A K-SVD Based Compressive Sensing Method for Visual Chaotic Image Encryption

: The visually secure image encryption scheme is an effective image encryption method, which embeds an encrypted image into a visual image to realize a secure and secret image transfer. This paper proposes a merging compression and encryption chaos image visual encryption scheme. First, a dictionary matrix D is constructed with the plain image by the K-SVD algorithm, which can encrypt the image while sparsing. Second, an improved Zeraoulia-Sprott chaotic map and logistic map are employed to generate three S-Boxes, which are used to complete scrambling, diffusion, and embedding operations. The secret keys of this scheme contain the initial value of the chaotic system and the dictionary matrix D, which signiﬁcantly increases the key space, plain image correlation, and system security. Simulation shows the proposed image encryption scheme can resist most attacks and, compared with the existing scheme, the proposed scheme has a larger key space, higher plain image correlation, and better image restoration quality, improving image encryption processing efﬁciency and security.


Introduction
The development of information and modern communication technology has made it possible to transmit digital images quickly and conveniently. However, digital images contain much private and secret information, and the protection the security of digital images quickly and effectively has become an urgent problem. Digital images have characteristics of high correlation among pixels, a large amount of data and visualization, etc. Traditional encryption techniques cannot meet their encryption demand. Therefore, digital image encryption (IE) technology has become a hot research topic [1][2][3][4][5][6].
Chaotic systems have characteristics of pseudo-randomness, uncertainty, and initial value sensitivity, and can be used to obtain pseudorandom sequences [7][8][9][10]. In 1989, Mattews [11] first proposed a chaos-based encryption scheme. Then Fridrich proposed a "scramblingdiffusion" IE framework with a two-dimensional chaotic map in 1998 [12]; from then, most digital image encryption methods are based on this framework, and many research results have emerged [13]. There are two main research directions in this field. The first is the application of a new chaotic system. A one dimensional chaotic map is first employed in IE, followed by a multi-dimensional chaotic system. With an in-depth study of chaos theory, hyperchaotic systems [14] and memristor hyperchaotic are also utilized [15][16][17]. The second direction is the design of the scrambling-diffusion algorithm. Scrambling consists of scrambling the position of each pixel in the picture, and diffusion of spreading the value of each pixel point to other pixel points; a good algorithm for scrambling and diffusion is an important assurance of IE security [18,19]. A large number of different algorithms have been proposed and applied to chaotic IE, such as DNA coding [20,21], S-Box [22], Bit-Level Permutation [23], Bit-plane Rotation [24], Random walk [25,26], etc. However, the scrambling-diffusion framework has two shortcomings. One is that the encrypted image has the same size as the plain image, which provides valuable information for the attacker. The other is the nature of random-like encrypted images, which are easier to recognize as encrypted images and vulnerable to attack.
Compressive sensing can reduce the size of an encrypted image, improve transmission efficiency, solve the first problem mentioned above, and sample, compress, and encrypt the image simultaneously, and has been widely used in image encryption schemes [27]. In a compressive sensing image encryption scheme, the plain image should first be sparse, then a measurement matrix is employed to reduce and encrypt the plain image. Yu et al. proposed constructing the measurement matrix with chaos [28], and Zhou et al. proposed an image compression-encryption scheme to generate a measurement matrix with a logistic map [29].
To solve the second problem, Ye et al. proposed a visual image encryption scheme [30]. In this scheme, the plain image is compressed and encrypted through compressive sensing to obtain a compressed image, then the compressed image is confused and diffused and becomes an encrypted image, and finally the encrypted image is embedded into a carrier image to prevent the attacker from discovering the encrypted image. Based on this scheme, a variety of research results have emerged. For example, Jiang et al. proposed an adaptive embedding algorithm [31], and Yang et al. designed a Generalized Embedding Model [32]. Hua et al. employed an adaptive-thresholding sparsification method, to improve the quality of the reconstructed image [33]. To improve the transmission efficiency of cipher images, a double-image encryption algorithm is designed in [34,35]; furthermore, Liu et al. proposed a multi-image encryption algorithm [36]. These methods improve the efficiency of image encryption and transmission; however, the existing methods of encrypting images with compressive sensing use the measurement matrix as the key, which lacks the correlation of a plain image. The repeated use of the measurement matrix is vulnerable to attack by selected plaintext.
Based on the above analysis, this paper proposes a high plain image correlation measurement matrix compressive sensing image encryption scheme. This scheme includes three steps. First, dictionary D is produced from the plain image with the K-Singular Value Decomposition (K-SVD) algorithm [37]. Based on the singular value decomposition (SVD), the K-SVD algorithm consists of the generalizing of a K-means clustering process, learning an over-complete dictionary from a set of signals. Second, the plain image is sparsed, compressed, and encrypted to a compressed image. Third, three S-Boxes are constructed with the Improved Zeraoulia-Sprott chaotic Map 5 and logistic map and are used to complete the scrambling, diffusion, and embedding operations.
The main contributions of this work are as follows. First, a compressive sensing algorithm related to plain images is proposed, and a dictionary matrix D is constructed with the plain image by the K-SVD algorithm. D is one of the secret keys and is used to sparse the plain image, then compress the plain image, completing compression and encryption at the same time, which can significantly improve processing efficiency and security.
Second, the secret key of the scheme includes the initial value of the chaotic system and the dictionary of the compressive sensing algorithm, which greatly increases the key space and complexity. Simulations and comparisons show that, compared with the existing schemes, the proposed scheme has larger key space, higher image recovery quality, plain image correlation, flexibility, and a higher security level.
The remainder of the paper is organized as follows. Section II introduces the basic theory of the logistic chaotic system, improved Zeraoulia-Sprott map (IZSM), compressive sensing and S-box. Section III presents the encrypted scheme, the encrypted steps, the encrypted detail and the decryption scheme. Simulation and analysis are performed in Section IV. The last section concludes the paper.

