Image Encryption Algorithm Based on Plane-Level Image Filtering and Discrete Logarithmic Transform

: Image encryption is an effective way to protect image data. However, existing image encryption algorithms are still unable to strike a good balance between security and efﬁciency. To overcome the shortcomings of these algorithms, an image encryption algorithm based on plane-level image ﬁltering and discrete logarithmic transformation (IEA-IF-DLT) is proposed. By utilizing the hash value more rationally, our proposed IEA-IF-DLT avoids the overhead caused by repeated generations of chaotic sequences and further improves the encryption efﬁciency through plane-level and three-dimensional (3D) encryption operations. Aiming at the problem that common modular addition and XOR operations are subject to differential attacks, IEA-IF-DLT additionally includes discrete logarithmic transformation to boost security. In IEA-IF-DLT, the plain image is ﬁrst transformed into a 3D image, and then three rounds of plane-level permutation, plane-level pixel ﬁltering, and 3D chaotic image superposition are performed. Next, after a discrete logarithmic transformation, a random pixel swapping is conducted to obtain the cipher image. To demonstrate the superiority of IEA-IF-DLT, we compared it with some state-of-the-art algorithms. The test and analysis results show that IEA-IF-DLT not only has better security performance, but also exhibits signiﬁcant efﬁciency advantages.


Introduction
Due to the rapid rise and popularization of information technology, a huge amount of digital information is generated every second in the world today and spread through various channels.Among these different formats of digital information, digital images are especially widely used because they can convey information concisely and vividly.However, for reasons such as privacy protection, commercial security, and military security, it is desirable to provide these disseminated images with effective protection against unauthorized access [1][2][3][4].Because of this, how to provide more secure and efficient protection for digital images has been the focus of researchers in recent years [5][6][7][8].Among several protection methods, image encryption is increasingly preferred as a straightforward and effective one.After being processed by image encryption, digital images will become unrecognizable cipher images, similar to noise images.Without the correct secret key, unauthorized users cannot obtain useful information from these noise-like images.On the other hand, these unrecognizable cipher images can be decrypted into useful normal images when the correct secret key is applied.It is worth noting that digital images have many characteristics different from text data, such as high information redundancy and strong correlation between adjacent pixels.This makes traditional encryption algorithms, including Data Encryption Standard (DES), Advanced Encryption Standard (AES), and Internationale Data Encrypt Algorithm (IDEA), not well suited to the encryption of digital images [9][10][11].Therefore, in order to securely and effectively safeguard digital images, researchers are increasingly using new technologies and methodologies to design image encryption algorithms, such as chaotic systems [7,12,13], DNA computing [14][15][16], quantum computing [11,17,18], and compressed sensing [19][20][21].
Chaotic systems have many properties that conform to the design principles of cryptosystems, such as initial value sensitivity, ergodicity, and unpredictability.Many image encryption algorithms based on chaotic systems are proposed every year [1,3,5].Through the coupling of logistic and tent maps, Hua et al. [22] constructed a two-dimensional (2D) map with excellent chaotic performance and further proposed a novel color image encryption algorithm based on this 2D map.In [23], after introducing two new onedimensional (1D) chaotic systems, Wang et al. presented an image encryption algorithm employing dynamic row permutation and Zigzag transformation.Based on a chaotic map, Bezerra et al. [24] suggested an image encryption algorithm using a permutation and diffusion structure.In [25], exploiting a circular bit-level scrambling method, Diaconu presented a chaotic image encryption algorithm.Based on a hybrid model of DNA computing, chaotic systems, and hash functions, Zefreh [26] designed an image encryption algorithm that mainly includes two steps of DNA-level permutation and DNA-level diffusion.Benefiting from the unique characteristics of chaotic systems and the excellent randomness of the chaotic sequences generated by them, existing image encryption algorithms based on chaotic systems have demonstrated good encryption effects.To the best of our knowledge, there are no cases where these algorithms have been successfully broken by ciphertext-only attacks.However, based on our cryptanalysis research [27][28][29][30][31] and the work done by other researchers [3,5,32,33], we found that existing image encryption algorithms still have the following shortcomings.
(1) The secret key design of some algorithms is not reasonable, resulting in the need to change the secret key every time a different image is encrypted.Such a design is not practical when there are a large number of images to be encrypted.(2) Inappropriate use of the plain image hash value.This makes it necessary to repeatedly generate chaotic sequences when encrypting different images.(3) Some algorithms only make simple use of modular addition or XOR operations, making them vulnerable to differential attacks.(4) Bit-level or pixel-by-pixel encryption operations make some algorithms inefficient at encrypting images.
In this research, to address the shortcomings of existing algorithms, we propose an image encryption algorithm based on plane-level image filtering and discrete logarithmic transform (IEA-IF-DLT).The following is a summary of the novelties and contributions of our proposed algorithm.
(1) A standardized and reasonable secret key design is adopted, and there is no need to change the secret key when encrypting different images.
(2) The hash value is used to truncate chaotic sequences and to determine the generator of the finite multiplicative group Z * 257 .This allows the chaotic sequences to be generated in advance and reused once the secret key is determined.
(3) A discrete logarithmic transformation based on Z * 257 is employed, thereby rendering common differential attack strategies ineffective.(4) The plane-level permutation, plane-level image filtering, and three-dimensional (3D) chaotic image superposition make the encryption efficiency extremely high while ensuring security.(5) The random pixel swapping performed at the end makes it impossible for attackers to isolate the diffusion operation through special plain images.
The rest of this paper is structured as follows.In Section 2, the chaotic systems, SHA-256 hash value, and discrete logarithm are introduced.In Section 3, our proposed IEA-IF-DLT is described in detail.In Section 4, simulation tests and related analyses are presented to verify the superiority of IEA-IF-DLT.In the last section, we conclude the work done in this paper.

Preliminaries
In our proposed IEA-IF-DLT, two chaotic systems are exploited to generate chaotic sequences, the SHA-256 hash function is employed to improve the plain image sensitivity of IEA-IF-DLT, and the discrete logarithm is utilized to enhance the non-linearity of the encryption process, thereby improving the security of the entire algorithm.

Chaotic Systems
In the related research of image encryption, compared with low-dimensional chaotic systems, high-dimensional chaotic systems have more complex dynamics, so it is favored by many researchers.In IEA-IF-DLT, we leverage the 4D hyper-chaotic Chen system introduced in [34].Mathematically, this 4D hyper-chaotic system can be defined as follows.
In addition to high-dimensional continuous chaotic systems, the study of discrete chaotic maps has also attracted the attention of many researchers [22,35,36].In [22], to overcome the shortcomings of existing chaotic maps, Hua et al. proposed a two-dimensional logistic tent modular map (2D-LTMM).This newly reported chaotic map has a wide and continuous chaotic range and more evenly distributed trajectories, making it ideal for image encryption.Specifically, the 2D-LTMM has the following mathematical definition.
where x i and y i are the outputs of the i-th iteration as well as the inputs of the (i + 1)-th iteration, while r 1 and r 2 are the control parameters of 2D-LTMM.When r 1 , r 2 ∈ [1, 100], the 2D-LTMM is in a hyperchaotic state.

SHA-256 Hash Value
The SHA-256 hash function was released by the National Institute of Standards and Technology (NIST) in 2001.Due to its outstanding performance, SHA-256 is now widely used in numerous fields, such as blockchain.For any input message with a length of less than 2 64 − 1 bits, SHA-256 can generate a hash value with a fixed length of 256 bits.Furthermore, SHA-256 is extremely sensitive to input-even a single bit change in the input message can drastically alter the hash value generated.Because of its remarkable input sensitivity, many image encryption algorithms incorporate SHA-256 to boost their plain image sensitivity [23,24,37,38].However, it is worth mentioning that these algorithms employ the plain image hash value in an unreasonable way, either directly as a secret key or to produce the parameters of chaotic systems.Both of these pose a practical problem; that is, when there are a large number of images to be encrypted, users must constantly change secret keys or iterate the chaotic systems constantly to obtain the desired key streams.As a result, in our suggested IEA-IF-DLT, we improve the method of utilizing the plain image hash value.Specifically, for the the plain image P of size M × N, the hash value of P is first split into 32 bytes, which are h 1 , h 2 , . . ., h 32 .Then, two parameters to be used in the encryption process are generated, (3)

Discrete Logarithm
For a prime integer p, under the modulo-p multiplication operation, we can construct the modulo-p multiplicative group Z * p = {1, 2, . . ., p − 1}.Furthermore, discrete logarithms can be defined over Z * p .If a = g b mod p holds, where g is a generator of Z * p , then b is referred to as the discrete logarithm of a, denoted by b = log g a mod p [14,39].Considering the characteristics of image encryption, in our proposed IEA-IF-DLT, we adopt the discrete logarithmic operation based on the finite multiplicative group Z * 257 .In contrast to the modular addition and XOR operations widely used in existing image encryption algorithms, the discrete logarithmic operation is a sort of non-linear operation.Therefore, applying the discrete logarithmic operation to image encryption can make the mathematical relationship between plain pixels and cipher pixels more complicated, thus making common differential attack strategies ineffective.Since the solution of discrete logarithms is a complex mathematical problem, directly performing discrete logarithmic operations in IEA-IF-DLT will undoubtedly reduce its encryption efficiency.To solve this problem, we calculate all the discrete logarithms of each a ∈ Z * 257 under different generators in advance and then store them in the 2D matrix Θ of size 128 × 256.In this way, the IEA-IF-DLT can retrieve the results of discrete logarithmic operations immediately by accessing the matrix Θ, rather than actually doing the complex discrete logarithmic calculations.In the matrix Θ, the row index represents the generator under which the discrete logarithm is calculated, and the column index represents the operand whose discrete logarithm needs to be calculated.The relationship between row indices and generators can be seen in Table 1.

Proposed Encryption Algorithm
As stated in Section 1, to address some shortcomings in some current image encryption algorithms, we suggest an image encryption algorithm called IEA-IF-DLT.The essential components of our suggested IEA-IF-DLT are following encryption steps: determination of three dimensions, generation of chaotic sequences, plane-level permutation, plane-level image filtering, 3D chaotic image superposition, discrete logarithmic transformation, and random pixel swapping, as illustrated in Figure 2. To enhance security and maximize the efficiency advantage of plane-level operations, among them, plane-level permutation, plane-level image filtering, and 3D chaotic image superposition are iterated for three rounds in different forms.Below, we go into depth about each encryption step.

Determination of Three Dimensions
To begin, we need to change the representation of the plain image P from 2D to 3D.For the 2D image P of size M × N, the following steps are devised to transform it into the intermediate cipher image C (1) in 3D form.

•
Step 1: Determine the total number t (P) of the pixels in P. If t (P) is not a power of 2 or less than 8, fill P with the pixels whose values are zeros, until t (P) is a power of 2 and not less than 8. Otherwise, go to the next step.

•
Step 2: According to t (P) , calculate where • represents the round down operation on an operand.

•
Step 6: Reshape P into C (1) with the size of d (1) × d (2) × d (3) .Following the steps above, for a test image of size 256 × 256, it will be transformed into the 3D form of size 32 × 32 × 64.Similarly, two other common sizes, 512 × 512 and 1024 × 1024, will be transformed into 64 × 64 × 64 and 64 × 64 × 256, respectively.Please keep in mind that, for the sake of clarity and convenience, this paper solely covers the case where the plain image is not padded.In other words, it is assumed that

Generation of Chaotic Sequences
As described in Section 2.1, our proposed IEA-IF-DLT leverages chaotic sequences to encrypt the plain image, and these chaotic sequences are generated by the hyper-chaotic Chen system and 2D-LTMM.Firstly, according to Equations ( 18) and ( 19), the secret key K is converted into the initial state values and control parameters of the two chaotic system.

Plane-Level Permutation
When compared to pixel-by-pixel permutation methods, vector-level permutation methods can improve encryption efficiency while maintaining the effect of confusion [40,41].As shown in Figure 2, in order to quickly scramble the pixels in the intermediate cipher image C (1) , our proposed IEA-IF-DLT performs three rounds of plane-level permutation operations from the x-axis, y-axis, and z-axis directions, respectively.More specifically, in the plane-level permutation along the x-axis, IEA-IF-DLT first sorts the chaotic sequence Ŝ(1) to obtain the index vector I (x) .Then, according to I (x) , the y-z planes of C (1) are scrambled along the x-axis.Figure 3 presents a simple example of the plane-level permutation along the x-axis.In this example, Ŝ(1) = (0.6159, 0.9368, 0.5642, 0.9024, 0.4267, 0.9943, 0.5774, 0.5756) is first sorted in ascending order to obtain I (x) = (5, 3, 8, 7, 1, 4, 2, 6), then the eight y-z planes of C (1) are scrambled along the x-axis according to I (x) .Obviously, scrambling the y-z planes can only change the relative positional relationship between pixels in the x-axis direction, but cannot change the relative positional relationship between pixels in each y-z plane.Consequently, after scrambling the y-z planes along the x-axis, our proposed IEA-IF-DLT then similarly scrambles the x-z planes and x-y planes in turn.The difference is that when scrambling the x-z planes along the y-axis, IEA-IF-DLT uses the sorting result of Ŝ(4) for permutation, and when scrambling the x-y planes, the sorting result of Ŝ( 7) is utilized.

Plane-Level Image Filtering
Image filtering is a popular image processing technique that is commonly used in applications such as image smoothing, noise removal, and edge detection.Because traditional image filtering is irreversible, it cannot be applied directly to image encryption.However, with appropriate adjustments, some researchers have applied it to the diffusion operation of image encryption [42,43].Different from the classic pixel diffusion method, image filtering can simultaneously diffuse multiple pixels to the current pixel in the form of convolution.Figure 4 shows the basic principle of pixel-level image filtering.In this simple example, it is the pixel p 9 that currently needs to be filtered.Pixel-level image filtering utilizes a filter mask of size 3 × 3 to diffuse adjacent pixels p 1 , p 2 , p 3 , p 4 , p 5 , p 6 , p 7 , p 8 to p 9 , so as to obtain where k 1 , k 2 , k 3 , k 4 , k 5 , k 6 , k 7 , and k 8 are the convolution coefficients of the filter mask.Likewise, in the reverse image filtering operation, one can restore c 9 to p 9 with the filter mask.
As can be seen, although the diffusion effect of pixel-level image filtering is relatively better, it is still a pixel-by-pixel diffusion method.Therefore, to further improve the efficiency of diffusion process, a novel plane-level image filtering method is devised in our proposed IEA-IF-DLT. Figure 5 presents an example of plane-level image filtering along the z-axis.In the demonstrated example, it is the x-y plane P(:, :, 5) that currently needs to be filtered.Plane-level image filtering exploits a filter mask of size 1 × 5 to diffuse adjacent planes P(:, :, 1), P(:, :, 2), P(:, :, 3), P(:, :, 4) to P(:, :, 5), so as to obtain C(:, :, 5) = 4 ∑ i=1 k i ×P(:, :, i) + 1 × P(:, :, 5) mod 256, (14) where k 1 , k 2 , k 3 , and k 4 are the convolution coefficients of the filter mask.Similarly, utilizing the same filter mask, one can restore C(:, :, 5) to P(:, :, 5) in the reverse image filtering operation.Actually, in order to further enhance the sufficiency of pixel diffusion and thus ensure the plain image sensitivity of IEA-IF-DLT, we arranged three rounds of plane-level image filtering operations in IEA-IF-DLT, as shown in Figure 2.Among them, the first round of plane-level image filtering is to filter the x-y planes along the z-axis, and the used convolution coefficients come from the chaotic sequence Ŝ(2) .Next, the second round of plane-level image filtering is a filtering operation on the x-z planes along the y-axis, adopting the convolution coefficients from the chaotic sequence Ŝ(5) .Finally, the third round of plane-level image filtering processes the y-z planes along the x-axis, and adopts the convolution coefficients from the chaotic sequence Ŝ(8) .

3D Chaotic Image Superposition
The randomness of chaotic sequences is exceedingly high.By superimposing chaotic pixels in the form of modular addition or XOR operations, image encryption algorithms can improve their security by increasing the randomness of cipher images and masking the statistical properties of plain images.As a result, many recent image encryption algorithms employ modular addition or XOR operations to superimpose chaotic pixels during the diffusion phase.However, there are two disadvantages to this methodology.First, pixelby-pixel superimposing reduces the efficiency of the encryption process.Second, the single superimposing method is easily exploited by attackers, which leads to many image encryption algorithms being broken by them through chosen-plaintext attacks.To address these shortcomings, as illustrated in Figure 6, our proposed IEA-IF-DLT leverages three rounds of 3D chaotic image superposition.In the first round of 3D chaotic image superposition, the chaotic sequence Ŝ(3) is reshaped into a 3D chaotic image, which is then superimposed on the intermediate cipher image created by plane-level image filtering in the manner of modular addition operation.In the second round of 3D chaotic image superposition, the chaotic sequence Ŝ( 6) is utilized to obtain a 3D chaotic image, and the chaotic image is superimposed on the intermediate cipher image in the form of XOR operation.The last round of 3D chaotic image superposition uses the chaotic sequence Ŝ(9) to generate a 3D chaotic image, and then superimposes it in the form of modular addition operation.Because the three rounds of chaotic image superposition employ two distinct operations, the mathematical relationship between plain and cipher pixels can be more convoluted, thereby effectively resisting common plaintext attack methodologies.

Discrete Logarithmic Transformation
The discrete logarithm operation is a complex nonlinear operation that differs from the common modular addition and XOR operations used in some image encryption algorithms.To further improve the security of our proposed IEA-IF-DLT, we perform a discrete logarithmic transformation on the intermediate cipher image C(1) obtained after three rounds of plane-level permutation, plane-level image filtering, and 3D chaotic image superposition.The infinite multiplicative group Z * 257 , as mentioned in Section 2.3, contains up to 128 generators that can be exploited, and the discrete logarithms of the same value under different generators are significantly different.Table 2 provides the discrete logarithms of 9 under various generators.It is clear that when the generator differs, the discrete logarithm of 9 differs.Consequently, we must first identify the generator of the discrete logarithm operation before applying the discrete logarithmic transformation.In IEA-IF-DLT, the generator g can be determined in the manner described below.
where H (1) and H (2) are parameters linked to the hash value of the plain image, as established in Section 2.2, while Ŝ(2) , Ŝ(3) , Ŝ(5) , Ŝ(6) are the chaotic sequences given in Section 3.1.Since g is associated with both the hash value and the chaotic sequences, this design can improve not only the plain image sensitivity of IEA-IF-DLT but also its key sensitivity.Next, we can perform the discrete logarithmic transformation on the intermediate cipher image C(1) of size d (1) × d (2) × d (3) as follows.It is worth noting that Θ is the 2D matrix of size 128 × 256 that contains all the discrete logarithms of each a ∈ Z * 257 under different generators.The definition and usage of Θ is given in Section 2.3.

•
Step 2: Set the index i (x) of the first dimension to 1.

•
Step 3: Set the index i (y) of the second dimension to 1.

Random Pixel Swapping
According to prior studies on cryptanalysis, the majority of chosen-plaintext attack algorithms initiate the attack by using the special plain images of single pixel values [31,44,45].Because encryption steps that alter pixel positions, such as permutation operations, are ineffective for such special plain images, attackers can effectively isolate the diffusion operation, thereby establishing the groundwork for further differential analysis [30,46].Therefore, to avoid this, an encryption step called random pixel swapping is added to the end of our proposed IEA-IF-DLT.In random pixel swapping, the pixels of the intermediate cipher image generated by the discrete logarithmetic transform are randomly repositioned once more.In this way, the attackers' strategy of conducting differential attacks by exploiting the special plain images of single pixel values is rendered ineffective.
One straightforward instance of random pixel swapping is shown in Figure 7.In this example, the size of the 3D intermediate cipher image that requires random pixel swapping is 2 × 2 × 4. Firstly, the 3D image is converted into a 2D intermediate cipher image of size 4 × 4. Next, the 1D chaotic sequence of 1 × 16 is also converted into a 2D chaotic matrix of size 4 × 4, which is exactly the same size as the intermediate cipher image to be processed.In a one-to-one correspondence, each chaotic matrix element controls the swapping operation of the intermediate cipher pixel with the same coordinate.That is, the first chaotic matrix element is in charge of the first intermediate cipher pixel, the second chaotic matrix element is in charge of the second intermediate cipher pixel, and so on.For instance, the intermediate cipher pixel with a pixel value of 196 at (1,1) is controlled by the chaotic matrix element at (1,1) with a value of 14.Finally, each chaotic matrix element is turned into a 2D coordinate, and the corresponding intermediate cipher pixel is swapped based on this coordinate.Since the elements of the chaotic matrix are random, the generated 2D coordinates are also random.In this example, the first chaotic matrix element is turned into the coordinate (4,2), hence the first intermediate cipher pixel is swapped with the pixel at (4,2) with a value of 111.Likewise, the second chaotic matrix element is turned into the coordinate (3,4), and the second intermediate cipher pixel is swapped with the pixel with a value of 14 according to this coordinate.More specifically, in our proposed IEA-IF-DLT, the random pixel swapping is performed as follows. • Step 1: The 3D intermediate cipher image C(2) of size d (1) × d (2) × d (3) is reshaped into the 2D final cipher image C of size M × N.
where Υ (r) holds the row numbers of the coordinates, and Υ (c) holds the column numbers of the coordinates.

•
Step 4: Set the row index i (r) to 1.

•
Step 5: Set the column index i (c) to 1.
Please note that, since our proposed IEA-IF-DLT is an image encryption algorithm with a symmetric structure, its decryption process is the inverse of the encryption process.For the sake of brevity, the description of decryption procedure is not repeated in this study.

Discussion
Because of the good randomness of chaotic sequences, most image encryption algorithms can ensure that the cipher images have good randomness.However, the main reason why many image encryption algorithms are cracked is that they cannot effectively resist differential attacks, especially chosen-plaintext attacks.Therefore, we have designed the following measures to ensure the security of our proposed IEA-IF-DLT.
(1) The hash value of the plain image is used to truncate the chaotic sequences and determine the generator of the finite multiplicative group, which makes the equivalent key stream depend not only on the secret key but also on the plain image, thus helping to resist plaintext attacks.(2) Three rounds of plane-level permutation, plane-level image filtering, and 3D chaotic image superposition can realize good confusion and diffusion properties.(3) IEA-IF-DLT alternately uses modular addition and XOR operations to superimpose chaotic images, and the mathematical relationship between plain and cipher pixels becomes more complex, which helps to resist common plaintext attacks.(4) The discrete logarithmic operation is a complex nonlinear operation, which is different from the modular addition and XOR operations commonly used.Therefore, the discrete logarithmic transformation of the intermediate cipher image can enhance the ability of IEA-IF-DLT to resist plaintext attacks.( 5) For the attackers' strategy of exploiting the special plain images of single pixel values to conduct differential attacks, the random pixel swapping added at the end of IEA-IF-DLT can effectively protect the previous encryption steps from being simplified or isolated.
As can be seen from the above measures, we do not rely solely on a single encryption step to ensure the security of IEA-IF-DLT.Our design idea is to ensure the security of IEA-IF-DLT through the targeted design of all encryption steps.To improve encryption efficiency, we adopt an S-box-like strategy to implement complex discrete logarithmic operations while employing a relatively small multiplicative group.However, it is worth noting that the purpose of introducing the discrete logarithmic transformation is not just to achieve the substitute effect it exhibits, but to ensure that there is an extremely complex mathematical relationship between plain and cipher pixels, together with other encryption steps, so as to effectively resist differential attacks.Next, in order to verify the advantages of IEA-IF-DLT in terms of security and efficiency, we conducted a large number of simulation tests and related analyses, and compared the test results with other advanced algorithms.As shown in Section 4, IEA-IF-DLT shows superiority in many security indicators, including information entropy.

Simulation Tests and Analyses
In order to comprehensively evaluate the performance and security of IEA-IF-DLT, we have completed a large number of simulation tests and related analyses, which include the visual effect test, key space analysis, key sensitivity analysis, differential attack analysis, histogram analysis, correlation analysis, information entropy analysis, robustness analysis, and efficiency analysis.These simulation tests and analyses were performed with the following hardware and software configurations: Intel(R) Xeon(R) CPU E3-1231 v3, 8 GB RAM, Window 7 operating system, and MATLAB R2017a (9.2.0538062).Besides, all test images are from The USC-SIPI Image Database (http://sipi.usc.edu/database/,accessed on 20 June 2022).

Visual Effect Test
A qualified image encryption algorithm must be able to transform plain images of different styles into unrecognizable random-like images.Without the correct secret key, no one can get any useful information from cipher images.However, once the correct secret key is used, one can fully recover the plain images.Figure 8 shows the relevant test results.After the processing of IEA-IF-DLT, the perceptible visual features of the plain images are completely eliminated.Then, with the help of the correct secret key, random-like cipher images are turned into the plain images again without any loss of visual information.This means that, in a visual sense, the encryption and decryption effect of IEA-IF-DLT is qualified.

Key Space Analysis
Some researchers have pointed out that, to effectively deal with brute force attacks, the key space of an image encryption algorithm should be at least greater than 2 128 [5,32].Considering the significant improvement in the computing power of computing hardware, we believe that this indicator should be increased to 2 256 [14,15].Furthermore, the representation of the secret key should also use a more canonical binary sequence form, otherwise it easily leads to the key sensitivity problem pointed out by Li et al [3,44].In our proposed IEA-IF-DLT, the secret key is represented in the form of a binary sequence with the length of 260 bits, that is, K = b 1 b 1 . . .b 260 .Specifically, the 260 bits of K will be converted into the initial state values and control parameters of the adopted chaotic systems in the following way.

Key Sensitivity Analysis
For the design of a strong encryption algorithm, Claude Shannon suggests the concepts of confusion and diffusion.When it comes to image encryption, the confusion mentioned is to make the statistical relationship between the cipher image and the secret key as complex as possible, so that even if some statistical properties of the cipher image are obtained, attackers still cannot infer the secret key.In other words, a secure image encryption algorithm must have extremely high key sensitivity-even if the secret key changes only minimally, the resulting cipher image must change drastically.To evaluate the key sensitivity of our proposed IEA-IF-DLT, we randomly generated a secret key Then, we inverted the least significant bit of K (1) , resulting in the secret key that differs by only one bit.With these two secret keys with only one minimal difference, we obtained the key sensitivity test results for the encryption process, as shown in Figure 9.
In the first row of the figure, the first image is the plain image 5.2.09, the second image is the cipher image obtained by encrypting 5.2.09 with K (1) , the third image is the cipher image obtained by encrypting 5.2.09 with K (2) , and the last image is the difference image of the first two cipher images; the pixel value distribution histograms of the images in the first row are shown in the second row.As one can see, using our proposed IEA-IF-DLT to encrypt the same plain image, even a small change in the secret key of only one bit will completely change the cipher image.Therefore, in the encryption process, IEA-IF-DLT has extremely high key sensitivity.Similarly, we also tested the key sensitivity of IEA-IF-DLT during encryption, as shown in Figure 10.It can be seen that for the same cipher image, the plain image can be fully recovered if decrypted with the correct secret key.In contrast, the decrypted image looks like a noisy image even if the secret key changes only slightly.Therefore, in the decryption process, IEA-IF-DLT also has extremely high key sensitivity.

Differential Attack Analysis
In the past few years, many image encryption algorithms have been cracked by attackers through differential attacks [27][28][29][30][31][44][45][46].In order to reconstruct the plain image, differential attacks typically work by calculating and evaluating the changes in the cipher image brought on by little alterations to the plain image.Generally, one can exploit NPCR (number of pixels change rate) and UACI (unified average changing intensity) to quantitatively detect the ability of an encryption algorithm to resist differential attacks.These two metrics can be described mathematically as follows.
U ACI(I 1 , where I 1 and I 2 are two images whose difference needs to be evaluated, both have the size of M × N; D represents the difference between I 1 and I 1 .When I 1 (x, y) = I 2 (x, y), D(x, y) = 1, otherwise D(x, y) = 0. To evaluate the ability of our proposed IEA-IF-DLT to resist differential attacks, we tested it with 20 commonly used test images of different sizes, as shown in Tables 3 and 4. For each test image, we randomly changed one bit of it, and then calculated the NPCR and UACI values between the cipher images before and after the change.As can be seen from Tables 3 and 4, the NPCR and UACI average of IEA-IF-DLT is closer to the optimum values of 99.6094% and 33.4635%, and the stability is better when compared to several recent image encryption algorithms.

Histogram Analysis
Natural images usually have significant pixel distribution characteristics, and attackers also hope to find similar distribution characteristics from cipher images.In order to prevent such attacks, an image encryption algorithm must completely eliminate these characteristics, thus preventing attackers from deducing useful information.Figure 11 presents the histograms of some plain images and the corresponding cipher images generated by IEA-IF-DLT.These histograms indicate that the pixel distribution of the plain images is extremely uneven, whereas in the cipher images, these salient features are no longer present.Therefore, IEA-IF-DLT can effectively resist the attacks based on pixel distribution characteristics.

Correlation Analysis
Adjacent pixels in natural images usually have an extremely high correlation, as shown in the first row of Figure 12.Therefore, a secure image encryption algorithm should be able to effectively eliminate this correlation.The second row of Figure 12 presents the encryption effect of our proposed IEA-IF-DLT.Obviously, the strong correlation of the plain image in the horizontal, vertical, and diagonal directions has been completely eliminated.
Additionally, we introduced the correlation coefficient (CC) to do a quantitative study, so as to more precisely assess how well IEA-IF-DLT performs in reducing the correlation between adjacent pixels.The following is a mathematical definition of CC.
where E(ν) and D(ν) represent the expectation and variance of the pixel value ν, and ν x , ν y stand for the pixel values of two adjacent pixels in a specific direction.After repeated calculations, we found that plain images usually have extremely high CC values (>0.8), as demonstrated in Table 5.In contrast, in the cipher images generated by our proposed IEA-IF-DLT, the CC values are extremely low in any direction (<0.005).This further proves that IEA-IF-DLT does have an excellent performance in removing the strong correlation of adjacent pixels in natural images.

Information Entropy Analysis
Information entropy is an indicator that can measure the randomness and distribution uniformity of a signal well, and is widely used to evaluate the security of an encryption algorithm.In a mathematical sense, information entropy can be defined as where ζ i represents one of the symbols whose total number is T, and δ(ζ i ) indicates the probability of ζ i .In general, a higher information entropy value signifies that the signal is

Efficiency Analysis
As we all know, in addition to security, improving the efficiency of image encryption is another most important motivation for researchers to design new image encryption algorithms.Therefore, a well-designed image encryption algorithm should not only ensure extremely high security, but also have extremely high encryption efficiency.In our proposed

Figure 4 .
Figure 4. Basic principle of pixel-level image filtering.

Figure 5 .
Figure 5.An example of plane-level image filtering.

1 )
are the initial state values and control parameters of 2D-LTMM;

Figure 11 .
Figure 11.Histograms of plain images and corresponding cipher images: (a) plain images; (b) histograms of plain images; (c) cipher images; (d) histograms of cipher images.

Figure 13 .
Figure 13.Test results of IEA-IF-DLT in terms of robustness analysis.The first row presents four noise contaminated cipher images, and the second row presents the corresponding decrypted images.The third row shows four cipher images with data loss, and the fourth row shows the corresponding decrypted images.(a) intensity of SPN is 0.005; (b) intensity of SPN is 0.01; (c) intensity of SPN is 0.015; (d) intensity of SPN is 0.02; (e) data loss at top-left corner; (f) data loss at top-right corner; (g) data loss at bottom-left corner; (h) data loss at bottom-right corner.

Table 3 .
NPCR test results of IEA-IF-DLT and other image encryption algorithms.
1The bolded values emphasize that IEA-IF-DLT has the best performance in terms of average and stability.

Table 4 .
UACI test results of IEA-IF-DLT and other image encryption algorithms.

Table 5 .
CCs of different plain and cipher images.