Double-Color-Image Compression-Encryption Algorithm Based on Quaternion Multiple Parameter DFrAT and Feature Fusion with Preferable Restoration Quality

To achieve multiple color images encryption, a secure double-color-image encryption algorithm is designed based on the quaternion multiple parameter discrete fractional angular transform (QMPDFrAT), a nonlinear operation and a plaintext-related joint permutation-diffusion mechanism. QMPDFrAT is first defined and then applied to encrypt multiple color images. In the designed algorithm, the low-frequency and high-frequency sub-bands of the three color components of each plaintext image are obtained by two-dimensional discrete wavelet transform. Then, the high-frequency sub-bands are further made sparse and the main features of these sub-bands are extracted by a Zigzag scan. Subsequently, all the low-frequency sub-bands and high-frequency fusion images are represented as three quaternion signals, which are modulated by the proposed QMPDFrAT with three quaternion random phase masks, respectively. The spherical transform, as a nonlinear operation, is followed to nonlinearly make the three transform results interact. For better security, a joint permutation-diffusion mechanism based on plaintext-related random pixel insertion is performed on the three intermediate outputs to yield the final encryption image. Compared with many similar color image compression-encryption schemes, the proposed algorithm can encrypt double-color-image with higher quality of image reconstruction. Numerical simulation results demonstrate that the proposed double-color-image encryption algorithm is feasibility and achieves high security.


Introduction
In recent years, secure transmission of color images has attracted widespread attention.Due to the intrinsic features of images, such as strong correlation between adjacent pixels, large storage capacity, and high redundancy, the traditional textual encryption algorithms, such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard), are not suitable for image encryption [1].To ensure the confidentiality of the private image information, a great deal of color image encryption algorithms have been presented with various technologies.Among these algorithms, chaotic systems have been widely adopted in image encryption owing to its excellent properties.For instance, Pak et al. introduced a simple and effective method of generating a new chaotic sequence according to the differences in the output sequences of two existing one-dimensional (1D) chaotic maps [2].Based on the obtained sequences, a linear-nonlinear-linear encryption structure of this cryptographic system was designed to improve security.Similarly, a color image encryption scheme based on a new combination chaotic system was proposed [3].Nevertheless, the chaotic dynamic properties degrade rapidly in computer realization with finite computation precision [4].To overcome this problem, a spatiotemporal chaotic system, i.e., the non-adjacent coupled map lattices (NCML) was developed to alleviate the degradation of low-dimensional chaos map [5].Subsequently, a series of image encryption algorithms were proposed based on the spatiotemporal chaotic system [6,7].Moreover, for better security and larger key space, the high-dimensional chaotic systems have been increasingly employed to design the image encryption schemes [8][9][10][11].In ref. [8], a novel 3D chaotic map obtained by coupling the piecewise and logistic map is implemented to improve the performance of cryptosystem.Tong et al. proposed a fast image encryption scheme based on a new 4D chaotic system [9].In addition, to enhance the security and complexity of the cryptosystems, chaos-based encryption schemes were combined with other methods, such as deoxyribonucleic acid [12], cellular automata [13], fuzzy cellular neural network [14], and so on.
However, the permutation and the diffusion processes in these encryption schemes were both performed in the spatial domain, which may reduce the security of cryptosystems to some extent.Inspired by some excellent mathematical properties of transform techniques, many researchers have attempted to devise transform-based image encryption algorithms, where the plaintext image is encrypted in the transform domain and the pixel values can be retrieved through a reverse process.To the best of our knowledge, there are few investigations on double-color-image compression and encryption algorithms.In light of this situation and the above discussions, a new double-color-image compression and encryption algorithm based on QMPDFrAT and a joint permutation-diffusion mechanism are designed.The main contributions of the proposed algorithm are as follows: (1) Multiple parameter discrete fractional angular transform (MPDFrAT) is generalized to quaternion MPDFrAT.The analysis shows its advantages in image encryption.Then, the sub-bands of the original images can be encrypted with the proposed QMPDFrAT in a parallel way.(2) The deficiency caused by the linear transform system is eliminated by nonlinear transform, i.e., spherical transform.(3) A joint permutation-diffusion mechanism with plaintext-related random pixel insertion is designed to ensure the proposed cryptosystem could counteract the powerful chosen-plaintext attack and improve the efficiency of the cryptosystem.(4) The effect of different components of the high-frequency sub-bands on the quality of the decryption image is discussed and a more reasonable feature fusion method of the high-frequency part is implemented by combining DWT with Zigzag operation.Consequently, the proposed image encryption algorithm could achieve higher quality of the decryption images than that of the typical image compression and encryption algorithms.
The rest of this paper is arranged as follows.In Section 2, some related works are discussed.In Section 3, some fundamental tools including the NCML system, quaternion algebra, and MPDFrAT are reviewed.The QMPDFrAT is defined and analyzed in Section 4. The details of the proposed double-color-image encryption algorithm are described in Section 5.In Section 6, simulation results and security evaluations are provided.Brief conclusions are given in Section 7.

Related Works
Based on the gyrator transform, Chen et al. proposed an asymmetric optical cryptosystem for the color image [15].Xiong et al. designed an optical color image scheme based on fractional Fourier transform and two-step phase-shifting interferometry [16].Nevertheless, these schemes processed each color channel separately and failed to capture the inherent correlation among three color channels.To deal with the three color channels parallelly, many encryption methods have been investigated with the quaternion-based transforms [17][18][19].However, the outputs of these aforementioned transform-based algorithms are complex values and the size of encryption results or private keys exceed that of the original images, which may make the transmission and storage of encryption image and private keys inconvenient.To overcome this insufficiency, Zhou et al. devised a nonlinear color image encryption algorithm based on reality-preserving fractional Mellin transform, where the final output was real-value encrypted image [20].Motivated by this work, many other reality-preserving transforms were defined to encrypt the color image [21][22][23].To enhance the capacity of the cryptosystem, multiple color image encryptions have attracted increasing attention [24][25][26].For example, Shao et al. designed a multiple color images encryption framework, in which the multiple color images were encrypted into phase-only function with phase retrieval algorithm under quaternion representation [24].In many practical applications, for the facility of transmission of ciphertext image, it is necessary to realize simultaneous image compression and encryption.As a novel signal samplingreconstruction technique, compressive sensing (CS) has been widely employed to solve this problem [27][28][29][30].For instance, Chen et al. put forward an asymmetric color cryptographic system, in which not only the low-frequency but also the CS-based compressed high-frequency part of the original image were encrypted in the discrete fractional random transform domain [29].To enhance encryption efficiency, Zhang et al. investigated an efficient color image encryption approach based on CS and fractional Fourier transform, where the measurement matrices exploited in CS were obtained by extending chaos-based low dimensional seed matrices with Kronecker product [30].However, these transform-based color image compression-encryption schemes were only designed for single color image, which makes them unable to process batch images efficiently to a certain extent.Aiming at this problem, Han et al. suggested a double-color-image compression and encryption algorithm based on CS and self-adaptive random phase encoding [31].However, in some special applications, the decryption time and the quality of decryption image are also of significance.Table 1 shows the decryption time and the PSNR values of the test image "Peppers" under different reconstruction algorithms with the same compression ratio.Unfortunately, the signal reconstruction takes too much time even though many efficient reconstruction algorithms including orthogonal matching pursuit (OMP) and smoothed norm have been proposed.In other words, the DWT-based compression method may be a good choice in real-time decryption applications.

Non-Adjacent Coupled Map Lattices System
The non-adjacent coupled map lattices system is considered as the improved spatiotemporal chaotic system, which can generate pseudorandom sequences with stable chaotic properties [5].The NCML considers L logistic maps coupled as where , n is the time index (n = 1, 2, 3, . ..), and ρ, υ, ω are the lattices (1 ≤ ρ, υ, ω ≤ L).The relations of ρ, υ, and ω can be obtained by Arnold cat map, i.e.,

Quaternion Representation of Multi-Image
Quaternions are hyper-complex numbers with four dimensions.A quaternion number where a, b, c, d are real numbers and i, j, k are three imaginary operators acting on the following rules.
The modulus and the conjugate of a quaternion are respectively defined as If the real part a is 0, then Q is called a pure quaternion.If the modulus |Q| equals to 1, then Q is called a unit quaternion.Based on the above theory, the quaternion representation of multi-image is [17] where f Q (x, y) is a quaternion signal and f 1 (x, y), f 2 (x, y), f 3 (x, y), f 4 (x, y) are four image signals, respectively.

Multiple Parameter Discrete Fractional Angular Transform
Briefly, the definition of the discrete fractional angular transform (DFrAT) is introduced.The kernel matrix of the DFrAT is [33 where D α N = diag{1, exp(−2iπα/M), exp(−4iπα/M), . . ., exp(−2(N − 1)iπα/M)} is a diagonal matrix, whose diagonal values are eigenvalues of the DFrAT, V θ N is an orthonormal matrix and consists of the eigenvectors of the DFrAT.V θ N can be obtained with a recurrence algorithm elaborated in [33].
Based on the DFrAT, a new multiple parameter discrete fractional angular transform (MPDFrAT) was presented [34].For a 1D signal x(n) of size N × 1, its αth order 1D MPDFrAT is [34] where M is an arbitrary positive integer, denotes the weight coefficient given by X l [x(n)] denotes 1D DFrAT with the angle θ and the fractional order 4l/M, i.e., where R 4l/M,θ N denotes the kernel matrix of DFrAT and can be obtained with Equation (7).In fact, the MPDFrAT has a similar form with the multiple parameter discrete fractional Fourier transform (MPDFrFT).The difference between MPDFrAT and MPDFrFT is the generation process of the eigenvector of the kernel matrix.To calculate the MPDFrAT of a discrete signal in an efficient way, one can utilize a discretization method [19] by eigen-decomposing MPDFrAT matrix ℘ α,θ M,η 1 as where m t = t, m N−1 = N for even N while m N−1 = N − 1 for odd N, mod(•) denotes the modulo operation, v m t is eigenvector of DFrAT.Then, one can rewrite the α th order 1D MPDFrAT of a signal x as an eigen-decomposition form, i.e., α,θ

Quaternion Multiple Parameter Discrete Fractional Angular Transform
Enlighted by the idea of the definition for 1D MPDFrAT with eigen-decomposition form shown in Equation (11), one can define a new quaternion multiple parameter discrete fractional angular transform (QMPDFrAT) for quaternion signal.For a 1D quaternion signal x q = x r + x i i + x j j + x k k, its left-side QMPDFrAT is defined as where Equation ( 14) is similar to MPDFrAT matrix ℘ α,θ M,η 1 in Equation ( 11) and complex number i is replaced by quaternion µ.Due to the anticommutation of the multiplication of quaternions shown in Equation ( 4), one can also define the right-side 1D QMPDFrAT by shifting the kernel matrix µ,α,θ M,η 1 to the right-side of x q , i.e., φ µ,α,θ Without loss of generality, the left-side 1D QMPDFrAT is exploited in this paper.In addition, to illustrate the feature of the proposed QMPDFrAT, a 1D quaternion signal of size 256 × 1 is transformed by using the fractional quaternion Fourier transform (FRQFT) [35], the quaternion discrete fractional random transform (QDFRNT) [36], the multiple-parameter fractional quaternion Fourier transform (MPFrQFT) [19], and the proposed QMPDFrAT.The comparison results are recorded in Table 2.For brevity, only the first imaginary parts of the input and output quaternion signal are drawn in Table 2.The complicated Hermite polynomials calculation for eigenvectors in the MPFrQFT and the Schmidt orthogonalization of a random matrix in the QDFRNT require relatively higher time.However, the eigenvectors in the QMPDFrAT can be obtained only by simple recurrences and thus the calculation speed is greatly improved.Furthermore, the proposed QMPDFrAT possesses the largest key space among these four quaternion transforms.Therefore, the proposed QMPDFrAT is a suitable tool for image encryption.
The 1D QMPDFrAT can be developed to the 2D one by calculating two 1D QMPDFrATs in the x-axis and the y-axis, respectively, i.e., where y q = y r + y i i + y j j + y k k is a 2D quaternion signal.time.However, the eigenvectors in the QMPDFrAT can be obtained only by simple recurrences and thus the calculation speed is greatly improved.Furthermore, the proposed QMPDFrAT possesses the largest key space among these four quaternion transforms.Therefore, the proposed QMPDFrAT is a suitable tool for image encryption.The 1D QMPDFrAT can be developed to the 2D one by calculating two 1D QMP-DFrATs in the x-axis and the y-axis, respectively, i.e.,   , ,  , ,  , ,  , , , , where y y i y j y k is a 2D quaternion signal.

Double-Color-Image Compression and Encryption Algorithm
The encryption process for the designed double-color-image encryption algorithm is shown in Figure 1.The main encryption processes include three stages: sparse representation of the color plaintext images, double-color-image encryption in the frequency domain under quaternion representation, and joint permutation-diffusion mechanism.The detailed steps are described as follows.

Compression Process
Step 1: Double-color plaintext images , namely,   LL LH HL HH for 1 B , time.However, the eigenvectors in the QMPDFrAT can be obtained only by simple recurrences and thus the calculation speed is greatly improved.Furthermore, the proposed QMPDFrAT possesses the largest key space among these four quaternion transforms.Therefore, the proposed QMPDFrAT is a suitable tool for image encryption.The 1D QMPDFrAT can be developed to the 2D one by calculating two 1D QMP-DFrATs in the x-axis and the y-axis, respectively, i.e.,   , where q r i j k     y y y i y j y k is a 2D quaternion signal.

Double-Color-Image Compression and Encryption Algorithm
The encryption process for the designed double-color-image encryption algorithm is shown in Figure 1.The main encryption processes include three stages: sparse representation of the color plaintext images, double-color-image encryption in the frequency domain under quaternion representation, and joint permutation-diffusion mechanism.The detailed steps are described as follows.

Compression Process
Step 1: Double-color plaintext images 1 C and 2 C of size WH  are converted into their red, green, and blue components which can be expressed as time.However, the eigenvectors in the QMPDFrAT can be obtained only by simple recurrences and thus the calculation speed is greatly improved.Furthermore, the proposed QMPDFrAT possesses the largest key space among these four quaternion transforms.Therefore, the proposed QMPDFrAT is a suitable tool for image encryption.The 1D QMPDFrAT can be developed to the 2D one by calculating two 1D QMP-DFrATs in the x-axis and the y-axis, respectively, i.e.,   , where q r i j k     y y y i y j y k is a 2D quaternion signal.

Double-Color-Image Compression and Encryption Algorithm
The encryption process for the designed double-color-image encryption algorithm is shown in Figure 1.The main encryption processes include three stages: sparse representation of the color plaintext images, double-color-image encryption in the frequency domain under quaternion representation, and joint permutation-diffusion mechanism.The detailed steps are described as follows.

Compression Process
Step 1: Double-color plaintext images 1 C and 2 C of size WH  are converted into their red, green, and blue components which can be expressed as and 2 B , respectively.
Step 2: The one level 2D DWT is performed on the six color components to obtain 24 image sub-bands of size LL LH HL HH for 1 B , time.However, the eigenvectors in the QMPDFrAT can be obtained only by simple recurrences and thus the calculation speed is greatly improved.Furthermore, the proposed QMPDFrAT possesses the largest key space among these four quaternion transforms.Therefore, the proposed QMPDFrAT is a suitable tool for image encryption.The 1D QMPDFrAT can be developed to the 2D one by calculating two 1D QMP-DFrATs in the x-axis and the y-axis, respectively, i.e.,   , where q r i j k     y y y i y j y k is a 2D quaternion signal.

Double-Color-Image Compression and Encryption Algorithm
The encryption process for the designed double-color-image encryption algorithm is shown in Figure 1.The main encryption processes include three stages: sparse representation of the color plaintext images, double-color-image encryption in the frequency domain under quaternion representation, and joint permutation-diffusion mechanism.The detailed steps are described as follows.

Compression Process
Step 1: Double-color plaintext images 1 C and 2 C of size WH  are converted into their red, green, and blue components which can be expressed as and 2 B , respectively.
Step 2: The one level 2D DWT is performed on the six color components to obtain 24 image sub-bands of size Calculation time (s) of eigenvector (N = 256) 0.014513 0.021912 0.014513 0.004462

Double-Color-Image Compression and Encryption Algorithm
The encryption process for the designed double-color-image encryption algorithm is shown in Figure 1.The main encryption processes include three stages: sparse representation of the color plaintext images, double-color-image encryption in the frequency domain under quaternion representation, and joint permutation-diffusion mechanism.The detailed steps are described as follows.The 1D QMPDFrAT can be developed to the 2D one by calculating two 1D QMP-DFrATs in the x-axis and the y-axis, respectively, i.e.,   , where q r i j k     y y y i y j y k is a 2D quaternion signal.

Double-Color-Image Compression and Encryption Algorithm
The encryption process for the designed double-color-image encryption algorithm is shown in Figure 1.The main encryption processes include three stages: sparse representation of the color plaintext images, double-color-image encryption in the frequency domain under quaternion representation, and joint permutation-diffusion mechanism.The detailed steps are described as follows.

Compression Process
Step 1: Double-color plaintext images 1 C and 2 C of size WH  are converted into their red, green, and blue components which can be expressed as

Compression Process
Step 1: Double-color plaintext images C 1 and C 2 of size W × H are converted into their red, green, and blue components which can be expressed as R 1 , G 1 , B 1 , R 2 , G 2 , and B 2 , respectively.
Step 2: The one level 2D DWT is performed on the six color components to obtain Step 3: Low-frequency parts of six spectra are chosen as the three imaginary parts of two quaternion signals f Q 1 and f Q 3 .To improve the quality of image reconstruction and achieve small transmission load simultaneously, a new method for processing highfrequency parts of six spectra is designed as follows: (1) The sub-bands LH 1 of R 1 are transformed by the DWT and the interim results are scanned by the Zigzag operation [37] to obtain three 1D sequences with length 14 W H, respectively.The compression process for R 1 is drawn in Figure 2a.(2) Each sequence is cut to acquire a new sequence with length (W H)/12 .Figure 2b shows the schematic diagram of Zigzag operation.The results after performing DWT on the high-frequency parts are scanned from the upper left corner to the lower right corner.This scan order can extract the main information of the high-frequency parts, which promises the preferable restoration quality as analyzed in Section 5.2.
(3) The above-mentioned three new sequences are constructed into one sequence.If necessary, the zero elements are filled in the right-most row of this reorganized sequence to ensure that the length of this sequence is (W H)/4.Then, this sequence is converted into a composite matrix C R 1 of size W 2 × H 2 .(4) In a similar way, one can obtain five other composite matrices (2) Each sequence is cut to acquire a new sequence with length 12 WH   ( ) . Figure 2b shows the schematic diagram of Zigzag operation.The results after performing DWT on the high-frequency parts are scanned from the upper left corner to the lower right corner.This scan order can extract the main information of the high-frequency parts, which promises the preferable restoration quality as analyzed in Section 5.2.
(3) The above-mentioned three new sequences are constructed into one sequence.If necessary, the zero elements are filled in the right-most row of this reorganized sequence to ensure that the length of this sequence is ( ) 4

WH
. Then, this sequence is converted into a composite matrix

Double-Color-Image Encryption under Quaternion Representation
Step 1: Quaternion representation (QR): the selected to-be-encrypted sub-bands are represented by quaternion algebra shown as follows Step 2: With the secret keys where phase mask ( 1, 2,3)
Step 3: The four parts of each quaternion signal G i are extracted and reorganized (EAR) to form a new matrix of size W × H.
where R(G i ), X(G i ), Y(G i ), and Z(G i ) extract the real part and the three imaginary parts of the quaternion signal G i , respectively.
Step 4: To eliminate the deficiency caused by the inherent linearity of the QMPDFrAT, a nonlinear operation called spherical transform is followed to further hide the information obtained by matrices A 1 , A 2 , and A 3 .For the convenience of decryption, the matrix A i (i = 1, 2, 3) is first mapped to the matrix B i (i = 1, 2, 3) whose values are greater than zero.As shown in Figure 3, the three matrices B 1 , B 2 , and B 3 can be regarded as the orthorhombic axis in the spherical coordinate domain.The mapping rules are where ε is a plaintext-related adjustment factor which can be calculated as where  is a plaintext-related adjustment factor which can be calculated a


In this process,  is considered as a supplementary key for decryptio

Joint Permutation-Diffusion Mechanism with Plaintext-Related Random Pixe
For the image encryption algorithm with the traditional permutation-d ture shown in Figure 4, there are three main drawbacks: (1) multiple round tion and diffusion operations improve the level of security but sacrifice effi secret keys are dependent on the original image and the user could not obta In this process, ε is considered as a supplementary key for decryption.

Joint Permutation-Diffusion Mechanism with Plaintext-Related Random Pixel Insertion
For the image encryption algorithm with the traditional permutation-diffusion structure shown in Figure 4, there are three main drawbacks: (1) multiple rounds of permutation and diffusion operations improve the level of security but sacrifice efficiency; (2) the secret keys are dependent on the original image and the user could not obtain keys before performing the encryption process; (3) the same ciphertext image is obtained each time when it is applied to the same plaintext image with secret keys, which weakens the robustness of the cryptosystem.Aiming at these shortcomings, a new joint permutation-diffusion mechanism based on the plaintext-related random pixel insertion is designed to acquire the final encryption image E, in which only one-time traversal of the to-be-encrypted sequence is executed [38].The specific process is shown in Figure 5.The encryption steps are described as follows.
EER REVIEW 9 of 27 performing the encryption process; (3) the same ciphertext image is obtained each time when it is applied to the same plaintext image with secret keys, which weakens the robustness of the cryptosystem.Aiming at these shortcomings, a new joint permutationdiffusion mechanism based on the plaintext-related random pixel insertion is designed to acquire the final encryption image E , in which only one-time traversal of the to-be-encrypted sequence is executed [38].The specific process is shown in Figure 5.The encryption steps are described as follows.Step 1: With the initial keys 1 (1) x , 2 (1) x ,  , and  , NCML system is iterated Additionally, one could sort sequence Figure 5. Joint permutation-diffusion mechanism with plaintext-related random pixel insertion.
Step 1: With the initial keys x 1 (1), x 2 (1), δ, and λ, NCML system is iterated N 0 + 3W H + 3H times.To eliminate the transient effect, the former N 0 values are discarded.Then, one can obtain the chaotic sequence X i with length 3W H + 3H: X i = {x i (1), x i (2), . . ., x i (3W H + 3H)}(i = 1, 2).Subsequently, the sequence X 1 is further pro- cessed as S = mod(round(X 1 × 10 9 ), 256) Additionally, one could sort sequence X 2 and record the positions of the corresponding values of the sorted sequence in X 2 to obtain address sequence d of length 3W H + 3H.
Step 2: Three matrices r, θ, and ϕ are converted into a 1D sequence E 1 , Afterwards, one can quantify E 1 into the range of [0, 255], Step 3: Generation of random pixel values related to plaintext.Adopting the secret keys x 1 (1), x 2 (1), δ and the sum of all the pixels in the original images as the input of hash function SHA-512, a 512-bits hash value V can be obtained.One can randomly select a binary sequence b = (b 7 b 6 . . .b 0 ) of length 8 from V for 3H times and convert each binary sequence into decimal integer.Consequently, a plaintext-related random sequence L of length 3H is obtained.Afterwards, sequence L and sequence E 2 are concatenated into one sequence LE of length 3W H + 3H.
Step 5: The final ciphertext E is obtained by In the proposed joint permutation-diffusion strategy, the plaintext-related random values are randomly inserted in the interim sequence E .The value of encrypted sequence E (1, d(k)) not only depends on the to-be-encrypted value LE(1, k − 1), chaotic value S(1, k), Entropy 2022, 24, 941 10 of 24 but also is determined by the previous encrypted value E (1, d(k − 1)), which accords the proposed color image cryptosystem a high level of security, as elaborated in the later section.

Double-Color-Image Decryption Algorithm
Since the proposed double-color-image encryption algorithm is symmetric, those who know the whole keys can decrypt the ciphertext with the reverse encryption process described in Section 5.2.The decryption process is exhibited in Figure 6.Particularly, the inverse decryption process of joint permutation-diffusion strategy is where k = 2, . . ., 3W H + 3H.The inverse transform for Equation ( 20) is Entropy 2022, 24, x FOR PEER REVIEW 11 of

Encryption and Decryption Results
To verify the feasibility of the proposed encryption algorithm, four groups of col images of size 256 256  shown in Figure 7 are selected from the USC-SIPI image dat base to be tested [39].The secret keys , respectively.Figures 8 and 9 sho the encryption and the decryption results, respectively.To measure the quality of restore image, two image quality assessment criteria are considered, i.e., (1) Peak Signal-to-Noise Ratio (PSNR) is (2) Structural similarity (SSIM) index [40] is  After performing the inverse QMPDFrATs and inverse phase mask modulations, one can extract the four parts of each resulting quaternion signals, respectively.Finally, the decryption images can be retrieved through the inverse compression process and inverse DWT operation.

