the different chaotic maps in different stages to expand the key space, a more complex encryption algorithm is generated. Two different chaotic maps are used in our algorithm: Logistic and 2D-CLSM, which are used in different stages of encryption. In the S-box generation stage, a Logistic map is used to generate the chaotic sequence needed to generate the S-box; a 2D-CLSM map is used in the bit-level operation and pixel-level operation phases. By using the different chaotic maps in different stages to expand the key space, a more complex encryption algorithm is generated.

Keys Generation
If the key stream used for encryption is only related to the key and not related to the plaintext image, the designed algorithm is not safe for chosen/known plaintext attack. In order to ensure the security of encryption, the encryption key is generated from the initial key and the plaintext image.
Initial encryption keys contain six decimal numbers, t, µ, θ, x, y, ∆m. Six decimal encryption keys, t 0 ,μ,θ, x 0 , y 0 ,ĥ, are generated by combining the plaintext images, which are used as initial values and control parameters of the chaotic system. Using ∆m > 0 as a scrambling value prevents an attacker from attacking the key with a black or white image. The encryption key is generated by Algorithm 1, where t 0 ,μ is used as the initial value and control parameter of the Logistic map; x 0 , y 0 ,ĥ,θ is set as the initial value, control parameter and variables h of 2D-CLSM.

S-Box Generation Algorithm
In the construction method of a chaotic S-box, there is the problem of generating useless chaotic sequences that affect efficiency. Wang et al. proposed in [15] to use a three-dimensional chaotic map to iterate chaotic sequences and expand the modulo operation to generate values between 0 and 255 to generate S-boxes, and the algorithm only ends when all 256 values are generated, this method generates a large number of useless chaotic sequences, and if a value cannot be generated all the time, the efficiency of the algorithm is affected, and the real-time performance becomes poor. In some methods, there are immobile points in the generated S-boxes [29], which can become attackable points. Table 2 gives the generation times of existing S-box generation methods, the presence of fixed points and the number of fixed points before and after the Fisher-Yates shuffling algorithm is applied to the S-box. Table 2. Generation time and fix point.

S-Box Generate Time Fixed Point After Fisher-Yates
Ref. [17] 0.9415 2, 17, C7, CB None Ref. [21] 0.0487 0D, 33, 77, 95 None Ref. [22] 0.7593 None None The Fisher-Yates shuffling algorithm is an algorithm proposed by R. Fisher and F. Yates for generating random permutations of finite linear arrays [30]. The most important feature of this approach is that it generates an unbiased result so that the probability of each value being at any position is equally likely, essentially generating a finite set of random permutations. Thus, by using the Fisher-Yates random shuffle algorithm, we are able to make the encryption scheme more complex and secure by enabling us to quickly generate different S-boxes and reduce the presence of fixed points during each encryption. The steps are as follows: Step 1: Obtain the length m of the sequence P that needs to be shuffled; Step 2: Generate a random number n with a value between [0, m − 1]; Step 3: Shuffle the values of the two positions according to n and m, then exchange the values of P(n) and P(m); Step 4: Subtract 1 from m to obtain the new position; Step 5: Repeat step1~step4 until m = 1.
Algorithm 2 describes the generation process of the S-box. t 0 ,μ, generated by algorithm 1, is taken as the initial value and control parameter of Logistic, iteratively generating a chaotic sequence Q with a length of 512 bits, and then divided into two sequences Q1, Q2 with a length of 256 bits, respectively, calculating and obtaining the ascending index q1 ∈ [0, 255], q2 ∈ [0, 255] of Q1 and Q2. Then q2 is taken as the random number sequence of the shuffling algorithm, shuffling q1 and finally, q1 is converted into a 16 bits × 16 matrix to obtain the S-box s.

