A novel image encryption algorithm based on least squares generative adversarial network random number generator

In cryptosystems, the generation of random keys is crucial. The random number generator is required to have a sufficiently fast generation speed to ensure the size of the keyspace. At the same time, the randomness of the key is an important indicator to ensure the security of the encryption system. The chaotic random number generator has been widely used in cryptosystems due to the uncertainty, non-repeatability, and unpredictability of chaotic systems. However, chaotic systems, especially high-dimensional chaotic systems, have slow calculation speed and long iteration time. This caused a conflict between the number of random keys and the speed of generation. In this paper, we introduce the Least Squares Generative Adversarial Networks(LSGAN)into random number generation. Using LSGAN’s powerful learning ability, a novel learning random number generator is constructed. Six chaotic systems with different structures and different dimensions are used as training sets to realize the rapid and efficient generation of random numbers. Experimental results prove that the encryption key generated by this scheme can pass all randomness tests of the National Institute of Standards and Technology (NIST). Hence, our result shows that LSGAN has the potential to improve the quality of the random number generators. Finally, the results are successfully applied to the image encryption scheme based on selective scrambling and overlay diffusion, and good results are achieved.


Introduction
With the rapid development of network communication and multimedia technology, more and more digital images are stored, copied, and transmitted through various types of thirdparty platforms or unsecured channels [5]. Therefore, image security has become a hot topic [44]. There are a variety of means to protect image security (such as steganography [1,2], watermark [4,43], encryption [11,12,45,54,55]. etc.), among which image encryption is a more common and effective tool. Image encryption is usually divided into two stages: the scrambling stage and the diffusion stage. The scrambling stage is to change the relative position of pixels in the image, while the diffusion phase is to change the specific value of pixels in the image. Both scrambling and diffusion need to be controlled by the key. Considering the importance of an encryption key, it is a difficult task to generate encryption key with good randomness [44].
In recent years, many schemes of generating random numbers based on chaos have been proposed, but they have little help to improve the security of encryption algorithms [20,46,52,53,59]. Chai x et al. proposed an image encryption algorithm based on DNA sequence operation and chaotic system. This paper mainly uses a two-dimensional logistic adjusted sine map (2D-LASM) to generate encryption key [6]. Hua Z et al. proposed a cosinetransform-based chaotic system (CTBCS). Two chaotic maps were used as seed maps to make the CTBCS have more complex dynamic behaviors and then generate encryption keys with better randomness [18]. Gong l et al. proposed an effective image compression and encryption algorithm based on chaotic systems and compressed sensing. In this scheme, the logistic map and 1D cascade map are used as key generators [14]. The commonness of these algorithms is that they all use low dimensional chaotic systems as key generators, which may lead to the possibility that the generated keys are not random enough, so that attackers can take advantage of them. In contrast, the key generated by our scheme can make the encryption key completely random. In fact, many encryption schemes based on chaos have disadvantages [9,14,16,22,23,42]. Short cycle length is one of the important problems of chaotic keystream generators, which results from the finite precision of computers [24,35]. To solve the problem of randomness and insufficient security of keystream generated by the chaotic system, many scholars have developed several effective encryption algorithms by combining chaotic systems with other methods [10,25,37,47,57], such as breadth-first search [57], DAN coding [25,47], edge password [37], elliptic curve [10] and so on.
After an in-depth study, we have found that the image encryption algorithm also has a promoted requirement of random numbers. According to the definition in [3,36], three attributes can be considered to evaluate the randomness of the sequence [26]: 1. It appears to be random, which means that it can pass all statistical tests of randomness. 2. Unpredictability, even if the corresponding algorithm and hardware are given, it is still unable to predict the next random bit by calculation. 3. It is impossible to replicate reliably. Even if the generator runs twice with exactly the same input, two completely unrelated random sequences can be obtained.
For the first time, we combine LSGAN with the chaotic system as a random number generator. The random numbers generated by this scheme satisfy the above three conditions at the same time. Therefore, the encryption key we use is completely random.
The basic idea of GAN comes from a two person zero-sum game in game theory. It consists of a generator and a discriminator and is trained through confrontation learning.
Its purpose is to estimate the potential distribution of data samples and generate new data samples [30]. Since its first launch in 2014 [27], GAN has become a hot topic in the field of computer vision [48], natural language processing [28], malicious attack detection [8], and data generation [58]. We are very happy to see it introduced into the field of security [19,21,32,60]. Because of the randomness and difference of GAN training results, we take the chaotic sequence as real data, so that the generator can produce data samples similar to and different from the chaotic sequence distribution to meet our need. Then, through NIST, histogram, and entropy analysis, we further prove the effectiveness of the random number generator. Finally, the generated random number is mapped to the image encryption key. Through the analysis of the ciphertext image, we can find that security has been significantly improved.
For an excellent image encryption algorithm, security and efficiency are equally important. Many existing encryption schemes are difficult to achieve a good balance between security performance and encryption efficiency [13,29,50,54]. The main factor affecting the efficiency is that there will be some repeated pixel displacements during scrambling (for example, two identical pixel values are exchanged), which increases the time cost [31]. To improve the security of the algorithm, researchers have proposed a dynamic diffusion algorithm [53] and adaptive diffusion algorithm [7,17], but they all traverse all pixels in turn to change the size of their values, so the encryption efficiency is not ideal. Therefore, we draw lessons from this mode and design a selective scrambling method and a superposition diffusion method.
To solve the above problems, we design a new random number generator to solve the problem of insufficient security and randomness of the encryption key. Firstly, we take the chaotic sequences generated by six chaotic systems as the training set of GAN in turn. By adjusting the parameters and training time of the GAN system, we finally generate random numbers that meet our needs. Secondly, to improve the scrambling effect, a selective scrambling method is designed, which scrambles the pixel regions with important information and the edge pixels in the image. Finally, a superposition diffusion method is proposed. Compared with the traditional dynamic diffusion method, each pixel block is used as the diffusion unit in the coverage diffusion method, while each pixel is used as the diffusion unit in the traditional method, so the coverage diffusion can improve the efficiency of the diffusion operation. Simulation results and security analysis show that the random number generated by this scheme can pass all the tests in NIST, and the efficiency of key generation is improved. The encryption system can effectively resist the common violent attacks, differential attacks, and shear attacks. In the performance test of pixel correlation and information entropy, compared with other literature, each index has certain advantages.
The rest of this paper is structured as follows. Section 2 briefly introduces the related work and the method of generating the security key. Section 3 introduces the randomness and security analysis of generating random numbers in detail. Section 4 introduces the encryption algorithm. Section 5 analyses the performance of the proposed algorithm through various security tests. Section 6 winds up the paper.

