A Novel Image Encryption Algorithm Based on Compressive Sensing and a Two-Dimensional Linear Canonical Transform

Abstract

In this paper, we propose a secure image encryption method using compressive sensing (CS) and a two-dimensional linear canonical transform (2D LCT). First, the SHA256 of the source image is used to generate encryption security keys. As a result, the suggested technique is able to resist selected plaintext attacks and is highly sensitive to plain images. CS simultaneously encrypts and compresses a plain image. Using a starting value correlated with the sum of the image pixels, the Mersenne Twister (MT) is used to control a measurement matrix in compressive sensing. Then, the scrambled image is permuted by Lorenz’s hyper-chaotic systems and encoded by chaotic and random phase masks in the 2D LCT domain. In this case, chaotic systems increase the output complexity, and the independent parameters of the 2D LCT expand the key space of the suggested technique. Ultimately, diffusion based on addition and modulus operations yields a cipher-text image. Simulations showed that this cryptosystem was able to withstand common attacks and had adequate cryptographic features.

1. Introduction

The rapid development of the internet has brought convenience to daily life, but privacy leakage incidents occur frequently. The issue of security has garnered extensive attention. Optical encryption, compressed sensing (CS), and network learning are effective means of protecting image security [1,2,3]. In 1995, Refregier and Javidi introduced the double random algorithm [4], which utilizes four optical processors and has garnered significant attention. To enhance security and increase the range of possible keys, the DRPE technique has been expanded into additional domains. However, it needs to be pointed out that these double-random phase-encoding (DRPE)-based encryption systems are linear systems [4,5,6,7], and these encryption methods are all types of symmetrical encryption systems. Due to the inherently linear nature of mathematics and optical transformation, the vulnerability of various encryption schemes to plaintext assaults is rather high [8].

Consequently, many nonlinear optical image encryption systems that can enhance security and resist plaintext attacks have been recently put forward [9,10,11,12]. An image encryption technique based on a chaotic system and transform was presented by Zhou et al. [9]. FRMTs of varying orders alter distinct annular areas of the original image, and this can be used to overcome the disadvantage of using linear transforms and having large key space. Since then, both signal processing and encryption have involved the more flexible linear canonical transform (LCT), which has three free parameters [13,14]. On the basis of the LCT, Wei et al. proposed the random discrete linear regular transform (RDLCT) [13]. The randomness of the RDLCT’s output phase and magnitude can strengthen an encryption system’s security. Recent designs have included further techniques based on the 2D LCT [14,15]. The 2D LCT has the natural advantage of multiple parameters, which can expand the key space and improve the security of an algorithm.

Chaos-based encryption schemes have frequently been utilized to further increase security [16,17,18,19,20]. This is because of their significant sensitivity to beginning circumstances, good pseudo-randomness, and ergodicity. In 1998, Fridrich proposed the classic framework of image encryption [16]. An image encryption technique based on spatiotemporal chaos was created using the framework mentioned above [17]. However, both of them were proven to be unable to resist chosen plaintext attacks [19,21]. Image encryption systems use an increasing amount of high-dimensional chaos due to their increasingly complicated dynamic nature, and they are more sensitive to initial values and higher security than to low-dimensional chaos [22]. Saljoughi presented an encryption algorithm using three-dimensional logistic maps [23]. A scale-invariant digital image encryption technique based on chaotic 3D maps was introduced by Hamed et al. [24], and it had excellent security capacity and high efficiency. Additionally, a number of hyper-chaotic systems were incorporated to enhance security [25,26,27]. To sum up, hyper-chaotic systems provide sequences with high pseudo-randomness that are ideal for encryption.

Meanwhile, CS is widely used because it allows data to be compressed directly at the time of collection, rather than being transmitted or stored after collection [28,29,30]. This can reduce the amount of data transferred and stored, increasing efficiency. At the same time, the nature of random measurements makes it more difficult to reconstruct information from raw data, which can increase the strength of encryption. Measurement matrices are typically thought of as the key in compressive-sensing-based algorithms [31,32,33]. However, the most popular approach generates an image-encrypted measurement matrix using a chaotic system [31,32,34,35,36]. Zhou developed an approach that employed two measurement matrices under the control of a logistic map to compress and encrypt pictures [31]. Nevertheless, the aforementioned techniques’ secret keys were unrelated to plaintext pictures, making them susceptible to specific plaintext assaults. Some recent methods can reduce these problems. The work in [37] introduced parallel compressive sensing (PCS), which was resistant to specific plaintext assaults. Above all, we created a unique image encryption technique based on CS and 2D LCT that could withstand typical assaults and had a huge key space.

In this study, we introduced a unique image encryption technique based on CS and the 2D LCT to further increase security. First, CS offers trustworthy and effective encryption and compression services, and a plaintext image controls the CS measurement matrix’s construction parameters. Second, to prevent certain plaintext assaults, the hyper-chaotic system’s initial values were generated by using the SHA 256 value of the original image. Third, the 2D LCT had six free parameters, which greatly enhanced the key space. The suggested scheme’s security against various assaults was demonstrated by the findings in security analysis and testing.

The following is the format for the remainder of this paper: Section 2 presents a few foundational theories. Section 3 provides a detailed explanation of the recommended image encryption method. A number of presentations and simulations are presented in Section 4. In Section 5, a succinct summary of the findings is provided.

2. Preliminaries

We first give a few related definitions before going into detail about the suggested algorithm.

2.1. Linear Canonical Transform

The linear canonical transform (LCT) is a class of linear integral transformations with three parameters, which is the general case of FrFT and Fresnel transformations (FSTs) [38]. The LCT is also useful in optical signal processing and encryption in a number of ways due to its multi-parameter advantages. The LCT of a transformable signal can be defined as [39]

$$L_f^A\left(u\right)={\mathcal{L}}_A\left[f\left(t\right)\right]\left(u\right)=\left\{\begin{array}{cc}{\int }_{\mathbb{R}}f\left(t\right)K_A(u,t)\mathrm{d}t,\hfill & b\ne 0,\\ \sqrt{d}exp\left(\mathrm{i}\frac{cd{u}^2}{2}\right)f\left(\mathrm{d}u\right),\hfill & b=0,\end{array}\right.$$

(1)

where $K_A(u,t)=C_{A}exp\left(\mathrm{i}\frac{a{t}^2}{2b}-\mathrm{i}\frac{ut}{b}+\mathrm{i}\frac{d{u}^2}{2b}\right)$, $C_A=\frac{1}{\sqrt{\mathrm{i}2\pi b}}$, and constants $a,b,c,d$ are related by a parameter matrix A, which is also called unit-modular matrix and is represented as

$$A=\left[\begin{array}{c}a\hfill \\ c\hfill \end{array}\right.\left.\begin{array}{c}b\hfill \\ d\hfill \end{array}\right]$$

(2)

where $ad-bc=1$. Consequently, the LCT has three independent parameters.

A function’s continuous 2D LCT can be expressed as

$$\begin{array}{c}{F}^{A,B}\left\{f(m,n)\right\}=F^{C,D}(x,y)\hfill \\ ={\int }_{-\infty }^{+\infty }{\int }_{-\infty }^{+\infty }f(m,n)K_{C,D}(m,n,x,y)\mathrm{d}m\mathrm{d}n\hfill \\ =\left\{\begin{array}{c}\frac{1}{j2\pi }\sqrt{\frac{1}{c_1{c}_2}}{\mathrm{e}}^{\left(\frac{d_1{x}^2}{2c_1}+\frac{d_2{m}^2}{2c_2}\right)}\hfill \\ \times {\int }_{-\infty }^{+\infty }{\int }_{-\infty }^{+\infty }{\mathrm{e}}^{-j\left(\frac{xm}{c_1}+\frac{yn}{c_2}\right)+\int \left(\frac{a_1{x}^2}{2c_1}+\frac{a_2{y}^2}{2c_2}\right)}f(m,n)\mathrm{d}m\mathrm{d}n\hfill \\ c_1{c}_2\ne 0,\left|C\right|=\left|D\right|=1\hfill \\ \sqrt{d_1{d}_2\mathrm{e}}\frac{\int \left(a_1{d}_1{u}^2+a_2{d}_2^2\right)}{2}f\left(d_{1}m,d_{2}n\right)c_1^2+c_2^2=0\hfill \end{array}\right.\hfill \end{array}$$

(3)

where $K_C(m,x)=$$\sqrt{\frac{1}{j2\pi c_1}}$${\mathrm{e}}^{j\frac{d_1{x}^2}{2c_1}-j\frac{xm}{b_1}+j\frac{a_1{m}^2}{2c_1}}$, $K_D(n,y)=\sqrt{\frac{1}{j2\pi c_2}}{\mathrm{e}}^{j\frac{d_2{y}^2}{2c_2}-j\frac{yn}{c_2}+j\frac{a_2{x}^2}{2c_2}}$, $C=\left[\begin{array}{cc}{a}_1\hfill & b_1\hfill \\ c_1\hfill & d_1\hfill \end{array}\right]$, and $D=\left[\begin{array}{cc}{a}_2\hfill & b_2\hfill \\ c_2\hfill & d_2\hfill \end{array}\right]$ are real matrices. $C^{-1}=\left[\begin{array}{cc}{d}_1\hfill & -b_1\hfill \\ -c_1\hfill & a_1\hfill \end{array}\right]$, $D^{-1}=\left[\begin{array}{cc}{d}_2\hfill & -b_2\hfill \\ -c_2\hfill & a_2\hfill \end{array}\right]$. The constraint condition of the matrix C and D is $\left.\left|C\right.\right|=\left.\left|D\right.\right|=1$.

2.2. Compressive Sensing

A unique method that can accomplish compression during the sampling process is called compressive sensing (CS) [28]. One might refer to a plain picture, secret key, or cipher image for the original image, the measurement matrix, and the image measured in CS, in that order. In accordance with the CS theory, sparse signals can yield a small quantity of observation data, and by resolving an optimization issue, we can roughly reconstruct these signals.

