An Efficient Plaintext-Related Chaotic Image Encryption Scheme Based on Compressive Sensing

With the development of mobile communication network, especially 5G today and 6G in the future, the security and privacy of digital images are important in network applications. Meanwhile, high resolution images will take up a lot of bandwidth and storage space in the cloud applications. Facing the demands, an efficient and secure plaintext-related chaotic image encryption scheme is proposed based on compressive sensing for achieving the compression and encryption simultaneously. In the proposed scheme, the internal keys for controlling the whole process of compression and encryption is first generated by plain image and initial key. Subsequently, discrete wavelets transform is used in order to convert the plain image to the coefficient matrix. After that, the permutation processing, which is controlled by the two-dimensional Sine improved Logistic iterative chaotic map (2D-SLIM), was done on the coefficient matrix in order to make the matrix energy dispersive. Furthermore, a plaintext related compressive sensing has been done utilizing a measurement matrix generated by 2D-SLIM. In order to make the cipher image lower correlation and distribute uniform, measurement results quantified the 0∼255 and the permutation and diffusion operation is done under the controlling by two-dimensional Logistic-Sine-coupling map (2D-LSCM). Finally, some common compression and security performance analysis methods are used to test our scheme. The test and comparison results shown in our proposed scheme have both excellent security and compression performance when compared with other recent works, thus ensuring the digital image application in the network.


Introduction
Nowadays, digital images are becoming one of the most important data formats in our daily life. The risk of information leakage is inevitable when we share photos with others on the social network platform. Therefore, the security of digital images attracts a great of scholars' attention.
The image encryption is an important method in image security. Many text structure encryption schemes, such as advanced encryption standard (AES), data encryption standard (DES), etc., have poor performance on image encryption. These schemes cannot break the correlation among adjacent pixels that may leak some geometric distribution of plain image. Image data are different from text data, which have some specific features, so the image encryption scheme must be designed according to these characteristics. At the beginning, the researchers used some special transformation matrixes, such as magic cube transformation, Arnold cat map, etc., in order to permutate the plain image without under security keys controlling. However, they are against Kerckhoffs's principle, which requires the cryptosystem to be a white box, except for security keys.
Chaos theory as a cornerstone of nonlinear dynamic that is wildly used in many fields was first proposed by Lorenz [1]. The chaotic system has many good characteristics, such the coefficient matrix is compressed and encrypted by CS, simultaneously. The keys in this scheme are generated by a plain image without any external keys; it means that each cipher image corresponds to a unique key, which is not conducive to key distribution management and batch image encryption. Kayalvizhi et al. [24] proposed an image encryption scheme, which is based on compressive sensing, fractional order hyper chaotic Chen system, and DNA operations. In this scheme, block compressive sensing is executed to the plain image, and then execute DNA encoding to the measurement matrix. After that, complete some diffusion operation in DNA sequences. The whole process is not related to the plain image and the sensitivity of plain image has weak resistance to differential attack. Moreover, DNA encoding and decoding may consume a large amount of computing time, which results in the low efficiency of this algorithm.
To conquer the drawback what mentioned above, a plaintext related image encryption scheme is given using compressive sensing and two hyper chaotic systems. The detailed contributions are as follows: • In order to make the image cryptosystem more sensitive to the plain image, a plain image information-related method is proposed, which makes the plaintext information involved in the whole control process of compressive sensing and encryption, and make the image cryptosystem have excellent performance in resisting differential attack. • The generation method of the measurement matrix for compression encryption is presented, which is based on a chaotic system and the information of plain images, and make the CS process fully related to the plain image. In other words, different plain images correspond to different measurement matrices. Additionally, a permute and diffuse operation is used for the measurement matrix, which makes the pixels of the cipher image present lower correlation and uniform distribution. • The peak signal to noise ratio and structural similarity index measurement is used to evaluate compression performance, and many common security analyses methods are carried out, such as key space analysis, differential attack, statistical analysis, key sensitivity analysis, etc., in order to evaluate security performance.
This paper is organized, as follows: in Section 2, the preliminary for this paper is given, such as compressive sensing and chaotic system. In Section 3, an efficient image encryption scheme that is based on chaos and compressive sensing is introduced. In Section 4, some common compression analyses and security analyses of the proposed image cryptosystem are given. In Section 5, we conclude this paper.