Simulation Results and Security Analyses 6.1. Encryption and Decryption Results
To verify the feasibility of the proposed encryption algorithm, four groups of color images of size 256 × 256 shown in Figure 7 are selected from the USC-SIPI image database to be tested [39].The secret keys M 1 and M 2 are arbitrarily taken as 25 and 29, respectively.The pure quaternions µ 1 , µ 2 , µ 3 , and µ 4 are set as i, j, k, and (i + j + k)/ √ 3, respectively.The M i -dimensional parameter vector η i (i = 1, 2) is random real vector whose values are independent and uniformly distributed in [0, 100].The fractional orders α and β are randomly given as 0.4697 and 0.4023, respectively.The initial values and control parameters of the NCML system are chosen arbitrarily as: x 1 (1) = 0.4728, x 2 (1) = 0.3977, δ = 0.2635, λ = 3.9864, respectively.Figures 8 and 9 show the encryption and the decryption results, respectively.To measure the quality of restored image, two image quality assessment criteria are considered, i.e., (1) Peak Signal-to-Noise Ratio (PSNR) is where C(m, n) and D(m, n) represent the pixel values of each color component of the original color image and the decryption one, respectively.
(2) Structural similarity (SSIM) index [40] is where x and y are the windows of two images with size m × m, µ x and µ y denote the average values of x and y, σ 2 x and σ 2 y are variances of x and y, respectively, σ xy is the covariance between x and y. c 1 = (k 1 L) 2 , c 2 = (k 2 L) 2 , k 1 = 0.01, k 2 = 0.03, L is the gray level of the plaintext image.The greater SSIM means the better recovery of image.The PSNR values and the mean SSIM (MSSIM) values for different images are collected in Table 3.It can be seen from Figures 8 and 9 and Table 3 that the ciphertext images cannot reveal the information of the original images and the decryption images achieve good reconstruction quality.The PSNR values and the mean SSIM (MSSIM) values for different images are collected in Table 3.It can be seen from Figures 8 and 9 and Table 3 that the ciphertext images cannot reveal the information of the original images and the decryption images achieve good reconstruction quality.

Decryption Quality Evaluation
In the conventional DWT-based image compression and encryption methods, to achieve the purpose of compression, only the low-frequency part of the original image is utilized for encryption and the high-frequency parts are discarded, which affects the decryption quality of the image [41,42].In this paper, to achieve compression and improve the quality of image reconstruction simultaneously, five methods shown in Table 4 are designed to flexibly select the high-frequency parts of the original images.

Method 6 High-Frequency Sub-Bands
Simulations are conducted with the five above-mentioned methods.The corresponding PSNR values of different decryption images are depicted in Figure 10.Decryption images with the proposed five methods have relatively higher reconstruction quality than those in [29,31], since both the low-frequency parts and the high-frequency parts of original images are reserved to be encrypted.As an example, decryption images "Peppers" with five methods are shown in Figure 11.Corresponding selected details of decryption "Peppers" are exhibited in Figure 12.From Figures 10-12, although the PSNR value of the decryption image with method 1 (2, 3) is acceptable, the details of the corresponding decryption image are distorted obviously, for only one of the three high-frequency parts associated with the original RGB components are reserved to be encrypted.For method 4, the selected high-frequency parts (LH 1 , HL 1 , HH 1 ) of each RGB component are different and the decryption images contain all these three high-frequency parts as possible, which leads to the decryption images not only achieving similar decryption quality with method 1 (2, 3), but also reducing the undesirable distortion effect of the detail part to a certain extent.For method 5, the main information of all the three high-frequency parts of every RGB component are reserved via the DWT and Zigzag operation, which can make the decryption images achieve higher visual quality and relatively higher reconstruction quality than method 4. Based on the above discussion, the adoption of method 5 as the feature fusion of the high-frequency parts of the original images is more helpful for improving the reconstruction quality of decryption image.

Statistical Analyses 6.3.1. Histogram Analysis
Histograms play an important role in statistical analyses.Figure 13(a1-c1,a2-c2) are the histograms of RGB components of original "Lena" and "Peppers", respectively.Figure 13(a3-c3) are the histograms of RGB components of encryption image, respectively.In the encryption process, the proposed QMPDFrAT is performed on the compressed image, which causes the histograms of the intermediate results have a similar distribution.Afterward, the proposed joint permutation-diffusion operation can make the pixel values of intermediate results distributed uniformly among the range of 0-255.From Figure 13, the histograms of RGB components of original color images "Lena" and "Peppers" are quite different while those of RGB components of the encryption image show similarity and uniform distribution.In addition, the chi-square (χ 2 ) test is adopted to numerically measure the uniformity of the histogram of ciphertext [43], i.e., where o L is the observed number of the L-th gray level and e L is the expected number of the L-th gray level.Table 5 gives the results of the chi-square test for the RGB components of the encryption image under different input images.From  images "Lena", "Peppers", "Female", "Milkdrop", "House", "Airplane", "Couple", and "Tree", respectively.Yellow [29], Black [31].  .PSNR values with different methods: the eight points on the abscissa denote decryption images "Lena", "Peppers", "Female", "Milkdrop", "House", "Airplane", "Couple", and "Tree", respectively.Yellow [29], Black [31].images "Lena", "Peppers", "Female", "Milkdrop", "House", "Airplane", "Couple", and "Tree", respectively.Yellow [29], Black [31].

Histogram Analysis
Histograms play an important role in statistical analyses.Figure 13(a1-c1) and (a2-c2) are the histograms of RGB components of original "Lena" and "Peppers", respectively.Figure 13(a3-c3) are the histograms of RGB components of encryption image, respectively.In the encryption process, the proposed QMPDFrAT is performed on the compressed image, which causes the histograms of the intermediate results have a similar distribution.Afterward, the proposed joint permutation-diffusion operation can make the pixel values of intermediate results distributed uniformly among the range of 0-255.From Figure 13, the histograms of RGB components of original color images "Lena" and "Peppers" are quite different while those of RGB components of the encryption image show similarity and uniform distribution.In addition, the chi-square  5 gives the results of the chi-square test for the RGB components of the encryption image under different input images.From Table 5, the 2  -values  of encrypted RGB components are under the critical values with 1% and 5% level of significance, which indicates that the proposed encryption algorithm can withstand the histogram attack.

Correlation Analysis
A total of 12,000 pairs of adjacent pixels in the horizontal, vertical, and diagonal directions are chosen randomly from the original color image "Lena" and the corresponding encryption image.Their correlation distributions are displayed in Figure 14.In Figure 14, the correlation distributions of the three color channels of the original image "Lena" are linear and strongly correlated, while those of the corresponding three color channels of the encryption image are almost uniform.Moreover, to evaluate this feature numerically, the correlation coefficients of the selected 12,000 pairs of adjacent pixels in three directions are calculated, as shown in Table 6.The correlation coefficients in the original color images are close to 1, while those in the encryption images are near 0. The results suggest that the proposed algorithm can reduce the correlation in original images significantly.Therefore, the statistical analysis attack is impracticable for the proposed double−color−image encryption algorithm.

Information Entropy Analysis
Information entropy

 
Hm can reflect the degree of randomness and the unpredict ability of a random event m , i.e.,  To inspect the sensitivity of the proposed algorithm, a set of tests are performed by decrypting the ciphertext image with a tiny perturbation in the correct encryption key.Figures 15 and 16 exhibit the decryption image "Peppers" when one of the initial keys has a tiny deviation while all the other keys are correct, respectively.Figure 16 shows the decryption image "Peppers" decrypted with wrong keys α = α randomly generated real vectors η 1 and η 2 , respectively.The decryption results indicate that these images cannot reveal any serviceable information and the proposed image encryption algorithm is sensitive to the above-mentioned keys.

Key Sensitivity Analysis
To inspect the sensitivity of the proposed algorithm, a set of tests are performed by decrypting the ciphertext image with a tiny perturbation in the correct encryption key.Figures 15 and 16 exhibit the decryption image "Peppers" when one of the initial keys has a tiny deviation while all the other keys are correct, respectively.Figure 16 shows the decryption image "Peppers" decrypted with wrong keys

. Key Sensitivity Analysis
To inspect the sensitivity of the proposed algorithm, a set of tests are performed by decrypting the ciphertext image with a tiny perturbation in the correct encryption key.Figures 15 and 16 exhibit the decryption image "Peppers" when one of the initial keys has a tiny deviation while all the other keys are correct, respectively.Figure 16 shows the decryption image "Peppers" decrypted with wrong keys

Key Space Analysis
Simulations show that the secret keys θ 1 , θ 2 , and ε are not sensitive enough, thus they are considered supplementary keys.From the sensitivity analysis in Section 6.4.1, the precision of the keys x 1 (1), x 2 (1), and λ is up to 10 −15 .The deviation of control parameter δ is about 10 −6 .The key space for fractional order α (β) is 10 −3 .Therefore, the total key space of the proposed algorithm is at least 10 57 , which is greater than 2 189 .It indicates that the key space of the proposed encryption algorithm is large enough to resist the brute-force attack.

Differential Attack Analysis
Two common indicators, i.e., NPCR (number of pixel change rate) and UACI (unified average changing intensity) are introduced to evaluate the ability of the proposed algorithm to resist differential attack.These two indicators can be computed, respectively, as [11] NPCR where E R,G,B and E R,G,B are the ciphertext images without and with only one pixel altered in the plaintext images, respectively.In these experiments, 10 pixels of different positions in each plaintext image are randomly selected and only one pixel is changed each time.
In the diffusion process, the plaintext-related random values are randomly inserted into the sequence and the encrypted values are determined by the chaotic values and their previous ciphered values, both of which make the proposed cryptosystem sensitive to plaintext images.The average NPCR values and the average UACI values for the two ciphertext images are tabulated in Table 8.It shows that the proposed encryption algorithm could resist differential attack, since the values of NPCR and UACI are close to their theoretical values.Assume that the encryption image is polluted by the additive Gaussian noise and Salt and Pepper noise during transmission.Decryption results of image "Peppers" with these two types of noises added to the ciphertext are displayed in Figure 17.Although the quality of decryption images decreases with the increase of noise parameter, the decryption images are still identifiable.It indicates that the proposed color image encryption algorithm could resist the noise attack to a certain extent.Figure 18 shows the PSNR values of different decryption images with the increase of noise parameter, which further supports our conclusion.To analyze the robustness of the proposed algorithm against data loss attack, the ciphertext image is assumed to be cropped to a limited degree.Simulation results are exhibited in Figure 19.It can be noted that the main information of the decryption image can still be recognized since the main information of the plaintext images is randomly distributed over the whole ciphertext image by the proposed QMPDFrAT and the joint permutation-diffusion mechanism.Therefore, the proposed algorithm can withstand data loss attack to a limited degree.
Entropy 2022, 24, x FOR PEER REVIEW 22 of 27 results are exhibited in Figure 19.It can be noted that the main information of the decryption image can still be recognized since the main information of the plaintext images is randomly distributed over the whole ciphertext image by the proposed QMPDFrAT and the joint permutation-diffusion mechanism.Therefore, the proposed algorithm can withstand data loss attack to a limited degree.

Robustness of the Proposed Algorithm against Four Typical Attacks
Among the four potential attacks including ciphertext-only attack, known-plaintext attack, chosen-ciphertext attack, and chosen-plaintext attack, the chosen-plaintext attack is considered as the most powerful one.In the cryptanalysis, if the cryptosystem is immune to the chosen-plaintext attack, it will be able to withstand other three attacks [12].
Under the chosen-plaintext attack, attackers may deduce the secret keys by a pair of the corresponding plaintext and ciphertext images.In our algorithm, the deficiency caused by the linear transform system is eliminated by a nonlinear spherical transform.The current encrypted pixel value is associated with the plaintext-related values and the previous ciphered value, which contributes to the high sensitivity for the plaintext images.On the other hand, the plaintext-related values are obtained in a random way, which enables the proposed algorithm to generate a completely different encrypted images each time when it is applied to the same original images with the same secret keys.In addition, some attackers may deduce the secret keys by analyzing the special images, such as all black and all white images [44].To analyze this situation, double black images and double white images are considered as the inputs of the proposed cryptosystem, respectively.Figure 20 shows one of the double special images and their corresponding encryption images.As it is shown from the simulation results, the ciphertext images of these two special images are all noise-like.Therefore, the designed double-color-image encryption algorithm has a strong ability to resist the chosen-plaintext attack and the other three potential attacks.

