A New One-Dimensional Compound Chaotic System and Its Application in High-Speed Image Encryption

: In the edge computing and network communication environment, important image data need to be transmitted and stored securely. Under the condition of limited computing resources, it is particularly necessary to design effective and fast image encryption algorithms. One-dimensional (1D) chaotic maps provide an effective solution for real-time image encryption, but most 1D chaotic maps have only one parameter and a narrow chaotic interval, which has the disadvantage of security. In this paper, a new compound 1D chaotic map composed of a logistic map and tent map is proposed. The new system has two system parameters and an arbitrarily large chaotic parameter interval, and its chaotic signal is evenly distributed in the whole value space so it can improve the security in the application of information encryption. Furthermore, based on the new chaotic system, a fast image encryption algorithm is proposed. The algorithm takes the image row (column) as the cyclic encryption unit, and the time overhead is greatly reduced compared with the algorithm taking the pixel as the encryption unit. In addition, the mechanism of intermediate key associated with image content is introduced to improve the ability of the algorithm to resist chosen-plaintext attack and differential attack. Experiments show that the proposed image encryption algorithm has obvious speed advantages and good cryptographic performance, showing its excellent application potential in secure network communication. is effectively performed: All p -values among 1000 sequences used for testing are evenly distributed in the 10 subintervals, while the pass rate is also acceptable. The average pass rate is 99.01%, with one minimum pass rate of 98.1%. Experimental results show that the sequences generated by the logistic-tent map proposed in this paper have good pseudo randomness. Therefore, the compound chaotic system can be used as a pseudo-random number generator.


Introduction
In today's networking information age, human communication and information exchange mainly rely on network digital communication, and multimedia digital communication plays an important role in human digital communication. Therefore, the amount of multimedia data to be stored and transmitted is increasing. The protection of data security and privacy has become an urgent problem to be solved. Unfortunately, traditional encryption schemes such as AES, DES and RSA are mainly designed for text data so they are not suitable for image security applications [1,2], especially for real-time encryption of big data. Because of the huge amount of image data, high information redundancy and strong correlation urges researchers to seek efficient image encryption algorithms. Therefore, some new image encryption schemes based on different theories and technologies have attracted the attention of researchers. Among them, chaos-based cryptography shows obvious advantages in the field of image encryption [3][4][5][6][7].
Since the sequence of state values generated by the chaotic system have aperiodic ergodicity and extreme sensitivity to initial conditions, chaotic sequence is a pseudorandom sequence with unpredictability. These characteristics of chaotic sequences coincide with the basic requirements of cryptography. As a result, chaotic sequence has a good value in cryptography, and the image encryption technology based on chaos has attracted more and more attention [5,[7][8][9]. Generally speaking, chaotic systems are divided into high-dimensional continuous time systems described by differential equations and lowdimensional discrete time systems described by iterative maps. The structure of a lowdimensional discrete chaotic map is simple, the software calculation speed is fast, and the hardware implementation is easier. However, some common low-dimensional discrete chaotic maps have the following defects: the number of parameters is small, and the map is easy to predict. Moreover, the range of parameters with chaotic behavior are narrow and the distribution of state values is not uniform. For example, there are such systems as the famous logistic map [10], tent map [11], sine map [12], etc. Due to the above shortcomings of such chaotic systems, information encryption brings the risk of security reduction. On the contrary, the high-dimensional continuous time chaotic system has more variables and parameters, and the parameter interval of chaotic behavior is large. However, this kind of complex dynamical system described by differential equations is more difficult to implement by hardware and requires more time overhead for software calculation, so it is not suitable for real-time encryption applications.
Constructing new chaotic systems with a simple structure and high unpredictability has become an important issue for many cryptologists and researchers [13][14][15][16][17]. Ramasamy et al. [18] proposed an enhanced logistic map (ELM) and applied it in an image encryption scheme based on block scrambling and modified zigzag transformation. The authors claim that the method is secure and computationally efficient based on the analysis of the proposed method. Gupta et al. [19] proposed a lightweight image encryption algorithm based on a logistic-tent map and crossover operator. The extensive experiments of performance and security assessment show that the proposed image encryption scheme is secure enough to withstand all potential cryptanalytic attacks. Tong et al. [20] proposed a new perturbed high-dimensional chaotic map and applied it to design a new encryption scheme. Although the encryption scheme can obtain satisfactory security, its encryption speed cannot meet the requirements of real-time encryption. Pak et al. [21] proposed a new 1D chaotic system and applied it to color image encryption. Although the encryption system has acceptable speed, it has security defects. Some researchers have analyzed the encryption system [22,23]. Hua et al. [24] proposed a new two-dimensional (2D) chaotic system called a 2D-LASM and applied it to design an image encryption scheme. Although the authors claim that the system has a high security level, Feng et al. [25] did a detailed cryptanalysis for it and cracked the cryptosystem. Wang et al. [26] proposed a fast image encryption algorithm based on a logistic map, which has high encryption speed. However, the logistic map is not secure enough because of its small chaotic space and is vulnerable to brute force attacks. Although some existing image encryption algorithms have high security [6,[27][28][29][30][31][32], many of them are only suitable for specific types of image encryption, such as color image and medical image, and cannot handle all types of digital images. The defects of these existing image encryption schemes have aroused our motivation to design a new image encryption scheme that is safe, fast and universal.
In this paper, a new discrete chaotic map composed of a logistic map and tent map is proposed. The compound map has a very wide range of chaotic parameters and the system structure is simple, which can realize fast calculation and is more suitable for real-time image encryption processing. It can also generate a uniformly distributed sequence filled with the whole state value space, which validates its application in cryptography with a large enough secret key space and can resist the violent attack of key exhaustion. The uniformly distributed state values can better resist the attack of statistical analysis. Through a series of famous chaos theory tools, such as theoretical proof of state boundedness, Lyapunov exponent, bifurcation diagram, approximate entropy, time-series diagram and cobweb graph, we prove the highly chaotic behavior of the proposed compound chaotic map. Based on the new chaotic map system, we also designed a new high-speed image encryption scheme. In this new image encryption scheme, we adopt an improved permutation-substitution strategy which completes the permutation of image pixel positions and the substitution of pixel values simultaneously and takes the image row or column as the cyclic processing unit instead of a single pixel as the cyclic processing unit, which greatly improves the security and speed of the scheme. In addition, the new image encryption scheme can achieve satisfactory encryption effects with a small number of encryption rounds. The number of encryption rounds can be adjusted according to the actual requirement. We use histogram analysis, information entropy, key analysis, and ciphertext sensitivity to plaintext and key to evaluate the efficiency and security of the scheme. In the same experimental environment, we also compare this scheme with some latest encryption schemes. The comparison results show that the new scheme is superior to other schemes in safety and speed. The main contributions of this work are as follows: (1) A new model of one-dimensional discrete compound chaotic map is proposed, which has two system parameters and unlimited parameter range. The parameter interval of this system, which can generate chaotic phenomena, is much wider than the existing 1D maps, and the generated chaotic signals are more evenly distributed in the range of (0, 1). Therefore, the system used for information encryption can obtain larger key space and better security.
(2) Based on the new chaotic system, a new image encryption algorithm is proposed, which combines the traditional permutation and substitution operations and simultaneously realizes the pixel position permutation and pixel value substitution. It can not only improve the encryption speed, but also increase the difficulty of deciphering the key. In addition, the encryption operation cycle process takes rows (columns) as processing units instead of pixels as processing units, which can significantly improve the encryption speed.
(3) The intermediate key is related to the content of the image to be encrypted. By introducing this mechanism, the ability of the cryptosystem to resist chosen-plaintext attack is improved. In addition, the sensitivity of ciphertext to plaintext is also enhanced, which leads to the improvement of the performance of the algorithm against differential cryptanalysis.
The rest of this paper is arranged as follows: Section 2 introduces the proposed new chaotic map system and proves its strong chaotic behavior with common chaos theory tools. Section 3 introduces the proposed new image encryption scheme based on this chaotic map. Section 4 tests the performance and security analysis of the proposed new image encryption scheme. The last section is the summary of the whole paper.

The Proposed New One-Dimensional Chaotic Map
In this paper, a new one-dimensional compound chaotic system is constructed based on the 1D logistic map and 1D tent map. First, we briefly introduce the mathematical models of the logistic map and tent map and their basic characteristics (Lyapunov exponent and bifurcation diagram).

Logistic Map (LM)
The mathematical model of the logistic map (LM) system is shown in Equation (1) [10]. (1) In Equation (1), x n represents the state values of the system at the n-th discrete time point (n = 0, 1, . . . ), x 0 represents the initial state value of the system. b is the control parameter of the system. When b ∈ [3.57, 4] , the function f(x n ) is a map: x n ∈ (0, 1) → x n+1 ∈ (0, 1) , and the iterative sequence {x 0 , x 1 , x 2 , . . . } generated by the initial state value of x 0 ∈ (0, 1) is aperiodic (or the period is infinite and the state value is not repeated) and is seemingly an irregular (random) sequence. However, the state values in the sequence are bounded (that is, the value of x 0 ∈ (0, 1) , x n will not run out of the range of (0, 1), which is called the attractor). Figure 1a is a graph of the Lyapunov exponent of the logistic map changing with parameter b. Among them, the formula for calculating the Lyapunov exponent LE of 1D maps is shown in formula (2).
In formula (2), f (x n ) is the value of the derivative function of the mapping function at x n . In actual calculation if the value of N is large enough, the Lyapunov exponent will converge to a fixed constant. As long as it is found that the Lyapunov exponent starts to stabilize (no longer changes with the increase of N), then N can be regarded as satisfying the condition of N → ∞ . A positive Lyapunov exponent means chaos. Figure 1 shows the variation of the Lyapunov exponent and bifurcation diagram of the system with parameter b. As can be seen from Figure 1a, when the parameter b satisfies b ∈ [3.57, 4] , the system goes into a chaotic state. When b = 4, the maximum Lyapunov exponent occurs, which is LE max = 0.6931. Figure 1b is the bifurcation diagram of Logistic map changing with parameter b, which is consistent with the phenomenon revealed in Figure 1a; that is, when the parameter b satisfies b ∈ [3.57, 4] , the value number of the system state is infinite, and with the increase of b, the value of the system state gradually fills the whole range of (0, 1).

Tent Map (TM)
The mathematical model of the tent map (TM) [11] system is shown in Equation (3): In Equation (3), x n represents the state values of the system at the n-th discrete time point (n = 0, 1, 2, . . . ). x 0 represents the initial state value of the system, and b is the control parameter of the system. Figure 2 shows the variation of the Lyapunov exponent and bifurcation diagram of the tent map with parameter b. Figure 2a is the Lyapunov exponent curve of the tent map with a system parameter b. When b = 4, the maximum Lyapunov exponent occurs, which is LE max = 0.6931. Figure 2b is the state value bifurcation diagram of the tent map with system parameter b. As can be seen from Figure 2, when b ∈ (2, 4] , system (3) enters the chaotic state.
The disadvantages of the above two systems are as follows: First, the parameter interval of the system where chaos occurs is relatively narrow (the chaotic parameter interval of LM system is b ∈ (3.57, 4] , and the chaotic parameter interval of TM system is b ∈ (2, 4] ). Second, when b < 4, the value of the system state cannot fill the whole space range of (0, 1).

Logistic-Tent Map (LTM)
In this paper, a compound chaotic system, named the logistic-tent map (LTM) system, is proposed. The mathematical model of LTM system is shown in formula (4) where x n ∈ (0, 1) is the state variable of the system, a and b are two control parameters of the system, a ∈ (0, +∞) and b ∈ [0, a].
Proof. The monotonicity of the function in the interval can be proven according to the positive and negative of the function derivative. The derivative function of f(x n ) is It can be concluded from Equation (5) that when x n ∈ (0, 0.5) , owing to f (x n )> 0, so the function f(x n ) increases monotonically over the interval (0, 0.5). It can be seen from this that f(0) < f(x n ) < f(0.5), namely: 0 < f(x n ) < 1. When x n ∈ (0.5, 1) , owing to f (x n )<0, the function f(x n ) decreases monotonically over the interval (0.5, 1). It can be seen from this that f(1) < f(x n ) < f(0.5), namely: 0 < f(x n ) < 1.
Property 1 shows that the state values of LTM are bounded and conform to the attractor condition.

Lyapunov Exponent and Bifurcation Diagram of LTM System
The Lyapunov exponent of system (4) is positive in all ranges of the parameter interval of b (see Figure 3a, where a = 6). When b = 0.35, the Lyapunov exponent has the maximum value of LE max = 0.6934. The bifurcation diagram (see Figure 3b, where a = 6) of state values of the system also proves that the system is aperiodic in the whole parameter value range (unlimited values/no repetition), and the state values can evenly fill the whole value space in (0, 1). These characteristics of the LTM system will bring better security for information encryption.

Approximate Entropy of LTM System
Approximate entropy can measure the randomness and complexity of the time series. The approximate entropy of periodic series is 0, and the approximate entropy of chaotic series is greater than 0. The greater the randomness, the greater the approximate entropy of the sequence. Figure 4 shows the curve of the approximate entropy of the sequences generated by the above three systems with the system parameters. The results of Figure 4 show that the LTM system has a positive approximate entropy in the whole parameter range b ∈ [0, 4] with a = 4, and the approximate entropy is greater than those of LM and TM systems when b < 4. It is proven that the sequences generated by the LTM system have higher complexity than those of the LM and TM systems.

The Time-Series Diagram and Cobweb Graph of LTM System
The time-series diagram shows the variation law of time series with discrete time. Figure 5a shows the state values of two time series with an initial condition difference of 0.000001, indicating the strong sensitivity of time series to initial conditions.
The cobweb diagram provides a powerful graphical means for studying the behavior of a dynamic system. It shows the long-term evolution law of system state values with time. Figure 5b shows the cobweb diagram formed by continuous iteration of the LTM system under a = 4, b = 1.3 and x 0 = 0.1. It can be seen from Figure 5b that when a state initial value x 0 is given, as a result, the system experiences an infinite number of non-repetitive chaotic orbits, which further confirms the chaotic behavior of system (4).

NIST Statistical Test Analysis
The NIST statistical test suite (version 2.1.1, National Institute of Standards and Technology, Gaithersburg, MD, USA) was used to evaluate the randomness of the bit sequence that was produced by the proposed system. The suite involves 15 tests which assess the randomness that might occur in a sequence. Each test result is converted to a p-value for judgement, and when applying the NIST test suite a significance level α = 0.01 is chosen for testing. If the p-value ≥ α, then the test sequence is considered to be pseudorandom. Setting 1000 different initial state values of the logistic tent map system (4) and iterating it 1,000,000 times for each initial state value generates 1000 sequences, 1 million bits each. The parameters used in the test are set as: a = 4, b = 0.35. For the first sequence, x 0 = 0.11, and each time a 1,000,000 bits sequence is generated, the initial value of chaotic state variable increases by 0.001. Finally, each real number of state value x of the sequence is transformed into a binary number bx according to the following Algorithm 1:  Table 1 presents the results of NIST statistical test for 1000 sequences generated by the LTM, which indicates that the NIST test is effectively performed: All p-values among 1000 sequences used for testing are evenly distributed in the 10 subintervals, while the pass rate is also acceptable. The average pass rate is 99.01%, with one minimum pass rate of 98.1%. Experimental results show that the sequences generated by the logistic-tent map proposed in this paper have good pseudo randomness. Therefore, the compound chaotic system can be used as a pseudo-random number generator.

The Proposed Image Encryption Scheme
First, in order to distinguish vectors and arrays from ordinary scalar variables easily in reading, some main symbols used in this paper are listed in Table 2. Table 2. Symbol description of variables used in this paper.

Symbol
Meaning

Sequences transformed from chaotic sequences
One-dimensional vector In this section, an image encryption scheme based on the LTM system is proposed. The scheme includes arbitrary T rounds of encryption processing, in which each round of encryption processing combines two kinds of operations, namely permutation and substitution. It realizes the scrambling and replacement processing of the input image simultaneously. The rapidity of the algorithm in this paper mainly comes from taking the whole row (or column) as the unit of operation processing, processing one row or one column instead of processing one pixel at one loop. This avoids dealing with pixels one by one circularly, which greatly reduces the number of loops. A row (or column) is actually a one-dimensional array, so every operation of the algorithm is an integral operation of the array. In this way, the loop of pixels can be avoided (reducing the number of loops is an important idea of this encryption algorithm).

The Encryption Process
Each round of the encryption process consists of the following three stages: (1) generating a modified chaotic sequence; (2) encryption processing row by row; (3) column-bycolumn encryption processing. The following describes the operation algorithm of each stage, respectively.

Generate a Modified Chaotic Sequence
At this stage, the chaotic system (4) is used to generate four modified chaotic sequences: X, Y, I, J. The detailed steps of the algorithm are described by Algorithm 2. Step 1: Iterate the system (4) with x 0 as the initial value for (M + N 0 −1) times to generate a sequence x with the length of (M + N 0 ). In order to improve the sensitivity of the intermediate key to the initial value, the first N 0 values of the sequence are discarded, and the real chaotic sequence x = [x(1), x(2), . . . , x(M)] T with the final length of M is obtained. Iterate the system (4) for (N + N 0 −1) times with y 0 as the initial value, and use the same method to generate the real-valued chaotic sequence y = [y(1), y(2), . . . , y(N)] with the final length of N.
Here, floor(x) is a function of rounding x, and the returned function value is the largest integer less than or equal to x; mod(x, 256) is the remainder obtained by dividing

Row-by-Row Encryption Processing
In the row-by-row encryption processing stage, a row vector S (i) = [S (i) (1), S (i) (2), . . . , S (i) (j), . . . , S (i) (N)] related to the encrypted image content is used (superscript (i) stands for the i-th row). Before entering the row encryption stage (i = 0), the row vector S (i) takes the initial value S (0) . The initial value S (0) (j) of any element in S (0) is equal to k times of the sum of all the elements in the j-th column of the current image P to be encrypted, which can be calculated with the following Equation (10), and the calculation principle can refer to Figure 6a.
where k is a positive integer greater than or equal to 1. By introducing parameter k, the change effect of pixel value P(i, j) can be amplified. When the i-th row of the input image is encrypted, the value of any element S (i) (j) in the vector S (i) is equal to k times of the sum of all elements whose row numbers are greater than i in the j-th column of the currently encrypted image P. The calculation principle of the vector S (i) is schematically shown in Figure 6b and can be expressed by the following Equation (11): Observing the general formula (11) of S (i) , we can get the following relation: That is: From the relation between S (i) and S (i−1) described by Equation (12), we can get a method to increase the speed of calculating the vector S (i) ; that is, it is not necessary to directly calculate the sum of all elements after the i-th row by the cumulative sum method of the Equation (11) for the vector used in each row, but the recursive algorithm can be used instead. Therefore, the j-th element value of the vector S (i) corresponding to the current row (i-th row) can be obtained by subtracting k × P(i, j) from the j-th element value of the vector S (i) corresponding to the previous row (the (i-1)-th row). Only the element values of the initial vector S (0) must be directly calculated by the cumulative sum method of Equation (10). Therefore, the row vector S (i) needed to encrypt the i-th row can be calculated by the following algorithm: S (i) ←S (i−1) − k × P(i, :). Here, P(i, :) represents a one-dimensional array composed of all elements in the i-th row of image P to be encrypted. Therefore, the Equation (12) with elements as operating units can be rewritten as the calculation Equation (13) with an array as operating units: Executing Equation (13) is equivalent to executing Equation (12) for j = 1, 2, . . . , N in turn. In this way, a single row is treated as a single unit, turning an internal N times loop into a single loop. The detailed operational steps of the row encryption phase are described in Algorithm 3 below.
Step 1: Call Algorithm 2 to generate four modified chaotic sequences: X, Y, I, J.
Step 2: Construct a row vector consisting of N identical constants C 0 : c = [C 0 , C 0 , . . . ], and pre-allocate the storage space of M × N elements for the future encrypted image C.
Equation (15) completes the encryption processing of the i-th row P(i,:) and gets the pixel sequence C(I(i), :) of the I(i)-th row of the encrypted image. It can be seen that the i-th row of the image P is arranged to the I(i)-th row of the encrypted image C, where the position transformation occurs, that is, the scrambling effect of the position is produced. In addition, the pixel value of the I(i)-th row of the encrypted image C is different from the pixel value of the i-th row of the image P, that is, the substitution effect of pixel value is produced. Therefore, Equation (15) achieves both image row scrambling and pixel value substitution encryption. c = C(I(i), :).
Equation (16) updates the value of row vector c to the currently encrypted image row C(I(i), :) in preparation for generating the intermediate key sequence g of the next row. Thus, it can be seen that the intermediate key sequence g used in the encryption of the (i + 1)-th row of image P is related to the ciphertext row C(I(i), :). This mechanism brings two advantages. First, it can produce the effect of diffusion, which makes the ciphertext sensitive to the change of plaintext (if only one pixel in the plaintext image P changes slightly, almost all pixels in the ciphertext image C will change); that is, the ciphertext is sensitive to plaintext, which can improve the ability of the algorithm to resist differential cryptanalysis. Secondly, the intermediate key sequence g is related to the image content, which allows the algorithm to resist the chosen-plaintext attack.
In order to describe the scrambling and substitution process of row-by-row encryption more intuitively, a simple example of an image with size of M = 2 rows and N = 4 columns is given in Figure 7. In Figure 7a, as the index vector I = [3, 1, 2] of the obtained row scrambling position, the row 1 of the image P is moved to the row I(1) of C, namely the row 3. Row 2 of P is moved to row I(2) of C, which is row 1; Row 3 of P is moved to row I(3) of C, which is row 2.

Column-by-Column Encryption Processing
In the stage of column-by-column encryption, another S vector related to the encrypted image content is also used, but this vector is a column vector S = [S(1), S(2), . . . , S(i), . . . , S(M)] T . The initial value of any element S(i) in this vector is equal to k times of the sum of all the elements in the i-th row, and its calculation principle is the same as that described in Figure 6a. However, the sum is implemented for each row, which can be expressed by the following Equation (17) (compared with Equation (10)): When encrypting the j-th column (1 ≤ j<N) of the input image, the value of any element S (j) (i) in the vector S (j) is equal to k times of the sum of all elements with column numbers greater than j in the i-th row, and its calculation principle is similar to that described in Figure 6b, but the sum is implemented for each row, which can be expressed by the following Equation (18) (compared with Equation (11)): When the last column (j = N) of the input image is encrypted, the values of all elements in the vector S (j) will be 0, that is, S (j) = [0, 0, . . . , 0].
From Equation (18), the following relational expression (19) can be deduced: From the relation between S (j) and S (j−1) described by Equation (19), we can get a method to increase the speed of calculating the vector S (j) ; that is, it is not necessary to directly calculate the sum of all elements after the j-th column by the cumulative sum method of Equation (18) for the vector S (j−1) used in each column, but the following recursive algorithm can be used instead. Therefore, the i-th element value of the vector S (j) corresponding to the current column (j-th column) can be obtained by subtracting k × P(i, j) from the i-th element value of the vector S (j−1) corresponding to the previous column (the (j-1)-th column). Only the element values of the initial vector S (0) must be directly calculated by the cumulative sum method of Equation (17). Therefore, the column vector S (j) needed to encrypt the j-th column can be calculated by the following algorithm: S (j) ←S (j−1) -k × P(:, j). Here, P(:, j), represents a one-dimensional array composed of all elements in the j-th column of image P to be encrypted. Therefore, the Equation (19) with elements as operating units can be rewritten as the calculation of Equation (20) with an array as operating units: Executing Equation (20) is equivalent to executing Equation (19) for i = 1, 2, . . . , M in turn. In this way, a single column is treated as a single unit, turning an internal M times loop into a single loop.
The detailed operational steps of the column encryption phase are described in Algorithm 4 below. Step 1: Call Algorithm 2 to generate four modified chaotic sequences: X, Y, I, J.
Step 2: Construct a column vector consisting of M identical constants C 0 : c = [C 0 , C 0 , . . . ] T and pre-allocate the storage space of M×N elements for the future encrypted image C.
Step 3: Get the initial column vector S = k × [S(1), S(2), . . . , S(i), . . . , S(M)] according to Equation (17), where S(i) is the sum of all pixel values in the i-th row in the image P.
Step 4: Sequentially execute the operations described by Equations (20) to (23) for j = 1, 2, . . . , N, respectively, and complete the encryption of the j-th column: Equation (20) Equation (22) completes the encryption processing of the j-th column P(:, j), and gets the pixel sequence C(:, J(j)) of the J(j)-th column of the encrypted image. It can be seen that the j-th column of the image P is arranged to the J(j)-th column of the encrypted image C, where the position transformation occurs; that is, the scrambling effect of the position is produced. In addition, the pixel value of the J(j)-th column of the encrypted image C is different from the pixel value of the j-th column of the image P; that is, the substitution effect of pixel value is produced. Therefore, Equation (22) achieves both image column scrambling and pixel value substitution encryption. c = C(:, J(j)).
Equation (23) updates the value of column vector c to the currently encrypted image column C(:, J(j)) in preparation for generating the intermediate key sequence h of the next column. Thus, it can be seen that the intermediate key sequence h used in the encryption of the (j + 1)-th column of image P is related to the J(j)-th column of ciphertext. Similar to row-by-row encryption, there are two effects at the same time: One is to move the column (the pixels in column j of the image P are moved to column J(j) of the encrypted image C) to produce the column scrambling effect; in addition, the intermediate key h is associated with the image content, which can make the algorithm have the ability to resist the chosen-plaintext attack. Figure 7b shows the process of column-by-column encryption.
After completing the above three processing stages, the input image undergoes a complete encryption round. In order to improve the security, multiple rounds of encryption can be repeated; that is, a total encryption round number parameter T is set in advance according to the needs, and before the above algorithms 2, 3 and 4 are called, the number of rounds counting variable r is initialized to 1. Then call the above algorithms 1, 2 and 3. After a certain round of encryption is completed, update the variable value of rounds counting variable r (increase it by 1): r = r + 1. If r < =T, take the currently obtained ciphertext matrix C as a new round of input image P to assign the current C matrix to P: P←C. Then repeat the above algorithms 2, 3 and 4 until the number of encryption rounds reaches T. The final output C matrix is the final ciphertext image. The larger the number of encryption rounds T, the more difficult it is to decipher the ciphertext and the higher the security, but the more time it takes to encrypt the image P. Therefore, the value of the T parameter should be determined according to actual demand.

Decryption Process
The decryption process is the reverse operation of the encryption process. Each round of decryption also includes three stages of operation, but the order of processing the three stages is: (1) generate the transformed chaotic sequence; (2) column-by-column decryption processing; (3) decrypt row by row.

Generate a Modified Chaotic Sequence
In this stage, four modified chaotic sequences X, Y, I and J are generated by chaotic system (4). The detailed steps of the algorithm are the same as Algorithm 2, except that the number of rows M and columns N of the image should be obtained according to the image C to be decrypted.

Column-by-Column Decryption Processing
The detailed operation steps of the column decryption phase are described by the following Algorithm 5. Step 1: Call Algorithm 2 to generate four modified chaotic sequences: X, Y, I, J.
Step 2: Initialize a column vector of length M: S = [0, 0, . . . , 0] T , and pre-allocate the storage space of M×N elements for the future decrypted image P.
Step 3: Processing is carried out from the last column to the second column; that is, for j = N, N-1, . . . ,2, respectively, the decryption operation for the j-th column expressed by Equations (23), (21), (24) and (25) Note that decryption Equation (24) is the inverse operation of encryption Equation (22), while Equation (25) is the inverse operation of Equation (20).

Row-by-Row Decryption Processing
The detailed operation steps of the row decryption phase are described by the following Algorithm 6. Step 1: Call Algorithm 2 to generate four modified chaotic sequences: X, Y, I, J.
Step 2: Initialize a row vector of length N: S = [0, 0, . . . , 0], and pre-allocate the storage space of M×N elements for the future decrypted image P.

Experimental Test and Security Analysis
In this section, several classic test images are used for encryption experiments, and the performance of this encryption scheme is proved by the experimental test results. The experiment was completed on a PC equipped with Intel Core i7-9700 @ 3.00GHz processor, 16 GB RAM and MATLAB 2021a. The classic test images were from the image data set of USC-SIPI (https://ccia.ugr.es/cvg/dbimagenes/ (which can be accessed on 24 November 2021)). The key parameters used in the experiment were a = 4; b = 1.9; x 0 = 0.23; y 0 = 0.93; N 0 = 57. Other parameters were set as: C 0 = 73, m = 6, k = 5, T = 1.

Histogram Analysis
Image histogram describes the distribution frequency of gray values at all levels of the image. It visually shows whether the distribution number of pixel values of an image is uniform. Generally, the histogram distribution of meaningful images is uneven. However, the histogram of a good encrypted image should be flat and uniform so that attackers cannot obtain any useful information from the histogram of encrypted images. Figure 8 shows histograms of three test images and their corresponding encrypted images. It can be seen that the histograms of encrypted images are flat and evenly distributed.

Correlation Analysis of Adjacent Pixels
The adjacent pixel values of meaningful plaintext images are usually highly correlated, so the correlation coefficient is close to 1. This strong correlation must be broken in the encryption process in order to destroy the relationship between the plaintext image and the encrypted image. The calculation equation of correlation coefficient r xy is expressed by Equations (30)- (33): cov(x, y) = 1 N xy We calculated the correlation coefficients between all adjacent pixel pairs in the horizontal, vertical and diagonal directions of a size of 256 × 256 gray image Lena and its ciphertext image. The results are listed in Table 3.
From Table 3, it can be seen that the correlation coefficient of the original plaintext image is very close to 1, but the correlation coefficient of the encrypted image is very close to 0. Table 3 also lists the correlation coefficient results of the Lena image encrypted in several recently published algorithms. In contrast, our algorithm has certain advantages.    [33] −0.0016 0.0043 −0.0026 Cipher image [34] −0.0017 −0.0084 −0.0019 Cipher image [35] 0.0010 −0.0009 0.0009 Cipher image [36] −0.0086 −0.1020 0.0125

Information Entropy Analysis
Shannon information entropy is widely used to measure the randomness of distribution of a given information m. In image encryption, researchers use information entropy to quantify the information uncertainty in encrypted images. Shannon information entropy is calculated as follows: When Equation (34) is used to calculate the image information entropy, m i represents the i-th gray value of L-level gray image (the gray level number of a common 8-bit gray image is L = 256), and P(m i ) represents the probability of occurrence of the i-th gray value. For ideal noise images with completely equal probability and random distribution of pixel values, the probability of occurrence of each gray level should be equal, that is, the P(m i ) are all constant 1/L = 1/256. By substituting this result into Equation (34), the ideal information entropy of 256 gray level images can be calculated as eight. If the information entropy of the encrypted image is closer to eight, it means that the more uniform its gray distribution is, the closer it is to the randomly distributed noise image and the more difficult it is to crack it. The information entropy values of several images encrypted by this algorithm are shown in Table 4. It can be seen from Table 4 that the information entropy of the encrypted image obtained by this algorithm is much larger than that of the original plaintext image. Moreover, in most cases, the information entropy of the ciphertext image obtained by this algorithm is higher than that of the algorithm in references, which shows that this algorithm has certain advantages.

Sensitivity Analysis
(1) Sensitivity to plaintext The robustness of encrypted images against chosen plaintext attacks and differential cryptanalysis is usually measured by the number of pixels change rate (NPCR) and the unified average change intensity (UACI) of pixel values. These metrics quantify the gap between encrypted images obtained from plaintext images and ciphertext images obtained from slightly modified plaintext images. NPCR and UACI are defined as follows: where C(I, j) represents the pixel value of the ciphertext image obtained from the original plaintext image at coordinates (i, j), where it represents the pixel value of the ciphertext image obtained by encrypting after changing the lowest bit of a pixel of the original plaintext image at coordinates (i, j); M and N represent the height and width of the image, respectively. The definition of D(i, j) is as follows: if C(i, j) = C'(i, j), then D(i, j) = 1, otherwise, D(i, j) = 0. NPCR = 99.6094% and UACI = 33.4635% are the ideal expectations [13]. The larger the values of NPCR and UACI, the greater the difference between ciphertext images obtained from two plaintext images with slight difference, and the more sensitive (better) the algorithm is to plaintext. In this experiment, first a plaintext image is encrypted for one round and the ciphertext image is recorded as C; then a pixel is randomly selected from the original image and is changed significantly, then the modified image is encrypted to obtain the ciphertext image C' and 100 experiments are conducted. Finally, calculate the NPCR and UACI values between C and each C'. The average values of NPCR and UACI of 100 experiments are shown in Tables 5 and 6, respectively. (2) Sensitivity to secret key Key sensitivity is also one of the most basic security features of any cryptographic algorithm. On the one hand, the distribution of pixel values of encrypted images should sensitively change with the change of encryption keys, therefore, tiny differences in encryption keys must generate completely different password images. We encrypted a pair of the same plaintext images with randomly selected keys and slightly modified keys, and then tested the NPCR value between the two ciphertext images. The result showed that the NPCR value is very close to 99.61%, which indicates that the encryption process is sensitive to the key. On the other hand, the decryption of the ciphertext image must not use a slightly different key. Figure 9 shows the images decrypted with the correct key and the wrong keys which slightly deviated from the correct key, respectively. The results show that even if the decryption key is slightly different from the correct key, the original image cannot be restored, indicating that the decryption process is sensitive to keys. Therefore, the new cryptographic scheme proposed in this paper is sensitive to the key in the process of encryption and decryption.

Key Space Analysis
The key parameters of the proposed algorithm are {a, b, x 0 , y 0 , N 0 }. Among them, {a, b, x 0 , y 0 } are double-precision real numbers and they can have 15 decimal digits, so each double-precision real number parameter has 10 15 possible values. N 0 is an integer between [1, 1000], and there are 10 3 values. Therefore, there are 10 15 × 10 15 × 10 15 × 10 15 × 10 3 ≈ 2 209 key combinations. At present, the key space is greater than or equal to 2 100 , which can effectively resist violent attacks [37]. Therefore, the key space of this algorithm is large enough to effectively resist violent and exhaustive attacks.

Encryption Speed Test
In the proposed algorithm, there are M loops for row-by-row encryption and N loops for column-by-column encryption, which are two parallel loops, so the total number of loops is (M + N) and the time complexity of the algorithm is roughly expressed as O(M + N). The common image encryption algorithm takes a single pixel as the processing unit, so the number of loops of the algorithm is equal to the number of pixels, that is, (M × N) times, so the time complexity is O(M × N). The average time (average of 100 encryption experiments) spent by the proposed algorithm in one round of encryption is shown in the last column of Table 7 (unit: millisecond). Compared with other algorithms reported in the literature, this algorithm has obvious advantages in encryption speed.

Conclusions
In this paper, a new one-dimensional compound chaotic map system was proposed. The system is composed of a logistic map and tent map. It has very wide range of chaotic parameters and strong chaotic behavior. It is very suitable for real-time image encryption based on chaos. Using some common tools in chaos theory, we analyzed the performance of the map. The results showed that the proposed map has good chaotic performance and strong chaotic behavior over a large range of parameter values. Furthermore, we designed a fast image encryption scheme with high security based on the new chaotic map. In this encryption scheme, the two processes of permutation and substitution are effectively combined to be realized simultaneously. The combination of these two phases makes the scheme faster and more secure than the traditional encryption structure, which handles permutation and substitution separately. Moreover, each loop of the encryption process takes one row or one column of an image as the processing unit rather than a single pixel as the processing unit, which greatly reduces the loop times of the algorithm, thus significantly improving the encryption speed. Simulation and experimental results show that the proposed image encryption scheme meets all the requirements of realtime applications.

Conflicts of Interest:
The authors declare no conflict of interest.