Compressive Sensing
The aim of CS model [25] is to recover a sparse image signal X ∈ R n×n from fewer measurements Y ∈ R m×n is given by: where Φ Φ Φ ∈ R m×n is a measurement sensing matrix whose distribution satisfies Gaussian distribution. Let A = Φ Φ ΦΨ Ψ Ψ, where the columns satisfy the linearly independent condition. When A satisfies a certain condition, i.e., Restricted Isometry Constant (RIC), the restricted isometry property(RIP), the CS theory shows that only a sufficiently sparse signal P can be recovered with a high probability exactly from Y. The linear measurement process is expressed as a regularized form, as where · 0 denotes the l 0 norm as a sparsity constraint and η is a constant. This form aims to find the most sparse solution that fits the observation model well. However, it is Non-deterministic Polynomial (NP)-hard problem to solve Equation (2). A convex relaxation method is to apply the l 1 norm of the l 0 norm, as follows: Theoretical analysis has shown that the l 1 norm can also approach the most sparse solution under some conditions [25,26]. Equation (3) can be solved by some optimization algorithms, such as the gradient descent method (GDM) [27] abd orthogonal matching pursuit (OMP) [28].

Chaotic System
The chaotic systems in our proposed scheme are used to control the permutation and diffusion process, and to generate a measure matrix of compressive sensing, which are the key points of encryption and compression performance. Therefore, our cryptosystem is required to choose hyper chaotic systems that have better chaotic characteristics.
The two-dimensional Sine improved Logistic iterative chaotic map (2D-SLIM) [29] is given by where a and b are the system parameters. When a ∈ (0, 3] and b = 2π or when a = 1 and b ∈ [4,7], the system becomes hyper chaotic. The two-dimensional Logistic-Sine-coupling map (2D-LSCM) [30] is given by where θ is the control parameter. When θ ∈ (0, 1), the system has hyper chaotic behavior.

Remark 1.
In our proposed scheme, we used 2D-SLIM and 2D-LSCM, two discrete hyper chaotic systems, to control the encryption process. In fact, other discrete hyper chaotic systems can also be extended in our scheme, and the only difference in those selection is the size of key space. Furthermore, the reason why we select the two different hyper chaotic systems to control the encryption and compression process is that it can avoid, as much as possible, some unexpected situations occurring, such as dynamical degradation of chaotic systems [31,32], weak real keys, etc.

Our Proposed Scheme
The image cryptosystem is proposed in this section. First, a plaintext related internal keys generation method is introduced in Section 3.1. Afterwards, we present the encryption scheme in Section 3.2. Finally, we propose the decryption scheme in Section 3.3.

Plaintext-Related Internal Keys Generation
In this subsection, we proposed a method for generating the internal keys that are related to plaintext. The internal keys are used to generate the initial values and parameters of hyper chaotic systems that are used to control all processes of encryption and decryption. Therefore, the plaintext-related internal key generation method can make our proposed image cryptosystem more plaintext sensitive to resisting differential attack. There are two parts in plaintext-related internal key generation: plaintext information extraction and internal keys generation.
Algorithm 1 shows the plain image information extraction algorithm. The detailed description are as follows: Step 1: input plain image matrix P and initial key K into algorithm, and begin.
Step 2: expand the plain image matrix P into a vector P(:) in rows, and then change this vector to a string SP.
Step 3: input string SP into hash function SHA256, and denote the hash value as HP.
Step 4: input initial key K into hash function SHA256, and denote the hash value as HK.
Step 5: put hash values HP and HK together and input them into hash function SHA256. The hash value is extracted plain image information EPI.
Step 6: output the extracted plain image information EPI, and finished.

Algorithm 1 Plain image information extraction
Input: Plain image matrix P and initial key K Output: Extracted plain image information EPI. The detailed description are as follows: Step 1: input extracted plain image information EPI and initial key K, and begin.
Step 2: input initial key K into hash function SHA256, and denote the hash value as HK.
Step 3: put extracted plain image information EPI and hash value HK together and input them into hash function SHA256. Denote the hash value as INKEY.
Step 6: bit cyclic shift INKEY CN1 bits to right direction, and generate 256 bits internal key K1, after that, at same operation to bit cyclic shift INKEY under CN2, CN3, CN4 control, and generate internal keys K2,K3,K4.

