Face Image Encryption Based on Feature with Optimization Using Secure Crypto General Adversarial Neural Network and Optical Chaotic Map

Demand for data security is increasing as information technology advances. Encryption technology based on biometrics has advanced significantly to meet more convenient and secure needs. Because of the stability of face traits and the difficulty of counterfeiting, the iris method has become an essential research object in data security research. This study proposes a revolutionary face feature encryption technique that combines picture optimization with cryptography and deep learning (DL) architectures. To improve the security of the key, an optical chaotic map is employed to manage the initial standards of the 5D conservative chaotic method. A safe Crypto General Adversarial neural network and chaotic optical map are provided to finish the course of encrypting and decrypting facial images. The target field is used as a "hidden factor" in the machine learning (ML) method in the encryption method. An encrypted image is recovered to a unique image using a modernization network to achieve picture decryption. A region-of-interest (ROI) network is provided to extract involved items from encrypted images to make data mining easier in a privacy-protected setting. This study’s findings reveal that the recommended implementation provides significantly improved security without sacrificing image quality. Experimental results show that the proposed model outperforms the existing models in terms of PSNR of 92%, RMSE of 85%, SSIM of 68%, MAP of 52%, and encryption speed of 88%.


Introduction
DL is a very powerful technique in computer vision applications. Surveillance is a high-potential application field for DL. DL requires a large training data set to achieve excellent performance. However, collecting enough training data while maintaining the anonymity of people in data is expensive, especially for surveillance applications. No one wants their images to be included in the dataset because developers can monitor anyone's actions. A comparable circumstance can be found during a surveillance operation. A security camera owner can monitor anything. Image encryption is one of the methods for maintaining privacy [1]. The picture encryption process converts an original image into an encrypted image in which no one can recognize the contents. Image encryption methods were primarily created to send photos securely over a public network. For people and machines to recognize the contents of an encrypted image, the image must first be decrypted. Anyone may recognize the contents of the image once it has been decrypted. This means that picture decryption can compromise privacy [2].
People have entered the era of big data as a result of technological advancements. Internet and computer technology have advanced swiftly, network popularity has grown significantly, and information interaction technology has matured. While most people utilize the Internet to send information, it also creates many data security risks. Data transmission security is rapidly affecting the security of individuals, businesses, and even countries as networks expand into new domains. Because of its visual features, an image has a strong expression influence on the data it contains. Many information expressions favor visuals because of their widespread use in information interaction. Owners of valuable photographs frequently utilize the Internet to conduct an auction or post their image data. That strategy removes geographical limits such as geography, and it is convenient and quick, but it also saves money [3]. However, throughout the network transmission process, insecure elements of picture data provide an opportunity for malicious attacks, and original image data may be attacked, resulting in data leakage or destruction. The goal of the picture encryption technique is to enhance the security of image data, minimize the risk of data leakage and destruction, and ensure the secure transmission of original data. In a few cases, image data are encrypted before transmission. For example, before medical images may be transmitted over the Internet, they must be encrypted to safeguard patient privacy. Criminal attacks such as destructive damage and data theft are common, and picture encryption technology is continually evolving. An urgent topic to be tackled is how to increase picture security, key transmission security, and anti-attack capability [4]. The iris, face, fingerprint, voice, deoxyribonucleic acid (DNA), and palm positions are examples of information properties created by human tissue structures. Because of their uniqueness, biological traits of the human body are extensively utilized to determine recognition and other sectors. The properties of the iris are extracted using iris recognition technology. It is part of the human biological feature extraction technology and is of extremely high grade. It is better for picture encryption because it improves the algorithm's security and anti-attack capability. The identity recognition method based on iris feature extraction is receiving increased attention in academic and industry sectors. It has an extensive variety of applications and is progressively implemented in various departments with high security needs, such as finance and secrecy [5]. Applying DL techniques to the area of image security to resolve classic challenges has also received much attention recently and has made significant progress. However, many researchers are interested in how to better utilize the benefits of DL in image cryptography, image authentication, and image steganography. To assist relevant researchers in better understanding the field of DL uses in digital image security together with its upcoming progress, the origin and development method of DL techniques in image cryptography, steganography, and authentication were organized from numerous perspectives in this paper, as shown in Figure 1. We then evaluate these strategies, assess their benefits and drawbacks, and make recommendations for future research on this subject.
Various security techniques are currently available to assist in repelling picture-based attacks, but they are not effective in balancing security and image quality demands. Aside from that, chaotic map behavior provides a high level of security. As a result, combining DL and chaotic behavior can provide a superior picture encryption solution. As a result, the suggested article proposes a model in which a DL chaotic map is employed to perform better optimization to improve picture encryption performance. In computer vision applications, DL is a very powerful technology. Surveillance is a high-potential application field for DL. DL requires a large training data set to achieve excellent performance. However, collecting enough training data while maintaining the anonymity of people in the data is expensive, especially for surveillance applications. No one wants their images to be included in the collection because developers can monitor anyone's actions in real-time. During a surveillance operation, a similar predicament can be encountered. A security camera owner can monitor anything. Image encryption is one of the methods for maintaining privacy. Image encryption converts an original image into an encrypted image in which the contents of the original image are unrecognizable. Image encryption methods were created primarily for the purpose of securely transmitting photos over a public network. For people and/or machines to recognize the contents of an encrypted image, the image must first be decrypted. Anyone may recognize the contents of the image once it has been decrypted. This means that image decryption has the potential to infringe on one's privacy [6].
Sensors 2023, 23, x FOR PEER REVIEW 3 of 21 methods for maintaining privacy. Image encryption converts an original image into an encrypted image in which the contents of the original image are unrecognizable. Image encryption methods were created primarily for the purpose of securely transmitting photos over a public network. For people and/or machines to recognize the contents of an encrypted image, the image must first be decrypted. Anyone may recognize the contents of the image once it has been decrypted. This means that image decryption has the potential to infringe on one's privacy [6]. To develop a secure Crypto General Adversarial neural network and optical chaotic map for encryption and decryption of face images with optimization of images; The rest of this research article is organized as follows. Section 2 of this paper shows the related work. In Section 3, novel techniques for face feature encryption with image optimization using cryptography and deep learning structural design are deliberated. In Section 4, experimental analysis and discussions are displayed. Section 5 of this paper contains its conclusion.

Related Work
This section contains traditional study projects that are only focused on image security. Furthermore, the literature uses picture encryption using chaotic methods [7]. However, achieving a suitable balance between security efficiency and encryption significance is difficult with these methods. DL, which uses multilayer neural networks (NNs) to extract features from raw input photos, has also attracted much interest in solving the problem. The advantages of convolution neural networks (CNNs) [8] are established in computer vision applications and picture domain transfer [9]. Image transfer from one domain to another is thought of as a texture transfer issue, to learn mapping connection amid an input image and output image from a set of matched image pairs. The most common image-to-image conversion approach is the cycle-reliable adversarial system [5], which offers two-cycle reliability losses that shift the image from one domain to another and then rebuilds back to the original image. DL technique is used to manage the image-denoising The contributions of this research are as follows:

•
To propose a novel technique for face feature encryption with image optimization using cryptography and deep learning architectures; • To develop a secure Crypto General Adversarial neural network and optical chaotic map for encryption and decryption of face images with optimization of images.
The rest of this research article is organized as follows. Section 2 of this paper shows the related work. In Section 3, novel techniques for face feature encryption with image optimization using cryptography and deep learning structural design are deliberated. In Section 4, experimental analysis and discussions are displayed. Section 5 of this paper contains its conclusion.

Related Work
This section contains traditional study projects that are only focused on image security. Furthermore, the literature uses picture encryption using chaotic methods [7]. However, achieving a suitable balance between security efficiency and encryption significance is difficult with these methods. DL, which uses multilayer neural networks (NNs) to extract features from raw input photos, has also attracted much interest in solving the problem. The advantages of convolution neural networks (CNNs) [8] are established in computer vision applications and picture domain transfer [9]. Image transfer from one domain to another is thought of as a texture transfer issue, to learn mapping connection amid an input image and output image from a set of matched image pairs. The most common image-to-image conversion approach is the cycle-reliable adversarial system [5], which offers two-cycle reliability losses that shift the image from one domain to another and then rebuilds back to the original image. DL technique is used to manage the image-denoising problem [10]. Image noise is interference data in image data that cause some useful image data to become invisible. The process of image denoising is considered image restoration [11]. The authors of [12] proposed a new cross-image, pixel scrambling-based rotation domain, dual-image encryption technique. In [13], the authors suggested a dual-image encryption method that incorporates DNA spatiotemporal chaos, deletion, and insertion to improve the security of the encryption process, and scramble real as well as imaginary sections of data produced by every round of encryption [14]. The approach encrypts two images simultaneously by combining DNA sequence insertion and deletion methods with scrambling and diffusion methods. Reference [15] introduced a new dual-image compression encryption method that improves the secrecy and resilience of the dual-image encryption approach. These techniques can employ the same encryption method to encrypt two photos separately, which requires decryption twice to extract the two images [16]. The authors of [17] proposed a method for medical picture cryptography based on a combination of chaotic and neural networks in their study. The major goal of the proposed method is to verify the safety of medical photographs using a less sophisticated method than current methods. Test findings supported the proposed method's performance and efficiency, which meets digital imaging and communications in medicine criteria. In [18], the authors proposed a new multikey compressed sensing and ML privacy-preserving computing system. A user, a cloud, and a trusted third party make up this computer architecture, and the trusted third party is in charge of distributing random compressed sensing keys. In [19], a machine learning technique was used for an issue involving health, commercial, or other sorts of sensitive data, which necessitates not only precise estimates. Because the cloud does not have access to keys required to decrypt the data, encryption assures that it remains private. Table 1 presents a summary of image encryption techniques, including their benefits and limitations.

1.
Image encryption based on a public key [20] Public key encryption uses a pair of keys, one for encryption and one for decryption, providing secure communication and nonrepudiation for image data.
Public key encryption provides secure communication as only the intended recipient can decrypt the image using their private key. It also allows for nonrepudiation and the ability to encrypt large amounts of data.
Public key encryption can be slower and more computationally expensive than symmetric key encryption. Additionally, managing and securely distributing the public and private keys can be complex and difficult.
Chaos-based encryption techniques use chaotic systems to generate encryption keys, providing high levels of security and randomness. They also have the ability to resist known plaintext attacks and are resistant to differential cryptanalysis.
Chaos-based encryption techniques can be complex to implement and may have limitations in terms of encryption speed and scalability. They also may be sensitive to initial conditions and perturbations in the chaotic system.

3.
Visually meaningful image encryption technique [24,25] Mentions an image that is at least twice as large as the original. A successful embedding method. A powerful encryption method.
Visually meaningful image encryption techniques help to preserve the visual features of an image while still encrypting it, making it more user-friendly and easy to understand. This also allows for more efficient and effective image transmission and storage.
Visually meaningful image encryption techniques may not provide as much security as other encryption methods and can be vulnerable to attacks such as stegonography and visual cryptanalysis. Additionally, it may be more computationally expensive and complex to implement.

4.
Partial image encryption techniques [26,27] Extraction of important areas from images. Any safe encryption method.
Partial image encryption techniques allow for selective encryption of important or sensitive parts of an image, enhancing security while preserving the overall visual quality of the image. It also allows for more efficient storage and transmission as only certain parts of the image are encrypted.
Partial image encryption techniques may not provide as much security as full image encryption, as attackers may focus on the unencrypted parts of the image. It also may be more complex to implement and may require additional information to properly decrypt the image.
Symmetric key encryption uses the same key for encryption and decryption, providing fast and efficient encryption. It also requires less computational power and is simpler to implement compared to other encryption methods, making it more practical for many use cases.
Symmetric key encryption requires secure key distribution and management, as the same key is used for encryption and decryption, if the key is compromised the security of the encrypted data is lost. It also does not provide nonrepudiation, meaning that the sender and receiver cannot prove who sent the message.

6.
Proposed encryption technique based on cryptography and deep learning (DL) architectures.
Here, the input face image is processed and mapped using optical chaotic maps, which are utilized for efficient encryption and decryption of the image.
The proposed encryption technique provides high security by combining the strengths of both methods. The technique can also adapt to changing encryption needs, improve the encryption efficiency, and resist attacks that traditional encryption techniques may fall prey to.
It may be computationally expensive and require specialized hardware and expertise to implement.
Consider two scenarios: the training and operating phase. In both cases, the network will most likely require a simple image dataset (see [31] for complete details). Typically, simple images are used to train the network. The original plain images should be decrypted to train the network, even if the image collection is encrypted. The individual who trains the network is referred to as a trainer in this context. The data holder who holds the training dataset is frequently not the same as the trainer. The data holder cannot then provide the dataset to the trainer using those two existing approaches, because doing so would violate the data holder's privacy policy. In the operational phase, the scenario is similar to that in the training phase. To detect or classify an object, the network requires a basic image. The images should be decrypted for the network even if the encrypted images are stored in the surveillance system. In this way, the operator who runs the networked surveillance system may always examine the original plain photographs. As a result, a new picture encryption challenge is presented here. The fundamental difference from the existing image encryption challenge is that the encrypted images have desired qualities. The algorithm should encrypt images against both humans and networks in the present image encryption challenge. In the image encryption challenge discussed here, encoded images should be encrypted for humans while the network can be trained on encoded images. This type of encryption is known as learnable image encryption. Learnable image encryption is capable of encrypting images for human use. It means that the data owner can give their dataset while being compliant with the privacy policy. Trainers can use encrypted photos to train directly. The development of networks is extremely beneficial because the data holder and the trainer can avoid privacy concerns. The learnable image encryption is also effective during the operation phase. Encrypted images are used to train the network. As a result, without decrypting original plain photos, the network can recognize or classify objects using directly encrypted images.