Suppose that x$\in R^N$ is a signal and can be measured by

$$\alpha ={\mathrm{\Psi }}^{T}x$$

(4)

where $\mathrm{\Phi }$ is the sparse coefficient vector and $\mathrm{\Psi }$ is an orthonormal sparse basis. The measured values can be obtained through the projection of a coefficient series on $\mathrm{\Phi }$. After that, the following signal CS procedure can be stated:

$$Y=\mathrm{\Phi }x=\mathrm{\Phi }\mathrm{\Psi }\alpha$$

(5)

where $y\in R^M$, $\mathrm{\Phi }\in R^{M\times N}$, $\mathrm{\Theta }=\mathrm{\Phi }\mathrm{\Psi }$. Similarly, 2D or high dimension (HD) signals can be reduced to the 1D format by superimposing column vectors.

Reconstructing the original signal x from the measurements requires figuring out how to solve the following $l_0$ issue:

$$min{∥\alpha ∥}_{0}s.t.Y=\mathrm{\Theta }\alpha$$

(6)

where the $l_0$-norm of a vector is indicated by ${∥\cdot ∥}_0$. Several popular reconstruction techniques have been introduced [40,41,42].

In this work, we implement the discrete wavelet transform (DWT) to achieve sparsity in the signals. A technique for signal processing called DWT breaks a signal down into many signals with varying scales, temporal resolutions, and frequency resolutions. The next part will provide a detailed description of how the measurement matrix was constructed. Eventually, x is restored by utilizing the orthogonal matching pursuit (OMP) method.

2.3. Lorenz’s Hyper-Chaotic System

Mathematically, Lorenz’s hyper-chaotic system is defined as

$$\left\{\begin{array}{c}\dot{x}=d(y-x)+w\hfill \\ \dot{y}=fx-y-xz\hfill \\ \dot{z}=xy-ez\hfill \\ w=-yz+rw\hfill \end{array}\right.$$

(7)

where the hyper-chaotic system’s control parameters are d, e, f, and r, and $d=10$, $e=8/3$, $f=28$, $r\in (-1.52,-0.06)$. Figure 1 displays the system’s attractors. The average exponential divergence of neighboring trajectories in phase space is numerically represented by the Lyapunov exponent. This is one of the characteristics that helps distinguish chaotic motion. A chaotic system is often characterized by a positive maximum Lyapunov exponent. As a result, this hyper-chaotic system predicts events more quickly than a typical chaotic system does. Simultaneously, this feature makes the encryption system more secure.

3. The Proposed Image Encryption and Decryption Algorithm

3.1. Encryption Process

Four steps make up the majority of the suggested encryption method. The image must first be compressed and encrypted. Next, a prior image is jumbled using Lorenz’s hyper-chaotic system. The encrypted image is then encrypted using a 2D LCT. The image that was processed above is diffused the final stage. The suggested algorithm’s encryption procedure is depicted in Figure 2. Here, we take an image of size $M\times N$ as an example to discuss the four parts in detail.

3.1.1. Key Generation

The cryptosystem’s secret key structure has two parts. The first part is given by the encryption system user. Another part is obtained by SHA-256. Because SHA-256 is so dependent on the initial values of the original picture, even a small change might provide completely different secret keys. Therefore, we might use it to generate the keys for the suggested encryption technique, which can withstand attacks with carefully selected and well-known plaintext.

SHA-256 generates a 256-bit secret key as the hash value. This may be represented as and split up into 8-bit chunks: $k_1,k_2,k_3,\dots ,k_{32}$ ($k_i=\left\{k_0^i,k_1^i,k_2^i,\dots ,k_7^i\right\}$). It is simultaneously converted into 32 decimal numbers $k_1,k_2,k_3,\dots ,k_{32}$ for easier application. The following can be used to obtain the starting values.

Step 1: The parameters of Lorenz’s hyper-chaotic system are follows:

$$\left\{\begin{array}{c}{x}_{01}=mod\left(sum\left(k_1,k_2,k_3,k_4\right)/256,1\right)+x_{01}^{\prime }\hfill \\ y_{01}=mod\left(sum\left(k_5,k_6,k_7,k_8\right)/256,2\right)+y_{01}^{\prime }\hfill \\ z_{01}=mod\left(sum\left(k_9,k_{10},k_{11},k_{12}\right)/256,3\right)+z_{01}^{\prime }\hfill \\ w_{01}=mod\left(sum\left(k_{13},k_{14},k_{15},k_{16}\right)/256,4\right)+w_{01}^{\prime }\hfill \end{array}\right.$$

(8)

$$\left\{\begin{array}{c}{x}_{02}=mod\left(sum\left(k_{17},k_{18},k_{19},k_{20}\right)/256,1\right)+x_{02}^{\prime }\hfill \\ y_{02}=mod\left(sum\left(k_{21},k_{22},k_{23},k_{24}\right)/256,2\right)+y_{02}^{\prime }\hfill \\ z_{02}=mod\left(sum\left(k_{25},k_{26},k_{27},k_{28}\right)/256,3\right)+z_{02}^{\prime }\hfill \\ w_{02}=mod\left(sum\left(k_{29},k_{30},k_{31},k_{32}\right)/256,4\right)+w_{02}^{\prime }\hfill \end{array}\right.$$

(9)

where $sum$ denotes the sum of $k_1$, $k_2$, $k_3$, and $k_4$; $x_{01}$, $y_{01}$, $z_{01}$, $w_{01}$ are the starting points of permutation, and $x_{02},y_{02},z_{02},w_{02}$ are the starting points of diffusion.

Step 2: The following are the starting values that are applied to chaotic random phase masks (CRPMs):

$$x_1=mod\left(\left(\begin{array}{c}\frac{k_1\oplus \cdots \oplus k_4+k_5\oplus \cdots \oplus k_8}{256}\hfill \\ +\frac{k_9\oplus \cdots \oplus k_{12}+k_{13}\oplus \cdots \oplus k_{16}}{256}\hfill \end{array}\right),1\right)+x_1^{\prime }$$

(10)

$$x_2=mod\left(\left(\begin{array}{c}\frac{k_{17}\oplus \cdots \oplus k_{20}+k_{31}\oplus \cdots \oplus k_{24}}{256}\hfill \\ +\frac{k_{25}\oplus \cdots \oplus k_{28}+k_{29}\oplus \cdots \oplus k_{32}}{256}\hfill \end{array}\right),1\right)+x_2^{\prime }$$

(11)

where ⊕ is the bitxor operation. $x_1$ and $x_2$ are the starting values of the two CRPMs.

The starting numbers are $x_{01},y_{01},z_{01},w_{01}$, $x_{02},y_{02},z_{02},w_{02}$, $x_1$, $x_2$, which fluctuate in tandem with the original image. $x_{01}^{\prime },y_{01}^{\prime },z_{01}^{\prime },w_{01}^{\prime }$,$x_{02}^{\prime },y_{02}^{\prime },z_{02}^{\prime },w_{02}^{\prime }$, and $x_1^{\prime },x_2^{\prime }$ are supplied by the encryption system’s user to increase security even more.

3.1.2. The Compression–Encryption Steps

First, the original picture was made sparser by applying a discrete wavelet transform. Then, to balance the sparsity of each row and improve the encryption performance, the resultant image was permuted using the Arnold transform, and this was repeated 25 times with starting values of $a=15$ and $b=8$. Lastly, the encrypted image was obtained by using CS, which had the ability to both compress and encrypt images.

In CS, the measurement matrix was managed by the Mersenne Twister (MT) algorithm, which is based on a twisted generalized feedback shift register and can produce high-quality pseudo-random numbers. The random sequence was reshaped to generate a measurement matrix. This was efficient and made up for the shortcomings of traditional pseudo-random number generators. The initial conditions of MT were as follows:

$$key=round\left(\frac{{\displaystyle \sum _{x=1}^M}{\displaystyle \sum _{y=1}^N}I(x,y)}{M\times N}\right)+{key}_0$$

(12)

where the closest integer to x is indicated by $round\left(x\right)$, and ${\displaystyle \sum _{x=1}^M}{\displaystyle \sum _{y=1}^N}I(x,y)$ represents the sum of the pixel values of image I.

3.1.3. Permutation and Diffusion

To confuse and disperse pictures, Lorenz’s hyper-chaotic system generated pseudo-random sequences using the starting values generated in Equation (8). The process of permutation is given in detail:

Step 1: To create a one-dimensional vector in rows or columns, the original two-dimensional image matrix P (in this paper, expanded by row), denoted as A, is expanded.

Step 2: A pseudo-random sequence $X_i$ ($i=1,2,\cdots ,MN$) of length $M\times N$ is generated with the aid of the Lorenz system.

Step 3: Only the first pseudo-random number that appears repeatedly in X is retained, and, in order of smallest to greatest, the values in the set $\left\{1,2,\cdots ,MN\right\}$ that are absent from X are appended to the end of X.

Step 4: The positions of $A\left(X_i\right)$ and $A\left(X_{MN-i+1}\right)$ are swapped.

The diffusion algorithm in our proposed encryption based on addition and modulus operations is represented by the following equation.

$$D_i=(D_{i-1}+S_i+P_i)mod256$$

(13)

where $S_i$ is the pseudo-random sequence produced by Lorenz’s system, $D_i$ represents the cypher vectors, and $P_i$ is a vector that expands from the plaintext image. Equation (13) is expanded:

$$\begin{array}{c}\hfill D_n=(D_0+S_1+\cdots +S_n+P_1+\cdots +P_n)mod256\end{array}$$

(14)

It can be found in the Equation (14) that the information of the plaintext pixel $P_i$ can only be hidden in $D_i\sim D_N$. In order to achieve the dispersion of each plaintext pixel over the whole cipher-text picture, this approach must be run twice. The following is the diffusion process.

Step 1: Using rows or columns, a one-dimensional vector is created by expanding the two-dimensional original image matrix P, denoted as A.

Step 2: With the initial values $x_{02},y_{02},z_{02},w_{02}$ of Lorenz’s hyper-chaotic system from Equation (9) in the first part, we generate two pseudo-random sequences $S_1$ and $S_2$, which are used for forward diffusion and reverse diffusion, respectively.

Step 3: $S_1$ is used to perform forward diffusion for the image to be encrypted using Equation (13).

Step 4: $S_2$ is used to perform reverse diffusion for the image to be encrypted. Reverse diffusion is expressed as follows: $D_i=(D_{i+1}+S_i+P_i)mod256$.

3.1.4. CRPMs and 2D LCT Encryption

The four phases involved in the encryption process utilizing the 2D LCT and CRPMs are as follows:

Step 1: $R_1(m,n)$ is the first chaotic random phase mask generated with Equation (10) using the logistic map with the starting value $x_1$.

Step 2: To obtain the image $I^{\prime }(m,n)$, the previously encrypted complex image $I(m,n)$ is modulated with the first random phase mask $R_1(m,n)$ and encrypted using the 2D LCT.

Step 3: The logistic map with an initial value of $m_2$ produced with Equation (11) is used to generate the second chaotic random phase mask $R_2(m,n)$.

Step 4: After modulating $R_2(m,n)$, the inverse 2D LCT (I–LCT) operation on $I^{″}(m,n)$ yields a white-noise-like image $I^{\prime }(m,n)$.

The encryption process using the 2D LCT and CRPMs can be simplified as follows:

$$\begin{array}{c}{I}^{″}(m,n)=\mathrm{I}-\mathrm{L}\mathrm{C}\mathrm{T}\left\{\right\{\mathrm{L}\mathrm{C}\mathrm{T}[I(m,n)\left.\left.·exp\left[\mathrm{i}2\pi R_1(m,n)\right]\right]\right\}·exp\left[\mathrm{i}2\pi R_2(m,n)\right\}\hfill \end{array}$$

(15)

Figure 2 provides an illustration of the decryption procedure. It is evident that the decryption process is the opposite of the encryption technique described above.

4. Simulation Results and Security Analysis

4.1. Results of Encryption and Decryption

To test the suggested encryption scheme, four grayscale pictures of $512\times 512$ pixels each—“Boat,” “Zelda,” “Gold hill,” and “Einstein”—were chosen. The following are the parameters that we utilized in the simulation: $ke{y}_0=10$, $a=15$, $b=8$, $x_{01}^{\prime }=0.1$, $y_{01}^{\prime }=1.2$, $z_{01}^{\prime }=2.3$, $w_{01}^{\prime }=3.4$, $x_{02}^{\prime }=1.1$, $y_{02}^{\prime }=2.2$, $z_{02}^{\prime }=3.3$, $w_{02}^{\prime }=4.4$, $a_1=0.5$, $b_1=1$, $c_1=1$, $a_2=0.5$, $b_2=2$, $c_2=1.5$, $x_1^{\prime }=0.23$, and $x_2^{\prime }=0.72$. Figure 3 presents the validation results for the encryption and decryption algorithms at CR = 0.5. The encrypted images are, as we can see, smaller than those with plaintext. This denotes a compression of the original image. In this case, the encrypted images were half the size of the original images, which allowed the encryption effect to be accomplished, in addition to lowering the quantity of data transmitted throughout the process. Furthermore, the encrypted images had a noise-like quality, indicating that the encryption technique effectively concealed the original images’ content. The decoded images were about the same as the plaintext images. In order to conduct a quantitative assessment of the quality of the reconstructed picture, the peak signal-to-noise ratio (PSNR) was introduced:

$$\begin{array}{c}\hfill \mathrm{PSNR}=10{log}_{10}\frac{{255}^2}{\frac{1}{MN}{\displaystyle \sum _{j=1}^M}{\displaystyle \sum _{k=1}^N}{[I^{\prime }(j,k)-I(j,k)]}^2}\end{array}$$

(16)

where the pixel values of the restored picture $I^{\prime }$ and the original image I are denoted by $I^{\prime }(j,k)$ and $I(j,k)$, respectively. The four reconstructed pictures had PSNRs of 32.1021 dB, 34.0968 dB, 31.8867 dB, and 33.5572 dB. This demonstrated the algorithm’s strong decryption performance and great accuracy in image reconstruction.

The compression ratio (CR) is defined by

$$\begin{array}{c}\hfill \mathrm{CR}=\frac{I^{\prime }\_h\times I^{\prime }\_w}{I\_h\times I\_w}\end{array}$$

(17)

where $I^{\prime }\_h$, $I\_h$ and $I^{\prime }\_w$, $I\_w$ indicate the height and width of the image, respectively. The encrypted and decrypted results for Zelda with various CRs are listed in Figure 4. Figure 4 illustrates that, despite the modest CR, the reconstructed images exhibited remarkable similarity to the original images. When CR = 0.2, the cypher image’s PSNR was 30.9034 dB.

Table 1. PSNRs ($256\times 256$) for Lena with various CRs.

CR	Ref. [43]	Ref. [32]	Ref. [26]	Ours
0.25	22.62	26.06	26.52	24.76
0.5	26.87	29.82	29.23	33.10
0.75	30.82	29.56	29.22	33.44

displays the PSNRs for Lena for comparison with those of other techniques [26,32,43]. It is evident that the suggested method’s reconstruction outperformed that of other approaches when the CR was higher than 0.5. Moreover, at CR = 0.4, the decrypted image’s PSNR might have been higher than 30 dB. Optimizing sparsity prior to compression could enhance the effect of reconstruction. In summary, our method was able to produce better results with a smaller sample size of data.

We tested the complexity of encryption and decryption algorithms when CR = 0.5, and the results are shown in

Table 2. The encryption and decryption times for different images at CR $=0.5$ (unit: seconds).

Image	Encryption Time	Decryption Time
Boat	0.2301	8.7842
Zelda	0.2057	9.8499
Gold hill	0.2257	7.8853
Einstein	0.2156	8.7155

. As can be seen from the results, the encryption time is very short, and the decryption time takes a few seconds. This is because the measurement matrix is easily generated during the encryption process, and during the decryption process, we used the OMP algorithm to iteratively solve it.

The mean square error (MSE) below the division sign of Equation (16) can be used to reflect the difference between the two images before and after encryption. The greater the MSE, the greater the difference between the two images. We calculated the MSE of the four images before and after encryption and summarized them in

Table 3. MSE between plaintext images and cipher-text images at CR $=0.5$.

Image	MSE
Boat	48,196.2
Zelda	43,602.8
Gold hill	47,532.0
Einstein	45,190.7

. In combination with Figure 3, the difference between the images before and after encryption is huge, indicating that our algorithm can hide image information well.

4.2. Security Evaluation

We assessed the encryption system’s effectiveness from many angles based on the image properties in order to confirm the security of the suggested encryption system.

4.2.1. Analysis of Key Spaces

The key space is a crucial metric for assessing a cryptosystem’s quality. Furthermore, it needs to be large enough to withstand brute-force attacks [44]. The suggested algorithm’s secret key, which was mostly generated via SHA-265 of the plaintext image, is explained in Section 3.1.1. The encryption method involved 19 parameters and initial keys, which were $ke{y}_0$ for the measurement matrix and $a,b$ for the Arnold map in CS, $x_{01}^{\prime },y_{01}^{\prime },z_{01}^{\prime },w_{01}^{\prime }$ and $x_{02}^{\prime },y_{02}^{\prime },z_{02}^{\prime },w_{02}^{\prime }$ for Lorenz’s hyper-chaotic system in confusion and diffusion, $a_1,b_1,c_1,a_2,b_2,c_2$ for the 2D LCT, and $x_1^{\prime },x_2^{\prime }$ for CRPM. We used the 2D LCT and Arnold map parameters as the public key. Presuming that the precision of the computer was ${10}^{-14}$, the key space was large compared to $2^{100}$, as it was about ${\left({10}^{14}\right)}^{11}={10}^{154}\approx 2^{511}$. As a result, the suggested method was immune to all types of brute-force assaults. Furthermore, a comparison is made between the key spaces of four encryption techniques [26,32,45].

Table 4. Comparison of several approaches’ key spaces.

Algorithms	Ref. [26]	Ref. [32]	Ref. [45]	Ours
Key Space	$2^{299}$	$2^{232}$	${10}^{102}$	$2^{511}$

illustrates that our scheme had the greatest key space.

4.2.2. Histogram Analysis

A histogram provides statistical information in addition to displaying the distribution of pixels in an image. The even and smooth distribution of a cipher-text histogram can prevent attackers from breaking the image with statistical pixel value analysis. The histograms of the four images—“Boat”, “Zelda”, “Gold hill”, and “Einstein”—at CR = 0.75, each with $512\times 512$ pixels, are provided in Figure 5. As can be seen in Figure 5a–d, the histograms were often unevenly distributed and carried certain features of plaintext images. Figure 5e–h shows that the probability of pixels in the cipher-text image appearing in any value in the range of 0–255 was basically the same, and the height was approximately a straight line. After decrypting the cipher-text image with a decryption algorithm, the calculated histogram was similar to that of the plaintext image, indicating that our image decryption method recoverde the image information well.

More precisely, the distance of the histogram represents the similarity between a plaintext image and an encrypted image. For grayscale images, this is defined as the sum of the minimum heights of any pixel of the two histograms from 0 to 255, divided by the sum of the heights of all pixels of one of the histograms. The distance of the histogram is between 0 and 1, and the closer to 1, the more similar the two are. We calculated the histogram distance in the four selected graphs, and the results are shown in

Table 5. The histogram distance between a plaintext image and a decrypted image.

Image	Ref. [30]	Ours
Boat	0.9520	0.9522
Zelda	-	0.9586
Gold hill	0.9634	0.9625
Einstein	0.9578	0.9552

and compared with those in the relevant literature. Although our algorithm was slightly worse than that in Ref. [26], the distance value was able to reach more than 0.9, indicating that our algorithm could also recover the original image well. In addition, according to Figure 5, our algorithm was able to resist statistical attacks well.

4.2.3. Analysis of Correlation Coefficients

Plaintext images can be attacked because of the significant correlations between their neighboring pixels. A strong method for image encryption can completely destroy the correlations. The measurement of correlation coefficients between plaintext and cipher-text images is a commonly used method for the qualitative assessment of encryption algorithms. This can be defined as [34]

$$\begin{array}{c}\hfill r_{ij}=\frac{cov(i,j)}{\sqrt{D\left(i\right)D\left(j\right)}}\end{array}$$

(18)

$$\begin{array}{c}\hfill cov(i,j)=E[i-E(i\left)\right][j-E(j\left)\right]\end{array}$$

(19)

where the standard variances of the values are represented by $D(·)$, and the average values of the image pixels are indicated by $E(·)$. There are 0 to 1 correlation coefficients. The link is greater the closer it gets to 1.

In this study, we computed the correlations from three directions at random locations.

Table 6. Correlation between neighboring pixels in various images.

Images	Horizontal	Vertical	Diagonal
Boat	0.9383	0.9729	0.9250
	0.0175	−0.0022	−0.0089
Zelda	0.9829	0.9917	0.9783
	−0.0061	0.01533	0.0035
Einstein	0.9750	0.9801	0.9588
	0.0142	0.0182	−0.005
Peppers	0.9803	0.9811	0.9699
	−0.0101	0.0011	−0.0094
Man	0.9631	0.9700	0.9453
	0.0094	0.0103	−0.0037
Gold hill	0.9718	0.9729	0.9525
	0.0056	−0.0093	−0.0282
Couple	0.9480	0.9511	0.9124
	−0.0027	0.0081	0.0097

and Figure 6 present the correlation coefficient performance on several images that were encrypted using the suggested approach. The plaintext images’ pixel coordinates were clearly clustered close to the diagonal, indicating a strong correlation coefficient. Nevertheless, the cipher-text images’ pixel locations filled the whole coordinate space, and the correlation coefficient dropped to almost zero. Additionally, using various encryption techniques,

Table 7. Correlation between neighboring Lena pixels using several techniques.

Direction	Horizontal	Vertical	Diagonal
Lena ($256\times 256$)	0.9706	0.9853	0.9588
Ref. [34]	0.0846	0.0583	0.0931
Ref. [43]	0.0198	0.0141	0.0026
Ref. [31]	0.0104	0.0299	0.0062
Ours	0.0071	0.0121	−0.0073

contrasts Lena’s correlation coefficients with $256\times 256$ pixels [31,34,43]. In the cipher-text images, there was essentially no connection between neighboring pixels, suggesting that the suggested approach may entirely eliminate pixel correlation and fend off statistical assaults.

4.2.4. Analysis of Information Entropy

An image I’s information entropy is described as [46]

$$\begin{array}{c}\hfill H\left(I\right)=-\sum _{i=0}^{2^k-1}P\left(I_{(x,y)=i}\right){log}_{2}P\left(I_{(x,y)=i}\right)\end{array}$$

(20)

where $P(·)$ represents an element’s chance of occurring. The information entropies of several images are shown in

Table 8. Entropy of information for several images.

Image	Entropy
	Plaintext	Ciphertext
Boat	7.1914	7.9971
Zelda	7.2668	7.9973
Einstein	6.8667	7.9974
Peppers	7.5936	7.9968
Man	7.1926	7.9972
Gold hill	7.4778	7.9971
Couple	7.0581	7.9973

. The entropy in the encrypted Lena image was compared with those in Refs. [25,26,47], as displayed in

Table 9. Comparison the information entropy.

Methods	Ref. [26]	Ref. [25]	Ref. [47]	Ours
Cipher	7.9935	7.9972	7.9973	7.9974

. It appears that the entropy values for several hidden images were around 8. From this, we may infer that the encrypted image data had a high degree of unpredictability and that the suggested approach could fend off statistical assaults.

4.2.5. Analysis of Cropping Attacks

During the image transfer procedure, data loss frequently occurs. A restored image can be significantly impacted by the loss of encrypted image data. Cropping attacks should be thwarted by a strong cryptosystem. Figure 7 displays a cypher image cropped at various sizes and places, whereas Figure 7 illustrates the matching reconstructed images. We conclude that while cropping affects the restoration of an image, the original image may still be recognized. Additionally, the quality of the recovered image deteriorates as the cropping area increases. As a result, our technique is resistant to a variety of cropping assaults.

4.2.6. Crucial Sensitivity Testing

A safe cryptosystem is extremely sensitive to private keys. Changes in the cypher image and recovered image can be significant even with a small modification in the secret key. To subjectively assess the decryption process’s key sensitivity, we changed each of $x_{01}^{\prime }{,\mathrm{y}}_{01}^{\prime }$ for permutation, $x_{02}^{\prime }{,\mathrm{y}}_{02}^{\prime }$ for diffusion, $x_0^{\prime }$ for CRPM, and $a_1$ for the 2D LCT by adding ${10}^{-14}$. Figure 8 displays the findings on key sensitivity during the decryption procedure. As Figure 8 illustrates, minor changes in the keys would not allow the original image to be accurately reconstructed, and we did not get any original information from the plaintext images.

Furthermore, the difference between two images is frequently measured by using the unified average change intensity (UACI) and number of pixels changed (NPCR). The following are the definitions of the NPCR and UACI between two distinct images [48]:

$$\begin{array}{c}\hfill D(m,n)=\left\{\begin{array}{c}0,L_1(m,n)=L_2(m,n)\hfill \\ 1,L_1(m,n)\ne L_2(m,n)\hfill \end{array}\right.\end{array}$$

(21)

$$\begin{array}{c}\hfill \mathrm{NPCR}=\frac{1}{M\times N}\sum _{m=1}^M\sum _{n=1}^{N}P(m,n)\times 100\end{array}$$

(22)

$$\begin{array}{c}\hfill \mathrm{UACI}=\frac{1}{MN}\sum _{m=1}^M\sum _{n=1}^N\frac{L_1(m,n)-L_2(m,n)}{2^b-1}\times 100\end{array}$$

(23)

One pixel each of the two images is represented by $L_1(m,n)$ and $L_2(m,n)$. We used the key change method proposed above to calculate NPCR and UACI in the encryption process. For the encryption process, two cipher images were obtained by changing $x_{01}^{\prime }$, $y_{02}^{\prime }$, and $x_0^{\prime }$ by adding ${10}^{-14}$. The NPCR and UACI of the images during the encryption process are displayed in

Table 10. The NPCRs and UACIs between cipher images created with slightly different keys.

Images		Zelda	Einstein	Boat	Ideal
$x_{01}^{\prime }+{10}^{-14}$	NPCR	99.5995	99.6323	99.5842	99.6094
	UACI	33.5848	33.4644	33.5536	33.4635
$y_{02}^{\prime }+{10}^{-14}$	NPCR	99.6117	99.6307	99.6155	99.6094
	UACI	33.4146	33.5056	33.3489	33.4635
$x_0^{\prime }+{10}^{-14}$	NPCR	99.5544	99.6002	99.5979	99.6094
	UACI	33.4352	33.4323	33.4231	33.4635

. The ideal values of the NPCR and UACI were NPCR = 99.6094% and UACI = 33.4635%. It was evident that the NPCR and UACI values closely resembled their theoretical counterparts. In conclusion, Table 10 and Figure 8 demonstrate that the suggested method had significant key sensitivity and can resist known cipher-text attacks.

4.2.7. Analysis of Differential Attacks

Creating a connection between a plaintext picture and its matching cipher-text image is the fundamental idea behind a differential attack. The sensitivity of a plaintext images determines whether or not the method can withstand differential assaults. Similarly, we encrypted a plaintext image by slightly changing the value of one of the pixels and using the same encryption process. The values of NRCR and UACI of the images before and after the change were calculated, and the results are shown in

Table 11. The UACIs and NPCRs of various encrypted images.

Images	NPCR	UACI
Ideal	99.6094	33.4635
Zelda	99.6071	33.3957
Einstein	99.5941	33.7801
Boat	99.6300	33.8602
Couple	99.6506	33.9060
Crowded	99.5529	33.0163
Goldhill	99.6452	33.7717
Flinstones	99.6132	33.6949
Bridge	99.5651	32.9519

. It can be seen that the NRCR and UACI values of the proposed algorithm were still close to the theoretical values with different images. This was because in this work, we used highly sensitive SHA-256 and hyper-chaotic systems to generate a series of parameters. The data compression capabilities in CS and the multi-parameter properties of the 2D LCT were able to improve the effectiveness of the algorithm against differential attacks.

5. Conclusions

In this study, we illustrated a novel approach to image encryption in 2D LCT domains by utilizing CS, Lorenz’s hyper-chaotic system, and chaotic random phase encoding. SHA-256 helps strengthen defenses against specific plaintext attacks. The measurement matrix in CS is connected to the total of an image’s pixels, which may further increase the sensitivity to plaintext. CS can also efficiently minimize the size of encrypted images. Two positive Lyapunov exponents and a vast parameter space characterize Lorenz’s hyper-chaotic system. It is, therefore, ideal for applications involving image encryption. Additionally, the image is re-encrypted using the 2D LCT based on chaotic random phase masks. The suggested approach has a wide key space and high key sensitivity, and it is especially sensitive to plaintext, according to the simulation findings and security assessments. As such, it is resistant to well-known attacks, such as chosen-plaintext, known-plaintext, and brute-force attacks.