Encryption Scheme
In this subsection, we will introduce our proposed encryption scheme. The encryption scheme takes, as inputs, plain image P, initial key K, and compression ratio CR, and put outputs, such as cipher image and some additional ciphertext information. The compression ratio (CR) means the ratio of the number of pixels in the compressed image to that in the original image. Figure 1 shows the block diagram of the encryption scheme, and the detailed description are as follows: Initial key Step 1: input plain image P (N × N), initial key K and compression ratio CR, and the encryption process begins.
Step 2: input plain image matrix P and initial key K into Algorithm 1 to get extracted plain image information EPI. After that, input extracted plain image information EPI and initial key K into Algorithm 2 to generate internal keys [K1,K2,K3,K4].
Step 3: input plain image P into discrete wavelet transform (DWT) to sparse representation, and we denote sparse coefficient matrix as CM.
Step 4: input coefficient matrix CM and internal key K1 into Algorithm 3 to make plaintext energy evenly distributed.

Algorithm 4 Calculate threshold algorithm
Input: Coefficient matrix CM and compression ratio CR Output: Threshold value TS. 1: Change CM to a vector CMA in rows. Step 6: if the element in the permutated coefficient matrix PM absolute value less than threshold TS, then set this element to 0. The new generated matrix is denoted as PM2.
Step 7: input matrix PM2, compression ratio CR, and internal key K2 into Algorithm 5 to obtain the measurements CSM.

Algorithm 5 Compressive sensing algorithm
Input: The matrix PM2, compression ratio CR, and internal key K2 Output: The compressive sensing measurements CSM. 1 4: a02 ← f ix(mod(I1/10 6 , 3)) + mod(I1/10 14 , 1); Step 8: quantize the compressive sensing measurements CSM to the range of [0, 255] and generate quantized matrix QM by where round(x) represents the nearest integer with x, and MIN and MAX are the minimum and maximum numbers of CSM.
Step 9: input quantized matrix QM and internal keys K3,K4 into Algorithm 6 to do diffusion and permutation II.
Step 10: output cipher image C1 and additional cipher information C2 = [EPI, MAX, MIN]. The encryption process is finished.

Decryption Scheme
The decryption process is the inverse process of encryption, and it takes input as cipher image C1, additional cipher information C2, and initial key K, and put the output as recovering plain image. Figure 2 shows the block diagram of the decryption scheme, and the detailed description is as follows: Step 1: input cipher image C1(M × N), additional cipher information C2, and initial key K and the decryption process begins.
Step 6: input reconstruct matrix RCM and internal key K1 into Algorithm 9 to undertake reverse permutation I.
Step 7: input matrix RPM into inverse discrete wavelet transform (IDWT) in order to recover plain image P.

Simulation and Analysis
In this section, we will evaluate our proposed image cryptosystem. The simulations and performance evaluations are implemented in MATLAB R2016a. Our hardware environment for tests was a personal computer with Inter(R) Core i7-6700k CPU 4.00 GHz, 32 GB memory, and the operation system is Windows 7 home edition. For simulation and tests, the initial key is selected as 'a2b235c5dd4345d2445e33e25ef255f524235ec' in hexadecimal, and one of the parameters of 2D-SLIM, which is given in Equation (4), is set as b = 2π. We first select 512 × 512 8-bit level gray images 'Lena', 'Pepper', and 'Cameraman' for simulation, and encrypt them with CR = 0.1, 0.2, · · · , 0.9, respectively. Figure 3 shows the simulation result. In the following subsections, we first discussed the performance of compression, and then provided the common security analysis result of our proposed image cryptosystem. Finally, we compared our work with other recent works in order to make our proposed image cryptosystem more convincing.

Peak Signal to Noise Ratio (PSNR)
For measuring the difference between the decrypted image and the original image to evaluate the recovery quality, we use the peak signal to noise ratio (PSNR) as a measurement for evaluation. PSNR is given by PSNR = 10 log 10 255 × 255 where I and I are the decrypted image and original image, respectively. In this test, we first encrypt 256 × 256 and 512 × 512 plain images at different CRs, and then decrypt these cipher images to obtain recovery images. Finally, we calculate PSNR between plain images and recovery images. Table 1 and Figure 4 show the test result. According to the results, the PSNR values between plain images and recovery images are increasing with the growth of CRs, and the minimum of the PSNR is 31.7675 dB when the image is 256 × 256 and be encrypted in CR = 0.2. Therefore, our proposed scheme has a very good compression recovery performance.

Structural Similarity Index Measurement (SSIM)
The structural similarity index measurement (SSIM) is another important indictor for evaluating the compression performance. The SSIM value can be calculated by where C 1 = (k 1 × L) 2 , C 2 = (k 2 × L) 2 , k 1 = 0.01, k 2 = 0.03, L = 255. The µ I and µ I are the average values of the decrypted image I and the original image I. The σ I and σ I are the variance values, and σ I I is the covariance value between I and I . In this test, we also first encrypt 256 × 256 and 512 × 512 plain images at different CRs, and then decrypt these cipher images to obtain recovery images. Finally, we calculate the SSIM value between recovery images and plain images. Table 2 and Figure 5 show the SSIM result. The SSIM values are also increasing with CRs and the minimum value is also over 0.7, according to the results. It means that, in this indicator, our scheme also has very good compression recovery performance.

Differential Attack
Differential attack is a method for analyzing keys from two cipher images that are encrypted by two tiny different plain images. The plain image sensitivity is an important feature for an image cryptosystem to resist differential attack. There are two measurements for evaluating the plain image sensitivity: the number of pixels change rate (NPCR) and unified average changing intensity (UACI) [12,13]. The NPCR and UACI are given by Equations (11) and (12), respectively. where where C 1 (i, j) and C 2 (i, j) are denoted as two cipher images that are generated by encrypting one-pixel different two plain images. M and N are the height and width of images, respectively. In order to evaluate the NPCR and UACI results, the critical values are given by Wu et al. [35]. The critical value of NPCR is given by: where H represents the total pixel numbers of image, Q represents the largest value that the pixels allowed in the image, and α is the significance level. When the test NPCR value is larger than critical value N * α , we can consider that the proposed system has good plain image sensitivity.  The UACI critical interval (U * − α , U * + α ) is given by: where and If the UACI value falls into interval (U * − α , U * + α ), then we can consider the two test images have enough difference. We assume significance level α = 0.05. When the test image is 512 × 512, the NPCR critical value is N * 0.05 = 99.5893% and the UACI critical interval is (U * − 0.05 , U * + 0.05 ) = (33.3730%, 33.5541%). When the test image is 256 × 256, the NPCR critical value is N * 0.05 = 99.5693% and the UACI critical interval is (U * − 0.05 , U * + 0.05 ) = (33.2824%, 33.6447%).
In this test, we complete the test 100 times for each CRs and calculate the average value, respectively. Table 3 and Figure 6 show the tests results. According to the data and figures, the NPCR and UACI test values are floating with CR changes. Nonetheless, all of the test values are basically within the critical values. The test result has shown that our proposed scheme is plain image enough in resisting the differential attack.

Statistical Analysis 4.4.1. Histogram Analysis
A histogram can reflect the statistical feature of cipher image; the histogram is closer to uniform the better security performance. The histogram is shown in Figure 3. In Figure 3 rows (a, e, i), there are some cipher images that are encrypted in deferent CRs, and the corresponding histograms are shown in Figure 3 rows (b, f, j). The corresponding decrypted images are shown in Figure 3 rows (c, g, k). Figure 3 rows (d, h, l) shows the histograms of recovery image. The chi-squared test is used to evaluate the uniformity of cipher image's histogram. Table 4 provides the chi-squared test results of cipher images, when the significance level is α = 0.05. According to the results, our scheme has enough good diffused property to resist the statistical attack.

Correlation Coefficient
As we all know, encryption is a process breaking the correlation of adjacent pixels. Therefore, correlation coefficient analysis is an important measurement for evaluating the permutation performance of image cryptosystem. The less correlation in cipher image, the better permutation performance.
The correlation coefficient can be calculated by Equation (17).
where a and b are two adjacent pixels' gray values, and In this test, we first randomly select 10,000 pairs of adjacent pixels in the test image, and then calculate the correlation coefficient among these pixels. The test plain images are 512 × 512 and the cipher images are encrypted on CR = 0.5. Table 5 shows the test results. The correlation distributions are shown in Figure 7 and the rows (1-6) correspond to images of 'Lena', 'Pepper', 'Airplane', 'Boat', 'Cameraman', and 'Barbara', respectively; Column (a) shows the corresponding plain images; Columns (b-d) correspond to the plain images' distributions of 'horizontal direction', 'vertical direction', and 'diagonal direction', respectively; Column (e) is the corresponding cipher images by encryption; Columns (f-h) correspond to the cipher images' distributions of 'horizontal direction', 'vertical direction', and 'diagonal direction', respectively.

