Security Analysis of the Image Encryption Algorithm Based on a Two-Dimensional Infinite Collapse Map

This paper analyzes the security of the image encryption algorithm based on a two-dimensional (2D) infinite collapse map. The encryption algorithm adopts a permutation–diffusion structure and can perform two or more rounds to achieve a higher level of security. By cryptanalysis, it is found that the original diffusion process can be split into a permutation–diffusion structure, which comes after the original permutation, so these two permutations can be merged into one. Then, some theorems about round-down operation are summarized, and the encryption and decryption equations in the diffusion process are deduced and simplified accordingly. Since the chaotic sequences used in encryption algorithm are independent of the plaintext and ciphertext, there are equivalent keys. The original encryption algorithm with single-round, two-round, and multi-round of permutation–diffusion processes is cracked, and the data complexity of the cryptanalysis attacks is analyzed. Numerical simulation is carried out by MATLAB, and the experimental results and theoretical analysis show the effectiveness of the cryptanalysis attacks. Finally, some suggestions for improvement are given to overcome the shortcomings of the original encryption algorithm.


Introduction
Advances in information and network technology have facilitated the rapid development of the Internet in providing the technical foundation, and the Internet is deeply integrated into all aspects of human life. Accompanying this is a variety of data forms and massive amounts of data generated every day. Since these data are closely linked with user information, their protection is particularly important. Digital image data are an important carrier of information, and has occupied a large part in the process of network transmission. Encrypting images is an important means to ensure image security.
Image data have the characteristics of strong correlation between pixels, high data redundancy, and large amount of data. The traditional text encryption algorithms such as DES and AES are not suitable for image encryption. In recent years, image encryption based on chaotic systems [1][2][3][4][5][6][7], cellular automata [8][9][10][11][12], DNA encoding [13][14][15], bit plane decomposition [16][17][18][19][20][21], and elliptic curve [22][23][24][25][26] is the mainstream of cryptography. Due to the significant properties of unpredictability, ergodicity and initial state sensitivity, the chaotic system becomes a good choice for encryption [27]. However, the chaotic sequence is transformed to a bit sequence to encrypt the plaintext in most chaotic image encryptions. The security of the encryption is thus determined by the properties of the bit sequence. Moreover, the essential reason for the chaotic cryptosystem easily existing equivalent keys is that the encryption process is independent of plaintext and/or ciphertext. In addition, elliptic curve cryptography is capable of providing high security than to other cryptosystems with the same key size because it is more complicated and requires a deeper mathematical understanding; it is more susceptible to errors which diminishes its security.
Since Matthews proposed a generalized logistic map and used it to generate pseudorandom numbers for data encryption [28], a large number of scholars have poured into single-round, two-round and multi-round situations, provides the attack complexity, and gives the corresponding improvement suggestions to overcome the shortcomings of the original encryption algorithm. The main advantage of this paper is that a detailed security analysis of a more complex multi-round encryption algorithm is carried out, and the main difference between this multi-round encryption and the previous multi-round encryption methods is that the multi-round encryption cannot be directly equivalent to a single-round of encryption. Therefore, the cryptanalysis methods in the existing literature cannot be directly used to crack this multi-round encryption algorithm.
The remainder of this article is organized as follows: Some definitions and related theorems are provided in Section 2. Section 3 presents the detail of the original encryption algorithm, and gives the correct decryption equation. An analysis of the encryption algorithm is demonstrated in detail in Section 4. Section 5 mainly introduces the numerical simulation experiments carried out by MATLAB. The experimental results verify the correctness of the cryptanalysis, and at the same time, the complexity of the deciphering algorithms is given, and corresponding improvement measures are proposed to overcome the shortcomings of the original encryption algorithm. The last section concludes the article.

Some Definitions and Related Theorems
In order to better analyze the original encryption algorithm, it is first necessary to simplify the original algorithm. According to the formula used in the original algorithm, some preliminaries are given to aid the subsequent theoretical analysis. The definitions and properties of round-down operation · , the operation {·} for finding the fractional part of a real number, and the modulus operator are introduced, and three theorems about these operations are deduced in this section. Definition 1 ([43]). The largest integer of a real number a is recorded as a , which is the largest integer less than or equal to a, that is, a is the integer satisfying a ≤ a < a + 1. ([43]). The fractional part of the real number a is recorded as {a}, which is the difference between a and a , that is, {a} = a − a .

Theorem 2.
For any real numbers a and b, there are

Definition 3 ([44]
). The modular operation returns the remainder after a real number is divided by a positive integer, and often abbreviated as mod: (a mod 256) mod 256 = a mod 256, a ∈ R.
Proof. Assuming b = a mod 256, the corresponding inverse operation is a = 256 × k + b, where a, b ∈ R, k ∈ Z and 0 ≤ b < 256, so a mod 256 = b and a mod 256 a mod 256 = b = a mod 256 is proved.

Description of the Original Encryption Algorithm
In this section, the chaotic map used in [42] is first introduced, and then the original encryption algorithm is described in detail.

Two-Dimensional Infinite Collapse Map (2D-ICM)
The chaotic system 2D-ICM used in the original encryption algorithm is a twodimensional infinite collapse map obtained by integrating two one-dimensional infinite collapse maps with different parameters [42], and its iterative equation is where the control parameters a and b are real numbers, a = 0, b = 0, and the initial states are recorded as x 0 , y 0 .

2D-ICM Based Image Encryption Algorithm (ICMIE)
According to [42], it proposed a new image encryption algorithm based on 2D-ICM and named it ICMIE. The original algorithm ICMIE is described as follows: (1) Key parameters There are seven key parameters in the original algorithm. The key K is expressed as a 0 , b 0 , x, y, T, C 1 , C 2 , and the first five parameters a 0 , b 0 , x, y, T are 40-bit binary representation. Assuming that the 40-bit binary is (s 1 s 2 · · · s 40 ) 2 , the IEEE754 format is adopted to convert a 0 , b 0 , x, y, T into decimal numbers in [0, 1), then C 1 and C 2 are positive integers represented by 20-bit binary, and they are converted into decimal numbers directly. Substitute the converted decimal a 0 , b 0 , x, y, T, C 1 , C 2 into the following equation: The initial conditions a, b, x 0 , y 0 of 2D-ICM can be obtained.
(2) Encryption process The original algorithm divides the encryption process into permutation and diffusion, and then performs two or more rounds of permutation and diffusion as a whole. In fact, the diffusion process of the original algorithm also includes a permutation operation. In order to distinguish, the first permutation operation is named permutation 1 and the second permutation operation is named permutation 2. The grayscale image P of M × N is encrypted, and the ciphertext image C of the same size is finally generated. The overall encryption process is shown in Figure 1.  The specific encryption steps are described as follows: (1) Permutation First, two chaotic matrices X and Y of M × N are generated by 2D-ICM. The matrix S is combined into a single matrix S = X * Y by multiplying the corresponding elements of X and Y. The index matrix I is composed of the position of each element in the original matrix S after sorting S in ascending order. Then, the pixel positions of the plaintext image P are rearranged by using the index matrix I to obtain the permutation 1 image F.
(2) Diffusion First, the index matrix χ is composed of the corresponding positions of all elements of the chaotic matrix X in its ascending order. Then, the pixel positions of the permutation 1 image F are arranged again by the index matrix χ to obtain a new permutation 2 image A. Finally, the pixel values of the diffusion image D are obtained by the following method: where i = 1, 2, . . . , M × N, then d i , a i and y i are the pixel values of the i-th element of the diffusion image D, the permutation 2 image A and the chaotic matrix Y according to the raster scan order, respectively.
(3) Decryption process Usually, the decryption process is the inverse of the image encryption process. Using the correct key to generate the chaotic matrices X and Y, the decryption process of ICMIE will alternately perform the inverse diffusion and inverse permutation in two rounds or multiple rounds, and then obtain the recovered image. The decryption equation in the diffusion process is incorrect. When i ∈ [2, M × N], according to the encryption Equation (4), where k i ∈ Z(i = 2, 3, · · · , M × N). Similarly, a i can be obtained when i = 1, and the correct decryption equation is finally derived as Then, the pixel positions of the ciphertext image will be processed by inverse permutation. The original image is completely recovered.

