1 Introduction

In modern hospitals, digital medical images play an increasingly important role in the diagnosis and treatment of diseases, so they have received more and more attention [1]. In general, these medical images may involve a lot of privacy of patients, and some are very confidential and sensitive. If these private images are stolen, viewed or used by unauthorized access, catastrophic accidents can occur [2]. For example, hackers or database administrators could use unauthorized images for their personal gain, medical marketing, and fraudulent insurance claims, which could lead to life-threatening risks. Medical data security is related to important and sensitive areas such as patient privacy and technology research and development. Once data leakage occurs, it will have a serious impact on patient groups, social stability and even national security. Therefore, the security protection and governance of medical data is very important [3]. This has also attracted widespread attention of researchers.

So far, scholars have proposed many effective methods for protecting medical images with high security levels. Among them, encryption technology is the most intuitive and effective method to convert images into unrecognizable images [4]. After the encrypted image, the original image can only be restored with the correct key. In 2018, Liu et al. [5] proposed a new simple chaotic system to encrypt images, using hyperbolic sine as its nonlinearity. Test results show that the encryption method can effectively encrypt images within a single round. In 2018, Jan Sher Khan et al. [6] proposed a DNA sequence-based medical image encryption scheme to protect medical image data from unauthorized access. First, for a given DNA sequence value, the hash value is calculated by SHA-512. The hash value is given as the secret key of the interleaved logical map. Through chaotic sequences, correlations between pixels are reduced using a shuffling process. The scrambled image is XOR with the diffuse chaotic random value. Compared with the traditional image encryption scheme, this scheme has more advantages. In 2019, Arunkumar et al. [7] proposed a robust image steganography method, which combines Redundant integer wavelet transform (RI-WT), discrete wavelet transform and Singular value decomposition (SVD) and Logistic chaotic mapping. In 2020, Zhou et al. [8] proposed a non-destructive medical image encryption scheme based on game theory Region of interest (ROI) parameter optimization and ROI position hiding. It realizes lossless encryption and decryption of images, and can flexibly and reliably protect medical images of different types and structures from various attacks. In 2020, Benssalah et al. [9] proposed a new medical image encryption scheme, The scheme combines Elliptic curve cryptography (ECC), Classical hill cipher, Arnold cat map (ACM) and Linear congruence generator (LCG). Introducing Confusion and Diffusion Properties on Encrypted Medical Images via Arnold Cat Mapping and LCG. The proposed encryption scheme is robust against various attacks and provides better security properties compared to state-of-the-art techniques. In 2020, Boussif et al. [10] proposed a novel encryption method. First divide the original image into blocks, then use the Virginia cipher algorithm to encrypt the image block by block, and then use the Arnold transformation to modify the key to protect the DICOM image. In 2021, Sondes Ajili et al. [11] used chaos-based AES algorithm to encrypt watermarked medical images, and experimental results demonstrated the robustness of the proposed scheme against various types of attacks. In 2021, Kamal et al. [12] proposed a new encryption algorithm for encrypting gray and color medical images. This algorithm introduces a new image segmentation technique based on image blocks. The image blocks are scrambled using a zigzag pattern, rotation, and random arrangement, and finally a Logistic chaotic map is used to generate a key to diffuse the scrambled image. In 2022, EI-Shafai et al. [13] proposed a method based on 3D chaos Mapped robust cryptosystem for secure Internet of medical things (IOMT) and medical image encryption in cloud services. Although various encryption schemes have been proposed for securing medical images, some of them still exist Defects in different aspects. With the improvement of computer computing power and the development of cryptanalysis theory, some developed encryption schemes have the risk of being cracked. Due to its unpredictable and ergodic nature, chaos theory is widely used to develop image encryption schemes to protect medical images.

The design of the encryption algorithm is important, but the key with high security and strong randomness plays a vital role. The keys used in the existing image encryption algorithms are all generated by chaotic systems. Chaotic system is a kind of nonlinear dynamical system, because its behavior exhibits extremely sensitive characteristics dependent on initial conditions, so it is very suitable as a key generator in image encryption algorithms. In recent years, many image encryption algorithms based on chaotic systems have been proposed: In 2021, Man et al. [14] proposed to use a five-dimensional conservative hyperchaotic system as the key generator to ensure the randomness of the key. This hyperchaotic system has a larger LE index value, which can guarantee ultra-high chaotic characteristics. In 2021, Sun et al. [15] studied a multi-image encryption scheme based on cascaded gyrator transform and high-dimensional chaos in order to increase the amount of encrypted data and improve transmission efficiency. The adoption of high-dimensional chaos and Kronecker product further ensures the security of the cryptosystem. In 2021, ul Haq et al. [16] constructed a 4D hybrid chaos map with hyperchaotic properties and high randomness behavior using 1D sinograms and 2D Thinker bell diagrams. Furthermore, a new image encryption scheme is introduced to explore the application of the proposed chaotic system. For images of size 256 × 256, the key size is increased by a factor of \(\left( {8!} \right)^{65536}\) , resulting in a strong cryptographic structure against well-known attacks. In 2023, A. Chamoli [17] proposed an optimal encryption method for color images based on 3D Chaotic Baker mapping diffusion model technology. The advantage is that it makes the model intrinsically sensitive to changing any pixel value or key. The efficiency of the algorithm depends on the experimental results. The newly proposed encryption model has built-in features of random binary sequences for the process of encrypting plaintext images into passwords. In 2023, Wang et al. [18] proposed a color image encryption algorithm, which uses double-layer Joseph scrambling, XOR diffusion, and is built on a laser chaotic system. The program first chooses the laser chaotic system because of its advantages of extended bandwidth and fast propagation speed. Simulation performance results show that the newly proposed method is practical.

But some chaos-based cryptosystems have been proven to have lower security levels due to the performance limitations of the chaotic systems used. Therefore, many scholars are committed to improving various chaotic systems: In 2020, Yin et al. [19] proposed a new algorithm for medical image encryption combining genetic simulated annealing particle swarm optimization and an improved quantum chaotic system for better security performance. First, a key stream is generated using a modified quantum chaotic system. Then the plaintext image is processed by the selection and crossover operations of the genetic algorithm. Then the simulated annealing algorithm, Particle swarm optimization (PSO) algorithm and optimized PSO algorithm are used. Through the above operations, the histogram of the scrambled image can be balanced to resist statistical attacks. Experimental results and performance analysis show that the encryption system proposed in this paper can resist many typical attacks, and has high security and encryption efficiency. In 2022, Lai et al. [20] constructed a new non-equilibrium chaotic system by introducing additional variables and constant terms into the three-dimensional chaotic system. Unlike previous nonequilibrium chaotic systems, the new system has period-doubling bifurcations and has the property of enforcing hidden chaotic attractors for large constant terms. Its security is analyzed from the aspects of computational complexity, statistical properties and the ability to resist several common attacks. Compared with several advanced algorithms, CMCT-IEA exhibits excellent security properties. In 2022, Hu et al. [21] proposed a crossed two-dimensional chaotic map that combines a sinusoidal chaotic system with a Logistic chaotic system. Compared with the traditional sinusoidal and Logistic chaotic systems, the new chaotic system has a hyperchaotic state. And the improved chaotic map is applied to the designed quantum image encryption algorithm, and the effectiveness of the improved chaotic system is proved through experimental simulation and security analysis.

Although improving the chaotic system can indeed improve the chaotic characteristics of the original chaotic system, most of the existing improvement methods are to improve the low-dimensional chaotic system or combine two or more low-dimensional chaotic systems. For the appeal problem, we will start with the high-dimensional chaotic system, and use the Lorenz chaotic system as the original chaotic system. By adding new nonlinear adjustment items and control parameters, the pseudo-random numbers generated by it will be more unpredictable. And through a series of chaotic analysis, it is proved that the sequence distribution generated by the improved Lorenz chaotic system is more uniform, and has a wider range of chaotic parameters and better chaotic characteristics. In order to further prove the effectiveness of the improved chaotic system, we use the improved chaotic system as the key generator of the image encryption algorithm. And a threshold scrambling method based on dynamic rotation is designed, a relatively novel filter diffusion method is introduced, and finally the statistical information of pixels is completely changed through dynamic diffusion. Experimental simulation and security analysis show that the algorithm has good security.