Key Sensitivity Analysis
In this subsection, we will test the key sensitivity of our proposed image cryptosystem. In our scheme, there are 12 real keys, which are parameters and initial values of 2D-SLIM and 2D-LSCM systems. For this test, we select 'Barbara' 512 × 512 as the test image. There are two tests for key sensitivity analysis. The first test we encrypted plain image on CR = 0.5, and then decrypted with tiny modified keys. Figure 8 shows the test results. The second test is that we encrypt plain images with tiny modified keys and then compare the corresponding cipher images with without modified cipher images. Figure 9 shows the test results.
We quantitatively measure the difference between cipher images using NPCR and UACI. Table 6 shows the result. As the results of tests, our proposed scheme is very sensitive to the real keys. (3)

Information Entropy
Global Shannon entropy (GSE) is used to evaluate the randomness of the whole image. The GSE is given by where K is the gray level of the test image and P(s i ) means the probability of s i . The GSE of 8-bit gray image is 8 bits in the ideal case. Table 7 shows the GSE results in different CRs.

Robust Analysis
The robustness of the image cryptosystem means that some useful information can still be recovered when the cipher image is disturbed by noise or part of the data is lost during transmission. The robustness of the image cryptosystem in real communication applications is very important. In the test, some noise and different data loss amounts are added to Lena cipher images that are encrypted on CR = 0.5 to evaluate the robustness of our proposed image cryptosystem. Figure 11 shows the test results. Most of the information in the plain image can still be identified from the decrypted image, as shown in Figure 11.  Figure 11p-r are the cipher images with 32 × 32 data lost. Figure 11v-x are corresponding decrypted images. It is shown that the algorithm has good robustness and it can be applied to practical scenarios.

Time Complexity Analysis
In order to evaluate the efficiency of our proposed image cryptosystem, we give the time complexity analysis and the time consuming of the simulation in this subsection. In this paper, we use two 2D-SLIM and two 2D-LSCM hyper chaotic systems to control the processes of compressive sensing and encryption, and it needs a total of Θ(3MN + N) iterations of computing floating point number. As we all know, there are many factors that affect the results of the actual test, such as hardware and software environments, programming languages, code optimization, parallel processing, programming skills, etc. Therefore, we give our simulation results of the time consumption under the environments that are mentioned at beginning of Section 4 and while using parallel computing technology. In our test, we encrypt and decrypt the same image 100 times, taking the average time.

Comparison with Other Works
In this section, we compare our proposed image cryptosystem with other recent works. For this comparison, we encrypt 512 × 512 8-bit gray level plain images 'Lena' with CR = 0.5. Table 9 shows the comparison result. The cipher image that is generated in Ref. [21] has poor randomness, because the global entropy is too low. Moreover, it also missing local entropy and plaintext sensitivity assessment. Ref. [22] presents the small key space and it is missing the information entropy assessment. Ref. [23] also has a small key space. Ref. [24] is missing the key space and a local entropy assessment. Our proposed image cryptosystem has the advantage of more comprehensive security performance, according to the comparison results.

Conclusions
In this paper, an efficient and secure plaintext-related chaotic image encryption scheme that is based on compressive sensing was proposed, which can simultaneously achieve the compression and encryption. In the proposed scheme, we generate the plaintext-sensitive internal keys to control the whole process of compression and encryption, which can make all processes have enough sensitivity to the plain image. The permutation that was controlled by the two-dimensional Sine improved Logistic iterative chaotic map (2D-SLIM) has been applied to the coefficient matrix in order to make the energy of matrix dispersive. A plaintext related compressive sensing was used to reduce the data storage capacity while the privacy of image is guaranteed. Additionally, we make sure the cipher image lower correlation and distribute uniform by quantifying the measurement results to 0∼255 and doing permutation and diffusion under the controlling by two-dimensional Logistic-Sinecoupling map (2D-LSCM). Finally, some common compression and security performance analysis methods are used for testing our scheme. The tests and comparison results have shown that our proposed scheme has both excellent security and compression performance in order to ensure the digital image application in the network. The image encryption combining compressive sensing is still under constant research, and there are still many problems that need to be further studied and solved. In the next stage, we will focus on the multi-image aggregation encryption and parallel block compressed sensing.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: