An Image Encryption Algorithm Based on Improved Hilbert Curve Scrambling and Dynamic DNA Coding

As an effective method for image security protection, image encryption is widely used in data hiding and content protection. This paper proposes an image encryption algorithm based on an improved Hilbert curve with DNA coding. Firstly, the discrete wavelet transform (DWT) decomposes the plaintext image by three-level DWT to obtain the high-frequency and low-frequency components. Secondly, different modes of the Hilbert curve are selected to scramble the high-frequency and low-frequency components. Then, the high-frequency and low-frequency components are reconstructed separately using the inverse discrete wavelet transform (IDWT). Then, the bit matrix of the image pixels is scrambled, changing the pixel value while changing the pixel position and weakening the strong correlation between adjacent pixels to a more significant correlation. Finally, combining dynamic DNA coding and ciphertext feedback to diffuse the pixel values improves the encryption effect. The encryption algorithm performs the scrambling and diffusion in alternating transformations of space, frequency, and spatial domains, breaking the limitations of conventional scrambling. The experimental simulation results and security analysis show that the encryption algorithm can effectively resist statistical attacks and differential attacks with good security and robustness.


Introduction
With the fast development of the internet and multimedia technology, information security is gaining more and more attention. To prevent images from being stolen during transmission, researchers have proposed many methods for image protection, and image encryption is a common method for securing image transmission. Early encryption methods are mainly data encryption. With continuous research, researchers have proposed new encryption methods that address the drawbacks of early encryption algorithms, namely low operational efficiency, small key space, and poor security [1,2].
In 1963, Lorentz [3] introduced the concept of chaos theory, which is widely used in image encryption due to the sensitivity, ergodicity, and unpredictability of chaotic systems to initial states and control parameters [4][5][6][7]. Xu [8] proposed a new image encryption algorithm based on one-dimensional logistic mapping and the orthogonal Latin square, improving ciphertext image security. The advantages of one-dimensional logistic mapping are its simple structure, high computational efficiency, and lower level of difficulty in implementation. However, its disadvantages are the short period window, limited range of chaotic behavior, small generated key space, and vulnerability to attacks [9]. To address the insufficiency of low-dimensional chaotic systems in image encryption, Gao [10] combined two one-dimensional chaotic systems and proposed a new two-dimensional chaotic system, which uses the chaotic sequence generated by the two-dimensional chaotic system to displace the row and column pixels and then performs nonlinear diffusion of the pixels, which improves the randomness of the chaotic sequence and also enhances the resistance of the encryption algorithm to attacks. Arthi [11] added a state variable to the threedimensional Lorenz chaotic system and constructed a four-dimensional hyperchaotic system containing two positive Lyapunov exponents. It has the advantage of iterating once to obtain multiple chaotic sequences, which is more efficient, and the system parameters can also make the key space larger and effectively resist brute force attacks. Using iterative chaotic sequences for image encryption improves the complexity and robustness of the encryption algorithm.
In image encryption, scrambling and diffusion techniques are the core part of the encryption algorithm [12]. Scramble changes the position of pixels and reduces the correlation between adjacent pixels, while diffusion randomly changes the pixel values, making the ciphertext image more chaotic. Researchers have proposed many image encryption algorithms based on scrambling and diffusion techniques, most of which perform scrambling followed by diffusion [13][14][15]. Although this encryption algorithm has good security, there are some problems. For example, in [16], the scrambling part uses only the Hilbert fill curve to scramble pixels, which does not entirely break the correlation between adjacent pixels, making it less effective and more vulnerable to brute force attacks. The single scrambling and diffusion operations are too simple, resulting in a less secure encryption algorithm [17]. In contrast, multiple scrambling and diffusion repetitions are time-consuming and significantly reduce the encryption efficiency [18]. To address the above shortcomings, researchers have combined scrambling and diffusion and proposed bit-level scrambling with simultaneous scrambling and diffusion to encrypt images [19][20][21][22]. The bit-level scrambling divides the pixel value into eight bits, disrupting the bit positions to achieve the simultaneous scrambling and diffusion of pixels. Xiang [23] proposed an image encryption algorithm that encrypts only the upper four bits of the image pixel value, which improves the encryption performance and reduces the encryption time by half. Li [24] proposed a bit-level scrambling method based on the binary tree, simultaneously changing the pixel position and value. Wang [25] used bit cyclic displacement in the scrambling phase, and the algorithm performs well through security and performance analysis.
The scrambling algorithm disrupts the pixels' position and eliminates the correlation between them; thus, to better conceal the key information of the image, further diffusion of the pixel values is necessary. DNA coding has received great attention from more researchers because of its low power consumption, high density, and parallelism. DNA coding was first proposed by Clelland [26] in cryptography, and since then, cryptographic algorithms combining DNA coding with chaotic systems have emerged [27][28][29][30]. Other diffusion algorithms that have been proposed are the matrix half-tensor product [31], the Feistel-like network [32], filtered convolution [33], etc. In [29], Jithin divides the color image into three planes of RGB, converts these three planes into DNA base planes using fixed encoding rules, and performs heteroskedastic operations with these three DNA base planes using DNA matrices generated from chaotic sequences. In [30], Wang uses different encoding rules to convert multiple plaintext images into multiple DNA matrices. Nevertheless, each pixel has the same encoding rules for the same plaintext image matrix, performs operations with the chaotic sequence-generated DNA matrix, and uses different decoding rules. However, these DNA coding-based image encryption algorithms achieve pixel diffusion for their purposes; they also have a significant drawback, as the fixed DNA coding and decoding rules cannot change the bit distribution of pixels and are vulnerable to brute force attacks [34].
Image encryption methods have frequency domain encryption in addition to spatial domain encryption. In [35], Shafique uses multiple S-boxes combined with wavelet transform to encrypt images, which shortens the encryption time and solves the problem of a weak single S-box encryption. In [36], Yan used fractional-order wavelet transform to perform third-order fractional wavelet transform on plaintext images to obtain highfrequency and low-frequency components, index scrambling for each component using an index sequence generated by the chaotic sequence, and finally, diffusing the scrambled image using a cyclic shift. The resulting ciphertext image has good robustness. In [37], Qin uses dynamic wavelet decomposition and scrambling diffusion simultaneously to combine spatial-domain and frequency-domain encryption, ensuring both the security and robustness of the encryption algorithm.
This paper proposes an image encryption algorithm based on improved Hilbert curve scrambling and dynamic DNA coding by combining a 4D hyperchaotic system to summarize the above. Firstly, the hash value of the plaintext image is obtained using the SHA-384 algorithm, and the initial value of the hyperchaotic system is calculated. Secondly, the decomposition of the plaintext image is achieved using three-level DWT to obtain one low-frequency component and nine high-frequency components. These ten components are scrambled using different modes of the Hilbert curve, and the high-frequency and low-frequency components are then reconstructed using IDWT. Then, the bit matrix of the image pixels is position-scrambled to enhance the scrambling effect. Finally, the pixel values are further diffused using dynamic DNA coding and ciphertext feedback to improve the security of the encryption algorithm.
The rest of this paper is as follows: Section 2 introduces the 4D hyperchaos system, DWT, and the Hilbert curve; Section 3 presents the proposed encryption algorithm; Section 4 shows the experimental simulation results; Section 5 is an analysis of the various security of encryption algorithm; and Section 6 gives the conclusion.

