Introduction

Under the vigorous development of computer communication and network technology, diversified data and information can continuously, widely and rapidly flow through the network, thus giving rise to new needs in the field of data transmission, especially the concern for the transmission security environment1,2,3,4,5. In an intuitive and common form, images carry a large amount of sensitive information as the carrier of information transmission6,7,8,9,10. Therefore, image encryption technology11,12,13,14,15,16 can efficiently secure key information and prevent information leakage during data transmission. A variety of encryption methods have been proposed, including quantum cipher17,18,19, thumbnail-preserving encryption20,21,22,23, biological coding24,25,26, discrete wavelet transform27,28,29, Fourier transform30,31,32, discrete cosine transform33,34,35, bit-level encryption36,37,38, chaos theory39,40,41,42,43,44 and so on45,46,47,48,49,50,51,52,53,54. Especially, chaos algorithm is widely used and highly55,56,57,58,59,60 respected in the field of image encryption due to its unpredictability, pseudo-randomness, and high sensitivity to the initial value61,62,63,64,65,66.

Throughout the international situation, many scholars have achieved a series of important theoretical and practical achievements in using chaos for image encryption67,68,69,70,71,72,73,74. In 2021, Ref.75 proposed a new parallel processing method for chaos-based image encryption. The scheme splits the image data and creates encrypted threads that process the partitions in parallel using the same chaotic cipher. Based on the additional chaotic function and the XOR, shift operation, which results in encryption. Test results show that the proposed architecture is faster than the base cipher and other advanced algorithms and passes the security test with good robustness. In 2022, Ref.76 proposed a new method for RGB color image encryption based on chaotic cross-channel pixel and bit scrambling. By utilizing the chaos principle, along with the cross-channel pixel and bit scrambling parameters, as well as the required parameters during the diffusion phase, the objective of image encryption can be achieved. Experimental findings demonstrate that this encryption algorithm effectively withstands different common cryptographic attacks and possesses robust anti-interference capabilities, thus reducing paper duplication. In 2023, Ref.77 proposed a dynamic RNA-encoded color image encryption scheme based on a chain feedback structure. The color image is encrypted using a chaotic sequence based on plaintext correlation for each color component and the color-coded image is obtained through RNA dynamic encoding and other operations. The results of the experiment demonstrate that the encryption algorithm exhibits outstanding encryption effectiveness and security performance in the face of different attacks. From a security perspective, existing bit-level chaotic encryption algorithms need further improvement, mainly because (1) the present algorithms are susceptible to chosen-plaintext attacks or chosen-ciphertext attacks as the key employed for generating chaotic sequences lacks correlation with the original image; (2) the granularity of encryption units of existing algorithms is coarse; (3) existing bit planes decomposition algorithms do not consider the correlation between each sliced plane after decomposition. Within the current realm of research on chaotic image encryption, the performance of chaos and algorithms significantly influences the security and efficiency of cryptographic systems. It is imperative and pressing to investigate a novel image encryption algorithm that relies on chaotic mapping construction to withstand various illicit attacks.

In this research paper, we present a Zigzag and chain-diffusion scheme for Bit-level image privacy protection. Our experimental findings demonstrate the algorithm’s outstanding performance in encryption, with good efficiency and the ability to withstand various unauthorized attacks on image encryption. The main innovations and contributions of this paper are as follows:

  1. (A)

    The image encryption method using Discrete Wavelet Transform (DWT) involves efficient encryption, heightened security, and resistance against attacks. This technique makes embedded secret data indistinguishable, challenging for attackers to detect or extract. Additionally, DWT-based hiding ensures the integrity of hidden data even under common attacks like noise addition or compression. In conclusion, DWT hiding is an effective approach for securely protecting sensitive information in images while preserving their visual quality.

  2. (B)

    The existing image encryption algorithms are not structured rationally enough, which leads to their insufficient security against plaintext-type attacks. For this reason, this color image encryption algorithm proposes a plaintext and intermediate ciphertext association mechanism and also adopts chain diffusion to effectively enhance the resistance to cryptographic attacks.

  3. (C)

    Pixel-level image encryption is so coarse in granularity that it is not secure enough, and traditional bit-level encryption is too complex to meet the efficiency requirements. To cope with these challenges, this paper proposes a new strategy. We adopt an elastic processing unit in the weighted bit plane, which effectively balances the tension between security and efficiency.

  4. (D)

    Many of the existing encryption methods rely on pixel-level encryption, which leads to relatively weak encryption granularity, and pixel-level scrambling poses certain security risks. For the encryption of color images, we adopt a bit-level encryption strategy and further enhance the security of the encryption algorithm using forward-and-backward XOR and Zigzag interleaving scrambling. The experimental results show that this algorithm has a significant security improvement.

The rest of the paper is organized as follows: “Relevant theories” briefly describes the bit plane decomposition of chaotic systems as well as non-sequential encryption algorithms. “The proposed encryption algorithm” presents the encryption algorithm designed in this paper. “Analysis and discussion of experimental results” gives experimental and simulation results. The last section concludes the paper.

Relevant theories

HLSE chaotic system

This paper uses a HLSE chaotic system78. The specific equation is expressed as follows:

$$\begin{aligned} x(n)=\gamma sin(\pi \cdot e^{x(n-1)})[1-sin(\pi \cdot e^{x(n-1)})]mod 1 \end{aligned}$$
(1)

where mod denotes the modulo operation, \(\gamma \) denotes the control parameter, whose range is (0,\(\infty \)), x(0) denotes the initial value, x(n) denotes the generated chaotic sequence, whose range is (0,1), at the same time, the system will have chaotic characteristics when \(\gamma \)>3.

Discrete wavelet transform

The discrete wavelet transform (DWT) is a powerful mathematical tool used in signal processing and image compression. It decomposes a signal or an image into different frequency components, allowing for both time and frequency domain analysis. DWT is widely applied in various fields, including image processing, data compression, and denoising.

The wavelet transform operates by iteratively refining the signal across multiple scales, achieving this through a series of scaling and translation operations. This progressive refinement process culminates in a remarkable outcome: a high-frequency time division and a low-frequency frequency division of the signal. This unique characteristic enables the wavelet transform to automatically adapt to the intricate demands of time-frequency signal analysis. The schematic diagram of the image wavelet decomposition is shown in Fig. 1. The (DWT) can be represented by the following formula:

$$\begin{aligned} W(a,b)=\sum \limits _{n=0}^{N-1}{x(n)\cdot {{\psi }_{a,b}}(n)} \end{aligned}$$
(2)

where W(ab) represents the transformed coefficient, with a and b denoting the scale and translation parameters, respectively. These parameters are utilized to control the shape and position of the wavelet function. x(n) corresponds to the discrete sample values of the input signal. \(\psi _{a,b}(n)\) represents the wavelet function, which is dependent on the scale parameter a and translation parameter b.

Figure 1
figure 1

Flow chart of DWT algorithm.

Full size image

Bit plane decomposition

A digital image is an image obtained by digitizing an analog image with pixels as its basic elements, which can be stored and processed by a digital computer or digital circuit. A bit is a unit of information and the smallest unit of measurement of bits and information in a binary number. Bit plane decomposition is the process of converting the pixel values of a digital image into binary, which in turn can be divided into 8-bit planes. Taking the digital image P as an example, the bit plane decomposition can be expressed as:

$$\begin{aligned} P=\sum _{k=1}^{8} 2^{k-1} P_k=P_1+2P_2+2^{2}P_3+2^{3}P_4+2^{4}P_5+2^{5}P_6+2^{6}P_7+2^{7}P_8 \end{aligned}$$
(3)

where k=[1,2,3,...,7,8], \(P(i,j)\in \) \(\mathbb {Z}_{256}\), \(P_k(i,j)\in \) \(Z_{2}\). \(P_k\) denotes the k-th bit plane, \(P_8\) denotes the highest bit plane and \(P_1\) denotes the lowest bit plane. Taking the “house” grayscale map as an example, the bit plane decomposition diagram is shown in Fig. 2.

Figure 2
figure 2

Schematic diagram of Bit decomposition.

Full size image

The proposed encryption algorithm

To solve the existing problems, this paper proposes an image encryption scheme based on chain encryption with image bit-level layering, thus improving the efficiency and security of the encryption algorithm and at the same time has a certain ability to resist cryptographic attacks. The details of the specific encryption algorithm are shown in the following Fig. 3.

Figure 3
figure 3

Flow chart of encryption algorithm.

Full size image

Chaotic initial value confusion and sequence preprocessing

In this section, the association between plaintext and ciphertext is realized using the hash MD5 function, which can effectively improve the algorithm’s ability to resist the chosen plaintext attack and the chosen ciphertext attack because of its unidirectional and collision-proof properties. Meanwhile, in cryptography, the original chaotic sequence initially generated cannot be directly used as an encryption tool and needs to be manipulated by mathematical methods to preserve its chaotic properties and make each of its values fall within the interval required by the algorithm. Finally, the two chaotic sequences obtained by processing are represented by \(S_1\) and \(S_2\).

Chain diffusion function

The specific operational details of each plane in this paper are defined as a custom function \(C=Chain\_encrypt(I,key)\), where I denotes the input plaintext image, C denotes the output ciphertext image, and key denotes the initial key of the chaotic sequence required to encrypt the next image. The function consists of three parts: 2D forward XOR diffusion, Zigzag interleaving scrambling, and 2D backward XOR diffusion. The specific operations are shown below:

Step 1: 2D forward XOR diffusion.

The generated chaotic sequence \(S_1\) is reconstituted into a chaotic matrix of size \(H\times W\), where \(m=[1,2,3,\dots ,H], n=[1,2,3,\dots ,W] \). The specific input image I is encrypted as follows:

$$\begin{aligned} {\left\{ \begin{array}{ll} C_1(1,1)=I(1,1)\oplus X(1,1)\\ C_1(1,j)=I(1,j)\oplus X(1,j)\oplus C_1(1,j-1)\\ C_1(i,1)=I(i,1)\oplus X(i,1)\oplus C_1(i-1,1)\\ C_1(i,j)=I(i,j)\oplus X(i,j)\oplus C_1(i-1,j-1)\\ \end{array}\right. } \end{aligned}$$
(4)

where \(i=[2,\dots ,H],j=[2,\dots ,W]\). After the above 2D forward XOR diffusion, a preliminary encrypted image \(C_1\) is obtained.

Step 2: Zigzag interleaved scrambling.

The initial encrypted image \(C_1\) is disrupted by Zigzag interleaved scrambling to get the image \(C_2\). For the scanning process, the first element in the upper left corner of the original encrypted image \(C_1\) of size \(H\times W\) is selected as the starting point. Then, the first scanning is performed until the \(\frac{H\times W}{2}\)-th element is scanned and each scanned element is integrated into array \(V_1\). Similarly, the lower half is scanned starting from the first element in the lower right corner, and each scanned element is integrated into array \(V_2\). and it will be reconstructed into a new matrix \(C_2\), which size of \(H\times W\), in an interleaved.

Step 3: 2D backward XOR diffusion.

It can be seen from step 1 that the forward XOR diffusion starts from the upper left corner to the lower right corner. Similarly, the backward XOR diffusion starts from the lower right corner to the upper left corner. After the above 2D backward XOR diffusion, the encrypted image P is obtained.

The proposed image privacy protection algorithm

Encryption algorithm section

This section proposes a multi-bit hierarchical and chained encryption image encryption scheme based on image features. Taking the encrypted image with size of \(H\times W\) as an example, the schematic diagram and encryption steps of the algorithm are shown in Fig. 4.

Figure 4
figure 4

Flow chart of specific steps for encryption.

Full size image

Step 1: Decompose bit plane.

After input the image Q and splitting it according to the three channels R, G, B, three grayscale images \(Q_R\), \(Q_G\) and \(Q_B\) are obtained, which are respectively subjected to bit plane layering with the following equations:

$$\begin{aligned} {\left\{ \begin{array}{ll} Q_{Rk}=bitget(Q_R,k)\\ Q_{Gk}=bitget(Q_G,k)\\ Q_{Bk}=bitget(Q_B,k)\\ \end{array}\right. } \end{aligned}$$
(5)

where the bitget(Pk) function denotes the return of the bit value of the k-th layer in P, \(Q_{Rk}\), \(Q_{Gk}\) \(Q_{Bk}\) denotes the image obtained after layering \(Q_R\), \(Q_G\), \(Q_B\), and k denotes the k-th bit plane, \(k=[1,2,3,\dots ,7,8]\). On this basis, the R-channel is used as an example to generate eight layered images \(Q_{R1}\), \(Q_{R2}\), \(Q_{R3}\), \(Q_{R4}\), \(Q_{R5}\), \(Q_{R6}\), \( Q_{R7}\), \(Q_{R8}\) and the G-channel and B-channel operations are the same as the R-channel.

Step 2: Hide the original image feature values.

To facilitate the decryption operation by the receiver, the hash value of the original image needs to be stored in the first row of the layered image \(Q_{R1}\). It is worth noting that, as shown in the analysis in “Bit plane decomposition”, the first layer after bit plane layering contains very little information. Taking an image of size \(256 \times 256\) as an example, the proportion of feature values in the original image is only 0.000586%. Even if the decrypted image is enlarged, it is difficult to observe the difference with the naked eye.

Step 3: Encrypt layer 5.

The encrypted ciphertext image \(C_{R5}\) is reprocessed to obtain \(key_5\), which is used for the next round of encryption. The formula is as follows:

$$\begin{aligned} C_{R5}=Chain\_encrypt(Q_{R5},key_1) \end{aligned}$$
(6)

Step 4: Encrypt layers 6–8.

Images \(Q_{R6}\), \(Q_{R7}\), \(Q_{R8}\) are processed in the same way as Step 3, with the formulas shown below:

$$\begin{aligned} {\left\{ \begin{array}{ll} C_{R6}=Chain\_encrypt(Q_{R6},key_5)\\ C_{R7}=Chain\_encrypt(Q_{R7},key_6)\\ C_{R8}=Chain\_encrypt(Q_{R8},key_7)\\ \end{array}\right. } \end{aligned}$$
(7)

Step 5: Encrypt layers 1–4.

For the low-order bit plane, which contains only a small amount of image information, the same key sequence will be used to perform the encryption operation on these four layers. Similarly, the \(C_{R8}\) eigenvalue is obtained and processed to obtain \(key_8\). The encryption of these four layers can be expressed as:

$$\begin{aligned} {\left\{ \begin{array}{ll} C_{R1}=Chain\_encrypt(Q_{R1},key_8)\\ C_{R2}=Chain\_encrypt(Q_{R2},key_8)\\ C_{R3}=Chain\_encrypt(Q_{R3},key_8)\\ C_{R4}=Chain\_encrypt(Q_{R4},key_8)\\ \end{array}\right. } \end{aligned}$$
(8)

Step 6: Composite bit plane.

The encrypted image \(C_{R1}\), \(C_{R2}\), \(C_{R3}\), \(C_{R4}\), \(C_{R5}\), \(C_{R6}\), \( C_{R7}\), \(C_{R8}\) is subjected to layers synthesis with the following formula:

$$\begin{aligned} C_R=\sum _{i=1}^{8} 2^{i-1} C_{Ri}=2^{0} C_{R1}+2^{1} C_{R2}+2^{2}C_{R3}+2^{3}C_{R4}+2^{4}C_{R5}+2^{5}C_{R6}+2^{6}C_{R7}+2^{7}C_{R8} \end{aligned}$$
(9)

where \(C_{R}\) denotes the final ciphertext image of the R-channel after reduction.

Similarly, the ciphertext image \(C_{G}\), \(C_{B}\) can be obtained after chain encryption of the G-channel and B-channel, the ciphertext image C can be obtained after three-channel reduction.

Step 7: Non-sequential encryption.

In order to achieve the diffusion characteristics of encryption algorithms, most image encryption algorithms adopt the method of changing the current pixel from the previous pixel. However, using fixed order pixel processing may reduce encryption performance and provide attackers with a large amount of information. To solve this problem, we adopted a non sequential encryption algorithm that uses random and secret access mechanisms to process pixels. The processing order is determined by the generated chaotic sequence. As a result, each pixel may be influenced not only by pixels within the same color plane but also by pixels from different color planes. The encryption and decryption operations are as follows:

$$\begin{aligned} C_{i,j,k}= & {} {\left\{ \begin{array}{ll} (S_{i,j,k}+C_{M,N,3}+A_{i,j,k})mod F \quad &{}if\quad i=1,j=1,k=1,\\ (S_{i,j,k}+C_{M,N,k-1}+A_{i,j,k})mod F \quad &{}if\quad i=1,j=1,k\ne 1,\\ (S_{i,j,k}+C_{M,j-1,k}+A_{i,j,k})mod F \quad &{}if\quad i=1,j\ne 1,\\ (S_{i,j,k}+C_{i-1,N,k}+A_{i,j,k})mod F \quad &{}if\quad i\ne 1,\\ \end{array}\right. } \end{aligned}$$
(10)
$$\begin{aligned} S_{i,j,k}= & {} {\left\{ \begin{array}{ll} (C_{i,j,k}-C_{M,N,3}-A_{i,j,k})mod F \quad &{}if\quad i=1,j=1,k=1,\\ (C_{i,j,k}-C_{M,N,k-1}-A_{i,j,k})mod F \quad &{}if\quad i=1,j=1,k\ne 1,\\ (C_{i,j,k}-C_{M,j-1,k}-A_{i,j,k})mod F \quad &{}if\quad i=1,j\ne 1,\\ (C_{i,j,k}-C_{i-1,N,k}-A_{i,j,k})mod F \quad &{}if\quad i\ne 1,\\ \end{array}\right. } \end{aligned}$$
(11)

where mod denotes the modulo operation, P is the input color image, A is the chaos matrix generated from the chaotic sequence and F denotes the number of pixel values in each color image P. The encryption step has been completely completed and the final ciphertext has been obtained.

Embedding a mask image

To convert a random ciphertext image into a meaningful output image, a DWT is used in the proposed of the proposed encryption scheme. The masking of the new image onto the ciphertext image according to the following steps:

  1. 1.

    Take a mask image having meaningful information of size \(2M \times 2N \times 3\).

  2. 2.

    Apply DWT to each color component of a mask image and extract four frequency sub-bands.

  3. 3.

    Now, split each pixel value of the pre-ciphertext image into its groups: (a) LSB-group and (b) MSB-group. For example, a pixel value having a grayscale value equal to 152 (\(Gra{{y}_{dec}}\) = 152), its binary version will be \(Gra{{y}_{bin}}\) = 10011000. The LSB and MSB group of the binary value will be \({{G}_{1}}\) = 1001 and \({{G}_{2}}\) = 1000, respectively.

  4. 4.

    Similarly, step 3 will be repeated for each pixel until it reaches position (MN) for each color component. The LSB-group \((L - G)\) and MSB-group \((M - G)\) matrices are given in Eqs. (9) and (10), respectively.

    $$\begin{aligned} L-G= & {} \left[ \begin{aligned}&\begin{matrix} {{(01010000)}_{1,1}} &{} \ldots &{} {{\text {(11100000)}}_{1,N}} \\ {{(11000000)}_{2,1}} &{} \ldots &{} {{\text {(10100000)}}_{2,N}} \\ \vdots &{} \ddots &{} \vdots \\ {{(11000000)}_{M-1,1}} &{} \cdots &{} {{(10110000)}_{M-1,N-1}} \\ {{(10110000)}_{M,1}} &{} \cdots &{} {{(11100000)}_{M,N}} \\ \end{matrix} \\ \end{aligned} \right] \end{aligned}$$
    (12)
    $$\begin{aligned} {{M}_{G}}= & {} \left[ \begin{aligned}&\begin{matrix} {{(00001110)}_{1,1}} &{} \ldots &{} {{\text {(00001000)}}_{1,N}} \\ {{(00001100)}_{2,1}} &{} \ldots &{} {{\text {(00001000)}}_{2,N}} \\ \vdots &{} \ddots &{} \vdots \\ {{(00001110)}_{M-1,1}} &{} \cdots &{} {{(00001111)}_{M-1,N-1}} \\ {{(00001111)}_{M,1}} &{} \cdots &{} {{(00001000)}_{M,N}} \\ \end{matrix} \\ \end{aligned} \right] \end{aligned}$$
    (13)
  5. 5.

    The extracted high-frequency sub-bands (HL and HH) will be replaced with the two binary groups \((L-GandM-G)\).

  6. 6.

    After replacing the sub-bands, take the inverse DWT(IDWT) to restore the original mask image (\({{I}_{{{R}_{mask}}}}\)). This \({{I}_{{{R}_{mask}}}}\) image will be transmitted as a meaningful encrypted image. The block diagram of the proposed embedding process is displayed in Fig. 5.

Figure 5
figure 5

Schematic diagram of the ciphertext image embedding process.

Full size image

Decryption algorithm section

Decryption can be regarded as the inverse process of encryption, where the final ciphertext image is first decrypted in a non-sequential manner and then the ciphertext image C is divided into R, G, B channels to obtain \(C_{R}\), \(C_{G}\), \(C_{B}\). The specific operation steps are shown in the following Fig. 6.

Figure 6
figure 6

Flow chart of specific steps for decryption.

Full size image

Take the R-channel as an example, perform bit plane layering to obtain 8-bit planes \(C_{R1}\), \(C_{R2}\), \(C_{R3}\), \(C_{R4}\), \(C_{R5}\), \(C_{R6}\), \( C_{R7}\), \(C_{R8}\), the G-channel and B-channel operate the same. Extract the original image feature values stored in the first row of the bit-plane layering and process them to obtain \(key_1\). The encrypted image of the fifth plane can be decrypted and the image is obtained \(Q_{R5}\). The obtained image is continued to be used for decryption until eight plaintext images after bit-plane layering are obtained, and finally, the initial plaintext image P is obtained.

Analysis and discussion of experimental results

Experimental environment

The proposed algorithm was validated on a PC host computer equipped with MATLAB R2023a experimental software. The PC is equipped with an 11th Gen Intel Core i7-11800H CPU operating at 2.30 GHz. The PC has 32 GB of RAM. The image data selected for the experiments are from the standardized test image database USC-SIPI.

Statistical analysis

Histogram analysis

Histograms display statistical information about an image, visualizing the distribution of individual values in the image. The histograms of plaintext images exhibit distinct statistical patterns, and attack schemes that target statistical patterns are known as statistical analysis attacks. We compute and plot the histograms of the original image and the ciphertext. Figure 7a depicts the selection of six plaintext images with various sizes, which are then encrypted to generate the corresponding ciphertext images illustrated in Fig. 7c. The histograms of the images before and after encryption and decryption are presented in Fig. 7b,f, respectively. The histograms of the plaintext images show certain statistical regularity, while the encrypted images show a noise-like distribution, and the statistical properties of the histograms show a uniform distribution. This well hides the key information of the image, thus demonstrating the ability of the proposed algorithm to resist statistical analysis attacks.

Adjacent pixel correlation analysis

Usually, plaintext images have pixels with high neighborhood correlation and exhibit a statistical property. And a good encryption algorithm should make the encrypted image achieve de-correlation between its neighboring pixels.

We calculated and compared the correlation between adjacent pixels in both the plaintext and ciphertext images. This was achieved through the following steps. Initially, 3000 pairs were randomly selected of adjacent pixel coordinates from both the plaintext and ciphertext images. Subsequently, we calculate the correlation coefficients for adjacent pixels in the horizontal, vertical, and diagonal, as well as the antidiagonal directions. The correlation coefficients are calculated using the following formula:

$$\begin{aligned} r_{xy}=\frac{\sum _{i=1}^{M} (x_{i}-{\frac{1}{M}\sum _{j=1}^{M}}{x_{j}})(y_{i}-{\frac{1}{M}\sum _{j=1}^{M}}{y_{j}})}{{\sqrt{\sum _{i=1}^{M} (x_{i}-{\frac{1}{M} \sum _{j=1}^{M}}{x_{j}})^{2}}}{\sqrt{\sum _{i=1}^{M} (y_{i}-{\frac{1}{M}\sum _{j=1}^{M}}{y_{j}})^{2}}}} \end{aligned}$$
(14)

where \(x_i\) and \(y_i\) constitute the i pair of horizontal/vertical/diagonal/antidiagonal neighboring pixels and M is the total number of horizontal/vertical/diagonal/antidiagonal neighboring pixels. The adjacent pixel correlation data of the encrypted image is shown in Fig. 8 and Table 1. From the experimental data, the correlation coefficient of the plaintext image is close to 1, while the correlation coefficient of the ciphertext image is approximately equal to 0. This indicates that the proposed encryption scheme generates images with de-correlated neighboring pixels. Therefore, the proposed scheme in this paper is secure against statistical attacks.

Figure 7
figure 7

Histogram comparison: (a) plaintext image, (b) plaintext image histogram, (c) ciphertext image, (d) ciphertext image histogram, (e) decrypted image, (f) decrypted image histogram.

Full size image
Figure 8
figure 8

Adjacent pixel correlation analysis: (a) R channel, (b) G channel, (c) B channel.

Full size image
Table 1 Comparison results of correlation coefficients of adjacent pixels.
Full size table

Differential statistical analysis

The number-of-pixels change rate (NPCR) and uniform average change intensity (UACI) are frequently employed to assess the resilience of cryptosystems against performance differential attacks. Typically, an attacker modifies the original image by introducing small alterations and subsequently encrypts both the original image and the modified version using the proposed algorithm. This allows the attacker to examine the correlation between the plaintext image and the ciphertext image through a differential attack. To evaluate the resistance of the proposed algorithm against differential attacks, we calculated and compared the NPCR and UACI values using the following formulas:

$$\begin{aligned} {\left\{ \begin{array}{ll} NPCR = \frac{1}{H} \times \frac{1}{W} \times \sum \limits _{i=1}^{H}\sum \limits _{j=1}^{W}D(i,j)\times 100\%\\ UACI = \frac{1}{H} \times \frac{1}{W} \times \sum \limits _{i=1}^{H} \sum \limits _{j=1}^{W} \frac{|v_{1}(i,j) - v_{2}(i,j)|}{255} \times 100\%\\ \end{array}\right. } \end{aligned}$$
(15)

where \(H\times W\) is the size of the image, \(v_1\) and \(v_2\) are the ciphertext image before and after the plaintext image is changed by one pixel respectively. D can be defined by the following equation:

$$\begin{aligned} D={\left\{ \begin{array}{ll} 0 &{} \quad if\quad v_{1}(i,j) = v_{2}(i,j)\\ 1 &{} \quad if\quad v_{1}(i,j) \ne v_{2}(i,j)\\ \end{array}\right. } \end{aligned}$$
(16)

The results of the algorithm, calculated using Eq. (15), are presented in Table 2. The analysis of Table 2 reveals that NPCR and UACI closely approximate their ideal values of 99.6% and 33.4%, respectively.

Table 2 NPCR and UACI values.
Full size table

Information entropy analysis

The concept of information entropy quantifies the level of randomness or uncertainty inherent in an information source. A higher value of information entropy indicates a greater degree of uncertainty in the information source, making it more challenging for the proposed algorithm to predict or decipher the information. The information entropy H(m) of an information source m is computed using the following equation:

$$\begin{aligned} H(m)=\sum _{i=0}^{2^{n}-1} p(m_{i}) \log \frac{1}{p(m_{i})} \end{aligned}$$
(17)

where M is the total number of symbols \(m(i)\in m\), \(p(m_i)\) denotes the probability of a symbol.

Assuming that the source sends 256 symbols and that we can obtain the theoretical value \(H(m)=8\) by using Eq. (17). The closer it is to 8, the less likely it is for an attacker to decode the cryptographic image. Table 3 shows the comparison of information entropy. From Table 3, we can see that the experimental results are close to 8, so the proposed algorithm has good information entropy properties.

Table 3 Image information entropy.
Full size table

Image quality analysis

Peak signal-to-noise ratio (PSNR) and structural similarity (SSIM) are commonly used in the image processing field as a tool to weigh the quality of encryption. The mean square error (MSE) is part of PSNR and is defined as:

$$\begin{aligned} {\left\{ \begin{array}{ll} MSE=\frac{1}{H\times {W}}\sum _{H}^{i=1}\sum _{W}^{j=1}(X(i,j)-Y(i,j))^2\\ PSNR=10\times {\log _{10}(\frac{Q^2}{MSE})}\\ \end{array}\right. } \end{aligned}$$
(18)

where MSE denotes the mean square error of the plaintext image X and the ciphertext image Y, the height and width of the image are denoted by H and W, respectively, and Q denotes the pixel level of the image. SSIM is a measure of the similarity of two images and is defined as

$$\begin{aligned} SSIM(X,Y)=\frac{(2\mu _{X}\mu _{Y}+(0.01L)^2)(2\sigma _{XY}+(0.03L)^2)}{(\mu _{X}^2+\mu _{Y}^2+(0.01L)^2)(\sigma _{X}^2+\sigma _{Y}^2+(0.03L)^2)} \end{aligned}$$
(19)

where \(\mu _{X},\mu _{Y}\) denotes the mean value of image X and Y respectively, \(\sigma _{X}, \sigma _{Y}\) denotes the standard deviation of image X and Y respectively, and L denotes the dynamic range of the pixel values. The values of PSNR and SSIM are calculated using Eqs. (18) and (19) as shown in Table 4. The value of PSNR of an encrypted image should be around 30 dB, and the range of SSIM should be − 1 to 1. The closer the image is, the closer the absolute value of SSIM is to 1, so the value of SSIM should be above and below 0 after encryption.

Table 4 PSNR and SSIM values.
Full size table

Key space analysis

In cryptosystems, the easiest way to break the key is a brute force attack. Therefore, if the key space of the proposed algorithm is larger, the more difficult it is for the attacker to break the proposed algorithm by brute force attack. The size of the key space depends on the length of the security key, and it is one of the important factors to ensure the security of the cryptosystem. The chaotic system used in the image encryption algorithm designed in this paper, its key space can be expressed as \(S\in \{\gamma ,MD5\}\), where \(\gamma \) is the key parameter with an accuracy of \(10^{-16}\) and MD5 is the hash value introduced to augment the key space, which produces a hash of 128 bits. The size of the key space of this encryption scheme is calculated to be about \(10^{16}\times 2^{128}\approx 2^{181}\) and the key length reaches 181 bits. It can be seen from Table 5 that compared with other existing encryption schemes, the key space of this paper has obvious advantages.

Table 5 Key space comparison.
Full size table
Table 6 Test results of key sensitivity.
Full size table

Sensitivity analysis

In this section, the sensitivity performance of the algorithm is analyzed in terms of the sensitivity of the key and plaintext, respectively. A secure algorithm should be highly sensitive, which means that if there is a slight change in the key or plain image information during encryption or decryption, the correct result cannot be obtained.

Key sensitivity analysis

It is a property that good cryptosystems should have that the key used does not yield the correct ciphertext even if there is a small difference. In this section, we compare the differences between the ciphertexts obtained by encrypting with the correct key and the slightly changed keys (\(+10^{-12}\), \(+10^{-13}\), \(+10^{-14}\), \(+10^{-15}\)). The difference between them is derived by calculating NPCR and UACI, where NPCR and UACI are calculated as shown in Eq. (15). The results are shown in Table 6 and Figs. 9 and 10, where we can find that the average values of NPCR and UACI are 99.6108% and 33.4707% respectively when the perturbation is added to the key. This indicates that the difference between the two cipher images is very large. Hence the proposed algorithm in this paper has good encryption results.

Figure 9
figure 9

Test values of NPCR after different keys are perturbed.

Full size image
Figure 10
figure 10

Test values of UACI after different keys are perturbed.

Full size image

Analysis of plaintext sensitivity

In good encryption algorithms, even a small change in the plaintext image can make the encrypted ciphertext image look very different from the ciphertext encrypted from the unchanged plaintext image. If the proposed algorithm does not have this ability, it is very easy for an attacker to break the algorithm by analyzing the correlation between the plaintext image and the ciphertext image. Therefore, the plaintext image sensitivity of an algorithm is the key to its resistance to plaintext image attacks. In this section, we analyze the sensitivity of the proposed algorithm to plaintext images by adding 1 to the pixel values of plain images at (H/4, W/4), (H/4, W \(\times \) 2/4), (H \(\times \) 2/4, W/4), and (H \(\times \) 2 /4, W \(\times \) 2/4) to compute the NPCR and UACI. the results are shown in Table 7 and Figs. 11 and 12. Table 7 demonstrates that when pixel values change by 1 at specific locations, the average NPCR between the corresponding ciphertext images and the original ciphertext images approximate the ideal value of 99.6%. Additionally, the average UACI value closely resembling the ideal value of 33.4%. These results signify a prominent alteration in the cryptographic image and render the algorithm robust against plaintext attacks.

Table 7 Test results of plaintext sensitivity.
Full size table
Figure 11
figure 11

Test values of NPCR after different keys are perturbed.

Full size image
Figure 12
figure 12

Test values of UACI after different keys are perturbed.

Full size image

Execution time analysis

This research aimed to assess the performance of the proposed encryption algorithm concerning image encryption across various sizes. Four sets of images were chosen, sized at \(64 \times 64\), \(128 \times 128\), \(256 \times 256\), and \(512 \times 512\) pixels, respectively. Table 8 illustrates the average runtime for encryption across different image sizes. The intent was to highlight the encryption performance of the algorithm across varying image dimensions using intuitive visualizations.

Table 8 The encryption times of different algorithms (unit: s).
Full size table

Robustness analysis

Robustness measures whether the algorithm can effectively withstand interferences, safeguarding the image content from damage or leakage. In practical applications, images may encounter diverse interferences, making a thorough analysis and evaluation of encryption algorithms against these interferences significantly crucial. In this section, we have selected salt and pepper noise and clipping attack as the subjects of study to explore their impact on image encryption algorithms.

Salt and pepper noise analysis

Noise attacks represent an alternative method for manipulating images, involving the application of statistical techniques to alter specific points within the image. These alterations are often subtle and challenging to detect. Therefore, an effective image encryption algorithm should demonstrate robust resilience against noise attacks. In this study, salt and pepper noise is utilized as the attacking method, as depicted in Fig. 13. The research findings indicate that the encryption algorithm exhibits substantial resistance against noise attacks.

Figure 13
figure 13

The ciphertext and decryption image after adding salt and pepper noise: (a) 0.01, (b) 0.05, (c) 0.1.

Full size image

Clipping attack analysis

During communication, if signal interception occurs, the transmitted ciphertext might be tampered with. To prevent such scenarios, ciphertexts should possess strong resistance against clipping attack. We conducted clipping attack at rates of 1/16, 1/8, and 1/4 at different positions, and used the resulting clipped ciphertexts for decryption. As shown in Fig. 14, the encryption algorithm demonstrates robust resilience against clipping attacks. Even when the clipping ratio reaches 1/4, the primary content of the image remains visible.

Figure 14
figure 14

The ciphertext and decryption image after adding clipping noise: (a) 1/16, (b) 1/8, (c) 1/4.

Full size image

Conclusion

This paper proposes a bit-level image privacy protection scheme using Zigzag and chain-diffusion, it can enhance the ability of image privacy protection scheme to resist password attacks. The scheme adopts the strategy of encryption by weight for each bit layer and designs a chain diffusion method of Zigzag interleaving scrambling with hash value plaintext association. At the same time, non-sequential encryption is adopted to achieve efficient and secure encryption effect. To improve security performance, we introduce a hash-generated chaotic sequence to encrypt each bit layer. The generation of chaotic sequences depends on the hash value of the previous bit, which ensures that the encryption process of each bit layer is independent. Finally, we use a non-sequential encryption technique to non-linearly rearrange the bit ciphertext image, which further enhances the encryption effect. Each encryption module adopts the forward plaintext feedback encryption mechanism, which effectively enhances the avalanche effect of the cipher. The results show that the scheme has robustness and significant diffusion properties and can successfully resist various common cipher attacks. The scheme proposed in this paper combines the features of digital images layered by bit with different visual weights and both considers the security and efficiency of image privacy protection, and thus is a preferred technical solution. Especially in the context of big data era, the technical scheme has potential practical application value.