System Model
This section discusses a novel technique of face feature encryption with image optimization using cryptography and deep learning architectures. Here, the input face image has been processed and mapped using optical chaotic maps that are utilized for efficient encryption and decryption of the image. Then, the secure crypto general adversarial neural network was developed for encryption and the decryption method with image optimization. The overall proposed method is represented in Figure 2.
This section discusses a novel technique of face feature encryption with image optimization using cryptography and deep learning architectures. Here, the input face image has been processed and mapped using optical chaotic maps that are utilized for efficient encryption and decryption of the image. Then, the secure crypto general adversarial neural network was developed for encryption and the decryption method with image optimization. The overall proposed method is represented in Figure 2.

Digital Optical Chaotic Mapping (Op-Ch_M)-Based Digital Image Encryption Technique
Xiong et al. offer a new chaotic map-based digital picture encryption technique. The surname initials of the author, abbreviated as XZQ, are used for brevity. The XZQ algorithm's encryption phases are listed below.
Phase 4. Perform the same modifications in the image's rows to = min � ∼ ( ) log �1 − � ( )�� to complete image encryption. G network starts with a convolution stage to encode and compress pictures spatially, and useful characteristics retrieved in this phase are then utilized in the transformation that follows. Finally, a 7 x 7 convolution kernel exports the forecast. Furthermore, the Phase 1. Select chaotic mapping to produce a chaotic sequence with beginning specifications of x 0 , and a number sequence of = (n 1 , n 2 , n 3 . . . , n k ), 0 < n i < n and ∑ k i=1 n i = n where n is the picture row size.
Phase 3. Set x 1 = x n+n , and redo the process in Phase 2 in residual rows; n i = n k , repeatedly utilize δ from n 1 reintroduced δ.
Perform the same modifications in the image's rows to L G = min G E x∼pdata(x) log(1 − D(G(x )) ) to complete image encryption.
G network starts with a convolution stage to encode and compress pictures spatially, and useful characteristics retrieved in this phase are then utilized in the transformation that follows. Finally, a 7 × 7 convolution kernel exports the forecast. Furthermore, the decryption network F has a similar structure as encryption network G; encryption network G has successfully converted original patient images. Therefore, encrypted network G's loss LG is given by Equation (1): G stands for an encryption network, and D stands for a discriminator network. G loss aims to reduce discriminator network D's success rate in detection ciphertext produced by encryption network G. Aside from encryption, another suggested technique is to make certain that the restored image retains the original image's texture data even when it is encrypted. Reconstruction loss estimates dissimilarity between G(x) and the original image for every image x from domain X, x → G(x) → F(G(x)) ≈ x. L is calculated using Equation (2): The primary value of the 5D conservative chaotic method is evaluated by using pseudo-random sequence LCon based on the technique given below: Arbitrary sequences X, Y, Z, U, V are given by iterating the 5D conservative chaotic method, and arbitrary matrices RM 1 , RM 2 , K 1 , K 2 , K 3 are obtained by transformation: RM 1 and RM 2 are arbitrary stage masks utilized for optical encryption channels, and K 1 , K 2 , K 3 are the keys to the digital diffusion channel's encryption.
Phase 3. Optical encryption is performed on the image with low-bit scrambling PL P2 to obtain low-bit encrypted image EL P2 . The encryption technique is described by the equation below: where F P x2 F P y is fractional Fourier transform through order p x for the x-axis and order p y for the y-axis. The high-bit scrambled image with dynamic adaptive inverse diffusion PHP1 yields EHP1.
where µ is the dynamic diffusion control specification fixed by the user and τ is the dynamic diffusion direction control specification, The choice to balance data in two ciphertext pictures can be made based on application needs. The option to delete the 4-bit information when the communication proportion is higher can also be considered. If the image's details are sought, it is essential to stabilize the data of an image with a high 4-bit ciphertext and an image with a low 4-bit ciphertext to obtain C1 and C2. In this example, the image balance approach is illustrated.
Discriminator network D seeks to distinguish between translated samples by maximizing discriminator network D's classification accuracy, which is the inverse of the encryption network G's goal Equation (3): The private key for encryption is the final specifications of network G. In contrast, the private key for decryption is the final parameters of network F. The following is the procedure for producing a privacy key: For encryption, every convolutional layer's parameters are initially arbitrarily initialized as given: W n = random w n,1 , w n,2 , . . . , w n,j , . . . where w n is the nth convolutional layer. As a result, the encryption privacy key W is made up of all specifications of every convolutional layer, which is described as follows: In addition to forward propagation, the BP method transfers network loss between convolutional layers. Improve performance by updating the parameters in each layer. The gradient descent is defined by Equation (4): The procedure of creating a privacy key for decryption is the same as producing a privacy key for encryption, excluding that the decryption network's initial input becomes the encryption network's projected output. Furthermore, the reconstruction loss is the loss of the decryption network, as shown in Equation (5).
The encryption algorithm is as follows:

1.
Calculate the H value by extracting the characteristic value of the image to be encrypted.

2.
To carry out the process, utilize initial chaotic value x 0 and H value, producing initial value x 0' utilized in scrambling chaotic sequence {C i , i = 0, 1, . . . , M * N − 1} as explained in Figure 3. 3. Arrange the chaotic sequence C i in descending order; the resulting sequence is C i . Calculate mapping matrix A for converting C i to C i , for example, C i = A * C i .

4.
To obtain the final encrypted image G 0 , utilize matrix A to scramble the image G 0 according to the pixel location. G 0 .G 0 = A * G 0 .

5.
Decryption method: Extract the characteristic value of the image to be decoded.
The encryption algorithm is as follows: 1. Calculate the value by extracting the characteristic value of the image to be encrypted.
Step 3. The encryption procedure is complete if all plaintexts have been encrypted; otherwise, proceed to Step 1. The encryption and decryption processes are comparable. First, build the same hyperchaotic sequence with the same parameters and beginning values, but replace it with Equation (10), as follows: Then, according to {r i , i = 0, 1, . . . , M − 1} and c j , j = 0, 1, . . . , N − 1 , the matrix is inversely transformed, and the original image is restored as shown in Figure 4.  In contrast to the typical method of training, i.e., two methods as a generator and a discriminator, three NNs are used here. A pair of NNs act as generators, while a third acts as a modified discriminator. Three NNs will be: 6. Encryptor: Plaintext and a shared key, both in binary sequence, are used to produce encrypted text. 7. Decryptor: The encrypted text is used as input, and the shared key are used to produce an output of decrypted text. 8. Eavesdropper: This only accepts the encrypted text as input, which means it intercepts text and decrypts it without the shared key. The general adversarial network (GAN) has the following layers; the architecture of all three NNs is the same as the subsequent layers: • Dense layer that is fully linked; • Flatten layer; • Convolutional layer. We employed one dense, four convolutional, and one flattened layer. Strided convolution is utilized to replace the pooling layer. We employed strided convolutions instead of immediate downsampling. Activation functions used: binary sequences, 0 and 1, are used for encryption. To standardize the output of each layer in [1,1], the tanh initiation In contrast to the typical method of training, i.e., two methods as a generator and a discriminator, three NNs are used here. A pair of NNs act as generators, while a third acts as a modified discriminator. Three NNs will be:

6.
Encryptor: Plaintext and a shared key, both in binary sequence, are used to produce encrypted text. 7.
Decryptor: The encrypted text is used as input, and the shared key are used to produce an output of decrypted text. 8.
Eavesdropper: This only accepts the encrypted text as input, which means it intercepts text and decrypts it without the shared key.
The general adversarial network (GAN) has the following layers; the architecture of all three NNs is the same as the subsequent layers: • Dense layer that is fully linked; • Flatten layer; • Convolutional layer.
We employed one dense, four convolutional, and one flattened layer. Strided convolution is utilized to replace the pooling layer. We employed strided convolutions instead of immediate downsampling. Activation functions used: binary sequences, 0 and 1, are used for encryption. To standardize the output of each layer in [1,1], the tanh initiation is utilized, but the last layer is utilized for sigmoid activation.
The output of A on inputs FF and Key is represented by A(ω A , FF, Key), the output of the Server is represented by S(ω Server , EFF, Key), and the output of B on input C is represented by B(ω B , EFF).
The distance function d is also incorporated into the facial feature at the same time.
This study uses L 2 distance d 2 FF, FF = ∑ i=1,N (FF n 1 − FF n 2 ) 2 for a specific operation, where N is the length of the facial feature. The loss function for each instance of B is defined by Equation (11) This research acquires the "best B" by reducing that loss, as shown in Equation (13): In a similar vein, this paper constructs a sample Server reconstruction error and applies it to a distribution of face characteristics and keys by Equation (14): L server (ω A , ω Server , FF, Key )= d(FF, Server(ω Server , A(ω A , FF, Key ), Key )) L Server (ω A , ω Server )= E FF, Key (d(FF, B(ω Server , A(ω A , FF, Key)))) The optimal values of L server and L B are combined in this study to define the Server and loss function of A by Equation (15): This combination illustrates the aim of A and Server to reduce Server rebuild faults while increasing "optimal B" rebuild errors. However, the following research discusses beneficial alternatives.
By reducing L A Server (ω A , ω Server ), this study obtains "Best A and Server" by Equation (16):

Secure Crypto General Adversarial Neural Network
In this subsection, we provide the following algorithm for securing the crypto general adversarial neural network.

end while
A GAN consists of two neural networks: a generator network and a discriminator network. The generator network is trained to generate new samples that are similar to a target distribution, while the discriminator network is trained to distinguish between the generated samples and real samples from the target distribution.
In this algorithm, the generator network is represented by G θ , and the discriminator network is represented by D w . The generator network is trained to generate samples, denoted by x, from a noise distribution, p(z), while the discriminator network is trained to classify samples as either real (from the target distribution P r ) or fake (generated by the generator network).
The training process alternates between updates to the generator network and the discriminator network. During each generator update, the generator network generates a batch of samples from the noise distribution, and the discriminator network is updated to classify these samples as fake. During each discriminator update, the discriminator network is updated to classify a batch of real samples and a batch of fake samples generated by the generator network. The algorithm also uses various hyperparameters, such as the clipping parameter c, the batch size m, and the Adam optimization parameters α, β 1 , and β 2 . These hyperparameters set and tuned through experimentation to achieve the best performance for the specific task and dataset. The root mean squared propagation (RMSProp) optimization algorithm is also used to update the weights of the networks. The training process continues until the generator network has converged. The threshold value in the algorithm is the "clipping parameter" (c). It appears in the line " w ← clip(w, −c, c)", which sets the values of w to be within the range (−c, c). The value of c is specified as an input to the algorithm and determines the maximum magnitude for the values of w.
A GAN's purpose is to predict the possible distribution of existing data and produce new data samples with the same distribution. Generator G's ability to produce samples is improved by creating a minimax confrontation procedure between it and discriminator D. The GAN's main purpose is to create a generator G from real-world data X. The model's objective function is given by Equation (17): The distribution and the appearance of an image become increasingly similar as those of the cover image when a discriminator is added to the steganography system. For example, the following is the loss function given by Equation (18): Here, P c and P s are covers and secret image distributions, and H (c, s) is the steg image produced by the generator. Throughout the training operation, the hiding network and the extracting network are optimized to minimize the original secret image s and the loss of image-extracted secret image s 0. To do this, we propose a novel cost function that is reduced to enhance the method, which is given by Equation (19):

Security Analysis
Both the encryption and decryption networks include 24 levels, with a total of 2,757,936 parameters for each network. A deeper resnet-50 design is used for the ROI mining network. The ROI-mining network's structure is shown in Table 2. Chest X-rays [45] are the dataset. The proposed solution is implemented on Nvidia Giga Texel Shader eXtreme (GTX) 2080Ti graphics card. Each epoch of the model takes about 10 minutes to train the network.

Analysis of Key Space
The difficulty of an exhaustive attack is computed by the size of the key space. The number of specifications for the DL network is a key space of the proposed encryption method in this study, with an overall of 2,757,936 specifications in experimentations. Every specification or key is a 32-bit floating point value amid 0 and 1, which are written as a decimal integer with 10 significant digits in the computer. As a result, the encryption model's key space can be stated as (1010) 2757936. Attackers will find it difficult to break down the system, and it will be able to efficiently resist attacks.

Key Randomness Analysis
With the same conditions, the encryption network is trained four times. As a result, the parameters of these four networks, namely Key A, B, C, and D, are used as encryption keys. These four photos are unmistakably distinct. The SSIM index between various photos is usually less than 0.1, indicating that there is very little similarity between them. According to the experiment, the privacy keys for the medical picture encryption network are completely distinct after each training since the neural network's parameters are randomly initialized. As a result of these differences, separate encrypted images are produced, each of which is processed using a different encryption network. The premise is that DL network training is inherently unstable. In different training, different initialization parameters might lead to different end parameters. It is shown that the proposed technique is similar to OTP and that it may be classified as an OTP technique.

Key Sensitivity Analysis
DL models, unlike typical encryption systems, spread errors among layers. A 3 × 3 convolution kernel is used to send the lth pixel in the Nth layer feature map to a nearby pixel in (N + 1)th layer during the convolution process. When a feature point is incorrect, it is transferred to the next layer's 3 × 3 feature points. The inaccuracy of feature points will grow by two pixels for every layer as the depth of the convolutional network increases. This inaccuracy grows exponentially with the superposition of the deconvolution process in the upsampling process. The attacker is assumed to have the most privacy keys in this experiment. Only around 5% of crucial specifications are changed, which is considered an unknown part. The encrypted image is then sent to the network with new specifications, and the network is unable to convert the ciphertext image back to the original. This means that even if only 5% of specifications are modified, the privacy key will fail to properly encrypt or decode the medical image. In other words, breaking the proposed technique requires attackers to estimate at least 95% of correct key specifications in a key space containing (1010) 2757936.

Histogram Analysis
To calculate the performance of the suggested encryption network, the original image and the encrypted image are given in Figure 5c. The pixel distribution in the original image and the encrypted image is considerably varied, according to the experiment. The original chest X-ray image's pixel histogram has 57,600 * (240 * 240) pixels overall, with more than 30,000 pixels having a value of 0, and greater than 5000 pixels having a value of 255. The original image's pixel dissemination is fairly intense. The distribution of encrypted medical photos, on the other hand, is more uniform, which aids statistical analysis.

Entropy Analysis
In contrast to statistical attacks, encrypted image data entropy is considered a significant measurable dimension for methods to defend. Image data entropy is a statistical property of an image's grayscale distribution. The encrypted image should resemble random noise in appearance, the grayscale distribution should be uniform, and the anticipated value should equal 8.

Security Analysis under Various Adversary Models
Tests are being carried out to determine if an attacker can produce a key under three various adversary methods. Hidden Factors Leakage: Four potential network structures are investigated in this experiment: network A, network B, network C, and network D. The training environment remains unchanged. Utilizing trained network A, the original image is encrypted. To restore the original image, the ciphertext image is decrypted by a decryption network retrieved from network A, network B, network C, and network D.

Entropy Analysis
In contrast to statistical attacks, encrypted image data entropy is considered a significant measurable dimension for methods to defend. Image data entropy is a statistical property of an image's grayscale distribution. The encrypted image should resemble random noise in appearance, the grayscale distribution should be uniform, and the anticipated value should equal 8.

Security Analysis under Various Adversary Models
Tests are being carried out to determine if an attacker can produce a key under three various adversary methods. Hidden Factors Leakage: Four potential network structures are investigated in this experiment: network A, network B, network C, and network D. The training environment remains unchanged. Utilizing trained network A, the original image is encrypted. To restore the original image, the ciphertext image is decrypted by a decryption network retrieved from network A, network B, network C, and network D.

Network Architecture Leakage
Different hidden factors are used in this experiment to train encryption networks with the same network configuration. All training circumstances remain constant.

Both Network Architecture Leakage and Hidden Factors
To produce networks A, B, C, and D, the network is trained four times in this experiment under the same hidden elements and training circumstances. Investigation compares the decryption performance of these four networks on identical ciphertext images to determine if specifications produced by each are unique. Using decryption keys B, C, and D, the image's gray value distribution differs significantly from that of the image decrypted with the help of decryption key A. It is seen that one network's encryption of a medical image prevents its decryption by utilizing specifications of another network under same training conditions. Even if method specifications are learned using the same network method and hidden factors, they will not be able to decode the image. Experiments reveal that even though both network design and hidden elements are leaked, and the network is trained under identical circumstances, the specifications of every network are completely dissimilar, i.e., secure keys.

Experimental Analysis
The experiments were carried out on a personal computer (PC) with an NVIDIA GeForce Tesla V100 32G graphics processing unit (GPU), Pytorch 1.1, and Python 3.7 as the experimental environment. The input dataset's image size is 32 × 32 pixels. The proposed method block size is set to 4. After block adaptation networks [7,8], pyramidal residual networks were created. Plain pictures, integrated cat map image encryption [9], a naive blockwise pixel shuffle, and the suggested technique are all compared here.
ImageNet dataset was used to gather 80,000 training photos and 10,000 test images for training network methods in this study. The Adam optimization technique was utilized to automatically modify the learning rate in the training phase to optimize method specifications. Hyper specifications were adjusted to 0.65 and 0.85, with the initial learning proportion set at 0.0001. The maximum number of training iterations was set to 250, while number of images per batch was set at 64. The Labeled Faces in the Wild (LFW) dataset was used for training and testing. This is a regularly used facial recognition test set. Because the face photographs are all taken from real-life situations, recognition difficulty is heightened, particularly due to elements such as different positions, expressions, age, lighting, and occlusion. Photos of the same individual are rather different. Multiple faces may appear in certain photographs. Only the center coordinate face is chosen as the goal in these multiface images, with the others being background interference. The LFW dataset contains 13,233 face pictures. Each photograph contains the name of the individual depicted. There are 5749 persons, and most of them have just one photo. Each photograph is 250 × 250 pixels in size; most are color images, but some are black and white portraits.
The comparative analysis between the proposed and existing techniques is conducted on the two datasets, ImageNet dataset and LFW, in terms of PSNR, SSIM, RMSE, MAP, and encryption speed. These matrices are defined below.
Peak signal-to-noise ratio, or PSNR, measures how well the original data and the reconstructed data match in terms of quality. It is frequently used to assess the effectiveness of data compression and reconstruction methods in the field of image and video processing.
A measure that evaluates the similarity between two pictures is called SSIM (structural similarity index). It is predicated on the idea that structural information, such as the association between neighboring pixels, is easily perceptible by humans due to their highly developed visual system. Images are compared for structural similarities using SSIM.
The discrepancy between two sets of data is measured by RMSE (root mean squared error). It is employed to evaluate the discrepancy between values that a model predicts and values that are observed. Information retrieval and classification algorithm performance are assessed using the MAP (mean average precision) measure. In the field of computer vision, it is frequently used to assess how well object detection methods are working.
PSNR (peak signal-to-noise ratio) is usually expressed in decibels (dB). SSIM (structural similarity index) is a dimensionless value that is typically expressed as a decimal value between −1 and 1, where a value of 1 indicates that the two images are identical. RMSE (root mean squared error) is typically expressed in terms of the pixel values of the images. MAP (mean average precision) is a dimensionless value that is usually expressed as a decimal value between 0 and 1. Encryption speed is typically expressed in terms of the number of operations per second that can be performed by the encryption algorithm. Table 2 presents a comparative evaluation between suggested and existing methods in face image encryption based on DL architectures. Here, the ImageNet and LFW face datasets are compared when the proposed Cry_GANN_OChaMap and existing CNN and IEA methods are applied. The parametric analysis was carried out regarding PSNR, RMSE, SSIM, MAP, and encryption speed. Parametric analysis for the ImageNet and LFW datasets are displayed in Figures 5 and 6, respectively. Initially, for the ImageNet dataset, the proposed Cry_GANN_OChaMap obtained PSNR of 92%, RMSE of 85%, SSIM of 68%, MAP of 52%, and encryption speed of 88%, as shown in Figure 5a through (e) respectively; while the LFW dataset attained PSNR of 90%, RMSE of 89%, SSIM of 61%, MAP of 59% and encryption speed of 89%, as shown in Figure 6a through (e), respectively. From this analysis, it can be observed that the proposed technique attained optimal results in face encryption based on DL techniques. The digital optic chaotic mapping technique is utilized as a preprocessing step for the proposed face feature encryption technique. Chaotic mapping is being used to process and map the input face image, which is then fed into the Crypto General Adversarial neural network for encryption and decryption. The use of chaotic mapping allows for efficient encryption and decryption of the image, and the combination of chaotic mapping with deep learning techniques allows for the development of a secure encryption and decryption method. The results demonstrate that the proposed technique for face encryption outperformed existing techniques. The digital optic chaotic mapping technique is utilized as a preprocessing step for the proposed face feature encryption technique. Chaotic mapping is being used to process and map the input face image, which is then fed into the Crypto General Adversarial neural network for encryption and decryption. The use of chaotic mapping allows for efficient encryption and decryption of the image, and the combination of chaotic mapping with deep learning techniques allows for the development of a secure encryption and decryption method. The results demonstrate that the proposed technique for face encryption outperformed existing techniques.

Conclusions
This research proposed a novel technique in secure face image encryption based on DL architectures. Here, the input face image is processed and mapped using optical chaotic maps, which are utilized for efficient encryption and decryption of the image. Then, the secure Crypto General Adversarial neural network was developed for the encryption and decryption process with image optimization. The key is crucial to successful encryption and decoding in cryptography. The key's security determines information security. The standard image encryption scheme is vulnerable to key sharing and repudiation attacks. If the key is excessively long, it is difficult to remember and simple to lose. As times demanded, biometric encryption technology arose to address the issue of key security. The key is produced using an individual's biometrics, and then used with appropriate picture encryption methods to attain data encryption. Uniqueness, stability, nonaggression, and other criteria of biological features that can be encrypted should be met. Experimental analysis was carried out for various datasets; the proposed Cry_GANN_OChaMap technique resulted in PSNR of 92%, RMSE of 85%, SSIM of 68%, MAP of 52%, and encryption speed of 88%.
Future research will focus on how the system learns reliable encryption algorithms for asymmetric encryption. Additionally, it is thought that the encryption technique developed through adversarial training may be used for a larger range of data types, including audio and image data, in addition to character data security.