An Effective Chaos-Based Image Encryption Scheme Using Imitating Jigsaw Method

In this paper, an efficient chaos-based image encryption scheme is proposed, which uses the imitating jigsaw method containing revolving and shifting operations. In this scheme, there are three processes in encryption: preprocessing, encryption process, and postprocessing. In the preprocessing, the original image is partitioned into 64× 64 pixel image blocks and then randomly revolved and shifted under control sequences which are generated by the hyperchaotic Lorenz system whose initial conditions are calculated by original image and keys. ,erefore, the preprocessing is sensitive to plain image against differential attacks. In the encryption process, the after-preprocessing image is partitioned into 32× 32 pixel image blocks; next they are randomly revolved and encrypted by control sequence and key blocks which are generated by the skew tent map. In postprocessing, the afterencryption image is partitioned into 16×16 pixels’ image blocks, and they are randomly revolved and shifted again under control sequences which are related with encrypted image and keys. ,e postprocessing further increases the diffusion characteristics. Moreover, the test experiment and security analyses are given; the results show that our proposed cryptosystem has both security and speed performance.


Introduction
With the rapid development of electronic technology, digital information is being applied in all the fields in the society. Digital image is becoming the most widely used information carrier in our daily life with many advantages, such as intuition and vividness. At the same time, a series of security problems of image information threaten the safety of peoples' life and property. erefore, the information security of digital image has become a research focus in recent years. Because the image data has many special characteristics which are different from text structure data, such as high redundancy, strong correlation, and bulk data capacity, traditional text encryption algorithms usually have low efficiency on image encryption [1]. erefore, the image encryption scheme must be designed by considering those characteristics.
Since the chaos theory was first proposed by Lorenz [2], many chaotic phenomena were found in many fields, such as physics, astronomy, chemistry, biology, and medicine. In recent years, the chaotic encryption attracts more and more researcher's attention. After Matthews [3] using the chaotic system to design the first image encryption scheme, many chaotic image encryption schemes are proposed in the recent years . Fridrich [26] gave a two-dimensional chaotic symmetric ciphers scheme. Lian et al. [27] proposed a block cipher using a chaotic standard map. At the same period, many chaotic encryption schemes were put forward, such as [19][20][21][22][23][24]. Many of these schemes have been proved to have some security problems, such as weak plaintext sensitivity, small key space, and easy statistical attack.
In the past five years, many splendid image encryption schemes were presented. Hu et al. [4] proposed a chaotic image cipher scheme by using a plaintext-related permutation mechanism. In [5], an image encryption scheme was presented by using chaos sequence to control the encoding plain image to DNA sequence, and then they were encrypted by cycle operation of DNA sequence. In [6], Hua et al.
proposed a new 2D logistic-sine-coupling map and then designed an image encryption scheme using this chaotic system. In [7], Gao et al. gave a new 2D logistic ICMIC cascade map and then proposed a bit-level image encryption algorithm based on this map. Chai et al. [8] used the memristive chaotic system, elementary cellular automata, and compressive sensing to design an image encryption cryptosystem. Ye et al. [9] proposed an image encryption scheme by using SHA-3 hash function and double Arnold chaotic maps. Luo et al. [10] designed a plain image-related cryptosystem by using the tent map to generate two ergodicity sequences to control the permutation and diffusion processes. In [11], Hua et al. proposed an image encryption scheme for medical image by using high-speed scrambling and pixel adaptive diffusion. Khelifi et al. [12] presented an encryption scheme for image data sharing in cloud. In [13], Wang and Zhang used the hyperchaotic system to design an image encryption scheme which expanded the plain image into two compound images and then diffused them at the bit level. In [14], an image encryption scheme was presented which encrypted the image from four directions by interweaving pairs of rows and columns. In [15], an image encryption scheme was designed by using rows and columns switch. In [16], Liu et al. designed a self-adaptive selective permutation and inter-intra-block feedback diffusion and then used them by designing an image encryption scheme. Wu et al. [17] proposed a color image encryption scheme using the nonlinear chaotic algorithm (NCA) map-based coupled map lattice (CML) and DNA operation. Wang et al. [18] used chaos and simulated annealing algorithm to design the image encryption scheme. Li et al. [29] proposed a plaintext related image encryption scheme based on the hyperchaotic system and hash function. In [30], Wu et al. proposed an image encryption algorithm by using Henon-Sine map and DNA approach. Ye et al. [31] proposed an image encryption scheme by using quaternion discrete fractional Hartley transform and an improved pixel adaptive diffusion. In [32], Zhu et al. use block compressive sensing and singular value decomposition embedding to balance the security, compression, and robustness. In [33], an image encryption scheme is proposed by using 2D multiple parameter fractional discrete Fourier transform and 3D Arnold transform. You et al. [34] proposed a parallel image encryption scheme and implemented by OpenCL. Ouyang et al. [35] proposed a method of impulsive synchronization of coupled delayed neural networks with actuator saturation and designed an image encryption scheme by using this method. In [36], a compressed sensing strategy based on a semitensor product was proposed and a visual security image encryption scheme was designed. In [37], an image encryption scheme was proposed by using compressive sensing and random number insertion. Zhang et al. [38] proposed a plaintext-related image encryption scheme by using perceptron-like network. Li et al. [39] proposed an efficient bit-level permutation method and designed a chaosbased color image encryption scheme. Yavuz et al. [40] proposed an effective image encryption algorithm using two independent chaotic functions and some logical operations. Yavuz [41] proposed a content sensitive dynamic function and used this mechanism to design an image encryption scheme. Amina et al. [42] proposed an image encryption scheme using logistic-tent system. Ravichandran et al. [43] presented an image encryption scheme based on combined logistic-tent system. Lakshmi et al. [44] proposed a Hopfield attractor-based image encryption scheme using neural networks. Banu et al. [45] proposed an image encryption based on chaotic attractors on frequency domain by integer wavelet transform (IWT) and fused with deoxyribonucleic acid (DNA) sequence on the spatial domain. Alawida et al. [46] proposed a new chaotification method which combined two chaotic maps and designed an image encryption scheme using this method. Alawida et al. [47] used a deterministic finite state machine to enhance chaotic properties of tent map and proposed an image encryption scheme using this new chaotic system. Artiles et al. [48] combined the block cipher and chaotic system to design an image encryption scheme; the drawback of this scheme is less efficiency. Wang et al. [49] proposed an image encryption algorithm using logistic-dynamic mixed linear-nonlinear coupled map lattices. Luo et al. [50] presented an image encryption scheme using improved baker map and logistic map.
As we all know, a good image encryption scheme not only should have an excellent security performance but also need to have an outstanding encryption speed performance. e main contributions of our work are as follows: (1) We proposed an efficient image encryption scheme based on chaos theory and imitating jigsaw operation (2) We give a complete security analysis and performance analysis (3) e proposed scheme is proved to have good encryption and decryption efficiencies compared with those of others' works e organization of this paper is as follows: in Section 2, we give a detailed description of the encryption and decryption algorithms. In Section 3, we simulate our proposed cryptosystem and use some security analyses to prove our work is secure. Section 4 concludes this paper.

Encryption and Decryption Algorithms
In our proposed image cryptosystem, there are three processes in both encryption and decryption algorithms: preprocessing process, encryption or decryption process, and postprocessing process. In preprocessing and postprocessing processes, we use the hyperchaotic Lorenz system to generate the control sequences of revolving and shifting image blocks. In the encryption or decryption process, we use the skew tent system to generate the control sequence of revolving image blocks and the security key for encryption or decryption.
Remark 1. In our proposed scheme, we use the hyperchaotic system and skew tent map to control the encryption process. However, the other chaotic systems can also be extended in our scheme, and the only difference is the size of the key space.