Robustness of the Proposed Algorithm against Four Typical Attacks
Among the four potential attacks including ciphertext-only attack, known-plaintext attack, chosen-ciphertext attack, and chosen-plaintext attack, the chosen-plaintext attack is considered as the most powerful one.In the cryptanalysis, if the cryptosystem is immune to the chosen-plaintext attack, it will be able to withstand other three attacks [12].
Under the chosen-plaintext attack, attackers may deduce the secret keys by a pair of the corresponding plaintext and ciphertext images.In our algorithm, the deficiency caused by the linear transform system is eliminated by a nonlinear spherical transform.The current encrypted pixel value is associated with the plaintext-related values and the previous ciphered value, which contributes to the high sensitivity for the plaintext images.On the other hand, the plaintext-related values are obtained in a random way, which enables the proposed algorithm to generate a completely different encrypted images each time when it is applied to the same original images with the same secret keys.In addition, some attackers may deduce the secret keys by analyzing the special images, such as all black and all white images [44].To analyze this situation, double black images and double white images are considered as the inputs of the proposed cryptosystem, respectively.Figure 20 shows one of the double special images and their corresponding encryption images.As it is shown from the simulation results, the ciphertext images of these two special images are all noise-like.Therefore, the designed double-color-image encryption algorithm has a strong ability to resist the chosen-plaintext attack and the other three potential attacks.

Time Analysis
Execution time is a significant consideration in image encryption and decryption processes.The encryption and decryption time of the proposed cryptosystem and similar algorithms in [11,29,31,38] is shown in Table 9. Simulations with the same number of input images are conducted under MATLAB (R2016a) on a personal computer with Intel (R) Core (TM) i7−3537 U CPU @2.00 GHz, 4GB RAM running Windows 10.In [11], the keystreams utilized in encryption and decryption processes are generated by iterating the 6D hyperchaotic system, which takes too much time.In [29,31], the compression and encryption are realized efficiently by combining CS with joint low-dimensional chaotic system.

Time Analysis
Execution time is a significant consideration in image encryption and decryption processes.The encryption and decryption time of the proposed cryptosystem and similar algorithms in refs.[11,29,31,38] is shown in Table 9. Simulations with the same number of input images are conducted under MATLAB (R2016a) on a personal computer with Intel (R) Core (TM) i7−3537 U CPU @2.00 GHz, 4GB RAM running Windows 10.In ref. [11], the keystreams utilized in encryption and decryption processes are generated by iterating the 6D hyperchaotic system, which takes too much time.In refs.[29,31], the compression and encryption are realized efficiently by combining CS with joint low-dimensional chaotic system.However, the decryption process is time-consuming as it takes too much time to reconstruct the original signal.Since the whole encryption process is executed in the spatial domain, the security of the encryption algorithm in ref. [38] is guaranteed by the complex permutation and diffusion operations, which leads to relatively longer encryption and decryption time.In our algorithm, the time-consuming parts include double-colorimage compression, three times QMPDFrATs, a spherical transform, and one-time joint permutation-diffusion operation.QMPDFrAT was pointed out to be efficient in Section 3.Only one-time traversal of the to-be-encrypted sequence allows the permutation-diffusion process to take relatively shorter encryption and decryption time.Figure 21a,b shows the encryption time and the decryption time of each part, respectively.As observed from Figure 21, the encryption and decryption time is acceptable.Therefore, the proposed image compression-encryption algorithm is feasible in real-time cryptosystem.

Time Analysis
Execution time is a significant consideration in image encryption and decryption processes.The encryption and decryption time of the proposed cryptosystem and similar algorithms in [11,29,31,38] is shown in Table 9. Simulations with the same number of input images are conducted under MATLAB (R2016a) on a personal computer with Intel (R) Core (TM) i7−3537 U CPU @2.00 GHz, 4GB RAM running Windows 10.In [11], the keystreams utilized in encryption and decryption processes are generated by iterating the 6D hyperchaotic system, which takes too much time.In [29,31], the compression and encryption are realized efficiently by combining CS with joint low-dimensional chaotic system.However, the decryption process is time-consuming as it takes too much time to reconstruct the original signal.Since the whole encryption process is executed in the spatial domain, the security of the encryption algorithm in [38] is guaranteed by the complex permutation and diffusion operations, which leads to relatively longer encryption and decryption time.In our algorithm, the time-consuming parts include double-color-image compression, three times QMPDFrATs, a spherical transform, and one-time joint permutation-diffusion operation.QMPDFrAT was pointed out to be efficient in Section 3.Only one-time traversal of the to-be-encrypted sequence allows the permutation-diffusion process to take relatively shorter encryption and decryption time.Figure 21a,b shows the encryption time and the decryption time of each part, respectively.As observed from Figure 21, the encryption and decryption time is acceptable.Therefore, the proposed image compression-encryption algorithm is feasible in real-time cryptosystem.

Conclusions
The quaternion multiple parameter discrete fractional angular transform is firstly defined.The analysis shows that the proposed quaternion multiple parameter discrete fractional angular transform is a suitable tool for image encryption.Based on this transform, a new double-color-image compression-encryption algorithm with a spatiotemporal chaotic system is obtained.Sub-bands of original images based on quaternion representation are encrypted with quaternion multiple parameter discrete fractional angular transform and the intermediate results are constructed into three new matrices with the same size of plaintext images, which avoids the additional data extension that many transform-based methods yield.The spherical transform, as a nonlinear operation, is introduced to nonlinearly make the three transform results interact.A new joint permutation-diffusion mechanism with plaintext-related random pixel insertion is developed to enhance the security of cryptosystem and reduce encryption time simultaneously.The simulation results show that the proposed algorithm has better reconstruction effects than some similar compression-encryption algorithms.The security performance evaluation demonstrates

1 C and 2 C 2 B , respectively. Step 2 :
of size WH  are converted into their red, green, and blue components which can be expressed as The one level 2D DWT is performed on the six color components to obtain 24 image sub-bands of size 22 WH 

and 2 B , respectively. Step 2 :
The one level 2D DWT is performed on the six color components to obtain 24 image sub-bands of size
, and C B 2 from five high-frequency parts of G 1 , B 1 , R 2 , G 2 , and B 2 , respectively.

4 ) 2 B
In a similar way, one can obtain five other composite matrices 1 , respec- tively.

Figure 2 .
Figure 2. Compression process for 1 R .(a) shows the whole compression process and (b) shows the schematic diagram of Zigzag operation in (a).
and 3  , three quaternion signals shown in Equation (17) are modulated by the proposed QMP-DFrAT with three quaternion random phase masks, respectively.

Figure 2 .
Figure 2. Compression process for R 1 .(a) shows the whole compression process and (b) shows the schematic diagram of Zigzag operation in (a).

Figure 4 .
Figure 4. Structure of general image encryption algorithm.

Figure 4 .
Figure 4. Structure of general image encryption algorithm.

Figure 4 .
Figure 4. Structure of general image encryption algorithm.
times.To eliminate the transient effect, the former 0 N values are dis- carded.Then, one can obtain the chaotic sequence i X with length 33 WH H  :

2 X 2 XStep 2 :
and record the positions of the corre- sponding values of the sorted sequence in to obtain address sequence d of length 33 WH H  .Three matrices r , θ , and φ are converted into a 1D sequence

1 M and 2 M
are arbitrarily taken as 25 and 2 respectively.The pure quaternions 1  , 2  , 3  , and 4  are set as i , j , k , an whose values are independent and uniformly distributed in [0,100]  .T fractional orders  and  are randomly given as 0.4697 and 0.4023, respectively.Th initial values and control parameters of the NCML system are chosen arbitrarily a 1 represent the pixel values of each color component of th original color image and the decryption one, respectively.

2 x  and 2 yL
x and y are the windows of two images with size mm  , x  and y  deno the average values of x and y , are variances of x and y , respectivel xy  is the covariance between x and y . is the gray level of the plaintext image.The greater SSIM means the better recovery image.

Figure 10 .
Figure 10.PSNR values with different methods: the eight points on the abscissa denote decryption

Entropy 2022 , 27 Figure 10 .
Figure 10.PSNR values with different methods: the eight points on the abscissa denote decryption
test is adopted to numerically measure the uniformity of the histogram of ciphertext[43], i.e.,

Entropy 2022 , 27 Figure 14 .
Figure 14.Correlation distributions of adjacent pixels in the horizontal, vertical, diagonal directions (a) distribution of original color image "Lena"; (b-d) distributions of red, green, and blue compo nents of encryption image "Lena−Peppers", respectively.

Figure 14 .
Figure 14.Correlation distributions of adjacent pixels in the horizontal, vertical, diagonal directions: (a) distribution of original color image "Lena"; (b-d) distributions of red, green, and blue components of encryption image "Lena−Peppers", respectively.

1 1  and ' 2 
MM  , randomly generated real vectors ' , respectively.The decryption results indicate that these images cannot reveal any serviceable information and the proposed image encryption algorithm is sensitive to the above-mentioned keys.

2 
, respectively.The decryption results indicate that these images cannot reveal any serviceable information and the proposed image encryption algorithm is sensitive to the above-mentioned keys.

Figure 17 .
Figure 17.Decryption images "Peppers" with different noise attacks: Gaussian noise with intensity k (a) 0.25 k  , (b) 0.75 k  , Salt and Pepper noise with the density of noise distribution (c) 0.1 (d) 0.5.

Figure 17 .
Figure 17.Decryption images "Peppers" with different noise attacks: Gaussian noise with intensity k (a) 0.25 k  , (b) 0.75 k  , Salt and Pepper noise with the density of noise distribution (c) 0.1 (d) 0.5.

Figure 18 .
Figure 18.Average PSNR value versus noise parameter: (a) Gaussian noise, (b) Salt and Pepper noise.Figure 18.Average PSNR value versus noise parameter: (a) Gaussian noise, (b) Salt and Pepper noise.

Figure 18 .
Figure 18.Average PSNR value versus noise parameter: (a) Gaussian noise, (b) Salt and Pepper noise.Figure 18.Average PSNR value versus noise parameter: (a) Gaussian noise, (b) Salt and Pepper noise.

Figure 20 .
Figure 20.Encryption results of black and white images: (a) black image, (b) encryption black image, (c) white image, (d) encryption white image.

Figure 20 .
Figure 20.Encryption results of black and white images: (a) black image, (b) encryption black image, (c) white image, (d) encryption white image.

Figure 20 .
Figure 20.Encryption results of black and white images: (a) black image, (b) encryption black image, (c) white image, (d) encryption white image.

Figure 21 .
Figure 21.(a) Encryption time and time consumption percentage of each part; (b) decryption time and time consumption percentage of each part.

Figure 21 .
Figure 21.(a) Encryption time and time consumption percentage of each part; (b) decryption time and time consumption percentage of each part.

Table 1 .
Comparison results under the same compression ratio.

Table 2 .
Comparison of four quaternion transforms.

Table 2 .
Comparison of four quaternion transforms.

Table 2 .
Comparison of four quaternion transforms.

Table 2 .
Comparison of four quaternion transforms.

Table 2 .
Comparison of four quaternion transforms.

Table 2 .
Comparison of four quaternion transforms.

Table 3 .
PSNR and MSSIM values of decryption images.

Table 3 .
PSNR and MSSIM values of decryption images.

Table 4 .
Five methods for selecting high-frequency sub-bands.

Table 5 ,
the χ 2 -values of encrypted RGB components are under the critical values with 1% and 5% level of significance, which indicates that the proposed encryption algorithm can withstand the histogram attack.

Table 5 .
Results of chi-square test.

Table 5 .
Results of chi-square test.

Table 6 .
Correlation coefficients of adjacent pixels.

Table 7 .
Results of information entropy (dB) of encryption color images.

Table 8 .
Results of average NPCR and UACI values for different color images.