Cryptanalysis
The generation process of the chaotic sequences and the encryption process of the original algorithm are independent of the plaintext and the ciphertext, so there are equivalent keys. Firstly, the core structure of the original encryption algorithm (i.e., the permutationpermutation-diffusion structure) is generalized, then the diffusion equation is isolated, and the two permutation processes are merged into one permutation. Next, the original encryption algorithm is analyzed in terms of single-round, two-round, and multi-round.
The original encryption algorithm can be summarized as a multi-round of permutationdiffusion processes as shown in Figure 2. In Figure 2, KP and KD represent the permutation equivalent key and the diffusion equivalent key, respectively. P represents plaintext image and C represents ciphertext image. n represents the total number of rounds of encryption, and where P (t) , A (t) , and D (t) represent the plaintext image, the permutation image, and diffusion image encrypted in the t-th round, respectively. Taking the feedback apart, it can be shown in Figure 3.

Ciphertext image Diffusion Permutation
Diffusion Permutation Diffusion In Figure 3, P (t) = D (t−1) , that is, the diffusion image encrypted in the previous round is the plaintext image encrypted in the subsequent round. For plaintext image P and ciphertext image C, there are P (1) = P and C = D (n) .
For the convenience of the following discussion, some definitions are given here.
respectively represent the i-th plaintext image, permutation image, and diffusion image in the t-th round. The size of the images discussed in this paper are all M × N.

Simplification of ICMIE
Since the two permutations are independent of plaintext, they can be equivalent to one permutation operation. The equivalent key KP of the two permutation operations from plaintext image P to permutation image A can be obtained directly in one step. The diffusion equivalent key KD can be obtained from the permutation image A to the diffusion image D. (4) is deduced and the following equation is obtained. When i ∈ [2, M × N], according to Theorem 1, there is

The original diffusion encryption Equation
whereŷ 1 = |y 1 | × 2 31 − 1 mod 256. In order to facilitate the analysis, is defined to represent the modular addition that is, the two elements are added and then modulo 256. Correspondingly,− represents the modular subtraction, that is, the two elements are subtracted and then modulo 256. From Equations (6) and (7),

Security Analysis of Encryption in Single-Round
First, let P 0 be an all-zero image, then the pixel value will not be changed after permutation. Therefore, the element values of the permutation image A 0 are all 0. The image D 0 is obtained according to the encryption algorithm. According to Equation (8), one has where k i ∈ Z(i = 2, 3, · · · , M × N). Becauseŷ i and d i perform modulo 256 operation, In other words, substitute the pixel value of D 0 to obtainŷ i by Equation (11), then make kd i =ŷ i (i = 1, 2, · · · , M × N) to get the equivalent key KD = kd 1 kd 2 · · · kd M×N . Next, according to Theorem 3, the diffusion decryption from Equation (5), one can further obtain Because According to Theorem 2 and Property 2, The permutation image A corresponding to the ciphertext image C can be cracked by substituting the equivalent key KD (i.e.,ŷ i = kd i (i = 1, 2, · · · , M × N)) obtained from all-zero plaintext and d i (i = 1, 2, · · · , M × N) according to Equation (13). Because the specific ciphertext C is known, then the diffusion image D = C, so d i (i = 1, 2, · · · , M × N) is known.
Since the two permutations are independent of the plaintext, they can be equivalent to one permutation, and the permutation operation only changes the coordinate position of the pixel without changing the pixel value, so that only the coordinate position of the pixel in the permutation image A is changed. Therefore, the equivalent permutation key KP can be solved by comparing the pixel pairs of the plaintext images and the permutation images. Next, the optimal chosen-plaintext attack is used [45], and the steps are as follows: Step 1: Construct a data matrix U with the same size as the image P, u j is the value of the j-th element of the matrix U obtained in raster scan order. The nonnegative integers 0, 1, · · · , M × N − 1 are successively written into the data matrix U according to the raster scan order by u j = j − 1(j = 1, 2, 3, . . . , M × N).
Step 2: Calculate the number of selected plaintexts l = log 256 (M × N) , where · is the round-up operation. In addition, create l plaintext images P 1 , P 2 , · · · , P l .
Step 3: Use U to write the value into P 1 , P 2 , · · · , P l . The writing rule of the j-th element p i,j obtained from the i-th plaintext image in raster scan order is where i = 1, 2, 3, . . . , l and j = 1, 2, 3, . . . , M × N.
After constructing the plaintext through the above steps, l plaintext images P 1 , P 2 , · · · , P l are successively input into the encryptor to obtain the corresponding ciphertext images C 1 , C 2 , · · · , C l , respectively. Then, according to the obtained equivalent diffusion key KD, inverse diffusion is carried out to obtain A 1 , A 2 , · · · , A l , respectively, and these images are combined into a data matrix V. The consolidation rule is where i = 1, 2, 3, . . . , l. By comparing the position difference between the data matrix U and the data matrix V with the same pixel value, the equivalent permutation key KP used in permutation can be obtained.

Cryptanalysis of Two-Round Encryption
Two-round encryption is analyzed here by the combination of the differential attack and the chosen-plaintext attack.
Firstly, the encryption algorithm is deduced by differential analysis. According to Equation (8), Now use a i,j (t = 1, 2, 3, . . . , n, i = 0, 1, 2, · · · and j = 1, 2, 3, . . . , M × N) to represent the j-th element of the i-th permutation image and diffusion image in the raster scan order in the t-th round of encryption, respectively. Then, the j-th element in raster scan l encrypted in the t-th round can be expressed as and l,j of the j-th element of the t-th round of diffusion images D in the raster scan order can be obtained, which is and there is ∆d It can be seen from the previous analysis that i,h , where j = 1, 2, . . . , M × N, h = 1, 2, . . . , M × N, and then, j = kp h and h = kp −1 j are permutation pairs. a indicates that the j = kp h -th element a where ∆p The flow chart for cracking the two-round encryption is shown in Figure 4. The following is a detailed introduction to the two-round encryption cracking algorithm. It should be pointed out that this method is only for the case of two-round encryption with the same permutation matrix.
Step 1: Construct an all-zero plaintext image as P 0 of M × N for cracking the ciphertext image C of M × N, then construct a plaintext image set {P 1 , P 2 , . . . , P M×N }, let the k-th element in P k (k ∈ {1, 2, . . . , M × N}) according to the raster scan order be 1 and the rest be 0, and this means Step 2: According to Equation (20), the difference relationship between the diffusion images D k and D 0 from their M × N-th to the first element encrypted in the second round is Modular subtraction of each element from its next adjacent element as Input P 0 and the plaintext image set P 1 , P 2 , . . . , P M×N into the encryption algorithm in turn, and obtain the corresponding ciphertext image C 0 and C 1 , C 2 , . . . , C M×N after two-round encryption, where D Step 3: Because the permutation operation does not change the sum of the element values in the matrix, so According to Equation (20), one can obtain From Equation (21), it can be seen that ∆a (1) k,j = f kp h ∆p (1) k,h = f kp h (∆p k,h ) because ∆p k,h = p k,h− p 0,h = p k,h . From the properties of the plaintext image P 0 and the constructed plaintext image set {P 1 , P 2 , . . . , P M×N }, one has where k = 1, 2, . . . , M × N.
Because h and kp h are a permutation pair, when h = k, k and kp k are a permutation pair. That is, if p k,k is permuted by a where kp k = 1, 2, . . . , M × N, which is substituted into Equation (24), one can obtain According to Step 4: If the image to be cracked is C, C 0 is the ciphertext image corresponding to the all-zero plaintext. Let ∆C = C−C 0 , then ∆D (2) = ∆C. According to Equation (23), the adjacent two elements are modular subtracted to obtain ∆A (2) , and the equivalent permutation key KP is used to obtain ∆D (1) . Similarly, ∆A (1) and ∆P = ∆P (1) can be obtained. Because P 0 is all-zero plaintext, so the deciphered plaintext is P = P−P 0 = ∆P.

Security Analysis of Multi-Round Encryption
The chosen-ciphertext attack method was proposed in [38], which can crack the diffusion operation with ciphertext feedback and different permutation matrices in each round. The applicability of this method was summarized and demonstrated in detail in [40,41]. However, the above literature mainly gave this method for the case without feedback, and then extended it to the case with feedback directly. Through the detailed derivation of the encryption process, the steps of the attack method to crack the case with ciphertext feedback are given in this section. It is not only helpful for understanding the attack method, but also has a good inspiration for guiding the improvement of the algorithm. It should be pointed out that, if there is no special description for multi-round analysis, the symbol definitions given above are still used.
i,j is the j-th element of the i-th permutation image in raster scan order in the t-th round of encryption is permutated i in raster scan order in the t-th round of encryption; j and kp −1 j are a permutation pair. The encryption process of the original encryption algorithm can be expressed as a general model as where i = 0, 1, 2, · · · , j ∈ {1, 2, . . . , M × N}, t = 1, 2, . . . , n, denotes modular addition operation, and∑ denotes summation operation of modular addition. As for u ∈ {M × N, 1, 2, . . . , j}, u and kp −1 u are a permutation pair. According to Equation (27), one has According to Equations (21) and (28), ∆a l,r is the difference between the r-th element of the permutation images A where k = 1, 2, · · · , l = 0, 1, 2, · · · , r = 1, 2, . . . , M × N, t = 1, 2, . . . , n. By the way, r and kp −1 r are a permutation pair. As for u ∈ M × N, 1, 2, . . . , kp −1 r , u and kp −1 u are a permutation pair.
According to Equation (20), the difference from first to M × N-th element between diffusion image D (t) k and D (t) 0 (that is l = 0) in the t-th round of encryption is: From Equation (28)-(30), one can further obtain Since the modular addition and permutation can be processed out of order and ended up with the same result, after t = n rounds of encryption, the pixel difference result ∆d   k,j = ∆p k,j , j = 1, 2, . . . , M × N modulo 256, which is Mod256, (31) where Mod represents the modulo of each component of the vector. For an encryption system, any plaintext image must have only one corresponding ciphertext image. At the same time, any ciphertext image can only be decrypted to one plaintext image; otherwise, the encryption algorithm will not be established. In addition, the number of pixels in the plaintext image and the ciphertext image is constant, so the coefficient matrix is a square matrix, and its rank must be M × N. Furthermore, for the n-round encryption algorithm, the coefficient matrix is represented by the symbol in the nth round of encryption according to the raster scan order. In addition, ∆β k = [∆p k,1 , ∆p k,2 , · · · , ∆p k,M×N ] T represents the one-dimensional vector converted from the difference matrix between the plaintext P According to Equation (33), e 1 , e 2 , . . . , e M×N corresponds to ∆β 1 , ∆β 2 , . . . , ∆β M×N , so which is substituted into Equation (34) to obtain According to Equation (33), ∆β corresponding to ∆α is The flow chart for cracking the multi-round encryption is shown in Figure 5.
For any ciphertext to be solved, calculate the corresponding differential plaintext according to formula (38) Construct an all-zero ciphertext image Input into the decryption algorithm, get the plaintext image is obtained by modular subtraction of from Construct ciphertext image and input into the decryption algorithm, get the plaintext image The plaintext image is obtained by modular addition of to The details of our cracking process consist of four steps, as given below.
Step 1: Record a ciphertext image of M × N to be cracked as Firstly, an all-zero ciphertext image of M × N is denoted by C 0 , then a ciphertext image set {C 1 , C 2 , . . . , C M×N } is constructed, so that the k-th element in C k according to the raster scan order is set to 1, and the rest is 0 where k ∈ {1, 2, . . . , M × N}, as Perform modular subtraction operations of C 0 from C, C 1 , C 2 , . . . , C M×N , respectively. Because C 0 is an all-zero ciphertext, the one-dimensional vector converted from ∆D (n) = C, ∆D Input C 0 , C 1 , C 2 , . . . , C M×N into the decryption machine to obtain a set of corresponding plaintext images, which are denoted as P 0 , P 1 , . . . , P M×N .
Step 3: Therefore, Equation (37) can also be written as Step 4: By ∆P = ∆P (1) = P−P 0 , the plaintext is finally obtained as

Numerical Simulation Experiment
The experimental environment is Intel(R) Core(TM) i5-3230M processor, CPU frequency of 2.60 GHz, 8.00 GB memory, Windows 10 operating system, and MATLABR2021a. The grayscale images Lena, Cameraman, Tiffany, Pepper, Baboon and Sailboat with the size of 128 × 128 are selected for single-round, two-round, and multi-round numerical simulation experiments. The key is selected as follows:

Experimental Results
This paper analyzes the original algorithm in the case of single-round, two-round, and multi-round of encryption. Because the first two analysis methods belong to the chosen-plaintext attack and the third one belongs to the chosen-ciphertext attack, the first two analysis methods are stronger in terms of assumptions made and data requirements; they are only applicable to themselves, but the cracking speed is faster. The multi-round analysis method mentioned in this paper is applicable to any number of encryption rounds and has universality. This paper verifies the original encryption algorithm and the analysis results by writing MATLAB programs. According to the original encryption algorithm and the cracking algorithm, the encryption and the decryption programs and cracking programs in singleround, two-round, and multi-round are written, respectively. The related experimental results are shown in Figures 6-12. It can be seen that, after encryption, the histogram of ciphertext is uniform and cannot reflect plaintext information. The histogram of intermediate ciphertext obtained by cracking the equivalent diffusion key is the same as that of plaintext, indicating that the diffusion step is cracked. Then, through the obtained permutation equivalent key, the deciphered image is obtained. Compared with the original plaintext image, the deciphered image is exactly the same, which shows that the cracking algorithm is correct. A set of specially constructed chosen-plaintext is input into the encryption algorithm to obtain a set of plaintext-ciphertext pairs, and according to these plaintext-ciphertext pairs, the permutation matrix is finally cracked. Then, through the differential processing and the obtained permutation matrix, the plaintext is finally cracked, and the comparison between the deciphered image and the plaintext image is exactly the same, which shows that the cracking algorithm is correct. × 128 size Baboon image and Sailboat image for multi-round encryption (without losing generation, the multi-round part is encrypted in three rounds). It can be seen that, by inputting a group of specially constructed chosen-ciphertext into the decryption algorithm, a group of ciphertext-plaintext pairs are obtained, and then the plaintext is finally cracked through differential processing. The comparison between the recovered image and the plaintext image shows that the cracking algorithm is correct.
Theoretically, for a ciphertext image of M × N size, using multi-round of a cracking algorithm to completely recover the ciphertext image requires the construction of M × N ciphertext images and an all-zero ciphertext, a total of M × N + 1 ciphertext-plaintext pairs. Because it is difficult to obtain the permission of decryption machine in reality, it is of practical significance to reduce the number of ciphertext-plaintext pairs. Figure 12 shows the effect of constructing different number of ciphertext-plaintext pairs on the finally recovered plaintext image. It can be seen that the plaintext can be recovered better without some ciphertextplaintext pairs. In reality, the appropriate number of ciphertext-plaintext pairs can be obtained by constructing an appropriate number of ciphertext, which can reduce the data complexity and improve the cracking efficiency while meeting the cracking requirements.

Attack Complexity
The attack complexity of cryptanalysis generally includes time complexity and data complexity. However, the time complexity is affected by the performance of the computer and the written cracking program, so it is uncertain. For cryptanalysis, the most important thing is the data complexity, that is, the number of plaintext or ciphertext required to crack an encryption algorithm. The following will discuss the data complexity of the cracking algorithm for the case of single-round, two-round, and multi-round in case of complete cracking.
In the case of single-round, for the grayscale image of M × N, when the key is unknown, the plaintext-ciphertext pair required to decipher the equivalent diffusion key and the equivalent permutation key is 1 + log 256 (M × N) , so the data complexity is O(log (M × N)).
In the case of two-round, for the grayscale image of M × N, when the key is unknown, the number of chosen-plaintexts required to decipher is (1 + M × N), so the data complexity is O(M × N).
In the case of multi-round, for the grayscale image of M × N, when the key is unknown, the number of chosen-ciphertexts required to decipher is (1 + M × N), so the data complexity is O(M × N).

Improvement Plan
From the analysis of this article, it can be seen that the original encryption algorithm has the following vulnerabilities and deficiencies.
(1) The decryption equation of diffusion operation is incorrect. The original decryption result is slightly different from the original encrypted image.
(2) The original encryption algorithm attempts to increase the nonlinear factors by using index matrices and adding a round-down operation to the diffusion equation, for improving the security of the algorithm. However, the analysis found that the above processes can not provide higher security. Instead, an additional permutation is added, resulting in increasing the encryption time. Through the corresponding processing and transformation, the algorithm is still linear and can not resist against the chosen-ciphertext attack.
(3) Under the differential attack, the original diffusion key is completely useless. In view of the above shortcomings, the following improvement suggestions are put forward.
Cancel the permutation 2 operation. Add new operations in the diffusion process, such as adding S-box, to improve the security of the algorithm. As a nonlinear device, S-box can be applied to the original algorithm to solve its problem. The design of the S-box needs to satisfy cryptographic properties such as nonlinearity, strict avalanche criterion, algebraic immunity, differential uniformity, and correlation immunity [25]. The improvement is given below by taking the S-box as an example.
The permutation operation of the original encryption algorithm is retained. Cancel the permutation operation in the diffusion process of the original encryption algorithm, and complete the diffusion operation according to the original diffusion equation. Take the first 256 bits of the matrix X (if it is less than 256 bits, use the chaotic system to iterate the insufficient bits), obtain a 256-bit index matrix according to the original algorithm, and then form a matrix of 16 × 16 according to the raster scan method to obtain an S-box. Each pixel of the diffusion image is indexed into the S-box according to the first four bits and the last four bits, and the value of the original pixel is replaced with the corresponding value in the S-box. According to the above steps, the encryption algorithm is carried out for two or more rounds, and the decryption algorithm is the inverse operation of the encryption algorithm.

Conclusions
In this paper, the security analysis of the image encryption algorithm based on twodimensional infinite collapse map is carried out, and the definitions and properties of the round-down operation, the fractional part operation of real numbers, and the modular operation are given. At the same time, by using these theorems, the error of the original diffusion equation is found out, and finally the original encryption algorithm is processed into a general permutation-diffusion structure, and the diffusion structure is processed into a modular addition of the ciphertext feedback and the element of diffusion matrix. On this basis, the single-round, two-round, and multi-round situations are analyzed and discussed respectively. It not only deepens the understanding of the original encryption process, but also helps to guide the improvement of the original encryption algorithm. The correctness of the analysis process is verified by experiments. Finally, the attack complexity is discussed, and suggestions for improvement are given to avoid the shortcomings of the original encryption algorithm.

Conflicts of Interest:
The authors declare no conflict of interest.