An efficient dual-layer cross-coupled chaotic map security-based multi-image encryption system

Abstract

This paper proposes an effective image encryption method to encrypt several images in one encryption process. The proposed encryption scheme differs from the current multiple image encryption schemes because of their two-layer cross-coupled chaotic map-based permutation-diffusion operation. Block-shuffling, left–right (L–R) flipping and then bit-XOR diffusion operations are carried out in the first layer using one set of cross-coupled chaotic map. Block-shuffling, up–down (U–D) flipping and then bit-XOR diffusion operations are performed with another set of cross-coupled chaotic maps in the second layer. The two different layers of permutation-diffusion make the proposed algorithm more efficient than the existing multi-image encryption algorithms. Moreover, the combination of block-based shuffling and flip operation decreases the algorithm’s computational complexity, which means enhancing the time efficiency of the algorithm. In cross-coupling operation, the use of a single fixed-type one-dimensional chaotic map-piece-wise linear chaotic map (PWLCM) makes the algorithm efficient both in hardware and in software. PWLCM’s initial values and system parameters (keys) are generated by means of the hash values of original images that resist the algorithm against the attacks of chosen-plaintext and known-plaintext. Results of simulation and comparative security analysis reveal that the suggested scheme is more effective in encryption and resists better against all widely used attacks.

1 Introduction

Through technological advances, the transmission of information over public networks has grown rapidly. The information is conveyed either in the form of videos, audios, text, or images, and nowadays many of the relevant information is represented by images. Images are widely used in military secrets, satellite reports, government secret documents, etc. Security of images therefore becomes a major factor. Encryption is one of the common approaches to image security. There are several conventional methods (DES [1], 3DES, AES [2], RSA, etc.) for encrypting images. Nevertheless, due to large information and strong association of neighboring pixels in the images, these approaches are not as efficient for encrypting images [3, 4]. Hence, the need for a strong encryption method is of highest concern.

Encryption methods based on chaos offer significant protection for image encryption. The distinctive characteristics of chaotic systems like ergodicity, mixing properties, sensitivity to chaotic variables, and highly complex behavior make it an ideal choice for a powerful and efficient encryption method [5,6,7]. Many single-image-encryption (SIE) methods based on DNA-level [5, 8,9,10], block-level [11, 12], pixel-level [3, 6, 13,14,15], transform operation-based pixel-level [16], rotation operation-based pixel-level [17], hash-key operation-based pixel-level [18], s-box operation-based pixel-level [19], bit-level [4, 7], bit-block-level [20], permutation and diffusion operation employ chaotic maps to build secure and strong cipher images. The types of chaotic systems employed in SIE methods are “one dimensional” (1D) and “high dimensional” (HD) [13]. Chaotic 1D maps tend to be powerful, are simpler in structure and thus use resources more effectively, but they have the disadvantage of a limited key space. Chaotic HD maps have a wide range of key spaces, but they are highly complex and thus more resource utilization [14, 20]. So, to provide the algorithm with high efficiency and strong key space, in image encryption algorithms [15, 17] authors have used multi-type 1D chaotic maps multiple times. But using different kinds of chaotic 1D maps reduces the algorithm’s hardware and software efficiency. To resolve this problem, the suggested method uses the PWLCM system multiple times for encryption operation.

During the age of big data, the communication network transmits multiple images. SIE methods can be repetitively used in the encryption to protect those images. However, they reduce the efficiency of encryption [21]. In order to boost the encryption efficiency, many researchers use multiple image encryption (MIE) algorithms to encrypt multiple images. From the past few years, in different domains the MIE algorithms are developed such as transform [22,23,24], chaotic [25,26,27], mix of transform and chaotic [28], and mix of chaotic and DNA domain [29, 30].

In the above MIE algorithms, the transform domain-based MIE algorithms [22,23,24, 28] decrease the algorithm’s encryption efficiency. This is because there is a need for information translation among transform and spatial domain within these algorithms. The MIE algorithms based on the chaotic domain boost the algorithm’s encryption efficiency. In Ref. [25], Tang et al. developed a bit-plane process-based MIE algorithm. This algorithm uses the chaotic map to execute the encryption process; however, the complex bit-plane process decreases the algorithm’s encryption efficiency [26]. In Ref. [27], Zhang et al. developed a method to increase the encryption efficiency in a chaotic map-based MIE algorithm. No doubt this algorithm increases the efficiency of encryption, but the security is still lower than Ref. [25]’s algorithm. This is because the position of blocks and its contents are processed in the algorithm of Ref. [25], while the ordering of the blocks is processed only in the algorithm of Ref. [27]. Hence, the security of the algorithm in Ref. [27] is reduced. Furthermore, the algorithm’s secret keys in Ref. [27] do not link to the actual images. This may be due to the possibility of the chosen-plaintext and known-plaintext being targeted. To resolve all of the above issues, another MIE technique was developed in Ref. [26] by the same author. This technique maintains the security as well as increases the algorithm’s encryption efficiency. To enhance the security in MIE algorithms, many researchers use DNA along with chaotic maps to encrypt multiple images. References [29] and [30] developed MIE algorithms using DNA and chaotic maps. However, the additional DNA processes like encoding–decoding enhance the algorithm’s computational complexity.

In the above chaotic map-based MIE algorithms [25,26,27, 29, 30], one common issue is that the encrypted image relies only a single chaotic system chaotic orbit, so in those algorithms it may be possible to extract information [31]. This fact has led to the development of many cryptanalysis algorithms [32,33,34,35,36] to cryptanalyze analog security communication methods. When using the chaotic map cross-coupling, such cryptanalysis will be harder. This is because different chaotic orbits of cross-coupled chaotic maps determine the resultant cipher output [31, 37, 38]. Recently, in 2020, Patro et al. [39] developed a chaotic map cross-coupling-based MIE method. In this method, the chaotic map cross-coupling-based permutation-diffusion operation ensures security to multiple images. Here the two different PWLCM systems are used for cross-coupling operation. There is no question that the algorithm in Ref. [39] provides security, but the security is either not much improved or compromised in some cases. The key space of the method in Ref. [39] is not larger than that of the method of Ref. [25]. As we observed the algorithm’s histogram variance analysis and Chi-square test analysis in Ref. [39], we found that the grayscale pixel values of Group-2 images are less uniformly distributed as compared with Group-1 images. That means the algorithm in Ref. [39] is not equally performed to all the groups of images. As we found in the entropy analysis of the algorithm in Ref. [39], we notice that, relative to the current MIE algorithms, the average entropy of both image groups is not increased.

By addressing all of the above problems, this paper develops an effective multi-image encryption technique based on two layers of cross-coupled chaotic map. Block permutation, left–right (L–R) flip operation and bit-XOR diffusion are performed in the first layer of operation, and block permutation, up–down (U–D) flip operation and bit-XOR diffusion process are executed again in the second layer of operation. Two different sets of cross-coupled chaotic maps are used in the first and second layers of permutation-diffusion operation to enhance the security. The advantages of the proposed scheme are as follows.

• Uses cross-coupling of chaotic maps to permute and diffuse the pixels. Cryptanalysis of the proposed algorithm is harder as compared to the algorithms using non-cross-coupling of chaotic maps to permute and diffuse the pixels.

• In cross-coupling, the use of the only PWLCM system improves the algorithm’s hardware and software performance as compared to the algorithms using multiple types of other 1D and HD chaotic maps in permutation and diffusion operations. The PWLCM system improves the algorithm’s encryption speed also. It is because the PWLCM system’s single iteration process requires multiple additions and a single division only.

• The performance of both block- and pixel-level permutation operations improves the security of the proposed algorithm as compared to the algorithms performing either block-level or pixel-level permutation operations.

• In the proposed algorithm, dual-layer security exists. This implies that the proposed algorithm performs two-time two-way block and pixel-level permutation operations and two-times XOR-based image diffusion operations. The other multiple image encryption algorithms, on the other hand, only carry out one layer of security.

• In the proposed algorithm, flip operation (L–R and U–D)-based pixel permutation is performed to permute the pixels. Flip processes in current CPU architectures are completed in just a few clock cycles. Flipping processes do not require constant time; it is one of the fastest processes in current CPU architectures. On the other hand, the other multiple image encryption algorithms perform pixel-permutation operations, offering an \(O\left(M\times N\right)\) computational complexity, where \(M\times N\) is the image size.

Based on the aforementioned considerations, this paper’s key contribution is as given below.

• Two layers of cross-coupling operation are performed to make the algorithm more effective.

• To make the encryption scheme both hardware and software efficient, in cross-coupling process, a single chaotic map-PWLCM is used.

• Block-based permutation and flip operation are implemented to reduce the algorithm’s computational complexity.

• Use of hash-based keys protects the algorithm against the attacks of chosen- and known-plaintext.

The remainder of the paper is structured according to the following. The PWLCM system is introduced in Sect. 2. Section 3 describes the approach suggested here. The algorithm’s security analysis and the outcomes of the simulation are discussed in Sect. 4. At last, this paper concludes in Sect. 5.

2 PWLCM system

In image encryption, the two important characteristics of chaotic maps such as “simplicity” and “ergodicity” must be considered for selection of any chaotic map. The map that provides both “simplicity” and broader “ergodicity” is PWLCM. The logistic map, on the other side, is the popular chaotic map for “simplicity” but has no wider “ergodicity”. So the best choice is the PWLCM system for the generation of good pseudorandom chaotic sequences. It is generated by [26, 39],

$$ k_{n + 1} = \left\{ {\begin{array}{*{20}l} {\frac{{k_{n} }}{m}} \hfill & {{\text{if}}\quad 0 \le k_{n} < m} \hfill \\ {\frac{{k_{n} - m}}{0.5 - m}} \hfill & { {\text{if}}\quad m \le k_{n} < 0.5} \hfill \\ {\left( {1 - k_{n} } \right)} \hfill & {{\text{if}}\quad 0.5 \le k_{n} < 1} \hfill \\ \end{array} } \right. $$

(1)

where the initial value \(k\in \left(\mathrm{0,1}\right)\) and the system parameter \(m\in \left(\mathrm{0,0.5}\right)\). Reference [39] shows the bifurcation diagrams in two figures. The bifurcation of the logistic map is seen in one figure (Fig. 1), and the bifurcation of PWLCM system is seen in another figure (Fig. 2). By analyzing these two figures, it is noticed that the ergodicity of logistic map exists in the range \(\left(\mathrm{0,1}\right)\) when the system parameter \(m\) reaches 4, while the ergodicity of PWLCM system exists in a wider range. Hence, in many image encryption algorithms, PWLCM system is preferred. Besides ergodicity and simplicity, the other significant characteristics of the PWLCM system are easy software and hardware realization, good dynamic behavior, uniform invariant distribution and effective implementation [39, 40].

Fig. 1

Binary-to-hexadecimal conversion process

Fig. 2

Block schematic representation of the suggested encryption scheme

3 Proposed methodology

3.1 Method of key generation operation

1. 1.

   Take \(L\) images with the same \({M}_{g}\times {N}_{g}\) dimension.

2. 2.

   Merge horizontally with all the \(L\) images. The image that is generated being referred by \(L1\).

3. 3.

   Apply the hash algorithm, SHA-256 to image \(L1\) to produce the hash value of 256-bit. It is depicted by

   $$ hvb = \left( {hvb_{1} ,hvb_{2} ,hvb_{3} , \ldots ,hvb_{256} } \right) $$
4. 4.

   Convert the hash value of 256 bit into the hash value of 64-hexadecimal. Figure 1 shows the process of conversion of binary to hexadecimal. In this process, the entire 256 bits are split into 64 groups, each of which contains 4 bits. Each of the 4-bit groups will then be translated to its corresponding hexadecimal number.

   The 64-hexadecimal hash value is represented as

   $$ hvh = \left( {hvh_{1} ,hvh_{2} ,hvh_{3} , \ldots ,hvh_{64} } \right) $$
5. 5.

   Develop the algorithm’s keys by,

   $$\left\{ {\matrix{ {m\left( 1 \right) = km - \left( {\left( {{{hv{h_1} + hv{h_2} + \cdots + hv{h_8}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_1} + hv{h_2} + \cdots + hv{h_8}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01} \hfill \cr {mk = mm - \left( {\left( {{{hv{h_9} + hv{h_{10}} + \cdots + hv{h_{16}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_9} + hv{h_{10}} + \cdots + hv{h_{16}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01} \hfill \cr } } \right.$$

   (2)
   $$\left\{ {\matrix{ {n\left( 1 \right) = kn - \left( {\left( {{{hv{h_{17}} + hv{h_{18}} + \cdots + hv{h_{24}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_{17}} + hv{h_{18}} + \cdots + hv{h_{24}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01} \hfill \cr {nk = nn - \left( {\left( {{{hv{h_{25}} + hv{h_{26}} + \cdots + hv{h_{32}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_{25}} + hv{h_{26}} + \cdots + hv{h_{32}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01} \hfill \cr } } \right.$$

   (3)
   $$\left\{ {\matrix{ {p\left( 1 \right) = kp - \left( {\left( {{{hv{h_{33}} + hv{h_{34}} + \cdots + hv{h_{40}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_{33}} + hv{h_{34}} + \cdots + hv{h_{40}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01} \hfill \cr {pk = pp - \left( {\left( {{{hv{h_{41}} + hv{h_{42}} + \cdots + hv{h_{48}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_{41}} + hv{h_{42}} + \cdots + hv{h_{48}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01{\rm{ }}} \hfill \cr } } \right.$$

   (4)
   $$\left\{ {\matrix{ {q\left( 1 \right) = kq - \left( {\left( {{{hv{h_{49}} + hv{h_{50}} + \cdots + hv{h_{56}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_{49}} + hv{h_{50}} + \cdots + hv{h_{56}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01{\rm{ }}} \hfill \cr {qk = qq - \left( {\left( {{{hv{h_{57}} + hv{h_{58}} + \cdots + hv{h_{64}}} \over {{{10}^{15}}}}} \right) - \left\lceil {{{hv{h_{57}} + hv{h_{58}} + \cdots + hv{h_{64}}} \over {{{10}^{15}}}}} \right\rceil } \right) \times 0.01{\rm{ }}} \hfill \cr } } \right.$$

   (5)

where

\(\left( {m\left( 1 \right),n\left( 1 \right),p\left( 1 \right),q\left( 1 \right)} \right)\) and \(\left( {km,kn,kp,kq} \right)\) are the PWLCM system-1- to 4-based generated and given initial values, respectively.

\(\left( {mk,nk,pk,qk} \right)\) and \(\left( {mm,nn,pp,qq} \right)\) are the PWLCM system-1- to 4-based generated and given system parameters, respectively.

The symbol \(\left\lceil . \right\rceil\) performs the “ceil” operation.

3.2 Method of encryption operation

Figure 2 presents a block schematic representation of the suggested encryption scheme. The steps for the encryption process are as follows.

1. 1.

   Take \(L\) images \(\left( {I_{1} ,I_{2} ,I_{3} , \ldots ,I_{L} } \right)\) with the same \({M}_{g}\times {N}_{g}\) dimension.

2. 2.

   Merge horizontally with all the \(L\) images by,

   $$ L1 = horzcat\left( {I_{1} ,I_{2} ,I_{3} , \ldots ,I_{L} } \right) $$

   where \(L1\) is the horizontal concatenated image. The function “horzcat” performs the horizontal concatenation operation. The size of \(L1\) is \({M}_{g}\times {LN}_{g}\).

3. 3.

   Generate blocks of size \(1\times L\) by dividing the image \(L1\). The number of generated blocks is \(\frac{{M}_{g}\times {LN}_{g}}{1\times L}={M}_{g}\times {N}_{g}\). The block division process is presented in Algorithm 1.

   

   In the above algorithm, \(B1\) is the array of blocks of size \(1\times L\).

4. 4.

   Calculate the number of blocks in \(B1\) by,

   $$l1=length\left(B1\right)$$

   where \(l1\) is the length of the array \(B1\). The function \("length"\) finds the length of an array.

5. 5.

   Generate the PWLCM system-1 and system-2-based keys by Eqs. (2) and (3), respectively. \(\left(m\left(1\right),mk\right)\) and \(\left(n\left(1\right),nk\right)\) are the PWLCM system-1- and system-2-based generated keys, respectively.

6. 6.

   Generate second initial values of PWLCM system-1 and system-2 using key values \(\left(m\left(1\right),mk\right)\) and \(\left(n\left(1\right),nk\right)\), respectively, to iterate Eq. (1). The second initial values are denoted as \(m\left(2\right)\) of PWLCM system-1 and \(n\left(2\right)\) of PWLCM system-2.

7. 7.

   Perform cross-coupling operation \(\left({M}_{g}\times {N}_{g}\right)-1\) times between the key values \(\left(m\left(2\right),nk\right)\) and \(\left(n\left(2\right),mk\right)\). Algorithm 2 shows the process of cross-coupling operation.

   

   The iterated sequences are represented as,

   $$ m = \left( {m\left( 1 \right),m\left( 2 \right),m\left( 3 \right), \ldots ,m\left( {M_{g} \times N_{g} } \right)} \right) $$
   $$ n = \left( {n\left( 1 \right),n\left( 2 \right),n\left( 3 \right), \ldots ,n\left( {M_{g} \times N_{g} } \right)} \right) $$
8. 8.

   Sort the iterated sequence \(m\) by,

   $$ \left[ {permlrsort,permlrindex} \right] = sort\left( m \right) $$

   where \(permlrindex\) is the indexed sequence and \(permlrsort\) is the sorted sequence of \(m\).

9. 9.

   Perform block shuffling and left–right (L–R) flip operation between the blocks of the array \(B1\). In the combined operation, first the blocks are L–R-flipped and then shifted to a new position in the array using the indexing sequence \(permlrindex\). The newly shuffled array of blocks are denoted as \(B11\).

10. 10.

    Generate a big image \(B111\) by combining the blocks of the array \(B11\).

11. 11.

    Divide the big image \(B111\) into \(L\) parts. The newly formed images are denoted as \(II_{1} ,II_{2} ,II_{3} , \ldots ,II_{L}\).

12. 12.

    Generate an image \(r\) by using the iterated sequence \(n\) (From Algorithm 2). Algorithm 3 presents the process to generate an image \(r\).

    

    In the above algorithm, \(r\) is the newly formed image. The \("reshape"\) function re-shapes the array, the \("mod"\) function executes the modulus process, and the \("round"\) function rounding the number to the closest number.

13. 13.

    Execute diffusion process (bit-XOR) among the images \(II_{1} ,II_{2} ,II_{3} , \ldots ,II_{L}\) and the newly formed image \(r\). The bit-XOR diffusion process is first carried out between \(II_{1}\) and \(r\), and then, the diffusion process is executed between \(II_{2}\) and the first diffusion output. Likewise, all the \(II_{1} ,II_{2} ,II_{3} , \ldots ,II_{L}\) images are bit-XORed. The diffused images are denoted as \(III_{1} ,III_{2} ,III_{3} , \ldots ,III_{L}\).

14. 14.

    Combine all the diffused images \(III_{1} ,III_{2} ,III_{3} , \ldots ,III_{L}\) vertically by,

    $$ LL1 = vertcat\left( {III_{1} ,III_{2} ,III_{3} , \ldots ,III_{L} } \right) $$

    where \(LL1\) is the vertically concatenated image. The function “vertcat” performs the vertical concatenation operation. The size of \(LL1\) is \(LM_{g} \times N_{g}\).

15. 15.

    Generate blocks of size \(L \times 1\) by dividing the image \(LL1\). The number of generated blocks are \(\frac{{LM_{g} \times N_{g} }}{L \times 1} = M_{g} \times N_{g}\). The block division process is presented in Algorithm 4.

    

    In the above algorithm, \(B2\) is the array of blocks of size \(L\times 1\).

16. 16.

    Calculate the number of blocks in \(B2\) by,

    $$ l2 = length\left( {B2} \right) $$

    where \(l2\) is the \(B2\) array length.

17. 17.

    Generate the PWLCM system-3- and system-4-based keys by Eqs. (4) and (5), respectively. \(\left( {p\left( 1 \right),pk} \right)\) and \(\left( {q\left( 1 \right),qk} \right)\) are the PWLCM system-3- and system-4-based generated keys, respectively.

18. 18.

    Generate second initial values of PWLCM system-3 and system-4 using key values \(\left(p\left(1\right),pk\right)\) and \(\left(q\left(1\right),qk\right)\), respectively, to iterate Eq. (1). The second initial values are denoted as \(p\left(2\right)\) of PWLCM system-3 and \(q\left(2\right)\) of PWLCM system-4.

19. 19.

    Perform cross-coupling operation \(\left({M}_{g}\times {N}_{g}\right)-1\) times between the key values \(\left(p\left(2\right),qk\right)\) and \(\left(q\left(2\right),pk\right)\). The cross-coupling process is carried out in the same way as Algorithm 2. The generated iterated sequences are represented as,

    $$ p = \left( {p\left( 1 \right),p\left( 2 \right),p\left( 3 \right), \ldots ,p\left( {M_{g} \times N_{g} } \right)} \right) $$
    $$ q = \left( {q\left( 1 \right),q\left( 2 \right),q\left( 3 \right), \ldots ,q\left( {M_{g} \times N_{g} } \right)} \right) $$
20. 20.

    Sort the iterated sequence \(p\) by

    $$ \left[ {permudsort,permudindex} \right] = sort\left( p \right) $$

    where \(permudindex\) is the indexed sequence and \(permudsort\) is the sorted sequence of \(p\).

21. 21.

    Perform block shuffling and up–down (U–D) flip operation between the blocks of the array B2. In the combined operation, first the blocks are U–D-flipped and then shifted to a new position in the array using the indexing sequence \(permudindex\). The newly shuffled array of blocks are denoted as B222.

22. 22.

    Generate a big image B222 by combining the blocks of the array B222.

23. 23.

    Divide the big image B222 vertically into \(L\) parts. The newly formed images are denoted as \(III_{1} ,III_{2} ,III_{3} , \ldots ,III_{L}\).

24. 24.

    Generate an image \(rr\) by using the iterated sequence \(q\). The image generation process is carried out in the same way as Algorithm 3.

25. 25.

    Perform bit-XOR diffusion operation between the images \(III_{1} ,III_{2} ,III_{3} , \ldots ,III_{L}\) and the newly formed image \(rr\). First the bit-XOR diffusion operation is performed between \(III_{1}\) and \(rr\), and then, the diffusion process is carried out among \(III_{2}\) and the first diffusion output. Likewise, all the \(III_{1} ,III_{2} ,III_{3} , \ldots ,III_{L}\) images are bit-XORed. The diffused images are denoted as \(IIII_{1} ,IIII_{2} ,IIII_{3} , \ldots ,IIII_{L}\). These diffused images are the \(L\) cipher images denoted as \(C_{1} ,C_{2} ,C_{3} , \ldots ,C_{L}\).

3.3 Method of decryption operation

1. 1.

   On the receiver side, the receiver collects all the cipher images \(C_{1} ,C_{2} ,C_{3} , \ldots ,C_{L}\) of size \(M_{g} \times N_{g}\) produced on the transmitter side, given key values of the algorithm such as initial values \(\left( {km,kn,kp,kq} \right)\) of PWLCM system-1 to 4, system parameters \(\left( {mm,nn,pp,qq} \right)\) of PWLCM system-1 to 4. Receiver also receives multi-image hash values.

2. 2.

   Generate the PWLCM system-3- and system-4-based keys by Eqs. (4) and (5), respectively. \(\left( {p\left( 1 \right),pk} \right)\) and \(\left( {q\left( 1 \right),qk} \right)\) are the PWLCM system-3- and system-4-based generated keys, respectively.

3. 3.

   Follow Sect. 3.2 Step-18 to produce PWLCM system-3-based second initial value using key values \(\left( {p\left( 1 \right),pk} \right)\) and also produce PWLCM system-4-based second initial value using key values \(\left( {q\left( 1 \right),qk} \right)\).

4. 4.

   Follow Sect. 3.2 Step-19 to perform the cross-coupling operation \(\left( {M_{g} \times N_{g} } \right) - 1\) times between the key values \(\left( {p\left( 2 \right),qk} \right)\) and \(\left( {q\left( 2 \right),pk} \right)\). The iterated sequences generated after cross-coupling are,

   $$ p = \left( {p\left( 1 \right),p\left( 2 \right),p\left( 3 \right), \ldots ,p\left( {M_{g} \times N_{g} } \right)} \right) $$
   $$ q = \left( {q\left( 1 \right),q\left( 2 \right),q\left( 3 \right), \ldots ,q\left( {M_{g} \times N_{g} } \right)} \right) $$
5. 5.

   Follow Sect. 3.2 Step-24 to develop an image \(crr\) using the iterated sequence \(q\).

6. 6.

   Execute diffusion process (bit-XOR) among the cipher images \(C_{1} ,C_{2} ,C_{3} , \ldots ,C_{L}\) and the newly formed image crr. First the process of bit-XOR diffusion is performed between C₁ and crr. Second, the diffusion of bit-XOR occurs between C₁ and C₂. Third the diffusion between C₂ and C₃ is performed. Likewise, all the cipher images are diffused. The diffused cipher images are denoted as \(CC_{1} ,CC_{2} ,CC_{3} , \ldots ,CC_{L}\).

7. 7.

   Follow Sect. 3.2 Step-14 to combine vertically all the diffused images \(CC_{1} ,CC_{2} ,CC_{3} , \ldots ,CC_{L}\). The image being concatenated vertically is denoted as CC. The size of CC is \(LM_{g} \times N_{g}\).

8. 8.

   Follow Sect. 3.2 Step-15 to segment the CC image into numbers of blocks of the same size \(L \times 1\). The number of blocks generated is \(\frac{{LM_{g} \times N_{g} }}{L \times 1} = M_{g} \times N_{g}\). The blocks are stored in an array which is called \(CC1\).

9. 9.

   Follow Sect. 3.2 Step-16 to calculate the array length of CC1. The array length is denoted as l2.

10. 10.

    Follow Sect. 3.2 Step-20 to sort the iterated sequence \(p\). The sorted and indexed sequences are denoted as \(cpermudsort\) and \(cpermudindex\).

11. 11.

    Perform block de-shuffling and up–down (U–D) flip operation between the blocks of the array CC1. In the combined operation, first the blocks are U–D flipped and then de-shuffled using the indexing sequence \(cpermudindex\). The newly de-shuffled array of blocks are denoted as CC2.

12. 12.

    Follow Sect. 3.2 Step-22 to create an image CC3 by combining the CC2 array blocks together.

13. 13.

    Vertically divide the image CC3 into L parts. The newly formed images are denoted as \(CC3_{1} ,CC3_{2} ,CC3_{3} , \ldots ,CC3_{L}\).

14. 14.

    Generate the PWLCM system-1 and system-2-based keys by Eqs. (2) and (3), respectively. \(\left( {m\left( 1 \right),mk} \right)\) and \(\left( {n\left( 1 \right),nk} \right)\) are the PWLCM system-1- and system-2-based generated keys, respectively.

15. 15.

    Follow Sect. 3.2 Step-6 to generate the PWLCM system-1-based second initial value using key values \(\left( {m\left( 1 \right),mk} \right)\) and also generate the PWLCM system-2-based second initial value using key values \(\left( {n\left( 1 \right),nk} \right)\).

16. 16.

    Follow Sect. 3.2 Step-7 to perform the cross-coupling operation \(\left( {M_{g} \times N_{g} } \right) - 1\) times between the key values \(\left( {m\left( 2 \right),nk} \right)\) and \(\left( {n\left( 2 \right),mk} \right)\). The iterated sequences generated after cross-coupling are,

    $$ m = \left( {m\left( 1 \right),m\left( 2 \right),m\left( 3 \right), \ldots ,m\left( {M_{g} \times N_{g} } \right)} \right) $$
    $$ n = \left( {n\left( 1 \right),n\left( 2 \right),n\left( 3 \right), \ldots ,n\left( {M_{g} \times N_{g} } \right)} \right) $$
17. 17.

    Follow Sect. 3.2 Step-12 to develop an image cr using the iterated sequence n.

18. 18.

    Execute diffusion process (bit-XOR) among the images \(CC3_{1} ,CC3_{2} ,CC3_{3} , \ldots ,CC3_{L}\) and the newly formed image cr. First the process of bit-XOR diffusion is performed between \(CC3_{1}\) and cr. Second, the diffusion of bit-XOR occurs between \(CC3_{1}\) and \(CC3_{2}\). Third the diffusion between \(CC3_{2}\) and \(CC3_{3}\) is performed. Likewise, all the images are diffused. The diffused images are denoted as \(CCC3_{1} ,CCC3_{2} ,CCC3_{3} , \ldots ,CCC3_{L}\).

19. 19.

    Follow Sect. 3.2 Step-2 to combine horizontally all the diffused images \(CCC3_{1} ,CCC3_{2} ,CCC3_{3} , \ldots ,CCC3_{L}\). The image being concatenated horizontally is denoted as CCC3. The size of CCC3 is \(M_{g} \times LN_{g}\).

20. 20.

    Follow Sect. 3.2 Step-3 to segment the CCC3 image into numbers of blocks of the same size \(1 \times L\). The number of blocks generated is \(\frac{{M_{g} \times LN_{g} }}{1 \times L} = M_{g} \times N_{g}\). The blocks are stored in an array, which is called CCC2.

21. 21.

    Follow Sect. 3.2 Step-4 to calculate the array length CCC2. The array length is denoted as l1.

22. 22.

    Follow Sect. 3.2 Step-8 to sort the iterated sequence m. The sorted and indexed sequences are denoted as \(cpermlrsort\) and \(cpermlrindex\).

23. 23.

    Perform block de-shuffling and left–right (L–R) flip operation between the blocks of the array CCC2. In the combined operation, first the blocks are L–R-flipped and then de-shuffled using the indexing sequence \(cpermlrindex\). The newly de-shuffled array of blocks is denoted as CCC1.

24. 24.

    Follow Sect. 3.2 Step-10 to create an image CCC by combining the CCC1 array blocks together.

25. 25.

    Horizontally divide the image CCC2 into L parts. The newly formed images are denoted as \(CCC_{1} ,CCC_{2} ,CCC_{3} , \ldots ,CCC_{L}\). These images are the L original images.

4 Computer simulations and security analyses

In this paper, the simulation of the suggested scheme is carried out on two image groups such as Image Group-1 that includes “Lena”, “Baboon”, “Pepper”, and “Sailboat”, Image Group-2 that includes “Elaine”, “Baboon”, “Boat”, and “Couple”. Computer simulations are conducted on a system with a processor of 2.50 GHz, RAM of 4.00 GB using MATLAB. All images are \(512\times 512\) in size and are obtained from the database of USC-SIPI [41]. The keys given for the suggested scheme are listed in Table 1, and the hexadecimal equivalent hash values for two image groups are shown in Table 2. The simulation outcomes of Group-1 images are shown in Fig. 3, and Group-2 images are shown in Fig. 4. It is found in the simulation outputs that the encrypted images tend to be very noisy, indicating that attackers could not get any details from them about the original images. This illustrates that our method has a strong encryption effect. It is also found in the simulation outputs that we can get the successful decrypted images using the correct secret keys.

Table 1 Original keys of the algorithm

Table 2 Hexadecimal hash values of two image groups

Fig. 3

Simulation outcomes of Group-1 images

Fig. 4

Simulation outcomes of Group-2 images

The suggested scheme also applies for the encryption of multiple color images. This can only be achieved through encrypting the Red (R), Green (G), and Blue (B) parts separately and then combining all of the encrypted R, G, and B parts to get multiple encrypted color images.

The proposed algorithm’s security evaluation is as follows.

4.1 Key space analysis

Key space is the number of distinct keys used to execute the process of encryption [42]. An algorithm’s key space must be greater than \({2}^{128}\) to withstand the attack of brute-force [8, 43]. The keys used in the suggested scheme are:

• the PWLCM system-1- to system-4 based initial values \(km,kn,kp,\mathrm{and} kq\)

• the PWLCM system-1- to system-4-based system parameters \(mm,nn,pp,\mathrm{and} qq\)

• Hash values of 256-bit

The algorithm’s key space is presented in Table 3. In the table, it is shown that for each of the algorithm’s individual keys, a key space of \({10}^{15}\), is used. It is because the algorithm uses the 64-bit floating point standard and for that \({10}^{15}\) is suggested by IEEE [44]. The \({2}^{128}\) key space for the SHA-256 hash-value is also shown in the table. This is because the security in the hash function SHA-256 to withstand the best attack is \({2}^{128}\). Hence, the total key space of the proposed algorithm shown in the table is \(1.5491\times {2}^{526}\), which is greater than \({2}^{128}\) to effectively protect the attack of brute force.

Table 3 Key space of the algorithm

The comparison of key space among the suggested method and the existing reference methods [25,26,27, 29, 39] is provided in Table 4. The results of the comparison indicate that the suggested method has larger key space than Refs. [25,26,27, 29, 39] methods. It indicates that the suggested method highly resists the attack of brute force as opposed to the existing multiple image encryption methods [25,26,27, 29, 39].

Table 4 Comparison of key space results

4.2 Histogram analysis

Image histograms indicate how pixel values are distributed throughout the surface [45]. In an effective cipher image, the histogram must be uniform and substantially distinct from the original image, so that attackers will not be able to get any valuable data from the encrypted image [45, 46]. The histogram outputs of Group-1 and Group-2 images are shown in Figs. 5 and 6, respectively. It is obvious that the histogram of cipher images is distributed uniformly and very distinct from that of the actual images. This ensures that after encryption the redundancy of original images is effectively concealed and should not get any hint that statistical attacks can be applied.

Fig. 5

Histogram outcomes of Group-1 images

Fig. 6

Histogram outcomes of Group-2 images

4.3 Histogram variance analysis

The variances of the original and cipher image histograms are measured to determine the image pixel uniformity [47]. The images have greater pixel uniformity when the variances are smaller [47, 48]. It is measured by [47]:

$$ {\text{var}}\left( {V_{z} } \right) = \frac{1}{{n^{2} }}\mathop \sum \limits_{i = 1}^{n} \mathop \sum \limits_{j = 1}^{n} \frac{{\left( {v_{i} - v_{j} } \right)^{2} }}{2} $$

(6)

where \(V_{z} = \left\{ {v_{1} , v_{2} , \ldots ,v_{256} } \right\}\), \(i\) and \(j\) denote the grayscale pixel values, \({v}_{i}\) and \({v}_{j}\) denote the number of pixels for each of the grayscale pixel values \(i\) and\(j\), respectively. The variance of two image groups using the suggested method is shown in Table 5. It is shown in the table that the cipher image variance is considerably reduced from the actual image variance. This implies the high grayscale uniformity of pixel values in cipher images. A comparative average variance of image Group-1 between the suggested method and the current Ref. [39] method is shown in Table 6. The results of the comparison show that the suggested method has less average variance than the method of Ref. [39], which indicates the high grayscale uniformity of the suggested scheme. A comparative average variance of image Group-2 between the suggested approach and the current Refs. [25, 26, 39] method is shown in Table 7. The results reveal that the suggested method has a lower average variance than the existing Refs. [25, 26, 39] algorithm, which implies the stronger uniformity of pixel grayscale values in the encrypted images of the suggested algorithm. Noting that both Group-1 and 2 images in Tables 6 and 7 are protected equally by the suggested method, the method in Ref. [39] does not apply equally to both Group-1 and 2 images. This means that the histogram variance of Ref. [39] in Group-1 image is higher, and Group-2 image is lower, but the histogram variance of the proposed algorithm in both Group-1 and 2 images is lower. Therefore, we can say our algorithm is more efficient than the others.

Table 5 Histogram variance of the algorithm

Table 6 Comparison of Group-1 image average histogram variance results

Table 7 Comparison of Group-2 image average histogram variance results

4.4 Chi-square test analysis

The uniformity in the histograms of encrypted images can also be justified through Chi-square test analysis [49, 50]. The low Chi-square value indicates high uniformity in encrypted image histograms [49, 50]. It is measured by

$$ \chi_{{{\text{test}}}}^{2} = \mathop \sum \limits_{k = 0}^{255} \frac{{\left( {o_{k} - e_{k} } \right)^{2} }}{{e_{k} }} $$

(7)

where the observed frequency of \(k\) is denoted as \(o_{k}\) and the expected frequency of \(k\) is denoted as \(e_{k}\). The expected frequency \(e_{k}\) is defined by:

$$ e_{k} = \frac{M \times N}{{256}} $$

(8)

where the image size is \(M \times N\). Table 8 presents the results of the Group-1 and Group-2 image Chi-square test analysis using the suggested method and also presents comparative results with the existing scheme [39]. Table 8 shows that in both the suggested scheme and the reference scheme [39], the hypothesis is accepted at both 5% and 1% levels of significance. This implies that the uniformity of the grayscale exists in the histograms of cipher images in both the suggested and Ref. [39] algorithms. It is also shown in Table 8 that the proposed algorithm has a lower-average Chi-square value than Ref. [39] algorithm. Another finding in Table 8 indicates that the algorithm in Ref. [39] does not apply equally to both Group-1 and 2 images, while the suggested algorithm applies equally to both Group-1 and 2 images. This means the suggested method is more efficient than the method of Ref. [39].

Table 8 Comparison of Chi-square test (\({\chi }_{test}^{2}\)) results

4.5 Adjacent pixel correlation analysis

It measures the association of neighboring pixels in both the original and cipher images along diagonal (D), vertical (V), and horizontal (H) directions. In cipher images, there is usually a low correlation of adjacent pixels and a high correlation of adjacent pixels in original images [51, 52]. With strong correlation, the value of the correlation coefficient is much equal to + 1 or − 1 and the value of the correlation coefficient is much closer to 0 with low correlation. Expressions for calculating the correlation coefficient are as follows.

$$ {\text{corrcoff}}_{st} = \frac{{{\text{covarr}}\left( {s,t} \right)}}{{\sqrt {D\left( s \right)} \sqrt {D\left( t \right)} }} $$

(9)

where

$$ {\text{covarr}}\left( {s,t} \right) = \frac{1}{M}\mathop \sum \limits_{j = 1}^{M} \left( {s_{j} - E\left( s \right)} \right)\left( {t_{j} - E\left( t \right)} \right) $$

(10)

$$ D\left( s \right) = \frac{1}{M}\mathop \sum \limits_{j = 1}^{M} \left( {s_{j} - E\left( s \right)} \right)^{2} $$

(11)

$$ D\left( t \right) = \frac{1}{M}\mathop \sum \limits_{j = 1}^{M} \left( {t_{j} - E\left( t \right)} \right)^{2} $$

(12)

$$ E\left( s \right) = \frac{1}{M}\mathop \sum \limits_{j = 1}^{M} s_{j} $$

(13)

$$ E\left( t \right) = \frac{1}{M}\mathop \sum \limits_{j = 1}^{M} t_{j} $$

(14)

In the above expressions (9)–(14), \(s\) and \(t\) are two neighboring pixel grayscale values, and \(M\) is adjacent pixel-pairs. Table 9 shows the results of the suggested method about the neighboring pixel correlation. The adjacent pixel association is performed on 10,000 pairs of adjacent pixels selected at random in the proposed algorithm. The results of Table 9 show that the correlation of neighboring pixels in the original images in horizontal, vertical, and diagonal directions is much closer to + 1 where as in cipher images; it is very close to 0. This indicates the suggested algorithm is highly resistant to the statistical attack. Table 10 presents a comparative encrypted image adjacent pixel correlation results between the proposed algorithm and Ref. [39] algorithm. Table 10 shows that the encrypted image correlation values of neighboring pixels in the suggested method are weaker than the method of Ref. [39]. This means that the suggested method has high statistical resistivity. Table 11 presents the results of encrypted images comparing the adjacent pixel association between the proposed algorithm and Ref. [25] algorithm. The comparison is carried out on 3000 pairs of neighboring pixels picked at random. From Table 11, the proposed algorithm indicates a weaker association of neighboring pixels in cipher images than Ref. [25] algorithm. It indicates the high resistivity of the proposed method to statistical attack than Ref. [25] algorithm. Table 12 provides a comparison of the results of adjacent pixel correlation between the suggested method and Ref. [26] method. The comparison is executed on 16,384 pairs of randomly chosen neighboring pixels. By analyzing the results of the comparison, it is found that the suggested method has a better value of the coefficient of correlation than Ref. [26] algorithm. Table 13 presents the comparison of adjacent pixel association results between the suggested method, Ref. [39] method, and the methods (Zhang and Wang’s third, second, first method and Tang’s method) analyzed in Ref. [29]. The results in Table 13 indicate the weaker association of neighboring pixels in the proposed method than the methods already being used. It shows the high statistical resistivity of the suggested method relative to Ref. [29]’s analyzed methods and Ref. [39]’s method. This reveals that the method suggested is effective compared to the current methods.

Table 9 Adjacent pixel correlation results of the algorithm

Table 10 Comparison of Group-1 and Group-2 encrypted image adjacent pixel correlation results (10,000 pairs of pixels)

Table 11 Comparison of Group-2 encrypted image adjacent pixel correlation results (3000 pairs of pixels)

Table 12 Comparison of Group-2 encrypted image adjacent pixel correlation results (16,384 pairs of pixels)

Table 13 Comparison of Group-1 encrypted image adjacent pixel correlation results

Figures 7, 8 and 9 show the Group-1 image correlation distribution of neighboring pixels. In these figures (Figs. 7, 8 and 9), it is shown that the neighboring pixels are linearly correlated in the actual images, indicating a strong neighboring pixel association, whereas the neighboring pixels are distributed in encrypted images over the entire surface, indicating low association of neighboring pixels. This indicates the high statistical attack resistivity using the suggested method.

Fig. 7

Pixel correlation outputs of Group-1 images along the horizontal direction

Fig. 8

Pixel correlation outputs of Group-1 images along the vertical direction

Fig. 9

Pixel correlation outputs of Group-1 images along the diagonal direction

4.6 Mean-square error (MSE) and peak signal-to-noise ratio (PSNR) analysis

MSE tests the difference among input and encrypted images, as well as between input and decrypted images. MSE’s high value reveals the big difference between the actual and cipher images [53, 54]. The MSE among the input image and its decryption is zero [53]. MSE is defined as:

$$ {\text{MSE}}_{{{\text{OE}}}} = \frac{1}{{M_{g} \times N_{g} }}\mathop \sum \limits_{i = 1}^{{M_{g} }} \mathop \sum \limits_{j = 1}^{{N_{g} }} \left( {O_{ij} - E_{ij} } \right)^{2} $$

(15)

$$ {\text{MSE}}_{{{\text{OD}}}} = \frac{1}{{M_{g} \times N_{g} }}\mathop \sum \limits_{i = 1}^{{M_{g} }} \mathop \sum \limits_{j = 1}^{{N_{g} }} \left( {O_{ij} - D_{ij} } \right)^{2} $$

(16)

where ‘O’ is the “input image”, ‘E’ is the “encrypted image”, ‘D’ is the decrypted image, \({\text{MSE}}_{{{\text{OE}}}}\) is the “MSE between input and encrypted images”, \({\mathrm{MSE}}_{\mathrm{OD}}\) is the “MSE between input and decrypted images”.

The comparative MSE results among the suggested method and Ref. [39] method are provided in Table 14. It is found in the results that the suggested method has larger MSE value than Ref. [39] algorithm. This shows that there is a substantial difference between input and cipher images in the proposed algorithm compared to Ref. [39] algorithm. Table 14 also shows the MSE zero value between the input and decrypted images. This indicates similarity between the input and decrypted images.

Table 14 Comparison of Group-1 and 2 image MSE results

PSNR tests the quality estimates of the encrypted image against the original image. A small PSNR value reveals significant variations between the input and the cipher images [53, 54]. The PSNR among the input image and its decryption is infinite [53]. It is defined by:

$$ {\text{PSNR}}_{{{\text{OE}}}} = 20\log_{10} \left[ {\frac{{I_{\max } }}{{\sqrt {{\text{MSE}}_{{{\text{OE}}}} } }}} \right] $$

(17)

$$ {\text{PSNR}}_{{{\text{OD}}}} = 20\log_{10} \left[ {\frac{{I_{\max } }}{{\sqrt {{\text{MSE}}_{{{\text{OD}}}} } }}} \right] $$

(18)

where \({I}_{\mathrm{max}}\) is the highest pixel value available for the image, \({\mathrm{PSNR}}_{\mathrm{OE}}\) is the “PSNR between input and encrypted images”, \({\mathrm{PSNR}}_{\mathrm{OD}}\) is the “PSNR between input and decrypted images”.

Table 15 presents a comparative PSNR results among the suggested method and Ref. [39] method. Like MSE comparison in Table 14, the PSNR comparison is executed on two image groups in Table 15. Table 15 results indicate that the suggested method has a lower PSNR value than the method in Ref. [39]. It indicates that there is a considerable difference between input and cipher images in the proposed algorithm compared to Ref. [39] algorithm. Table 15 also shows the PSNR infinite value between the input and decrypted images. This indicates that the input and decrypted images are similar.

Table 15 Comparison of Group-1 and 2 image PSNR results

4.7 Information entropy analysis

It is a method to calculate the degree of pixel randomness in encrypted images [55]. The higher the pixel randomness, the greater the image entropy. The higher the entropy, the greater the information security. The ideal entropy value for an image of 256-grayscale is 8. The nearer it is to 8, the more it prevents information leakage. The entropy is calculated as,

$$ H = - \mathop \sum \limits_{j = 0}^{255} P_{r} \left( j \right)\log_{2} P_{r} \left( j \right) $$

(19)

where H is the entropy of an image and \(P_{r} \left( j \right)\) is the probability of the symbol \(j\). Table 16 provides a comparative entropy results among the suggested method and Ref. [39] method. It is noted in the comparison table that the suggested method has a higher entropy value than Ref. [39] method. Table 17 provides a table for comparison among the suggested method and the method Refs. [25, 26]. In the table, the higher entropy value of the suggested method is also found. The comparative entropy results among the suggested method and the methods analyzed in Ref. [29] (Zhang and Wang’s third and first method, and Tang et al.’s method) are shown in Table 18. The comparison table indicates that the suggested method has an entropy value larger than the methods analyzed in Ref. [29]. Comparison Tables 16, 17 and 18 reveal that the proposed algorithm strongly avoids information leakage as opposed to the others. Hence, the proposed algorithm is highly effective compared to existing algorithms for multiple image encryption.

Table 16 Comparison of Group-1 and Group-2 image information entropy results

Table 17 Comparison of Group-2 encrypted image information entropy results

Table 18 Comparison of Group-1 encrypted image information entropy results

A comparison of information entropy between the proposed method of multiple image encryption and some recently developed methods of single image encryption is provided in Table 19. It is found in Table 19 that all the methods of multiple-image and single-image encryption efficiently resist the entropy attack. However, the method proposed avoids the entropy attack better than Ref. [56] (grayscale images) and Ref. [57] (color images) methods. On the other hand, the method proposed resists the entropy attack marginally less than the methods in Ref. [56] (color images) and Ref. [58] (color images).

Table 19 Comparison of information entropy between multiple image and currently developed single-image encryption methods

4.8 Differential attack analysis

It measures the sensitivity of the ciphertext image toward the plaintext image. The more sensitivity the ciphertext has toward the plaintext, the greater the algorithm’s resistivity against the differential attacks [10, 59, 60]. Two widely used security measures for measuring differential attack analysis are Numbers of Pixel Changing Rate (NPCR) and UACI (Unified Average Changing Intensity) [10, 59, 60].

NPCR measures the rate of change of pixels in an encrypted image. Equations for measuring the NPCR are,

$$ {\text{NPCR}}\left( {C_{1} ,C_{2} } \right) = \frac{{\mathop \sum \nolimits_{i,j} D_{{C_{1} ,C_{2} }} \left( {i,j} \right)}}{{M_{g} \times N_{g} }} \times 100\% $$

(20)

where \(M_{g} \times N_{g}\) is the image size and \(D_{{C_{1} ,C_{2} }} \left( {i,j} \right)\) is defined by,

$$ D_{{C_{1} ,C_{2} }} \left( {i,j} \right) = \left\{ {\begin{array}{*{20}l} {1 \,\,\,{if}\,\, C_{1} \left( {i,j} \right) \ne C_{2} \left( {i,j} \right)} \hfill \\ {0 \,\,\,{if}\,\, C_{1} \left( {i,j} \right) = C_{2} \left( {i,j} \right)} \hfill \\ \end{array} } \right. $$

(21)

where \(C_{1}\) is the actual cipher image and \(C_{2}\) is the modified cipher image. The NPCR is \(99.6094 \approx 99.61\%\) in an ideal case [10, 60].

UACI determines the relative intensity varying between the original and cipher images. Equation to measure the UACI is

$$ {\text{UACI}}\left( {C_{1} ,C_{2} } \right) = \frac{{\mathop \sum \nolimits_{i,j} \left| {C_{1} \left( {i,j} \right) - C_{2} \left( {i,j} \right)} \right|}}{{M_{g} \times N_{g} \times 255}} \times 100\% $$

(22)

The ideal value of UACI is \(33.4635 \approx 33.46\%\) [10, 60]. Table 20 presents the UACI and NPCR results of the suggested algorithm. It is seen in the table that all the images’ average UACI and NPCR results are greater than their ideal values. This shows that the suggested method strongly protects the differential attack. The comparative UACI and NPCR results among the suggested method and Ref. [39] method are provided in Table 21. By analyzing the results of the comparison, it is found that the method suggested has a better-average UACI and NPCR than the method Ref. [39]. Table 22 provides the comparative UACI and NPCR among the suggested method and the methods analyzed in Ref. [29]. By analyzing the results of the comparison, it is found that the suggested method has better-average results for UACI and NPCR than the methods evaluated in Ref. [29]. This shows that the suggested method is efficient in comparison with the other multiple image encryption methods referred.

Table 20 UACI and NPCR results of the suggested method

Table 21 Comparison of Group-1 and Group-2 image UACI and NPCR results

Table 22 Comparison of Group-1 image UACI and NPCR results

4.9 Key sensitivity analysis

Eight number of PWLCM system-based keys are used in the suggested scheme. To prevent the scheme against the brute-force attack, all keys should be highly sensitive. The key sensitivity is accomplished by changing one of the eight keys and then the encryption operation. Finally, the rate of change of pixel values in modified cipher images relative to the original cipher images is observed. Figures 10, 11, 12 and 13 show the key sensitivity outcomes of the Group-1 images. By analyzing the two cipher image differences in Figs. 10, 11, 12 and 13, it is found that a dramatic change in the cipher images occurs by modifying only one key out of eight keys. This shows the algorithm being proposed is highly key sensitive. Tables 23 and 24 present the key sensitivity results in the form of UACI and NPCR. If the NPCR value exceeds 99% and if the UACI value exceeds 33%, then the keys are highly sensitive to the algorithm. The UACI and NPCR values of all images are found in Tables 23 and 24 to be greater than 33% and 99%, respectively. This shows the method proposed is highly sensitive to all keys.

Fig. 10

Key sensitivity outcomes of Group-1 images: a–d Cipher images by changed key \(km\); e–h Figs. 2(e)–9(a), Figs. 2(f)–9(b), Figs. 2(g)–9(c), Figs. 2(h)–9(d); i–l Cipher images by changed key \(mm\); m–p Figs. 2(e)–9(i), Figs. 2(f)–9(j), Figs. 2(g)–9(k), Figs. 2(h)–9(l)

Fig. 11

Key sensitivity outcomes of Group-1 images: a–d Cipher images by changed key \(kn\); e–h Figs. 2(e)–10(a), Figs. 2(f)–10(b), Figs. 2(g)–10(c), Figs. 2(h)–10(d); i–l Cipher images by changed key \(nn\); m–p Figs. 2(e)–10(i), Figs. 2(f)–10(j), Figs. 2(g)–10(k), Figs. 2(h)–10(l)

Fig. 12

Key sensitivity outcomes of Group-1 images: a–d Cipher images by changed key \(kp\); e–h Figs. 2(e)–11(a), Figs. 2(f)–11(b), Figs. 2(g)–11(c), Figs. 2(h)–11(d); i–l Cipher images by changed key \(pp\); m–p Figs. 2(e)–11(i), Figs. 2(f)–11(j), Figs. 2(g)–11(k), Figs. 2(h)–11(l)

Fig. 13

Key sensitivity outcomes of Group-1 images: a–d Cipher images by changed key \(kq\); e–h Figs. 2(e)–12(a), Figs. 2(f)–12(b), Figs. 2(g)–12(c), Figs. 2(h)–12(d); (i-l) Cipher images by changed key \(qq\); m–p Figs. 2(e)–12(i), Figs. 2(f)–12(j), Figs. 2(g)–12(k), Figs. 2(h)–12(l)

Table 23 Group-1 image key sensitivity results

Table 24 Group-2 image key sensitivity results

4.10 Noise attack analysis

The robustness of a cryptosystem toward noise is one of the most significant challenges in real-world communication technology [61]. The suggested cryptosystem is robust against noise. In this cryptosystem, two kinds of noise are used to illustrate the effectiveness of the algorithm, such as Gaussian noise and salt and pepper noise. Both noise analyses are carried out by adding some noise to the encrypted image and subsequently retrieving the decrypted image. Finally, the disparity between the original image and the decrypted images recovered indicates the algorithm’s efficacy toward noise. The difference between the original image and the decrypted image retrieved is calculated by NPCR and UACI. The lower value of NPCR and UACI shows the better resistivity towards the noise. The Gaussian noise attack analysis results of the Group-1 and Group-2 images are shown in Figs. 14 and 15, respectively. The robustness of Group-1 images against Gaussian noise is seen in Figs. 14 and 15 at Mean = 0 and Variance = 0.0001, 0.0003, 0.0005. Tables 25 and 26, respectively, show the corresponding NPCR and UACI results of the Group-1 and Group-2 images. Table 27 shows the comparison of the results of the Gaussian noise attack analysis. In Table 27, it is found that the proposed algorithm has lower value of NPCR and UACI than the algorithms in Ref. [47, 50, 61]. This shows that the proposed algorithm resists the Gaussian noise attack better than Ref. [47, 50, 61] algorithms.

Fig. 14

Gaussian noise attack analysis results of Group-1 images: At mean = 0 and variance = 0.0001 a–d encrypted images, e–h decrypted images; At Mean = 0 and Variance = 0.0003 i–l encrypted images, m–p decrypted images; At Mean = 0 and Variance = 0.0005 q–t encrypted images, u–x decrypted images

Fig. 15

Gaussian noise attack analysis results of Group-2 images: At mean = 0 and variance = 0.0001 a–d encrypted images, e–h decrypted images; at mean = 0 and variance = 0.0003 i–l encrypted images, m–p decrypted images; at mean = 0 and variance = 0.0005 q–t encrypted images, u–x decrypted images

Table 25 Gaussian noise attack analysis results of Group-1 images

Table 26 Gaussian noise attack analysis results of Group-2 images

Table 27 Comparison of Gaussian noise attack analysis results

Figures 16 and 17, respectively, show the outcomes of the salt and pepper noise attack analysis of the Group-1 and Group-2 images. In these figures, it is observed that the proposed algorithm strongly resists the salt and pepper noise attack. The NPCR and UACI results of the Group-1 and Group-2 images, respectively, are shown in Tables 28 and 29. The comparison of salt and pepper noise attack analysis results is shown in Table 30. It is noticed in Table 30 that the proposed algorithm has a lower NPCR and UACI value than the algorithm in Ref. [50]. This illustrates that the salt and pepper noise attack is also resisted by the proposed algorithm.

Fig. 16

Salt and pepper noise attack analysis results of Group-1 images: At 5% a–d encrypted images, e–h decrypted images; At 10% i–l encrypted images, m–p decrypted images; At 25% q–t encrypted images, u–x decrypted images

Fig. 17

Salt and pepper noise attack analysis results of Group-2 images: At 5% a–d encrypted images, e–h decrypted images; at 10% i–l encrypted images, m–p decrypted images; at 25% q–t encrypted images, u–x decrypted images

Table 28 Salt and pepper noise attack analysis results of Group-1 images

Table 29 Salt and pepper noise attack analysis results of Group-2 images

Table 30 Comparison of salt and pepper noise attack analysis results

4.11 Cryptanalysis

The two attacks commonly used by attackers to target cryptographic algorithms are the chosen-plaintext attack and the chosen-ciphertext attack [62,63,64]. The chosen-plaintext and/or chosen-ciphertext attack with all-one or all-zero images has breached several image encryption techniques [64,65,66]. In the proposed algorithm, both the attacks are implemented.

4.11.1 Chosen-plaintext attack

In this type of attack, the attacker has the ability to choose to encrypt some random plaintexts and get their corresponding ciphertexts. In a simple way, with the unknown encryption key \(K\), the attacker has the ciphertext \(C\) and tries to obtain the corresponding plaintext \(P\). Even so, with the same unknown encryption key, the attacker has a plaintext \(P_{az}\) of all-one (or all-zero), and its encrypted variant \(C_{az}\) acquired. The following is the sub-key extraction by the attacker for pixel encryption [62].

$$ K_{az}^{i,j} = C_{az}^{i,j} \oplus P_{az}^{i,j} $$

(23)

In Eq. (23), \(P_{az}^{i,j}\) is the plaintext with all-zero grayscale pixel values, \(C_{az}^{i,j}\) is the corresponding ciphertext obtained with the same unknown key, \(\left( {i,j} \right)\) is denoted as the 2D-pixel positions. The operation of Eq. (23) obtains a key stream \(K_{az}^{i,j}\).

By using the key stream \(K_{az}^{i,j}\), the plaintext \(P^{i,j}\) is obtained from the ciphertext \(C^{i,j}\) by [62],

$$ P^{i,j} = C^{i,j} \oplus K_{az}^{i,j} $$

(24)

Figure 18 shows the chosen-plaintext attack on the Group-1 and Group-2 encrypted images using the null-images (all-zero pixel values). By analyzing the chosen-plaintext attack of Group-1 and Group-2 images and their corresponding histograms, it is noticed that the chosen-plaintext fails in this proposed multiple image encryption algorithm. This is because the generated key values of the proposed algorithm are linked to the key values given and to the hash values of the actual images. The proposed algorithm, therefore, has a strong ability to resist the chosen-plaintext attack.

Fig. 18

Cryptanalysis a–d chosen-plaintext attack of Group-1 images, e–h corresponding Group-1 image histograms; i–l chosen-plaintext attack of Group-2 images, m–p corresponding Group-2 image histograms

4.11.2 Chosen-ciphertext attack

In this type of attack also, the attacker does not have any key. The attacker has a ciphertext \({C}_{az}\) of all-one (or all-zero), and its decrypted variant \({P}_{az}\). By using Eq. (23), the attacker determines the key stream \({K}_{az}^{i,j}\). Then using Eq. (24), the plaintext \({P}^{i,j}\) is recovered from its ciphertext \({C}^{i,j}\) [62]. Figure 19 shows the chosen-ciphertext attack on the Group-1 and Group-2 images using the null images (all-zero pixel values). By analyzing the chosen-ciphertext attack of Group-1 and Group-2 images and their corresponding histograms, it is noticed that the chosen-ciphertext attack fails in this proposed multiple image encryption algorithm.

Fig. 19

Cryptanalysis a–d chosen-ciphertext attack of Group-1 images, e–h corresponding Group-1 image histograms; i–l chosen-ciphertext attack of Group-2 images, m–p corresponding Group-2 image histograms

4.12 Computational complexity analysis

The computational complexity of the proposed algorithm mainly depends on block permutation operation, image diffusion operation, and PWLCM system-based sequence formation operation. The computational complexity of each of them is described below.

1. i.

   PWLCM system-based chaotic sequence formation operation Two cross-coupling operations are performed within this algorithm. The first is between PWLCM system-1 and system-2 and the second cross-coupling is between PWLCM system-3 system-4. The computational complexity for generating the first cross-coupling sequence is \(O\left( {2 \times M_{g} \times N_{g} } \right)\), and the computational complexity for generating the second cross-coupling sequence is \(O\left( {2 \times M_{g} \times N_{g} } \right)\). The total computational complexity of the suggested method for the generation of cross-coupling sequences is therefore \(O\left( {2M_{g} N_{g} + 2M_{g} N_{g} } \right) = O\left( {4M_{g} N_{g} } \right) \approx O\left( {M_{g} \times N_{g} } \right)\).

2. ii.

   Block permutation operation In the proposed algorithm, the blocks are permuted two times. Each time the number of blocks permuted is \(M_{g} \times N_{g}\). The computational complexity is therefore \(O\left( {M_{g} \times N_{g} } \right)\) in each time block permutation operation. The total computational complexity is \(O\left( {M_{g} N_{g} + M_{g} N_{g} } \right) = O\left( {2M_{g} N_{g} } \right) \approx O\left( {M_{g} \times N_{g} } \right)\). In this algorithm, L–R and U–D flip operations are also performed together with the block permutation operation. In only a few clock cycles, flip processes in existing CPU architectures are completed. Flipping processes do not require constant time; in existing CPU architectures, it is one of the quickest processes.

3. iii.

   Image diffusion operation Pixel-wise bit-XOR-based diffusion operations are executed in the suggested scheme. The computational complexity to perform the process of bit-XOR-based diffusion is \(O\left( n \right)\), where \(n\) represents the counting of bits. In this algorithm, two-time bit-XOR operation is executed between pixels of \(M_{g} \times N_{g}\), i.e., \(M_{g} \times N_{g} \times 8\) bits. In each bit-XOR operation, the computational complexity is \(O\left( {8 \times M_{g} \times N_{g} } \right)\). Hence, the total computational complexity is \(O\left( {8M_{g} N_{g} + 8M_{g} N_{g} } \right) = O\left( {16M_{g} N_{g} } \right) \approx O\left( {M_{g} \times N_{g} } \right)\).

Therefore, the overall computational complexity of the suggested method is approximately \(O\left( {M_{g} \times N_{g} } \right)\).

Table 31 provides a comparative analysis of computational complexity between the method of Ref. [25,26,27, 29, 39] and the suggested method. By observing Table 31, we can found that the proposed method has lesser computational complexity than the third and second algorithms of Zhang and Wang, Tang et al.’s algorithm, and Patro et al.’s algorithm, whereas the proposed algorithm has more computational complexity than the first algorithm of Zhang and Wang. This shows that the suggested method is more efficient than the existing methods of multi-image encryption. However, the computational complexity of the proposed multiple image encryption algorithm is higher than the RC5 and chaotic map-based single-image encryption algorithm developed by Amin and Abd El-Latif et al. [67]. This is because the algorithm in [67] operates on a fixed block size and takes around the same time regardless of input, so the computational complexity is \(O\left(1\right)\). But we typically get an \(O\left(m\right)\) complexity for the encryption of longer messages using the mode of operation, where \(m\) is the number of data blocks to be encrypted.

Table 31 Comparison of computational complexity

4.13 Comparison of the permutation operations

The comparison of the permutation operation between the proposed algorithm and the algorithm in Ref. [68] is provided in Table 32. Similarly, the comparison of the permutation operation between the proposed algorithm and the algorithm in Ref. [69] is provided in Table 33.

Table 32 Comparison of permutation operation between the proposed algorithm and Ref [68] algorithm

Table 33 Comparison of permutation operation between the proposed algorithm and Ref. [69] algorithm

5 Conclusion

This paper proposes an efficient two-layer security-based multi-image encryption scheme. In this scheme, two distinct layers of permutation and flip operation and then two distinct layers of diffusion operation are conducted. To achieve permutation and diffusion, a cross-coupling of PWLCM systems is used. Two cross-couplings are carried out in two different layers. This renders the algorithm more efficient. In cross-coupling, the need for a single 1D chaotic map-PWLCM system makes the algorithm efficient, both hardware and software. In additions to that, the block-based permutation, L–R, and U–D flip operations minimize the algorithm’s computational complexity. Moreover, the hash generated keys of the algorithm resist both the chosen-plaintext attack and the known-plaintext attack. Results of the simulations show the suggested method is more efficient in encryption. The security review shows that all the security attacks that are widely used are strongly resisted by the suggested scheme. The comparative analysis reveals that the suggested method for multi-image encryption is stronger and more effective than the current methods for multi-image encryption.