Dual Chaotic Diffusion Framework for Multimodal Biometric Security Using Qi Hyperchaotic System

Abstract

The proliferation of biometric technology across various domains including user identification, financial services, healthcare, security, law enforcement, and border control introduces convenience in user identity verification while necessitating robust protection mechanisms for sensitive biometric data. While chaos-based encryption systems offer promising solutions, many existing chaos-based encryption schemes exhibit inherent shortcomings including deterministic randomness and constrained key spaces, often failing to balance security robustness with computational efficiency. To address this, we propose a novel dual-layer cryptographic framework leveraging a four-dimensional (4D) Qi hyperchaotic system for protecting biometric templates and facilitating secure feature matching operations. The framework implements a two-tier encryption mechanism where each layer independently utilizes a Qi hyperchaotic system to generate unique encryption parameters, ensuring template-specific encryption patterns that enhance resistance against chosen-plaintext attacks. The framework performs dimensional normalization of input biometric templates, followed by image pixel shuffling to permutate pixel positions before applying dual-key encryption using the Qi hyperchaotic system and XOR diffusion operations. Templates remain encrypted in storage, with decryption occurring only during authentication processes, ensuring continuous security while enabling biometric verification. The proposed system’s framework demonstrates exceptional randomness properties, validated through comprehensive NIST Statistical Test Suite analysis, achieving statistical significance across all 15 tests with p-values consistently above 0.01 threshold. Comprehensive security analysis reveals outstanding metrics: entropy values exceeding 7.99 bits, a key space of ${10}^{320}$, negligible correlation coefficients (<${10}^{-2}$), and robust differential attack resistance with an NPCR of 99.60% and a UACI of 33.45%. Empirical evaluation, on standard CASIA Face and Iris databases, demonstrates practical computational efficiency, achieving average encryption times of 0.50913s per user template for 256 × 256 images. Comparative analysis against other state-of-the-art encryption schemes verifies the effectiveness and reliability of the proposed scheme and demonstrates our framework’s superior performance in both security metrics and computational efficiency. Our findings contribute to the advancement of biometric template protection methodologies, offering a balanced performance between security robustness and operational efficiency required in real-world deployment scenarios.

1. Introduction

Biometric systems, which emerged in the early 1960s with the first semi-automated face recognition system and fingerprint verification in the 1970s, represent a significant advancement in biometric authentication technology. These solutions exploit the intrinsic physiological or behavioral attributes of individuals for identification and verification purposes. The field gained substantial momentum in the 1990s with the development of more sophisticated algorithms and improved sensor technologies, leading to widespread adoption across various sectors. Contemporary biometric systems offer several distinct advantages over traditional authentication methods such as passwords, PINs, or ID cards [1]. Unlike knowledge-based authentication (passwords) or token-based systems (ID cards) that can be forgotten, stolen, or shared, biometric traits are inherently linked to an individual, providing stronger binding between the authenticator and the person’s true identity. Moreover, biometric characteristics cannot be easily transferred between individuals and generally require the physical presence of the person being authenticated, significantly enhancing security against impersonation attacks [2,3,4,5].

The applications of biometric systems have expanded significantly, now encompassing law enforcement, border control, healthcare, financial services, and consumer electronics. For instance, smartphones increasingly incorporate fingerprint and facial recognition for device unlocking and payment authorization, while governments employ biometric passports and national ID systems for enhanced security. In healthcare, biometric systems ensure accurate patient identification and secure access to medical records, while financial institutions utilize them for secure transactions and fraud prevention [6]. However, despite these advantages, biometric systems face unique challenges, including privacy concerns, template security, and the irrevocability of biometric traits [7,8]. Unlike passwords that can be changed if compromised, biometric characteristics are permanent and cannot be reset, necessitating robust security measures for template protection and storage. These challenges have driven continuous innovation in the field, leading to the development of more sophisticated authentication systems and advanced security frameworks.

The landscape of biometric authentication systems presents complex security challenges that demand robust solutions. This review examines the evolution, challenges, and emerging solutions in Multimodal Biometric Security, with particular emphasis on the integration of cryptographic techniques and advanced security frameworks. Biometric authentication systems face vulnerabilities at four critical junctures that fundamentally impact their security architecture: sensor-level susceptibility to presentation attacks utilizing synthetic biometrics, data transmission vulnerability between system components, template database exposure to unauthorized access, and decision module vulnerability to result falsification [7,8]. Building upon the above elements, we can categorize the attacks on biometric authentication systems into two major classifications: unauthorized acquisition of raw biometric data and malicious attempts to manipulate the templates’ databases [7,9]. To mitigate these vulnerabilities, robust cryptographic mechanisms must be integrated into the biometric system architecture, ensuring protection against both biometric data falsification and stored templates tampering. The complexity of these challenges necessitates comprehensive security measures to maintain system integrity while ensuring practical usability in real-world applications.

The vulnerability of biometric systems to presentation attacks represents a particularly significant challenge in authentication security. Recent research demonstrates that sensor-level susceptibility to synthetic biometric presentations can fundamentally compromise system integrity, especially when sophisticated counterfeit characteristics circumvent traditional detection mechanisms [7,10]. This vulnerability becomes more pronounced when attackers possess detailed knowledge of system architecture, enabling them to exploit inherent limitations in distinguishing between genuine and fraudulent or fake biometric presentations [11].

Contemporary unimodal biometric authentication systems, despite their recent development, demonstrate significant vulnerabilities to sophisticated spoofing attacks. Modern attackers have developed techniques to generate false positive authentications, fundamentally compromising these systems’ accuracy and reliability in user verification, thus undermining the core integrity of the authentication mechanism. A fundamental question that one might ask is how vulnerable are biometric systems to fake biometric information, and how is it accomplished? A targeted review of the recent literature examines the scope and implications of biometric spoofing techniques.

For example, facial recognition systems and fingerprint authentication mechanisms exhibit significant vulnerabilities to presentation attacks (spoofing). While numerous scholars have advanced liveness detection protocols to mitigate face-based spoofing threats [10,12], the susceptibility of fingerprint biometric systems to artificial reproductions remains a pressing concern. This vulnerability has catalyzed extensive research into countermeasure development, particularly focusing on the detection, identification, and prevention of synthetic fingerprint attacks [12,13,14]. The proliferation of these security challenges underscores the critical importance of robust anti-spoofing mechanisms in biometric authentication systems. Although iris patterns offer unique identification markers independent of genetic factors, making them among the most reliable biometric identifiers, they remain susceptible to spoofing attacks. Recent research has explored various methodologies for both detecting and counterfeiting iris biometrics during authentication procedures. Notable contributions include Saranya et al. (2016) [12] who developed an Image Quality Assessment (IQA) framework to enhance biometric security systems, particularly for iris and fingerprint verification.

In response to the inherent limitations of unimodal biometric systems, multimodal biometric authentication has emerged as a sophisticated countermeasure. These systems integrate multiple biometric modalities—either heterogeneous (combining different biometric traits) or homogeneous (utilizing multiple instances of the same trait, such as bilateral iris patterns or multiple fingerprints). The integration of multiple modalities substantially elevates the system’s security threshold, as it necessitates the successful spoofing of multiple independent biometric traits simultaneously. Recent scholarly work has demonstrated that this architectural approach significantly mitigates the vulnerabilities inherent in single-modal systems while enhancing authentication robustness [15,16].

Research by Rodrigues et al. [17] explored vulnerabilities in dual-trait authentication systems combining facial recognition and fingerprint analysis. Their investigation across four distinct attack scenarios revealed that even combined biometric measures remain susceptible to sophisticated spoofing attempts. These findings highlight the necessity of integrating cryptographic protocols with multi-factor biometric systems to achieve comprehensive security.

The security and data protection paradigm represents a fundamental consideration in biometric solution architectures. While multimodal biometric systems inherently incorporate security enhancement through their multifaceted nature, the implementation of robust cryptographic frameworks becomes imperative to fortify these systems against presentation attacks and ensure data privacy preservation. The system’s capability to discriminate between genuine and fraudulent or fake biometric presentations is particularly crucial, given that contemporary spoofing methodologies can produce highly convincing synthetic biometric artifacts [11,12]. The rising frequency of cyberattacks has accelerated the adoption of biometric security measures, offering enhanced protection for enterprises and individuals in today’s digital ecosystem. The integration of cryptographic techniques with multimodal biometric systems has emerged as a crucial development in enhancing security frameworks.

Image encryption serves as a crucial security mechanism that renders visual content indecipherable, producing output that resembles stochastic noise data. While decryption necessitates precise secret keys, conventional encryption algorithms such as the Data Encryption Standard (DES) demonstrate limited efficacy when applied to image data. This limitation stems from the inherent characteristics of digital images: substantial data volumes, significant information redundancy, and a high spatial correlation between adjacent pixels [18,19].

Over the past years, the encryption ambit has attracted more research works where scholars have proposed several algorithms in the quest of providing robust image encryption leveraging new and sophisticated techniques. To name a few, chaotic-based encryption systems and Deoxyribonucleic Acid (DNA) computing attracted many researchers with the goal of achieving robust security while providing efficient computational overload [20,21].

Chaos-based encryption appears to be a good candidate solution for addressing the security gaps available within the implementation of biometric authentication systems and has been the preferred approach by many researchers because of the excellent properties it has. Chaotic systems have many characteristics such ergodicity, aperiodicity, sensitivity to initial conditions, etc., that make them suitable for a robust modern cryptographic system [22,23].

For instance, this includes dynamic instability properties, like the butterfly effect: this characteristic refers to sensitivity to initial conditions, where two random signals with slightly different initial conditions values will result in their trajectories progressing in time with substantially dissimilar and deviating directions [19]. This led to more researchers that proposed chaos-based encryption methods for image protection. However, there have been numerous chaos-based encryption systems that have been successfully attacked due to the lack of a high degree of randomness. To address those challenges, authors are employing higher dimensional chaotic systems [24,25], cascading techniques, or multiple chaotic systems [26] to achieve the desired encryption level.

For example, authors in [24] proposed a 7D hyperchaotic system that has a large key space and produces a good chaotic sequence required for a good image encryption algorithm. This scheme leverages the SHA-512 hash function to generate the system parameters and initials conditions, has a $2^{868}$ key space, and achieved an efficient encryption time of 0.51 s for gray images, 512 × 512 in size. Similarly, authors in [25] proposed a 5D hyperchaotic system by incorporating memristors into a 4D hyperchaotic system to improve the degree of randomness and introduce multi-stability properties into the system. This cascading technique elevated the security level of the system, and the system passed all the NIST Test Suite assessments. Wei Feng et al., in [27], proposed a dual hyperchaotic system, cascaded in the quest of expanding the key space to increase the degree of randomness of the system and subsequently the security level of the proposed encryption method. This scheme uses a dynamic vector level encryption operation to guarantee improved security and encryption efficiency. Conghuan Ye et al., in [28], proposed an encryption scheme that focuses on secure social digital images sharing. They utilized discrete wave transform for the feature extraction of the high samples and low samples of an image, where the high-frequency samples were scrambled and diffused using cellular automation and bit XOR, respectively, while using single value decomposition (SDV) computing. The low-frequency samples were used for watermarking. This selective encryption technique has a notable benefit in improving the encryption time efficiency while providing robustness in the proposed encryption scheme. Yu et al., 2025 [29], integrated memristors into a tri-neuro Hopefield neural network (HNN) to achieve improved dynamics of the system leading to the chaotic properties required for a good encryption system, such as firing modes and chaotic bursting. The practical implementation of the system using a Field-Programmable Gate Array (FPGA) achieved an acceptable encryption time of 0.81 s for 512 × 512 images. This demonstrates the real-world application of the proposed system.

To tackle the security challenges in the biometric authentication system ambit, multiple attack vectors that must be addressed. These include presentation attacks at the sensor level, replay attacks utilizing previously captured legitimate signals, feature extraction compromise, and template storage attacks. Each of these vulnerability points requires specific security measures, leading to the development of layered security approaches that combine multiple protection mechanisms. However, often researchers have overlooked the practicability of multistage encryption in real-work applications.

In response to those challenges, A. Rahik and C. Priya, in [30], developed an integrated authentication framework combining DNA QR encoding with EXOR operations, utilizing DNA sequences as cryptographic keys. This system incorporates facial and fingerprint biometrics for enhanced cybersecurity. Their novel fusion methodology achieved 98.58% accuracy while strengthening defenses against identity theft.

In [31], Eid and Mohamed developed a multimodal biometric system integrating iris and facial recognition, secured through 2D Henon chaotic mapping. Their approach implemented encryption at three critical stages: pre-feature extraction, pre-matching, and database storage. The combination of Henon and 2D logistic maps provided efficient encryption, while fuzzy logic fusion of face and iris matching scores achieved a FAR of 0.0345% and FRR of 0.001%.

Arulalan et al., in [32], proposed a multi-modal biometric encryption framework, integrating palmprint and fingerprint characteristics to generate 256-bit cryptographic keys for document security. The system’s strength lies in leveraging physiological traits, making key predictions computationally infeasible for adversaries. While their empirical validation demonstrated system effectiveness, the research notably omitted crucial randomness assessments of the biometric-derived bit sequences through standardized testing protocols such as FIPS or NIST suites.

The work in [26] introduced a cryptographic system combining facial and iris biometrics, utilizing dual chaos mechanics through 2G logistic sine-coupling and tent logic cosine maps. Their adaptive approach implements six rotation diffusion techniques that vary based on input images, enhancing resistance to plaintext attacks. The system demonstrated robust security metrics with entropy exceeding 7.99, NPCR > 99.6%, and UACI > 33.4%.

Despite the improvements made in the chaos-based encryption research ambit, some existing proposed algorithms have been successfully cracked through cryptanalysis [19,33,34]. Authors in [34] conducted cryptanalysis on an existing image encryption titled the 2D logistic-adjusted sine-map-based image encryption scheme, and they were able to uncover some security, practicability, and rationality problems. A notable vulnerability found was that the attack algorithm developed under chosen plain text attack conditions, and authors were able to successfully recover the plain image without prior knowledge of the encryption key. The two-dimensional chaotic system has a limited key space, and therefore, it can be susceptible to attacks, hence undermining the security of the scheme. Cryptanalysis conducted by authors in [33] with an image encryption scheme named the image encryption algorithm using a Quantum Chaotic Map and DNA Coding (QCMDC-IEA) uncovered fatal security issues in the algorithm. Given the lack of confusion and diffusion in DNA domain encryption, this weakened the system’s overall security and made it vulnerable to cryptographic attacks using differential attacks coupled with chosen plaintext attacks to fully recover the plain text images. They found that the system does not offer the security it claims to have. Following those examples where the proposed encryption methods have been found vulnerable through cryptanalysis, it is crucial to build a system that will be resistant to cryptanalysis to assess the robustness of the proposed scheme against different types of attacks.

Therefore, in this study, we propose a novel dual chaotic diffusion framework for Multimodal Biometric Security using a 4D Qi hyperchaotic system. Qi hyperchaotic systems are employed to generate the necessary random numbers required to generate secrets needed to apply encryption using bit-XOR diffusion operations to protect multimodal biometric templates (left iris, right iris, and face). A comprehensive analysis and evaluation have been conducted to verify the system confidentiality and effectiveness required for real-world biometric security applications. The main contribution of our study can be summarized as follows:

• Design of a novel dual-chaos encryption algorithm that leverages double Qi hyperchaotic systems, significantly enhancing randomness and security beyond single-chaotic methods. The algorithm implements distinct rotation diffusion methods that adapt based on input images, enhancing resistance to selected plaintext attacks. This innovative method addresses limitations of traditional chaotic systems while substantially improving the algorithm’s cryptographic strength and resistance to cryptanalysis.
• The research introduces a novel secure biometric framework that establishes a robust cryptographic relationship between active user biometric identification information and encrypted templates in the system database. This framework ensures continuous encryption of biometric data in storage, with decryption occurring only during authentication processes, effectively preventing unauthorized acquisition, tampering, and exploitation of sensitive biometric.
• The proposed framework integrates multimodal biometric authentication—combining left iris, right iris, and facial characteristics—with dual chaotic encryption, establishing a multi-layered security architecture that significantly increases the computational complexity required for successful compromise. This approach necessitates simultaneous decryption of multiple biometric modalities for user identification, thereby enhancing the system’s overall security through the principle of multi-factor authentication.
• Experimental results and performance analysis demonstrate that the proposed scheme offers significant advantages across multiple performance metrics. The system successfully passes all the 15 NIST Test Suites. Notable strengths include an expansive key space dimension of 10³²⁰, indicating robust encryption characteristics, while maintaining an efficient computational overhead despite its dual-encryption architecture.

The remainder of this paper is structured as follows: Section 2 delineates the methodological framework, focusing on the analytical characterization of Qi hyperchaotic systems and their application in image encryption. Section 3 presents the proposed dual-hyperchaotic encryption framework based on the Qi hyperchaotic system and decryption algorithm. Section 4 covers empirical findings, including comparative analyses against state-of-the-art algorithms, and offers a fair discussion of the results, while in Section 5, we present conclusive insights and directions for future research endeavors.

2. Theoretical Framework

Herein, we briefly introduce the 4D Qi hyperchaotic system that we employed in our proposed double encryption algorithm. We also covered the key generation and binary transformation, followed by the framework of the proposed system, which encompasses both the encryption and decryption algorithms.

2.1. Four-Dimensional Qi Hyperchaos System

The Qi hyperchaotic system, initially formulated by authors in [35], exhibits remarkable dynamical complexity characterized by two substantial positive Lyapunov exponents ($l_1\approx 13.46$ and $l_2\approx 3.48$), demonstrating exceptional ergodicity and sensitive dependence on initial conditions. This intrinsic characteristic establishes the system’s superior randomness properties and makes it particularly suitable for cryptographic applications. The system’s high-dimensional nature, coupled with its multiple control parameters ($a, b, c, d, e, f$), provides an extensive key space of approximately ${10}^{140}$, significantly enhancing its cryptographic robustness against brute-force attacks [36]. The mathematical model of this four-dimensional dynamical system, which serves as our pseudo-random number generator, is expressed by the following coupled differential equations, $\mathrm{E}\mathrm{q}\mathrm{u}\mathrm{a}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n} \left(1\right)$:

$$\begin{array}{c}{\dot{x}}_1=a\left(x_2-x_1\right)+x_2{x}_3,\\ {\dot{x}}_2=b\left(x_2+x_1\right)-x_1{x}_3,\\ {\dot{x}}_3=-c{x}_3-e{x}_4+x_1{x}_2, \\ {\dot{x}}_4=-d{x}_4+f{x}_3+x_1{x}_2\end{array}$$

(1)

where $(x_1, x_2, x_3, x_4)$ represent the state variables, and $(a, b, c, d, e, f)$ are the control parameters that determine the system’s dynamical behavior. The system demonstrates hyperchaotic characteristics when $a ,b\in R:\left(a,b\right)| 50\le a\le 555;20\le b\le 26, c=13$, $d=8$, $e=33, \mathrm{a}\mathrm{n}\mathrm{d} f=30$ producing complex, aperiodic trajectories with exponential divergence in multiple directions of the phase space. This hyperchaotic dynamics is visualized through phase projections in Figure 1 and Figure 2. Figure 1 illustrates the three-dimensional projections onto the ($x_1$-$x_2$-$x_3$); ($x_1$-$x_3$-$x_4$); and ($x_2$-$x_3$-$x_4$) subspaces, while Figure 2 depicts the two-dimensional projections onto the ($x_1$-$x_2$); ($x_1$-$x_3$) plane; and ($x_2$-$x_4$) planes, thereby providing complementary perspectives of the system’s rich dynamical structure.

To assess the sensitivity of the Qi hyperchaotic system to initial conditions, we analyzed the trajectory of a state variable under identical control parameters but with a minute difference in initial conditions. Two initial states were defined: $x_{0,1}\left(0\right)=-2.0501 11.3215-8-8.7]$ and $x_{0,2}\left(0\right)=x_{0,1}\left(0\right)+{[10}^{-15} 0 0 0]$ while the system parameters remained constant for both trajectories: {$a, b, c, d, e, f$} = {50, 24, 26, 8, 33, 30}. We then computed and compared the resulting state trajectories $x_{1,1}$(t) and $x_{1,2}\left(t\right)$. This infinitesimal perturbation of 10⁻¹⁵ in the initial conditions was introduced to evaluate its impact on the state values, which are crucial for the encryption and decryption processes.

Figure 3 illustrates that despite the negligible difference in initial conditions; the two trajectories diverge significantly over time. This divergence demonstrates the Qi hyperchaotic system’s extreme sensitivity to initial conditions. Such sensitivity implies that even negligible discrepancies in the initial conditions used during encryption would render successful decryption infeasible, as further demonstrated in Section 4.3. This analysis underscores the critical importance of precise initial condition specification in chaotic cryptosystems, as even imperceptible deviations can lead to entirely different trajectories and, consequently, different encryption keys [36].

2.2. Key Generation and Binary Sequence Transformation

The encryption framework utilizes the Qi hyperchaotic system’s dynamics to produce entropy-rich random sequences. These undergo binary conversion, generating cryptographic keys for securing facial and iris biometric templates. The key ${\mathrm{k}}_{\mathrm{i}}$, derived through the quantization of chaotic outputs per Equation (2), exhibits robust statistical characteristics, including uniformity and randomness.

$$k_i=dec2bin\left(mod\left(Abs\left({10}^8\times x_1\left(i\right)\right),256\right)\right)$$

(2)

where $x_1\left(i\right)$ represents the pseudorandom number generated from the Qi hyperchaos system and $i=1,2,3,4\dots \dots ,n$. $n$ represents the key length. The transformed bit sequences exhibit robust statistical characteristics, validated through NIST randomness tests. We validated the algorithm’s pseudo-random number generation capabilities through comprehensive testing using the NIST Statistical Test Suite. The results, detailed in Section 3.1, demonstrate that the generator passed all test categories with p-values consistently above the 0.01 significance threshold, confirming its statistical randomness.

3. Our Proposed Secure Biometric Protection Framework

This section delineates the proposed cryptographic scheme, presenting both encryption and decryption methodologies. The algorithms are formalized through detailed pseudocode implementations to ensure clarity and reproducibility. This research addresses biometric authentication vulnerabilities through an innovative cryptographic framework. Our approach transforms conventional template storage by implementing homomorphic encryption for biometric data protection. The system converts biometric features into secure ciphertext while maintaining essential discriminative properties for authentication, preventing template reconstruction and presentation attacks.

The security architecture leverages a multimodal approach, combining facial and dual iris recognition with a two-tier encryption mechanism based on the 4D Qi hyperchaotic system. This integration of multiple biometrics enhances system reliability through redundancy and cross-validation protocols. The hyperchaotic encryption introduces high-dimensional complexity, creating unpredictable pixel distributions that significantly increase computational resistance to brute force attacks.

The enrollment process depicted in Figure 4 captures facial and dual iris data, processes the inputs, and extracts distinct feature templates. These templates undergo encryption using Qi hyperchaotic system-generated bit streams before secure database storage, ensuring robust template protection through non-linear cryptographic transformations.

Figure 5 depicts a secure biometric verification framework where incoming biometric data undergo data pre-processing followed by feature extraction to generate comparison-ready templates. These newly generated templates are then matched against decrypted versions of previously stored encrypted templates from the database. This architecture maintains security by storing only encrypted templates in the database, decrypting them only during the verification process. The cryptographic protocols employed for template protection are elaborated extensively in Section 3.

3.1. Encryption Algorithm

The proposed scheme introduces an enhanced cryptographic architecture for biometric template protection, leveraging a sophisticated dual-encryption protocol based on 4D hyperchaotic dynamics. The security framework implements a two-phase encryption methodology, where initially extracted biometric features undergo primary encryption using keys generated from the Qi hyperchaotic system (Equation (1)). Prior to cryptographic operations, both the key sequences and biometric data are transformed into standardized binary formats of equivalent length to facilitate precise encryption procedures. The primary security phase employs an XOR transformation between the standardized Qi hyperchaotic sequence and the digitized biometric data, generating an intermediate protected template. This intermediate result undergoes secondary encryption through another XOR operation, utilizing an independent key sequence derived from the Qi hyperchaotic system. The resulting dual-encrypted template is subsequently preserved in a secured repository, establishing a robust defense mechanism against unauthorized database manipulation and security breaches. This multi-layered cryptographic approach substantially reinforces the integrity of stored biometric data. The proposed encryption scheme consists of the following main steps:

Step 1: Capture and read the plaintext biometric image $P$ of dimension $M\times N$, where $M$ and $N$ denote the image length and width, respectively. The biometric data encompass face images and both (left and right) iris images.

Step 2: Convert the acquired images into a grayscale format to ensure uniform intensity representation and computational efficiency.

Step 3: Apply preprocessing techniques and normalization to the grayscale images to generate standardized template images $P$, optimized for subsequent feature extraction and encryption processes. Complete feature extraction and create biometric templates.

Step 4: Pixel permutation through Algorithm 1: Image Pixel-Shuffling Algorithm. Image shuffling in encryption schemes significantly reduces the index of similarity between the original and shuffled images, effectively obscuring spatial relationships and visual patterns. This low similarity index enhances the encryption’s resistance to statistical analysis and visual inspection, making it substantially more challenging for attackers to derive meaningful information about the original image from the encrypted version [36]. Figure 6 illustrates visual representation of pixel shuffling.

Step 5: Apply Algorithm 2—The proposed encryption scheme leverages two distinct cryptographic keys (${key}_1$ and ${key}_2$) derived from the Qi hyperchaotic system, each generated using unique initial conditions and system parameters. The encryption process consists of three sequential phases: initial pixel shuffling producing output $S$, followed by two diffusion layers. The first diffusion layer combines the shuffled image, $S,$ with ${key}_1$ through XOR operations, yielding the intermediate ciphertext, $C_1$. Subsequently, the second diffusion layer applies XOR operations between $C_1$ and ${key}_2$, producing the final ciphertext, $C_2$. The resultant ciphertext $C_2$ represents the fully encrypted image, completing the multi-layer encryption process suitable for secure storage and transmission. The encryption equation can be expressed as follows:

$$C_k=XOR \left(K;P\right)$$

(3)

where $P$ represents the input image, $K={{key}_1, key}_2$ represent the set of keys used for the first and the second encryption, and $C_k$ represents the encrypted images.

Algorithm 1: Image Pixel-Shuffling Algorithm

Input: $Read the extracted plaintext biometric image, P \mathrm{o}\mathrm{f} \mathrm{s}\mathrm{i}\mathrm{z}\mathrm{e} M\times N \mathrm{p}\mathrm{i}\mathrm{x}\mathrm{e}\mathrm{l}\mathrm{s}$       Get the image dimensions $M\times N$              $seed=randi\left(\left[1 10000\right]\right)$                  rng (seed)              ${\mathit{T}\mathit{o}\mathit{t}\mathit{a}\mathit{l}}_{\mathit{I}\mathit{t}\mathit{e}\mathit{r}\mathit{a}\mathit{t}\mathit{i}\mathit{o}\mathit{n}\mathit{s}}$ = $M\times N$                  PixelIndices = $randperm\left({\mathit{T}\mathit{o}\mathit{t}\mathit{a}\mathit{l}}_{\mathit{I}\mathit{t}\mathit{e}\mathit{r}\mathit{a}\mathit{t}\mathit{i}\mathit{o}\mathit{n}\mathit{s}}\right)$           $reshapeImage$  = $reshape(\mathit{I}\mathit{n}\mathit{p}\mathit{u}\mathit{t}\mathit{I}\mathit{m}\mathit{a}\mathit{g}\mathit{e},[],1)$;         $ShuffledPixels$  = $reshapeImage\left(PixelIndices\right)$;         $ShuffledImage$ = $reshape(ShuffledPixels, M, N)$; End Output $ShuffledImage, S$

Algorithm 2: Double-Encryption Algorithm Pseudocode

Input:$Read the shuffled biometric image, S \mathrm{o}\mathrm{f} \mathrm{s}\mathrm{i}\mathrm{z}\mathrm{e} M\times N \mathrm{p}\mathrm{i}\mathrm{x}\mathrm{e}\mathrm{l}\mathrm{s}$ System Initialization  Define Qi Hyperchaotic system parameters for $key1$: $a_1, b_1, c_1, d_1, e_1, f_1$  Define Qi Hyperchaotic system parameters for $key2$: $a_2, b_2, c_2, d_2, e_2, f_2$  Define initial conditions for ${key}_1$: $x_1\left(0\right),x_2\left(0\right),x_3\left(0\right),x_4\left(0\right)$  Define initial conditions for ${key}_2$: ${x\prime }_1\left(0\right),{x\prime }_2\left(0\right),{x\prime }_3\left(0\right),{x\prime }_4\left(0\right)$ $\mathrm{Calculate} \mathrm{total} \mathrm{number} \mathrm{of} \mathrm{pixels}, L=M\times N$ $\mathrm{Key} \mathrm{Generation} \mathrm{Process} \mathrm{Generate} {key}_1$ sequence:  $for l=1 to L$             $x_1\left[l\right]=a_1\left(x_2\left[l-1\right]\right)+b_1\left(x_4\left[l-1\right]\right)+c_1$           $x_2\left[l\right]=d_1\left(x_1\left[l-1\right]\right)+e_1\left(x_3\left[l-1\right]\right)+f_1$         $x_3\left[l\right]=x_1\left[l-1\right]x_2\left[l-1\right]-x_4\left[l-1\right]$       $x_4\left[l\right]=x_3\left[l-1\right]+x_1\left[l-1\right]x_4\left[l-1\right]$     ${key}_1\left[l\right]=round\left(mod\left(abs\left(x_1\left[l\right]\right)\times {10}^8,256\right)\right)$  $end$ $\mathrm{Key} \mathrm{Generation} \mathrm{Process} \mathrm{Generate} {key}_2$ sequence:  $for l=1 to L$             $x_1\left[l\right]=a_2\left(x_2\left[l-1\right]\right)+b_2\left(x_4\left[l-1\right]\right)+c_2$           $x_2\left[l\right]=d_2\left(x_1\left[l-1\right]\right)+e_2\left(x_3\left[l\right]\left[l-1\right]\right)+$ $f_2$         $x_3\left[l\right]=x_1\left[l-1\right]x_2\left[l-1\right]-x_4\left[l-1\right]$       $x_4\left[l\right]=x_3\left[l-1\right]+x_1\left[l-1\right]x_4\left[l-1\right]$     ${key}_2\left[n\right]=round\left(mod\left(abs\left(x_1\left[l\right]\right)\times {10}^8, 256\right)\right)$   $end$ Reshape keys to match image dimensions         ${key}_1=reshape\left({key}_1, \left[M, N\right]\right)$       ${key}_2=reshape({key}_2, [M, N\left]\right)$ First Encryption Layer   $C_1=zeros(M, N)$     $\mathit{f}\mathit{o}\mathit{r} m=1 to M$       $\mathit{f}\mathit{o}\mathit{r} n=1 to N$         $C_1\left[m,n\right]=XOR\left(S\left[m,n\right], {key}_1\left[m,n\right]\right)$       $\mathit{e}\mathit{n}\mathit{d}$     $\mathit{e}\mathit{n}\mathit{d}$ Second Encryption Layer   $C_2=zeros(M, N)$     $for m=1 to M$       $for n=1 to N$         $C_2[m,n]=XOR\left(C1\right[m,n], {key}_2[m,n\left]\right)$       $end$     $end$ Output$: \mathrm{Encrypted} \mathrm{image} C_2$$\mathrm{of} \mathrm{size} M\times N$

As evidenced in Figure 7, the visual analysis presents unprocessed biometric images alongside their corresponding cryptographic transformations in the first and second encryption layers. The resultant encoded matrices manifest as stochastic distributions, effectively nullifying any characteristic patterns inherent to the source data. This transformation demonstrates the system’s efficacy in achieving comprehensive visual obfuscation.

3.2. Decryption Algorithm

The decryption process depicted in Figure 8 recovers the original biometric template through a two-layer decryption mechanism utilizing the 4D hyperchaotic map. The process begins with retrieving the encrypted biometric template from the database. The first stage of decryption uses the second set of keys used during the encryption, generated by the Qi hyperchaotic system in Equation (1), performing an XOR operation with the encrypted template. The output from this initial decryption becomes the input for the second decryption stage. In this stage, another XOR operation is executed using the first set of keys (also generated by the Qi hyperchaotic system), where both the keys and intermediate decrypt result are in a binary format of matching sizes. This dual-layer decryption process effectively reverses the encryption sequence, ultimately revealing the original biometric template. The successful decryption relies on using identical initial conditions and parameters from the Qi hyperchaotic system that were used during encryption. Below, the proposed decryption process is detailed, consisting of the following sequential stages:

Step 1: Retrieve the encrypted biometric image (ciphertext C₂) of dimensions $M\times N$ from secure storage, where $M$ and $N$ represent the image length and width, respectively.

Step 2: Apply the first layer of decryption by performing XOR operations between $C_2$ and ${key}_2$ derived from the Qi hyperchaotic system, yielding the intermediate ciphertext $C_1$.

Step 3: Execute the second layer of decryption through XOR operations between $C_1$ and ${key}_1$ (generated using the same Qi hyperchaotic system parameters), producing the shuffled image $S$.

Step 4: Apply Algorithm 3 to perform reverse pixel shuffling on image $S$, utilizing the same seed used in the encryption process, to obtain the standardized template image $P$.

Step 5: Verify the recovered image’s integrity through similarity analysis between the original template $P$ and the decrypted image, ensuring successful reconstruction of spatial relationships and visual patterns. The decryption process systematically reverses the multi-layer encryption, ensuring the accurate recovery of the original biometric template while maintaining the security properties established during encryption. The decryption mathematical equation is the inverse process of encryption and can be expressed as follows:

$$P=XOR \left(K;C_k\right)$$

(4)

where $P$ represents the decrypted image (plaintext), $K={{key}_1, key}_2$ represent the set of keys used for the first and the second encryption, and $C_k$ represents the encrypted images.

Algorithm 3: Image Pixel-Reverse-Shuffling Algorithm

Input:$Read the shuffled image, S \mathrm{o}\mathrm{f} \mathrm{s}\mathrm{i}\mathrm{z}\mathrm{e} M\times N \mathrm{p}\mathrm{i}\mathrm{x}\mathrm{e}\mathrm{l}\mathrm{s}$     Get the shuffled image $S$ of dimensions $M\times N$     Set random see to original value     rng (seed)         Recreate the same number of iterations          $Tota{l}_{Iterations}=M\times N$            PixelIndices = $randperm\left(Tota{l}_{Iterations}\right)$ Create the inverse permutation            $\left[~, inverseIndices\right]$ = $sort\left(PixelIndices\right)$;     $ReshapeImage$ = $reshape(shuffledImage, [], 1)$; Apply the inverse permutation     $recoveredPixels$ = $ReshapeImage\left(inverseIndices\right)$;     $recoverImage$ = $Reshape(recovereddPixels, M, N)$; Output recovered Biometric image $, P$

The pseudocode for the proposed decryption algorithm is shown in Algorithm 4.

Algorithm 4: Decryption Algorithm Pseudocode
Input:$Read the encrypted biometric,C2$
	$\mathrm{Use} \mathrm{the} \mathrm{exact} \mathrm{same} \mathrm{keys} \mathrm{with} \mathrm{the} \mathrm{same} \mathrm{parameters} \mathrm{and} \mathrm{initial} \mathrm{conditions} \mathrm{as} \mathrm{in} \mathit{Algorithm}\mathit{1}: key1$ and $key2$. We are going to use the same set of keys since this is a symmetric encryption. Reshape keys to match image dimensions     ${key}_1=reshape\left({key}_1, \left[M, N\right]\right)$       ${key}_2=reshape\left({key}_2, \left[M, N\right]\right)$ $\mathrm{First} \mathrm{Decryption} \mathrm{Layer} (\mathrm{Reverse} \mathrm{Sec}\mathrm{ond} \mathrm{Encryption})$    $C1=zeros(M, N)$       $for m=1 to M$           $for n=1 to N$            $C1[m,n]=XOR\left(C2\right[m,n], {key}_2[m,n\left]\right)$                $end$             $end$ Second Decryption Layer    $S=zeros(M, N)$       $for m=1 to M$        $for n=1 to N$         $\mathrm{S}[m,n]=XOR\left(C1\right[m,n], {key}_1[m,n\left]\right)$        $end$       $end$ Apply the Algorithm 3: Image Pixel reverse shuffling Algorithm to recover the original image pixels positions. The permutation must be of the same iterations as they ones completed during the shuffling process, iterations = $M\times N$ Output: $\mathrm{Decrypted} \mathrm{image} P$$\mathrm{of} \mathrm{size} M\times N$

As illustrated in Figure 8, the encrypted biometric images were successfully restored to their original form through the application of identical cryptographic keys used in the encryption process, demonstrating the algorithm’s symmetry.

4. Experimental and Performance Analyses

This section will cover the experimental results and the performance of the proposed algorithm as well the comparison with existing state-of-the-art schemes. The performance evaluation will be in terms of system security, resistance to differential attacks, and encryption efficiency. This includes but is not limited to a system randomness test using the NIST Test Suite, visual assessment, key space analysis, key sensitivity, plain text sensitivity, correlation coefficients of adjacent pixels, etc. The datasets used for our experiments are obtained from common databases, which are CASIA databases (Biometrics Ideal Test, available online: http://biometrics.idealtest.org/dbDetailForUser.do?id=4 (assessed on 23 April 2023)). For our proposed algorithm, we leveraged Matlab 2025a online to conduct our experimental simulations. Matlab 2025a online uses a cloud-based environment with 1 Virtual CPU (vCPU) and 4 GB RAM, 2.5 GHz.

4.1. Qi Hyperchaos System Randomness Test

A chaotic map must generate highly random sequences to ensure unpredictability and sensitivity to initial conditions, which are crucial for robust cryptographic systems [36,37]. However, many chaotic maps suffer from periodic behavior, a limited key space, or a non-uniform distribution, creating vulnerabilities in cryptographic applications [38]. The National Institute of Standards and Technology (NIST) Statistical Test Suite addresses these concerns by providing 15 statistical tests that evaluate various aspects of randomness, including frequency patterns, runs, entropy, and complexity measures. The suite helps detect deviations from truly random behavior by analyzing binary sequences and producing p-values for each test, where values above 0.01 indicate sufficient randomness [36]. A chaotic map must pass all these tests to be considered cryptographically secure, ensuring no statistical patterns can be exploited by attackers. While traditional chaotic maps like logistic and tent maps often fail several NIST tests due to their inherent limitations, multi-dimensional hyperchaotic systems, hybrid chaotic maps, or enhanced chaotic systems are designed to overcome these shortcomings by combining multiple maps or incorporating additional randomization techniques [23].

Figure 9 presents a comprehensive flow diagram depicting the NIST Statistical Test Suite implementation for evaluating the randomness properties of the 4D Qi hyperchaotic map employed in our proposed algorithm. The statistical analysis results, summarized in

Table 1. NIST 800-22 test results for Qi hyperchaotic system.

Test Name	${\mathit{p}\text{-}\mathit{V}\mathit{a}\mathit{l}\mathit{u}\mathit{e}}_{\mathit{Q}\mathit{i}\_\mathit{K}\mathit{e}\mathit{y}1}$	${\mathit{p}\text{-}\mathit{V}\mathit{a}\mathit{l}\mathit{u}\mathit{e}}_{\mathit{Q}\mathit{i}\_\mathit{K}\mathit{e}\mathit{y}2}$	Result
Frequency (Monobit) Test	0.0375	0.8103	Pass–Random
Block Frequency Test	0.7509	0.3084	Pass–Random
Runs Test	0.7632	0.4023	Pass–Random
Longest Run of Ones in a Block Test	0.4252	0.0215	Pass–Random
Binary Matrix Rank Test	0.6883	0.5895	Pass–Random
Discrete Fourier Transform (Spectral) Test	0.5318	0.7420	Pass–Random
Non-overlapping Template Matching Test	0.4654	0.8026	Pass–Random
Overlapping Template Matching Test	0.6917	0.9102	Pass–Random
Maurer’s Universal Statistical Test	0.4965	0.5782	Pass–Random
Linear Complexity Test	0.8346	0.7831	Pass–Random
Serial Test	0.0491	0.1749	Pass–Random
Approximate Entropy Test	0.9704	0.1690	Pass–Random
Cumulative Sums (Cusum) Test	0.9998	0.1045	Pass–Random
Random Excursions Test	0.9992	0.0916	Pass–Random
Random Excursions Variant Test	0.9985	0.8342	Pass–Random

, demonstrate that the bit sequences generated by the Qi hyperchaotic system satisfy the NIST criteria for randomness with p-values exceeding the standard threshold of 0.01. These findings substantiate that the generated sequences possess sufficient entropy and statistical randomness properties, rendering them suitable for deployment in robust cryptographic applications.

4.2. Key Space Analysis

Key space analysis in chaotic cryptography evaluates the possible combinations of system parameters and initial conditions that generate valid chaotic behavior. While theoretical key space encompasses all parameter values within defined ranges, effective key space considers only parameter combinations yielding genuine chaos, verified through positive Lyapunov exponents. Security standards require an effective key space exceeding 2¹⁰⁰ to prevent brute-force attacks, with high sensitivity to parameter perturbations. This analysis is fundamental for ensuring cryptographic security and system viability [36].

In our implementation, the final encryption represents the composite product of the two encryption keys ($e_1\left(k\right)$, $e_2\left(k\right)$) employed in the successive encryption layers. Each key is characterized by four initial conditions ($x_{1e\left(k\right)}\left(0\right)$, $x_{2e\left(k\right)}\left(0\right)$, $x_{3e\left(k\right)}\left(0\right)$, $x_{4e\left(k\right)}\left(0\right))$ and six control parameters ($a, b, c, d, e, f$). Assuming a computational precision of ${10}^{16}$, the key space magnitude, $K_s$, for our proposed dual-layer encryption algorithm can be expressed as

$${K_s=10}^{16x(N_{ic}+N_p)}$$

(5)

where $N_{ic}$ represents the total number of initial conditions, and $N_p$ denotes the total number of parameters. Given that the algorithm employs eight initial conditions and twelve parameters in total, the resultant key space is calculated as 10¹⁶ × ²⁰ = 10³²⁰. This value substantially exceeds the key space threshold of 2¹⁰⁰, which is often considered a benchmark for computational infeasibility in cryptographic contexts [33,35,39], suggesting that the algorithm’s robust resistance to brute-force cryptanalytic attacks. The proposed scheme demonstrates an expanded key space, suggesting enhanced cryptographic robustness. Comparative analysis with existing algorithms reveals superior key space dimensions in our proposed system, as shown in

Table 2. Key Space performance analysis.

Chaotic System	Precision	Number of Parameter and Initial Conditions	Key Space
Ours	${10}^{16}$	20	${ 10}^{320}$
Ref. [40]	${10}^{16}$	8	${ 10}^{128}$
Ref. [36]	${10}^{16}$	10	${10}^{140}$
Ref. [26]	${10}^{16}$	5	${10}^{80}$
Ref. [41]	${10}^{16}$	14	${10}^{224}$

. Our proposed scheme leverages a larger number of initial conditions and control parameters, which gives it an edge over systems that have a limited number of parameters.

4.3. Key Sensitivity Analysis

Key sensitivity analysis demonstrates that a minor alteration in the encryption key should result in a completely different ciphertext, even when encrypting the same plaintext. In our evaluation, we modified a single bit in the original key and performed encryption with both the original and modified keys, resulting in two distinct ciphertexts. Statistical comparison between these ciphertexts yielded a correlation coefficient near zero (approximately 0.0042), indicating that the proposed algorithm exhibits strong key sensitivity. This characteristic ensures that an adversary cannot derive meaningful relationships between ciphertexts even with minimal variations in encryption keys, thus confirming the algorithm’s robustness against key-based attacks. Figure 8 illustrates the encrypted images generated using the original encryption keys $e_1\left(k\right)$ and $e_2\left(k\right)$, with initial conditions defined as follows: $x_{1e1\left(k\right)}\left(0\right)=-2.510$, $x_{2e1\left(k\right)}\left(0\right)=11.3215$, $x_{3e1\left(k\right)}\left(0\right)=-8$, and $x_{4e1\left(k\right)}\left(0\right)=-8.7$ and $x_{1e2\left(k\right)}\left(0\right)=-2.510$, $x_{2e2\left(k\right)}\left(0\right)=11.3215$, $x_{3e2\left(k\right)}\left(0\right)=-8$, and $x_{4e2\left(k\right)}\left(0\right)=-8.7$. To assess the system’s sensitivity to initial conditions, the encryption keys were modified by introducing a perturbation of 10⁻¹⁵ while maintaining all other parameters constant. As depicted in Figure 10, a minimal perturbation in the initial conditions yielded significantly different encryption outcomes, with a statistical divergence of 99.227% between the images encrypted using the original and modified keys, thereby demonstrating the system’s high sensitivity to initial conditions.

To further evaluate the cryptosystem’s key sensitivity in the decryption phase, we conducted a comparative analysis using two sets of keys: the authorized encryption key $e_1\left(k\right)$, and a minutely perturbed key $e_2\left(k\right)$, where $e_2\left(k\right)$ differs from $e_1\left(k\right)$ by a perturbation of magnitude 10⁻¹⁵ as an example. Figure 11 illustrates the decryption outcomes, demonstrating that while $e_1\left(k\right)$ successfully reconstructs the original plaintext image, the attempted decryption with $e_2\left(k\right)$ yields an entirely indistinguishable output. This pronounced disparity in decryption results, despite the infinitesimal key variation, empirically validates the cryptosystem’s extreme sensitivity to initial conditions—a characteristic inherited from the underlying Qi hyperchaotic system. Such robust key sensitivity ensures that even if an adversary obtains a key extremely close to the correct one, the decryption process fails completely, thereby reinforcing the cryptosystem’s resistance against brute-force and related-key attacks.

4.4. Histogram Analysis

Histogram analysis serves as a fundamental statistical tool for evaluating the strength of encryption algorithms by examining the frequency distribution of pixel values or character occurrences in both plaintext and ciphertext. In secure encryption systems, the ciphertext histogram should demonstrate a uniform distribution, effectively masking the statistical patterns present in the original data [36].

Significant deviations from uniformity may indicate statistical vulnerabilities that could be exploited through cryptanalysis techniques. This analysis provides quantifiable metrics for assessing the algorithm’s resistance to statistical attacks and its effectiveness in achieving confusion and diffusion properties as defined by Shannon’s principles of cryptography [39,42].

Figure 12 illustrates the frequency distribution histograms, depicting pixel intensity values of the original plaintext images and their corresponding first- and second-layer encrypted variants for the left iris, right iris, and facial biometric samples, respectively. The resultant histogram patterns demonstrate that the proposed dual-layer encryption algorithm effectively transforms the initial pixel distribution into a uniform distribution in the encrypted templates. This uniformity in pixel distribution indicates the algorithm’s robust resistance to statistical attacks, as it eliminates discernible patterns between the plaintext and ciphertext, thereby enhancing the security of the encrypted biometric templates against cryptanalysis [39].

The decryption sequence illustrated in Figure 13 presents the pixel distribution of progressive decryption stages, depicting the transformation from second-tier encryption through first-tier decryption, culminating in the retrieval of the original plaintext image. Comparative analysis of the histogram distributions between Figure 12 and Figure 13 reveals consistent pixel intensity patterns, validating the successful reconstruction of the initial biometric data through the decryption protocol. This correlation in pixel distribution characteristics confirms the algorithm’s ability to accurately reverse the encryption process, preserving the integrity of the biometric information.

4.5. Pixels Correlation Analysis

The correlation coefficient (ρ) serves as a crucial metric in evaluating the strength of encryption algorithms by measuring the statistical relationship between plaintext and its corresponding ciphertext. In a robust cryptographic system, the correlation coefficient should approach zero, indicating minimal statistical similarity between the original and encrypted data [43]. The correlation coefficient is expressed as

$$\rho \left(x,y\right)={\displaystyle \frac{N{\sum }_{j=1}^N(x_j\times y_j)-{\sum }_j^N{x}_j{\sum }_j^N{y}_j}{\sqrt{\left(N{\sum }_{j=1}^N{x_j}^2-{\left({\sum }_{j=1}^N{x}_j\right)}^2\right)\times \left(N{\sum }_{j=1}^N{y_j}^2-{\left({\sum }_{j=1}^N{y}_j\right)}^2\right)}}}$$

(6)

where $x$ and $y$ represent the gray-level intensity values of adjacent pixel pairs within the biometric image, and $N$ represents the total quantity of image pixels selected for computational analysis. For an ideal encryption algorithm, ρ ≈ 0 signifies that the relationship between plaintext and ciphertext is effectively random. Higher absolute values of ρ (approaching ±1) may indicate potential vulnerabilities in the encryption scheme, as they suggest a detectable pattern between input and output data streams. This mathematical property is fundamental in cryptanalysis and serves as a quantitative measure of an algorithm’s resistance to statistical attacks [40].

Figure 14, Figure 15 and Figure 16 present the pixel correlation analysis for left iris, right iris, and facial biometric images, respectively, examining adjacent pixel relationships across horizontal, vertical, and diagonal orientations. The analysis encompasses three sequential phases: (a) original plaintext images exhibiting strong intrinsic spatial correlations, (b) intermediate outputs following first-level encryption showing substantial decorrelation, and (c) final ciphertext after second-level encryption demonstrating further randomization of pixel relationships. This progressive decorrelation validates the encryption algorithms’ efficacy in disrupting the inherent spatial redundancy of biometric image data.

As illustrated in

Table 3. Comparative analysis of adjacent pixel correlation coefficients across three directional planes with existing cryptographic schemes.

Chaotic System	Correlation Coefficients
	Horizontal	Vertical	Diagonal
Ours	0.0072	0.0046	0.0063
Ref. [36]	0.0105	−0.0019	−0.0019
Ref. [40]	0.0206	0.0003	−0.0141
Ref. [41]	−0.0082	0.0073	0.0089
Ref. [44]	0.0003	0.0009	0.019
Ref. [45]	0.0011	0.0012	0.016
Ref. [46]	0.004	0.007	0.037

, the correlation coefficient analysis shows the comparative performance between our proposed algorithm and existing state-of-the-art methodologies using the Lena image as a reference. The simulation results indicate that our novel cryptosystem exhibits robust statistical properties, achieving correlation coefficients close to 0 that suggest strong resistance against statistical attacks. These findings validate the cryptographic strength of the proposed encryption scheme.

4.6. Information Entropy Analysis

Information entropy analysis quantifies the randomness and unpredictability of encrypted data through Shannon’s entropy measure:

$$H(m)=-\sum _{i-=0}^{2^N-1}P(m_{\mathrm{i}}){log}_{2}P(m_{\mathrm{i}})$$

(7)

where m represents gray image, $P\left(m_{\mathrm{i}}\right)$ represents the probability distribution of pixel values. For 8-bit grayscale images, the theoretical optimum of 8 bits indicates perfect uniformity in pixel distribution. Modern encryption algorithms must demonstrate entropy values approaching this theoretical maximum, signifying minimal information leakage and robust resistance to statistical attacks. The convergence of measured entropy to this theoretical bound, combined with uniform pixel distribution analysis, serves as a critical benchmark for evaluating the cryptographic strength and statistical independence of the encryption scheme.

Table 4. Performance analysis of entropy of encrypted Lena Image by existing schemes.

Proposed	Ref. [36]	Ref. [40]	Ref. [43]	Ref. [47]	Ref. [48]	Ref. [49]
7.9988	7.9983	7.9998	7.9996	7.9993	7.9971	7.7795

presents a comparison of information entropy performance between our proposed method and existing algorithms. A value close to the ideal value of eight indicates that the system randomness is satisfactory and the proposed schemed has the capabilities to resist entropy-based attacks.

Figure 17 presents the information entropy analysis across the three stages of our proposed system showing original plaintext biometric images (blue), first-level encryption (orange), and second-level encryption (yellow) for left iris, right iris, and face images. The entropy for the first and second layers of encrypted biometrics display satisfactory values close to the idea value of 8, thus indicating that our proposed cryptosystem is robust enough and can resist brute-force attacks.

4.7. Diferential Attacks Analysis

The NPCR and UACI serve as fundamental metrics for evaluating an encryption algorithm’s resilience against differential attacks. The NPCR quantifies the percentage change in pixel values between two encrypted images when their original images differ by a single pixel, with an ideal value approaching 99.6% [50]. Its mathematical formular is expressed as follows:

$$NPCR={\displaystyle \frac{{\sum }_{i, j}D(i,j)}{M\times N}}\times 100\%$$

(8)

where $D(i,j)$ equals 0 if pixel values are identical and 1 if different, and $M\times N$ represents the image dimensions.

Complementing this, the UACI measures the average intensity difference between two encrypted images, targeting an ideal value of around 33.4% [46]. It is calculated as

$$UACI={\displaystyle \frac{1}{M\times N}}\left[{\sum }_{i,j}{\displaystyle \frac{\left|C1\left(i,j\right)-C2\left(i,j\right)\right|}{255}}\right]\times 100\%$$

(9)

where $C1$ and $C2$ represent the encrypted images. Together, these metrics assess an algorithm’s diffusion properties and its ability to resist chosen plaintext attacks, with values closer to their theoretical ideals indicating stronger security characteristics in image encryption algorithms. Figure 18 illustrates the NPCR and UACI performance metrics for the first and second levels of encryption in the proposed algorithm, as applied to left iris, right iris, and facial biometric images.

Table 5. NPCR and UACI performance and comparison with existing methods using Lena image.

	Proposed	Ref. [26]	Ref. [36]	Ref. [40]	Ref. [44]	Ref. [47]	Ref. [49]	Ref. [51]
NPCR (%)	99.629	99.658	99.810	99.715	99.603	99.614	99.510	99.630
UACI (%)	33.441	33.459	33.400	33.511	33.692	33.466	33.160	33.480

presents a comparative analysis of the NPCR and UACI performance between our proposed scheme and existing algorithms using Lena as the reference benchmark input. The results demonstrate that our proposed algorithm exhibits high sensitivity to slight pixel value changes in the original biometric image, thereby providing robust encryption against differential attacks. When compared with existing algorithms, our proposed scheme presents equally satisfactory results while outperforming some existing schemes.

4.8. Time Efficiency Analysis

The time efficiency of encryption algorithms is crucial in modern cryptographic systems, directly impacting their practical implementation and real-world performance. In resource-constrained environments and high-throughput scenarios, the computational complexity of encryption operations significantly affects system performance and resource utilization. Therefore, optimizing the balance between security strength and computational efficiency remains a fundamental consideration in cryptographic algorithm design [52].

Table 6. Comparison analysis of encryption time with existing algorithms using Lena image.

Algorithms	Image Size	Encryption Time in s	Decryption Time in s
Ours	512 × 512	0.8763	1.0910
	256 × 256	0.50913	0.5219
Ref. [26]	512 × 512	2.727	2.708
	256 × 256	0.941	0.902
Ref. [39]	512 × 512	0.951	-
	-	-	-
Ref. [44]	512 × 512	0.5156	-
	256 × 256	0.1272	-
Ref. [45]	512 × 512	-	-
	256 × 256	0.8342	-
Ref. [54]	512 × 512	16.43	-
	256 × 256	8.2	-
Ref. [55]	512 × 512	25.867	24.564
	256 × 256	6.494	6.471

illustrates the performance of encryption and decryption times across 512 × 512 and 256 × 256 image sizes. In comparison with existing multimodal biometric encryption schemes, our proposed approach demonstrates distinct advantages. While Zhang et al. [26] implemented double chaotic rotating diffusion, our method achieves superior encryption time efficiency. Although Wang et al. [53] reported marginally better computational performance, it is noteworthy that their implementation utilized 8GB RAM compared to our 4GB RAM testing environment. Furthermore, our scheme offers an expanded key space, enhancing cryptographic security. The experimental result of our approach is evidenced through extensive testing on a comprehensive image database, in contrast to the limited six-image evaluation presented by Liu et al. [45], thus providing more statistically significant performance metrics. The results demonstrate that the proposed scheme offers several advantages over existing algorithms in [39,44,54,55].

Portions of the research in this paper use CASIA Iris and CASIA Face, collected by the Chinese Academy of Sciences’ Institute of Automation (CASIA) with reference to “CASIA Iris and CASIA Face Image Databases”, http://biometrics.idealtest.org/ [56].

5. Conclusions

This paper presented a novel dual-layer cryptographic framework for securing multimodal biometric templates using the 4D Qi hyperchaotic system. During identification and matching processes, the system employs a comprehensive traversal mechanism to navigate recognition codes and decrypt corresponding ciphertext data. This robust approach ensures the integrity and confidentiality of stored biometric information against unauthorized access, tampering, and destruction. The proposed double chaotic-based diffusion encryption method leverages dual chaos properties to enhance scrambling effectiveness, while plaintext-related control parameters govern the algorithm’s diffusion dynamics, demonstrating strong resistance to selected plaintext attacks. The proposed system demonstrates superior performance across multiple security metrics compared to existing schemes. The algorithm achieved exceptional randomness properties, validated by comprehensive NIST testing with p-values consistently above 0.01 across all 15 NIST test categories. Security analysis revealed robust cryptographic metrics including entropy values exceeding 7.99 bits, correlation coefficients approaching zero (<${10}^{-2}$), and strong differential attack resistance with an NPCR of 99.6% and a UACI of 33.45%. The expansive key space of 10³²⁰ significantly exceeds the key space threshold of 2¹⁰⁰, providing robust resistance to brute-force attacks. Comparative analysis demonstrates that our approach outperforms some existing schemes in both security metrics and computational efficiency. This framework represents a significant advancement in biometric template protection, offering a balanced solution between security robustness and operational efficiency for practical deployment in high-security multimodal biometric applications. Future research directions will explore the implementation of multilayered encryption protocols across various authentication phases, extending beyond the current focus on template storage security. This comprehensive approach aims to enhance the biometric authentication system’s robustness by integrating cryptographic mechanisms throughout the authentication pipeline, thereby addressing potential vulnerabilities in data transmission and processing stages.