Random numbers generator with LSGAN
We propose a random number generator that combines LSGAN and chaotic systems as shown in Fig. 1. LSGAN is closer to real data than Generative Adversarial Networks(GAN) (The random number generated by LSGAN is used as the encryption key in the encryption algorithm). We choose six chaotic systems, including low dimensions and high dimensions. The chaotic sequence generated by a chaotic system is used as the training set. We try to make the data generated by the generator infinitely close to the chaotic sequence, and then test the randomness of the generated data. Through performance analysis, we can prove that our idea is correct. At the same time, we can test the randomness of the generated data. When a large number of random numbers are needed, the efficiency of LSGAN is much better than that of a chaotic system.

LSGAN
GAN is a deep learning model and is one of the most promising methods for unsupervised learning on complex distributions in recent years. The model produces good output through the mutual game learning of two modules in the framework: the generative model and the discriminant model.
In the formula, E x∼P data is the distribution of the real input data, log D(x) is the judgment value of the discriminator, log [(1 − D(z))] is the judgment value of the generated data. Through the continuous game of the maximum and minimum values, the G-Network model and D-Network model are circularly and alternately optimized until the two models reach the Nash equilibrium; x is the training set, G(z) is the data generated by the G-Network model, and D(x) is the D-Network model for determining whether the real data and the training z is the noise of input G network model,E Z∼P Z (Z) is the distribution of noise data.
Conventional GAN uses S-type cross entropy loss function. As described in reference 1, when updating the generator, this loss function will cause the problem of vanishing gradients for the samples that are on the correct side of the decision boundary, but are still far from the real data, Therefore, the least square method (LSGAN) is proposed. Suppose A-B coding Fig. 1 Block diagram of random number generation scheme. The latent space shows where the noise is located in the potential space. Noise is the random number generated by the systems, the chaotic sequence is obtained by the iterative chaotic system scheme is used for the identifier, where A and B are labels of pseudo data and real data, respectively. Then, the objective function of LSGAN can be defined as following: where c denotes the value that G wants D to believe for fake data. The benefits of LSGAN can be drawn from two aspects [38]. First of all, unlike conventional GAN, LSGAN does minor damage to long samples located on the right side of the decision boundary. Even if they are correctly classified, LSGAN will punish those samples. When the generator is updated, the discriminator's parameters are fixed, that is, the decision boundary is set. As a result, the penalty causes the generator to generate samples toward the decision boundary. On the other hand, the decision boundary should span all aspects of the real data for successful GAN learning. Otherwise, the learning process will be saturated. Therefore, moving the generated samples to the decision boundary will make them closer to the real data. Second, penalizing the samples that are far from the decision boundary can generate more gradients when up-dating the generator, which in turn reduces the problem of vanishing gradients. This allows LSGAN to perform more stable during the learning process.

Data set preparation
Six chaotic systems are selected, and the generated pseudo-random number is used as the training set of GAN.
(1) QCNN [39]: Where: g 1 , g 2 is the polarizability; h 1 , h 2 is the quantum phase; a 1 , a 2 is the proportional coefficient of the energy between the points in each cell; b 1 , b 2 is the weighted influence factor for the difference between the polarizability of adjacent cells. When a 1 = a 2 = 0.28, b 1 = 0.7, and b 2 = 0.3, the system is in a chaotic state.

Generation of random numbers
Secondly, LSGAN is iterated t times to generate 6 groups of random numbers G1, G2, G3, G4, G5, G6 with a size of 800 × 100. The encryption keys K G1 , K G2 , K G3 , K G4 , K G5 and K G6 are obtained after conversion.
3 Security analysis of random number generation scheme

Entropy analysis
It can be seen from Fig. 2a that the random numbers are evenly distributed and have good randomness. After the random number is converted into a key, it can be seen in Fig. 2b that the data distribution is relatively flat, and the entropy of the image is directly related to the histogram of the image, so the smoother histogram has a higher entropy. The entropy H (m) can be calculated as follows: Where N = 256, R(s i ) is the probability of s i . Ideally, entropy should be 8, which indicates that information is uncertain. Through the measurement, we get an entropy value of 7.9986 that is very close to the ideal value, which proves the feasibility of the scheme.

Randomness analysis
A test suite is a collection of statistical randomness test that is designed to test the randomness properties of sequences. NIST test suite [14] has been used in this study to assess randomness. Table 1 shows the results of NIST test when the chaotic sequences generated by different chaotic systems are used as real data. It can be seen from the data in Table 1 that the training results of high-dimensional chaotic system or low-dimensional chaotic system can pass NIST test when the chaotic sequence is used as the training set. Table 2 also lists the situation of using chaotic system to generate random number, using other software generated random number as training set and using chaotic sequence as training set. As can be seen from the data in Table 2, only our proposed scheme can pass all NIST tests.

Efficiency analysis
In order to test the efficiency of random numbers generation by LSGAN and chaotic system, we tested the time of generating 80000, 160000, 320000 and 1600000 random numbers respectively. As shown in Table 3, the time of random numbers generated by LSGAN is obviously better than that of the random numbers generated by the chaotic system. With the increasing amount of random number data, the advantage of LSGAN is more obvious. It shows that the random numbers generated by our method can improve encryption efficiency. At the same time, we find that the random numbers generated by QCNN, 4D hyperchaotic system and Lorenz chaotic system iterating 100 times in LSGAN can pass all NIST tests, while fractional Chen hyperchaotic system, 3D chaotic system and Henon chaotic system need to iterate 500 times in LSGAN. It shows that when the chaotic sequence generated by different chaotic systems are used as training sets, different iteration times are needed to pass all NIST tests.

Encryption algorithm
We propose an image encryption scheme based on LSGAN and a chaotic system to generate secure keys. The scheme uses LSGAN to generate the key of image encryption, and encrypts the image through the designed selective scrambling method and superposition diffusion method to obtain the cipher-image with good security. The scheme solves the problems of key randomness and low key generation efficiency. The overall block diagram of the encryption scheme is shown in Fig. 3, and the encryption flow chart is shown in Fig. 4.
Step 1. The input is an original image P in which M and N express its the width and height of the image, respectively.
Step 2. Four groups of security keys K1, K2, K3 and K4 with the size of 256×256 are generated using the method described in Part 2.
Step 3. Divide P into 16 equal-sized blocks, B i (i = 1, 2, 3, 16). As shown in Fig. 5, there are 12 inter-block exchanges, so 12 pairs of coordinate blocks I nd i (x, y) are generated by Table 1 NIST test: P-value (1) is the real data set generated by QCNN chaotic system, P-value(2) is the real data set generated by 4D hyperchaotic system, P-value(3) is the real data set generated by Fractional Chen hyperchaotic system, P-value(4) is the real data set generated by 3D hyperchaotic system, P-value(5) is the real data set generated by Lorenz chaotic system, P-value(6) is the real data set generated by Henon chaotic system Test name P-value (1) P-value (2) P-value (3) P-value (4) P-value (5) P-value (6) Table 2 Comparison of NIST test results, (1) is the QCNN chaotic system, (2) is the 4D hyperchaotic system, (3) is the Fractional Chen hyperchaotic system,(4) is the 3D hyperchaotic system, (5) is the Lorenz chaotic system, (6) is the Henon chaotic system, (7) is the Pseudo random number, (8) is the our scheme Test name (3) Step 4. Design a selectieve scrambling rule.
The principle of pixel exchange between blocks is controlled by random coordinate blocks I nd i (x, y). The scrambled image is P .
Step 5. Use K1 and K2 to construct a global coordinate Q x and Q y , by which the whole P is scrambled and the pixel correlation is further reduced.
Step 6. Dynamic overlay diffusion: Firstly, K3, K4 and the scrambled image P are transformed into a matrix of 16 × 4096 size, and the 16 × 16 pixel block is taken as an overlay block. Then K3 and K4 are used alternatively to do XOR operation with P , as shown in the Fig. 6, and the cipher-image Cp is finally obtained.

Experimental simulation and performance analysis
In this section, to prove the security of our scheme, the 256 × 256 traditional 8-bit grayscale images are used as the original images. Common security analyses, including statistical data and common attacks and so on, are also made and compared. Figure 7a, d and g are plain-images, (b) (e) (h) are cipher-images, (c) (f) (i) are decrypted images.

Key space
It is important for an image encryption algorithm to have a large enough security key space to resist the brute force attacks. Taking a 4-D hyperchaotic system as an example, only the initial value and parameters of the chaotic system are considered, if the length of every subkey is set to 16 decimals, the key space of our algorithm will be 10 16×4 = 2 192 > 2 100 [40]. As a result, it is large enough to resist brute force attacks.

Information Entropy
In many image processing processes, information entropy is often used to measure the randomness of a noise map. Its entropy value H (m) can be calculated by the following equation [49]: Where N is the gray level, p(m i ) is the probability of m i . The entropy should ideally be 8 for a cipher-image with 256 gray levels, which indicates that the information is uncertain. Therefore, the information entropy of the encrypted image with high security should be close to 8. Table 4 lists the results of the information entropy of the cipher-image. Compared with the algorithms in reference [10][11][12], we can see that in terms of information entropy, the proposed scheme is better, and the pixel distribution of the encrypted image is more random.

Histogram analysis
The histogram is one of the important criteria for measuring the performance of an image encryption algorithm. It can describe the number of pixels corresponding to the gray level and the frequency of occurrence of each gray level, showing the distribution law of image pixels. As can be seen from Fig. 8, the histograms of all cipher-images are uniformly distributed, so the strong regularity of the pixels of plain-images is not brought into the cipher-images. This means that the attacker can't get any useful statistical information from the cipher-image to attack the algorithm. The scheme can provide a good confusion effect for encrypted images.

Correlation of two adjacent pixels
Because of the characteristics of digital images, plain-images usually show a certain degree of correlation between two adjacent pixels. In order to assess the correlation between adjacent pixels,4000 pairs of adjacent pixels (x i , y i ) are randomly selected from the plain-image   Where x and y represent the gray value of two adjacent pixels, Correlation coefficient performances of the proposed scheme have been presented in Fig. 9 and Table 5, from which we can see that the correlation coefficients of the secret image have been reduced dramatically, while the correlation coefficients of the plain image are close to 1. Literature [45,54,55] provide a comparative algorithm. It is obvious that adjacent pixels of plainimage has strong correlation, while those of cipher-image have low correlation. This further proves that the scheme can effectively resist statistical attacks.

Peak signal-to-noise ratio
The difference between plain-image and cipher-image is measured by mean square error (MSE). MSE is defined as: T represents the number of pixels in an encrypted image. The larger the value of MSE, the greater the difference between the encrypted image and the original image, and the better the image encryption effect.
Peak signal-to-noise ratio (PSNR) is a ratio between plain-image and cipher-image. PSNR is defined as: P SNR = 10log 10 ( max is the maximum pixel value of plain-image. In a good encryption algorithm, PSNR should be as low as possible, which indicates that the encrypted image are more randomness [41]. The MSE and PSNR values of the cipher-image are shown in Table 6, and references [10,46,51] are used for comparison.

Differential attack
Sometimes, attackers make a tiny change in the original plain image, and then encrypts both the original plain image and the changed plain image by the same encryption scheme, and try to find out the relationship between plain image and its cipher image by comparing the two encrypted images. The number of pixels change rate (NPCR) [26] and the unified average changing intensity (UACI) [15] are two criteria for analyzing differential attacks.
Where C 1 (i, j ) and C 2 (i, j ) are the two encrypted images mentioned above and D(i, j ) is computed as The ideal NPCR value and UACI value of the cipher-image are 99.6093% and 33.4653% respectively [56]. Table 7 lists the calculations of NPCR and UACI and compares them  with those of other algorithms [10,52,53]. A conclusion can be drawn that the proposed algorithm has good property in resisting differential attacks.

Speed analysis
Speed of the encryption algorithm is also considered as a crucial factor. The proposed GAN key generation scheme reduces the time of key generation greatly, and the designed scrambling and diffusion algorithm also improves the encryption efficiency. Compared with other encryption schemes [51][52][53] in Table 8, our algorithm shows some advantages in speed. At the same time, due to the symmetric structure, the time cost of encryption and decryption are the same. Therefore, the proposed algorithm shows that it can can be used for real-time transportation.

Robustness against noise
Practically, some noise may be added through the transmission of encrypted images from the transmitter to the receiver. This can lead to an inevitable error, causing difficulties in Fig. 11 The images on the first row are the encrypted image after cutting 64 × 64, 64 × 128 and 128 × 128 respectively. Those images on the second row are the decrypted results of corresponding encrypted images decryption. A good encryption algorithm should be able to resist noise attacks. Salt and Pepper noise is added to the ciphered image of Boat, with different densities. The decrypted image of each case is shown in Fig. 10, which validates the efficiency of the system against noise attacks. Therefore, our algorithm has good robustness and can efficiently resist noise attacks.

Robustness against cropping
An effective cryptosystem must take information loss into account. To evaluate its robustness of resisting cropping attacks, parts with 64 × 64, 64 × 128 and 128 × 128, are deleted from the cipher-image 'boat'. As shown in Fig. 11a-d, the decrypted plain images continue to be meaningful. Hence, our method is robust against this kind of attacks. Through a series of performance analysis and anti-attack detection, it can be seen from the key space, information entropy, histogram, adjacent pixel correlation, peak signal-tonoise ratio and speed test results that its security is considerable. From the test results of differential attack, cropping attack and noise attack, it has been found that its anti-attack ability has certain advantages over the similar literature.

Conclusion
This paper innovatively introduces LSGAN into image encryption. The good learning ability of LSGAN model is used to obtain the encryption key. Through NIST test, efficiency test, entropy and histogram analysis, it is proved that the random number generation scheme proposed in this paper can provide strong guarantee for image security, and expand the new idea of image security research. In order to improve the security of encrypted image, a scrambling method and a coverage diffusion algorithm are designed. The experimental results show that the scheme has a large key space and an average entropy of 7.9976. The anti-attack ability of the scheme is also verified by differential attack, cut attack and noise attack. In the future, we will improve the current model and other shortcomings, try to make the encrypting and decrypting parties generate keys synchronously, and reduce the number of keys transmitted on the network.