Encryption
Algorithm. e whole encryption scheme as shown in Figure 2 has two parts: image data processing before encryption part and encryption algorithm part. e purpose of data processing before encryption is to make input images suitable for processing rules of encryption algorithms. e details are as follows: Step 1: we supposed the inputted image IM is an M0 × N0 8 bit gray image and check whether M0 and N0 can be divided exactly by 64.
Step 2: if M0 cannot be divided exactly by 64, but N0 can, then execute Step 3a. If N0 cannot be divided exactly by 64, but M0 can, then execute Step 3b. And, if both M0 and N0 cannot be divided exactly by 64, then execute Step 3c (only one of the Steps 3a, 3b, and 3c can be executed).
Step 3a: take an integer number between 0 and 63 and denote it as nm, to make M0 + nm to be divided exactly by 64. Build an nm × N0 matrix NBM whose each element is equal nm. Combine the two matrixes IM and NBM to be a new (M0 + nm) × N0 matrix, as shown in Figure 3.
Step 3b: take an integer number between 0 and 63 and denote it as nn, to make N0 + nn to be divided exactly by 64. Build a M0 × nn matrix NBN whose each element is equal nn. Combine the two matrixes IM and NBN to be a new M0 × (N0 + nn) matrix, as shown in Figure 3.
Step 3c: take an integer number between 0 and 63 and denote it as nm, to make M0 + nm to be divided exactly by 64. Take an integer number between 0 and 63 and denote it as nn, to make N0 + nn to be divided exactly by 64. Generate a new (M0 + nm) × (N0 + nn) matrix by IM, NBN, NBM, and NBT as Figure 3, where elements in matrix NBM are equal to nm, elements in matrix NBN are equal to nn, and elements in matrix NBT are equal to nm + nn.
Step 4: finish the data processing with outputting M × N image matrix IM1.
After data processing, we put the outputted-image matrix into encryption algorithm. ere are three processes in encryption algorithm: preprocessing process, encryption process, and postprocessing process. e encryption algorithm is shown in Algorithm 1.
e detailed description of encryption algorithm is as follows: Step 1: input the data processed image IM1 and initial key k 1 , k 2 , . . . , k 9 into the encryption algorithm.
Step 3: add all the gray values of pixels of the IM1, and the summation is denoted as S1. e initial conditions of the hyperchaotic Lorenz system are generated by equations (3)-(6): where mod (a, b) means the remainder of a/b (similarly hereinafter).
Step 4: under initial conditions which are generated in Step 3, equation (1) is iterated by using the fourth-order Runge-Kutta method with 0.002 step size. e revolving control sequence RS1 and the shifting control sequence XS1 are generated by equations (7) and (8), respectively: Step 5: image blocks are revolved by using the following equation: where imrotate(P, m) means image P is rotated m degrees in the anticlockwise direction (similarly hereinafter) andiis the serial number of elements in the sequences preBlock and RS1.
Step 6: remove the repeated elements from XS1 and then put the absent numbers at the end to generate a new sequence X1.
Generate initial conditions of the hyperchaotic Lorenz system: end for (6) Generate a new sequence X1 by removing repeated elements from XS1 and putting the absent numbers at the end.
Step 8: generate a new image IM2 by restructuring preBlock. e preprocessing process is finished.
Step 10: generate system parameter p and initial condition t 0 of skew tent map by equations (10) and (11), respectively: Step 11: equation (2) was iterated under system parameter p and initial condition t 0 . e revolving control sequence RS2 and the key sequence KS are generated by equations (12) and (13), respectively: KS � mod floor t × 10 12 , 256 .
Step 13: Revolve the image blocks by using the following equation: Step 14: encrypt image blocks by the following equation: Step 15: generate a new image IM3 by restructuring cBlock. e encryption process is finished.
Step Step 17: add all the gray values of pixels of the IM3, and the summation is denoted as S2. e initial conditions of the hyperchaotic Lorenz system are generated by the following equations: Step 18: under initial conditions which are generated in Step 17, equation (1) is iterated by using the fourthorder RungeKutta method with 0.002 step size. e revolving control sequence RS3 and the shifting control sequence XS2 are generated by equations (20) and (21), respectively: XS2 � mod floor (x + 100) × 10 8 , BN3 + 1 (21) Step 19: image blocks are revolved by the following equation: Step 20: remove the repeated elements from XS2 and then put the absent numbers at the end to generate a new sequence X2.
Step 22: generate cipher image CM by restructuring postBlock. e postprocessing process is finished.
Step 23: output the cipher image, and the encryption algorithm is finished.

Decryption Algorithm.
e decryption scheme as shown in Figure 4 has two parts as encryption: the decryption algorithm part and data processing part. e decryption algorithm is the inverse process of the encryption algorithm and also has three processes: preprocessing process, decryption process, and postprocessing process. e decryption algorithm is shown in Algorithm 2. e detail description of the decryption algorithm as follows: Step 1: input cipher image CM1 and initial key k 1 , k 2 , . . . , k 9 into decryption algorithm, and the cipher image is supposed to be M × N 8 bit gray image. Note: inputted security keys are defined ask 1 , k 2 , . . . , k 9 ∈ (0, 1), which are used to generate parameter and initial values of the hyperchaotic Lorenz system and skew tent map. To avoid weak key problem [53], we require each input key to be 15 decimal places.
Step 3: add all the gray values of pixels of the CM1, and the summation is denoted as S3. e initial conditions of the hyperchaotic Lorenz system are generated by equations (23)- (26): Step 4: under initial conditions which are generated in Step 3, equation (1) is iterated by using the fourth-order Runge-Kutta method with 0.002 step size. e revolving control sequence RS4 and the shifting control sequence XS3 are generated by equations (27) XS3 � mod floor (x + 100) × 10 8 , BN4 + 1 (28) Step 5: remove the repeated elements from XS3 and then put the absent numbers at the end to generate a new sequence X3.
Step 7: image blocks are revolved by the following equation: Step 8: generate a new image CM2 by restructuring preCBlock. e preprocessing process is finished.
Step 10: generate system parameter p and initial condition t 0 of skew tent map by equations (30) and (31), respectively: Step 11: iterate equation (2) under system parameter p and initial condition t 0 . e revolving control sequence RS5 and the key sequence KS1 are generated by equations (32) and (33), respectively: KS1 � mod floor t × 10 12 , 256 .

(35)
Step 15: generate a new image CM3 by restructuring pBlock. e decryption process is finished.
Step 17: add all the gray values of pixels of the CM3, and the summation is denoted as S4. e initial conditions of the hyperchaotic Lorenz system are generated by the following equations: Step 18: under initial conditions which are generated in Step 18, iterate equation (1) by using the fourth-order RungeKutta method with 0.002 step size. e revolving control sequence RS6 and the shifting control sequence XS4 are generated by equations (7) and (8), respectively: XS4 � mod floor (x + 100) × 10 8 , BN6 + 1 (41) Step 19: remove the repeated elements from XS4 and then put the absent numbers at the end to generate a new sequence X4.

(42)
Step 22: generate plain image PM by restructuring postCBlock. e postprocessing process is finished.
Step 23: output image matrix PM, and the decryption algorithm is finished.
After decryption algorithm part, we also need to run data processing to get the plain image. e purpose of this section is to remove the pixels when added by data processing before the encryption part; the detailed description is as follows: Step 1: check the relationship of three pixels' value which are located in (1, N), (M, 1), and (M, N). We denote these three pixel value as nn, nm, and nt, respectively. If nt is not equal to nn, nm, or nn + nm, then execute Step 2a. If nt is equal to nn, then execute Step 2b. If nt is equal to nm, then execute Step 2c. If nt is equal to nm + nn, then execute Step 2d (only one of the Steps 2a, 2b, 2c, and 2d can be executed) Step 2a: do nothing with PM, and the matrix DPM will be equal to PM.
Step 2b: check some elements' value in matrix PM which locate from rows 1 to M and columns N-nn + 1 to N. If all those elements' value are equal to nn, then matrix DPM is equal to a part of matrix PM from rows 1 to M and columns 1 to N-nn. Otherwise, the matrix DPM is equal to PM.
Step 2c: check some elements' value in matrix PM which locate from rows M-nm + 1 to M and columns 1 to N. If all those elements' value are equal to nm, then matrix DPM is equal to a part of matrix PM from rows 1 to M-nm and columns 1 to N. Otherwise, the matrix DPM is equal to PM.
Step 2d: check some elements' value in matrix PM which locate from rows M-nm + 1 to M and columns N-nn + 1 to N. If all those elements' value are equal to nm + nm, then matrix DPM is equal to a part of matrix PM from rows 1 to M-nm and columns 1 to N-nn. Otherwise, the matrix DPM is equal to PM.
Step 3: output the plain image DPM, and the whole decryption scheme is finished.

Simulation and Security Analysis
In this section, we evaluated our proposed scheme by software simulation running in MATLAB 2015b. e system parameters which are given in equation (1) Figure 5. In following subsections, many commonly used security analyses will be discussed.

Key Space Analysis.
e key space of a cryptosystem is the very important factor on security when brute-force attack is happening. In our scheme, the cryptosystem needs input k1, k2, k3, k4, k5, k6, k7, k8, and k9 ∈∈(0, 1) as security key. If we supposed the change step of each inputted key are 10 − 15 , then the total key space is calculated as S � (10 5 ) 9 ≈ 2 455 , which is larger enough on security [4][5][6].

Differential
Attack. To resist differential attack, an image cryptosystem is required to have a good plaintext sensitivity. If the inputted image has only one-bit changed, the corresponding encrypted image is totally different, then the cryptosystem is considered to have enough plaintext sensitivity to resist differential attack. To measure the difference between two image, NPCR (number of pixels change rate) and UACI (unified average changing intensity) are put forward [8][9][10][11].
Complexity 9 e NPCR and UACI are given by where C 1 (i, j) and C 2 (i, j) represent two cipher-images obtained from encrypting two one-pixel different images. M and N represent the height and width of images, respectively. e NPCR means the percentage of different pixels at same position between two corresponding encrypted images which are obtained by two images with one-bit difference, and the UACI represents the average intensity of the difference between two same position's pixels which are obtained from two cipher images.
In order to evaluate whether the NPCR and UACI images passed the tests, the critical values of NPCR and UACI are defined [54,55]. For a significance level α, a critical NPCR score N * α is obtained by where H is the total number of pixels in an image and Q represents the largest allowed pixel value in the image. An image encryption scheme can be considered to pass the NPCR if the obtained NPCR is larger than N * α . e critical UACI interval (U * − α , U * + α ) can be calculated by where If the obtained UACI falls into range (U * − α , U * + α ), the corresponding encryption algorithm is considered to have a high security level. For images with size 512 × 512, when we set the significance level α � 0.05, the critical value of NPCR is N * 0.05 � 99.5893% and (U * − 0.05 , U * + 0.05 ) � (33.3730%, 33.5541%).
In this section, the NPCR and UACI are calculated by two cipher images obtained by encrypting two images, the one obtained by random changing one pixel of another. We tested NPCR and UACI 100 times, and the results are shown in Table 1. According to the results in Table 1, it is no doubt that our cryptosystem is plaintext sensitive enough on resisting the differential attack.

Histogram Analysis.
If the histogram of the corresponding cipher image shows uniform distribution, the cryptosystem has good ability on resisting the statistical attack. In other words, there is no obvious statistical distinction of the count of pixels in each gray level. e distribution of plain images' histograms and cipher images' histograms is shown in Figure 6. We use the chi-squared test to evaluate the uniformity of encrypted image's histogram [43,56]. When we set the significance level α � 0.05, the chisquared test results of cipher images is given in Table 2. e histogram analysis result shows that our proposed cryptosystem has good diffused property on resisting the statistical attack.
e correlation coefficient is given by where a and b are two adjacent pixels gray values, and In this test, 10000 pairs of adjacent pixels are randomly selected for calculating the correlation coefficient. e correlation coefficient results are shown in Table 2, and the correlation distribution of image "Lena" is shown in Figure 7 and Table 3 3.4. Key Sensitivity Analysis.
In this test, the plain image 'Lena' is first time encrypted with initial keys which are assigned at the beginning of Section 3, the second time encrypted with modifying k1' � k1 + 10 − 15 , and the third time encrypted with modifying k2' � k2 + 10 − 15 . And then, the differences between the ciphers encrypted by modified keys and initial keys are figured. e test result is shown in Figure 8, and the NPCR and UACI between ciphers generated by different keys are shown in Table 4. e result of test clearly shows that our proposed cryptosystem has good key sensitivity on resisting the exhaustive attack.

Global Information Entropy.
e global information entropy is used to indicate the uncertainty degree of image information [9,57]. e global information entropy can be calculated by where K is the image bit depth, e.g., K � 8, for an 8 bit gray image, and P(s i ) means the probability of s i . e ideal case of 8 bit gray image information entropy is H(s) � 8 bits. e entropy test result is shown in Table 5. According to the test results, our entropies are very close to the ideal value 8. us, our cryptosystem shows good performance on resisting the entropy attack.

Local Shannon Entropy.
Global Shannon entropy reflects the total randomness of image, and it has certain limitations in some occasions. erefore, local Shannon entropy (LSE) was proposed by Wu et al. [58,59]. To measure local entropy, we first randomly select k nonoverlapping image blocks B 1 , B 2 , . . . , B k with T B pixels from image I; then, the LSE is given by where H(B i ) is the Shannon entropy of image blockB i and can be calculated by equation (49). For our tests, we select parameters (k, T B ) � (30,1936), and then the ideal value of LSE is 7.902469317. e significance α � 0.05, and we consider the tests passed when the test LSE values fall into (7.901901305, 7.903037329). e LSE test results are shown in Table 6.
3.6. NIST SP800-22 Tests. In our scheme, control sequences are generating by the hyperchaotic Lorenz system (HCLS) and skew tent map (STM). erefore, the randomness of iterative sequences which generated by these two chaotic system is directly affecting the performance of the image cryptosystem. Here, we use SP800-22 [60] to test the randomness of binary sequences generated by the hyperchaotic Lorenz system and skew tent map. e test results are shown in Table 7. e simulation and tests are implemented in MATLAB R2015b, which is worked on a MacBook with Inter (R) Core i7, CPU 1.4 GHz, and 16 GB memory, and the software running system is macOS (High Sierra 10.13.1). As we all known, there are many factors affecting the speed of encryption and decryption except algorithm itself, such as operating system, hardware environment, programming language, and code optimization. us, in this performance comparison, we not only give the comparison of time cost but also give the comparison of other correlation factors. Furthermore, we also give the comparison of encryption throughput and   Figure 6: Histograms of (a, c) plain images "Lena" and "Baboon" and (b, d) their corresponding cipher images.         number of cycles to make a more intuitive performance description. e speed analysis result is shown in Table 8, and the security comparisons with other works are shown in Table 9. e speed test and the comparisons show that our proposed cryptosystem not only has good speed on encryption but also has good security performance.

Conclusions
We proposed an efficient chaos-based image encryption scheme using the jigsaw method which contains two operations of image blocks: revolving and shifting. In the proposed encryption scheme, the preprocessing makes sure   our scheme has enough plain image sensitivity on resisting differential attack. e encryption process guarantees our cryptosystem has full diffusion on resisting the statistical analysis. e postprocessing process further increases the diffusion characteristic. In addition, some common security analyses and speed comparisons show that our image cryptosystem has both security and speed performance.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.