Medical Image Encryption: A Comprehensive Review

: In medical information systems, image data can be considered crucial information. As imaging technology and methods for analyzing medical images advance, there will be a greater wealth of data available for study. Hence, protecting those images is essential. Image encryption methods are crucial in multimedia applications for ensuring the security and authenticity of digital images. Recently, the encryption of medical images has garnered signiﬁcant attention from academics due to concerns about the safety of medical communication. Advanced approaches, such as e-health, smart health, and telemedicine applications, are employed in the medical profession. This has highlighted the issue that medical images are often produced and shared online, necessitating protection against unauthorized use.


Introduction
Electronic health records (EHRs) are a type of digital health record that is regularly created, updated, and disseminated online to facilitate efficient, accurate data collection thanks to the proliferation of smart and intelligent technologies [1,2].A patient's electronic health record is a collection of data about the patient maintained by the relevant healthcare providers, including the patient's demographics, medical history, symptoms, and other relevant data.Images sent over the internet are vulnerable to eavesdropping, tampering, unauthorized duplication, and other forms of theft because they are sent in clear text.With today's heavy reliance on electronic communication networks, protecting private information is more important than ever [3].In light of this, there has been an increased focus in recent years on protecting the image in an effective manner.The fundamental concept is to encrypt these images with an algorithm so that an adversary cannot decipher any salient data.The techniques are extremely sensitive to changes in starting point, parameters used for control, periods, ergodicity, and even the appearance of randomness.The term "cryptography" refers to either the practice of encrypting data or the study of how such data is encrypted [4].Before being transmitted via public networks, the actual data are first transformed into a representation that is meaningless without additional information.One of the most frequently suggested methods for ensuring the safety of medical images in the healthcare industry is encryption [5].In this plan, the original image is transformed into a cipher image, and only authorized users are able to view its contents [6].This prevents unauthorized users from gaining access to the data.Cryptography is frequently employed now because of the considerable security benefits it provides.The numerous motivations behind the use of cryptography are listed below in Figure 1.In general, there are two main categories that can be used to categorize encryption methods: symmetric and asymmetric procedures.To secure an image using symmetric encryption, it is essential to maintain a singular key.Conversely, the utilization of asymmetric techniques necessitates the preservation of two distinct keys [6]. Figure 2 shows the basic procedure for medical image encryption.Asymmetric encryption is superior to symmetric encryption but more time-consuming to implement [1].Over the last few decades, academics have relied on traditional encryption methods to guarantee the authenticity of images.Due to the inherently different characteristics of digital images, however, it is no longer possible to put these ideas into effect [7].The efficient encryption system was created by researchers as a solution to the problem of medical image confidentiality.To that end, this article's primary contribution is a primer on the history and evaluation metrics of picture encryption.Then, we discuss the benefits and drawbacks of several medical image encryption systems.In addition, the estimated design objectives, targets, methodologies, assessment measures, and weaknesses are outlined with the contributions of the surveyed scheme.Finally, contemporary challenges are underscored, and numerous avenues of potential research that may contribute to bridging the existing gaps in these domains are highlighted, thereby facilitating the endeavors of academics and developers alike.To protect sensitive information and prevent unauthorized changes, cryptography offers a variety of safeguards.
The following is how the paper is organized: In Section 2, we covered why it is necessary to encrypt medical images.We have outlined what is required for image encryption methods in Section 3. We introduced the measurements and criteria used to compare the effectiveness of different encryption algorithms in Section 4. In Section 5, we talk about a few common attacks in the domain of image processing.
Also, we have given a literature study and classification of the most common image encryption schemes In Section 6. Section 7 includes the cryptographic systems and components.The conclusion is discussed in the final section.

The Purpose of Encrypting Medical Images
The encryption of medical images is a growing area of application for cryptographic systems, and as such, it should be performed using efficient algorithms that require low cost and time.When encrypting an image, it is necessary to apply either a symmetric or an asymmetric encryption technique for the input image to be transformed into a cipher image utilizing either symmetric or asymmetric keys.This process is known as image encryption.
Varying methods with different parameters can be used to encrypt medical images.The encryption of medical images can be accomplished by various methods, including highspeed scrambling [8], bitwise XOR diffusion, chaotic and edge maps, and so on.There are several ways to evaluate the effectiveness of the algorithm used to encrypt medical images, including the peak signal-to-noise ratio, the bit error rate, the fidelity, and the mean square error.Telemedicine, telesurgery, and teleradiology are examples of highly developed technologies that are currently undergoing the clinical trial and implementation phase.There is a risk that sensitive patient data will be transmitted across a network using these technologies.In particular, medical imaging (MRI, CT, and X-ray) are vulnerable to manipulation because of its vast data storage, redundancy, and strong pixel correlation.The development of a high-performance, efficient method of encrypting medical images is essential to:

•
Confidential and secure communication of patients' medical records; • Integrity Assurance; • Preventing alterations to medical images that could cause a misdiagnosis; • Avoid falling victim to cyber-attacks.

Requirements for Image Encryption
Due to the unique qualities of images, maintaining image security has evolved into a difficult challenge [9].Guidelines for basic image encryption are shown in Figure 3.A number of the most important aspects of image encryption for privacy protection are outlined here.

•
Security: An essential feature of any effective encryption method is a focus on security.
To guarantee an image feature's trustworthiness, a separate encryption procedure should be used.In general, it involves elements of perceptional safety, key sensitivity, and resistance to possible threats.

•
Perceptual security: When an encrypted image is produced as a result of an encryption process in such a way that it cannot be perceptually recognized, we say that the process is secure in perception.

•
Keyspace: In cryptography, the term "key space" refers to all potential encryption keys that can be used during encoding.A larger key space value is preferable in terms of protection against exhaustive search attacks.

•
Key sensitivity: What this means in practice is how much a change of just one bit in the encryption key will alter the cipher images.Every encryption method should be highly sensitive to private encryption key variation.

•
Potential attacks: An ideal image encryption approach would be impervious to the various attacks that may be launched against the underlying cryptosystem, including ciphertext-only attacks, known-plaintext attacks, differential attacks, and so on.

•
Computational complexity: Using a cryptographic model to encrypt all of a picture's data would result in an extremely high computational complexity for the entire image; hence only the most crucial data should be encrypted for security.
• Invariance of compression ratio: Invariance in the compression ratio of the encrypted image is necessary for the preservation of storage space, data transfer rates, and image quality after decompression.

•
Real-time demand: Real-time performance can be seen in things like video conferencing and image surveillance, for example.A necessary requirement for encryption and decryption is to maintain a tolerable delay.

•
Multiple levels of security: Various iterations and a range of key sizes can be utilized to keep security at a high level while also allowing for expansion.

•
Transmission error tolerance: Real-time data transfer happens across noisy media.This suggests that an ideal for a flawless model of encryption is needed.

Image Encryption: An Evaluation and Assessment
In order to evaluate the efficacy of various encryption methods, many metrics and criteria are employed [10].The following section will review some of the most common metrics, as shown in Table 1.

1.
Visual assessment: Deciphering encrypted images requires a visual inspection of the binary, grayscale, and color versions of the image.

2.
Statistical Analysis: Statistical analysis refers to the process of analyzing the correlations between the pixels of an encoded image.This evaluation makes use of the histogram and the correlation coefficient.

3.
Differential Analysis: Finding out how a single bit shift in the secret key or a single pixel shift in the plain image affects the cipher image.

4.
Security Analysis: We consider the following elements in our examination of the safety of every procedure:

Criteria for Evaluation Description Metric
Security Any method of encryption that is unaffected by any possible risks.
Protecting against attacks while maintaining the appearance of vast key space and highly sensitive keys is essential.

Computational time
It is vital to compress images without losing quality to lessen the amount of space required for image storage or the bandwidth required for image transmission.
Uses the permutation and diffusion functions.The complexity and time required for encrypting and decrypting an image are extremely low.

Compression ratio
A size decrease is accomplished by compressing methods.It is the ratio between the uncompressed and compressed versions of the image.

Robustness Quality
It is an examination of the difference in quality between the plain images and the decrypted ones.

Prevalent Forms of Image Attacks
In this section, a discussion is presented regarding several prevalent attacks encountered within the field of image processing [12,13].

1.
Ciphertext-only: During this type of attack, cryptanalysts are only able to obtain access to certain groups of cipher texts; hence, they attempt to decrypt ciphertext in order to gain access to the secret key or plain text.

2.
Known-plaintext: An attacker who has access to both the plaintext and the encrypted version of a message launches this kind of attack in an attempt to deduce the secret key used for the encryption.

3.
Chosen-plaintext: A random plain image is chosen by the attacker and inserted into the encryption algorithm, allowing for a more thorough analysis of the related cipher image.

4.
Brute-force: In order to decipher the data that has been encrypted, every conceivable combination of keys will be tried until the secret key can be discovered.

5.
Differential attack: It is used to determine how sensitive an encryption method is to slight modifications to the original picture.The plain image is modified slightly by the attacker, who then uses the same encryption technique to encrypt both the original and modified versions of the image to determine how the original plain image compares to the encrypted image.

6.
Noise: An attacker's goal here is to corrupt the useable information of the plain image by introducing noise into the encrypted image.If the intended recipient cannot restore the original image following decryption, the attack has succeeded.

7.
Occlusion: Using this method, we can see how well we do at recovering lost data from encoded images that were compromised by hackers or just lost their connection to the internet.

8.
Entropy: In this technique, the attacker creates "stale" packets by combining "fresh" packets from a later time period with "old" packets from a previous collection or interception.The system's information entropy will decrease dramatically as a result of these packets' lack of additional coding information.9.
Side channel attacks (SCAs): The use of Side-Channel Attacks, also known as SCAs, has become an efficient method for getting confidential information from cryptographic devices, which poses a significant risk to the devices' level of security.Kocher introduces the concept of a side channel attack in the form of a timing assault, where an attacker monitors how long it takes a device to carry out a series of calculations and uses that data to learn more about the crypto-system [14].He also has demonstrated that the key can be revealed through the cipher's non-constant execution duration.A side-channel attack, in general, is a case where we have a security algorithm such as encryption, inputs and outputs, and a key that is super secure, and nobody is able to know that key.The entire security of the algorithm relies on this, or it is designed to protect that key.An adversary can gather information by monitoring the system's power consumption, electromagnetic field (EMF), computation time, and memory access patterns rather than plaintext or ciphertext messages while it manipulates data.
The attacker then looks into the relationships between the signatures observed in the side channel and the signatures predicted from the intermediate data and computation states.Private information may be leaked or made public as a result of this procedure.There are two distinct types of SCAs, namely profiled and nonprofiled assessments [15].There are two stages to a profiled SCA: the profiling phase, during which an adversary is given a training device to test, allowing him to characterize physical leakages and obtain a precise leakage model, and the online exploitation phase, during which an attack is mounted against a similar target device in order to extract the secret key.SCA is shown in Figure 4 [16].Power analysis attacks (PAAs) are the most efficient type of SCAs since they are simple to execute in a test environment and require a low cost on the part of the attacker PAAs are based on a power analysis calculation [17].The main types of PAAs are:

•
Simple power analysis (SPA): attempts to extract information about the functioning of a gadget by analyzing the amount of power that it consumes.

•
Differential power analysis (DPA): plans to make use of the data dependencies that are present in the power usage pattern.

•
Correlation power analysis (CPA): Using the hamming weight power model in CPA allows one to determine whether or not there is a correlation between the anticipated output and the actual power output of an encoded device [18].
10. Fault Attack: a fault analysis (FA) is a common and robust active SCA approach in which a defect inserted within the processes of a cipher may cause an error based on the parameters of internal secret states.Specifically, we classify fault attacks as either safe-error-based, weak-curve-based, or differential-fault-based.The idea behind "safe-error attacks" is that it is possible to make mistakes without significantly altering the outcome.In an effort to break a system, weak curve attacks convert scalar multiplications from strong curves to weak ones.Bit-by-bit scalar data can be retrieved by differential fault attacks by comparing the expected and unexpected output.In order to execute a fault attack, the attacker must have direct control over the victim's device and must subject it to extreme external stress.Mean to cause faults in such a way that these errors result in a security fault in the system; in fact, in the fault attacks, we are facing some intentional alterations to expose the device to some out-of-specification physical conditions, such as high or low temperature and radiation [19].On the other hand, an attack that is software-induced and causes a physical defect is also a possibility.Differential fault analysis (DFA) examines the information flow within the context of an implemented encryption [20].
Countermeasures for Power and Fault Analysis: Employing diverse countermeasures that give protection against both power and fault attacks is the first step toward mitigating the effects of power and fault analysis, which is one of the possible solutions.Ref. [21] uses hardware redundancy and randomized cipher operations to thwart power analysis and cryptographic faults.It also utilizes fault space transformation (FST), in which redundant state computations are performed in different domains, making it challenging to induce the same error in redundant states.By rearranging the order of computations, a cipher makes it more difficult for an attacker to align the power traces of its internal processes.There is also an examination of how error detection using parity and hardware redundancy interact [22].Both fault detection countermeasure types were found to significantly accelerate the rate of key recovery with CPA.In [23], data path shuffling is used to defend an AES implementation from localized EM fault attacks.One of the significant drawbacks of using different defenses against power and fault analysis is that defenses against one form of attack may have an unintended detrimental effect on defenses against the other sort of attack if they are not correctly built.Using concurrent error detection (CED) codes for fault protection has been proved in multiple studies to improve the accuracy of the power quality analysis [24].
In order to analyze an image, an evaluation of the image's ciphering must be performed.Several metrics, summarized in Table 2, will be used in the evaluative process.[25,26] Evaluation of the Current Encryption Method NPCR's range is 0 to 1. NPCR = 1 is ideally suited.A UACI of ≈34 is optimal for a 512 × 512 pixel image.
where, C 1 and C 2 are encoded images both before and after a single pixel change was made, L is the highest pixel value that can be supported, and T would be the complete number of pixels.

It is essential for any cryptographic algorithm
to have a NPCR ≥ 0.9, and UACI ≈ 0.33 For which E(x), E(y), D(x), D(y) are the means and standard deviations of x and y, respectively.The covariance between x and y is denoted by C(x,y), where p is the total number of pixel pairings (x i , y i ).
The CC value for an encrypted image should be ≈0 Mean Squared Error (MSE) Validation of error values that establish the distinction between an encrypted image and a plain image MSE's range is 0 to ∞. -ET should have less of an impact on the value of any encryption scheme.

Techniques of Image Encryption: A Literature Review
This section presents a taxonomy of image encryption techniques.Compressive sensing, optical encryption, spatial encryption, and transform domain encryption are the four primary categories that are used to classify image encryption techniques.Various methods of encrypting images are categorized in Figure 5. Several cryptographic processes can be used to ensure that medical images are transferred securely and cannot be intercepted [27].
As a result of their widespread popularity, the three methods employed in this paper because they are achieving the following goals in the field of medical image encryption: For chaotic maps:

•
Safety: According to the theory of chaos, the state of a chaotic system can change drastically depending on its initial conditions.Encryption algorithms with high resilience to attacks can be designed by making use of this unpredictability and complexity.In order to improve the security of the encryption process, chaos-based encryption methods seek to utilize the chaotic behavior of mathematical models to either produce encryption keys or directly change the medical imaging data.

•
Nonlinearity: Medical photos frequently feature complex structures and patterns that might be difficult to encrypt using linear methods.The nonlinear approach provided by chaos-based encryption algorithms makes it possible to encrypt medical image information in a more safe and reliable fashion.Complexity can be introduced by the chaotic dynamics, making it more difficult for an adversary to decipher the encryption.

•
Resistance to Statistical Attacks: Healthcare images frequently display statistical regularities or patterns that could be used maliciously.To protect its encrypted data from statistical attacks, chaos-based encryption techniques might inject a large amount of unpredictability.
For ECC: • Key Size Efficiency: ECC provides the same or more security than other encryption methods like RSA but with more manageable key sizes.This is helpful for protecting medical photos, which often measure in gigabytes and require speedy encryption and decryption procedures.ECC is a useful option for protecting medical images since its smaller key sizes allow for faster computations, and less storage space is needed.

•
Emerging Technology: DNA-based encryption techniques are an innovative and cutting-edge approach to data security.Researchers and practitioners in the field of medical image encryption can push the boundaries of the discipline and make significant contributions to the development of both encryption and medical imaging by incorporating such technologies.
DNA encryption technologies are still in the experimental stages of development and application.Although they hold promise for the future, additional research and development are necessary to completely comprehend their potential benefits and challenges in the context of medical image encryption.
For PQC One of the key reasons for opting for Post-Quantum Cryptography (PQC) encryption methods is the expectation that quantum computers may one day be developed.Classical computers process and store information using binary digits (bits), but quantum computers employ quantum bits (qubits), which can be in more than one state at once.For some mathematical problems, such as those at the heart of many popular encryption techniques, quantum computers may be able to find solutions significantly more quickly than classical ones, thanks to their intrinsic parallelism.Researchers and security experts have been investigating and creating PQC encryption ways to counteract this immediate danger.PQC methods are designed to protect data in the long term from being compromised by either classical or quantum computers.These algorithms are built to withstand attacks from quantum computers, lowering our vulnerability to potential quantum computing developments in the future.
As a result of this, there is a heightened interest in learning more about these methods.

Encryption Based on Chaotic Maps
Given their behavior, chaotic maps are of particular interest in dynamic systems.This means that even a seemingly minor shift in the inputs might have a significant impact on the results.There are two main types, called discrete and continuous, respectively.Because of their advantageous balance of security and processing speed, chaotic maps see widespread use in various communication scenarios [28].Figure 6 represents the chaotic image encrypting process [29].The author in [30] used a method for the double encryption of images that was based on chaos to provide high security.The first step was encrypting the face extracted from the image, and the second encryption of the entire image.2D SFSIMM (Two-dimensional hyperchaotic map, sinusoidal feedback Sine ICMIC modulation map) is responsible for generating the keystream for the cryptosystem.At the same time, both scrambling and diffusion were proposed.This technique is robust against various statistical attacks since the attacker needs to crack two rounds of the encryption algorithm.
In [31], to encode and decode images securely, a new cryptosystem based on three maps has been developed.The sine map is used in the permutation technique to adjust the coordinates of the pixels in the source image, while the substitution is performed on the permuted image using the second secret key K. Lastly, the CTM-based image scrambling is performed with a bit XOR.
A developed technique for chaotic image encryption using Latin squares and random shifts was suggested in [32].Four steps comprise the algorithm: creating a key, scrambling pixels, swapping out pixels, and scrambling bits.The security and robustness of the procedure are both improved by increasing the resulting Latin square matrix's complexity.In order to increase the high sensitivity of the cryptography approach, the key is first produced from the plain image.The second step in achieving pixel position scrambling is to cyclically shift each pixel to the right within each row of the image matrix.Then, the image matrix's coordinate elements are replaced by the results of a lookup table comprised of a 256-by-256 Latin square matrix containing a chaotic sequence, with replacement coordinates determined depending on the values of the image's pixels and the sequence's values.The implementation of a multimedia encryption technique is difficult since it takes more resources (time and storage).Due to this, the lightweight image encryption technique, which uses minimal memory, time, or energy and offers the highest level of security for low-powered devices, is becoming more and more popular.
Therefore, a study by Ferdush et al. [33] studied the lightweight image encryption approach that was based on chaos.As a first step, the author developed a standardized approach and method for lightweight image cryptography based on two different chaotic maps, specifically Arnold and Logistic.
Another study [34] discussed the modification of pixel values and positions based on the SCAN algorithm and chaotic theory.The SCAN method includes converting the pixel value of an image to a new pixel value and then rearranging the pixels in the image in a specific order.Meanwhile, within the block, the coordinates of the pixels can be moved about with the use of a chaotic map.Pixels are diffused using the SCAN method, while permutations are generated using chaotic maps.Since limitations of wavelet-based approaches include insufficient phase information, inadequate directionality, and sensitivity to shifts.
Another study [35] applied (ICE) Improved Chaos Encryption to strengthen the protection that was based on randomization.The ICE approach was employed to increase the medical encryption's level of security.ICE first partitions the original image into three parts which were: border area, (ROI) Region of interest and (RONI) Region of noninterest.The Lorenz 96 model was applied for medical image encryption.The information would be embedded based on LSB.
In order to guarantee the authenticity of the integrity authentication, ROI has been recovered and returned to its starting position.S-HC-DNA in [36] was an upgraded image encryption scheme to increase the protection afforded to medical images during information-sharing procedures, such as those conducted over the internet.The SHA-3 technique was utilized to compute the hash value of the input image, and the resulting value was utilized as the starting point for the hyper-chaotic system.The input image's intensity value was then transformed into a sequential binary digital stream.In order to improve the encryption performance, the values of the DNA encoding were subjected to algebraic and complementary operations during the hyperchaotic sequence and DNA sequence operation.
The SCAN pattern and tent map are also proposed in [37].The method consists of a bit plane decomposition, a SCAN-based shuffling process, and a diffusion operation.In order to obtain a more unpredictable result, the SCAN method was implemented on both the upper and lower four-bit planes independently.After that, the XOR operation would be included in the diffusion operation.
Securing E-healthcare image encryption based on a six-dimensional hyperchaotic map (SDHM) was suggested in [38].This scheme was used to retrieve hidden keys.After that, these keys were applied to the medical images to diffuse them.In general, the proposed SDHM was divided into three sections: the creation of a key, the encrypting procedure, and the decrypting procedure.The key size has been greatly expanded due to the SDHM that was proposed.Thus, the SDHM that has been presented was capable of withstanding various security attacks.
In [39], the author proposed a chaotic-based cryptography architecture for the secure storage and transmission of medical images.The key was first generated by employing the chaotic map approach on the medical image.This produced the initial result.Second, it was implemented in a way that creates confusion both row by row and column by column.In addition, a binary complement operation and a reverse complement operation were used to complete the diffusion process.Images that have been diffused were XORed with key images that have a chaotic appearance.Several attacks were used to evaluate the proposed system's security.According to the simulation results, the created cryptosystem must meet the needs of IoT healthcare applications.
Another study [40] suggested a method for encrypting medical images using chaotic logistic maps and linear feedback shift registers to produce pseudo-random sequences, which were then utilized to form a cipher key by being XORed together.The suggested approach protected several different medical image formats from a wide range of threats.
In [41], the authors presented a novel image encryption algorithm that could be used for both gray and colored medical images.The authors claimed that their algorithm was superior to current encryption methods that were already in use.
The authors in [42] designed a selective image encryption algorithm that was both secure and effective.The encryption method was designed with the foundations of polynomial secret picture sharing and chaotic maps.A polynomial-based secret image sharing (SIS) and a chaotic map system are used to encrypt the essential component of the ROI after image processing techniques are employed to partition the image into a region of interest (ROI) and a region of non-interest (RONI).In order to reduce the amount of time spent encrypting and decrypting data, as well as the amount of computing complexity involved in processing the enormous amount of image data, a preset section of the original image data were encrypted.The experimental results demonstrated the efficiency of Polynomial-based SIS and chaotic image encryption for the concealment-critical tasks of diffusion and confusion, respectively.
A new, most significant bit (MSB) based reversible data encryption solution for huge amounts of data is proposed in [43].In the first step, the encrypted domain data undergoes MSB data concealing after the three stages of prediction error detection, fusion error encryption, and substitution data encryption have been taken into account.As a result, the initial phase of the method involves locating and cataloging every instance of incorrect prediction in the source image using a binary map.Then, to fix the mistake in the predictions, a high-capacity reversible data hiding technique (CPHCRDH) is proposed.A map of where mistakes are likely to occur in the prediction process is created, and the original image is preprocessed using this map before encryption takes place.Through MSP prediction, the original, undamaged image can be rebuilt.The simulation experiment on three test cases of CT images of the eyes, body, and brain demonstrates that the suggested method outperforms the selected contrasting methodology across six indicators, including the horizontal and vertical correlation coefficients.
Introducing 2D-LGHM, a brand new Logistic-Gaussian hyperchaotic map in [44].First, the author builds a 2D Logistic-Gaussian hyperchaotic map (2D-LGHM) with a wide variety of hyperchaos and it finds that it has superior ergodicity and unpredictability based on performance test metrics.In this study, the author develops a novel method for encrypting medical images by using hyperchaotic matrices to randomly disturb pixels and by substituting each pixel's value with those of its neighbors in opposite orientations.An effective application of the chaotic sequence to eliminate neighboring-pixel correlation and universally alter pixel values.The experiment outcomes and performance analysis demonstrate that LG-IES is capable of encrypting a wide variety of medical images into an unrecognizable cipher image that can only be decrypted with the correct secret key.
Table 3 illustrates the state-of-the-art of the various encryption techniques based on chaotic maps.Offers the highest possible protection for a select number of devices.

Lightweight Chaotic Cryptosystem
Classical images Lena, Baboon Medical images Chest X-RAY, ECG Signal - [34] In order to ensure the safety of medical images prior to their transmission to the general public via this network.

SCAN and chaotic-map-based image encryption
Medical image baby in womb - [35] Increasing security through randomness.

Lorenz-chaotic encryption with enhancements
Medical image Jaw X-RAY Various kinds of attacks [36] Improvement of medical image safety during data exchanges, particularly online.

Medical image Brain image
Noise and clipping attacks.

Ref. No.
Objective Approaches Used Database Information Attack Considered [37] Accomplishes a high level of safety with minimal effort on the computational front.
SCAN method and chaotic tent map Different medical images Statistical and differential attacks [38] To ensure the safety of medical images before to their dissemination on public networks.
Six-dimensional hyperchaotic map (SDHM) Medical images Security attacks [39] For the purpose of assuring the safety of the medical images while they are being sent and stored.
Chaotic security architecture X-RAY Medical images Noise Attack [40] Avoid unauthorized access to sensitive medical image information.

Chaotic logistic map and linear feedback shift register
Brain MRI chest X-ray Security attacks like brute-force, man-in-the-middle [41] For the purpose of encrypting both black-and-white and color medical photos.

Image blocks and chaos
Different medical images Differential attacks [42] To lower computational costs and save time.
A polynomial-based system for secret image sharing (SIS), as well as a chaotic map system Brain MRI Brute force attacks [43] Addressing both the limited encrypted data capacity of the technique and the difficulty of recovering encrypted data.
Based on the most significant bit (MSB), a large-capacity reversible data encryption technique

Medical images
Statistical attacks [44] To demonstrate exceptional safety and high performance.

Medical images Security attacks
Measures such as NPCR, UACI, KA, HA, MAE, EI, ET, NA, KS key sensitivity, and PSNR are used to confirm the algorithms' efficacy and strength.The outcomes of the diverse techniques employed in the aforementioned prior investigations are compared in Table 4.The optimal value of UACI is 34.However, in some papers appears % as a statistical analysis of a group of images.

Encryption Based on Elliptic Curve Cryptography (ECC)
The characteristics of algebraic curves serve as the foundation for the construction of elliptic curves.The use of an elliptic curve was integral to the creation of a public key encryption method by Koblitz and Miller.Elliptic curve encryption's main advantages are its low key size and high processing efficiency [45].The function of an elliptic curve within an image encryption is illustrated in Figure 7 [29].In [46], an existing encryption system that was created with elliptic curve cryptography (ECC) and a Hill cipher was analyzed through the process of cryptanalysis.Affine Hill ciphers were utilized to spread the original image matrix into 4 × 4 blocks, which were then employed as keys in the scheme.Most importantly, the selected elliptic curve was used to construct the chaotic map's primary parameters.Bit-wise XOR was then performed with the produced Arnold map sequence on top of the scrambled data.According to the results of the research, the current system was insecure and could be broken by a brute-force attack.
ECC also proposed in [47] as a security for medical images in the IoT which was proposed by combining visual cryptography and Optimal Elliptic Curve Cryptography (IoT).Using an imperialist competitive algorithm, the best possible key was constructed.The ESEA strategy that has been presented shortens the amount of time needed to upload files and cuts down on the amount of memory that was consumed by encryption.The simulation results showed that the suggested system had a good chance of achieving the optimal global solutions faster and more precisely than the current methods.
In [48], the authors discussed a new cryptographic approach for protecting medical images created by IoHT healthcare devices by applying an advanced optimization technique, based on elliptical curves and Grasshopper Particle Swarm Optimization (GOPSO) to choose the best possible key to protect medical images.Compared to previous optimal encryption methods, the study's findings showed that the proposed algorithm was secure and resistant against a wide range of assaults.The results of the experiments demonstrate increased sensitivity of the keys, improved accuracy of the encryption, and excellent resistance to statistical attacks.
In this study [49], the authors discuss a novel cryptographic method for securing medical images that rely on Hill cipher in conjunction with ECC (ECCHC).The authors employ this strategy to overcome the vulnerability of certain encryption techniques to specific attacks and the difficulty of using a key length that is resistant to brute-force methods of decryption.The ECCHC scheme was found to be secure and perform better than competing schemes through extensive testing and research.
A homomorphic encryption method based on an elliptic curve was presented in [50] for use with medical images.The author used the improved ECC to bring about the addition homomorphism and the multiplication homomorphism.It has recently been demonstrated that cryptosystems based on ECs over finite rings may offer higher security than those based on other algorithms, such as the factorization problem or the discrete logarithm problem.
Prompted by this realization, a fresh approach to cryptography based on ECs over finite rings was introduced in [51].The approach consists of three primary phases, the first of which involves masking the simple image with points of an EC across a finite ring.
Step two involved generating diffusion within the masked image by transferring the EC through the finite ring to the EC over the finite field.In order to produce a large amount of confusion in the plain text, the author first constructed a substitution box (S-box) based on the ordered EC.This box was then used to permute the pixels of the diffused image to produce a cipher image.
Upgraded image encryption using MAES-ECC was developed for use in embedded systems in [52].This technique employed a modified variant of AES in which the mix column transformation phase was replaced with a permutation-based shift of columns, resulting in reduced temporal complexity while maintaining the Shannon principle of diffusion and confusion.
Using the elliptic curve cryptosystem and the hill cipher, the author of [53] created a robust image encryption technique.Hill Cipher transforms a symmetric encryption method into an asymmetric one, making it more secure and resistant to attacks.In this technique, the burden of locating and disseminating the inverse key for decryption was eliminated by using a self-invertible key matrix for the purpose of encrypting and decrypting confidential information.Intruders would have a difficult time deciphering this strategy because the key matrix that used was based on ECC.The results of the simulation have shown that the method was effective in both protecting against a variety of attacks and saving time.
The author in [54] used a moving S-box and a random additive mask to encrypt images.The approach used two methods: the first was the use of random nonce and safe hash algorithm in computing per-image Henon map setup, and the second was the use of elliptic curve encryption in securing the secret key.The suggested approach achieved encryption speeds that were close to 60 MB/s due to its excellent computational efficiency.
In [55], the study sought to accomplish two goals at once.First, by establishing a total order on an EC over a prime field, the author introduced new techniques for building s-boxes and generating pseudo random numbers (PRN).The second component was a two-phase image encryption system that was based on the recently established s-box and PRN generating method.The plain-image would be first confused by a suggested PRN, which was then masked by a fully dynamic S-box in this security system.This process began by diffusing the plain-image.The proposed methods were capable of constructing cryptographically robust S-boxes and PRNs with high entropy and excellent resistance to contemporary image cryptanalysis.The outcomes of the diverse techniques employed in the aforementioned prior investigations are compared in Table 6.Deoxyribonucleic acid (DNA) technology has recently touched many fields, including the medical system, information science, etc. Information was stored in DNA molecules, which carry genetic code that could be converted from one form to another.Pseudo-DNA technology was a simulation environment for DNA-based biological experiments recently developed by scientists.DNA encryption has been advanced by this idea [56].
The DNA-based image encryption mechanism is depicted in the block diagram found in Figure 8 [29].The first step was to separate the image into its individual color channels: red (R), green (G), and blue (B).Each of these three channels was converted into a binary matrix.These matrices were subsequently encoded according to the rules of DNA encoding.DNA operations were performed on the encoded matrices, which scrambled the similarity between pixel values.Applying the decoding rules results in a new set of binary matrices.Eventually, a cipher-colored image was created by combining these three color channels [57].In [58], a method for encrypting images using DNA coding and annealing was presented as a possible solution.The image pixels were modified with the chaotic system's pseudo-random number sequence by adding the mutation step to the conventional scrambling and diffusion framework.This outcome was in an image that was more difficult to decipher.There was an 80% probability that every pixel would have just one bit reversed and a 20% chance that every bit would be reversed.Authors generated ciphertext images by applying the same encryption approach to the RGB, YC, and BG channels of a color image.
To secure sensitive medical images, a new cryptosystem is presented in [59].Using DNA sequencing, Knight's trip map, intertwining chaotic maps, and affinity transforming.First, a B1 pixel DNA-coded matrix is created from the original medical image.The remaining pixels in matrix B2 were deployed on the pixel index values selection using DNA coding.After that, the system and control parameters generated chaotic sequences, which were depicted as a through-like pattern in the chaotic map.The performance analysis results showed that the suggested DMIES effectively reduces the risk of attacks like differential cropping, exhaustive probing, noise, and statistical analysis.
In [60], The image was encrypted using three different stages: one phase of confusion and two phases of diffusion.In the first stage of diffusion, DNA XOR was used to partially encrypt the image by operating on DNA-encoded image pixels and a hyperchaotic sequence.The next step involved using a Baker map to scramble the placements of each pixel in the partially encrypted image.A two-dimensional discrete cosine transform (DCT) was applied to the image in the diffusion phase, which converted the information from the spatial domain to the frequency domain.Due to its key sensitivity and resistance to various crypt-analytic attacks, the proposed algorithm demonstrated a high level of security.
For medical image encryption, Ref. [61] suggested system combines the hyperchaotic RKF-45 random sequence with DNA computation.The suggested framework used the RKF45 approach to generate chaotic sequences.After that, a 4-dimensional hyperchaotic integration was used to produce a random key sequence.The proposed framework cipher's unpredictability and efficiency were also improved by adopting DNA addition and subtraction operations.According to the findings, the suggested HC-RK45-DNA framework could withstand differential attacks.
A new DNA-based medical image encryption method and a 3D unified chaotic system were presented in [62] to increase the safety of medical image storage.In the beginning, a key value was constructed by using the input image for the sake of avoiding specific plaintext attacks.The execution of the chaotic system and its starting values were determined by this freshly produced key value.Here, a chaotic system was driven to generate a pseudorandom sequence that could be used for image scrambling and diffusion, as well as for converting pixels to DNA bases.The DNA bases were then converted and decoded using straightforward reversible methods.First, random numbers were used to swap out DNA bases, and then the bases were decoded to produce a new pixel value.
An image steganography scheme based on DNA was proposed in [63]; the proposed method involved encrypting the image to be concealed by using a DNA tape as a key, which was agreed upon by both parties, executing the hybridization process, and performing the hiding process in a different way, also dependent on the same key.In addition, the proposed method included performing the hybridization process.Implementing the BIO-XOR procedure between the DNA strand created in the previous stage and another DNA strand follows the hybridization process for the sequence of nitrogenous bases.The author in [61] presented a keyless process that helps to increase the unpredictability of the original image.The suggested approach used a generalized version of Arnold's Cat Map to add to the chaos.Additionally, a new diffusion mechanism has been implemented, and it worked on two different levels: the pixel level and the DNA plane.It included all potential DNA encoding, decoding, and XOR rules, chosen in a random-ish fashion according to the values of a chaotic 2D-Logistic Sine Coupling Map.This strengthened the cipher image against brute force and statistical attacks, and it became complicated for an intruder to decipher the cipher and see the original image without the correct key.
The proposed algorithm for medical image encryption in [64] used 2D-LSCM.In the formulated cryptosystem, 2D-LSCM performed the primary confusion-diffusion.The algorithm suggested a new masking strategy, which was one that did not require a key.In order to increase the entropy of the image, this step was performed before the confusion and diffusion process.The number of iterations in the ACM-based confusion stage has been optimized to produce a heavily garbled image while avoiding periodicity.The most crucial part of this cryptosystem was the diffusion algorithm, which modified the image's pixel values at both the bit and pixel levels.
Hyper chaos and DNA encoding were introduced in [65].It consisted of four stages, which were the formation of starting values of a chaotic system, the generation of key streams, scrambling, and diffusing.The suggested approach provided the following benefits.The first step was to extract ROI images and encrypt select crucial pixels.It could decrease the total amount of encryption pixels, which would assist in reducing the encryption time.Second, in order to lower the pixel correlation, hyperchaotic sequences were implemented.Lastly, because of the utilization of DNA encoding, it was possible to save resources that were used for computational storage.
A selective digitalization of medical images utilizing dual hyper chaos maps and DNA sequencing were proposed as methods of image encryption in [66].First, a DNA-encoded matrix C1 was created from the selected pixels in the original medical digital image by applying all DNA rules depending on the pixel index value, and a DNA-encoded matrix C2 was created from the remaining pixels.The parameters and system elements of the dual hyperchaotic map were used to generate the chaotic sequences.Selected pixels of the DNA-encoded matrix, C1, were scrambled using the dual hyperchaotic map.The DNA XOR method was used to combine the DNA-encoded matrix C1 that has been scrambled with the DNA-encoded matrix C2.After applying all of the DNA decoding rules to the combined DNA-encoded matrix, the resulting binary image was transformed to grayscale to produce the cipher image.
The authors in [67] proposed a DNA masking combined with the Secure Hash Algorithm (SHA-2) in a hybrid model.With the purpose of making the diffusion process more effective, a hybrid chaotic function was applied.DNA XOR was used in the confusion step.
In order to produce one-time keys from plain images and secret hash keys, the Secure Hash Algorithm 2 (SHA-2) was employed.The encryption key was this hash value.The pixels were shuffled using random sequences as part of the diffusion process.Random sequences were produced using the chaotic hybrid map.These sequences were utilized to randomize the image.In order to confuse things, authors used DNA XOR to scramble the original image's pixel values.
The suggested system in [68] consisted of a transmitter and a receiver that were responsible for performing the tasks of encrypting and decrypting, respectively.Despite their different functions, both components had the same structure design with two effective modules, which were: A Content-Aware Permutation and Diffusion Module and a Random-DNA-Encoding Module.The former constructed a random encryption rule selector in the DNA encoding process, which boosted security by constructing an abundance of random mappings from image pixels to calculations and significantly increased key sensitivity.The second part of the program created a permutation sequence that did more than save the values of individual pixels-it also disrupted the strong association between neighboring pixels within the same patch.Table 7 illustrates the state-of-the-art encryption techniques based on Deoxyribonucleic Acid (DNA).

Objective Approaches Used Database Information
Attack Considered [62] Creating an efficient method that can encrypt images, with a focus on medical images due to their unique properties.
Dynamic DNA coding and the 3D Unified Chaos System.Medical images Distinct types of cryptographic attacks [63] Presenting a new approach of steganography that takes advantage of DNA's characteristics.

DNA Properties
Classical images - [64] Present a secure technique for encrypting medical photos.

The use of bit-level diffusion with DNA coding
Medical and natural images Differential, occlusion, and noise attacks [65] Reduce the total number of encryption pixels to make the encryption process faster while maintaining the same level of security.

Medical images
Noise attacks, clipping attacks, statistical analysis, and so on [66] In order to ensure the safety of a digital medical image.

DNA cryptography and dual hyperchaotic map Medical images
Different types of attacks [67] Enhance the security of the cryptosystem.
DNA masking combined with the Secure Hash Algorithm (SHA-2) in a hybrid model

Medical images
Statistical and exhaustive attacks [68] In order to guarantee the confidentiality of cipher images.

Module for Content-Aware Permutation and Diffusion, and
Module for Random-DNA Encoding

Medical images
Various attacks The outcomes of the diverse techniques employed in the aforementioned prior investigations are compared in Table 8.This means algorithms for cryptography that are guaranteed to be secure even when attacked by quantum computers.As a result of their superior speed in performing specific mathematical operations compared to conventional computers, quantum computers pose a threat to several of the currently-used cryptographic techniques, such as RSA and elliptic curve cryptography (ECC).Traditional cryptographic methods that rely on the hardness of mathematical problems, such as integer factorization or discrete logarithms, are vulnerable to quantum computers, despite the former's impressive computational capacity for particular issues.Shor's algorithm [69] is just one example of a quantum algorithm that can efficiently address these challenges, which undermines the credibility of many currently used cryptographic systems.Post-quantum cryptography can be accomplished using a variety of methods, including the following: Lattice-based cryptography: Many methods used in post-quantum cryptography can be reduced to solving lattice problems.Certain difficulties in addressing issues on high-dimensional lattices are the basis for these algorithms.Regev proposed the first standard LWE-based lattice-based encryption technique in [70].Using quantum processing, this approach factors huge integers by equating their prime number phases expressed as sine waves.This is an important step toward addressing the discrete logarithm issue, which is the focus of many modern cryptographic algorithms [71].

2.
Code-based cryptography: In order to generate secure cryptographic protocols, codebased cryptography makes use of error-correcting codes.These methods are built on the fact that deciphering random linear codes is extremely difficult.Two relatively straightforward Code-based cryptographic methods bear Robert McEliece's name and Harald Niederreiter [72].

3.
Multivariate cryptography: Cryptographic schemes in multivariate cryptography are founded on systems of multivariate polynomial equations.These schemes are secure because of the difficulty in solving systems of polynomial equations.
A new method for hiding information in medical images employing quantum walking, 3-dimensional chaotic systems, and a modified PSO algorithm is introduced in [73].The method proposed here involves incorporating a private medical photograph into a publiclyavailable cover photo.The customized PSO algorithm is run using a 3-D chaotic system and quantum walks, and the generated velocity sequence is used to replace the secret data, while the position sequence is used to choose which location in the carrier image will be used to host the substituted confidential data.This form of image steganography can be applied to both black-and-white and colored photos.A PSNR of 44.1 is achieved on average with the introduced technique, and its embedding capacity is 2 bits per byte.
Quantum selective encryption is being studied as a potential new way of protecting sensitive medical images in [74].By performing operations on the bit-planes of the images in accordance with a key, the suggested approach successfully encrypts ROI (also known as a region of interest).For a BRQI (Bitplane Representation of Quantum Image) with 2n pixels and a key length of m, we have estimated the time complexity of the introduction approach, which offers a huge improvement over its traditional equivalent.In contrast to the time constraints, the size of medical images has no bearing on the method.
In order to ensure the safety of quantum-encrypted medical images, the authors of [75] presented a novel framework.Before being encrypted using the suggested method and sent to the cloud, patient photos are first converted to a NEQR (Novel Enhanced Quantum Representation) representation at a central site.The suggested technique employs a three-step encryption process for its various stages of operation.Quantum-controlled picture preparation, Select secret map keys, and Quantum picture encryption using a scrambled state.
Encryption and decryption of medical images using symmetric cryptography with a chaotic map and a key generator (KG) based on quantum mechanics presented in [76].The three main phases of the technique are, first, the production of random cipher codes; second, the training of an encryptor and a decryptor based on gray relational analysis (GRA); and finally, the assessment of the encrypted image.To generate cipher codes for substituting values of pixels (substitution technique) in a 2D image using 256 key-space cipher codes, the chaotic map is combined with a quantum-based key generator (KG) to boost the chaotic complexity and unexpected levels.
The GRA models 1 and 2 are used to train the cipher codes for an encryptor and a decryptor, respectively.A method for quantum watermarking of images is proposed in [77].Arnold's cat map is used in this approach to introduce chaos into the enlarged watermark.The presented technique relies on the encrypted secret image and the controlled-"NOT" image, both of which are derived from the logistic map.The embedding procedure generates a key matrix that plays a crucial role in improving visual quality but is also utilized to bolster security.In the process of extraction, in addition to the key matrix, control parameters are necessary in order to operate the logistic map.
An original quantum LSB For quantum images of color, a steganographic technique based on the Gray code, has been developed by the authors in [78].The described data concealing technique makes use of the gray code to conceal a 2m × 2m grayscale image within a 2n × 2n colored image (the "secret image" and "cover image," respectively).In advance of the embedding process, a quantum Hilbert image scrambling technique was used to encrypt the hidden image.Since the key is short, it can be quickly and readily transmitted across the quantum transitional channel from sender to recipient.Also, A strong protocol for quantum watermarking that employs both the least significant and most significant bits is proposed in [79].Extraction of the watermarked image using the present protocol is more secure since it requires the production of two key images (scrambling key).Using a novel scrambling technique, the grayscale watermark image is transformed into a scrambled binary image that guarantees the original watermark image cannot be recovered by any attacker, even if the attacker recovers the scrambled binary image.The results of the simulation that were given reveal a superior peak-signal-to-noise ratio, which demonstrates that the cover image undergoes fewer changes while the method is being performed.
Ref. [80] proposed a strategy for quantum steganography that makes use of the two LSQb to conceal a picture with dimensions of 2n1 × 2n1 within one of dimensions 2n × 2n.The proposed technique has good visibility and high capacity, and it does not require the original cover image or original secret image for the extraction process.
The author has shown the first working version of the Ed448 DSA protocol in [81], which is designed to run on the ARM-based Cortex-M4 processor found in many low-end devices.The evaluation findings of the performance are based on the implementation design using only C code and the assembly language for the specific target being evaluated.Finally, the achieved performance describes that the design is resistant to fault and sidechannel attacks.
The first implementation of HPKE is immune to the problems that quantum computers pose for asymmetric algorithms introduced in [82].Using two different postquantum key encapsulation strategies and a wide range of plaintext sizes, we evaluate the efficacy of PQ-only and PQ-hybrid HPKE variants.The system has been expanded to enable both PQ-only and PQ-hybrid choices, and it has been merged with two PQ KEM algorithms that were developed during Round 3 of the PQ Project by NIST.
Ref. [83] provides a study of the energy needed to run potential PQC algorithms using data collected from extensive testing on a Cortex M4-based reference platform.The data transmission costs of PQC algorithms, which are predicted to rise with the introduction of novel public keys and ciphertext encodings, are related to their computational (energy) costs.The author discovers that even with existing radio technology, and especially with 5G's increased transmission speeds, the post-quantum transition can imply energy savings over present ECC cryptography.There will still be applications that require ECC that can't easily accommodate the lengthier messages required by the PQC alternatives (or RSA), but this isn't an issue with TLS.
The NIST-recommended platform for benchmarking post-quantum secure protocols, the STM32F407VG, was the focus of the author's first implementation of compressed SIKE in [84].By expanding the stack and adding a new memory region in the CCM RAM, we were able to run compressed SIKEp610 without risking memory corruption.To further improve the speedup, we write assembly code subroutines for subtraction and multiplication with compressed data.
The research [85] detailed a variety of optimization strategies for efficiently deploying KyberKEM on 64-bit ARM CPUs.In order to reduce the amount of time needed for the execution, the author suggested optimizations for the basic operations of Kyber and symmetric functions.Key generation, encapsulation, and decapsulation were all enhanced by 1.72×, 1.88, and ×2.29, respectively, in comparison to prior works using the planned Kyber512 implementation on ARM64.Additionally, the suggested Kyber512-90s implementation is enhanced by 8.57×, 6.94×, and 8.26× when employing an AES accelerator for key generation, encapsulation, and decapsulation, respectively.
Table 9 illustrates the state-of-the-art of the various encryption techniques based on PQC.To provide a new method of concealing medical data that is resistant to the types of attacks that can be expected to come from quantum or electronic devices.
Quantum-walk-chaotic-systemparticle-swarm-optimizationalgorithm steganography Classical, medical images Quantum or digital device-side attacks [74] Intended for the purpose of encrypting a specific area of medical images.

BRQI-based quantum selective encryption for medical applications
Classical, medical images Entropy attacks [75] For the sake of the patient's safety and the confidentiality of their information.
Gray code, controlled-not gates based on quantum images, quantum bit planes, and NEQR representations of quantum images

Medical images Statistical attack
[76] To ensure that hospitals and other medical service businesses meet the authorization requirements.
An intelligent symmetric cryptography that makes use of a chaotic map and a quantum-based key generator Chest X-ray database Statistical attack [77] The process of concealing a quantum secret image inside a quantum cover image.
Quantum steganography using a controlled-NOT gate and, Arnold's cat map Medical images - [78] In the interest of achieving higher levels of safety and protection.Side-channel analysis (SCA) [82] In order to decrease the amount of unnecessary computational overhead.[84] To expand the stack and insert a new area into the CCM's RAM storage.
An efficient, space-saving SIKE solution for low-power gadgets -- [85] Improvement of symmetric function implementations using the AES accelerator, noise sampling, and the Number Theoretic Transform (NTT).

64-bit ARM Cortex-A processors
benefit from optimized Kyber encryption implementations. -- The outcomes of the diverse techniques employed in the aforementioned prior investigations are compared in Table 10.
A comparison of previous excavations can be seen in Table 11 below.

Cryptographic Systems and Components
Cryptographic systems and components encompass various aspects related to cryptographic algorithms' design, implementation, and operation.It includes hardware components like cryptographic accelerators that enhance the performance of cryptographic operations on platforms, such as Field-Programmable Gate Arrays (FPGAs) or Trusted Platform Modules (TPMs), ASIC and ARM/RISC-V.ASICs offer high performance and efficiency but come with high development costs, while FPGAs provide flexibility for prototyping and customization but may have higher power consumption.ARM and RISC-V are widely used for general-purpose computing, including cryptography, providing a balance between performance and energy efficiency.Similarly, cryptographic algorithms and functions are implemented and utilized within software platforms, such as OpenSSL, recent versions included 3.0.0and 3.1.0,OpenSSL Software Foundation(Adamstown, Maryland, United States) or Microsoft Cryptographic API (CryptoAPI),version 2, Microsoft Corporation, (Washington, United States), enabling secure data transmission and storage across various applications.These topics collectively explore different facets of cryptographic systems, including efficient computation, security properties, fault diagnosis, fault tolerance, and the reliable implementation of cryptographic algorithms, ensuring the confidentiality, integrity, and authenticity of data in diverse applications.All of these components are categorized as: 1.
Curve448 and Ed448 on Cortex-M4 Curve448 and Ed448 are elliptic curve cryptography (ECC) algorithms based on the curve Curve448.They offer strong security and are specifically designed to provide efficient cryptographic operations on low-power devices like Cortex-M4 [microcontrollers.[95], provide a variety of implementations of Point multiplication within Curve448.In this research, the author offers three distinct implementations of Curve448 using variable-basepoint FPGAs: a low-power version, an area-time efficient approach, and a high-performance architecture.With the proposed high-performance design, throughput is boosted by 12%.Ed448 is an elliptic curve cryptography (ECC) algorithm based on the Curve448 elliptic curve.It provides a high level of security and is specifically designed to offer strong protection against both classical and quantum computing attacks.Ref. [96], this paper provides an efficient design for the X448 function and the Ed448 DSA, two protocols based on the Montgomery curve Curve448 and its birationally equivalent Edwards curve Ed448, used for key agreement and digital signature algorithm, respectively, on the ARM-based Cortex-M4 platform.The concept is based on the Elliptic Curve Diffie-Hellman (ECDH) base operation of point multiplication, and it improves on the best earlier work based on Curve448 by more than 48%.

Cryptographic accelerators on Ed25519
Cryptographic accelerators are specialized hardware components designed to perform cryptographic operations efficiently and securely.They are particularly useful in scenarios where high-speed cryptographic operations are required, such as in digital signature algorithms like Ed25519.The Ed25519 digital signature algorithm, often known as the Edwards curve digital signature algorithm (EdDSA), is presented in [97], along with highly optimized implementations of the technique.This technique greatly outperforms the stateof-the-art digital signature algorithms in terms of execution speed without compromising security.For a degree of security comparable to AES-128, the authors suggest two distinct FPGA-based EdDSA implementations, one based on the efficient and high-performance Ed25519 design and the other on the more traditional Ed406 architecture.Because it uses less space, the suggested efficient Ed25519 system outperforms the state-of-the-art by more than 84 percent.It also includes a speedup of more than eight times.

Fault detection of architectures of Pomaranch cipher
The Pomaranch cipher is a symmetric-key encryption algorithm that operates on 128-bit block size and supports various key lengths.It is designed to be lightweight and suitable for resource-constrained environments, such as Internet of Things (IoT) devices.Reference [97] demonstrated low-power architectures for the Pomaranch substitution box and then proposed a framework to enable fault immunity for smart, ubiquitous infrastructures that handle sensitive data.Using the uneven substitution box of a stream cipher as a case study, the authors compare the dependability and false-alarm sensitivity of various cryptographic applications and discuss their respective impacts on smart infrastructures.The proposed architectures are compared against one another in terms of error coverage for various fault models and evaluated for their resistance to false alarms.They have also been synthesized on an ASIC platform, with results demonstrating that good error coverage can be achieved for the suggested designs with acceptable overhead.

Reliable architectures of grostl hash
Grostl is a cryptographic hash function that provides collision resistance and preimage resistance.It operates on variable-length input and produces a fixed-length hash value.Reliable architectures of Grostl hash refer to design approaches that prioritize the integrity and robustness of the hash function's implementation.In [98], the impact of increasing the input size on the cycles/byte was used to evaluate the relative performance of GROSTL, JH, and BLAKE.One thing that all these articles have in common, though, is that they failed to take into account the Avalanche effect in their evaluations.

Fault diagnosis of low-energy Midori cipher
Fault diagnosis in the context of the low-energy Midori cipher refers to the process of identifying and analyzing potential faults or errors that may occur during the execution of the cipher on low-energy devices.Fault diagnosis is crucial for ensuring the reliability and security of the cipher's operation.In order to reduce operational costs, the MIDORI cipher was developed.The MIDORI cipher has two different variations, the MIDORI-64 and the MIDORI-128.A literature review of MIDORI-64 is presented in [99].The key size in MIDORI-64, a 64-bit block cipher, is 128, and there are 16 rounds.MIDORI employs a pair of 4-bit S-boxes.Within the scope of this work, we investigated MIDORI's initial S-box.

Fault diagnosis of RECTANGLE cipher
Fault diagnosis in the context of the RECTANGLE cipher involves identifying and analyzing potential faults or errors that may occur during the execution of the cipher.Fault diagnosis is important for ensuring the reliability and security of the cipher's operation, particularly in the presence of hardware faults or intentional attacks.For encryption, the RECTANGLE cipher [99] employs 16 4-bit Sboxes.It is coded as a series of logic instructions that can be executed in order.The RECTANGLE cipher is a 64-bit block cipher; the key size is 80 bits, and it is based on the bit-slice approach, resulting in an effective software implementation and the low-cost implementation of hardware.
Implementing fault detection and fault attacks on lightweight ciphers is a solution to particular security difficulties in low-resource settings, which are part of the larger topic of Cryptographic Systems and Components.Researchers and developers can increase the security of cryptographic systems used in a wide variety of applications by learning more about and making improvements to the fault-and attack-tolerance of lightweight ciphers.

Implementations of Fault Detection and PQC
PQC implementations incorporate fault detection measures meticulously, guaranteeing that every step of the process is thoroughly examined and verified by means of a battery of tests specifically designed for each cryptographic algorithm.The specifics are described below.
Ref. [100] have concentrated their efforts on the creation and research of PQC implementations on ARM processors, more notably the Cortex-M4 and Cortex-A processors.The authors go over the specifics of how the Curve448 and Ed448 algorithms were ported to the Cortex-M4 microcontroller.At the same time, the SIKE (Supersingular Isogeny Key Encapsulation) algorithm's implementation on the Cortex-M4 microcontroller is the main topic of discussion in [101].SIKE Round 3 on ARM Cortex-M4, with the most recent model being SIKE Round 3, which was suggested in [102].Kyber, a post-quantum cryptography method, is investigated in ref [85], which investigates its implementation on 64-Bit ARM Cortex-A processors.A lattice-based PQC algorithm is called Kyber.Paper [96] describes how a 32-nm CMOS technology implements the Ed25519 curve-based cryptographic accelerator for digital signatures, which can process 100 million signatures per second.The accelerator can be used in mobile devices, embedded systems, and cloud computing.High performance is achieved through the accelerator's utilization of multiple techniques, including pipelining, parallelization, and specialized hardware accelerators.This study employs ASICs designed for specific use.An ASIC is a custom-designed integrated circuit that serves a specific function.Based on the findings, a novel cryptographic accelerator using Ed25519 was proposed for use with digital signatures.Secure communication is provided by the Supersingular isogeny key encapsulation (SIKE) protocol, which employs the Diffie-Hellman key exchange protocol based on elliptic curve arithmetic and isogeny maps [100].Constant-time and constant-memory algorithms, which stop information from escaping through side channels, are the primary emphasis of the implementation, which is designed to make the system more secure and private.

Fault Attack on Lightweight Ciphers
Lightweight ciphers are vulnerable to fault attacks, which purposefully introduce errors into the algorithm's execution to reveal sensitive information.Attackers intend to use these flaws as entry points to steal private data [97,103].This type of attack is specifically designed to compromise cipher security.Therefore, a combination of approaches is utilized to strengthen the cipher's security and integrity and make it resistant to fault attacks.Information is provided below.
WAGE is a lightweight stream cipher that has error detection techniques for its nonlinear sub-blocks [104].Signature-based error detection techniques for WAGE's nonlinear SBox and WGP operations are designed and implemented utilizing logic gate-based and LUT-based variations.Both the one-bit signature and the interleaved signature that was generated from it can be used to identify single-event upsets and multi-bit upsets, respectively, protecting against both inherent and intentional defects.
The Camellia block cipher's linear and non-linear sub-blocks are considered in the error detection strategies suggested in [105].The Camellia block ciphers are presented in a manner that allows each to accomplish the desired reliability goals.It has been demonstrated through fault-injection analysis that the error coverage is very close to 100%.In addition, the authors have demonstrated that reasonable overheads can be reached with ASIC implementations.
Study [106] proposes a new method for fault diagnostics of the low-energy Midori cipher.Errors caused by weaknesses in the Midori cipher can be discovered using this method by evaluating the statistical output of the encryption.Multiple implementations of Midori are used to test the proposed method and show that it improves fault detection accuracy without adding unnecessary complexity.The study believes that this potential approach should be implemented to strengthen Midori's security.Additionally, a novel low-energy stream cipher implementation tailored to the ARM Cortex-M4 CPU is presented in this study.
QARMA is a simple, flexible block cipher that can be easily modified.Ref. [107], Examine two operations that are based on the block ciphers QARMA (which can be modified) and low-latency block cipher.Using real-world data as inspiration, the study examined the mistake detection and correction capabilities of hash-based designs in various failure models.

Future Work
Since machine computation skills are fast expanding, and many existing image encryption methods suffer from inadequacies in areas like speed and flexibility in security.Therefore, image encoding techniques require reliable, consistent enrichment.It also takes more network capacity to transport the photos because they take up more storage space than text data.In general, there is a lack of great image encryption techniques that can also make the encrypted image smaller (compressed image).Furthermore, it is essential that the decrypted image faithfully reproduce the original data for the recipient.As a result, we have no choice but to make compromises with regard to speed, space, and safety.

Conclusions
The development of many modern coding methods has centered around the healthcare sector.In this work, a deep dive was made into the research on existing image encoding methods.A clear and comprehensive classification of the various image encoding methods in use today is presented in this paper.The researchers have noted that there is still room for improvement in image encryption in terms of security, parameterization, and computational performance.A comprehensive literature review on this topic was conducted, and some potential barriers to medical image coding were mentioned.Preserving the accuracy of coded medical images should be our goal; Therefore, maintaining the quality of medical images is essential.One or two performance metrics have been focused on by most cryptographic algorithms, and the challenge of creating an appropriate trade-off between competing characteristics, such as security and complexity, has not been addressed.Data availability can be greatly affected by standard encryption methods as the original data can only be accessed by the user encrypting it.In electronic healthcare applications, no digital modification of medical images is permitted.The highest possible visual quality must be maintained at all times.Thus, security must be ensured against any network-based image attacks in the medical image encryption process.The level of safety and difficulty associated with calculating DNA from an image is determined by the complexity of the DNA structure.A table-based summary of the most prominent cryptographic techniques is presented at the conclusion.In finalization, DNA encryption techniques offer promising possibilities for protecting the confidentiality of medical images during telemedicine consultations.Patient information is best encrypted using DNA due to the molecule's great security, scalability, robustness, and biocompatibility.Elliptic Curve Cryptography (ECC) has promising applications for protecting the confidentiality of patient information during telemedicine consultations.When used in telemedicine applications, ECC's potent encryption features become even more valuable.To begin with, unlike other encryption algorithms like RSA, ECC offers a high level of security with significantly reduced key sizes.This improves the computational resource and bandwidth efficiency of ECC, which is especially useful in telemedicine because the transmission and processing of medical data must occur in real-time.Second, ECC provides substantial defense against cryptographic attacks like prime factorization and discrete logarithm difficulties.This makes it ideal for protecting medical images and other personal data while they are being sent, stored, and accessed in telemedicine systems.Overall, chaotic maps show promise as a method for data encryption in telemedicine., but more study, standardization, and practical implementation are needed to fully grasp their benefits and limits.By taking advantage of the characteristics of chaotic systems, telemedicine has the potential to increase the confidentiality of patient information and the safety of distant medical care.In conclusion, a table-based summary of the most notable encryption techniques has been provided.Our survey will help other researchers propose an appropriate encryption method for e-health applications with its many challenges.

Figure 1 .
Figure 1.The motivations for the use of cryptography.

Figure 2 .
Figure 2. The basic procedure for medical image encryption and decryption.

Figure 3 .
Figure 3. Basic guidelines of image encryption.

Figure 5 .
Figure 5.A taxonomy of image encryption techniques.

Table 2 .
Image encryption evaluation procedure.

Table 3 .
An overview of various encryption techniques based on chaotic maps.

Table 4 .
The comparison of prior research outcomes.
Table 5 illustrates the state-of-the-art of the various encryption techniques based on Elliptic Curve Cryptography (ECC).

Table 5 .
An overview of various encryption techniques based on ECC.

Table 6 .
The comparison of prior research outcomes.

Table 7 .
An overview of various encryption techniques based on DNA.

Table 8 .
The comparison of prior research outcomes.

Table 9 .
An overview of various encryption techniques based on PQC.

Table 11 .
A comparison of prior reviews.