D Hyperchaotic System
Li introduced a nonlinear controller W into the chaotic system, which constitutes a 4D hyperchaotic system [38]; this is a nonlinear four-dimensional chaotic system that is reversible and discrete and can simultaneously generate four chaotic sequences with more complex behaviors and increased key space, enabling the encryption algorithm to effectively resist various attacks such as known plaintext attacks and brute force attacks, compensating for the small key space of the low-dimensional chaotic system. The expression of the 4D hyperchaotic system is shown in Equation (1).
where δ, θ, µ, τ, and ϕ are the parameters that affect the behavior of the hyperchaotic system, and ϕ ∈ [−0.7, 0.7]. When δ = 36, θ = 3, µ = 28, τ = 16, and ϕ = 0.2, the Lyapunov exponents λ 1 = 1.552, λ 2 = 0.023, λ 3 = 0, and λ 4 = −12.573 of the hyperchaotic system, which contains two positive Lyapunov exponents, has better chaotic behavior. The computation time is somewhat shorter than the usual chaotic system. Based on the above parameters, Figure 1 shows the phase diagrams of the hyperchaotic system in two and three dimensions after discretization by the 4th-order Runge-Kutta method. The phase diagram in each dimension indicates that the system has multiple attractors and is a hyperchaotic system with complex variations. In this paper, the parameters δ = 36, θ = 3, µ = 28, and τ = 16 are taken to iterate the equations of the hyperchaotic system to obtain four sequences for image encryption.

Discrete Wavelet Transform
The DWT is a discretization of the scales and translations of the fundamental wavelet that can decompose the signal at different scales and decompose the signal into components of different frequencies. 2D-DWT is defined by Equation (2).
where , , denotes the approximate part of the image, , , denotes the edge section of the image, Φ , , , denotes the scaling function, and Ψ , , , denotes the wavelet function. The 2D-IDWT is defined by Equation (3).
The advantage of DWT is that it eliminates the connection between pixels and is less distorted than the conventional discrete cosine transform (DCT) after multilevel wavelet decomposition. Figure 2 shows the DWT and IDWT process of the plaintext image. DWT decomposes the image to obtain the four components LL1, HL1, LH1, and HH1. IDWT is the column and row reconstruction of the resulting four components to obtain the original image 39. Figure 3 shows the one-level, two-level, and three-level DWT. In the two-level DWT, the component LL1 continues to be decomposed into four components: LL2, HL2, LH2, and HH2. Similarly, in the three-level DWT, the component LL2 continues to be decomposed into four components: LL3, HL3, LH3, and HH3.

Discrete Wavelet Transform
The DWT is a discretization of the scales and translations of the fundamental wavelet that can decompose the signal at different scales and decompose the signal into components of different frequencies. 2D-DWT is defined by Equation (2).
where T Φ (j 0 , m, n) denotes the approximate part of the image, T i Ψ (j, m, n) denotes the edge section of the image, Φ j 0 ,m,n (x, y) denotes the scaling function, and Ψ i j,m,n (x, y) denotes the wavelet function. The 2D-IDWT is defined by Equation (3).
The advantage of DWT is that it eliminates the connection between pixels and is less distorted than the conventional discrete cosine transform (DCT) after multilevel wavelet decomposition. Figure 2 shows the DWT and IDWT process of the plaintext image. DWT decomposes the image to obtain the four components LL1, HL1, LH1, and HH1. IDWT is the column and row reconstruction of the resulting four components to obtain the original image [39]. Figure 3 shows the one-level, two-level, and three-level DWT. In the two-level DWT, the component LL1 continues to be decomposed into four components: LL2, HL2, LH2, and HH2. Similarly, in the three-level DWT, the component LL2 continues to be decomposed into four components: LL3, HL3, LH3, and HH3.

Hilbert Curve
The Hilbert curve is one of the classical space-filling curves 40, and similar spacefilling curves include the Z-curve 41, Gray codes 42, etc. A Hilbert curve can linearly traverse every pixel point in the two-dimensional plane and travels each pixel point only once, according to the properties of their own spatially filled curve. The 2D Hilbert curve is a square divided equally into four little squares. The first iteration is completed by starting from the center of the bottom left square up to the center of the top right square, then right to the center of the entire right square, and then down to the center of the bottom right square in turn. The image is divided into several 2 × 2 submatrices according to the size of the image, and each sub-matrix is traversed by a first-order Hilbert curve with different directions. Each sub-matrix is traversed by a One-order Hilbert curve in a different direction, and then the first and last pixel points of each sub-matrix are connected. The Hilbert curve can traverse the whole image. Figure 4 illustrates the different orders of the Hilbert curve. In this paper, eight different filling modes are designed, based on the four starting positions of the Hilbert curve and two directions: horizontal and vertical. Taking the Twoorder Hilbert curve as an example, Figure 5 shows these eight modes.

Hilbert Curve
The Hilbert curve is one of the classical space-filling curves [40], and similar spacefilling curves include the Z-curve [41], Gray codes [42], etc. A Hilbert curve can linearly traverse every pixel point in the two-dimensional plane and travels each pixel point only once, according to the properties of their own spatially filled curve. The 2D Hilbert curve is a square divided equally into four little squares. The first iteration is completed by starting from the center of the bottom left square up to the center of the top right square, then right to the center of the entire right square, and then down to the center of the bottom right square in turn. The image is divided into several 2 × 2 submatrices according to the size of the image, and each sub-matrix is traversed by a first-order Hilbert curve with different directions. Each sub-matrix is traversed by a One-order Hilbert curve in a different direction, and then the first and last pixel points of each sub-matrix are connected. The Hilbert curve can traverse the whole image. Figure 4 illustrates the different orders of the Hilbert curve. In this paper, eight different filling modes are designed, based on the four starting positions of the Hilbert curve and two directions: horizontal and vertical. Taking the Two-order Hilbert curve as an example, Figure 5 shows these eight modes.

Hilbert Curve
The Hilbert curve is one of the classical space-filling curves 40, and similar spacefilling curves include the Z-curve 41, Gray codes 42, etc. A Hilbert curve can linearly traverse every pixel point in the two-dimensional plane and travels each pixel point only once, according to the properties of their own spatially filled curve. The 2D Hilbert curve is a square divided equally into four little squares. The first iteration is completed by starting from the center of the bottom left square up to the center of the top right square, then right to the center of the entire right square, and then down to the center of the bottom right square in turn. The image is divided into several 2 × 2 submatrices according to the size of the image, and each sub-matrix is traversed by a first-order Hilbert curve with different directions. Each sub-matrix is traversed by a One-order Hilbert curve in a different direction, and then the first and last pixel points of each sub-matrix are connected. The Hilbert curve can traverse the whole image. Figure 4 illustrates the different orders of the Hilbert curve. In this paper, eight different filling modes are designed, based on the four starting positions of the Hilbert curve and two directions: horizontal and vertical. Taking the Twoorder Hilbert curve as an example, Figure 5 shows these eight modes.

Secret Key Generation
The parameters of the chaotic system are calculated by the intermediate variable

Secret Key Generation
The parameters of the chaotic system are calculated by the intermediate variable a i to make the encryption algorithm dependent on the key. Assuming that the size of the plaintext image is M × N, and P i,j is the pixel value of the plaintext, then i ∈ [1, N] and j ∈ [1, M], and the parameter ϕ of the hyperchaotic system is calculated by Equations (4) and (5).
where the intermediate variables [a 1 , a 2 , a 3 , a 4 ] are obtained by the calculation of Equation (4), flood is the downward rounding function, and the mod is the mod function. The plaintext image is input into the SHA-384 algorithm, which outputs a 384-bit binary, H. The H binary is divided into 48 groups of binary sequences of 8 bits each, i.e., H k = k 1 , k 2 , k 3 , · · · k 48 , and the initial values x 0 , y 0 , z 0 , w 0 of the hyperchaotic system are calculated by Equations (6) and (7). The generated parameters ϕ and the initial values x 0 , y 0 , z 0 , and w 0 are substituted into the hyperchaotic system for 1000 + 4M × N times, and the first 1000 times are rounded off to eliminate the transient effect and to obtain the four chaotic sequences SX, SY, SZ, and SW. The four chaotic sequences are processed using Equation (8) to obtain the sequences X, Y, Z, and W that are used in the encryption algorithm.

Hilbert Curve Scrambling
To completely disrupt the image pixel location distribution, a pixel-level scrambling method is proposed. DWT is used to decompose the plaintext image into four components-LL 1 , HL 1 , LH 1 , and HH 1 -and the results are shown in Equation (9).
where P is the plaintext, and LL 1 is the low-frequency component. HL 1 , LH 1 , and HH 1 are the high-frequency components. To reduce the redundancy and encryption time, only the low-frequency components need to be scrambled with complex behavior. LL 1 is used as the new matrix for two-level DWT to obtain four components-LL 2 , HL 2 , LH 2 , and HH 2 . Decomposition of LL 2 is continued for three-level DWT, and the result is shown in Equation (10).
The plaintext image P is decomposed by three-level DWT to obtain the low-frequency component LL 3 and nine high-frequency components, HL 1 , LH 1 , HH 1 , HL 2 , LH 2 , HH 2 , HL 3 , LH 3 , and HH 3 . The sequence FX is obtained by intercepting the first 3M elements of the sequence X, and then the sequence FX is processed by using Equation (11). The sequence DX is divided into three sub-sequences, DX 1 , DX 2 , DX 3 , and the high-frequency components HL 1 , LH 1 , and HH 1 are scanned for scrambling with the sub-sequence DX 1 to select different modes of a[ (log 2 M) − 1]-order Hilbert curve. The sub-sequence DX 2 is used to select different modes of a [ (log 2 M) − 2]-order Hilbert curve to scan for scrambling of the high-frequency components HL 2 , LH 2 and HH 2 ; then, the sub-sequence DX 3 is used to select different modes of a [ (log 2 M) − 3]-order Hilbert curve to scan for the scrambling of the components HL 3 , LH 3 , HH 3 , and LL 3 . The pixels on the scan path are arranged into two-dimensional matrices by rows to obtain the scrambled matrices Shl 1 , Slh 1 , Shh 1 , Shl 2 , Slh 2 , Shh 2 , Shl 3 , Slh 3 , Shh 3 , and Sll 3 . Finally, the ten scrambled matrices are reconstructed by Equation (12) to obtain the scrambled matrix P . Assuming that the size of the lowfrequency component LL 2 is 8 × 8, Figure 6 shows the Hilbert curve scrambling process.

Bit-Level Scrambling
Although random pixel positions are scrambled, the pixel values are not changed, and the statistical attack can still obtain valid information in plaintext to resist statistical attacks. To resist statistical attacks and prevent an encrypted image from being cracked, each pixel value needs to be changed. To solve this problem, this paper uses the maindiagonal extraction model to scramble the position of the pixel's bits and thus change each pixel value.
The Sarrus rule is a standard method to expand second-order and third-order determinants in linear algebra theory. In the determinant, the elements on the main-diagonal each pixel value needs to be changed. To solve this problem, this paper uses the maindiagonal extraction model to scramble the position of the pixel's bits and thus change each pixel value.
The Sarrus rule is a standard method to expand second-order and third-order determinants in linear algebra theory. In the determinant, the elements on the main-diagonal from the upper left corner to the lower right corner are called main-diagonal elements. The sub-diagonal is from the upper right corner to the lower left corner, and the elements on the sub-diagonal are called sub-diagonal elements. Since the calculation method is the product of the main-diagonal elements minus the development of the sub-diagonal elements, it is also called the diagonal rule. Taking the third-order determinant as an example, Figure 7 shows the expansion of the third-order determinant.

Bit-Level Scrambling
Although random pixel positions are scrambled, the pixel values are not changed, and the statistical attack can still obtain valid information in plaintext to resist statistical attacks. To resist statistical attacks and prevent an encrypted image from being cracked, each pixel value needs to be changed. To solve this problem, this paper uses the maindiagonal extraction model to scramble the position of the pixel's bits and thus change each pixel value.
The Sarrus rule is a standard method to expand second-order and third-order determinants in linear algebra theory. In the determinant, the elements on the main-diagonal from the upper left corner to the lower right corner are called main-diagonal elements. The sub-diagonal is from the upper right corner to the lower left corner, and the elements on the sub-diagonal are called sub-diagonal elements. Since the calculation method is the product of the main-diagonal elements minus the development of the sub-diagonal elements, it is also called the diagonal rule. Taking the third-order determinant as an example, Figure 7 shows the expansion of the third-order determinant. Based on the connection of the three favorable terms of the main-diagonal in the third-order determinant, this connection can be extended to the eighth-order to create a model of the eighth-order main-diagonal extraction, and the specific transformation process is shown in Figure 8. This matrix is partitioned into two upper and lower triangles according to the main-diagonal, and the upper triangle is extracted in the direction of the Based on the connection of the three favorable terms of the main-diagonal in the thirdorder determinant, this connection can be extended to the eighth-order to create a model of the eighth-order main-diagonal extraction, and the specific transformation process is shown in Figure 8. This matrix is partitioned into two upper and lower triangles according to the main-diagonal, and the upper triangle is extracted in the direction of the main-diagonal. In comparison, the lower triangle is removed in the opposite direction of the main-diagonal. By connecting the elements with the same color in the order of an upper triangle and then a lower triangle, eight one-dimensional sequences of length eight can be obtained, and these eight one-dimensional sequences are arranged in order in rows to form an 8 × 8 bit matrix. This model can scramble the bit matrix of image pixels.  The pixels of an image matrix P of size M × N are arranged in rows to form a onedimensional sequence , and the intercept of the last M × N elements of the sequence X is used to obtain the sequence . The sequence is then arranged in ascending order to obtain its index sequence . This index sequence is used to randomly selected eight pixels in the sequence and convert them into binary form, and each binary sequence is then arranged in order by rows to obtain the 8 × 8 bit matrix . Then, the maindiagonal extraction model is used to scramble the bit matrix to obtain the bit matrix . The scrambled bit matrix is converted into a decimal by rows, and this process is repeated M × N/8 times until all the bits of pixels have been scrambled to obtain the scrambled matrix . Figure 9 shows the process of the bit-level scrambling for any eight pixels.  The pixels of an image matrix P of size M × N are arranged in rows to form a onedimensional sequence P , and the intercept of the last M × N elements of the sequence X is used to obtain the sequence LX. The sequence LX is then arranged in ascending order to obtain its index sequence ILX. This ILX index sequence is used to randomly selected eight pixels in the sequence P and convert them into binary form, and each binary sequence is then arranged in order by rows to obtain the 8 × 8 bit matrix B P . Then, the main-diagonal extraction model is used to scramble the bit matrix B P to obtain the bit matrix B P . The scrambled bit matrix B P is converted into a decimal by rows, and this process is repeated M × N/8 times until all the bits of pixels have been scrambled to obtain the scrambled matrix P . Figure 9 shows the process of the bit-level scrambling for any eight pixels. eight pixels in the sequence and convert them into binary form, and each binary sequence is then arranged in order by rows to obtain the 8 × 8 bit matrix . Then, the maindiagonal extraction model is used to scramble the bit matrix to obtain the bit matrix . The scrambled bit matrix is converted into a decimal by rows, and this process is repeated M × N/8 times until all the bits of pixels have been scrambled to obtain the scrambled matrix . Figure 9 shows the process of the bit-level scrambling for any eight pixels.

Dynamic DNA Coding
In biology, DNA consists of four bases: A (adenine), C (cytosine), G (guanine), and T (thymine). A and T as well as C and G are complementary. In binary, 00 and 11 and 01 and 10 are also complementary. Therefore, the four bases A, G, C, and T can be used to represent 00, 01, 10, and 11. There are 24 coding rules, of which only 8 satisfy the Watson-Crick complementarity rule 43, as Table 1 shows.  Figure 9. Example of the bit-level scrambling process.

Dynamic DNA Coding
In biology, DNA consists of four bases: A (adenine), C (cytosine), G (guanine), and T (thymine). A and T as well as C and G are complementary. In binary, 00 and 11 and 01 and 10 are also complementary. Therefore, the four bases A, G, C, and T can be used to represent 00, 01, 10, and 11. There are 24 coding rules, of which only 8 satisfy the Watson-Crick complementarity rule [43], as Table 1 shows.
Pixel diffusion is an algorithm that changes the pixel value of an image, and it plays a crucial role in combating differential attacks. Coding a binary sequence using any DNA coding rule and decoding it using a different DNA decoding rule can change the pixel value. However, such fixed coding and decoding rules are poorly randomized, vulnerable to attacks, and lack security. Meanwhile, if fixed DNA coding rules are used for binary sequences containing consecutive '0' or '1' values, consecutive identical bases will occur, posing a significant security risk. To overcome this drawback and to further improve the security of ciphertext images, the binary sequences with different pixel-value bit crossovers and various DNA coding and decoding rules are randomly selected in combination with chaotic sequences, thus changing each pixel value. Dynamic DNA coding for diffusion is more random and has a better diffusion effect.
Four pixels are selected in the image matrix using Equation (13) to form a 2 × 2 sub-block, and a total of M × N/4 sub-blocks can be selected. The four pixels in a subblock are converted into a binary sequence, and the binary sequence of pixels P(i, j) and P(i, N + 1 − j) are concatenated in the first row, followed by concatenation of the binary sequence of pixels P(M + 1 − i, j) and P(M + 1 − i, +1 − j) in the second row. The bits of these two rows of binary sequences crossover to perform an information fusion and hide the detailed information of the pixels. The sequences Y and Z are then processed with Equation (14) to obtain the sequences DY and DZ, which are coded by the sequence DY with randomly selected DNA coding rules for bit crossover pairs, and then decoded by the sequence DZ with randomly selected DNA decoding rules. Lastly, the decoded binary sequence is converted into decimal form. The specific process is shown in Figure 10.
of these two rows of binary sequences crossover to perform an information fusion and hide the detailed information of the pixels. The sequences and are then processed with Equation (14) to obtain the sequences and , which are coded by the sequence with randomly selected DNA coding rules for bit crossover pairs, and then decoded by the sequence with randomly selected DNA decoding rules. Lastly, the decoded binary sequence is converted into decimal form. The specific process is shown in Figure  10.

Two-Way Ciphertext Diffusion
To further improve the diffusion effect, a slight change is diffused to each pixel value of the ciphertext. We use ciphertext diffusion to modify each pixel value. Sequences

Two-Way Ciphertext Diffusion
To further improve the diffusion effect, a slight change is diffused to each pixel value of the ciphertext. We use ciphertext diffusion to modify each pixel value. Sequences FW and LW are obtained by intercepting the first and last M × N values of the sequence W, respectively. The sequences FW and LW are converted into the two-dimensional matrices U and V with M rows and N columns, respectively.
Positive diffusion: Reverse diffusion: where i is the row, and j is the column, P is the plaintext, E represents the result of forward diffusion, and C is the ciphertext.

Encryption Algorithm
This encryption algorithm encrypts a square image; if the input image is non-square, it needs to be filled with "0" to make it a square with maximum side length.
The encryption algorithm proposed first obtains the key to the chaotic system using the plaintext image and the SHA-384 algorithm. A three-level DWT on the plaintext image and a Hilbert curve with different modes are randomly selected to scramble the pixels of each component locally, and then all components are reconstructed by IDWT. After that, the main-diagonal extraction model combined with the index sequence is used to scramble and diffuse each pixel simultaneously to achieve global scrambling. Finally, the scrambling matrix is modified by dynamic DNA coding and two-way ciphertext diffusion for each pixel value to obtain the ciphertext image. The encryption steps are as follows: Input: Plaintext image P. Output: Ciphertext image C.
Step 1: Input a plaintext image P of size M × N.
Step 2: The hash value H of the plaintext image P is calculated using the SHA-384 algorithm, and the parameters ϕ of the chaotic system are computed according to Equations (4) and (5). The initial values x 0 , y 0 , z 0 , and w 0 of the chaotic system are computed according to Equations (6) and (7).
Step 3: Substitute the parameters and initial values into the hyperchaotic system for 4M × N + 1000 iterations and remove the first 1000 values. Obtain four chaotic sequences SX, SY, SZ, and SW, which are processed according to Equation (9) to obtain the sequences X, Y, Z, and W.
Step 5: Arrange the pixels in the matrix P 1 by rows into a one-dimensional sequence SP 1 . According to the bit-level scramble method in Section 3.2.2, use the index sequence ILX in the sequence SP 1 to randomly select eight pixels at a time for the bit-level scramble, repeating this M × N/8 times to obtain the scrambled matrix P 2 .
Step 6: According to the dynamic DNA coding method in Section 3.3.1, four pixels in the matrix P 2 are first selected and converted into two binary sequences and allowed to undergo a bit crossover. Code the two bits of crossover with the sequence DY to obtain a DNA base sequence, which is then decoded with sequence DZ to obtain a binary sequence. This is then turned into a decimal form. Repeat M × N/4 times to obtain the diffusion matrix P 3 .
Step 7: Diffusion methods are as described in Section 3.3.2. The matrix P 3 and the matrices U and V are globally diffused using Equations (15) and (16) to obtain the ciphertext image C. Figure 11 shows the complete steps of the encryption algorithm.
Entropy 2023, 25, x FOR PEER REVIEW 12 of 26 Step 7: Diffusion methods are as described in Section 3.3.2. The matrix and the matrices and are globally diffused using Equations (15) and (16) to obtain the ciphertext image . Figure 11 shows the complete steps of the encryption algorithm.  Figure 11. Encryption algorithm flow chart.

Experimental Simulation Results
Simulation of plaintext images of Lena, Jokul, Bridge, Bank, and Peppers was performed using the proposed encryption algorithm in the MATLAB experimental platform, and the simulation results are shown in Figure 12. It is obvious that the ciphertext image loses the feature

Experimental Simulation Results
Simulation of plaintext images of Lena, Jokul, Bridge, Bank, and Peppers was performed using the proposed encryption algorithm in the MATLAB experimental platform, and the simulation results are shown in Figure 12. It is obvious that the ciphertext image loses the feature information, and the image cannot be recognized. The decrypted image can be fully recovered without distortion, which proves that the algorithm encrypts very well and has high security.

Experimental Simulation Results
Simulation of plaintext images of Lena, Jokul, Bridge, Bank, and Peppers was performed using the proposed encryption algorithm in the MATLAB experimental platform, and the simulation results are shown in Figure 12. It is obvious that the ciphertext image loses the feature information, and the image cannot be recognized. The decrypted image can be fully recovered without distortion, which proves that the algorithm encrypts very well and has high security.

Security Analysis
The feasibility of an encryption algorithm cannot be judged by the degree of blurring of the ciphertext image alone but also by more refined experimental analyses. To test whether the proposed encryption algorithm can withstand malicious attacks by unscrupulous elements, this section compares tests in terms of key, histogram, Chi-square, cor-

Security Analysis
The feasibility of an encryption algorithm cannot be judged by the degree of blurring of the ciphertext image alone but also by more refined experimental analyses. To test whether the proposed encryption algorithm can withstand malicious attacks by unscrupulous elements, this section compares tests in terms of key, histogram, Chi-square, correlation, information entropy, local information entropy, homogeneity, contrast, energy, PSNR, MES, and robustness.

Key Space Analysis
To illegally obtain some valuable information, unscrupulous people often use brute force attacks to decrypt the images being transmitted. The key space is the set of keys for the image, which is a direct criterion to judge whether an encryption algorithm has the ability to resist malicious attacks and ensure that data information is not compromised. In general, an encryption algorithm has a key space of not less than 2 100 . The encryption algorithm's security becomes stronger as the key space increases. In the encryption algorithm proposed, SHA-384 is used to generate a key with a length of 384 bits, and its key space KS 1 = 2 192 . The initial values x 0 , y 0 , z 0 , and w 0 are calculated with a precision of 10 15 , and its keyspace KS 2 = 10 60 . The total keyspace KS = KS 1 × KS 2 ≈ 6.28 × 10 117 , i.e., KS 2 100 , so the encryption algorithm proposed is sufficient to resist various violent attacks.

Key Sensitivity Analysis
A secure image encryption algorithm with ample space for the key should also have strong sensitivity. During sensitivity testing of the key, only minor changes are made to the original key, which is then used to decrypt the encrypted image. The greater the difference between the plaintext image and the ciphertext image, the stronger the sensitivity of the key.
Key sensitivity test with the Lena image: The initial parameters x 0 , y 0 , z 0 , and w 0 are slightly changed and decrypted with the changed initial parameters. Figure 13 shows the test results, and it is apparent from Figure 13c-f that the decrypted images are entirely different, even though only minor changes were made to the key. Also, Figure 13g-l show no difference between any two decrypted images in Figure 13c-f, thus indicating that the algorithm is susceptible to the key.

Key Sensitivity Analysis
A secure image encryption algorithm with ample space for the key should also have strong sensitivity. During sensitivity testing of the key, only minor changes are made to the original key, which is then used to decrypt the encrypted image. The greater the difference between the plaintext image and the ciphertext image, the stronger the sensitivity of the key.
Key sensitivity test with the Lena image: The initial parameters , , , and are slightly changed and decrypted with the changed initial parameters. Figure 13 shows the test results, and it is apparent from Figure 13c-f that the decrypted images are entirely different, even though only minor changes were made to the key. Also, Figure 13g-l show no difference between any two decrypted images in Figure 13c-f, thus indicating that the algorithm is susceptible to the key. (e)

Histogram Analysis
The distribution of the image pixels can be reflected visually from the histogram. All characteristic statistical attacks break the image by analyzing a histogram with a comparatively uneven distribution. The highly secure encryption algorithm resists statistical attacks and completely breaks up the image pixels, making the histogram more uniform. The histograms of different images are shown in Figure 14. It is not difficult to see that the distribution of ciphertext image pixels is more uniform than that of plaintext image pixels, which better hides the image information and proves that the encryption algorithm proposed can resist statistical attacks well.

Histogram Analysis
The distribution of the image pixels can be reflected visually from the histogram. All characteristic statistical attacks break the image by analyzing a histogram with a comparatively uneven distribution. The highly secure encryption algorithm resists statistical attacks and completely breaks up the image pixels, making the histogram more uniform. The histograms of different images are shown in Figure 14. It is not difficult to see that the distribution of ciphertext image pixels is more uniform than that of plaintext image pixels, which better hides the image information and proves that the encryption algorithm proposed can resist statistical attacks well.

Chi-Square Test
The intuitive histogram is only a rough assessment of the homogeneity of the image; to accurately quantify the uniformity of the histogram, a numerical operation using the difference square formula is required, which is defined by Equation (17): where s 2 represents the Chi-square, f i is the appearance rate of this gray-level pixel value in the histogram of the ciphertext image, and g is the theoretical rate of appearances of the pixel value at that gray level in the histogram, denoted as g = (M × N )/256. The significance level α is chosen to be 0.05, s 2 0.05 = 293.24783. When the Chi-square of the test ciphertext image is less than this, i.e., s 2 < s 2 0.05 , the histogram is approximately uniformly distributed. Table 2 shows the Chi-square test results. By comparison, the ciphertext image has a much lower Chi-square value than the plaintext image, suggesting that ciphertext images have uniform pixel values.

Correlation Analysis
Adjacent pixels in all directions are highly correlated, and if a piece of information is compromised, statistical attacks can decipher other information based on this information, causing a chain reaction. To ensure that the image is not cracked, successfully reducing the correlation between adjacent pixels becomes the key to the encryption algorithm. The correlation coefficient is calculated using Equation (18).
The formula for each parameter in Equation (18) is as follows in Equation (19).
where r x,r is the correlation coefficient, x and y are a pair of pixel values, E(x) is the expectation of x, D(x) is the variance of x, cov(x, y) is the covariance, and N is the total number of pixels in the image. From plaintext and ciphertext images, 5000 pairs of pixels are randomly selected, and their correlation coefficients in each direction are calculated separately. The results are shown in Table 3, which shows that the correlation coefficient of the ciphertext images tends to be 0. This shows that the proposed encryption algorithm can effectively weaken the pixel correlation. Figure 15 also shows that the correlation between adjacent pixels of the ciphertext image is broken. Meanwhile, the comparison of the correlation under different encryption algorithms is shown in Table 4. The results show that the proposed encryption algorithm in this paper is more destructive to the correlation of the plaintext image compared with other encryption algorithms.  Table 4. Correlation coefficient comparison.

Images Algorithms Horizontal Direction
Vertical Direction

Images Algorithms Horizontal Direction
Vertical Direction

Information Entropy and Local Information Entropy
Information entropy is a key metric for detecting the randomness of image pixels and for quantifying the average amount of information in the image. In images with high information entropy, pixels are distributed more uniformly; the stronger the randomness, the less it is likely to be cracked. Information entropy is calculated by Equation (20): log (20) where is the image's gray level. When 256, its information entropy in the ideal state is 8. is the ith pixel value of the image, and is the chance of occurrence of the corresponding pixel value. In the information entropy test, five different images are converted into ciphertext images separately using the proposed encryption algorithm. Then, their information entropy is obtained, and the test results are displayed in Table 5.

Information Entropy and Local Information Entropy
Information entropy is a key metric for detecting the randomness of image pixels and for quantifying the average amount of information in the image. In images with high information entropy, pixels are distributed more uniformly; the stronger the randomness, the less it is likely to be cracked. Information entropy is calculated by Equation (20): where L is the image's gray level. When L = 256, its information entropy in the ideal state is 8. m i is the ith pixel value of the image, and P(m i ) is the chance of occurrence of the corresponding pixel value. In the information entropy test, five different images are converted into ciphertext images separately using the proposed encryption algorithm. Then, their information entropy is obtained, and the test results are displayed in Table 5. All ciphertext images have an information entropy value close to 8. Meanwhile, the comparison with other algorithms in Table 6 also visually proves that the proposed encryption algorithm has high security. For ciphertext images with uniform pixel distribution, the calculated results are accurate, but some ciphertext images may have an uneven local pixel distribution. To overcome this drawback of information entropy and to further improve the accuracy of this evaluation criterion, Wu proposed the calculation method of local information entropy [47], as shown in Equation (21).
where S i is the ciphertext information entropy, k is the number of selected groups, and T B is the number of pixels in each group. The ideal range of the local information entropy is obtained when k is chosen to be 3, T B is 1936, and the significance level α is 0.05 in the field [7.901515698, 7.903422936]. If the test result is within this range, it means that the ciphertext image passes the test. In this test section, five different images are converted into ciphertext images using the proposed encryption algorithm; then, their local information entropy is obtained, and the test results are in Table 7. All the ciphertext images pass the test.

Homogeneity Analysis
The gray level co-occurrence matrix (GLCM) represents the various combinations of pixel luminance. Homogeneity analysis quantifies the distribution of elements in the GLCM and further determines how similar they are to the diagonal. The homogeneity value decreases as the distance of the elements from the diagonal becomes more prominent in the range of [0, 1], and the smaller the homogeneity value is, the more efficient the encryption algorithm is. It is calculated as shown in Equation (22) [48].
where i and j are two horizontally adjacent gray values, and P(i, j) is the element's value in the normalized GLCM. The homogeneity values of different plaintext images and ciphertext images are calculated, and the results are shown in Table 8. From Table 8, it can be seen that the homogeneity value of the ciphertext image is at a shallow level. Also, in Table 9, by comparing with other algorithms, the ciphertext image in this paper has the lowest homogeneity value, which shows that the encryption algorithm strongly resists statistical attacks.

Contrast Analysis
The contrast is usually measured for the intensity between an image pixel and its neighboring pixels. Generally, the contrast value of plaintext images is shallow, while the contrast value of ciphertext images is high. The higher the contrast value, the higher the randomness of the ciphertext image and the more resistant the encryption algorithm is to statistical attacks. The contrast value is calculated as shown in Equation (23) [48].
where i and j are two horizontally adjacent gray values, and P(i, j) is the element's value in the normalized GLCM. The contrast values of plaintext and ciphertext images are shown in Table 10, from which it can be seen that the ciphertext image has a higher contrast value than the plaintext image. It can also be seen in the comparison in Table 9 that the ciphertext image of this paper has the highest contrast value, which shows that the encryption algorithm is effective against statistical attacks.

Energy Analysis
The energy is the cumulative sum of the squares of all elements in the GLCM and represents how much image information is contained. The larger the energy value of an image, the more information it contains, and the easier it is to be cracked by a statistical attack. An encryption algorithm with strong resistance to statistical attacks should have very low energy for the ciphertext image. The energy is calculated as shown in Equation (24) [48].
where i and j are two horizontally adjacent gray values, and P(i, j) is the element's value in the normalized GLCM. The energy values of the plaintext image and the ciphertext image are shown in Table 11, from which it can be seen that the ciphertext image has a shallow energy value. The results of comparing the energy values of this encryption algorithm with other algorithms are shown in Table 9. It is easy to see that the energy value of the ciphertext image of this encryption algorithm is one of the lowest, which shows that this encryption algorithm has a certain degree of security in terms of resistance to statistical attacks.

MES and PSNR Analyses
PSNR (Peak Signal Noise Ratio) and MSE (Mean Square Error) are two objective metrics used to evaluate image quality. The more significant the PSNR value, the smaller the image distortion; the more precise the image, the worse the encryption effect. As a result, higher MSE values indicate a better encryption performance when testing plaintext and ciphertext images. They are calculated according Equations (25) and (26).
where P is the plaintext, C is the ciphertext, M × N is the size of the images, and L is the pixel gray level. The MSE and PSNR values of different images after encryption and the comparison with other algorithms are shown in Table 12. From this, we can see that the PSNR of the ciphertext image is very small, and it also outperforms other algorithms when compared and analyzed against different algorithms, which indicates the high performance of this encryption algorithm.

Differential Attack Analysis
The differential attack mainly involves making a small change to a pixel value of the plaintext image, then encrypting the two plaintext images using an encryption algorithm, and finally comparing and analyzing the two ciphertext images to discover their connection, from which the images can be cracked.
There are two extremely critical factors in evaluating differential attacks. One is the rate of change of pixel values, NPCR, and the other is the uniform average change intensity, UACI, and these are calculated as shown in Equation (27): (27) where M × N is the scale size of the ciphertext, C 1 and C 2 are the two ciphertexts to be compared, and D(i, j) is used to discriminate C 1 and C 2 .Under ideal conditions, the values of NPCR and UACI were 99.6049% and 33.4635%, respectively. With the key unchanged, the two plaintext images are converted into ciphertext images with the encryption algorithm. Tables 13 and 14 show the calculated NPCR and UACI values and the comparison results with different algorithms. Compared with other algorithms, this algorithm's NPCR and UACI values are closer to the theoretical values than most of them.

Noise Attack Analysis
Ciphertext is vulnerable to noise attacks during data transmission. The typical noise attacks are gaussian noise and pepper noise, and the noise attacks can damage the ciphertext image and reduce the clarity. Since pepper noise has more impact on ciphertext images than other noise, in this study, different strengths of pepper noise were included for testing. While keeping the key unchanged, we added pepper noise with intensities of 0.01, 0.05, 0.1, and 0.15 to interfere with the Lena image and encrypted and decrypted it using the encryption algorithm proposed. Figure 16 shows the ciphertext and decrypted images. It is evident that even when the noise intensity reached 0.15, the decrypted image could still be recognized, indicating that the encryption algorithm resists noise attacks.  [44] 99.6197 33.0443 [14] 90.6047 33.4719 [45] 99.6185 33.4561 [46] 99.6085 33.4633 Lena (512 × 512) Proposed 99.6023 33.4618 [45] 99.6044 33.4117 [56] 99.6101 33.4945 [57] 99.6002 33.5079 [58] 99.6140 31.4646

Cropping Attack Analysis
If the decryption algorithm is not robust against cropping attacks, the decryption will fail due to the missing information in the decryption process. If the decryption algorithm can restore the plaintext image to a large extent, the encryption algorithm is highly resistant to cropping attacks. In the test, the Lena ciphertext image was decrypted after cropping attacks of 1/64, 1/16, 1/4, and 1/2, respectively, and the results are shown in Figure 17. The Lena ciphertext image can still be seen as the basic outline of the original image after decryption with the addition of different degrees of cropping attacks, which indicates that the encryption algorithm strongly resists a cropping attack.

Cropping Attack Analysis
If the decryption algorithm is not robust against cropping attacks, the decryption will fail due to the missing information in the decryption process. If the decryption algorithm can restore the plaintext image to a large extent, the encryption algorithm is highly resistant to cropping attacks. In the test, the Lena ciphertext image was decrypted after cropping attacks of 1/64, 1/16, 1/4, and 1/2, respectively, and the results are shown in Figure  17. The Lena ciphertext image can still be seen as the basic outline of the original image after decryption with the addition of different degrees of cropping attacks, which indicates that the encryption algorithm strongly resists a cropping attack. fail due to the missing information in the decryption process. If the decryption algorithm can restore the plaintext image to a large extent, the encryption algorithm is highly resistant to cropping attacks. In the test, the Lena ciphertext image was decrypted after cropping attacks of 1/64, 1/16, 1/4, and 1/2, respectively, and the results are shown in Figure  17. The Lena ciphertext image can still be seen as the basic outline of the original image after decryption with the addition of different degrees of cropping attacks, which indicates that the encryption algorithm strongly resists a cropping attack.

Conclusions
In this paper, an image encryption algorithm based on improved Hilbert curve scrambling and dynamic DNA coding is proposed. First, the image matrix is divided into ten component matrices by using three-level DWT of the plaintext image, and the chaotic sequence generated by iterating with the hyperchaotic system randomly selects one of the eight Hilbert curve modes and scrambles each of the ten component matrices. The scrambled component matrices are then reconstructed with IDWT to obtain the scrambled image matrix. Next, eight pixels at a time are randomly selected with a chaotic sequence and bit-level scrambled using the main-diagonal extraction model until all pixels are scrambled. Then, bit crossover is performed between different pixels, and the pixel values are modified using dynamic DNA coding. Finally, the pixels are globally diffused using two-way ciphertext feedback to obtain the ciphertext image.
Simulation experiments and theoretical analysis verify the effectiveness of this encryption algorithm against chosen plaintext attacks, violent attacks, statistical attacks, differential attacks, noise attacks, and cropping attacks. Therefore, the encryption algorithm proposed in this paper has good security performance.