A Color Image Encryption Algorithm Based on Hash Table, Hilbert Curve and Hyper-Chaotic Synchronization

Abstract

Chaotic systems, especially hyper-chaotic systems are suitable for digital image encryption because of their complex properties such as pseudo randomness and extreme sensitivity. This paper proposes a new color image encryption algorithm based on a hyper-chaotic system constructed by a tri-valued memristor. The encryption process is based on the structure of permutation-diffusion, and the transmission of key information is realized through hyper-chaotic synchronization technology. In this design, the hash value of the plaintext image is used to generate the initial key the permutation sequence with the Hash table structure based on the hyper-chaotic sequence is used to implement pixel-level and bit-level permutation operations. Hilbert curves combining with the ciphertext feedback mechanism are applied to complete the diffusion operation. A series of experimental analyses have been applied to measure the novel algorithm, and the results show that the scheme has excellent encryption performance and can resist a variety of attacks. This method can be applied in secure image communication fields.

1. Introduction

In recent years, the efficiency of information exchange has been greatly improved with the development of mobile Internet and 5G technology, and at the same time, information security is facing great challenges. Digital images are widely used on the Internet because they are easy to store and can express information vividly. Therefore, the encryption processing and secure communication of images have attracted the attention and research of scholars [1,2,3]. Traditional text encryption algorithms such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES) have sufficient security [4,5]. However, due to the large amount of data in digital images, high pixel redundancy, and high correlation between adjacent pixels, the above algorithms perform poorly in image encryption efficiency.

Chaotic systems are extremely sensitive to initial values and parameters, and generate chaotic sequences with aperiodic and pseudo-random characteristics, and it is widely used in image encryption algorithm and pseudo-random number generator design. Li et al. used the sequence obtained from the one-dimensional Tent chaotic map to design the image encryption algorithm, but the complexity of the low-dimensional chaotic system was insufficient, resulting in low security of the encryption algorithm [6]. With the development of chaos theory, the application of high-dimensional hyper-chaotic systems in image encryption has gradually gained attention. Sun et al. used a five-dimensional hyper-chaotic system to generate a set of key streams, and combined the pixel-level and bit-level two levels in the permutation operation [7]. This kind of permutation algorithm not only changes the pixel position, but also changes the statistical characteristics of the histogram. Zhu et al. proposed a new five-dimensional hyper-chaotic system based on Logistic map and Lorenz map to design image encryption algorithms. The algorithm divides the plaintext image into equal blocks for diffusion operation, and each block affects each other, which enhances the connection between the algorithm and the plaintext [8]. Li et al. connected different chaotic maps in parallel to generate pseudo-random sequences for image encryption more efficiently [9]. El-Khamy et al. used Chen’s hyper-chaotic system for image diffusion operations, and used logistic map combined with DNA coding rules for permutation operations. The comparison with similar algorithms shows that this algorithm has a better encryption effect [10]. Wen et al. proposed an image cryptosystem adopting a quantum chaotic map and the certain security-enhanced mechanisms, and verified their performance [11].

Chaotic encryption algorithm has made many breakthroughs in theory, and researchers found that the level of the randomness of chaotic sequences directly affect the encryption effect of the algorithm. As novel circuit elements, memristive elements perform excellent nonlinear characteristics, and have been introduced to the chaotic circuits design. In [12], a nonlinear oscillating circuit with coexisting attractors is researched based on the nonvolatile memcapacitor and meminductor models. In [13], a novel memristor based hyperchaotic system with controlled hidden attractors is studied and discussed. In [14,15], methods for designing N scroll and multi-structure chaotic attractors based on memristive Hopfield neural network are proposed. Especially, in [16,17], the memristor based hyperchaotic circuits and neural network are applied to medical image encryptions. Because the tri-valued or multi-valued memristors have higher nonlinearity, systems based on them are easily to generate sequences with higher randomness, which is beneficial to improve the security of chaotic encryption algorithms. In 2020, Wang’s team realized the first tri-valued memristor based chaotic system [18]. In 2022, a tri-valued memristor based hyperchaotic system with hidden and coexistent attractors is further studied, and the analysis results verify that the introduction of tri-valued memristor can greatly enhance the complexity of existing chaotic system [19]. Based on these fruits, this paper presents a novel encryption algorithm by combining hash table and Hilbert curve with hyper-chaotic synchronization technique. Simulation results and characteristics comparison experiments verified the proposed algorithm has both high security and efficiency.