The main contributions of this paper are described as follows:

  1. 1.

    Improve the classic Lorenz chaotic system, and prove the effectiveness of the improved chaotic system through the bifurcation diagram, LE value and randomness analysis of the generated key.

  2. 2.

    A threshold scrambling method based on dynamic rotation is proposed, and it has a good scrambling effect.

  3. 3.

    Use the filter diffusion method to perform rapid global diffusion on the scrambled image to change the statistical relationship between pixels.

  4. 4.

    A dynamic diffusion method is designed and plaintext-related parameters are introduced to effectively resist chosen-plaintext attacks.

The rest of the paper is organized as follows: Sect. 2 describes the preparation of this paper. Section 3 introduces the encryption and decryption process in detail. Section 4 analyzes the security performance of the dynamic rotation image encryption scheme based on optimized Lorenz chaos mentioned in this paper. Section 5 concludes the full text.

2 Preparations

2.1 Lorenz chaotic System

The Lorenz system [22] is the first dissipative system found in numerical experiments to exhibit chaotic motion, and its state equation is described as follows:

$$ \left\{ {\begin{array}{*{20}l} {\frac{{{\text{dx}}}}{dt} = a\left( {y - x} \right)} \hfill \\ {\frac{dy}{{dt}} = bx - y - xz} \hfill \\ {\frac{dz}{{dt}} = xy - cz} \hfill \\ \end{array} } \right. $$
(1)

The three parameters are: a is the prandtl number, b is the rayleigh number, and c is the direction ratio. When \({\text{a}} = 10\) and \(c = \frac{8}{3}\), if \(b > 24.74\), the system will enter the chaotic state. When \(b = 28\), the system enters the best chaotic state. Since the Lorenz chaotic system enters the optimal chaotic state only when the parameter is \(b > 28\), this limits the range of chaotic parameters. In order to expand the range of chaotic parameters of the Lorenz system, new nonlinear adjustment items and control parameters are added to generate more unpredictable pseudo-random numbers and increase the key space.

Improved Lorenz system is described as follows:

$$ \left\{ {\begin{array}{*{20}l} {\frac{dx}{{dt}} = a(y - x) \times e^{7} - ceil(a(y - x) \times e^{7} )} \hfill \\ {\frac{dy}{{dt}} = (bx - y - xz) \times e^{7} - ceil((bx - y - xz) \times e^{7} )} \hfill \\ {\frac{dz}{{dt}} = (xy - cz) \times e^{7} - ceil((xy - cz) \times e^{7} ).} \hfill \\ \end{array} } \right. $$
(2)

where a, b and c are system parameters. For specific analysis of chaotic characteristics, please refer to Sect. 2.2.

2.2 Performance analysis of Lorenz chaotic system

2.2.1 Bifurcation diagram analysis

We discuss the bifurcation diagrams of the classical Lorenz chaotic system and the improved Lorenz chaotic system respectively. When the control parameters are changed, in order to obtain better randomness, the output of the chaotic map should cover the whole area as much as possible and should be dispersed as much as possible instead of clustering to a specific part of the area. As shown in Fig. 1, the bifurcation diagram of the improved Lorenz chaotic system presents an approximately uniform pseudo-random distribution feature, indicating that the sequence distribution has good ergodicity. The uniformity of the distribution is significantly improved compared to the sequence distribution generated by the classical Lorenz chaotic system.

Fig. 1
figure 1

Bifurcation diagram analysis: a bifurcation diagram of Lorenz chaotic system, b improve bifurcation diagram of Lorenz chaotic system

Full size image

2.2.2 Lyapunov index analysis

The LE [23] quantitatively describes the speed at which adjacent phase space orbits diverge or converge exponentially. Whether the maximum LE value is positive can very intuitively determine whether the system is in a chaotic state. The larger the positive value, the more obvious the chaotic characteristics and the higher the degree of chaos. The mathematical formula for calculating LE is defined as follows:

$$ \lambda = \mathop {\lim }\limits_{x \to \infty } \frac{1}{n}\sum\nolimits_{i = 0}^{n - 1} {\ln \left| {g^{\prime}(x_{i} )} \right|} $$
(3)

where \(g(x_{i} )\) is a time series of size n generated by the chaotic system. When \(\lambda > 0\) indicates that the dynamic system is unstable, it indicates that the system is chaotic and unpredictable. On the contrary, when \(\lambda < 0\), it indicates that the system is stable and non-chaotic.

Figure 2 shows the LE distribution of the Lorenz chaotic system before and after improvement. It can be clearly seen that only when the chaotic parameter before improvement is \(b > 28\), it enters the optimal chaotic state, while the improved chaotic parameter \(b > 0\) belongs to the optimal chaotic state. It should be noted that the LE value of the improved Lorenz chaotic system is relatively large, fluctuating around 14.3, which means that the improved Lorenz chaotic system has a wider range of control parameters and better chaotic characteristics.

Fig. 2
figure 2

Lyapunov index analysis: a LE graph for Lorenz chaotic system, b LE graph for improved Lorenz chaotic system

Full size image

2.2.3 The 0–1 test

The 0–1 test [24] is suitable for discrete sampled time series data and does not require phase space reconstruction. In this section, the 0–1 test of the chaotic system can achieve the effect of distinguishing periodic signals from chaotic signals. Observing the test results, if the signal is periodic, the value of K is close to 0. If the signal is chaotic, the value of K is close to 1.

We consider the chaotic sequence \(\phi \left( j \right)\) of system (2) and then define the translation components \(p_{c}\), \(q_{c}\) and mean square displacement \(M_{c} \left( n \right)\) are defined as follows:

$$ p_{c} \left( n \right) = \sum\limits_{j = 1}^{n} {\phi \left( j \right)\cos } \left( {jc} \right),\;q_{c} \left( n \right) = \sum\limits_{j = 1}^{n} {\phi \left( j \right)\sin } \left( {jc} \right){\kern 1pt} {\kern 1pt} $$
(4)
$$ M_{c} \left( n \right) = \mathop {\lim }\limits_{N \to \infty } \frac{1}{N}\sum\limits_{j = 1}^{N} {\left[ {p_{c} \left( {j + n} \right) - p_{c} \left( j \right)} \right]^{2} } + \left[ {q_{c} \left( {j + n} \right) - q_{c} \left( j \right)} \right]^{2} $$
(5)

where \(n = 1,...,N\), \(N = 5000\), c are arbitrary constants in the range of \(\left( {0,2\pi } \right){\kern 1pt} {\kern 1pt} {\kern 1pt}\).

From this, we can define the progressive growth rate \(K_{c}\) as defined as follows:

$$ K_{c} = \mathop {\lim }\limits_{n \to \infty } \frac{{\log M_{c} \left( n \right)}}{\log \left( n \right)} $$
(6)

Figure 3 shows the comparison dot plot of 0–1 test of Lorenz chaotic system before and after improvement. As can be seen from the figure, the improved Lorenz system has a larger range of K value reaching 1, which proves that there are more chaotic signals in the improved chaotic system, which means that the improved chaotic system presents better chaos than the unimproved Lorenz system.

Fig. 3
figure 3

The 0–1 text: a 0–1 test point diagram of Lorenz chaotic system, b 0–1 test point plot of improved Lorenz chaotic system

Full size image

2.2.4 Permutation entropy analysis

Permutation Entropy (PE) [25] is defined by Bandt and Pompe. This paper presents an effective method for detecting the randomness of time series and the complexity of motion states of nonlinear systems. The larger the value of permutation entropy is, the better the chaotic degree of the sequence generated by the chaotic system is and the more complex the dynamic behavior is. In this subsection, we use the PE method to measure the permutation entropy of the Lorenz chaotic system before and after the improvement, and compare the two.

Figure 4 shows the permutation entropy values of the Lorenz chaotic system before and after the improvement. It can be seen from the figure that the permutation entropy value of the improved Lorenz chaotic system is larger than that of the system before the improvement, and the chaotic effect is idealized, which proves that it has better nonlinear characteristics and more complex dynamic behavior.

Fig. 4
figure 4

Permutation entropy analysis: a Permutation entropy diagram of Lorenz chaotic system, b Permutation entropy diagram of improved Lorenz chaotic system

Full size image

2.2.5 Sample entropy analysis

Sample Entropy (SE) [26] is a new evaluation method of test time series complexity based on approximate entropy, which is used to describe the output similarity of dynamic systems. The larger the calculated SE value, the lower the regularity of the system and the more complex the chaotic behavior of the system. We define the m-dimensional time series \(\left\{ {x_{1} ,x_{2} ,...,x_{N} } \right\}\) as follows:

$$ SE\left( {m,r,N} \right) = {\kern 1pt} {\kern 1pt} {\kern 1pt} - \log \frac{A}{B} $$
(7)

where \(X_{m} \left( i \right) = {\kern 1pt} {\kern 1pt} {\kern 1pt} \left\{ {x_{i} ,x_{i + 1} ,...,x_{i + m + 1} } \right\}\), \(m\) is the reconstruction dimension, \(r\) is the calculation threshold, we usually set \(m = 2{\kern 1pt} {\kern 1pt} ,{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} r = 0.2{\kern 1pt} {\kern 1pt} \times {\kern 1pt} {\kern 1pt} {\kern 1pt} std\), (where \(std\) is the standard deviation of the measured time series). Where \(A,B\) denotes the number of vectors of \(d[X_{m + 1} \left( i \right){\kern 1pt} {\kern 1pt} ,{\kern 1pt} {\kern 1pt} {\kern 1pt} X_{m + 1} \left( j \right){\kern 1pt} {\kern 1pt} {\kern 1pt} ]{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} < {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} r{\kern 1pt} {\kern 1pt} {\kern 1pt}\) and \(d[X_{m} \left( i \right){\kern 1pt} {\kern 1pt} ,{\kern 1pt} {\kern 1pt} {\kern 1pt} X_{m} \left( j \right){\kern 1pt} {\kern 1pt} {\kern 1pt} ]{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} < {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} r{\kern 1pt}\), respectively. Where \(d[X_{m} \left( i \right){\kern 1pt} {\kern 1pt} ,{\kern 1pt} {\kern 1pt} {\kern 1pt} X_{m} \left( j \right){\kern 1pt} {\kern 1pt} {\kern 1pt} ]{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} < {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} r{\kern 1pt}\), denotes the Chebyshev distance between \(X_{m} \left( i \right)\) and \(X_{m} \left( j \right){\kern 1pt}\).

Figure 5 shows the sample entropy values of the improved Lorenz chaotic system respectively, and it can be seen from the figure that the SE value of the classical Lorenz chaotic system shows a decreasing trend and has a small value, that is, the complexity is poor. The SE value of the improved Lorenz chaos shows an upward trend, and the value is larger than that of the chaotic SE value before the improvement, that is, the complexity is enhanced.

Fig. 5
figure 5

Sample entropy analysis: a Sample entropy plot of Lorenz chaotic system, b Sample entropy plot of improved Lorenz chaotic system

Full size image

2.2.6 NIST-800-22 test

The National institute of standards and technology (NIST) [27] released a set of test sets for testing the quality of random number generators. The NIST test consists of 15 subtests for testing random (arbitrary length) binary sequences generated by a hardware-based or software-based encrypted random number or pseudorandom number generator. In the test experiments in this paper, we first run the modified Lorenz chaotic system using the MATLABR2022b software so that it produces chaotic test sequences. The floor() function is then used to perform a rounding operation on the chaotic test sequence to transform it into a sequence of decimal integers. And then the dec2bit() function is used to convert the sequence of decimal chaotic test integers to their binary representation. Finally the chaotic test sequence in binary form is saved in.mat format and NIST test is performed on it. When \(p \ge 0.01\), the results of this subtest indicate that the test sequence is random and unpredictable. Conversely, if \(p \le 0.01\), the test sequence is not random. It can be seen from Table 1 that the improved chaotic system in this paper has high randomness and unpredictability.

Table 1 NIST test results for binary sequences produced by the modified Lorenz chaotic system
Full size table

2.3 Filter operation

Image filtering [28] is currently one of the most concerned and popular image processing techniques, such as image deblurring, image smoothing, and edge detection, etc. The commonly used definition of filtering in convolution operations is that a filter is a one-dimensional or two-dimensional matrix applied to each image pixel and its neighbors, where the central element of the filter is usually aligned with the current pixel and the other elements correspond to the neighbors. All multiplications between the filtered elements and the image pixels are then summed to obtain the filtered result. The filtering operation is shown in Fig. 6 Assuming that the size of the two-dimensional filtering mask is (2M+1) × (2M+1), the mathematical convolution operation of image filtering can be defined as:

$$ Out_{x,y} = \sum\nolimits_{i = - M}^{M} {\sum\nolimits_{j = - M}^{M} {W_{i + M + 1,j + M + 1} I_{x + 1,y + 1} } } $$
(8)

where \(W\) is the filter mask, and \(I\) represents the original image.

Fig. 6
figure 6

An example of an image filtering operation

Full size image

Where \(E_{2.2}\) is the filtered pixel of the corresponding pixel in the original image.

In 2017, Nianhua et al. [29] introduced Proposition 1 to prove that the filtering operation is reversible under certain conditions, so the filtering operation can be used to perform diffusion encryption on the image.

Proposition 1 For any given filter mask W of size (2M+1) × (2M+1), a plaintext image p of size \(X \times Y\), and \(p^{\prime}\) with gray level F, the specific operation is described as follows:

$$ I_{x,y} = \left( {\sum\nolimits_{i = - M}^{M} {\sum\nolimits_{j = - M}^{M} {W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } } } \right)\bmod \;F $$
(9)

The inverse operation is described as follows:

$$ P_{x,y} = (I_{x,y} - \sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne (0,0)}} W_{i + M + 1,j + M + 1} P_{x + 1,j + 1} } )mod{\kern 1pt} \;F $$
(10)

If \(P \in N,\;W \in N\), and \(W_{M + 1,M + 1} = 1\).

Proof: Since \(W_{M + 1,M + 1} = 1\), formula (5) can be rewritten as:

$$ \begin{aligned} I_{x,y} & = \left( {\left( {\sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } } \right) + W_{M + 1,M + 1} P_{x,y} } \right)\bmod F \\ & \quad = \left( {\left( {\sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } } \right) + P_{x,y} } \right)\bmod F \\ & \quad = \left( {\sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } } \right) + P_{x,y} - kF \\ \end{aligned} $$
(11)

where k is an integer. Substitute into the above formula to get:

$$ {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} P_{x,y} {\kern 1pt} {\kern 1pt} {\kern 1pt} = I_{x,y} + kF - \sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } $$
(12)

Because \(P \in N\), F is the gray level of P, \(0 \le P_{x,y} < F\), so formula (8) can be written as:

$$ \begin{aligned} P_{x,y} & = \left( {I_{x,y} + kF - \sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } } \right)\bmod F \\ & \quad = \left( {I_{x,y} - \sum {_{{i,j \in \left\{ { - M,...,M} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + M + 1,j + M + 1} P_{x + 1,y + 1} } } \right)\bmod F \\ \end{aligned} $$
(13)

Proposition 1 is proved.

3 Image encryption algorithm

A dynamic rotation image encryption algorithm based on optimized Lorenz chaos is proposed. The algorithm mainly includes improving chaotic system, dynamic round-robin scrambling, filter diffusion and dynamic diffusion. The encryption flow chart is shown in Fig. 7.

Fig. 7
figure 7

Encryption flowchart

Full size image

3.1 Encryption process

Step1 Take a plaintext image \(P\) of size \(M \times N\) as the test image.

Step2 Divide the plaintext image up and down into two image blocks \(P_{img1}\) and \(P_{img2}\) of equal size.

$$ \left\{ {\begin{array}{*{20}l} {P_{img1} = P(1:\frac{M}{2},1:N)} \hfill \\ {P_{img2} = P(\frac{M}{2} + 1;M,1:N)} \hfill \\ \end{array} } \right. $$
(14)

Step3 Take \(x_{0} ,y_{0} ,z_{0}\) as initial values, iterate the chaotic system (2) \(t_{0}\) times to generate the chaotic sequences X, Y, Z, delete the results of the first 200 iterations to avoid the avalanche effect, and obtain random keys \(Lor_{key1} ,Lor_{key2} ,Lor_{key3}\) after transformation.

$$ \left\{ {\begin{array}{*{20}c} {Lor_{key1} = \bmod \left( {floor\left( {\left( {X\left( {200:200 + M \times N} \right) \times 10^{15} } \right),256} \right)} \right)} \\ {Lor_{key2} = \bmod \left( {floor\left( {\left( {Y\left( {200:200 + M \times N} \right) \times 10^{15} } \right),256} \right)} \right)} \\ {Lor_{key3} = \bmod \left( {floor\left( {\left( {Z\left( {200:200 + M \times N} \right) \times 10^{15} } \right),256} \right)} \right)} \\ \end{array} } \right. $$
(15)

Among them, the \(\bmod \left( {} \right)\) function is the remainder, the \(floor\left( {} \right)\) function is the rounding down, and \(t_{0}\) is evaluated 7000 times.

Step4 Use keys \(Lor_{key2}\) and \(Lor_{key3}\) to construct chaos control table \(CCT\).

$$ CCT = reshape\left( {\bmod \left( {bitxor\left( {Lor_{key2} ,Lor_{key3} } \right),\frac{M}{2}} \right),M,N} \right) $$
(16)

Step5 Use chaotic sequences \(X\) and \(Y\) to construct chaotic exchange tables \({\kern 1pt} Cha_{tab1} {\kern 1pt}\), \(Cha_{tab2}\) and \(Cha_{tab3}\), \(Cha_{tab4}\).

$$ \left\{ {\begin{array}{*{20}c} {Cha_{tab1} = floor\left( {\bmod \left( {X \times 10^{16} ,\frac{M}{2}} \right)} \right) + 1} \\ {Cha_{tab2} = floor\left( {\bmod \left( {X \times 10^{16} ,M} \right)} \right) + 1} \\ \end{array} } \right. $$
(17)
$$ \left\{ {\begin{array}{*{20}c} {Cha_{tab3} = floor\left( {\bmod \left( {Y \times 10^{16} ,\frac{M}{2}} \right)} \right) + 1} \\ {Cha_{tab4} = floor\left( {\bmod \left( {Y \times 10^{16} ,M} \right)} \right) + 1} \\ \end{array} } \right. $$
(18)

Step6-A Use the chaos exchange tables \(Cha_{tab1}\) and \(Cha_{tab2}\) obtained in Step5 to calculate and obtain \(x\) coordinate range \(XT_{1}\) and \(y\) coordinate range \(YT_{1}\) respectively. Using \(XT_{1}\) and \(YT_{1}\) to calculate 4 exchanged coordinate pairs \(\left( {C_{x12} ,C_{y12} } \right)\), \(\left( {{\text{C}}_{x22} ,{\text{C}}_{y22} } \right)\), \(\left( {{\text{C}}_{x32} ,{\text{C}}_{y32} } \right)\), \(\left( {{\text{C}}_{x42} ,{\text{C}}_{y42} } \right)\).

$$ XT_{1} = \left\{ {\begin{array}{*{20}l} {\bmod \left( {Cha_{tab1} \left( {i,j} \right) + \mu 1,\frac{M}{2}} \right) + 1,if{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} abs\left( {Cha_{tab1} {\kern 1pt} {\kern 1pt} {\kern 1pt} \left( {i,j} \right) - 2i} \right) < \frac{M}{2}} \hfill \\ {Cha_{tab1} \left( {i,j} \right)} \hfill \\ \end{array} } \right. $$
(19)
$$ {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} \left\{ {\begin{array}{*{20}l} {\left\{ {\begin{array}{*{20}l} {C_{x12} = unique\left( {XT_{1} \left( {1:\frac{M \times N}{5}} \right)} \right)} \hfill \\ {C_{x12} \left( {find\left( {C_{x12} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \hfill \\ {\left\{ {\begin{array}{*{20}l} {C_{x22} = unique\left( {XT_{1} \left( {\frac{M \times N}{5}:\frac{M \times N}{4}} \right)} \right)} \hfill \\ {C_{x22} \left( {find\left( {C_{x22} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \hfill \\ {\left\{ {\begin{array}{*{20}l} {C_{x32} = unique\left( {XT_{1} \left( {\frac{M \times N}{4}:\frac{M \times N}{3}} \right)} \right)} \hfill \\ {C_{x32} \left( {find\left( {C_{x32} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \hfill \\ {\left\{ {\begin{array}{*{20}l} {C_{x42} = unique\left( {XT_{1} \left( {\frac{M \times N}{3}:\frac{M \times N}{2}} \right)} \right)} \hfill \\ {C_{x42} \left( {find\left( {C_{x42} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \hfill \\ \end{array} } \right. $$
(20)
$$ YT_{1} = \left\{ {\begin{array}{*{20}l} {\bmod \left( {Cha_{tab2} \left( {i,j} \right),N} \right) + 1,if{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} abs\left( {Cha_{tab2} {\kern 1pt} {\kern 1pt} {\kern 1pt} \left( {i,j} \right) - i} \right) < \frac{N}{2}} \hfill \\ {Cha_{tab2} \left( {i,j} \right)} \hfill \\ \end{array} } \right. $$
(21)
$$ \left\{ {\begin{array}{*{20}c} {\left\{ {\begin{array}{*{20}l} {C_{y12} = unique\left( {YT_{1} \left( {1:\frac{M \times N}{5}} \right)} \right)} \hfill \\ {C_{y12} \left( {find\left( {C_{y12} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{y22} = unique\left( {YT_{1} \left( {\frac{M \times N}{5}:\frac{M \times N}{4}} \right)} \right)} \hfill \\ {C_{y22} \left( {find\left( {C_{y22} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{y32} = unique\left( {YT_{1} \left( {\frac{M \times N}{4}:\frac{M \times N}{3}} \right)} \right)} \hfill \\ {C_{y32} \left( {find\left( {C_{y32} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{y42} = unique\left( {YT_{1} \left( {\frac{M \times N}{3}:\frac{M \times N}{2}} \right)} \right)} \hfill \\ {C_{y42} \left( {find\left( {C_{y42} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ \end{array} } \right. $$
(22)

Step6-B Use the chaos exchange tables \(Cha_{tab3}\) and \(Cha_{tab4}\) obtained in Step5 to calculate and obtain \(x\) coordinate range \(XT_{2}\) and \(y\) coordinate range \(YT_{2}\) respectively. Using \(XT_{2}\) and \(YT_{2}\) to calculate 4 exchanged coordinate pairs \(\left( {{\text{C}}_{x13} ,{\text{C}}_{y13} } \right)\), \(\left( {{\text{C}}_{x23} ,{\text{C}}_{y23} } \right)\), \(\left( {{\text{C}}_{x33} ,{\text{C}}_{y33} } \right)\), \(\left( {{\text{C}}_{x43} ,{\text{C}}_{y43} } \right)\).

$$ XT_{2} = \left\{ {\begin{array}{*{20}l} {\bmod \left( {Cha_{tab3} \left( {i,j} \right) + \mu 1,\frac{M}{2}} \right) + 1,if{\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} abs\left( {Cha_{tab3} {\kern 1pt} {\kern 1pt} {\kern 1pt} \left( {i,j} \right) - 2i} \right) < \frac{M}{2}} \hfill \\ {Cha_{tab3} {\kern 1pt} {\kern 1pt} {\kern 1pt} \left( {i,j} \right)} \hfill \\ \end{array} } \right. $$
(23)
$$ {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} {\kern 1pt} \left\{ {\begin{array}{*{20}c} {\left\{ {\begin{array}{*{20}l} {C_{x13} = unique\left( {XT_{2} \left( {1:\frac{M \times N}{5}} \right)} \right)} \hfill \\ {C_{x13} \left( {find\left( {C_{x13} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{x23} = unique\left( {XT_{2} \left( {\frac{M \times N}{5}:\frac{M \times N}{4}} \right)} \right)} \hfill \\ {C_{x23} \left( {find\left( {C_{x23} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{x33} = unique\left( {XT_{2} \left( {\frac{M \times N}{4}:\frac{M \times N}{3}} \right)} \right)} \hfill \\ {C_{x33} \left( {find\left( {C_{x33} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{x43} = unique\left( {XT_{2} \left( {\frac{M \times N}{3}:\frac{M \times N}{2}} \right)} \right)} \hfill \\ {C_{x43} \left( {find\left( {C_{x43} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ \end{array} } \right. $$
(24)
$$ YT_{2} = \left\{ {\begin{array}{*{20}l} {\bmod \left( {Cha_{tab4} \left( {i,j} \right),N} \right) + 1,if\;abs\left( {Cha_{tab4} \left( {i,j} \right) - i} \right) < \frac{N}{2}} \hfill \\ {Cha_{tab4} \left( {i,j} \right)} \hfill \\ \end{array} } \right. $$
(25)
$$ \left\{ {\begin{array}{*{20}c} {\left\{ {\begin{array}{*{20}l} {C_{y13} = unique\left( {YT_{2} \left( {1:\frac{M \times N}{5}} \right)} \right)} \hfill \\ {C_{y13} \left( {find\left( {C_{y13} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{y23} = unique\left( {YT_{2} \left( {\frac{M \times N}{5}:\frac{M \times N}{4}} \right)} \right)} \hfill \\ {C_{y23} \left( {find\left( {C_{y23} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{y33} = unique\left( {YT_{2} \left( {\frac{M \times N}{4}:\frac{M \times N}{3}} \right)} \right)} \hfill \\ {C_{y33} \left( {find\left( {C_{y33} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ {\left\{ {\begin{array}{*{20}l} {C_{y43} = unique\left( {YT_{2} \left( {\frac{M \times N}{3}:\frac{M \times N}{2}} \right)} \right)} \hfill \\ {C_{y43} \left( {find\left( {C_{y43} = 0} \right) = []} \right)} \hfill \\ \end{array} } \right.} \\ \end{array} } \right. $$
(26)

Among them, the \(i = 1,2,3,...,M,j = 1,2,3,...,N_{ \circ }\).\(unique\left( {} \right)\) function is to remove the repeated numbers in the matrix, the \(find\left( {} \right)\) function is to return the position of the non-zero element in the vector, and means to save the 0 element as empty.

Step7 Threshold rotation scrambling: perform intra-block scrambling and inter-block scrambling on the two image blocks \(P_{img1}\) and \(P_{img2}\), in order to improve the efficiency and effect of image scrambling, thereby completely reducing the correlation of adjacent pixels of the image. Before selecting the two pixels to be randomly exchanged, add a judgment threshold of \(Cor_{thr}\), only when the difference between the two pixels to be exchanged is greater than \(Cor_{thr}\), the exchange is performed, otherwise the random coordinates need to be rotated and rejudged until the difference between two pixels is greater than the threshold \(Cor_{thr}\), a schematic diagram of inter-block scrambling within a block is shown in Fig. 8, and a schematic diagram of round-robin scrambling based on an intra-block inter-block scrambling is shown in Fig. 9.

Fig. 8
figure 8

Intra-block and inter-block scrambling

Full size image
Fig. 9
figure 9

Dynamic round-robin scrambling based on intra-block and inter-block thresholds

Full size image

Step7-A If the chaos control table \(CCT > \frac{M}{2}\), then carry out image block \(P_{img1}\) built-in chaos.

$$ \left\{ {\begin{array}{*{20}l} {P_{img1} \left( {i,j} \right) - P_{img1} \left( {C_{x12} \left( i \right),C_{y12} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img1} \left( {C_{x12} \left( i \right),C_{y12} \left( j \right)} \right)} \hfill \\ {P_{img1} \left( {C_{x12} \left( i \right),C_{y12} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(27)
$$ \left\{ {\begin{array}{*{20}l} {P_{img1} \left( {i,j} \right) - P_{img1} \left( {C_{x22} \left( i \right),C_{y22} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img1} \left( {C_{x22} \left( i \right),C_{y22} \left( j \right)} \right)} \hfill \\ {P_{img1} \left( {C_{x22} \left( i \right),C_{y22} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(28)
$$ \left\{ {\begin{array}{*{20}l} {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img1} \left( {C_{x32} \left( i \right),C_{y32} \left( j \right)} \right)} \hfill \\ {P_{img1} \left( {C_{x32} \left( i \right),C_{y32} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(29)

If the chaos control table \(CCT \le \frac{M}{2}\), then carry out image block \(P_{img2}\) built-in chaos.

$$ \left\{ {\begin{array}{*{20}l} {P_{img2} \left( {i,j} \right) - P_{img2} \left( {C_{x13} \left( i \right),C_{y13} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img2} \left( {i,j} \right)} \hfill \\ {P_{img2} \left( {i,j} \right) = P_{img2} \left( {C_{x13} \left( i \right),C_{y13} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x13} \left( i \right),C_{y13} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(30)
$$ \left\{ {\begin{array}{*{20}l} {P_{img2} \left( {i,j} \right) - P_{img2} \left( {C_{x23} \left( i \right),C_{y23} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img2} \left( {i,j} \right)} \hfill \\ {P_{img2} \left( {i,j} \right) = P_{img2} \left( {C_{x23} \left( i \right),C_{y23} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x23} \left( i \right),C_{y23} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(31)
$$ \left\{ {\begin{array}{*{20}l} {\tau = P_{img2} \left( {i,j} \right)} \hfill \\ {P_{img2} \left( {i,j} \right) = P_{img2} \left( {C_{x33} \left( i \right),C_{y33} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x33} \left( i \right),C_{y33} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(32)

Step7-B If the chaos control table is \(CCT > \frac{M}{2}\), perform inter-block scrambling according to the swap coordinate pairs obtained in Step6-A.

$$ \left\{ {\begin{array}{*{20}l} {P_{img1} \left( {i,j} \right) - P_{img2} \left( {C_{x12} \left( i \right),C_{y12} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img2} \left( {C_{x12} \left( i \right),C_{y12} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x12} \left( i \right),C_{y12} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(33)
$$ \left\{ {\begin{array}{*{20}l} {P_{img1} \left( {i,j} \right) - P_{img2} \left( {C_{x22} \left( i \right),C_{y22} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img2} \left( {C_{x22} \left( i \right),C_{y22} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x22} \left( i \right),C_{y22} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(34)
$$ \left\{ {\begin{array}{*{20}l} {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img2} \left( {C_{x32} \left( i \right),C_{y32} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x32} \left( i \right),C_{y32} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(35)

If the chaos control table is \(CCT \le \frac{M}{2}\), perform inter-block scrambling according to the swap coordinate pairs obtained in Step6-B.

$$ \left\{ {\begin{array}{*{20}l} {P_{img1} \left( {i,j} \right) - P_{img2} \left( {C_{x13} \left( i \right),C_{y13} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img2} \left( {C_{x13} \left( i \right),C_{y13} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x13} \left( i \right),C_{y13} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(36)
$$ \left\{ {\begin{array}{*{20}l} {P_{img1} \left( {i,j} \right) - P_{img2} \left( {C_{x23} \left( i \right),C_{y23} \left( j \right)} \right) > Cor_{thr} } \hfill \\ {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img2} \left( {C_{x23} \left( i \right),C_{y23} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x23} \left( i \right),C_{y23} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(37)
$$ \left\{ {\begin{array}{*{20}l} {\tau = P_{img1} \left( {i,j} \right)} \hfill \\ {P_{img1} \left( {i,j} \right) = P_{img2} \left( {C_{x33} \left( i \right),C_{y33} \left( j \right)} \right)} \hfill \\ {P_{img2} \left( {C_{x33} \left( i \right),C_{y33} \left( j \right)} \right) = \tau } \hfill \\ \end{array} } \right. $$
(38)

Step8 Concatenate the two image blocks \(P_{img1}\) and \(P_{img2}\):

$$ PZ = \left[ {P_{img1} :P_{img2} } \right] $$
(39)

Step9 Further perform index scrambling on the integrated image \(PZ\) to completely reduce the correlation of adjacent pixels:

$$ SCRP = PZ\left( {index\left( X \right)} \right) $$
(40)

Step10 Use the first group of masks \(W\) of size \(3 \times 3\) generated by chaotic sequence X, and the masks can be used continuously.

$$ \left\{ {\begin{array}{*{20}l} {Key_{W} = \bmod \left( {floor\left( {\left( {X\left( {200:200 + M \times N \times 9} \right) \times 10^{15} } \right),256} \right)} \right)} \hfill \\ {W = Key\left( {0:9} \right)} \hfill \\ \end{array} } \right. $$
(41)

Step11 Combining the mask W given in Proposition 1 and Step10, we can design the image filtering operation for image encryption as:

$$ EN_{x,y} = ((\sum {_{{i,j \in \left\{ { - 2M, \ldots ,0} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} W_{i + 2M + 1,j + 2M + 1} EN_{x + 1,y + 1} ) + SCRP_{x,y} )\bmod \;F} $$
(42)

Step12 Further perform dynamic diffusion processing on \(DE_{x,y}\) to obtain the final ciphertext image.

$$ \left\{ {\begin{array}{*{20}l} {\sigma = \bmod \left( {floor\left( {Lor_{key2} \times 10^{16} } \right),\theta } \right)} \hfill \\ {DE\left( 1 \right) = \bmod \left( {bitxor\left( {DE\left( 1 \right) + \sigma ,Lor_{key1} \left( 1 \right)} \right),256} \right)} \hfill \\ {DE\left( {i + 1,j + 1} \right) = bitxor\left( {bitxor\left( {DE\left( {i,j} \right),Lor_{key2} \left( {i,j} \right)} \right),Lor_{key3} \left( {i,j} \right)} \right)} \hfill \\ \end{array} } \right. $$
(43)

where \(\theta\) represents the user control parameter, \(i = 1,2,3,...,M,\)\(j =\)\(1,2,3,...,N_{ \circ }\).

3.2 Decryption process

Since the proposed algorithm is a symmetric encryption algorithm, the decryption algorithm is the inverse process of the encryption algorithm. The decryption steps are summarized as follows:

Step1 By using the generated control parameters \(\sigma\) and the key \(Lor_{key1} ,Lor_{key2} ,Lor_{key3}\), the inverse dynamic diffusion operation is performed on the ciphertext image \(DE\) to obtain the image \(DE^{\prime}\).

Step2 By utilizing mask \(W\), image \(DE^{\prime}\) is applied inverse dynamic diffusion operation to obtain image \(D\).

The inverse filtering operation is formulated as follows:

$$ D_{x,y} = \left( {EN_{x,y} - \sum\nolimits_{{i,j \in \left\{ { - 2M,...,0} \right\} \cap \left( {i,j} \right) \ne \left( {0,0} \right)}} {W_{i + 2M + 1,j + 2M + 1} EN_{x + 1,y + 1} } } \right)\bmod {\kern 1pt} {\kern 1pt} F $$
(44)

Step3 By using chaotic sequence X, image \(D\) is scrambled by inverse index to obtain image \(PCA\).

Step4 By using the exchange coordinate pairs generated by the chaotic exchange table \(Cha_{tab1}\), \(Cha_{tab2}\), \(Cha_{tab3}\) and \(Cha_{tab4}\), under the control of the judgment threshold \(Cor_{thr}\), the image \(PCA\) was rotated and scrambled by inverse threshold, and finally the plaintext image \(srcImg\) was solved.

The decryption flow chart is shown in Fig. 10.

Fig. 10
figure 10

Decryption flowchart

Full size image

4 Experimental simulation and performance analysis

4.1 Key space analysis

With the development of supercomputers around the world (Such as Fugaku supercomputer in Japan, its peak performance has reached 537210.00 \(TFlop/S\); Summit supercomputer in the United States, peak computing performance is 200794.90 \(TFlop/S\); Sunway TaihuLight supercomputer in China, The peak computing performance is 125435.90 \(TFlop/S\)), which makes it possible to attack digitally encrypted images. Therefore, critical keyspace analysis becomes necessary. A keyspace is the set of all possible keys that can be used to generate a key, and its size depends on the length of the security key. It is one of the most important characteristics that determine the strength of a cryptosystem [30]. The size of the keyspace is determined by all the parameters used in the encryption process. When the keyspace is larger than \(2^{100}\), it is resistant to attacks such as brute force attacks. The main keys in the encryption algorithm proposed in this paper are all generated by the improved Lorenz chaotic system. The precision of the computer is \({\kern 1pt} 10^{ - 16}\), and the key space for this scheme is \({\kern 1pt} \left( {10^{16} } \right)^{6} = 10^{96} > 2^{288} > 2^{100}\). Judging from the computing power of current computers, our scheme can effectively resist brute force attacks.

4.2 Key sensitivity analysis

Generally speaking, a good encryption algorithm requires that the encryption key be sensitive enough, which means that even a small change in the encryption key can cause a large change in the encrypted image. In this paper, by changing the initial parameter x of the chaotic system, the key sensitivity error value is calculated. The sensitivity error of the classical chaotic system to the initial parameter x is only \(10^{ - 17}\), while the sensitivity of the improved Lorenz chaotic system is enhanced. Its corresponding decrypted image result is shown in Fig. 11. When the key deviation is \(10^{ - 19}\), the image cannot be decrypted successfully. However, when the key deviation is \(10^{ - 20}\), the original image can be decrypted. It can be seen that the image is not allowed to be successfully decrypted when the key used for decryption purposes is slightly changed. It is proved that the key of the model proposed in this paper is extremely sensitive and can effectively resist brute force attack.

Fig. 11
figure 11

Key sensitivity analysis: a The original picture of “wrist”, b is the image encrypted using \(x_{1} + 10^{ - 19}\), c is the image of the failed decryption using \(x_{1}{\prime} + 10^{ - 19}\), d is the image encrypted using \(x_{2} + 10^{ - 20}\), e is the image of the successfully decrypted using \(x_{2}{\prime} + 10^{ - 20}\), f is the “foot” original image, g is the image encrypted using \(x_{3} + 10^{ - 19}\), h is the image of the failed decryption using \(x_{3}{\prime} + 10^{ - 19}\), i is the image encrypted using \(x_{4} + 10^{ - 20}\), j is the image of the successfully decrypted using \(x_{4}{\prime} + 10^{ - 20}\)

Full size image

In order to observe the difference between the encrypted image and the incorrectly decrypted image more intuitively, this paper also uses the mean squared error (MSE) [31] standard for data analysis, and the data results are shown in Table 2.

$$ MSE = \frac{1}{M \times N}\sum\nolimits_{i = 1}^{M} {\sum\nolimits_{j = 1}^{N} {\left( {p\left( {i,j} \right) - d\left( {i,j} \right)} \right)^{2} } } $$
(45)
Table 2 Mean square error analysis
Full size table

Among them, M and N represent the size of the image, and \(\left( {i,j} \right)\) represents the coordinate points in the plaintext image p and the decrypted image d. The larger the MSE data measured experimentally in Table 2, the more secure the proposed encryption scheme.

4.3 Information entropy analysis

Entropy is an important measure of the amount of uncertainty in a system. It measures the uniform distribution of pixels in an image [32]. If the information entropy is equal to the bit length, the system is not vulnerable to statistical attacks. The mathematical equation for calculating entropy is described as follows:

$$ H\left( m \right) = - \sum\nolimits_{i = 0}^{{2^{N} - 1}} {p\left( {m_{i} } \right)} \log_{2} p\left( {m_{i} } \right) $$
(46)

where \(N\) represents the gray level of the image, and \(\log_{2} p\left( {m_{i} } \right)\) represents the probability that the gray level \(m_{i}\) appears in the image. For an ideal ciphertext image in the range of \(\left[ {0,255} \right]\), the entropy value is 8. The test results of the method proposed in this paper are shown in Table 3. By comparing other literatures, it can be seen that the entropy value of the scheme proposed in this paper is closer to the theoretical value.

Table 3 Information entropy for the encryption
Full size table

4.4 Histogram analysis

Histogram refers to the frequency statistics of each gray value in the image, reflecting the most basic statistical characteristics of the image [37]. If the encrypted image has a relatively average histogram, the ciphertext is considered to have high security. The encryption and decryption results of the proposed encryption algorithm are shown in Fig. 12, and the histogram analysis is shown in Fig. 13. As can be seen from the figure, the gray level distribution of plaintext image pixels is extremely uneven and fluctuates greatly, which means its pseudo-randomness and redundancy are low, and it is easy for attackers to obtain image-related information. Both fusion schemes show good consistency on the histogram of the ciphertext image, with high image redundancy and pseudo-randomness, effectively. It conceals the statistical probability distribution characteristics of the gray value of the pixel.

Fig. 12
figure 12

Experimental results: a plain-image of “wrist”, b plain-image of “skull”, c plain-image of “thorax”, d plain-image of “foot”, e cipher-image of “wrist”, f cipher-image of “skull”, g cipher-image of “thorax”, h cipher-image of “foot”, i decryptionimage of “wrist”, j decryption-image of “skull”, k decryption-image of “thoraxand”, l decryption-image of “foot”

Full size image
Fig. 13
figure 13

Histogram analysis: a–d are plaintext images of “wrist”, “skull”, “thorax”, and “foot”, e–h are the plain-text histograms of “wrist”, “skull”, “thorax”, and “foot”, i–1 are ciphertext images of “wrist”, “skull”, “thorax”, and “foot”, m–p are ciphertext histograms of “wrist”, “skull”, “thorax”, and “foot”

Full size image

4.5 Correlation of two adjacent pixels

The correlation between adjacent pixels reflects the quality of the algorithm’s scrambling effect [38]. The lower the correlation between adjacent pixels in a ciphertext image generated by a good encryption algorithm, the better the scrambling effect of the algorithm. We analyze the correlation between adjacent pixels in the horizontal, vertical and diagonal directions of the image. The correlation coefficient formula is described as follows:

$$ C = \frac{{\sum\nolimits_{i = 1}^{N} {\left( {x_{i} - \frac{1}{N}\sum\nolimits_{i = 1}^{N} {x_{i} } } \right)} \left( {y_{i} - \frac{1}{N}\sum\nolimits_{i = 1}^{N} {y_{i} } } \right)}}{{\sqrt {\sum\nolimits_{i = 1}^{N} {\left( {x_{i} - \frac{1}{N}\sum\nolimits_{i = 1}^{N} {x_{i} } } \right)^{2} \times \sum\nolimits_{i = 1}^{N} {\left( {y_{i} - \frac{1}{N}\sum\nolimits_{i = 1}^{N} {y_{i} } } \right)^{2} } } } }} $$
(47)

Among them, x and y are the gray levels of two adjacent pixels in the image, and N represent the total number of pixels in the image. In this test, we randomly select 7500 pairs of adjacent pixels, and analyze the correlation between adjacent pixels in the plaintext grayscale image and the ciphertext image from three directions. Figures 14 and 15 show the correlation analysis of neighboring pixels of the proposed scheme. It can be seen that the pixel correlation distribution of the ciphertext image is relatively uniform. In terms of numerical analysis, the comparison results of the proposed scheme with other schemes are shown in Table 4. Observations show that the adjacent pixel correlation of the encryption algorithm in this paper is closer to 0, which is obviously better than the comparison algorithm. This shows that the proposed scheme effectively removes the correlation between adjacent pixels in the image and has better resistance to statistical attacks.

Fig. 14
figure 14

The correlation plots of “wrist” image: a horizontal corre-lation of plain-image, b horizontal correlation of cipher-image, c horizontal correlation of decrypted image, d vertical correlation otplain-image, e vertical correlation of cipher-image, f vertical cor-relation of decrypted image, g diagonal correlation of plain-imagc, h diagonal correlation of cipher- image, i diagonal correlation ofdecrypted image

Full size image
Fig. 15
figure 15

The correlation plots of “foot” image: a horizontal correlation of plain-image, d horizontal correlation of cipher-image, g horizontal correlation of decrypted image, b vertical correlation olplain-image, e vertical correlation of cipher-image, h vertical correlation of decrypted image, c diagonal correlation of plain-image, f diagonal correlation of cipher- image, i diagonal correlation ofdecrypted image

Full size image
Table 4 Correlation coefficients of the cipher-images
Full size table

4.6 Peak signal-to-noise ratio analysis and ssim

Peak signal-to-noise ratio (PSNR) [41] is the most common and widely used image objective evaluation index. Multiple types of noise attacks will interfere with the pixel values of the original image. In order to measure the image quality after the noise attack, we usually refer to the PSNR value to judge whether the processing process can obtain good results. Its expression is described as follows:

$$ PSNR = 10 \times \log_{10} \left( {\frac{{MAX_{i}^{2} }}{MSE}} \right) $$
(48)

In the formula, \(MAX_{i}\) represents the maximum value of the image color, and 8-bit sampling points represent 255. MSE is the mean square error between plaintext and ciphertext images.

Structure similarity index measure (SSIM) [42] means structural similarity, which is one of the indicators used to measure image quality and is also a full-reference image quality evaluation indicator. It measures image similarity from three aspects of brightness, contrast and structure. Given two images x and y, their structural similarity can be defined as:

$$ SSIM\left( {x,y} \right) = \frac{{\left( {2\mu_{x} \mu_{y} + C_{1} } \right)\left( {2\mu \sigma_{x} \sigma_{y} + C_{2} } \right)}}{{\left( {\mu_{x}^{2} + \mu_{y}^{2} + C_{1} } \right)\left( {\sigma_{x}^{2} + \sigma_{y}^{2} + C_{2} } \right)}} $$
(49)

The range of SSIM is \(\left[ {0,1} \right]\), the larger the value, the better the image quality. When the two images are the same, \(SSIM = 1\). Record the SSIM value between the plaintext image and the ciphertext image as \(SSIM\left( a \right)\), and the SSIM value between the plaintext image and the decrypted image as \(SSIM\left( b \right)\). The calculation results are shown in Table 5. It can be seen that the two fusion algorithms proposed in this paper are lossless decryption.

Table 5 PSNR and SSIM for the cipher-image
Full size table

4.7 Differential attack

Differential attack is a chosen plaintext attack, by finding plaintext pairs with specific and non-random properties, changing their pixel values, and comparing the differences according to the different encrypted images generated by the former, so as to obtain the most likely key. Differential cryptanalysis is the most basic method of cryptanalysis, and it is also one of the important indicators to measure the security of a block cipher. The differential attack is mainly evaluated by the value of the Number of pixels change rate (NPCR) [45] and the Unified average change intensity(UACI) [46]. The correlation coefficient formula is described as follows:

$$ NPCR = \frac{1}{{M^{2} }}\sum\nolimits_{i = 1}^{M} {\sum\nolimits_{j = 1}^{M} {D(i,j) \times 100\% } } {\kern 1pt} $$
(50)
$$ UACI = \frac{1}{{M^{2} }}\sum\nolimits_{i = 1}^{M} {\sum\nolimits_{j = 1}^{M} {\frac{{\left| {CI_{1} (i,j) - CI_{2} (i,j)} \right|}}{255} \times 100\% } } $$
(51)

where \(CI_{1} (i,j)\) and \(CI_{2} (i,j)\) denote two ciphertext images after changing pixel values in the same plaintext image. \(D\left( {i,j} \right)\) is defined as follows:

$$ D(i,j) = \left\{ {\begin{array}{*{20}c} 0 & {if\;CI_{1} (i,j) = CI_{2} (i,j)} \\ 1 & {if\;CI_{1} (i,j) \ne CI_{2} (i,j)} \\ \end{array} } \right. $$
(52)

For the password image mentioned in this paper, the NPCR and UACI values are calculated and shown in Table 6 (Theoretical values of NPCR and UACI are 99.6094% and 33.4635% respectively):

Table 6 UACI and NPCR performances
Full size table

4.8 Four classic attack types

Cryptography is a security mechanism used to store and transmit sensitive data. It aims to study how to transmit information safely and confidentially, and can also effectively prevent potential attacks, and is not easy to be stolen, interpreted or tampered with by adversaries. Password attack is a method for attackers to brute force decryption of ciphertext, encryption key and other related encrypted content, aiming to grasp the defects in the encryption algorithm or encryption key, so as to crack the encrypted sensitive data and reduce the security of transportation. In cryptography, there are four classical types of attacks [50]:

  • 1. known plaintext attack(KPA): The attacker knows the given plaintext and the corresponding ciphertext, which can be any non-empty subset (Known plaintext pairs), to derive the key and encryption algorithm.

  • 2. Chosen plaintext attack(CPA): In addition to knowing the encryption algorithm, the attacker can also arbitrarily obtain the plaintext and the corresponding ciphertext that he thinks is beneficial to the attack, and the target is the pushout key.

  • 3. Ciphtext only attack(COA): The attacker knows part of the ciphertext and the encryption algorithm, and uses all the keys to analyze these ciphertexts in turn. In general, the attacker uses brute-force to finally find out the plaintext or the key.

  • 4. Chosen ciphertext attack(CCA): Knowing the decryption algorithm, the attacker can choose any ciphertext and obtain the decrypted plaintext, and the target is the pushout key.

In 2012, Xingyuan Wang [51] put forward the conclusion: Obviously, chosen plaintext attack is the most powerful attack. If a cryptosystem can resist this attack, it canresist other types of attack. In the dynamic diffusion phase of the encryption algorithm proposed in this thesis, we use the plaintext information \(\sigma\) to generate the control parameters required to control the diffusion operation. This makes the diffusion operation associated with the plaintext image, which means that even if the plaintext image changes slightly, the diffusion process in the encryption algorithm will have different diffusion results, which is sufficient to resist the chosen plaintext attack. Therefore, the encryption algorithm proposed in this thesis has extremely high security and can effectively resist the above four attacks.

4.9 Anti-noise test analysis

In practical applications, digital images are usually affected by noise when they are broadcast on communication channels [52]. In order to test the noise resistance of the improved scheme in this paper, it is assumed that the encrypted image is affected by salt and pepper noise with densities of 0.05, 0.1, 0.15, and 0.2, and the corresponding decrypted image is shown in Fig. 16. It can be seen from the figure that the different decrypted images are noisy, but the important information of the original image can still be distinguished, so it can be concluded that the improved scheme can resist noise attacks.

Fig. 16
figure 16

Anti-noise test analysis: The first row are the “wrist” decryptimages with 0.05, 0.10, 0.15 and 0.20 salt and pepper noise respec-tively. The second row are the “skull” decrypt images with 0.05, 0.10.0.15 and 0.20 salt and pepper noise respectively. The third row arethe “thorax” decrypt images with 0.05, 0.10, 0.15 and 0.20 salt andpepper noise respectively. The forth row are the “foot” decrypt imageswith 0.05.0.10, 0.15 and 0.20 salt and pepper noise respectively

Full size image

4.10 Cropping attacks analysis

The image encrypted by chaotic system has good encryption effect, which makes the attacker unable to obtain effective information. Therefore, the attacker may break the integrity of the encrypted image [53], so that the receiver cannot decrypt the original image smoothly. Therefore, it is particularly important to know whether the encryption scheme has the ability to resist the shearing attack. In this thesis the encrypted image is cropped by the size of \({1 \mathord{\left/ {\vphantom {1 4}} \right. \kern-0pt} 4}\) and \({1 \mathord{\left/ {\vphantom {1 3}} \right. \kern-0pt} 3}\) of the original image, and the pixel value after cropping is set to zero, and the decryption results are shown in Figs. 17 and 18. By observing the quality of the decrypted image, it can be seen that the algorithm can effectively resist the cropping attack and recover the original image to a certain extent, so that the receiver can still identify the approximate content of the original image.

Fig. 17
figure 17

Cropping attacks analysis: a–d as the “wrist”, “skull”, “chest”, “feet” plaintext image, e–h for cutting a quarter of the “wrist”, “skull”, “chest”, “feet” ciphertext image, i–l for cutting a quarter of the “wrist”, “skull” “chest” “feet” decrypted image

Full size image
Fig. 18
figure 18

Cropping attacks analysis: a–d as the “wrist”, “skull”, “chest”, “feet” plaintext image, e–h for cutting a third of the “wrist”, “skull”, “chest”, “feet” ciphertext image, i–l for cutting a third of the “wrist”, “skull” “chest” “feet” decrypted image

Full size image

4.11 Complexity analysis

The size of the plaintext image used in this paper is \(M \times N\) and let n indicate the quantity of pixels inside the image. The complexity of the encryption algorithm proposed in this paper can be calculated by the operations discussed below. These operations include generating pairs of horizontal and vertical coordinates in a chaotic exchange table, dynamic rotation scrambling, index scrambling, filtered diffusion, and dynamic diffusion. The complexity of generating the horizontal and vertical coordinate pairs in the chaotic exchange table is \(O\left( {2n^{2} } \right)\). Dynamic rotation scrambling consists of two parts: intra-block scrambling and inter-block scrambling, and its complexity is \(O\left( {4n^{2} } \right)\). The complexity of indexed disruption, filtered diffusion and dynamic diffusion are \(O\left( n \right)\), \(O\left( {n^{2} } \right)\) and \(O\left( {3n} \right)\) respectively. Therefore, the overall complexity of the image encryption scheme proposed in this paper is \(O\left( {4n + 7n^{2} } \right)\), which is far less than the \(O\left( {78n^{2} } \right)\) in the literature [54].

4.12 Time cost analysis

The time cost analysis [55] is usually the time required to test a real encryption/decryption run of an algorithm in a simulation platform. Because it can theoretically prove the feasibility of the proposed image encryption algorithm in efficiency, the analysis of the time cost of the encryption algorithm has become one of the important indicators to measure the performance of the encryption algorithm. A good encryption algorithm should take as little time as possible. Table 7 presents the comparison of the encryption time. Through the comparison, it can be concluded that the proposed encryption algorithm requires less time overhead.

Table 7 Time cost analysis
Full size table

5 Conclusion

This paper proposes a dynamic rotation medical image encryption scheme based on improved Lorenz chaos, the improved Lorenz chaotic system has a wider range of chaotic parameters and better chaotic characteristics. It is further proved that the improved chaotic system can be used as an encryption key generator by proposing a dynamic round-robin scrambling and double-diffusion algorithm. In the proposed dynamic rotation scrambling algorithm, the pixel exchange threshold is added, which can effectively improve the scrambling effect. The combination of filter diffusion and dynamic diffusion ensures the security of medical image encryption algorithm. Experimental simulation and performance analysis show the effectiveness of the proposed encryption scheme. The shortcoming of this paper is that the test results of UACI are not close enough to the ideal value. The future work includes three aspects: First, on the premise of ensuring the parameter range of the improved Lorenz chaotic system, different from other improved chaotic algorithms, a new hyperchaotic Lorenz chaotic system will be proposed. Second, the existing dynamic round-robin scrambling algorithm is simplified to improve the scrambling efficiency. Third, an efficient diffusion algorithm will be proposed and combined with the chaotic system, so as to effectively reconcile the difference between two ciphertext images encrypted from the same plaintext image. So as to improve the NPCR, UACI and other performance analysis test results, so that the test results are closer to the ideal value.