(I) Nonlinearity
In the process of encryption, if the given S-box makes a linear mapping between the input (plaintext) and the output (ciphertext) [32], then a decipherer can easily deduce and break the ciphertext when the cryptographic strength of the S-box is very small, but if the S-box can map the input to the output in a nonlinear way, then it is considered a reliable S-box that can protect the plaintext data and can help us resist the attacks of linear cryptanalysis, and we can calculate the nonlinear value of the 8-bit Boolean function S by using Equation (13).
where NL f is the 8-bit Boolean function, W H f (ω) is the Walsh-Hadamard transform of the eight-bit Boolean function S. The values of the S-box nonlinearity obtained according to the above are shown in Table 4, where the maximum value is 110, the minimum value is 106 and the average value is 107.5 (II) Strict Avalanche Criterion (SAC) Webster and Tavares used the strict avalanche criterion as an important feature of the performance of an S-box [33]. The strict avalanche criterion ensures that if one bit is changed in the input, it causes at least 50% of the output to change, and an S-box is considered to be a strong S-box if the value of SAC is approximately equal to 0.5. We propose that the S box has a SAC value that satisfies the strict avalanche criterion. The SAC dependency matrix of our generated S-boxes is shown in Table 5. The table shows the average SAC of the generated S-boxes is 0.4996, which is very close to the desired value of 0.5, and shows that the generated S-boxes satisfy the SAC criteria.

(III) Output Bits Independence Criterion (BIC)
This criterion was introduced by Webster et al. as one of the important properties of S-box evaluation, a property that ensures that there is no dependence on the change of any two output bits when a single input bit is changed, a property that makes any Boolean function must be independent and highly nonlinear. For two output bit Boolean functions f i and f j in an S-box, if f i ⊕ f j is highly nonlinear and satisfies the SAC as close as possible, then it is guaranteed that when one input bit is inverted, the correlation coefficient of each output bit is close to 0, i.e., the BIC is satisfied.
Through experimental tests, the average BIC nonlinearity value of the proposed S-box is 104.5, and the BIC-SAC test result is 0.5009, which satisfies the BIC criterion.
(IV) Difference Approximation Probability (DP) differential cryptanalysis, introduced by Biham and Shamir [34], is able to obtain the input differential from the output differential while being able to attempt to obtain from it modifications to the plaintext and changes to the ciphertext data, combined with the difference between the two changes an attacker is able to use the resulting small differences to identify complete or partial plaintexts and keys, and in the process of designing the S-box, there is a need to minimize both changes The difference between the two needs to be minimized in the design of the S-box. The designer calculates the difference by differential uniformity, which is checked right by the differential approximation probability, as shown in Equation (14): where ∆x and ∆y are the input difference and output difference, and DP denotes the maximum probability that the output of each given difference ∆x is equal to ∆y. The maximum DP value of our proposed generated S-box is 10, indicating that our S-box can resist differential.
In comparison with the other four methods, the results show in Table 6 that the Sbox nonlinearity produced by the algorithm in this paper is higher than the other four solutions. The SAC value of S box 0.4996 is closest to the ideal value of 0.5 in five methods, and the BIC value also meets the test requirements. The BIC of the S-box also meets the test requirements based on the DP value of the test and has a good ability to resist the differential password attack based on the DP value of the test. In terms of S-box generation time, the algorithm in this paper has a good advantage. Although our nonlinear value is still some distance from the ideal value, we believe that the performance of the generated S-box needs to meet the performance requirements, and the efficiency and space cost of S-box generation also need to be considered.

Bit-Level Encryption
Traditional image encryption generally falls into one of three categories: permutationonly, diffusion-only, or combined forms. Due to its simpler computational complexity, the permutation-only type of these is more efficient, but the security is not very strong. Due to the substantial computational load required for real arithmetic operations, the diffusion type is a time-consuming process. The pixel values and random numbers are used to perform an XOR operation, and the calculated numbers are used to determine the ranks of the S-boxes and substitute the original pixels with the values in the S-boxes, but the overall encryption efficiency is low due to the lack of permutation and diffusion operations on the plaintext image and the low efficiency of S-box generation [15].
In this stage, by separating the eight-bit pixel values into upper four bits and lower four bits, different operations are performed on the two parts, respectively, and a new diagonal diffusion method for irregular matrices is proposed to be applied to the high four-bit matrix. The bit-level encryption process is shown in Figure 8.

Bit-Level Encryption
Traditional image encryption generally falls into one of three categories: permutation-only, diffusion-only, or combined forms. Due to its simpler computational complexity, the permutation-only type of these is more efficient, but the security is not very strong. Due to the substantial computational load required for real arithmetic operations, the diffusion type is a time-consuming process. The pixel values and random numbers are used to perform an XOR operation, and the calculated numbers are used to determine the ranks of the S-boxes and substitute the original pixels with the values in the S-boxes, but the overall encryption efficiency is low due to the lack of permutation and diffusion operations on the plaintext image and the low efficiency of S-box generation [15].
In this stage, by separating the eight-bit pixel values into upper four bits and lower four bits, different operations are performed on the two parts, respectively, and a new diagonal diffusion method for irregular matrices is proposed to be applied to the high four-bit matrix. The bit-level encryption process is shown in Figure 8.

Pixel Value Split
We converted the original pixel value of the plaintext image into a binary representation and extracted it into two parts for different operations. The upper four bits P1 of the pixel value and the lower four bits P2 of the pixel value are shown in Figure 9.

Bit-Level Encryption
Traditional image encryption generally falls into one of three categories: permutation-only, diffusion-only, or combined forms. Due to its simpler computational complexity, the permutation-only type of these is more efficient, but the security is not very strong. Due to the substantial computational load required for real arithmetic operations, the diffusion type is a time-consuming process. The pixel values and random numbers are used to perform an XOR operation, and the calculated numbers are used to determine the ranks of the S-boxes and substitute the original pixels with the values in the S-boxes, but the overall encryption efficiency is low due to the lack of permutation and diffusion operations on the plaintext image and the low efficiency of S-box generation [15].
In this stage, by separating the eight-bit pixel values into upper four bits and lower four bits, different operations are performed on the two parts, respectively, and a new diagonal diffusion method for irregular matrices is proposed to be applied to the high four-bit matrix. The bit-level encryption process is shown in Figure 8.  Lower 4-bit P2 Figure 9. Plaintext image processing. Figure 9. Plaintext image processing.

Improved Diagonal Diffusion
In order to make the information of pixel points have a good diffusion effect, many diffusion methods, such as V-diffusion, zigzag diffusion and chunk diffusion, were proposed. A zigzag algorithm was used in [35] and improved to rearrange the pixel values, but the transformation law of zigzag is relatively single, traversing from the upper left foot to the lower right corner in a Z-shaped order, as shown in Figure 10.
However, the security of the zigzag is not guaranteed due to the fact that it is extremely easy to be broken by a single variation.
In order to obtain faster diffusion speed and diffusion effect, this paper proposes a new diagonal diffusion method by randomly and irregularly rearranging the image matrix through a chaotic sequence. The number of pixel values in each row is controlled by the random sequence, there may be no pixel values at some positions of the diagonal, and the matrix presents an irregular arrangement. Through the proposed new diagonal diffusion, it can complete the diagonal of diffusion. Through the comparative analysis of the relevant experiments in Section 4, this scheme has good performance. In order to make the information of pixel points have a good diffusion effect, many diffusion methods, such as V-diffusion, zigzag diffusion and chunk diffusion, were proposed. A zigzag algorithm was used in [35] and improved to rearrange the pixel values, but the transformation law of zigzag is relatively single, traversing from the upper left foot to the lower right corner in a Z-shaped order, as shown in Figure 10. However, the security of the zigzag is not guaranteed due to the fact that it is extremely easy to be broken by a single variation.
In order to obtain faster diffusion speed and diffusion effect, this paper proposes a new diagonal diffusion method by randomly and irregularly rearranging the image matrix through a chaotic sequence. The number of pixel values in each row is controlled by the random sequence, there may be no pixel values at some positions of the diagonal, and the matrix presents an irregular arrangement. Through the proposed new diagonal diffusion, it can complete the diagonal of diffusion. Through the comparative analysis of the relevant experiments in Section 4, this scheme has good performance.
In this paper, after obtaining the upper four-bit matrix, we changed its alignment through a random sequence to generate different irregular matrices, performed diagonal diffusion on the matrix according to the changed alignment and changed its alignment, as shown in Figure 11. Algorithm 3 describes the transformation process.

Algorithm 3 Matrix rearrange
Input: upper 4-bits sequence 1 P ，random sequence X i ′( ) Output: irregular matrices 1 P ′ 1: Obtain the size of 1 P , m = size ( 1 P ) 2: Set an empty list 1 P ′ and 0, 0 In this paper, after obtaining the upper four-bit matrix, we changed its alignment through a random sequence to generate different irregular matrices, performed diagonal diffusion on the matrix according to the changed alignment and changed its alignment, as shown in Figure 11. Algorithm 3 describes the transformation process.

Improved Diagonal Diffusion
In order to make the information of pixel points have a good diffusion effect, many diffusion methods, such as V-diffusion, zigzag diffusion and chunk diffusion, were proposed. A zigzag algorithm was used in [35] and improved to rearrange the pixel values, but the transformation law of zigzag is relatively single, traversing from the upper left foot to the lower right corner in a Z-shaped order, as shown in Figure 10. However, the security of the zigzag is not guaranteed due to the fact that it is extremely easy to be broken by a single variation.
In order to obtain faster diffusion speed and diffusion effect, this paper proposes a new diagonal diffusion method by randomly and irregularly rearranging the image matrix through a chaotic sequence. The number of pixel values in each row is controlled by the random sequence, there may be no pixel values at some positions of the diagonal, and the matrix presents an irregular arrangement. Through the proposed new diagonal diffusion, it can complete the diagonal of diffusion. Through the comparative analysis of the relevant experiments in Section 4, this scheme has good performance.
In this paper, after obtaining the upper four-bit matrix, we changed its alignment through a random sequence to generate different irregular matrices, performed diagonal diffusion on the matrix according to the changed alignment and changed its alignment, as shown in Figure 11. Algorithm 3 describes the transformation process.

Algorithm 3 Matrix rearrange
Input: upper 4-bits sequence 1 P ，random sequence X i ′( ) Output: irregular matrices 1 P ′ 1: Obtain the size of 1 P , m = size ( 1 P ) 2: Set an empty list 1 P ′ and 0, 0 Where P1(i : j) denotes from the ith to the jth digit of P1, and P1(i :) denotes from the ith to the last digit of P1.
Based on the rearranged matrices, we proposed a diagonal diffusion to perform diffusion operations on upper 4-bit matrices capable of new diagonal diffusion operations based on different irregular matrices, as shown in Figure 12, where the arrows represent the order and direction. Based on the rearranged matrices, we proposed a diagonal diffusion to perform fusion operations on upper 4-bit matrices capable of new diagonal diffusion opera based on different irregular matrices, as shown in Figure 12, where the arrows repr the order and direction. According to the irregular matrix obtained by Algorithm 3, we need to diffu cording to the diagonal, but the shape of the matrix is irregular, so given Algorithm 4 to obtain the order of the pixel values of the diagonal of the irregular matrix, sequen traversing the diagonal to obtain its diffusion order matrix for diffusion, according t According to the irregular matrix obtained by Algorithm 3, we need to diffuse according to the diagonal, but the shape of the matrix is irregular, so given Algorithm 4 used to obtain the order of the pixel values of the diagonal of the irregular matrix, sequentially traversing the diagonal to obtain its diffusion order matrix for diffusion, according to different irregular matrices for the order of diagonal diffusions, such as the first: (1-> 3-> 2-> 7-> 4-> 8-> 5-> 9-> 6), the second: (1-> 2-> 4-> 3-> 5-> 6-> 7-> 8-> 9) and the third: (1-> 5-> 2-> 6-> 3-> 9-> 7-> 4-> 8), if we use the normal zigzag, then the order of each diffusion is fixed in a 3 × 3 matrix, and the result is (1-> 2-> 4-> 7-> 5-> 3-> 6-> 8-> 9) each time, which is not guaranteed in terms of security.

Algorithm 4 Diagonal diffusion order
Input: irregular matrices P1 Output: order sequence D 1: Obtain the size of P1 m = size (P1 ) 2: Set tow empty list D, sub 3: for i from 1 to m: Obtain the size of P1 n = size(P1 (i)) for i from 1 to n: sub(i + j).insert(0, P1 (i, j)) 4: Obtain the size of sub m = size(sub) 5: for i from 1 to m: Obtain the size of sub(i) n = size (sub(i))) for i from 1 to n: D. insert(sub(i, j)) Where sub(i + j).insert(0, P1 (i, j)) means adding P1 (i, j) to the head of the array sub(i + j) and D. insert(sub(i, j)) means adding sub(i, j) to the end of the array D.

Permutation and Diffusion Process
Step 1: Generate S-boxes s according to the S-box generation method proposed in Section 3.2.; Step 2: Generate the encryption keyθ, x 0 , y 0 ,ĥ and process the image to obtain P1, P2 according to Algorithm 1 and θ, x, y; Step 3: Iterate overθ, x 0 , y 0 ,ĥ as the control parameter and initial value of the 2D-CLSM chaos map to generate two chaotic sequences X = {x 1 , x 2 , . . . , x M×N }, Y = {y 1 , y 2 , . . . , y M×N } of length M × N; Step 4: Process the chaotic sequence to obtain the random numbers for array rearrangement; Step 5: Based on the resulting upper 4-bit matrix P1 and the random sequence X (i), the upper 4-bit matrix is rearranged by Algorithm 3 to obtain a new irregular matrix P1 ; Step 6: Perform a diffusion operation on the irregular matrix P1 obtained in step 4. For computational convenience, we first transform the irregular matrix into a onedimensional matrix D by means of Algorithm 4; Step 7: Diffusion operation based on the 1D matrix D obtained in step 6 to obtain D ; Step 8: Process the chaotic sequence to obtain chaotic values for the lower four positions; Step 9: Based on the resulting Y (i) the lower four bits of the matrix are permutated.

Pixel-Level Encryption
At the end of the bit-level encryption, pixel-level encryption is performed by the resulting pixel values using the S-box. It mainly includes pixel value diffusion and substitution. The main process is shown in Figure 13.

Simulation Experiments
t µ are used as initial values and control parameters for the Logistic. 0 0ˆ, , , x y h θ are used as control parameters, initial values and variables h for the 2D-CLSM.
where i = 1, C(i − 1) = 0; i = M × N, C(i − 1) = C(1). dec( a + b ) is the reconfiguration of two four-bit binary numbers a, b into an eight-bit binary number, and s(r, c) represent obtaining the value at row r and column c from the S-box s. Finally, C is converted to an M × N ciphertext image. From Table 8, we can clearly see that the encryption keys generated by the algorithm in this paper have good plaintext correlation, can generate completely different encryption keys depending on the plaintext, have good plaintext sensitivity and can effectively resist selective plaintext/known plaintext attacks.   Figure 14 that the encrypted image can still be fully restored, which verifies the effectiveness of the algorithm in this paper, which can obtain good encryption and decryption results.  From Table 8, we can clearly see that the encryption keys generated by the algorithm in this paper have good plaintext correlation, can generate completely different encryption keys depending on the plaintext, have good plaintext sensitivity and can effectively resist selective plaintext/known plaintext attacks. Figure 14a-c shows the experimental results of Baboon, Figure 14d-f shows the experimental results of House, Figure 14g-i shows the experimental results of Cameraman and Figure 14j-l shows the experimental results of Peppers. It is clear from the Figure 14 that the encrypted image can still be fully restored, which verifies the effectiveness of the algorithm in this paper, which can obtain good encryption and decryption results.

Key Space Analysis
Assuming that the accuracy of the computer is 16 10 − , in order to make the key sufficiently resistant to brute-force attacks, the key space of the encryption system must be more than 100 2 , and the parameters of the encryption system are 0 , so the key space is calculated as in Equation (20). The key space is larger than 100 2 , so the algorithm in this paper has sufficient key space to resist brute-force cracking attacks.

Key Sensitivity Analysis
In a secure encryption system, a mirror change in the key can cause a complete change in the ciphertext obtained from the encryption. Through testing, the encryption key , t µ of the Peppers graph was increased by 16 10 − to the original one, respectively, and the rest of the keys were left unchanged, and the Peppers were encrypted with the modified key and the original key, respectively, and the results obtained are shown in Figure 15a-f.

Key Space Analysis
Assuming that the accuracy of the computer is 10 −16 , in order to make the key sufficiently resistant to brute-force attacks, the key space of the encryption system must be more than 2 100 , and the parameters of the encryption system are t 0 ,μ,θ, 10.24], so the key space is calculated as in Equation (20). The key space is larger than 2 100 , so the algorithm in this paper has sufficient key space to resist brute-force cracking attacks. 0.11 × 10 16 × 10 16 × 10 16 × 10 16 × 10 16 × 14 × 10 16 > 2 100 (20)

Key Sensitivity Analysis
In a secure encryption system, a mirror change in the key can cause a complete change in the ciphertext obtained from the encryption. Through testing, the encryption key t, µ of the Peppers graph was increased by 10 −16 to the original one, respectively, and the rest of the keys were left unchanged, and the Peppers were encrypted with the modified key and the original key, respectively, and the results obtained are shown in Figure 15a-f.
As shown in Figure 15, when the initial key is slightly changed, the resulting encrypted image is completely changed, which shows that the algorithm has good key sensitivity and only the correct key can decrypt the ciphertext.

Key Space Analysis
Assuming that the accuracy of the computer is 16 10 − , in order to make the key sufficiently resistant to brute-force attacks, the key space of the encryption system must be more than 100 2 , and the parameters of the encryption system are 0 , so the key space is calculated as in Equation (20). The key space is larger than 100 2 , so the algorithm in this paper has sufficient key space to resist brute-force cracking attacks.

Key Sensitivity Analysis
In a secure encryption system, a mirror change in the key can cause a complete change in the ciphertext obtained from the encryption. Through testing, the encryption key , t µ of the Peppers graph was increased by 16 10 − to the original one, respectively, and the rest of the keys were left unchanged, and the Peppers were encrypted with the modified key and the original key, respectively, and the results obtained are shown in Figure 15a-f. As shown in Figure 15, when the initial key is slightly changed, the resulting encrypted image is completely changed, which shows that the algorithm has good key sensitivity and only the correct key can decrypt the ciphertext.

Histogram Analysis
The distribution of the image's pixel values can be directly described by the histogram. A secure encryption system should ensure that pixel values of the obtained ciphertext image are uniformly distributed in order to reduce readability, improve security and provide effective protection against statistical attacks. Figure 16 shows the histogram of plaintext and ciphertext pixel frequencies for Baboon, House, Cameraman and Peppers, from which we can see that the pixel of ciphertext images is uniformly distributed. The statistical properties of the images were altered so that they are well resistant to statistical analysis attacks.

Histogram Analysis
The distribution of the image's pixel values can be directly described by the histogram. A secure encryption system should ensure that pixel values of the obtained ciphertext image are uniformly distributed in order to reduce readability, improve security and provide effective protection against statistical attacks. Figure 16 shows the histogram of plaintext and ciphertext pixel frequencies for Baboon, House, Cameraman and Peppers, from which we can see that the pixel of ciphertext images is uniformly distributed. The statistical properties of the images were altered so that they are well resistant to statistical analysis attacks.
The variance of the histogram can be used to specifically describe the distribution of pixel values. The calculation equation is shown in (21), and the result shows in Table 9.  As shown in Figure 15, when the initial key is slightly changed, the resulting encrypted image is completely changed, which shows that the algorithm has good key sensitivity and only the correct key can decrypt the ciphertext.

Histogram Analysis
The distribution of the image's pixel values can be directly described by the histogram. A secure encryption system should ensure that pixel values of the obtained ciphertext image are uniformly distributed in order to reduce readability, improve security and provide effective protection against statistical attacks. Figure 16 shows the histogram of plaintext and ciphertext pixel frequencies for Baboon, House, Cameraman and Peppers, from which we can see that the pixel of ciphertext images is uniformly distributed. The statistical properties of the images were altered so that they are well resistant to statistical analysis attacks. The variance of the histogram can be used to specifically describe the distribution of pixel values. The calculation equation is shown in (21), and the result shows in Table 9.   Table 9 compares the variance of histograms with methods in Refs. [18][19][20][21][22], from which we can see that our encrypted Baboon, House, and Cameraman have the lowest variance of all the schemes, and Peppers is slightly higher than the others. The average variance of the four images is 236.26, which is the lowest of the four methods, so it performs better in resisting statistical attacks.  Where z represents histogram values; N represents the total number of samples (N for an image with a grey level of 8 is 256); z i , z j are number of pixels with grey values at i, j. The smaller the histogram's variance, the more evenly distributed the histogram. Table 9 compares the variance of histograms with methods in Refs. [18][19][20][21][22], from which we can see that our encrypted Baboon, House, and Cameraman have the lowest variance of all the schemes, and Peppers is slightly higher than the others. The average variance of the four images is 236.26, which is the lowest of the four methods, so it performs better in resisting statistical attacks.

Plaintext Sensitivity Analysis
A differential attack is a common form of attack in cryptography, in which an attacker usually selects to encrypt the plaintext and a slightly altered plaintext and analyses them to find a specific relationship. In order to be effective against differential attacks, the encryption algorithm should be sensitive enough to the plaintext that a diffusion operation during encryption can cause small changes in the plaintext to affect all pixels, and we usually evaluate the sensitivity of the algorithm using the pixel change rate NPCR and the normalized pixel average change intensity UACI, their ideal expectations are 99.6094% and 33.4635%, respectively. We obtained NPCR and UACI values by randomly modifying two pixel points of the plaintext image. In this paper, we choose to modify pixel points (2,2) and (236, 207). In Table 10, we give the corresponding experimental results as well as the corresponding results for the other four scenarios. The calculation expressions are shown in Equations (22)- (24).

Correlation Analysis
When the image is not encrypted, there is a strong correlation between the pixel values of the images; the encryption operation on the plaintext allows us to break this correlation. We calculated the correlation coefficient by randomly selecting n pair of adjacent pixels (a i , b i ) from the image for which the correlation is to be calculated using the following Equation (25). Table 11 shows the experimental results for a random selection of 3000 pairs of pixel values.
where r ab represents the correlation coefficients, a, b is the mean value. The closer the calculated correlation coefficient is to 1, the stronger the correlation is, and the closer it is to 0, the weaker the correlation is. As shown in Table 11, take baboon as an example; we are able to see in Table 11 that it has a horizontal correlation of 0.0007, a vertical correlation of −0.003 and a diagonal correlation of 0.008, with a correlation index very close to 0 in three directions, indicating that the high correlation between pixels is broken.
In addition, from Figure 17, we can clearly see that for the plaintext image, most of the points are close to the diagonal of the axes, whereas, for the encrypted image, these points are randomly distributed throughout the space, with significantly lower interpixel correlation. Both illustrate the effectiveness of our algorithm in removing intrapixel correlations.

Information Entropy Analysis
Information entropy is another metric for evaluating the security of a ciphertext and represents the strength of the uncertainty of the image information, which is expressed in Equation (12).
For a grey-scale image with 256 states, it has a maximum expectation value of 8, Table 12 shows the test results we obtained and the comparison of the other four schemes, where the result of the three encrypted images of House, Baboon and Peppers are higher than the other schemes, and the results of all four images are close to the ideal value of 8. It can be said that the image results processed by our encryption scheme are close to the random images, with good uncertainty, and can effectively resist statistical analysis attacks.

Information Entropy Analysis
Information entropy is another metric for evaluating the security of a ciphertext and represents the strength of the uncertainty of the image information, which is expressed in Equation (12).
For a grey-scale image with 256 states, it has a maximum expectation value of 8, Table  12 shows the test results we obtained and the comparison of the other four schemes, where the result of the three encrypted images of House, Baboon and Peppers are higher than the other schemes, and the results of all four images are close to the ideal value of 8. It can

Anti-Cropping Attack Analysis
During the transmission of information, information may be lost due to humans or some uncontrollable factors. If the encryption algorithm is able to restore the plaintext image in this case, then the encryption algorithm is valid. In Figure 18, we add a 5% loss of pixel values to the Peppers. From the perspective of the decrypted image, even though the image has lost some data, it is still possible to decrypt the basic information and be able to recover it basically, so the algorithm is resistant to basic cropping attacks.

Anti-Cropping Attack Analysis
During the transmission of information, information may be lost due to humans or some uncontrollable factors. If the encryption algorithm is able to restore the plaintext image in this case, then the encryption algorithm is valid. In Figure 18, we add a 5% loss of pixel values to the Peppers. From the perspective of the decrypted image, even though the image has lost some data, it is still possible to decrypt the basic information and be able to recover it basically, so the algorithm is resistant to basic cropping attacks.

Speed Analysis
Running speed is an important index to evaluate the encryption algorithm; we simulated it in Python 3.7 environment on a PC with a 2.2 GHz CPU and 8G RAM. As can be seen from Table 13, this paper's encryption efficiency is superior to that of Refs. [11][12][13] while being slightly slower than that of Ref. [15]. This shows that our proposed encryption algorithm performs well in terms of efficiency and is capable of being applied in practical applications. Because we used a round of bitrate encryption and a round of pixel-level encryption, the efficiency is reduced, but the security is improved. Table 13. Comparison of encryption algorithm runtimes (seconds).

Conclusions
In this paper, we propose an improved cascaded chaotic map 2D-CLSM and design a novel encryption scheme based on it and S-box. By generating a key associated with the plaintext, the whole encryption process is associated with the plaintext, effectively resisting the chosen/known plaintext attack. An S-box encryption scheme is designed and applied to our encryption, increasing the overall security of the algorithm. Dividing the encryption into bit-level encryption and pixel-level encryption improves the complexity and security of the encryption to a certain extent but reduces its efficiency. The encryption

Speed Analysis
Running speed is an important index to evaluate the encryption algorithm; we simulated it in Python 3.7 environment on a PC with a 2.2 GHz CPU and 8 G RAM. As can be seen from Table 13, this paper's encryption efficiency is superior to that of Refs. [11][12][13] while being slightly slower than that of Ref. [15]. This shows that our proposed encryption algorithm performs well in terms of efficiency and is capable of being applied in practical applications. Because we used a round of bitrate encryption and a round of pixel-level encryption, the efficiency is reduced, but the security is improved. Table 13. Comparison of encryption algorithm runtimes (seconds).

Conclusions
In this paper, we propose an improved cascaded chaotic map 2D-CLSM and design a novel encryption scheme based on it and S-box. By generating a key associated with the plaintext, the whole encryption process is associated with the plaintext, effectively resisting the chosen/known plaintext attack. An S-box encryption scheme is designed and applied to our encryption, increasing the overall security of the algorithm. Dividing the encryption into bit-level encryption and pixel-level encryption improves the complexity and security of the encryption to a certain extent but reduces its efficiency. The encryption method in this paper can be applied to different image types, such as grey-scale images, grey-scale medical images, etc., while the algorithm is able to meet everyday encryption requirements, both in terms of efficiency and security. The experimental results show that the algorithm has sufficient key space, is resistant to brute force attacks and performs well against statistical analysis attacks, clipping attacks and differential attacks. However, although we improved the efficiency of S-box generation, we used two rounds of encryption, one at the bit level and one at the pixel level, which makes us less efficient overall, so the next step is to improve the efficiency of encryption in both rounds.  Institutional Review Board Statement: Not applicable.

Data Availability Statement:
No new data were created or analyzed in this study. Data sharing is not applicable to this article.