Logistic Chaotic System
A logistic map is a simple one-dimensional chaotic map, proposed by American scientist Li and Yorke in 1975 [38], and has been widely used in the field of encrypted communication. The formula for the logistic map is as follows, where µ refers to the system parameter whose value range is (0, 4) and x n refers to the system variable whose value range is (0, 1).

Improved Zeraoulia-Sprott Map (IZSM)
In this paper, a 2D modular chaotic system(2D-MCS) [39], IZSM, with higher chaos complexity and larger chaotic ranges, is employed, which can effectively solve the problems of narrow chaotic ranges and limited parameter ranges. The employed IZSM is defined as follows, x n+1 = −âx n / 1 + y 2 n mod N y n+1 = (x n +by n ) mod N , whereâ,b are system parameters. The modulus coefficient N is a positive integer. Compared with the limitation of the modular operation in 2D-MCS, IZSM can compact the phase plane significantly. Consequently, the values of the two parametersâ andb in the IZSM are more flexible. As shown in Figure 1, variables x and y in the IZSM can randomly visit the entire regions of the phase plane under all given parameter settings, and the outputs of the IZSM can be randomly distributed on the whole phase plane.
The remainder of the paper is organized as follows. Section II introduces the basic theory of the logistic chaotic system, improved Zeraoulia-Sprott map (IZSM), compressive sensing and S-box. Section III presents the encrypted scheme, the encrypted steps, the encrypted detail and the decryption scheme. Simulation and analysis are performed in Section IV. The last section concludes the paper.

Logistic Chaotic System
A logistic map is a simple one-dimensional chaotic map, proposed by American scientist Li and Yorke in 1975 [38], and has been widely used in the field of encrypted communication. The formula for the logistic map is as follows, where refers to the system parameter whose value range is (0, 4) and refers to the system variable whose value range is (0, 1).

Improved Zeraoulia-Sprott Map (IZSM)
In this paper, a 2D modular chaotic system(2D-MCS) [39], IZSM, with higher chaos complexity and larger chaotic ranges, is employed, which can effectively solve the problems of narrow chaotic ranges and limited parameter ranges. The employed IZSM is defined as follows, where , are system parameters. The modulus coefficient is a positive integer. Compared with the limitation of the modular operation in 2D-MCS, IZSM can compact the phase plane significantly. Consequently, the values of the two parameters and in the IZSM are more flexible. As shown in Figure 1, variables and in the IZSM can randomly visit the entire regions of the phase plane under all given parameter settings, and the outputs of the IZSM can be randomly distributed on the whole phase plane.

Compressive Sensing
Compressive sensing can sample, compress, and encrypt the image simultaneously, improving the efficiency of encryption algorithms and the ability to protect the confidentiality of images. The specification of compressive sensing includes three parts, sparsity, uncorrelated observation, and optimum reconstruction of signals. Given a signal x ∈ R N×1 , under the action of the orthogonal basis Ψ ∈ R N×N , the signal x can be sparsely represented as follows, where, s i = {s 1 , s 2 , . . . s N } is the coefficient vector of signal x. If the number of non-zero coefficients in vector s is K N, i.e., the coefficient vector s i is K-Sparse, then the signal x is sparse, and can be compressed under the action of the orthogonal basis Ψ. The lowdimensional linear observation value y of length M can be acquired after employing the matrix Φ ∈ R M×N of size M × N(M N) to perform dimensionality reduction observation on the signal. Moreover, y vanishes the correlation of signal x, and the important information of the reconstructed signal x remains, where Θ = ΦΨ is the sensor matrix, and y ∈ R M×1 is the measurement result. If the original signal x is reconstructed from the observed value y, then the sensor matrix Θ is supposed to satisfy the Restricted Isometry Property (RIP). Some references denote that the measurement matrix Φ does not correlate with the sparse basis Ψ. If the sensor matrix Θ satisfies RIP, the reconstruction problem can be solved by solving the minimum 0 norm problem of Equation (5), Finally, by using reverse transformation for s, the approximate solution vector can be acquired,

S-Box
A substitution S-Box is one of the most significant modules in a symmetric key encryption algorithm and has been widely used in combining the complete Latin square with a chaotic system. S-Box is a square matrix that regards numerous bits as input and converts from these bits to the same number of output bits, constructed by the orthogonal matrices generated from the complete Latin square. First, the chaotic system based on the given initial state is used to generate chaotic sequences, and the complete Latin square is generated by a part of the chaotic sequences. As a result, two orthogonal matrices are created. After scrambling the orthogonal matrices based on the chaotic sequences, an S-Box can be constructed. The S-Box makes it easy to change the pixel positions of an image. Analysis results demonstrate that an S-Box has complicated nonlinear properties, can resist different kinds of security attacks, and satisfy the requirement of the security level of the encryption algorithm.

Image Encryption Scheme
This section proposes a new K-SVD-based compressive sensing visual chaotic image encryption scheme. There are two stages in the encryption process, encryption and embedding. In the encryption stage, a dictionary is obtained from the plain image by K-SVD, then the plain image is sparsed with the dictionary. The dictionary is one of the secret keys, and the sparse operation is also a kind of encryption operation. The sparsification operation brings better plaintext correlation to the scheme. Next, the sparse image is compressed with a compressive sensing algorithm. The other keys are x0 and y0, which are the initial value of IZSM and the Logistic map. IZSM generates two pseudorandom sequences to construct S-Boxes, which are used to permute and embed the secret image. In addition, chaos sequences created by a Logistic map are used to diffuse the image. Thus, a plain image is encrypted into an encrypted image. In the embedding stage, the mix coding algorithm embeds the encrypted image into an embedding image with S-Box, and at last the cipher image is obtained.

OMP
The orthogonal matching pursuit algorithm (OMP) is a regression algorithm. For an underdetermined equation y = Θs, OMP finds the most approximate solution of s when y (size of M × 1) and Θ (size of M × N) are known. OMP is used in both sparse decomposition and compressive sensing reconstruction in this paper. The solution steps are as follows: Step 1: Consider each column of the matrix Θ as an atom d, so, y is the linear combination of atoms in Θ, s is the linear combination coefficient, and s i measures the contribution of the i-th atom d i . Next, we calculate the contribution s i d i , y of each atom to y, and select d i that maximizes this value, where d i , y is the absolute value of the result of multiplying the transpose matrix of d i and y.
Step 2: Set the initial residual f = y and create a new compression matrix Θ new = ∅, where ∅ represents an empty set. Following this, d i with the largest contribution calculated previously is added into Θ new . Then we subtract d i from y and the remaining residual is achieved: Step 3: Through d i , y , we can find out d i with the largest contribution except d i , and then add d j to Θ new . Now, the contribution of Θ new to y is required. In order to obtain a new coefficient, OMP will solve the least squares problem: Then the new coefficient ω is get by The residual is updated to Step 4: When the residual is less than a certain value, the iteration stops. If the sparsity K is known, it will be iterated K times. Finally, we add the values of ω to the corresponding positions and set the values of other positions as zero, so the reconstructed signalŝ of S can be obtained.

K-SVD Sparse Dictionary
K-SVD is an algorithm for designing overcomplete dictionaries for sparse representation. Supposing a matrix Y ∈ R m×n represents the original signal (image), Y m×n = D m×K X K×n , where D is the dictionary matrix with the size of m × K, and X is the corresponding sparse matrix with the size of K × n which is expected to be as sparse as possible.
To deal with this problem, an optimization problem is proposed, which is or min where x i (i = 1, 2, . . . , K) is the row vector of the sparse matrix X, and x i 0 is the zeroorder norm representing the number of numbers that are not 0 in the vector. By applying the Lagrangian multiplier method, this problem transforms into a non-constrained optimization problem, which is described as To make this easy to understand and solve, x i 0 is replaced by x i 1 .
The general method to optimize X is the OMP algorithm, while the solution for D optimizing can be explained as follows.
Suppose the sparse matrix X is known, the column-wise update of dictionary matrix D can be implemented. The above formula can be converted into The optimization problem can be described as The problem is transformed into finding the optimal d k , x k T is a least squares question and can be solved by SVD.
To obtain the new x k T sparse, the positions in E k where the corresponding x k T is not 0, are extracted, and a new matrix E k is rebuilt. As a result, the question is converted into By employing SVD, we can perform singular value decomposition on E k , Taking the first column vector of the left singular matrix U as d k the product of the first-row vector of the right singular matrix as V, and the first singular value Σ as x k T , the corresponding x k T can be updated.

Construction of S-Box
In this paper, we construct the S-Box based on the IZSM, as shown in Figure 2. Three steps are needed.
Step 1: Given the initial keys of IZSM, to generate two sequences x and y, with a length of 10,000, and a value range (0, 1).
Step 2: Normalize x and y sequences to the range (0, 256) and round down, then the normalized sequences x and y are obtained.
Step 3: Create a 16 × 16 size matrix, fill the matrix with the first 256 non-repeating values of sequence x , and obtain Box1. Box2 can be obtained via sequence y in the same way.

Coordinate Mapping Algorithm Based on S-Box
In this step, the S-Boxes are employed to perform image coordinate mapping, Box1 used for the abscissa and Box2 used for the ordinate. Figure 3 shows partial data for Box1 and Box2. Taking the coordinate (136, 239) as an example, the specific steps of coordinate mapping are as follows. In the 16 × 16 matrix, the 136-th coordinate is located in the 9-th row and 8-th column, so the abscissa corresponds to the coordinate (9, 8) of Box1. As shown in Figure 3, the value of this coordinate (9,8) in Box1 is 28, and after adding 1, it is 29. Therefore, the abscissa is mapped from 136 to 29. The same is true for the ordinate. The 239-th coordinate is located in the 15-th row and 15-th column, the coordinate value of Box2 (15,15) is 201, and 202 after adding 1. To sum up, the coordinate (136, 239) becomes (29,202) after mapping. Because the coordinate range of the encrypted image is [1,256] and there is no duplicate coordinate, the value range of the S-Box is also [1,256], and there is no duplicate value, the coordinate mapping is reversible.

Coordinate Mapping Algorithm Based on S-Box
In this step, the S-Boxes are employed to perform image coordinate mapping, 1 used for the abscissa and 2 used for the ordinate. Figure 3 shows partial data for 1 and 2. Taking the coordinate (136, 239) as an example, the specific steps of coordinate mapping are as follows. In the 16 × 16 matrix, the 136-th coordinate is located in the 9-th row and 8-th column, so the abscissa corresponds to the coordinate (9, 8) of 1. As shown in Figure 3, the value of this coordinate (9,8) in 1 is 28, and after adding 1, it is 29. Therefore, the abscissa is mapped from 136 to 29. The same is true for the ordinate. The 239-th coordinate is located in the 15-th row and 15-th column, the coordinate value of 2 (15, 15) is 201, and 202 after adding 1. To sum up, the coordinate (136, 239) becomes (29, 202) after mapping. Because the coordinate range of the encrypted image is [1,256] and there is no duplicate coordinate, the value range of the S-Box is also [1,256], and there is no duplicate value, the coordinate mapping is reversible.

The Scheme of Image Encryption
The proposed encryption scheme is given in Figure 4, which includes four stages: compression, scrambling, diffusion, and embedding. The size of the original image is × , the compressed image size is × , and the compression ratio is / .

Coordinate Mapping Algorithm Based on S-Box
In this step, the S-Boxes are employed to perform image coordinate mapping, 1 used for the abscissa and 2 used for the ordinate. Figure 3 shows partial data for 1 and 2. Taking the coordinate (136, 239) as an example, the specific steps of coordinate mapping are as follows. In the 16 × 16 matrix, the 136-th coordinate is located in the 9-th row and 8-th column, so the abscissa corresponds to the coordinate (9, 8) of 1. As shown in Figure 3, the value of this coordinate (9,8) in 1 is 28, and after adding 1, it is 29. Therefore, the abscissa is mapped from 136 to 29. The same is true for the ordinate. The 239-th coordinate is located in the 15-th row and 15-th column, the coordinate value of 2 (15, 15) is 201, and 202 after adding 1. To sum up, the coordinate (136, 239) becomes (29, 202) after mapping. Because the coordinate range of the encrypted image is [1,256] and there is no duplicate coordinate, the value range of the S-Box is also [1,256], and there is no duplicate value, the coordinate mapping is reversible.

The Scheme of Image Encryption
The proposed encryption scheme is given in Figure 4, which includes four stages: compression, scrambling, diffusion, and embedding. The size of the original image is × , the compressed image size is × , and the compression ratio is / .

The Scheme of Image Encryption
The proposed encryption scheme is given in Figure 4, which includes four stages: compression, scrambling, diffusion, and embedding. The size of the original image P is M × N, the compressed image size is M × N, and the compression ratio is N/M.

Image Compression
Step 1: The dictionary set Dictionary and the SparseMatrix are obtained by the K-SVD algorithm.

Image Compression
Step 1: The dictionary set Dictionary and the SparseMatrix are obtained by the K-SVD algorithm.
where phi is the randomly generated measurement matrix of size × and is the number of OMP iterations.
Step 2: Construct a random observation matrix PHI of size × .
Step 3: Sampling the sparse matrix through the observation matrix PHI to obtain the observation signal , where the size of is × .

Image Scrambling
Before scrambling, image needs to be supplemented to the size of × , and the range of pixel values of each point is required to be (0, 256).
Step 1: Calculate the maximum pixel value 1 and the minimum pixel value 1 in image . The pixel value of each point is normalized to (1, 255) with the formula Step 2: Construct a random matrix of size ( − ) × , normalize each value to (1,255), and splice the matrix with the matrix to obtain matrix 1 of size × .
Step 3: Two 16 × 16 S-Boxes, 1 and 2 are generated through the IZSM, with the algorithm mentioned in the section "Construction of S-Box".
Step 4: Coordinate mapping is performed on 1 to achieve image scrambling, and 2 is obtained.

Image Diffusion
A logistic chaotic system is utilized to realize image diffusion. First, two × chaotic sequences 1 and 2 are generated via the Logistic chaotic system, and normalized to the range of [1,256]. Then, additive modular algorithm is applied to 2 to where phi is the randomly generated measurement matrix of size M × N and L is the number of OMP iterations.
Step 2: Construct a random observation matrix PHI of size M × N.
Step 3: Sampling the sparse matrix through the observation matrix PHI to obtain the observation signal Y, where the size of Y is M × N.

Image Scrambling
Before scrambling, image Y needs to be supplemented to the size of N × N, and the range of pixel values of each point is required to be (0, 256).
Step 1: Calculate the maximum pixel value Max1 and the minimum pixel value Min1 in image Y. The pixel value of each point is normalized to (1, 255) with the formula Step 2: Construct a random matrix Add of size (N − M) × N, normalize each value to (1,255), and splice the matrix Y with the matrix Add to obtain matrix Y1 of size N × N.
Step 3: Two 16 × 16 S-Boxes, Box1 and Box2 are generated through the IZSM, with the algorithm mentioned in the section "Construction of S-Box".
Step 4: Coordinate mapping is performed on Y1 to achieve image scrambling, and Y2 is obtained.

Image Diffusion
A logistic chaotic system is utilized to realize image diffusion. First, two N × N chaotic sequences S1 and S2 are generated via the Logistic chaotic system, and normalized to the range of [1,256]. Then, additive modular algorithm is applied to Y2 to create Y3, called image diffusion. The diffusion process includes forward diffusion and reverse diffusion. The details are as follows, forward diffusion where P is the plain-text, C is the cipher-text, and S is the random sequence.

Image Embedding
Supposing the embedding image is Cr, whose length and width are more than twice that of the encryption image, one pixel of the encryption image can be mapped to four pixels of the embedding image.
Step 2: The pixel value of each point in the encryption image is divided into four parts: Temp1, Temp2, Temp3, and Temp4. Temp1 is the integer part. After removing Temp1, shift the decimal point right by four digits and take the integer part Temp2. After removing Temp2, continue to shift the decimal point right by four digits, and take the integer part as Temp3. Temp4 is equal to Temp1.
Step 3: For each pixel part Tempx of each point, its coordinates are mapped from (x, y) to (x 1 , y 1 ) through a pair of S-Boxes. Then it is mapped to the coordinates of the embedding image through coordinate transformation, Then the coordinates corresponding to each pixel part are (x 0 , y 0 ), (x 0 + 1, y 0 ), (x 0 , y 0 + 1), (x 0 + 1, y 0 + 1).
Step 4: Each part of the pixel is embedded to the decimal part of the corresponding pixel of the embedding image to achieve ciphertext hiding. The embedded image is C r1 .

Image Decryption Scheme
The decryption process is the opposite of the encryption process and includes four parts: extracting the encryption image from the embedding image, inverse diffusion, inverse scrambling, and compressive sensing recovery. The decryption scheme is shown in Figure 5. Step 1: Extract the decimal part of 1 and record it as 2 .
Step 3: Create an × zero matrix 3 to represent the separated decryption image.  Step 1: Extract the decimal part of C r1 and record it as C r2 .
Step 2: Execute the same operation as section "Construction of S-Box" and obtain Box 1 and Box 2 .
Step 3: Start from the last coordinate of Y 2 and carry out the following operations consecutively. For each coordinate (x, y), obtain the corresponding mapping coordinate (x 1 , y 1 ) through Box 1 and Box 2 , exchange the pixel value of the coordinate (x, y) and the coordinates (x 1 , y 1 ), and then the image inverse scrambling is finished and Y 1 is obtained.
Step 4: Restore the values of the first M line of Y 1 according to Equation (27), Step 5: Take the first M rows of Y 1 to form a new matrix Y of size M × N.

Compressive Sensing Recovery
The proposed system adopts the OMP algorithm to recover the observed signal, and the required parameters are the observation matrix PH I, the dictionary set Dictionary and the observed signal Y.

Simulation Results
In the following simulation experiments, the experimental environment is windows10 and MATLAB R2016a, CPU: Intel(R) Core (TM) i7-10700 CPU @ 2.90 GHz 2.90 GHz, RAM: 16.0 GB. Four 256 × 256 gray-scale images, Lena, pepper, baboon, and couple are employed as the original images. One 512 × 512 embedded flower image is used for the first two images, and the other two images utilize another embedded mountain image.
The simulation results are exhibited in Figure 6; the pixels of the encrypted images are completely confused, and there is no relevant information. Meanwhile, after the encrypted images and embedded images are mixed, the embedded images almost have no change. Additionally, all decrypted images are identical to the original images.
The average encryption time of four images is 7.69 s, and the embedding time is 0.2 s, reaching the average level of existing work.

Key Space Analysis
The set of all possible keys in an encryption system is called a key space, denoted as S. Generally, the key space S should be larger than 2 100 to make brute-force attacks infeasible. In the proposed scheme, the keys are, (1) the initial values x 0 , y 0 of the IZSM and Logistic chaos map.
(2) the dictionary set "Dictionary". couple are employed as the original images. One 512 × 512 embedded flower image is used for the first two images, and the other two images utilize another embedded mountain image.
The simulation results are exhibited in Figure 6; the pixels of the encrypted images are completely confused, and there is no relevant information. Meanwhile, after the encrypted images and embedded images are mixed, the embedded images almost have no change. Additionally, all decrypted images are identical to the original images.  As mentioned earlier, the IZSM significantly reduces the range limit of the initial values and indirectly increases the difficulty of cracking. Usually, the Lyapunov exponent (LE) is used as an indicator of chaos. As shown in Figure 7, the IZSM can obtain positive LE in a larger parameter range than the original one, which means a larger key space. The key space S in this paper can obtain S = 10 166 = 10 96 ≈ 2 318 2 100 , which is large enough to resist brute-force attack.
As mentioned earlier, the IZSM significantly reduces the range limit of the initial values and indirectly increases the difficulty of cracking. Usually, the Lyapunov exponent (LE) is used as an indicator of chaos. As shown in Figure 7, the IZSM can obtain positive LE in a larger parameter range than the original one, which means a larger key space. The key space S in this paper can obtain = 10 = 10 2 ≫ 2 , which is large enough to resist brute-force attack.

Key Security Analysis
Key sensitivity is an important indicator to measure the security of an encryption system. If a system can make the decrypted image irrelevant to the original image after making a tiny change to a key value of the correct keys, it indicates that the key sensitivity of the system is good. The 'baboon' image shown in Figure 8a is used for key sensitivity analysis. The original key is set as = 1.1212, and the slightly modified key is set as = 1.12120000000001. The decrypted image for the correct decryption key is shown in Figure 8b, and the decrypted image for the incorrect decryption key is shown in Figure  8c. The information related to the original image cannot be obtained when the key is changed by only a tiny value of 10 , which means that the proposed scheme is rather sensitive to the secret keys.

Key Security Analysis
Key sensitivity is an important indicator to measure the security of an encryption system. If a system can make the decrypted image irrelevant to the original image after making a tiny change to a key value of the correct keys, it indicates that the key sensitivity of the system is good. The 'baboon' image shown in Figure 8a is used for key sensitivity analysis. The original key is set as x 0 = 1.1212, and the slightly modified key is set as x 0 = 1.12120000000001. The decrypted image for the correct decryption key is shown in Figure 8b, and the decrypted image for the incorrect decryption key is shown in Figure 8c. The information related to the original image cannot be obtained when the key is changed by only a tiny value of 10 −14 , which means that the proposed scheme is rather sensitive to the secret keys.
As mentioned earlier, the IZSM significantly reduces the range limit of the initial values and indirectly increases the difficulty of cracking. Usually, the Lyapunov exponent (LE) is used as an indicator of chaos. As shown in Figure 7, the IZSM can obtain positive LE in a larger parameter range than the original one, which means a larger key space. The key space S in this paper can obtain = 10 = 10 2 ≫ 2 , which is large enough to resist brute-force attack.

Key Security Analysis
Key sensitivity is an important indicator to measure the security of an encryption system. If a system can make the decrypted image irrelevant to the original image after making a tiny change to a key value of the correct keys, it indicates that the key sensitivity of the system is good. The 'baboon' image shown in Figure 8a is used for key sensitivity analysis. The original key is set as = 1.1212, and the slightly modified key is set as = 1.12120000000001. The decrypted image for the correct decryption key is shown in Figure 8b, and the decrypted image for the incorrect decryption key is shown in Figure  8c. The information related to the original image cannot be obtained when the key is changed by only a tiny value of 10 , which means that the proposed scheme is rather sensitive to the secret keys.

Histogram Analysis
A histogram is used to reflect the distribution of the pixel intensity values in the image. For an ideal image encryption system, the histogram of the encrypted image should be as uniform as possible to resist statistical attacks. Figure 9 shows the original images, the encrypted images, and the corresponding histograms. The histogram of the encrypted images is evenly distributed, while the histogram distribution of the original images is uneven. The proposed scheme can effectively withstand statistical attacks.

Histogram Analysis
A histogram is used to reflect the distribution of the pixel intensity values in the image. For an ideal image encryption system, the histogram of the encrypted image should be as uniform as possible to resist statistical attacks. Figure 9 shows the original images, the encrypted images, and the corresponding histograms. The histogram of the encrypted images is evenly distributed, while the histogram distribution of the original images is uneven. The proposed scheme can effectively withstand statistical attacks.

Correlation Analysis
The adjacent pixels of the original images have a high correlation in the horizontal, vertical, and diagonal directions. An ideal image encryption system should sufficiently reduce the relevance between neighboring pixels of the encrypted image to resist statistical attacks. Select 2560 pairs of pixels from the image baboon randomly before and after encryption to draw correlation diagrams. As shown in Figure 10, we can intuitively see that the adjacent pixels of the original images are linearly related, while the adjacent

Correlation Analysis
The adjacent pixels of the original images have a high correlation in the horizontal, vertical, and diagonal directions. An ideal image encryption system should sufficiently reduce the relevance between neighboring pixels of the encrypted image to resist statistical attacks. Select 2560 pairs of pixels from the image baboon randomly before and after encryption to draw correlation diagrams. As shown in Figure 10, we can intuitively see that the adjacent pixels of the original images are linearly related, while the adjacent pixels of the encrypted images have a low correlation. Usually, we use correlation coefficient defined by Equation (28) to measure the correlation of adjacent pixels.  The correlation coefficients calculated by Equation (28) are demonstrated in Table 1. The correction coefficients of the original image are very close to 1, while those of the encrypted images are around 0 in all directions, which means that the images after encryption are uncorrelated. Thus, the proposed encrypted algorithm can effectively resist statistical attacks.   Table 1. The correction coefficients of the original image are very close to 1, while those of the encrypted images are around 0 in all directions, which means that the images after encryption are uncorrelated. Thus, the proposed encrypted algorithm can effectively resist statistical attacks. The number of changing pixel rate (NPCR) and Unified Average Changing Intensity (UACI) are two criteria to quantitatively evaluate the capability of resistance to differential attacks. They are defined by where W and H represent the length and the width of the image, C 1 (i, j) and C 2 (i, j) are the pixel values of the two encrypted images, which correspond to the two original images with only 1-bit difference, and D(i, j) is defined by The results in Table 2 show that the value of NPCR and UCAI are approaching the ideal theoretical value of 99.61% and 33.46%, indicating the excellent performance of the proposed scheme in resisting the differential attacks.

Known-Plaintext Attack Analysis
When attackers know part of the plaintext and the corresponding ciphertext, the general regular pattern of pixel mapping can be obtained via the plaintext ciphertext pair, which is known-plain text attack. A simple linear encryption system is easily cracked by known-plaintext attacks. However, the two-dimensional chaotic system adopted in this paper is nonlinear. At the same time, the one-time encryption method strengthens security. Therefore, the proposed encryption system can resist known-plaintext attacks well.

Different Compression Ratios
Considering the use of Compressive sensing technology, the reconstruction quality of the image under different compressive ratios is analyzed. Taking two images, Lena and baboon as examples, the decrypted image quality is investigated when the compressive ratios are 8, 4, 2, and 1.33, as shown in Figure 11; when the compressive ratio is 1.33, the decrypted images are of high quality, and are almost the same as the original images. The difference between the decrypted images and the original images is still imperceptible to the human eye when the compressive ratio is 2. When this parameter is set to 4, the decrypted images still have high quality, but a few vertical lines appear. When the compressive ratio increases to 8, the decrypted images become blurred and many vertical lines appear because of the high value of the compressive ratio.

Sparse Matrix Analysis
The proposed encryption algorithm combines the compressive sensing theory, and the K-SVD algorithm is employed to generate the sparse matrix. Considering that DWT (discrete wavelet transform) is another well-known method for generating sparse matrix, we compare K-SVD and DWT on the quality of the decrypted image, as recorded in Figure 12. It is noticeable that the reconstruction quality of the decrypted image using K-SVD is far better than that using DWT under the same compression ratio. It is also noticeable that the reconstruction quality of the decrypted image using K-SVD is far better than that using DWT under the same compression ratio, but adds encryption and decryption time, which signifies more performance consumption.

Sparse Matrix Analysis
The proposed encryption algorithm combines the compressive sensing theory, and the K-SVD algorithm is employed to generate the sparse matrix. Considering that DWT (discrete wavelet transform) is another well-known method for generating sparse matrix, we compare K-SVD and DWT on the quality of the decrypted image, as recorded in Figure  12. It is noticeable that the reconstruction quality of the decrypted image using K-SVD is far better than that using DWT under the same compression ratio. It is also noticeable that the reconstruction quality of the decrypted image using K-SVD is far better than that using DWT under the same compression ratio, but adds encryption and decryption time, which signifies more performance consumption.

Cropping Attack Analysis
During encrypted image transmission, attackers may crop part of the encrypted image, which is called a Cropping Attack. The restoration ability of the decrypted image after cropping is an index to measure the resistance of an algorithm to cropping attacks. Simulations are implemented with the two images, Lena and baboon. Figure 13 shows the decryption images when the embedded images are cropped by 100, 400, and 2500 pixels, respectively.

Cropping Attack Analysis
During encrypted image transmission, attackers may crop part of the encrypted image, which is called a Cropping Attack. The restoration ability of the decrypted image after cropping is an index to measure the resistance of an algorithm to cropping attacks. Simulations are implemented with the two images, Lena and baboon. Figure 13 shows the decryption images when the embedded images are cropped by 100, 400, and 2500 pixels, respectively. As observed, when 100 pixels are cropped, the decrypted images retain most of the information of the original images. When 400 pixels are cropped, the decrypted images lose some details. When 2500 pixels are cropped, many details are lost in the decrypted images, but the content of the images can still be recognized. Thus, the encryption algorithm proposed in this paper has good resistance to cropping attacks. As observed, when 100 pixels are cropped, the decrypted images retain most of the information of the original images. When 400 pixels are cropped, the decrypted images lose some details. When 2500 pixels are cropped, many details are lost in the decrypted images, but the content of the images can still be recognized. Thus, the encryption algorithm proposed in this paper has good resistance to cropping attacks.

Conclusions
In this paper, we proposed a K-SVD-based compressive sensing chaotic image encryption scheme. The scheme employs the visual secure image encryption structure, through the embedding of the encrypted image into a visual image, increasing the security of image transmission. The key to this scheme includes a dictionary matrix D constructed by K-SVD from the plain image, and the initial value of IZSM chaotic has good plain-image correlation and high quality of image recovery. Three S-Boxes are constructed by the IZSM chaotic sequences and logistic sequences, in order to complete scrambling, diffusion, and embedding. Simulations and comparisons are executed, and the results show that the proposed scheme has larger key space, higher plain image correlation, flexibility, and security level, which can significantly improve the processing image recovery quality and security. Further, the proposed encryption scheme can be optimized in the executing speed, and expanded to achieve color image encryption.  Data Availability Statement: The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: