SIEA: Secure Image Encryption Algorithm Based on Chaotic Systems Optimization Algorithms and PUFs

: One of the general problems in modern digital society is undoubtedly the information security topic. It is critical to ensure the security of information transferred, processed, and stored throughout digital channels. Among this information, digital images draw attention in terms of frequency of use in digital channels. In this study, a new image encryption algorithm is proposed to address the security problems of digital images. The aspect that differentiates the proposed algorithm from thousands of image encryption algorithms in the literature is that it is designed within the framework of the provable security design principle. The provable security design approach has ensured that the proposed algorithm is theoretically secure with mathematical proof techniques. In addition to addressing the proposed architecture security concerns, the hybrid random number generator used as the key generator constitutes another unique aspect. This generator, which was designed using chaotic systems, physical unclonable functions, and optimization algorithms, stands out as the innovative aspect of the study. The statistical randomness properties of the proposed random number generator were tested using the NIST SP 800-22 Statistical Test Suite. Successful results were obtained for 15 tests in the test package. In addition, the success of these outputs was tested on a new image encryption algorithm. The security of the proposed algorithm was tested from different angles using various experimental analyzes and a 12-step provable security analysis roadmap. Successful analysis results and performance measurements indicate that the proposed cryptographic components can be used in many information security applications and many future designs.


Introduction
Developments in digital transformation have significantly changed our lives [1]. The effect of this change continues to increase exponentially. This effect has changed and continues to change many processes [2]. Even wars are now associated with cyberattacks on critical infrastructures [3]. Thus, more than ever, information security concepts have gained importance. Therefore, how to ensure the security of the huge information set called big data is now a serious problem for everyone [4]. Strong cryptographic algorithms are needed to address this problem [5,6]. However, cryptology is a difficult discipline. It is not sufficient to simply demonstrate that certain security requirements are met. As new attacks are developed, new cryptographic algorithms and countermeasures should be constantly investigated [7]. One of the outstanding topics among these researches involves design studies based on nonlinear dynamics [8][9][10][11][12]. The number of studies on this subject in recent years is in the thousands [13]. Although this quantitative size is an indication of how hot the subject is, the security problems of these studies and the difficulties that may occur in practical applications reveal another aspect of the subject that should be addressed. The original aspect of this proposal is the development of a cryptographic key generator

Contribution of Proposed Method
The common point of all these studies is the use of chaotic systems as an entropy source in the center of the design. It can be observed that the joint effort of researchers has been to search for new alternatives to improve the statistical randomness characteristics of the entropy source. The most important innovation that distinguishes this proposal from similar ones is that the most appropriate entropy source is obtained in terms of cryptographical requirements with the help of optimization algorithms. Providing the requirements for randomness in the most appropriate way is an important challenge. The idea to consider this problem as an optimization problem was proposed by Tanyıldızı and Özkaynak. In [26], the initial conditions and control parameters describing all statistical tests for four different chaotic systems were determined using different heuristic optimization algorithms. A similar study was conducted by Jiang et al. [27] for chaotic systems. Açıkkapı and Özkaynak [28] showed how different initial conditions can be determined by presenting an approach with a simpler structure compared to the optimization algorithms. Using the approaches suggested in these studies, an ideal entropy pool was formed by obtaining many different initial conditions. Experimental studies were carried out using the initial conditions published in previous studies. Other initial conditions that can be used to feed the entropy pool are not shared, because they are covered by the patent application and there are a large number of them. References [26,28] can be examined in detail for alternative initial conditions for use in practical applications. The corresponding author can be contacted for initial conditions that can be selected for commercial or more professional needs.
It is an undeniable fact that both hardware and software generators designed using entropy resources based on chaotic systems have many advantages. Following the generation of the ideal entropy source, the strong building blocks of modern cryptology can be combined with the unique features of chaos theory, and the architecture to be designed can address security concerns with a provable security approach. The goal of our study was to most suitably improve the entropy source rather than show the shortcomings of CBRNGs, whose general properties were listed in Section 1.1. This output was merely the result of the study. Our main goal was to use this successful output in an effective image encryption algorithm, because even the most successful cryptographic components can be easily broken if used in a bad scenario. Since an attacker will always target the weakest point of the system, combining strong cryptographic components in a way that allows no openness is a difficult task. The architecture proposed in this study aimed to address this purpose. Transforming all these outputs into a practical application can provide an opportunity to evaluate the success of the outputs from a different perspective. An image encryption algorithm as a practical application was designed. This image encryption algorithm was designed to meet the requirements such as security level, speed, effective solution proposal for resource constrained platforms, and easy usability, representing further original contributions of the proposal.
The study is organized as follows: in Section 2, a detailed expression of the problem is given by presenting an analysis of the current literature. This section also emphasizes the original contributions of the proposed approach to address these problems. The details of the proposed architecture are explained in Section 3. In Section 4, analysis and test results are given. In the last section, the results are discussed and suggestions are made for future studies.

