CIE-LSCP: color image encryption scheme based on the lifting scheme and cross-component permutation

Encryption of meaningful images into unidentifiable noise-like images can improve the security of images during storage and transmission. In this paper, a novel color image encryption method based on the lifting scheme and cross-component permutation (CIE-LSCP) is introduced. First, original image is divided into red, green and blue components, and then the three components are processed by a preprocessing strategy based on the lifting scheme (PSLS) to change the statistical distribution of the pixels. Second, a block-based cross-component permutation based on index vectors (BCPIV) is presented to divide three preprocessed components into blocks and perform the cross-component permutation operation on them, and three random matrices are utilized to determine the target component, target block and target pixel position of the current pixel to be moved, respectively. Subsequently, a multi stochastic diffusion based on random sequences (MSDRS) is developed to alter the pixel values of the permutated components, and finally a ciphertext image is gotten by merging the three components. Moreover, the SHA256 hash values of the plaintext image are used to obtain the initial parameters of the chaotic system, and the obtained chaotic sequences are applied in the image encryption process. Wherein the generated random sequences are highly reliant on the plaintext image, making the encryption scheme resistant to both known-plaintext attacks and chosen-plaintext attacks. Experimental results demonstrate that the proposed scheme has good security and effectiveness and can be applied for secure transmission of digital images over the Internet.


Introduction
With the advent of the era of big data, more and more images are generated, transmitted and stored over the internet, and the value of data has become increasingly prominent. Some images may contain individual secret information, military secret, and even national strategy. Once they are copied and tampered with by malicious attackers, the consequences are very serious. Therefore, it is urgent to find effective schemes to protect image information. The encryption-decryption process and security of traditional cryptography are based on mathematical puzzles, and with the exception of onetime-pad cryptography [1], all other encryption systems are only computationally secure to the extent that they can be deciphered if an attacker has sufficient computational power. For the scrambling-only encryption process, it just changes the position of pixels in the plaintext image without altering its histogram [2], thus they are less able to resist statistical attacks. To solve the security problems of images transmission, various methods have been proposed by many scholars [3][4][5][6], such as information hiding, image encryption, etc. Image encryption has demonstrated its superior performance to secure images, and some image encryption methods have been introduced.
Fridrich [7] gave a breakthrough confusion-diffusion framework for the image encryption system in 1998, and then scholars have proposed some encryption schemes [8,9] using this structure. For instance, Wang et al. [10] developed a fast image encryption algorithm based on parallel computing system. The plaintext image was first performed with a permutation algorithm that combined cyclic shift and sorting, and next a parallel diffusion method was utilized to obtain the ciphertext image. Saiyma et al. [11] presented a novel bit-permutation-based image encryption algorithm, and used a three-dimensional puzzle along with chaos for further diffusion and confusion. Besides, Wang et al. [12] introduced a spatiotemporal chaos and its application in a bit-level image encryption scheme, this algorithm contained three main process: the generation of keys, confusion and sequential diffusion operations. Wen et al. [13] proposed a hyper-chaos-based image cryptosystem with a classical bi-modular architecture, performed random permutation and sequential diffusion on original images. Wang et al. introduced a novel chaotic image encryption algorithm based on DNA sequence operations [14] and a novel chaotic block image encryption scheme using dynamic random growth technique [15]. In [8][9][10][11][12][13][14][15], the plaintext images are all grayscale image, but in real life, color images are more universal, and there is intense correlation between red, green and blue components of color images. However, if the above algorithms are directly applied for color images, it will lead to low security. Therefore, designing color image encryption schemes is necessary.
Recently, many encryption schemes for color image have been developed [16,17]. Rehman et al. [18] gave a color image encryption algorithm based on DNA complementary rules, which first designed a permutation method based on DNA complementary rules, and then used random sequences and DC-boxes to diffuse the permuted matrix to generate high-quality ciphertext images. Dua et al. [19] designed a scheme to encrypt images based on the cosine transformation of a 3-D intertwining Logistic map, used the generated chaotic sequences to displace, rotate, and replace the plain image to form a secure ciphertext image, and the experiments showed that the proposed encryption scheme is more efficient. Wang et al. [20] introduced an image encryption algorithm based on matrix semi-tensor product and composite key, designed a new permutation method and composite key generation approach, making the generated encrypted images more secure and effective. They also designed single-parameter fractal ordering matrices [21] and two-parameter fractal ordering matrices [22] for the encryption process, which improved the encryption speed and the security of the encrypted images. Khan et al. [23] introduced an image cryptographic scheme based on a permutationdiffusion framework, which is more productive due to the use of predefined S-boxes, Chebyshev polynomials and fractal Tromino in the encryption process. Moreover, a fast color image cipher was proposed by zhou et al. [24]. The color image was transformed into a 3D matrix, and then it was permutated by the 3D orthogonal Latin square and matching matrix generated from the 3D sine map, subsequently, the shift operation and diffusion operation were performed on the permutated image to find the cipher image. Teng et al. [25] presented a color image encryption based on fisher-yates scrambling algorithm, the SHA-384 was first used to generate the key, and then three groups of chaotic sequences were obtained to encrypt red, green and blue components of the plain color image, respectively.
Because of its pseudo randomness and sensitivity to initial parameters, chaotic systems [26,27] are used by many encryption projects. Wang et al. [28] proposed a novel onedimensional chaotic map generator and applied it in a new index-representation-based image encryption scheme. The chaotic system obtained by their proposed one-dimensional chaotic map amplifier enhances the chaotic behavior and has high sensitivity. Talhaoui et al. [29] designed a new one-dimensional chaotic map and used it in the encryption method, experimental results show that it has sound cryptographic properties. However, due to the low-dimensional chaotic systems with less parameters, simplicity of orbits, and easy estimation of parameters and initial values, highdimensional chaotic systems [30,31] and hyper-chaotic systems are employed in image encryption process to overcome these disadvantages, and there is theoretical evidence that chaotic systems can resist dynamic degradation [32]. Mou et al. [33] constructed an improper fractional-order laser chaotic system, for the purpose of studying the application of fractional-order chaos systems in image encryption. Wang et al. [34] proposed a multi-dynamic segmented coupled mapping network with well chaotic behavior and designed an image encryption scheme based on it, which satisfies the cryptographic requirements. In [35], Dua et al. suggested a cryptographic operation for color images using alternate logistic maps. The parameters of the Arnold cat mapping were generated with logistic sine maps and logistic tent maps, the produced random sequences were applied to the bit-plane permutation, followed by combining the bit planes into pixel matrices, which were then scrambled and diffused by the chaotic sequences generated from alternate logistic maps. Mou et al. [36] found a novel image encryption algorithm based on the fractional-order hyper-chaotic complex system and Galois field, and later, they [37] also proposed another encryption method using hyper-chaotic system. In this article, a three-dimensional Lorenz-Haken laser chaotic system is utilized to generate quasi-random chaotic sequences for image encryption and enhance the resistance of the method to attacks.
Though the above image encryption methods have relative satisfactory performance, there exists some security and efficiency problems. First, in the above image encryption, most algorithms are based on permutation-diffusion structure, wherein, when some special images (such as all black and all white images) are encrypted at pixel level, the problem of invalid scrambling often occurs, this is to say, the scrambled image is the plaintext images even after many round permutation operations, which seriously affects the security and efficiency of the image cryptosystems. Besides, as for those color image encryption, red, green and blue components are encrypted separately, the high correlation between three components is not removed effectively, which makes it possible for hackers to attack them by statistical attack. Additionally, some diffusion operations of image encryption have been presented, chaotic sequences are adopted to perform XOR operation with pixels of plaintext images in order, this kind of diffusion methods are simple and have low randomness, and are easily cracked by attackers who know the chaotic sequences beforehand, it reduces the security of image encryption algorithms.
To settle with these issues, an effective color image encryption algorithm is designed based on the lifting scheme and cross-component permutation in this article, named as CIE-LSCP. First, the color image is decomposed to red, green and blue components, three chaotic sequences are generated based on the plaintext image information and Lorenz-Haken laser chaotic system, then the chaotic sequences are applied to sequentially interfere the three components, the lifting scheme is employed for preprocessing operation. Second, a block-based cross-component permutation based on index vectors is designed in this paper to alter the positions of pixels in three components obtained by preprocessing method. Finally, three components acquired from permutation strategy are processed by a multi random diffusion operation, and a color ciphertext image is obtained by combining the three diffused components. The contributions of this paper are summarized as follows: 1. A preprocessing strategy based on the lifting scheme (PSLS) is adopted to vary the statistical distribution of the plaintext images pixels. PSLS is implemented before permutation-diffusion manipulation, the information of plaintext images and Lorenz-Haken laser chaotic system are employed to generate three random sequences, and then addition or XOR operations are performed between two selected components or between component and random sequence through the use of the lifting scheme. It can prevent attackers from using all black and all white images to invalidate the scrambling process, thus improving the security of our image encryption scheme. 2. A block-based cross-component permutation based on index vectors (BCPIV) is developed to shuffle the pixels among three components efficiently. The sequences associated with plaintext images are manipulated and sorted to obtain the corresponding index vectors, then three random matrices are obtained by cyclic shift operations on index vectors. Besides, three random matrices are utilized to determine the target component, target block and target pixel position of the current pixel to be moved respectively, which makes BCPIV extremely correlated with the plaintext images and enhances the stochasticity of permutation procedure. 3. A multi stochastic diffusion based on random sequences (MSDRS) is introduced to modify the pixel values of images. In MSDRS, the pixel of current component to be diffused is determined by a random sequence, the random value involved in the operation, the pixel of another component and the target position of the diffused pixel are established by stochastic sequences. As opposed to the diffusion according to the order of the image pixels, MSDRS is more random and is less likely to be attacked by hackers. 4. The proposed image encryption is highly sensitive to the plaintext image. A three-dimensional Lorenz-Haken laser chaotic system is utilized for generating key sequences to be used in preprocessing, permutation and diffusion stage. To improve the dependence of image encryption with the plaintext image, the SHA 256 hash values of the original image are computed to obtain the initial parameters of the chaotic system, thus the produced chaotic sequences highly depend on the plaintext image, which makes the known-plaintext and chosenplaintext attacks invalid.
The remainder of this paper is organized as follows. The fundamental knowledge including the Lorenz-Haken laser chaotic system and the lifting scheme is provided in "Fundamentals". The image encryption scheme is introduced in "The proposed image encryption scheme". The experimental results are presented in "Simulation results and performance analyses", followed by conclusion in "Comparative analysis".

Fundamentals
In this section, we will describe the Lorenz-Haken laser chaotic system and the lifting scheme. The random sequences produced by the chaotic system are crucial for our encryption scheme, and the lifting scheme is implemented for the preprocessing step in the encryption procedure.

Lorenz-Haken laser chaotic system
Lorenz-Haken laser chaotic system [38] is adopted in this paper, which can be expressed by where x, y and z are the system state variables, σ , γ and b are parameters of the system. The choice of three parameters in the system plays an important role in whether the system will enter a chaotic state or not, σ , γ and b can be taken as any value greater than 0, they are typically taken as σ 10, γ 28, and b 8/3. When σ < (b+1), the system is always in a steady state. When σ > (b+1), if γ < σ (σ +b+3) σ −(b+1) , the system is in a stable state, and if γ > σ (σ +b+3) σ −(b+1) , the system is in a chaotic state. Therefore, keeping σ 10 and b 8/3, the system starts to enter into the chaotic state when γ > 24.74 [39].
The used Lorenz-Haken laser chaotic system is characterized by unstable, irreducible and unpredictable behavioral performance, periodic and non-periodic motions are entangled with each other, while being very sensitive to initial conditions, making the generated sequences more random. Besides, the system structure is more complex than lowdimensional chaotic systems, and the values of system variables are harder to predict. We can also treat the random sequences produced by the chaotic system, for example, multiple sequences are combined to generate new ones, which makes the design of stochastic sequences for encryption algorithms more flexible. Additionally, the initial values of the three system state variables and the three system parameters of Lorenz-Haken laser chaotic system can be used as keys for generating random sequences, and thus the key space of the used image encryption algorithm will be much larger than those using the low-dimensional chaotic systems. Furthermore, this chaotic system also has some limitations. For example, it will take longer time to iterate Lorenz-Haken laser chaotic system to obtain random sequences compared to the low-dimensional chaotic system.

The lifting scheme
In 1994, Sweldens [40] introduced a new approach to calculate wavelet transform named as the lifting scheme, which is mainly divided into three stages: splitting, prediction and updating.
Splitting the process is to divide the data set into two subsets, and the data set is represented as T T 0 i , i 0, 1, 2, ..., n − 1. It is usually divided according to the odd-indexed and even-indexed, the data of even-indexed constitute a subset, the other data form another subset, and this step is expressed as: Updating in this process, the remaining subset st 1 i is updated by the subset dt 1 i , i.e., st 1 i is calculated with the subset dt 1 i to get a new subset st 1 i , as follows: In this article, the lifting scheme is utilized to preprocess the color plaintext images to alter their pixel values in the first time.

Encryption algorithm
In this section, a new color image encryption scheme named as CIE-LSCP is proposed and illustrated in Fig. 1, and the main contents are described in detail as follows. Three random sequences are obtained based on the plaintext images information and Lorenz-Haken laser chaotic system. Next, preprocessing strategy based on the lifting scheme (PSLS) is developed to process the plaintext images. Subsequently, the permutation and diffusion operations are manipulated on the preprocessed image to get the ciphertext image. External keys t 1 ,t 2 ,t 3 ,t 4

Generation of initial values of chaotic system
A 256-bit hash value H of the plaintext images I sized of M × N is generated by the SHA 256 hash function in the proposed encryption scheme. Then, H is divided into 16-bit blocks, which are converted into 16 decimal numbers as: H h 1 , h 2 , …, h 16 . Next, calculate the initial values of the chaotic system by where t 1 , t 2 , t 3 , t 4 are external keys, M is the row number of the plaintext images, N is the column number of the plaintext images, x(0), y(0) and z(0) are initial values of the chaotic system, and ⊕ indicates the XOR operation.

Preprocessing strategy based on the lifting scheme (PSLS)
To solve the problem that the confusion is invalid when image encryption with confusion-diffusion architecture encrypts all-black and all-white images, preprocessing strategy based on the lifting scheme (PSLS) is proposed in this algorithm, and applied to process the plaintext image before permutation. As shown in Fig. 2, the red, green, blue components of the color plaintext images are preprocessed and the detailed operations are described as follows.
Step 1 According to the hash value of the plaintext image I with the size M × N, three initial values of chaotic system can be obtained. Then, iterate this system for N 0 (N 0 ≥ 1000 + M × N) times with them according to Eq. (6) Step 2 The color image I is decomposed into red, green and blue components, and they are represented as three matrices IR, IG, IB sized of M × N. For each matrix, they are expanded into one-dimensional vectors R_1, G_1, B_1 with length MN row by row. The corresponding index O_1, P_1 and Q_1 are obtained by arranging O, P and Q in ascending order. Three arrays R_1, G_1 and B_1 were sorted by O_1, P_1 and Q_1 respectively, and then three sequences R_2, G_2 and B_2 with length MN were obtained by Step 3 Sequence G_2 was applied to predict alignment R_2, and a new array NR was obtained by where mod(a, b) denotes the modular operation of a to b, the floor(x) function signifies the maximum integer that is not larger than x. NR i , G_2 i , R_2 i are the ith numerical element in the sequence NR, G_2, R_2 respectively, and i is an integer, Step 4 Sequences G_2 and P were used to disturb with series NR, and a new serial CR was obtained by where CR i , P i , NR i are the ith numerical element in the series CR, P, NR respectively, and i is an Step 5 Sequence G_2 was updated by array CR, and a new serial CR was obtained by where NG i is the ith numerical element in the sequence NG, and i is an integer, i ∈ [1, M × N ], C R 0 0.
Step 6 Array CR was employed to predict sequence B_2, and a new serial NB was gotten by where NB i , B_2 i are the ith numerical element in the alignments NB and B_2 separately, and i is an Step 7 Sequences CR and Q were used to disturb with array NB, and a new serial CB was obtained by where CB i , Q i are the ith numerical elements in the sequences CB and Q severally, and i is an Step 8 Alignment NG was updated by sequence CB, and a new serial CG was obtained by where CG i is the ith numerical element in the sequence CG, Finally, three sequences CR, CG and CB with length MN are obtained.
In the PSLS, the lifting scheme and random sequences are applied to perform addition and XOR operations on plaintext images pixels, which changes the pixel values and prevents the problem of permutation invalidation caused by attackers using all zeros and all ones images against encryption algorithm. The pseudocode of PSLS is described in Algorithm 1.

Algorithm 1 The pseudocode of PSLS.
Input: Plaintext images I of size M×N and external keys. Output: Three sequences CR, CG, CB. 1: Generate initial parameters of three chaotic system by hash value of original image, iterate Eq.

Block-based cross-component permutation based on index vectors (BCPIV)
Three sequences CR, CG and CB are recombined to get three matrices PR, PG and PB with size M × N, and then the three matrices are respectively shuffled by the proposed BCPIV as follows: Step 1 Select three matrices PR_2, PG_2, PB_2 with size L 2 × L 2 from PR, PG and PB respectively, PR_2, PG_2, PB_2 are divided into L 2 blocks in turn, and the size of each block is L × L. L is obtained by where a is the floor operation to obtain the largest integer that is not greater than a.
Step 2 The first L 2 data in the sequences O, P, Q are selected and denoted as O_3, P_3, Q_3, respectively. Four new alignments T , H, Y and Z were acquired by where The corresponding index vectors IT , IH, IY and IZ are obtained by arranging T , H, Y and Z in ascending order, respectively.
Step 3 Initialize two matrices S and W with size L 2 × L 2 , set the values of IT to each row of S, and the values of IH to each row of W . Each row in S is cyclically shifted using the elements in IY , and each row in W is cyclically moved according to the elements in IZ, finally two matrices S and W are obtained. An example of using the sequences IT and IY to generate matrix S is shown in Fig. 3. Initialize each row in matrix S to {3, 2, 4, 1}, the first element in sequence IY is 1, one shifts the first row of matrix S to the left by 1 pixel, the first row of the altered matrix S is obtained, and it is {2, 4, 1, 3}. The second element in sequence IY is 3, one shifts the second row of matrix S to the left by 3 pixels, the second row of the altered matrix S is obtained and denoted as {1, 3, 2, 4}. The third element in sequence IY is 2, one moves the third row of matrix S to the left by 2 pixels, the third row of the modified matrix S is obtained and represented as {4, 1, 3, 2}. The last value in sequence IY is 4, one shifts the last row of matrix S to the left by 4 pixels, then the last row of the altered matrix S is gotten and shown as {3, 2, 4, 1}.
Step 4 An integer matrix E of size L 2 × L 2 is generated by where i ∈ 1, L 2 , j ∈ 1, L 2 , E(i, j) is the element of the ith row and jth column in matrix E, and E(i, j) ∈ [0, 2].
Step 5 Set column j 1. Initialize three matrices VR, VG and VB with size M × N, and set VR as PR, VG as PG, VB as PB.
Step 6 Determine the target position of the pixels to move in the matrix PR according to the values in the matrix E. For the matrix PR, move the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VR when E(i, j) 0; shift the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VG when E(i, j) 1; move the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VB when E(i, j) 2. The position of the blocks and the pixels within the block are arranged in row priority, this detail is as shown in Fig. 4.
Step 7 Compute the target position of the elements to move in the matrix PG according to the values in the matrix E. For the matrix PG, move the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VR when mod(E(i, j) + 1, 3) 0; shift the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VG when mod(E(i, j) + 1, 3) 1; move the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VB when mod (E(i, j) + 1, 3) 2. The position of the block and pixels within the block are arranged in line priority (Fig. 4).
Step 8 Calculate the target position of the pixels to move in the matrix PB according to the values in the matrix E. For the matrix PB, move the pixel located at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VR when mod(E(i, j) + 2, 3) 0; shift the pixel at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VG when mod(E(i, j) + 2, 3) 1; move the pixel at the ith row and jth column to the W (i, S(i, j))th position of the S(i, j)th block of the matrix VB when mod(E(i, j) + 2, 3) 2. The position of the block and pixels within the block are arranged in row priority.
In steps 6~8, where i is an integer, i ∈ 1, L 2 , j ∈ 1, L 2 , E(i, j) is the element at the ith row and jth column in Step 9 Repeat steps 6~8 for j 2~L 2 to achieve the permutation operation. Finally, three matrices VR, VG, VB with size M × N are obtained. To make the reader understand the BCPIV well, an example shown in Fig. 5 is presented to determine the target position of each pixel movement according to three matrices S, W , E. Figure 6 gives another expression of the permutation process, are red, green, blue components before the permutation are given on the left, expanded by the row, components after the permutation are put on the right, expanded by blocks. The pseudocode of BCPIV is described in Algorithm 2.
BCPIV may achieve the cross-component permutation between the red, green, blue components of the plaintext images. The random sequences are sorted in ascending order to get the corresponding index vectors which are employed to generate three new matrices, and then three matrices are utilized to determine the target position of the current pixel to be shifted, which allows pixels to be scrambled across components. It makes the process of changing the position of pixels more random and improves resistance of the proposed CIE-LSCP to statistical attacks.

Multi stochastic diffusion based on random sequences (MSDRS)
The permutated images are diffused by MSDRS to upgrade the encryption effect. The detailed diffusion process is described as follows: Step 1 Three random sequences CO, CP and CQ with the length of MN are generated from the chaotic sequences O, P and Q by where |x| is the absolute value of x, CO i is the ith numerical element in the sequence CO, and i is an Three corresponding index vectors XD, SD and CD are generated by arranging CO, CP and CQ in ascending order. Meanwhile, the sequence K is generated by where K i is the ith numerical element in the sequence K, and i is an integer, i ∈ [1, M × N ].
Step 2 The three matrices VR, VG and VB are converted into one-dimensional arrays VRR, VGG and VBB with length MN, respectively. Three sequences VRR, VGG and VBB were diffused using XD, SD, CD and K, and sequences RA, GA and BA with the length of MN are obtained by where XD(i) is the ith numerical element in the sequence XD, and i is an integer, i ∈ [1, M × N ].
Step 3 Three matrices CIR, CIG and CIB of size M × N are gotten by transforming three sequences RA, GA and BA, respectively. Subsequently, combine CIR, CIG and CIB to obtain ciphertext image, and the encryption process is completed.
In the MSDRS, three index vectors corresponding to random sequences are generated. According to the index vectors, one pixel in the current component, one pixel in other component and one element in a random sequence are selected to participate in XOR operation, and then the obtained pixel is placed at a random position among the current component. MSDRS can achieve a more stochastic process that enhances the security of CIE-LSCP. The pseudocode of MSDRS is described in Algorithm 3.

Decryption algorithm
The decryption steps of this proposed algorithm are the reverse process of images encryption, the ciphertext image and keys are used as the input of the decryption algorithm, and the decrypted image is output. The specific flowchart shown in Fig. 7 are described as follows. The decryption is completed by three inverse processes, namely, the inverse MSDRS, the inverse BCPIV, and the inverse PSLS. The RGB three-component in the ciphertext image is transformed into three sequences RA, GA and BA, then three sequences VRR, VGG and VBB are obtained by Eq. (20), and next three sequences CR,CG and CB are generated by the inverse BCPIV process, subsequently, three sequences R_2, G_2, B_2 are produced by Eqs. (21)(22)(23)(24)(25)(26), finally the three sequences obtained are recombined to obtain the color decrypted image.

V B B(S D(i)) B A(X D(i)) ⊕ K (C D(i)) V GG(S D(i)) G A(X D(i)) ⊕ K (C D(i)) ⊕ V B B(S D(i)) V R R(S D(i)) R A(X D(i)) ⊕ K (C D(i)) ⊕ V GG(S D(i))
,

Simulation results and performance analyses
Simulation results are given to verify the security and effectiveness of the proposed CIE-LSCP in this section. The experiments are executed on a computer, the environments are as follows: Intel(R) Core (TM) i7-6700 CPU @ 3.40 GHz  Table 1 are selected to perform the encryption and decryption processes. Figure 8 illustrates the plaintext images (a-d), the homologous ciphertext images (e-h), and the decrypted images (i-l). Besides, to fully demonstrate the availability of CIE-LSCP, eight plaintext images in Fig. 9a-h taken from the USC-SIPI (http:// sipi.usc.edu/database/) images database are adopted as test images for the following analyses. Figure 9i-p and q-x are the corresponding encrypted and decrypted images. As shown in Figs. 8 and 9, the encrypted images are absolutely dissimilar to plaintext images, we cannot obtain any information related to the original images from them, the decrypted images are indistinguishable from primitive images. Then we can conclude that the proposed CIE-LSCP possesses satisfactory image cryptosystem effect.

Key space
For image encryption algorithms, the size of the key space has a direct impact on their security, the brute-force attacks can be withstood proficiently when the key space reaches 2 100 . The more the number of the key, the larger its key space is. In CIE-LSCP, the keys consist of: (1) 256-bit hash value generated from original image; (2) Parameters of chaotic system σ , γ , b and the external keys t 1 , t 2 , t 3 , t 4 . Assuming the computation precision of the computer is 10 -14 , the key space of CIE-LSCP is 2 256 + (10 14 ) 7 ≈ 2 325 > 2 100 , so our proposed scheme can resist brute-force attack effectively. Besides, comparison results with other algorithms are listed in Table 2. It is evident that our method has the largest key space than algorithms in Refs. [15,17,24,27,31].

Quality metrics analysis
Mean squared error (MSE) and Peak signal to noise ratio (PSNR) are usually applied to measure the pixel difference between two images. The MSE value represents the average error value of two images, wherein the larger the MSE of the encrypted image, the greater the pixel difference between the ciphertext image and the plaintext image, and the smaller the MSE value of the decrypted image, the more superior the decryption of the encrypted image. There is an inverse relationship between the values of MSE and PSNR, that is, the smaller the MSE value, the larger the PSNR value. We tested the MSE and the PSNR metrics [41] for the encrypted and decrypted images. Since we can decrypt the plaintext images completely from the encrypted images, making the decrypted images and the plaintext images identical, the MSE results of the decrypted images obtained from the test are all 0 and the PSNR results are all +∞. We present the outcomes of MSE and PSNR metrics for the encrypted images in Table 3.

M SE
where P is a plaintext image and I is a decrypted image, P(i, j) is the element of the ith row and jth column in matrix P, M is the row number of the plaintext images, and N is the column number of the plaintext images.

Histogram analysis
The histogram of the image shows how pixels of different channels are distributed, and the information quantity in the image can be evaluated to determine the resistance of the encryption algorithm to statistical attacks. Generally, the histograms of the ciphertext image need to be completely distinct from those of plaintext image. The histograms of original and ciphertext images are illustrated in Fig. 10. The histogram of original images shown in Fig. 10a-d, their distribution is not uniform. The rest show the histogram of corresponding ciphertext images, their distribution is flat. The histogram distribution shows that the proposed CIE-LSCP can be effective in hiding the pixel distribution information of plaintext image and withstand statistical attack well.   The variances of histogram are used to assess the uniformity of the plaintext and encrypted images, whereby a smaller variance value indicates a more uniform image [42]. The test results of histogram variance are illuminated in Table  4. By contrasting the variance of plaintext and ciphertext image, we can find that the variance of ciphertext image is decreased significantly relative to that of original image, and the result of variance of ciphertext image is less than 285. The chi-square test outcomes are revealed in Table 5, from which we can see that the data results of each component of the color image pass the chi-square test, and the maximum test value is not more than 285. It is proved that the proposed CIE-LSCP could withstand statistical attacks significantly. The chi-square test [43] can be calculated by where n is gray level (n 256 in this test), c k and v k are the occurrence frequency and expected value of gray level k, respectively.

Correlation analysis of adjacent pixels
Neighboring pixels in a plaintext image usually have high correlation, and a feasible image encryption method can reduce the correlation coefficient of adjacent pixels in a ciphertext image to an admissible range. The absolute value between adjacent pixels of the ciphertext image should be as close to 0 as possible. The values of the correlation coefficient of original images is greater than 0.78 in Table 6, which indicates that there is strong correlation between adjacent pixels of plaintext images in all directions, while the correlation coefficient of ciphertext image is less than 0.008, indicating that the correlation of ciphertext image is very weak. Compared to some other approaches, CIE-LSCP leads to reduced correlation, thus CIE-LSCP has a better mess effect. The correlation test results of adjacent pixels of three components of plaintext image and ciphertext image are elucidated in Fig. 11. As can be seen from it that the adjacent pixels of plaintext images in the horizontal, vertical and diagonal directions are mostly concentrated, this is due to the fact that the plaintext image carries a large amount of information, resulting in strong correlation between adjacent pixels, while our proposed encryption scheme can shift a pixel in the image to an arbitrary target location, which can increase the difference between adjacent pixel values and weaken the correlation between adjacent pixels and R, G, and B components, making the pixel distribution of the ciphertext image more uniform.
The correlation coefficients of adjacent pixels in plaintext image and the corresponding ciphertext image are calculated by Eqs. (30,31,32) [44], where x, y are the values of two neighboring pixels in the image, N is the pixel count chosen from the image, E(x) and D(x) are the expectation and variance of x, respectively.

Information entropy analysis
Information entropy can be applied to evaluate the randomness and unpredictability of an image. The value of information entropy is calculated by [44] H (m) where m represents an information source, p(m i ) indicates potentiality of m i . In our scheme, the random sequences resulting from the 3-D chaotic system are utilized to permute the preprocessed matrix. The conversion of pixel positions across the three components is effectively implemented, and also enhances the uncertainty and disorder of pixels in ciphertext images. From Table 7, we can get that the information entropy of the red, green, blue components in ciphertext image is above 7.99, close to the theoretical value of 8, which indicates that the ciphertext image gotten by our algorithm has remarkable random attribution and can resist strong statistical attacks and entropy attacks.

The encryption key sensitivity analysis
This part uses a key that is subtly dissimilar to the correct key to encrypt the original image, then tests the sensitivity of the key in the encryption process. The correct key set K 0 contains the 256-bit hash value of the plaintext images, the parameters σ , γ , b and external keys t 1 , t 2 , t 3 , t 4 . Change the external key t 1 , t 2 , t 3 , t 4 in key set K 0 by the amount of  ( 10 -14 ), only one of the parameters is altered at a time, other parameters remain unchanged, and then new key sets K 1 -K 4 are obtained.
The NPCR between ciphertext image encrypted by K 0 and those encrypted by K 1 -K 4 is tested and listed in Table  8. According to Table 8, when the key has been modified just a tiny amount ( ), the pixel difference rate of different ciphertext images is close to 99.60. It can be found from the values in Table 8 that the proposed CIE-LSCP is very sensitive to the key in encryption stage.

The decryption key sensitivity analysis
This part uses K 1 -K 4 , which is marginally dissimilar to the correct decryption K 0 , to decrypt the ciphertext image and tests the sensitivity of the key in the decryption procedure.
We test the NPCR between the image decrypted with key set K 0 and the image decrypted with the changed key K 1 -K 4 quantitatively. From Table 9, one may watch that when there is a minor alteration in the key ( ), the pixel difference rate of different decrypted images is about 99.60. The data in the table show that the proposed algorithm is sensitive to the key in decryption process.

Noise attack analysis
In the process of images transmission, they are highly likely to be attacked by the noise, which increases the difficulty to restore the plaintext images. During the simulation, we add different salt & pepper noise (SPN), speckle noise (SN) and white Gaussian noise (GN) respectively to the ciphertext image, and then decrypt them. The corresponding decryption results are shown in Fig. 12. We can still derive most of the significant information in the plaintext image from the decrypted image. Here PSNR is employed to appraise the connection between plaintext image and decrypted image. The PSNR value of two images can be computed by Eq. (28). The PSNR values of the plaintext

Cropping attack analysis
The ciphertext images with different cropping attacks (a-c) and the corresponding decrypted images (d-f) are displayed in Fig. 13. Obviously, the deciphered images still contain some details of the original image, and one may get the plaintext information from them. When the ciphertext image is cropped by 1/64, the PSNR value between the decrypted image and plaintext image reaches 20.1234 dB; when the ciphertext image is cut out by 1/16, the PSNR value decreases by 5.5925 dB; when the ciphertext image is cut out by 1/4, the PSNR value drops by another 4.3789 dB. Even though some information in encrypted image is dropped, the participants are still able to roughly recover the information in the original image by the decryption algorithm. The simulation results demonstrate that the proposed CIE-LSCP has excellent robustness against cropping attack.

Running time
The time of the encryption and decryption is also an important factor to evaluate the performance of an image encryption algorithm. If the encryption and decryption speed is too slow, the image cryptosystem lacks practicality. The time to be consumed is obtained by the simulation experiment. The proposed CIE-LSCP is divided into four major parts: chaotic sequences generation, preprocessing-PSLS, scrambling-BCPIV and diffusion-MSDRS. Besides, the proposed image decryption method also includes four stages: generating chaotic sequences, PSLS, inverse BCPIV and inverse MSDRS. The specific encryption and decryption times of our CIE-LSCP for 256 × 256 color images are displayed in Table 11. As is evident from Table 11 that the encryption time and decryption time are almost equal for the proposed CIE-LSCP is a symmetric encryption method, and the encryption time is a bit more than decryption time, this may be because that some time is cost since some key parameters are produced in encryption stage and transmitted to the receiver, thus, they may be directly utilized for decryption.

Differential attack analysis
For image encryption schemes, differential attack is a common kind of attack strategy. Attackers are able to get the ciphertext image, and by changing a few pixels in the plaintext image, they attempt to retrieve the information needed to obtain new ciphertext image, attack the encryption algorithm through comparing the changes of two ciphertext images. The number of pixel change rate (NPCR) and unified average change in intensity (UACI) are often used to perform quantitative evaluation of encryption schemes. NPCR measures the pixel change rate in ciphertext image and UACI is the average of the intensity difference between ciphertext images.
The values of NPCR and UACI are determined by [16] D(i, j) NPCR where C 1 refers to the ciphertext image obtained from the plaintext image, and C 2 refers to the ciphertext image obtained by encrypting the image that has minor differences from the plaintext image. From the data in Table 12, it can be obtained that our encryption scheme is sensitive to the plaintext image, because the SHA256 hash values of the plaintext image are computed during the encryption process, which are applied to get the initial parameters of the chaotic system and generate chaotic sequences, and these sequences are extremely crucial to the preprocessing, permutation and diffusion processes.

Classical attack analysis
Cryptanalysis is the decryption of a ciphertext without knowing the secret information, and it is usually needed for decryption through finding the keys. When performing cryptanalysis, there are four types of attacks, depending on the level of information available to the analyst [45].  2. Known plaintext attack: The attacker has some given plaintext-ciphertext pairs and uses them to derive the encryption algorithm and keys.
3. Chosen plaintext attack: The attacker can select some plaintexts and obtain the corresponding ciphertexts with the goal of launching the key. 4. Chosen ciphertext attack: An attacker can construct the plaintext corresponding to any ciphertext with the goal of launching the key.
Among them, the chosen-plaintext attack is the most powerful type of attack, and as long as the encryption algorithm can resist the chosen-plaintext attack, it can resist other types of attacks. In the encryption scheme proposed in this paper, three random sequences are generated based on plaintext information and an external key for the encryption process. Any error in one of the initial parameters will produce a completely different encrypted image, so this encryption scheme can resist the chosen-plaintext attack and also the other three types of attacks mentioned above.

NIST test
In many cryptographic applications, random and pseudorandom numbers are required. Here the randomness test of the sequences is discussed. First, the sequences to be tested are transformed into a sequence of binary numbers and then Fig. 13 The results of cropping attack the testing software of National Institute of Standards and Technology (NIST) is employed to conduct randomness tests on the sequences, containing a total of 15 items of measurement indexes, the probability is used to characterize the properties of the random sequences, specifically denoted as P-value. For each test indicator, a P-value is generated, where if the P-value is greater than or equal to 0.001, the test passes, otherwise the test does not pass. We tested the randomness of the three random sequences which were generated by the Lorenz-Haken laser chaotic system as well as the sequences of encrypted images. The specific results are shown in Tables 13 and 14, among them, the P-values are all greater than 0.001 for 15 items, indicating that the used chaotic sequences and the obtained cipher images have good randomness.

Comparative analysis
To quantitatively analyze the performance of our algorithm compared with some state-of-the-art schemes, we choose Lena image of size 256 × 256 × 3 as the test image and calculate its adjacent pixels correlation, information entropy, NPCR, UACI, MSE and PSNR, we list the data in Table 15 and the maximum values are marked in bold. From Table 15, one may conclude that in contrast to the encryption schemes in Refs. [19,[23][24][25], which all process the three RGB components separately, our image encryption scheme implements a scrambling operation across the three RGB components, which effectively reduces the correlation of pixels among the components and the correlation between different components. And because our encryption scheme can be completely decrypted, the decrypted PSNR value can reach +∞.

Conclusion
Based on the lifting scheme and cross-component permutation, a new color image encryption algorithm named as CIE-LSCP is proposed. First, the initial values of Lorenz-Haken laser chaotic system are calculated using SHA256 hash values of plaintext images and external keys. The chaotic sequences used in encryption process are generated by this chaotic system. Second, PSLS is proposed to operate the plaintext images, the application of PSLS addresses the problem that some permutation algorithms are not effective for particular images (all-black and all-white images), as well as broadens the scope of application of image encryption method. Moreover, the preprocessed red, green and blue components of the plaintext images are performed by BCPIV to change the pixel position, the index vectors obtained from the chaotic sequences are applied in the permutation process, three random matrices are generated to determine the target location of the pixel movement, which reinforces the randomness and indestructibility of the permutation effect. Additionally, MSDRS is employed to change the value of the scrambled pixels to generate the final ciphertext image, after MSDRS, the pixel values in the ciphertext image are evenly distributed and can effectively resist statistical attacks. Simulation results and performance analyses show that the proposed CIE-LSCP has the ability to resist brute-force attacks, cropping attacks, noise attacks, and it may be applied in the secure transmission and storage of digital images.
Consent to participate All the listed authors have participated actively in the study.

Consent for publication All the listed authors have agreed to publish our article in Complex & Intelligent Systems.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecomm ons.org/licenses/by/4.0/.