This paper is organized as follows. Section 2 introduces the preliminary work of designing encryption algorithm, including the discretization of hyper-chaotic system, chaotic synchronization, Hash table and Hilbert curve. Section 3 gives a specific introduction to the image encryption algorithm. Section 4 carried out a series of simulation experiments and security analysis on the encryption algorithm. Finally, Section 5 gives the conclusions about this paper.

2. Preliminaries

2.1. Tri-Valued Memristor-Based Hyper-Chaotic System and Its Discretization

2.1.1. Memristor-Based Hyper-Chaotic System

A tri-valued memristor based hyper-chaotic system is proposed in [19], which has been verified with good potential applications in the field of cryptography. The expression of such a memristor-based hyper-chaotic system is following:

$$\{\begin{array}{l}\dot{x}=a\left(y-x\right)\\ \dot{y}=cy-xz\\ \dot{z}=xy-bz-dG(w)\\ \dot{w}=z\end{array},$$

(1)

where x, y, z and w are system state variables, and a, b, c and d are system parameters. G(w) is the memductance of the tri-valued memristor shown in (2), and w is the dimensionless mathematical representation of the flux φ.

$$G\left(\phi \right)=a_0+b_0\mathrm{sgn}\left(\phi +c_0\right)-d_0\mathrm{sgn}\left(\phi -c_0\right),$$

(2)

where a₀, b₀, c₀ and d₀ are are the parameters of the tri-memristor, and sgn(·) represents the sign function. Setting the parameters a = 12, b = −1, c = −1.2, d = 50, a₀ = 2.5, b₀ = 4, c₀ = 1 and d₀ = 2.5, and the system initial values [x₀, y₀, z₀, w₀] = [0.1, 0.1, 0.1, 0.1], the Lyapunov exponents are calculated and verified as LE₁ = 2.4566, LE₂ = 0.3086, LE₃ = −0.0064 ≈ 0 and LE₄ = −14.9588.

2.1.2. Discretization of the System

To implement the above system on the digital software platform, the system need to be discretized. There are two main algorithms for discretization of chaotic systems, the Euler algorithm and Runge-Kutta algorithm. The Euler algorithm uses less resources and operates faster, which is easy to implement on a digital software platform. Therefore, we use Euler algorithm to discretize the system. The Euler algorithm is implemented according to the definition of the derivative. When Δt→0 or takes a smaller value, the definition of the derivative can be approximately described as:

$$\frac{dx(t)}{dt}=\underset{\mathsf{\Delta }t\to 0}{\lim }\frac{x(t_n+\mathsf{\Delta }t)-x(t_n)}{\mathsf{\Delta }t}\triangleq \underset{\mathsf{\Delta }t\to 0}{\lim }\frac{x_{n+1}-x_n}{\mathsf{\Delta }t}\approx \frac{x(n+1)-x(n)}{\mathsf{\Delta }t}.$$

(3)

Introducing (3) into (1), we can get

$$\{\begin{array}{l}\frac{x(n+1)-x(n)}{\mathsf{\Delta }t}=a(y(n)-x(n))\\ \frac{y(n+1)-y(n)}{\mathsf{\Delta }t}=cy(n)-x(n)z(n)\\ \frac{z(n+1)-z(n)}{\mathsf{\Delta }t}=x(n)y(n)-bz(n)-dG(w)\\ \frac{w(n+1)-w(n)}{\mathsf{\Delta }t}=z(n)\end{array}.$$

(4)

Rewriting (4) as a difference equation, the discretized system expression is shown in (5).

$$\{\begin{array}{l}x(n+1)=x(n)+[a(y(n)-x(n))]\mathsf{\Delta }t\\ y(n+1)=y(n)+[cy(n)-x(n)z(n)]\mathsf{\Delta }t\\ z(n+1)=z(n)+[x(n)y(n)-bz(n)-dG(w)]\mathsf{\Delta }t\\ w(n+1)=w(n)+z(n)\mathsf{\Delta }t\end{array},$$

(5)

where ∆t = 0.001, indicating the sampling interval. Setting the parameters a = 12, b = −1, c = −1.2, d = 50, a₀ = 2.5, b₀ = 4, c₀ = 1 and d₀ = 2.5, and the initial values [x₀, y₀, z₀, w₀] = [0.1, 0.1, 0.1, 0.1], the phase diagram of the discretized system is obtained as shown in Figure 1. It can be seen that the discretized system retains the dynamic characteristics of the continuous system relatively completely. Therefore, the Euler algorithm can accurately realize the discretization of the hyper-chaotic system.

2.2. Hyper-Chaotic Synchronization

In the field of information encryption, the required key stream can be obtained at the decryption end through the chaotic synchronization technology, which reduces the transmission risk of the key in the channel.

Chaotic synchronization includes complete synchronization and generalized synchronization. The complete synchronization means that the driving system and the response system are consistent in the variable trajectory, and the error is 0, while the generalized synchronization means that the relationship between the variables is a function, as shown in (6).

$$\underset{t\to \infty }{\lim }\left|x_1(t)-h(x_2(t))\right|=0,$$

(6)

where x₁(t) is the driving system variable, x₂(t) is the response system variable, and h(x) represents the potential functional relationship. When h(x) = x, it is complete synchronization, so generalized synchronization includes complete synchronization.

According to the above theory, this section uses the variable feedback method to synchronize the hyper-chaotic system to realize the key transmission between the encryption end and the decryption end [20]. The specific implementation method is following:

The expression of the drive system is given by

$$\{\begin{array}{l}{x}_1(n+1)=x_1(n)+\left[a(y_1(n)-x_1(n))\right]\mathsf{\Delta }t\\ y_1(n+1)=y_1(n)+\left[c{y}_1(n)-x_1(n)z_1(n)\right]\mathsf{\Delta }t\\ z_1(n+1)=z_1(n)+\left[x_1(n)y_1(n)-b{z}_1(n)-d{G}_1(w_1)\right]\mathsf{\Delta }t\\ w_1(n+1)=w_1(n)+z_1(n)\mathsf{\Delta }t\end{array}.$$

(7)

Secondly, the feedback term is introduced, and the controlled response system is obtained as shown in (8).

$$\{\begin{array}{l}{x}_2(n+1)=x_2(n)+\left[a(y_2(n)-x_2(n))+k_1(x_2(n)-x_1(n))\right]\mathsf{\Delta }t\\ y_2(n+1)=y_2(n)+\left[c{y}_2(n)-x_2(n)z_2(n)+k_2(y_2(n)-y_1(n))\right]\mathsf{\Delta }t\\ z_2(n+1)=z_2(n)+\left[x_2(n)y_2(n)-b{z}_2(n)-dG(w_1)+k_3(z_2(n)-z_1(n))\right]\mathsf{\Delta }t\\ w_2(n+1)=w_2(n)+[z_2(n)+k_4(w_2(n)-w_1(n))]\mathsf{\Delta }t\end{array},$$

(8)

where k₁, k₂, k₃ and k₄ are variable feedback gains.

Setting the system errors as e_x(n) = x₁(n) − x₂(n), e_y(n) = y₁(n) − y₂(n), e_z(n) = z₁(n) − z₂(n) and e_w(n) = w₁(n) − w₂(n), while setting the initial value of the drive system and response system to be [0.1, 0.1, 0.1, 0.1] and [1.2, 3.2, 7.2, 4.5] respectively. If k₁ = 0, k₂ = −30, k₃ = 0, and k₄ = 0, then the system error obtained by numerical simulation is shown in Figure 2.

It can be seen that the variable errors e_x, e_y and e_z all reach 0 in the simulation process, while e_w becomes a non-zero constant, indicating that generalized synchronization has occurred, which can be applied to the study of image encryption.

2.3. Hash Table Structure

Hash table represents a data structure mainly used to access data efficiently [21]. Its structure contains three components, namely the keyword K, hash function f and storage slot m, as shown in Figure 3, where a₁, a₂, …, a_n are the values of K, and 1, 2, …, n are the storage indexes of m. The specific operation process is that for any given keyword K, the function f(K) can be obtained and then the index value of K in m will be get, and finally K will be stored in the corresponding index position.

If the hash function is ideal, it can output different indices n corresponding to different keywords K. However, in practice, there may be multiple K corresponding to one index, which will result in data confusion. This phenomenon is called as the hash conflict, needing to be considered and solved.

Common conflict resolution methods include open hashing and closed hashing. Open hashing means storing the conflicting K values outside m, and closed hashing means storing the conflicting K values in other free locations in m. This section use closed hashing to resolve hash conflicts according to the characteristics of hyper-chaotic sequences. Specifically, the repeated items in the sequence are processed, and free positions are obtained to store new index values, and then an index sequence without repeated values is constructed for the image encryption algorithm.

As shown in Figure 4, x_S is an integer sequence of length 15, and the goal is to put all these integers in 15 positions without duplicates. Firstly, finding the repeated values in x_S and setting it as −1 to indicate free positions, as shown in Figure 4b. Secondly, creating a sequence N_S of the same size as x_S. If the index value i of N_S appears in the x_S, then fill in the number 1 in the corresponding position of N_S, otherwise fill in 0, as shown in Figure 4c. Finally, find the missing index value in x_S and fill in the sequence p, and then use Algorithm 1 to fill p into x_S, an index sequence x_H without repeated values is obtained, as shown in Figure 4d, and the pseudo-code of Algorithm 1 is shown in Algorithm 1.

Algorithm 1: Fill missing index values into sequence $x_{\mathrm{S}}^{’}$

Input:$x_{\mathrm{S}}^{’}$, p

Output: xH

Set xH =$x_{\mathrm{S}}^{ ’}$;

Set Lx = length($x_{\mathrm{S}}^{’}$) and Lp = length(p);

Set i = 1, j = 0, and s = 0;

for i = 1 to Lx do

if$x_{\mathrm{S}}^{’}$[i] = −1 then

s = mod(xH[i − 1], Lp − j) + 1;

xH[i] = p[s];

p[s] = p[Lp − j];

j = j + 1;

end if

end for

It is worth pointing out that in Figure 4d, if the traditional sequential filling method is used, the index values 8, 9 and 10 will be adjacent, thus reducing the randomness of the sequence x_H [21]. However, in Algorithm 1, the filling order of p to x_H is determined by x_S and p, and there is no fixed rule, which improves the randomness of the index sequence x_H and is more suitable for image encryption algorithms.

2.4. Hilbert Curve

Hilbert curve is a kind of curve that traverses all points in a square grid without interruption, it can be obtained by dividing and connecting the squares, as shown in Figure 5. By analogy, the nth division will obtain 4ⁿ small squares, which can be connected to form an nth-order Hilbert curve.

The position and direction of the starting point of a Hilbert curve determines the traversal order of the curve in space. Therefore, combining the position and direction of the starting point, we will get eight kinds of initial 1-order Hilbert curves, as shown in Figure 6.

Taking the initial curves (1) and (5) in Figure 6 as an example, and using the Hilbert curve generation algorithm based on matrix operations [22], two 5th-order Hilbert curves (32 × 32) are obtained in Figure 7. It can be seen that the traversal modes of higher-order curves obtained from different initial curves are quite different. Therefore, eight 1st-order curves can provide eight different data processing schemes during image encryption.

3. Image Encryption Algorithm

3.1. Key Sequence

In order to better resist the chosen plaintext attack, this section uses the SHA-512 algorithm to obtain the hash value of the plaintext image to scramble the initial value. The hash value contains 512 bits, dividing into 64 integers, each integer containing 8 bits, and it is given in the form of a matrix described as:

$$H=\left[\begin{array}{cccc}{h}_1& h_2& h_3& h_4\\ h_5& h_6& h_7& h_8\\ ..& ..& ..& ..\\ h_{61}& h_{62}& h_{63}& h_{64}\end{array}\right].$$

(9)

Matrix H is further processed to obtain [k₁, k₂, k₃, k₄] for (8). Specifically, take the first row of the matrix [h₁, h₂, h₃, h₄]. If the first element of the next line is an even number, perform the exclusive OR (XOR) operation with its corresponding element; if the first element of the next line is an odd number, first flip the next line left and right, and then perform the XOR operation with the corresponding element. Its formula description is shown in (10).

$$[k_1,k_2,k_3,k_4]=\{\begin{array}{cc}{l}_i\oplus l_{i+1}& \mathrm{mod}(a_i,2)=0\\ l_i\oplus (l_{i+1})’& \mathrm{mod}(a_i,2)\ne 0\end{array},$$

(10)

where, l_i is the ith row, l_i′ is obtained by flipping the ith row left and right, a_i is the first element of the ith row.

Then substituting [k₁, k₂, k₃, k₄] into (11) to get the initial values [x₀, y₀, z₀, w₀] of the discrete hyper-chaotic system.

$$\{\begin{array}{c}{x}_0=0.1+k_1/255\\ y_0=0.1+k_2/255\\ z_0=0.1+k_3/255\\ w_0=0.1+k_4/255\end{array}$$

(11)

The iteration number of the discrete system is set to M × N × O + L, and the hyper-chaotic sequence [X, Y, Z, W] is obtained. Among them, M is the number of rows of pixels, N is the number of columns of pixels, O is the number of channels of pixels, and ‘×’ presents multiplication operation. Selecting M, N, and O makes the length of the hyper-chaotic sequence match the scale of the image data, which can improve the encryption efficiency. In addition, according to the analysis above, it takes a time for the hyper-chaotic system to reach the synchronous state, so the number before reaching the synchronous state needs to be discarded. L = 60,000 represents the iteration number to be discarded.

Finally, (12) is used to preprocess the hyper-chaotic sequence. Taking X and Z as an example, the key sequences S_r, S_c and S_z are obtained.

$$\{\begin{array}{l}{S}_r=\mathrm{mod}(floor(X\times {10}^{15}),N)+1\\ S_c=\mathrm{mod}(floor(X\times {10}^{14}),M)+1\\ S_z=\mathrm{mod}(floor(Z\times {10}^{15}),256)\end{array},$$

(12)

where, floor(·) indicates the floor function, S_r is used for the permutation operation of the row pixels, S_c is used for the permutation operation of the column pixels, and S_z will be used for the diffusion operation of the pixels.

3.2. Permutation

This subsection uses the index sequence of the Hash table to perform pixel-level permutation of the image, and combines bit-level permutation to achieve a double permutation effect. Since row operations are similar to column operations, we will take row operations as an example for detailed description.

The pixel-level permutation process is described as follows:

Step 1: According to the scale of the image data, the key sequence S_r in (12) is processed into blocks S_r = {S_r¹, S_r², S_r³, …, S_r^M×O}, corresponding to the permutation operation of each row.

Step 2: Use the Hash table structure to process the segmented key sequence to obtain an index sequence x_r = {x_r¹, x_r², x_r³, …, x_r^M×O} without repeated values.

Step 3: The pixel-level permutation is performed on each row of pixels using the index sequence x_r, as shown in (13).

$$\{\begin{array}{l}x’=x_r{}^j(i)\\ A^j(x’)=P^j(i)\end{array},$$

(13)

where, j = 1, 2, 3, …, M × N × O, represents the jth row sequence, i = 1, 2, 3, …, N, represents the ith element of the sequence. x’ is the new index value, P is the row pixel of the plaintext image, and A is the new row pixel.

After the pixel-level permutation of each row is completed, the bit-level permutation of the row is carried out immediately. The bit-level permutation process is following:

For the first row pixels, the process is described as:

$$\{\begin{array}{l}t=\mathrm{mod}(x_r{}^1(1),8)\\ B^1=\mathrm{circshift}(A^1,t)\end{array}.$$

(14)

Step 1: Take out the first index value x_r¹(1) corresponding to the row, and perform modulo operation on 8 to obtain the number of bits in the cyclic shift.

Step 2: A bit-level cyclic shift is performed on each pixel of the row.

For the jth row pixels (j ≠ 1), the process is described as:

$$\{\begin{array}{l}s=\mathrm{mod}(x_r{}^j(1),256)\\ s’=s\oplus B^{j-1}(x_r{}^j(1))\\ t=\mathrm{mod}(s’,8)\\ B^j=\mathrm{circshift}(A^j,t)\end{array}.$$

(15)

Step 1: Use the first index value x_r^j(1) to perform the modulo operation on 256, and the obtained result is XORed with the pixel corresponding to the index value in the previous row. Then take the XOR result and perform the modulo operation on 8 to obtain the number of bits in the circular shift.

Step 2: A bit-level cyclic shift is performed on the pixels.

Combining the above two permutation algorithms to traverse each row of pixels, the row permutation operation is completed. The column operation is similar to the row operation, the difference is that the key sequence used in the column operation is S_c in (12).

3.3. Diffusion

This subsection uses the elements of the Hilbert curve matrix as an index to reorder the key sequence S_z in (12), and use the new sequence for the diffusion operation.

Step 1: Determine the order of the Hilbert curve according to the scale of the image data. If the image size is M × N × O, the required order can be calculated by (16).

$$\{\begin{array}{l}s={\log }_2(\max (M,N))\\ e=ceil(s)+1\end{array},$$

(16)

where ceil(·) indicates ceiling function and e is the order of the Hilbert curve.

Step 2: Choose an initial curve from Figure 6. Specifically, take out the first number of S_z and perform modulo operation on 8, and add 1 to the result to obtain an integer from 1 to 8, corresponding to the eight initial curves in Figure 6.

Step 3: After the e-order Hilbert curve is obtained from the initial curve, its traversal matrix is converted into a sequence H with a size of 1 × 4^e. Discard the elements larger than M × N × O in H to obtain the index sequence, use the index sequence to reorder S_z, and obtain a new sequence S_h for the diffusion operation.

Step 4: The diffusion operation is performed based on the method of ciphertext feedback. We only take row operation as an example shown in (17), because the row and column operations for diffusion encryption are similar.

$$C^j=\{\begin{array}{ll}{P}^j\oplus S_h{}^j& j=1\\ P^j\oplus C^{j-1}\oplus S_h{}^j& j\ne 1\end{array},$$

(17)

where j represents the jth row, S_h^j is the subsequence of S_h, P is the plaintext sequence, and C^jis the ciphertext sequence.

3.4. Encryption and Decryption Process

The flow chart of the algorithm is shown in Figure 8, and the colored Lena image is selected as the plaintext image P. The specific steps of image encryption are as follows:

Step 1: Use the SHA-512 algorithm to get the initial value [x₀, y₀, z₀, w₀] with plaintext information.

Step 2: Generate the key sequences S_r, S_c and S_z through the iteration of the hyper-chaotic system.

Step 3: Processing the repeated values of S_r and S_c to obtain the Hash table index sequence x_r and x_c, which are used for row operation and column operation respectively.

Step 4: Use the traversal matrix of the Hilbert curve to reorder the sequence S_z to obtain the sequence S_h.

Step 5: Use x_r to perform the pixel-level permutation on the pixels of each row, then perform the bit-level permutation of the row, and then use S_h to perform the diffusion operation on the row.

Step 6: Use a similar operation on the column pixels, and the ciphertext C is obtained.

Furthermore, the decryption process is the inverse of the encryption process, as shown on the right side of Figure 8. It is worth pointing out that the encryption end needs to transmit the hyper-chaotic sequence Y as the driving sequence to the decryption end, and then the decryption end obtains the same key sequence as the encryption end through chaotic synchronization. The whole process does not need to transmit the initial key, and the Y does not belong to the key sequence. Therefore, the attacker cannot steal the key information through the public channel.

3.5. Experimental Results

The color Lena image with a size of 256 × 256 is selected as the test image, and the simulation results are shown in Figure 9. The ciphertext pixels are irregular, and the decrypted image is consistent with the plaintext. This shows that the encryption algorithm can hide the plaintext information well, to ensure that the information will not be stolen, and all the information of the plaintext can be recovered through the decryption operation.

4. Security Analysis

4.1. Key Space

A suitable encryption algorithm should have a key space large enough to prevent cracking. The algorithm proposed in this paper selects the initial value and system parameters of the discrete hyper-chaotic system as the key, namely [x₀, y₀, z₀, w₀, a, b, c, d]. When the parameter a varies between [10,15] and c varies between [−2, −1.5], the system has hyper-chaotic properties. In addition, the initial values of x₀, y₀, z₀ and w₀ between [–10,10] can all produce hyper-chaos. Assuming that the calculation precision is 10⁻¹⁵, the key space is at least: 5 × 10¹⁵ × 0.5 × 10¹⁵ × (20 × 10¹⁵)⁴ = 4 × 10⁹⁵, which is much larger than the standard value of 2¹⁰⁰.

4.2. Key Sensitivity

Key sensitivity means that when the key changes slightly, the encrypted image will change greatly. Similarly, if there is a slight difference between the decryption key and the encryption key, it will not decrypt correctly. In addition, under the condition of chaotic synchronization, the system parameters will determine whether the decryption is successful or not. Therefore, in order to test the sensitivity of the key, we individually make small changes to each parameter in the decryption key to get the wrong key. Taking parameter a as an example, let a′ = a + 10⁻¹⁵, and other conditions remain unchanged, the decryption result is shown in the Figure 10b.

Comparing Figure 10a,b, it can be seen that the algorithm is extremely sensitive to the parameter a. Similarly, we also tested the sensitivity of the algorithm to other parameters. The results are shown in

Table 1. Key sensitivity test.

Parameter	a	b	c	d
Sensitivity	10−15	10−15	10−15	10−14

, indicating that the proposed algorithm has strong key sensitivity.

4.3. Information Entropy

Information entropy reflects the distribution characteristics of pixel values, and can be used to measure the randomness of image information, which can be obtained from (18).

$$H(s)=-{\displaystyle \sum _{i=1}^{N_0}p(s_i){\log }_{2}p(s_i)},$$

(18)

where, H(s) is the information entropy, s_i is the pixel value, N₀ = 256 is the number of pixel values, and p(s_i) is the probability that the pixel value s_i appears. When all p(s_i) are equal to 1/256, the information entropy reaches a maximum value 8.

We calculated the information entropy of the color image after encryption, as shown in

Table 2. Information entropy test.

Image	Information Entropy
	Channel R	Channel G	Channel B
Lena	7.9896	7.9892	7.9897

. Then we compared with other existing algorithms using gray images, as shown in

Table 3. Comparison of gray images.

Algorithm	Information Entropy
Proposed	7.9895
Ref. [23]	7.9888
Ref. [24]	7.9890
Ref. [25]	7.9240

. The data show that the information entropy obtained by the proposed algorithm is very close to the highest value of 8, and is larger than the results of other algorithms, so the algorithm has high security.

4.4. Histogram Analysis

In order to prevent attackers from cracking the algorithm through statistical analysis, the pixel values of the ciphertext need to be uniformly distributed and its histogram is smooth and continuous. Figure 11 presents the histograms of plaintext and ciphertext, where abscissa axis indicates pixels from 0 to 255 and ordinate axis indicates the number of times each pixel appearing in each picture.

Obviously, the histogram of the ciphertext is smooth and continuous, indicating that its pixel values are evenly distributed. Therefore, an attacker cannot decrypt using statistical analysis.

4.5. Correlation Analysis

Usually, there is a strong correlation between adjacent pixels. The encryption algorithms should try to minimize this correlation to prevent cracking. This section randomly selects 10,000 pairs of adjacent pixels, and calculates the correlation between adjacent pixels in the horizontal, vertical and diagonal directions of the plaintext and ciphertext by (19).

$$\{\begin{array}{l}E(x_{\mathrm{p}})=\frac{1}{N_{\mathrm{p}}}{\displaystyle \sum _{i=1}^{N_{\mathrm{p}}}{x}_{\mathrm{p}}{}_i}\\ D(x_{\mathrm{p}})=\frac{1}{N_{\mathrm{p}}}{\displaystyle \sum _{i=1}^{N_{\mathrm{p}}}{(x_{\mathrm{p}}{}_i-E(x_{\mathrm{p}}))}^2}\\ \mathrm{cov}(x_{\mathrm{p}},y_{\mathrm{p}})=\frac{1}{N_{\mathrm{p}}}{\displaystyle \sum _{i=1}^{N_{\mathrm{p}}}(x_i-E(x_{\mathrm{p}}))(y_i-E(y_{\mathrm{p}}))}\\ {\rho }_{xy}=\frac{\mathrm{cov}(x_{\mathrm{p}},y_{\mathrm{p}})}{\sqrt{D(x_{\mathrm{p}})D(y_{\mathrm{p}})}}\end{array},$$

(19)

where, x_p and y_p are adjacent pixels, N_p = 10,000 represents the number of randomly selected pixel pairs, ρ_xy is the correlation coefficient.

The calculation results are shown in

Table 4. Correlation coefficient of adjacent pixels.

Direction	Plaintext	Ciphertext
Horizontal	0.9671	0.0007
Vertical	0.9383	−0.0031
Diagonal	0.9227	0.0011

. Obviously, the pixel correlation coefficient of the ciphertext is close to 0 and has almost no correlation. For a more intuitive display, we count the pixel values in the horizontal, vertical and diagonal directions, and draw a scatter plot, as shown in Figure 12. In the ciphertext, the distribution of pixel values of adjacent pixels is similar to random, which has strong anti-statistical attack ability.

4.6. Differential Analysis

In the differential attack process, the attacker makes small changes to the plaintext, and then compares the differences between the ciphertexts to obtain key information to crack the algorithm.

In order to test anti-differential attack ability of the algorithm, this subsection adopts the Number of Pixels Change Rate (NPCR) and the Unified Average Changing Intensity (UACI) used in [26]. When a single pixel of plaintext changes, the NPCR represents the change rate of ciphertext pixels, and the ideal value is 99.6049%. UACI represents the change intensity of the ciphertext pixel value, and the ideal value is 33.4635%, as shown in (20).

$$\{\begin{array}{l}\mathrm{NPCR}=\frac{{\displaystyle \sum _{i,j,k=1}^{M,N,O}D(i,j,k)}}{M\times N\times O}\times 100\%\\ \mathrm{UACI}=\frac{1}{M\times N\times O}\left[{\displaystyle \sum _{i,j,k=1}^{M,N,O}\frac{\left|C_1(i,j,k)-C_2(i,j,k)\right|}{255}}\right]\times 100\%\\ D(i,j,k)=\{\begin{array}{cc}0,& C_1(i,j,k)=C_2(i,j,k)\\ 1,& C_1(i,j,k)\ne C_2(i,j,k)\end{array}\end{array},$$

(20)

where, M × N × O is the image size, and C₁(i,j,k) and C₂(i,j,k) represent the pixel values of the two ciphertexts at coordinates (i,j,k), respectively.

To avoid the chance of the result, we randomly select 100 pixels in the plaintext and change the value of one pixel each time. 100 sets of results were obtained and plotted as a graph, as shown in Figure 13. Obviously, the value of NPCR fluctuates around 99.6%, and the value of UACI fluctuates around 33.46%, which are very close to their ideal values, indicating that the proposed algorithm has strong resistance to differential attacks.

4.7. Robustness Analysis

During the transmission and storage of ciphertext, external interference factors can damage the image. Therefore, the encryption algorithm should have certain robustness to resist the influence caused by uncertain factors.

In order to test the robustness of the algorithm, this section uses occlusion attack and Salt & Pepper noise attack to process the ciphertext, and analyzes the impact of the attack on decryption. The experimental results are shown in Figure 14 and Figure 15.

It can be seen from Figure 14 and Figure 15 that when the ciphertext is damaged, such as occlusion attacks and noise attacks, most of the plaintext data can still be recovered through decryption. Therefore, the proposed algorithm has strong robustness.

4.8. Speed Analysis

In addition to security, speed is also an important factor in algorithm performance. The proposed algorithm traverses each row and column in the permutation-diffusion processes, and only operates one pixel at a time in the permutation process, so the time complexity is O(n²).

Table 5. Comparison of encryption times.

Algorithm	Size	Time
Proposed	256 × 256	0.5726
	512 × 512	2.0181
Ref. [21]	256 × 256	0.7091
Ref. [27]	256 × 256	1.9140

presents the comparison of the proposed algorithm with other existing algorithms in terms of encryption time.

It can be seen that when the image size increases, the encryption speed will be significantly reduced due to the increased amount of data. In addition, under the condition of the same image size, the proposed algorithm has certain advantages in encryption speed compared with other algorithms. In conclusion, the proposed algorithm has high efficiency and is more conducive to practical applications.

5. Conclusions

In this paper, a new image encryption algorithm is designed based on the discrete system, which is obtained from a tri-valued memristor-based hyper-chaotic system we built before, the key transmission is realized based on hyper-chaotic synchronization method. Firstly, the initial key of the proposed algorithm contains the Hash value of the original image, which makes the algorithm have high plaintext sensitivity. Secondly, the algorithm implements double permutation encryption based on pixel-level and bit-level, and uses the index sequence generated based on the Hash table in the pixel-level permutation, which has high randomness and improves the permutation effect. Thirdly, the algorithm uses the Hilbert curve to reorder the key sequence, and combines the ciphertext feedback method to design the diffusion operation, which makes the relationship between the plaintext, ciphertext and key more complicated. Finally, the security performance of the proposed algorithm is analyzed, such as key space, key sensitivity, anti-attack ability and algorithm robustness. The results show that the proposed algorithm has both high security and high efficiency. Therefore, the algorithm has high theoretical and application value.