Statement of Problem
The basic components expressing the scope of the proposal are shown in Figure 1. For these three main components related to the proposal, the current problems in the literature, how these problems are addressed with the approach suggested in the proposal, and the original contributions of the proposal are detailed in this section. designed can address security concerns with a provable security approach. The goal of our study was to most suitably improve the entropy source rather than show the shortcomings of CBRNGs, whose general properties were listed in Section 1.1. This output was merely the result of the study. Our main goal was to use this successful output in an effective image encryption algorithm, because even the most successful cryptographic components can be easily broken if used in a bad scenario. Since an attacker will always target the weakest point of the system, combining strong cryptographic components in a way that allows no openness is a difficult task. The architecture proposed in this study aimed to address this purpose. Transforming all these outputs into a practical application can provide an opportunity to evaluate the success of the outputs from a different perspective. An image encryption algorithm as a practical application was designed. This image encryption algorithm was designed to meet the requirements such as security level, speed, effective solution proposal for resource constrained platforms, and easy usability, representing further original contributions of the proposal. The study is organized as follows: in Section 2, a detailed expression of the problem is given by presenting an analysis of the current literature. This section also emphasizes the original contributions of the proposed approach to address these problems. The details of the proposed architecture are explained in Section 3. In Section 4, analysis and test results are given. In the last section, the results are discussed and suggestions are made for future studies.

Statement of Problem
The basic components expressing the scope of the proposal are shown in Figure 1. For these three main components related to the proposal, the current problems in the literature, how these problems are addressed with the approach suggested in the proposal, and the original contributions of the proposal are detailed in this section. The first topic of the proposal is related to chaos theory. The basic element used to meet the cryptographic requirements in the proposed architecture constitutes chaotic systems. Chaotic systems are used in order to provide the need for confusion (mixing). The proposed architecture was developed with the assumption that the unpredictable nature of chaotic systems could be a very powerful element for shaping an ideal entropy source [29,30].
In the study, the ideal entropy source for four different discrete-time chaotic systems was obtained with the help of six different heuristic optimization algorithms. In a system, the necessary conditions for observing complex dynamics defined as strange attractors are as follows: (i) the system must contain nonlinear element(s), and (ii) the system must be sensitive to the initial condition. These conditions are necessary for the existence of The first topic of the proposal is related to chaos theory. The basic element used to meet the cryptographic requirements in the proposed architecture constitutes chaotic systems. Chaotic systems are used in order to provide the need for confusion (mixing). The proposed architecture was developed with the assumption that the unpredictable nature of chaotic systems could be a very powerful element for shaping an ideal entropy source [29,30].
In the study, the ideal entropy source for four different discrete-time chaotic systems was obtained with the help of six different heuristic optimization algorithms. In a system, the necessary conditions for observing complex dynamics defined as strange attractors are as follows: (i) the system must contain nonlinear element(s), and (ii) the system must be sensitive to the initial condition. These conditions are necessary for the existence of chaos in a system. However, this is not enough. If the system is a continuous time system, the system grade must be at least three, because chaos is not observed in nonlinear systems with a system degree of less than three. Such a condition is not required for discrete-time systems. Chaos can be observed even in a first-order system (logistic map). Therefore, discrete-time chaotic systems are preferred in many practical applications of chaos. The most important reason for this type of preference is that discrete-time chaotic systems have a simpler structure compared to continuous-time and hyperchaotic systems [30]. In the preliminary study, four different discrete-time chaotic systems were used due to this simple structure [26].
The third topic that constitutes the proposal is related to the postprocessing techniques that can be used for true random number generators (TRNGs) to be used for cryptographical purposes [19,21,22]. Because strong key design is a difficult task, demonstrating that cryptographical applications meet the randomness requirements is not an easy process. These requirements can be grouped under two main headings: showing good statistical properties (R1) and unpredictability (R2). In some sources, these requirements are detailed in more detail under four main headings. Essentially, requirements expressed as R3 and R4 are detailed forms of the R2 requirement. The most widely accepted randomness requirements according to Werner Schindler [31] are briefly described below. According to the level of security that different applications need, the requirements listed above may vary. For example, it is sufficient to meet the R1 requirement for applications such as simulation, modeling, and games of chance, while all requirements must be met in order to guarantee the confidentiality of sensitive information. However, it is not easy to guarantee unpredictability while providing good statistical features. For example, while random number generators such as linear congruential generator, middle square method, and linear feedback shift register (LFSR) show good statistical properties, the deterministic structures of these generators make them easier to predict. Designs such as radioactive decay, noise in electrical circuits, and chaotic systems do not show good statistical properties, but their predictability is difficult [32]. Developing a design that simultaneously meets all requirements is the main problem facing researchers working in this field.
Various statistical tests are available to check that the R1 requirement is met. These tests are used as the objective function of the optimization algorithm. It is ensured that the resulting entropy source has a uniform distribution and that any attacker will be unable to make a better statistical inference than a blind guess. However, as stated earlier, statistical randomness is only one of four requirements. It alone is not enough. Therefore, it has to be verified that the proposed generator has an unpredictable nature (R2 requirement). The sensitive nature of chaotic systems to the initial conditions and control parameters can guarantee a wide key space. In the process of determining this initial condition and control parameters, the use of physical unclonable functions specific to the device/hardware is another element that meets the R2 requirement of the generator. Although the condition that the previous and subsequent subsequences of random numbers are unpredictable, which are the other two requirements (R3 and R4) that random number generators must meet, is related to the second requirement, it is planned to use hash functions in the proposed architecture to guarantee these requirements. The one-way nature of hash functions mathematically makes invertibility impossible (requirement R3). Again, the additional physical unclonable inputs can provide additional security for the R4 requirement.
The second leg of the proposal is the practical application of the key generator module. The device (mobile phone or computer) provides feeding of an entropy pool by using device-dependent (physically unclonable) parameters. Allowing the entropy pool to be differentiated according to security requirements can provide an important advantage to Symmetry 2021, 13, 824 5 of 21 ensure the security/ease of use balance. The strong cryptographical keys generated can be used in the image encryption algorithm of the proposed architecture. The advantage of the practical application presented herein is the use of the space-filling curve transformation approach to solve the correlation problem specific to digital images.

Details of Proposed Architecture
The proposed architecture consists of five main parts. In this section, the details of these parts are separately given. The general view of the proposed architecture is given in Figure 2.
(requirement R3). Again, the additional physical unclonable inputs can provide additional security for the R4 requirement.
The second leg of the proposal is the practical application of the key generator module. The device (mobile phone or computer) provides feeding of an entropy pool by using device-dependent (physically unclonable) parameters. Allowing the entropy pool to be differentiated according to security requirements can provide an important advantage to ensure the security/ease of use balance. The strong cryptographical keys generated can be used in the image encryption algorithm of the proposed architecture. The advantage of the practical application presented herein is the use of the space-filling curve transformation approach to solve the correlation problem specific to digital images.

Details of Proposed Architecture
The proposed architecture consists of five main parts. In this section, the details of these parts are separately given. The general view of the proposed architecture is given in Figure 2.

Part I: Physical Unclonable Function Module
True random number generators (TRNGs) are critical in cryptographic designs to ensure unpredictability. In the proposed architecture, the hardware as an entropy source shown in Figure 3 was chosen as the TRGN structure. There are many advantages to choosing this hardware. Low cost, easy integration into mobile devices via USB port, and meeting statistical randomness requirements are some of these advantages [33]. A mobile device or computer is used to feed this entropy source. Thus, the hardware is used as a physical unclonable function (PUF) in the proposed architecture. The PUF module is very important for the provable security perspective since, according to the cryptanalysis scenario, the user of a system is a potential privileged attacker [34][35][36]. For example, the user can reverse-engineer the logic of the algorithm by storing the single-use passwords that come to him. PUFs without user control have been used to address this attack scenario and contribute to the unpredictable nature of the generator. In fact, it is known in the

Part I: Physical Unclonable Function Module
True random number generators (TRNGs) are critical in cryptographic designs to ensure unpredictability. In the proposed architecture, the hardware as an entropy source shown in Figure 3 was chosen as the TRGN structure. There are many advantages to choosing this hardware. Low cost, easy integration into mobile devices via USB port, and meeting statistical randomness requirements are some of these advantages [33]. A mobile device or computer is used to feed this entropy source. Thus, the hardware is used as a physical unclonable function (PUF) in the proposed architecture. The PUF module is very important for the provable security perspective since, according to the cryptanalysis scenario, the user of a system is a potential privileged attacker [34][35][36]. For example, the user can reverse-engineer the logic of the algorithm by storing the single-use passwords that come to him. PUFs without user control have been used to address this attack scenario and contribute to the unpredictable nature of the generator. In fact, it is known in the literature that there are more effective PUF structures than the hardware in Figure 3. This hardware is used only to explain the design logic through an example. In future studies, different PUF structures will be used. literature that there are more effective PUF structures than the hardware in Figure 3. This hardware is used only to explain the design logic through an example. In future studies, different PUF structures will be used. Outputs of the PUF hardware are given as input to the cryptographic hash function. Hash functions are used to address cryptanalysis scenarios associated with chosen/known plaintext attacks. In the proposed architecture, it is planned to use the SHA3 algorithm [37]. Such a choice was made because it is the latest hash function standard, with a 256 bit value are the output. It was divided into seven sections with the help of a fragmentation algorithm to be used in parameter selection. It was converted into numerical values using the mod function for each part. These numerical values were used in determining the selection parameters required in other parts of proposed architecture.

Part II: Determination of Initial Conditions and Control Parameters of Chaotic Systems Module
Outputs of Part I of the proposed architecture can be used as selection parameters. By using the determined selection parameters, the chaotic system type, the optimization function to be used, the statistical test approach to be selected as the objective function, the population size, the number of iterations, and other necessary parameter values for the optimization algorithm are assigned. In the proposed architecture, four different chaotic systems, seven different optimization algorithms, and three different statistical test scenarios can be used. In Table 1, the main features of the probable options and their effects on system success are discussed.

Option Group Options
Chaotic system type Discrete-time systems (logistic, tent, sine, circle); continuous-time systems (lorenz, rossler, chua, chen); hyperchaotic (hyper_lorenz, hyper_rossler, hyper_chua, hyper_chen); fractional-order systems Optimization algorithm Differential evolution (DE), particle swarm optimization (PSO), symbiosis organisms search (SOS) algorithm, gravitational search algorithm (GSA), harmony search algorithm (HS), golden sine algorithm II (GoldSA-II) Statistical test approach NIST; AIS; chi-square After determining the selection parameters for Part II, the initial conditions and control parameters of the chaotic system were determined for the selected statistical test requirements with the help of the optimization algorithm. The probable options listed in Table 1 provide ideas for different future studies. The reason for using discrete-time systems in experimental studies is their simple structure. Similarly, there are many different optimization algorithms that can be used in the literature. Different alternatives can be chosen instead of the optimization algorithms listed in Table 1. Reference [26] can Outputs of the PUF hardware are given as input to the cryptographic hash function. Hash functions are used to address cryptanalysis scenarios associated with chosen/known plaintext attacks. In the proposed architecture, it is planned to use the SHA3 algorithm [37]. Such a choice was made because it is the latest hash function standard, with a 256 bit value are the output. It was divided into seven sections with the help of a fragmentation algorithm to be used in parameter selection. It was converted into numerical values using the mod function for each part. These numerical values were used in determining the selection parameters required in other parts of proposed architecture.

Part II: Determination of Initial Conditions and Control Parameters of Chaotic Systems Module
Outputs of Part I of the proposed architecture can be used as selection parameters. By using the determined selection parameters, the chaotic system type, the optimization function to be used, the statistical test approach to be selected as the objective function, the population size, the number of iterations, and other necessary parameter values for the optimization algorithm are assigned. In the proposed architecture, four different chaotic systems, seven different optimization algorithms, and three different statistical test scenarios can be used. In Table 1, the main features of the probable options and their effects on system success are discussed. After determining the selection parameters for Part II, the initial conditions and control parameters of the chaotic system were determined for the selected statistical test requirements with the help of the optimization algorithm. The probable options listed in Table 1 provide ideas for different future studies. The reason for using discrete-time systems in experimental studies is their simple structure. Similarly, there are many different optimization algorithms that can be used in the literature. Different alternatives can be chosen instead of the optimization algorithms listed in Table 1. Ref. [26] can be examined for the effect of currently used algorithms on performance, design parameters, and other details.

Part III: Random Number Generator Module
Depending on the chaotic system type chosen, the chaotic system can have more than one state variable. In Figure 2, this detail is shown using the examples of a (a) discrete-Symmetry 2021, 13, 824 7 of 21 time chaotic system, (b) continuous-time chaotic system, (c) hyperchaotic system, and (d) fractional-order chaotic system in the P2 block. If a generalization is made between chaotic system types, it is observed that the system complexity from (a) to (d) increases. It was analyzed in the literature that this complex structure positively affects the entropy source. In order to benefit from these differences of chaotic system classes in the best way, it is proposed to use three different scenarios at the beginning to determine which state variables are selected. Details of these possible scenarios are discussed in Table 2. Table 2. Scenarios to be used in the process of choosing state variables.

Option 1
Let X be the number of state variables of the chaotic system. By applying mode X to the proposed random number generator system outputs, it is decided which state variable is selected by generating a value in the range [0, X].

Option 2
Classical rnd () function can be used to decide which state variable is selected by generating a value in the range of [0, X].

Option 3
It is decided which state variable is selected by generating value in the range of [0, X] using PUF outputs.

Option 4
More than one state variable can be selected at the same time.

Option 5
Direct selection of specific case variables in line with the best practice samples State variables of chaotic systems are rationally valuable. Therefore, the selected state variable must be converted to random bit values. Three different scenarios are proposed for this transformation process. Details of the scenarios are discussed in Table 3. The scenarios presented in these tables are presented for guidance only. It is planned to achieve a more stable model by analyzing both current and different scenarios in future studies. Table 3. State variable/random bit conversion scenarios.

Option 1
The calculated state variable value of chaotic system is compared with a fixed value. If the state variable value is less than the specified fixed value, a value of 0 is generated; if the state variable is greater than or equal to the specified fixed value, a value of 1 is generated. In this way, state variable values are converted into bit values.

Option 2
The first three digits after the comma of the calculated state variable value of the chaotic system are selected (can be selected with different values). The selected three-digit values are converted to numerical values between 0 and 255 by applying mod 256. Using the obtained value, an 8 bit length random array of bit values is generated.
A more detailed representation of the random number generator (RNG) module in P3 is given in Figure 4. Actually, Figure 4 reflects the general architecture of hybrid RNGs [32].
Initial conditions and control parameters of the chaotic system are used as the seed value. The function f, shown as the state transition function, is related to which of the approaches suggested in Table 2 is used in connection with the mathematical model of the chaotic system. The output function represents the transformation function suggested in Table 3. The outputs obtained in addition to this function are passed through the cryptographical hash functions and transferred to the entropy pool. Depending on the security requirements of the application, it can be used for additional inputs when it comes to the security of sensitive data, with the help of these additional inputs to be obtained from PUF modules.
for this transformation process. Details of the scenarios are discussed in Table 3. The scenarios presented in these tables are presented for guidance only. It is planned to achieve a more stable model by analyzing both current and different scenarios in future studies.
A more detailed representation of the random number generator (RNG) module in P3 is given in Figure 4. Actually, Figure 4 reflects the general architecture of hybrid RNGs [32]. Initial conditions and control parameters of the chaotic system are used as the seed value. The function f, shown as the state transition function, is related to which of the approaches suggested in Table 2 is used in connection with the mathematical model of the chaotic system. The output function represents the transformation function suggested in Table 3. The outputs obtained in addition to this function are passed through the cryptographical hash functions and transferred to the entropy pool. Depending on the security requirements of the application, it can be used for additional inputs when it comes to the security of sensitive data, with the help of these additional inputs to be obtained from PUF modules.

Part IV: Application Programming Interface
The API (application programming interface) performs the process of generating keys according to user requirements. One of the most important factors for the success of this module is the effective meeting of the security/ease-of-use balance. Selection parameters have an important role among the factors that affect this balance. For example, the chisquare test can be used as an objective function to generate faster key values. This choice indicates that only the chi-square test can be used instead of the NIST test in an optimization process where 15 tests are provided together for applications whose security level is not critical. Similarly, simple mathematical models of discrete-time chaotic systems can be used to quickly achieve the desired goals. On the other hand, when a security-critical image needs to be encrypted, prediction using additional structures can be carried out such as hyperchaotic or fractional-order chaotic systems, using PUF-based additional inputs in the RNG architecture, updating the seed value at regular intervals, state transition functions, and dynamic selection of output functions. The aim is to address security concerns by providing a structure that is more difficult to achieve.

Part V: Encryption Module
The image encryption module inputs consist of the key sent by the API module and the original image. It is ensured that both color and gray images are used in the encryption process. To meet this requirement, the selected image is transformed into a one-dimensional array. The value of each cell of the array ranges from 0-255. If the image to be encrypted is a gray-level image, it is in an array of (1 × MN) size, whereas a color image is in an array of (1 × 3MN) size. Here, M represents the number of rows and N represents the number of columns.
One of the most important problems arising in the encryption of digital images is the correlation problem. Therefore, classical encryption algorithms may fail in the encryption process. One of the most known examples of this is shown in Figure 5. Although the problem in Figure 5 is related to the processing modes of block ciphers, the fact that the values of neighboring pixels have similar numerical values creates a weakness in terms of cryptanalysis.  One of the most important original aspects of the proposal is that the space-filling curves approach has been proposed to overcome this correlation problem. The spacefilling curve approach uses some patterns when transforming digital images into one-  One of the most important original aspects of the proposal is that the space-filling curves approach has been proposed to overcome this correlation problem. The space-filling curve approach uses some patterns when transforming digital images into one-dimensional arrays. Some sample space-filling curves are shown in Figure 6 as an example. More effective suggestions have been used in the future studies. One of the most important original aspects of the proposal is that the space-filling curves approach has been proposed to overcome this correlation problem. The spacefilling curve approach uses some patterns when transforming digital images into onedimensional arrays. Some sample space-filling curves are shown in Figure 6 as an example. More effective suggestions have been used in the future studies.

Analysis of Proposed Architecture
A flowchart is given in Figure 7 to better explain the working of the proposed encryption architecture. As stated in the flowchart, the three basic components of the proposed architecture are the PUF, chaotic system, and XOR operator. It is known that there are various suggestions in the literature designed based on these components. For example, various proposals that meet the confusion and diffusion requirements in the encryption process of an image using only chaotic permutations are some of the widely accepted design types [38][39][40][41][42][43]. Using the DNA encoding and shuffling approach in addition to chaotic permutations is another common type of alternative design [44][45][46][47][48]. Design types based on chaotic permutations are generally included in the classification known as secret key (symmetric) cryptography. Various design suggestions that make use of public key (asymmetric) encryption techniques were presented in some recent studies [49][50][51]. Similar to the design logic proposed in the study, other design studies have highlighted the key generator [52][53][54] and used best practices of modern cryptology

Analysis of Proposed Architecture
A flowchart is given in Figure 7 to better explain the working of the proposed encryption architecture. As stated in the flowchart, the three basic components of the proposed architecture are the PUF, chaotic system, and XOR operator. It is known that there are various suggestions in the literature designed based on these components. For example, various proposals that meet the confusion and diffusion requirements in the encryption process of an image using only chaotic permutations are some of the widely accepted design types [38][39][40][41][42][43]. Using the DNA encoding and shuffling approach in addition to chaotic permutations is another common type of alternative design [44][45][46][47][48]. Design types based on chaotic permutations are generally included in the classification known as secret key (symmetric) cryptography. Various design suggestions that make use of public key (asymmetric) encryption techniques were presented in some recent studies [49][50][51]. Similar to the design logic proposed in the study, other design studies have highlighted the key generator [52][53][54] and used best practices of modern cryptology science [55][56][57]. Quantum systems [58,59], fractional systems [60][61][62], and medical encryption algorithms [63][64][65], which have attracted attention recently, are other current topics related to design proposals.
The encrypted images obtained for the sample test images in Figure 8 using the proposed algorithm are given in Figure 9. One of the most important advantages of the proposed algorithm is that it offers many options. The options listed in Table 4 were used in analyzing this section.

Statistical Analysis
One of the analysis tools widely used in the cryptanalysis process of chaos-based encryption algorithms is statistical evaluation. In this section, first of all, various statistical analyses are presented, and the drawbacks of safety evaluations made using only these analyses are discussed. Various statistical tests are given in Figures 10 and 11. While histogram analysis results are given in Figure 10, correlation analysis results are shown in Figure 11. science [55][56][57]. Quantum systems [58,59], fractional systems [60][61][62], and medical encryption algorithms [63][64][65], which have attracted attention recently, are other current topics related to design proposals. The encrypted images obtained for the sample test images in Figure 8 using the proposed algorithm are given in Figure 9. One of the most important advantages of the proposed algorithm is that it offers many options. The options listed in Table 4 were used in analyzing this section.  (Table 3,     It can be observed that the histogram analysis of the original images has a normal distribution, while the encrypted images have a uniform distribution. A similar inference can be made in correlation analysis. In addition to these two measurements, the results of NPCR (number of pixels change rate) and UACI (unified average changing intensity) analysis, which are other supplementary statistical tests, are shown in Table 5. Ref. [66] can be examined for further details on how the calculations are made for NPCR and UACI tests. A value of 0.99 for the NPCR test and a value of 0.33 for UACI are interpreted as success criteria. In many studies, such results are accepted as an indication that the encryption process does not allow statistical attacks (deductions).

Statistical Analysis
One of the analysis tools widely used in the cryptanalysis process of chaos-based encryption algorithms is statistical evaluation. In this section, first of all, various statistical analyses are presented, and the drawbacks of safety evaluations made using only these analyses are discussed. Various statistical tests are given in Figures 10 and 11. While histogram analysis results are given in Figure 10, correlation analysis results are shown in Figure 11.  Figure 8. Each image is given in the order used in Figure 8.   Figure 9. Each analysis is given in the order used in Figure 9.  Figure 9. Each analysis is given in the order used in Figure 9.  Figure 9. Each analysis is given in the order used in Figure 9. It can be observed that the histogram analysis of the original images has a normal distribution, while the encrypted images have a uniform distribution. A similar inference can be made in correlation analysis. In addition to these two measurements, the results of NPCR (number of pixels change rate) and UACI (unified average changing intensity) analysis, which are other supplementary statistical tests, are shown in Table 5. Reference [66] can be examined for further details on how the calculations are made for NPCR and UACI tests. A value of 0.99 for the NPCR test and a value of 0.33 for UACI are interpreted  In fact, this type of analysis is used as security analysis in many studies. For example, it was discussed in detail by Whu et al. [66] that the values accepted as successful test results in the literature for NPCR and UACI tests are actually open to misinterpretation. Therefore, statistical tests are required in the cryptanalysis scenario. However, this is not enough to qualify an encryption algorithm as secure. It has been shown in various studies that many studies based on such a false hypothesis can be easily broken. Since the aim of this study was to address security concerns in the most effective way, it focused on analyzing more comprehensive analysis scenarios rather than giving a more statistical test approach. For the security analysis of the proposed algorithm, the analysis roadmap proposed in [7] was used.

Provable Security Analysis
When designing a cryptographical algorithm in the provable security design approach [67], the boundaries of each component are shown mathematically. The algorithm is considered secure as long as the maximum computational capacity the attacker can reach is lower than the computational capacity required to break the cryptographic component [68]. However, this is not an easy process to demonstrate. In some studies, various analysis roadmaps were designed to overcome this difficulty [69][70][71][72][73][74]. A sample analysis roadmap was presented in [7]. This analysis roadmap consists of a 12-step attack scenario allowing a comprehensive evaluation of any encryption algorithm. Some steps consist of various subheadings. In this section, each of these steps (analysis questions) is analyzed, and the security level of the proposed encryption algorithm is discussed in detail.
Step 1: The encryption algorithm has to be expressed mathematically and analyzed. Analysis Step 1: The classification showing the general taxonomy of cryptology science is given in Figure 12. The proposed encryption algorithm is a stream encryption algorithm. The design architecture is based on the one-time password mechanism proposed by Vernam [75,76]. This architectural ward is known to be safe. It has a very simple mathematical model as expressed in Equation (1).
74]. A sample analysis roadmap was presented in [7]. This analysis roadmap consists of a 12-step attack scenario allowing a comprehensive evaluation of any encryption algorithm. Some steps consist of various subheadings. In this section, each of these steps (analysis questions) is analyzed, and the security level of the proposed encryption algorithm is discussed in detail.
Step 1: The encryption algorithm has to be expressed mathematically and analyzed.

Analysis Step 1:
The classification showing the general taxonomy of cryptology science is given in Figure 12. The proposed encryption algorithm is a stream encryption algorithm. The design architecture is based on the one-time password mechanism proposed by Vernam [75,76]. This architectural ward is known to be safe. It has a very simple mathematical model as expressed in Equation (1).
This simple structure provides a great advantage in speed. As a result, the security of the algorithm is related to the quality of the keys to be produced. The analysis of the security of the key is discussed in detail in other stages. This simple structure provides a great advantage in speed. As a result, the security of the algorithm is related to the quality of the keys to be produced. The analysis of the security of the key is discussed in detail in other stages.
Step 2: It is expected that the mathematical expression of the components in the algorithm is given. Analysis of Step 2: As can be understood from the flowchart given in Figure 7, the general structure of the architecture is based on the XOR logic as given in Equation (1). Analysis of all other components is discussed in more detail in the later steps.
Step 3: Mathematical proof of the proposed architecture is required within the framework of the provable security approach. Analysis of Step 3: A simplified representation of the proposed architecture from a different perspective is shown in Figure 13. Step 2: It is expected that the mathematical expression of the components algorithm is given.

Analysis of Step 2:
As can be understood from the flowchart given in Figure  general structure of the architecture is based on the XOR logic as given in Equati Analysis of all other components is discussed in more detail in the later steps.
Step 3: Mathematical proof of the proposed architecture is required with framework of the provable security approach.

Analysis of Step 3:
A simplified representation of the proposed architecture f different perspective is shown in Figure 13.
The key generator and XOR function draw attention in this architecture. An related to the key generator are given later. The XOR function has a special role design of cryptographical algorithms. Because the probability of the output values as can be deduced from the truth table, this process is similar to flipping a coin. The it is known that the proposed architecture is unconditionally secure, provided different key is used in each encryption process. Figure 13. A simplified representation of the proposed architecture [76].
Step 4: In order to test whether it is compatible with the given mathem expression, a flow chart of the proposed architecture should be given.

Analysis of Step 4:
The flow chart of the algorithm is given in Figure 7. The flow and the mathematical expression given in Equation (1) are compatible. Any neg during the analysis process were detected.
Step 5: The proposed architecture is expected to be designed in accordance Kerckhoffs's principle. The key generator and XOR function draw attention in this architecture. Analyses related to the key generator are given later. The XOR function has a special role in the design of cryptographical algorithms. Because the probability of the output values is 1/2, as can be deduced from the truth table, this process is similar to flipping a coin. Therefore, it is known that the proposed architecture is unconditionally secure, provided that a different key is used in each encryption process.
Step 4: In order to test whether it is compatible with the given mathematical expression, a flow chart of the proposed architecture should be given.

Analysis of Step 4:
The flow chart of the algorithm is given in Figure 7. The flow chart and the mathematical expression given in Equation (1) are compatible. Any negatives during the analysis process were detected.
Step 5: The proposed architecture is expected to be designed in accordance with Kerckhoffs's principle.
Analysis of Step 5: According to Kerckhoffs's principle, there should not be any hidden parameters other than the secret key in the encryption architecture. Even if the attacker has the maximum computing power and maximum expert knowledge, they should not be able to break the architecture. As listed in Table 4, there are many options that can be used when creating the ciphertext to be obtained as a result of the algorithm. This wide range of options allows successfully fulfilling Kerckhoffs's principle as it can guarantee different keys each time.
Step 6: Which design approach is used in the proposed architecture (cryptanalysisdriven design or provable security design approach)?
Analysis of Step 6: The provable security design approach was used.
Step 7: Which components are used to meet the confusion and diffusion properties? Analysis of Step 7: The XOR function was used for the confusion properties. In the confusion requirement, the relationship between the key and the ciphertext is desired to be as complex as possible. The ciphertext is obtained as a result of applying the XOR operation to the key and plaintext. Hence, it is theoretically not possible to deduce the relationship between them because the probability of inference is exactly 1/2. Since this is no better than a blind guess, the proposed architecture is unconditionally safe if each key is used only once. Since the generated set of keys has a statistically uniform distribution, the ciphertext also has a uniform distribution after XOR processing. As a result, the diffusion feature is also guaranteed.
Step 8: What is the computational complexity of the proposed algorithm? Analysis of Step 8: Since the proposed encryption algorithm is classified in the stream cipher category, the most important advantage over other encryption algorithm architectures is that the encryption process can be implemented quickly. This advantage is most clearly observed in complexity analysis. The encryption process of the algorithm is realized by applying two one-dimensional arrays of length T to the XOR operation. Thus, the overall complexity of the algorithm can be expressed as O(T) or O(n) in the commonly known form.
One point to be analyzed at this stage is the computational difficulty required for optimization algorithms and PUF structures in the key generator process of the algorithm. However, an entropy pool is proposed in the chosen design architecture. The ability to feed the entropy pool offline allows this calculative difficulty to be ignored.
Step 9: What is the algorithm's complexity class? Analysis of Step 9: The complexity class of the algorithm is P. The complexity class of the heuristic optimization algorithm used for the selection of control parameters and the initial conditions of chaotic systems in connection with the previous step is NP.
Step 10: Analysis of key generation module. Analysis of Step 10: Since one of the unique aspects of the study is the key generator module, this analysis step was handled more comprehensively as a separate section.
Step 11: The numerical deterioration problem of chaotic systems must be analyzed.

Analysis of Step 11:
The problem of numerical deterioration is related to the fact that the chaotic system state variables show a periodic behavior depending on the computational sensitivity of the computer where the encryption algorithm is implemented, and where the structure that is taken as the entropy source can no longer meet the randomness requirements. The initial conditions obtained through optimization algorithms must have a certain sensitivity value. Therefore, the proposed algorithm should have a configuration that can implement only the specified initial conditions. This dependency eliminates the numerical deterioration problem. In addition, since the use of hash functions at various stages of the proposed architecture allows mapping the output to a fixed length regardless of the input data, an additional measure is taken to address the problem of numerical deterioration. These choices indicate that possible attacks that can be associated with numerical deterioration are addressed.
Step 12: The effects of implementation attacks should be analyzed. Analysis of Step 12: It was examined in previous studies that chaos-based designs can provide an advantage over algebraic techniques. It was evaluated that the presence of chaotic structures in the proposed architecture may provide an advantage against sidechannel attacks.

Analysis of Key Generation
Random number generators (RNGs) have application areas not only in cryptology but also in games, modeling, and simulations. Each application area has its own specific requirements. There is a general classification for random numbers associated with these requirements. This classification is shown in Figure 14.
The class known as DRNGs (mathematical/pseudo random) generates ran numbers with the help of an algorithm. Good statistical properties and speed are the important advantages of this class of generators. However, the predictability of generators is an important problem. The TRNG (physical) class, which is an alternati DRNG structures, has an advantage of low (may impossible) predictability; however, cost and bad statistical properties are serious problems for researchers and designer The keys to be used in the process of encrypting sensitive information are requ to have both good statistical properties and an unpredictable structure. Therefo hybrid generator architecture is proposed in this study. The unpredictable requirem of the proposed generator architecture are met by chaotic systems and PUF structur order to improve the statistical properties, the initial conditions and control paramete chaotic systems were improved with optimization algorithms, while hash functions applied to PUF outputs. The most widely accepted NIST randomness tests [78] applied to analyze the success of the proposed approach. Here, 100,000,000 bit generated as the PUF output. This output was divided into 100 pieces with a leng 1,000,000, because 1,000,000 bits are required to run NIST tests. A total of 84 of thes tests were successfully achieved. The remaining 16 pieces passed 14 tests and failed one test. The analysis results of five randomly selected tests are given in Table  comparison of the real random number generator used as the PUF structure with TRNG structures is given in Table 7. The distribution of random values obtained afte seed values produced for the PUF hardware used in this study were processed thr certain complex processes is given in Figure 15. The manufacturer's web page states "the driver allows application of a multiplier, which defines how many bits will b out of the hashing function for each incoming bit of entropy. This enables generating 50 megabytes of pure random numbers without measurable degradation of entro Reference [33] can be examined for more details. The class known as DRNGs (mathematical/pseudo random) generates random numbers with the help of an algorithm. Good statistical properties and speed are the most important advantages of this class of generators. However, the predictability of these generators is an important problem. The TRNG (physical) class, which is an alternative to DRNG structures, has an advantage of low (may impossible) predictability; however, high cost and bad statistical properties are serious problems for researchers and designers.
The keys to be used in the process of encrypting sensitive information are required to have both good statistical properties and an unpredictable structure. Therefore, a hybrid generator architecture is proposed in this study. The unpredictable requirements of the proposed generator architecture are met by chaotic systems and PUF structures. In order to improve the statistical properties, the initial conditions and control parameters of chaotic systems were improved with optimization algorithms, while hash functions were applied to PUF outputs. The most widely accepted NIST randomness tests [78] were applied to analyze the success of the proposed approach. Here, 100,000,000 bit was generated as the PUF output. This output was divided into 100 pieces with a length of 1,000,000, because 1,000,000 bits are required to run NIST tests. A total of 84 of these 100 tests were successfully achieved. The remaining 16 pieces passed 14 tests and failed only one test. The analysis results of five randomly selected tests are given in Table 6. A comparison of the real random number generator used as the PUF structure with other TRNG structures is given in Table 7. The distribution of random values obtained after the seed values produced for the PUF hardware used in this study were processed through certain complex processes is given in Figure 15. The manufacturer's web page states that "the driver allows application of a multiplier, which defines how many bits will be put out of the hashing function for each incoming bit of entropy. This enables generating over 50 megabytes of pure random numbers without measurable degradation of entropy." Reference [33] can be examined for more details. Chaotic systems constitute the other leg of the hybrid generator. The pseudo code of the chaotic generator is given in Algorithm 1. Optimization algorithms were used to determine the initial conditions of the chaotic system. Statistical properties were guaranteed, as the objective function of the optimization algorithm was chosen as NIST tests. NIST tests for the 1,000,000 bit value generated for the 0.187791210204038, 0.468326113906509, and 0.766654720925613 initial values of the logistic map are given in Table 8. Four control parameters of logistic maps were chosen. Since a hash function is applied to the output of the generated values, a countermeasure was established against numerical deterioration and/or known/chosen plaintext attacks. Obtaining the key as a result of applying XOR to the outputs produced from chaotic systems and PUF structures is considered as the last step positively affecting security. References [26,28] can be examined for more details. comparison of the real random number generator used as the PUF structure with other TRNG structures is given in Table 7. The distribution of random values obtained after the seed values produced for the PUF hardware used in this study were processed through certain complex processes is given in Figure 15. The manufacturer's web page states that "the driver allows application of a multiplier, which defines how many bits will be put out of the hashing function for each incoming bit of entropy. This enables generating over 50 megabytes of pure random numbers without measurable degradation of entropy." Reference [33] can be examined for more details.

Conclusions
The aim of this study was to realize a new cryptographic key generator algorithm and its practical application. As a practical application, the aim was to develop an image encryption algorithm that can eliminate security concerns. Analysis results showed that all goals were successfully achieved. This shows that the original aspects of the proposed architecture can be considered as cryptographical components in various security applications in the future.

•
The proposed key generator module successfully meets all the requirements (R1, R2, R3 and R4) needed for cryptographical applications.

•
The developed key generator module has a high bit output rate (1:1).

•
It was shown that the most suitable initial conditions and control parameters that meet the statistical randomness requirements for chaotic systems can be determined with the help of optimization algorithms. • A user-friendly image encryption algorithm was designed.

•
It was shown that the correlation problem in digital images can be overcome by using the space-filling curve transformation method.

•
The cryptanalysis of the image encryption algorithm was proven using not only statistical measurements, but also a provable security approach. This approach addressed security concerns via proof with mathematical techniques.

•
The proposed encryption architecture is based on a key generator fed from two different entropy sources and cryptographic primitives such as the SHA3 mod function and XOR operator, whose security has been proven as a result of long-term cryptanalysis studies. These design choices specifically address critical security threats such as known-plaintext [79] and chosen-ciphertext [13] attacks.
Despite these advantages, it is thought that there are aspects of the proposed approach in future studies that need improvement. These aspects, which can be discussed as the limits of the proposed method, are listed below.

•
Hardware was used as a PUF structure in the study. The dependency of this hardware can be a problem. This hardware dependency can be reduced by using alternative PUF resources in the future.

•
The computing realization of chaotic systems is a critical issue, especially considering the problem of digital deterioration. In order to avoid this problem, the calculation sensitivity of the machine in the proposed study should be such that it does not cause this problem. This dependency can be considered as a disadvantage. • Optimization algorithms are used to determine the initial conditions. It has been evaluated that the computational complexity of optimization algorithms can be interpreted as a disadvantage, although the process of determining the initial conditions with optimization algorithms can be operated offline.

•
The cryptology science is a challenge between attacker and designer. Technological advances always keep the possibility of attack alive. Although the security of the proposed method has been proven from different angles, there is a need for a continuous cryptanalysis studies against vulnerabilities that may occur in the future.