Received 17 November 2022, accepted 8 December 2022, date of publication 16 December 2022,

date of current version 19 January 2023.

Digital Object Identifier 10.1109/ACCESS.2022.3230096

An Integrated Image Encryption Scheme

Based on Elliptic Curve
IJAZ KHALID 1 , TARIQ SHAH 1 , SAYED M. ELDIN2 , DAWOOD SHAH 1,

MUHAMMAD ASIF 3 , AND IMRAN SADDIQUE4

1 Department of Mathematics, Quaid-i-Azam University, Islamabad 45320, Pakistan
2 Centerof Research, Faculty of Engineering, Future University in Egypt, New Cairo 11835, Egypt
3 Department of Mathematics, University of Management and Technology, Sialkot 51310, Pakistan
4 Department of Mathematics, University of Management and Technology, Lahore 54770, Pakistan

Corresponding author: Muhammad Asif ([email protected])

This work was supported in part by the Research Center of the Future University in Egypt, 2022.

ABSTRACT Due to the extensive demand for digital images across all fields, the security of multimedia
data over insecure networks is a challenging task. The majority of the existing modern encryption schemes
are merely developed that ensure the confidentiality of the image data. This manuscript presents a new
image encryption scheme that ensures confidentiality, user authentications, and secure key sharing among
the communicating parties. Initially, the users share a secret parameter using Diffie-Hellman over the
elliptic curve and pass it through SHA-256. Afterwards, the proposed scheme uses the first 128-bits for the
confidentiality of the data, while the remaining 128-bits are for authentication. In the encryption algorithm,
the confusion module is achieved by affine power affine transformation. At the same time, the diffusion
module is attained through highly nonlinear sequences, which are generated through the elliptic curve.
Experimental testing and the latest available security tools are used to verify the effectiveness of the proposed
algorithm. The simulation findings and the comparison of the proposed scheme with the existing image
encryption techniques reveal that the suggested scheme offers a sufficient degree of security. Furthermore,
the outcome of the simulation results divulges several advantages of the proposed scheme, including a large
key space, resistance to differential attacks, high efficiency, and strong statistical performance.

INDEX TERMS Image encryption, S-box, elliptic curve cryptography, affine power transformation.

I. INTRODUCTION consultations from medical specialists anywhere around the

The transmission of multimedia information, such as dig- globe. So, in this case, integrity and confidentiality violation
ital images, audio data, and video, via various networks are very dangerous for the patients. Similarly, a secure image
significantly increased due to the rapid development in net- transmission technique over the open network is also required
work evolution. However, mostly the data transmission pro- for criminal investigations. The government domain needs to
cedures occurred through unsecured networks. Therefore, ensure the secrecy and integrity of the data in order to avoid
there is a chance that information might be lost, intercepted injustice. So, the security of digital image data has become
(i.e., copied and distributed illegally), and can be altered mali- a growing source of worry. Due to the inherent properties of
ciously [1], [2], [3], [4]. Over the internet, the digital image the digital image, high correlation among the adjacent pixels
is an essential source for data communication. For instance, and the quantity of data, the standard cryptographic tech-
in the medical field, images are used for visualizing different niques such as data encryption standard (DES) and advanced
analyses and diagnoses. These analyses are transmitted in encryption standard (AES) algorithms are not suitable for
the form of images. The patients use these images and get digital image encryption. Therefore, various cryptographic
techniques are presented in the literature for secure multime-
The associate editor coordinating the review of this manuscript and dia data over the open network. The properties of a nonlinear
approving it for publication was Yilun Shang. dynamical system, sensitivity to initial conditions, ergodicity,

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
VOLUME 11, 2023 5483
 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

mixed characteristics, convenient algorithmic description, data integrity, and the symmetric algorithm is used for data
and high complexity are beneficial for cryptographic appli- confidentiality. The confusion and diffusion module of the
cations. Since hyperchaotic maps produce more randomness symmetric encryption is achieved by using simple opera-
than chaotic systems, therefore these are more suited for tions that provide optimum security with less computational
image encryption applications. Different scholars have pre- effort. Furthermore, the security performance of the scheme
sented numerous schemes based on hyperchaotic systems. is thoroughly analyzed using the available tools. The resultant
In [7], a four-dimensional (4D) hyperchaotic algorithm is output demonstrates the scheme’s efficiency compared to the
suggested. In the recommended work, the scheme creates key existing scheme.
stream and controls parameters that are used to shift rows The remaining manuscript is organized as follows: The
and columns of the image. In [8], suggested a 2D compound basic notation of EC is provided under Section II of this work.
homogeneous hyperchaotic system that performed permuta- A detailed description of E-ECIES introduces in section III.
tion of pixels. However, the proposed work is vulnerable to Sections IV, V and VI, evaluate the nonlinear component and
chosen plaintext attacks [9]. To address this flaw, plaintext the simulation results of proposed symmetric encryption and
was correlated with the stream of the chaotic key in the gen- their analysis for RGB images. The manuscript is concluded
eration of the final encryption key. The stream derived from in section VII.
the hyperchaotic sequences improved the security against
the chosen-plaintext attack [10]. Elliptic Curve Cryptography II. PRELIMINARIES
(ECC), which is based on algebraic geometry, is a crypto- ECC is an asymmetric or public key method based on the
graphic technique for power-constrained devices. ECC has algebraic structure of elliptic curves. Koblitz and Miller [28],
recently been used for image encryption applications. RGB [29] introduced its application in cryptography in 1985. The
image encryption based on ECC is investigated in [13]. The ECC offers a comparable level of security to traditional asym-
presented scheme utilized DNA encoding and decoding for metric cryptosystems like RSA but with noticeably reduced
RGB image encryption and decryption followed by ellip- key sizes. This section consists of essential preliminaries and
tic curve Diffie Hellman. The algorithm presented in [14], their related results presented in Washington and Galbraith
employed a cyclic group of an elliptic curve with the com- [26]. An elliptic curve over a finite field Fq is defined as.
bination of chaos. Consequently, it increased the key space
Ea,b
n
of the suggested scheme. Similarly, the image encryption (x, y) :x, y ∈ Fq × Fq :ϒ 2
F = {∞} ∪
q
based on chaos with the elliptic curve ElGamal is presented o
in [15]. The suggested work compressed the plain images and = x 3 + ax + b mod q (1)
enhanced the complexity of the 4-D cat map. Subsequently,
the encryption is executed by EC-based asymmetric encryp- where both a and b are the parameters of EC, with the
tion. Likewise, the author designed a hybrid multilayered condition that is 4a3 + 27b2 6= 0. Otherwise, the EC is
mathematical model for colour image encryption presented said to be singular. All the points Ea,b
Fq , that has a specific
in [5]. In [26], Bellare and Rogaway introduced a hybrid sort of addition law from an abelian group with the neutral
cryptographic architecture named Elliptic Curve Integrated element ∞, called the point of infinity.
Encryption Scheme (ECIES). The ECIES is a pair of key-
derivation functions, a symmetric key encryption algorithm, A. ELLIPTIC CURVE ARITHMETIC OPERATION
and a MAC algorithm. Since the message is sometimes dif-
The following mathematical equation governs an elliptic
ficult to encode in the points of the curve, so challenging
curve over a finite field. Let P1 = (x1 , y1 ) and Q1 = (x2 , y2 )
to encrypt; contrastingly, one can easily encrypt any mes-
are the two points of the elliptic curve such that P1 6 = Q1 ,
sage using a symmetric-key scheme of ECIES. This is a
then the addition of P1 and Q1 compute using the following
significant advantage of ECIES over the Massey-Omura and
mathematical formula.
ElGamal public-key approaches [26]. In [27], the author pre-
sented a technique for medical image encryption based on the
R = P1 +Q1 = (x3 , y3 ) (2)
improved version of ECIES. In the suggested work, the author
identified some flaws and weaknesses in the EC Hill-Cipher-
based image encryption and improved the security parameter where, x3 = ς 2 − x1 − y1 mod p y3
using IECIES. However, the computational complexity of the
suggested scheme is slightly increased due to the serval time x3 = ς (x1 − x3 ) − y1 mod q (3)
of scalar multiplication of the curve points. y2 − y1
ς= mod p (4)
In view of the shortcomings above, we proposed a novel x2 − x1
integrated image encryption algorithm. The proposed scheme
consists of a secure key exchange protocol, hash algo- If P1 and Q1 are the same points (That is, P1 = Q1 ) then the
rithm, and symmetric key algorithm. The exchange proto- point doubling calculation is defined as:
col is used for the communication of secret keys among
the communicating parties. The hash function is used for 2Q = (x30 , y03 ) (5)

5484 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

where, the elliptic curve over the finite field Fq such that the discrete
log problem for EC(Fq ) is difficult, and he picks a point p
x30 = ξ 2 − 2x1 mod p, on EC that is generally of big prime of order N. He then
y03 = ξ x1 − x30 − y1 mod q


(6) calculates the public key PB = mp using a secret number m.
3x 2
−a The public key parameter of user B is {F q , EC, N , p, PB ),
ξ= mod q (7) while the private key of user B is m. The following steps are
2ϒ
computed to transmit the data between user A and user B.
In addition to scalar point multiplication, multiple point addi-
tion is carried out.
A. USER A COMPUTATION
MQ1 = Q1 + Q1 + Q1 . . . .M times (8) • Choose a secret key nA ∈ [1, q − 1].
• Computed the public key PA = nA G with timestamp TO A.
The following Hass’s inequality theorem calculates the car- • A A
Compute the P1 = n P . B
dinality of points on the EC. • Create a random initialization vector V with the incre-
ment of the prime number for every block of message.
B. THEOREM 1 • Compute the Hash and extract the symmetric key; the
Let Ea,b
p over finite field Fq . Then the cardinality (order) of mathematical description of the hash function is given
Ea,b
q should be satisfy below.

q + 1 − 2 q ≤ Ea,b
√ √
 
q ≤q+1+2 q (9) Hash PA (x ⊕ y) , PA1 , V = H1 = K1 ||K2

• Compute the proposed symmetric key encryption func-

C. ELLIPTIC CURVE DISCRETE LOGARITHM
tion with K1
PROBLEM(ECDLP)
Let Ea,b
q be the elliptic curve over the finite prime field Fq , C = EncK1 (M ) and T = (C, K2 )
where p is prime and a, b ∈ Fq . The discrete logarithm
problem for an elliptic curve is defined as given a point Q1 , • Send < H1 , PA , TO
A , T > to user B.

and Q2 on Ea,b
q , to find the positive integer M , if it exists,
B. USER B COMPUTATION
such that Q2 = MQ1 [31].
In response to receiving the message from user A, the user B
generates a new timestamp TO B , and follows these steps:
D. SECURE HASH ALGORITHM
• The user B verifies |TO − TO
B A | ≤ t. If the condition
A category of hash functions is called Secure Hash Algo-
does not hold, user B aborts, or else he sustained. The
rithms (SHA). It was made public by the National Institute
duration of t is a short, predetermined time.
of Standards and Technology (NIST). Applications of SHA
• User B computes PA A
1 = mP using the knowledge of
are predominantly located in integrity security services [30].
private key m.
One of the well-known SHA algorithms is SHA-256, which
• Calculate the Hash(PA 1 , P (x ⊕ y) , V)) = H2 . If H2 6 =
A
generates message digests with 256-bit lengths. The proposed
H1 , when it does not hold, he passes over the ses-
algorithm generates the Hash of key of 256-bit between users
sion. Otherwise, B continues the remaining steps of the
A and B. The first 128-bit is utilized for encryption, while the
protocol.
128-bit length key is used for authentication.
• Generate the symmetric key H2 = K1 ||K2 .
• Computes H2 (C, K2 ) = T1 . If T1 6 = T, user B rejects
III. ENHANCED ELLIPTIC CURVE INTEGRATED
the cipher image; otherwise, continue the protocol steps.
ENCRYPTION SCHEME (E-ECIES)
• Calculate the plan-image M = DecK1 (C), where DecK1 ,
The E-ECIES is used to improve the secret parameter in the
is a symmetric key decryption function. As a part of
negotiation phase. The improvement is made by adding the
user B computation, the second last step involves authen-
initialization vector IV to prevent repeated data encryption.
tication, which is an essential aspect.
The initialization vector makes it harder for the hacker to
detect patterns and break encryption using a dictionary attack.
C. PROPOSED SYMMETRIC KEY ENCRYPTION
Furthermore, the IV must be known by user B in order to
In this section, we proposed a new symmetric key encryption
decrypt the cipher image. There are numerous techniques to
algorithm based on E-ECIES. The symmetric key encryption
make the IV accessible to user B in order to aid in decryption.
algorithm encapsulates the following steps to perform image
However, the IV would be agreed upon prior to communica-
encryption. Initially, the scheme uses secure SHA-256 to
tion in our suggested algorithm for user’s A and B. Moreover,
generate the key using the following mathematical formula.
the symmetric key is extracted using secure SHA-256. The  
detailed process of the E-ECIES is summarized in the below Hash PA (x ⊕ y) , PA1 , V = K1 ||K2
subsection. Let user A want to send a plain image M of size
U × V to user B over the insecure channel. At the initial step where K1 followed by K2 . To perform the encryption
of the protocol user, B first creates his public key by choosing using key K1 the following steps are to be done. For the

VOLUME 11, 2023 5485

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

K1 = 128bit is utilized for the encryption, while the 128bit E. CONFUSION PHASE BASED ON AFFINE POWER AFFINE
of K2 are used for authentication purposes. Initially, the first TRANSFORMATION
four-byte b1 b2 b3 b4 , are utilized for the permutation of the After that, the last four-byte b13 b14 b15 b16 , is utilized for
plain image using affine mapping. The mathematical con- the confusion phase (S-box). To construct the s-box, we use
struction for the permutation of the plan image using affine affine power affine transformation (APA) [32] using the fol-
mapping is defined as. lowing mathematical construction.
p : zm × zm → zm × zm (10) S = F28 → F28 is defined by
p (i, j) = (i0 , j0 ) S = A ◦ P ◦ A0


(11) (22)
i0 = b1 (i) + b2 , j0 = b3 (j) + b4 (12)
Where, A = b13 (x) + b14 , A0 = b15 (x) + b16 are the affine
where b1 , b3 the unit’s elements are zm , while, b2 and b4 , surjection [33]. Where Pis still a nonlinear component, which
are any elements in from zm . The i0 and j0 , the output of the is to be defined as:
affine transformation, which shows the permuted pixel of the P (x) = x 2
n −2

image.
For n = 8 the power polynomial becomes,
D. DIFFUSION PHASE BASED ON ELLIPTIC CURVE P (x) = x 254 is a bijective permutation using any
PSEUDO-RANDOM NUMBER SEQUENCES primitive polynomial in GF(28 ). Moreover, the elements
The next six bytes b5 b6 b7 b8 b9 b10 b11 b12 is again utilized for b13 , b14 , b15 , b16 ∈ F28 , so we can construct 232 new APA
a,b
the permutation purpose using the elliptic curve parameter S-box represented by Sc,d , with strong algebraic properties.
with the large prime p, which is the concatenation of the last The proposed APA S-box with different parameters is given
two bytes, i.e., p = b11 ||b12 . After the generation of points on in Tables 1 and 2, respectively. Furthermore, we analyzed
each elliptic curve, pick the y-coordinate of the first elliptic the S-box not only by the coordinate functions but also by
curve, i.e., E1Yi , and get the first sequence, namely K1 , simi- evaluating all the security analysis by their component func-
larly, we can compute the K2 , K3 , sequences by choosing the tion and comparing it with excellent literature [17], [18], [19],
y-coordinate of E2Yi , E3Yi , respectively. After that, pick out K1 , [20], [21], [22], [23], [24], [25]. The comparison analysis in
and K2 , and again permute the affine permuted image A and table 4, shows that the proposed new APA S-box has excellent
then bit-xor with K1 , sequence to get AR , where AR , represent algebraic properties and affine equivalent to the AES S-box
the red channel of a permuted image next, choose the K2 , [34]. Meanwhile, the only power permutation, P (x) = x 254 ,
and K3 and permute the A and bit-xor with K2 , to get AG , some vulnerable properties like fixed point and opposite fixed
where AR , shows the permuted image green channel. Finally, are given in Table 3, which improve by the affine parameter
get AB , using the sequences of K3 , and K1 , and bit-xor with chosen by the proposed symmetric key extracted from the
K3 . The mathematical description of the above execution is Hash of the E-ECIES. After the substitution phase, we get
defined as: a cipher image. The flow chart of the proposed E-ECIES is
illustrated in Figure 1.
K1 = E1Yi : Y2 = x 3 + b5 x + b6 mod p (13)
IV. SECURITY ANALYSIS OF THE PROPOSED SYMMETRIC
K2 = E2Yi : Y2 = x 3 + b7 x + b8 mod p (14)
KEY ENCRYPTION
K3 = E3Yi : Y2 = x 3 + b9 x + b10 mod p (15) This section compares our proposed symmetric encryption
algorithm security and performance against the findings of
where the length of each sequence is 1 × mn mod m. The several experiments in [5], [13], [15], [16], [17], [18], [19],
pixel scrambling and diffusion of each layer of the above [20], [21], [22], [23], [24], [25], and [27]. The enhanced
affine permuted image are defined in eq(15) version is subjected to several security analyses to assess
the suggested work randomization and prove its resiliency
A11 = Ar (K1 , K2 ) (16) against various known attacks. We take the substitution per-
AR = K1 ⊕ A11 (17) mutation network (SPN). The permutation phase is achieved
by three different kinds of elliptic curves utilized for the
A21 = Ag (K2 , K3 ) (18) permutation as well, as we add the nonlinear component APA
S-box for the confusion phase. In the APA S-box, the encryp-
AG = K2 ⊕ A21 (19) tion is evaluated by substituting uncorrelated encrypted
data for plan image data. Our suggested APA S-boxes are
A31 = Ab (K3 , K1 ) (20)
examined using the standard S-box evaluation criteria in
AB = K3 ⊕ A31 (21) the results and evaluation section, which include nonlin-
earity score(NLS), bit independence criterion(BIC), fixed
Concatenate all the above three-layer (AR , AG , AB ) and get point(FP), opposite fixed point(OFP), autocorrelation(AC)
the permuted image. maximum cycle length (MCL), linear structure(LS), linear

5486 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

FIGURE 1. Flow chart of proposed E-ECIES.

FIGURE 2. (a-d) Plain images of Lena, Apple, Babul-Quaid, Baboon (e-h) Cipher images of Lena, Apple, Apple, Babul-Quaid, Baboon.

and differential branch number(LDBN), linear approxima- While the permutation phase evaluates the diffusion prop-
tion probability(LP), strict avalanche criterion(SAC), and dif- erties, including two effective tools, namely, the number of
ferential approximation probability(DP). Moreover, in other pixels change rate (NPCR) and unified average changing
literature [17], [18], [19], [20], [21], [22], [23], [24], [25], the intensity (UACI). The portable PC with Intel(R) Core(TM)
S-box analysis is evaluated by their coordinate function, but i7-6600U CPU @ 2.60GHz is used to conduct the various
the in our proposed work, we implement all the results on evolution tests using different coloured images. Figure 2,
component functions wel; in the case of n = 8, we examined shows the proposed symmetric encryption algorithm’s plan
2n , Component function by their different S-box analysis. and corresponding encrypted images.

VOLUME 11, 2023 5487

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

A. NONLINEARITY SCORE the output bits ψ a, have the same parity as the input bits
The nonlinearity score of function or S-box, chosen by the mask ψ b. The original Matsui formulation
S = F2n → F2m is represented by NLS(S) and defined states that the linear approximation probability of a given
by [35]. S-box is defined as:
1 6= {a ∈ x | aψ a = s(a)ψ b} 1
NLS (S) = 2n−1 − (|Walsh(u, v)|) LP = maxψaψb6=0, −
2 2n 2
S (u) = v For u ∈ F2n , v ∈ F2m (23) (26)
The NLS proposed S-box is 112, as shown in Table 4. where x is the set of input space and 2n , is the total number
of elements in x. The input-output masks are respectively
B. STRICT AVALANCHE CRITERIA represented by ψ a and ψ b Them.
Webster and Tavares introduced the SAC idea. The strict
avalanche criterion (SAC) is the essential component of the F. FIXED POINT
S-boxes. Informally, an S-box satisfies SAC if one input bit Given an S-box, S = F2n → F2m , the input element x ∈ F2n is
is altered. 50% of the output bits must also be changed [33]. said to be a fixed point (FP) if S (x) = x. The new APA S-box
The mathematical expression of SAC is defined in eq (24). has no FP due to the affine transformation parameter chosen
by the hash value of 128-bit in symmetric key encryption.
S = F2n → F2m In contrast, only the power permutation has 4 FP. The com-
S (x) + S (x + a) is balanced for all a, wt (a) = 1. parison Table 4, shows that the new-APA S-box is on top of
(24) no fixed point like the AES S-box.

C. BIT INDEPENDENCE CRITERION G. OPPOSITE FIXED POINT

The concept of bit-independent creation (BIC) was also Given an S-box, S = F2n → F2m , the input element x ∈ F2n
developed by Webster and Tavares. For any two Boolean is said to be the opposite fixed point (OFP) if S (x) = x̄ [6].
functions fi , fj , of an S-box, if the bit-xor of both functions, The new APA S-box has no OFP.
that is, fi ⊕ fj , is highly nonlinear and satisfies the criterion
of SAC. Then, when one input bit is changed, the correlation H. AUTO CORRELATION
coefficient of each pair of output bits may be extremely
The autocorrelation (AC) of an S-box, which is defined from,
near zero. So, by confirming that fi ⊕ fj (i 6 = j) is holds,
S = F2n → F2m , taken concerning o ∈ F2n denoted by its
we may find out the BIC of the S-box of any two output
polarity form bS, is represented by rbS (o) and defined as:
bits that satisfy the SAC criterion [37]. Table 4, shows the X
performance of the new APA S-box and the comparison with rbS (o) = (−1)S(x)+S(x+o)
excellent existing literature. x∈F2n
X
= S (x) + b
b S(x + o) (27)
D. DIFFERENTIAL APPROXIMATION PROBABILITY x∈F2n
Measurement of differential uniformity is the differential The range of rbS (o) is [−2n , 2n ] for all o ∈ F2n . For any n
approximation probability (DP) of the S-box, which is variable boolean function, the low value of autocorrelation is
defined as expected. The new APA S-box’s auto-correlation value is 32,
DpS (1a → 1b) the same as the AES S-box.
6 = {a ∈ x | S (a) + S(a ± 1a = 1b)}
 
= (25) I. DIFFERENTIAL AND LINEAR BRANCH NUMBER
2m
Given an S-box, S = F2n → F2m The differential branch
where 1a, 1b is the input differential and output differ- number (DBN) is represented by ϕDBN (S) as defined as
ential, which implies that an input differentia 1ai must
precisely map to an output differential 1bi Order to guar- ϕDBN (S)
wt x ⊕ x 0 + wt S (x) ⊕ S(x 0




antee a uniform chance of mapping for each i. According = minx,x 0 ∈F2n ,x6=x 0
to the Performance indexes of the new APA, the average (28)
differential approximation probability is 0.01562. The com-
parisons Table 4, shows that the differential approxima- The linear branch number of the S-box is denoted by
tion probability (DP) of the new APA S-box is better than ϕLBN (S), and defined as:
[17], [19], [20], [21], [22], and [23] and the same as with ϕLBN (S) = min o,B∈F2n ,b
rS (o,B)6 =0 ({wt (o) + wt(B)})
AES S-box.
(29)
E. LINEAR APPROXIMATION PROBABILITY where rbS (o, B) shows the coefficient of autocorrelation.
The linear approximation probability (LP) is the highest The suggested APA S-box the ϕDBN (S) and ϕLBN (S) , is 2,
possible value of an event’s imbalance. The mask chooses as shown in Table 4.

5488 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

3,57
TABLE 1. Proposed APA S-box S233,154 .

FIGURE 3. Histogram of plain image ‘‘Lena’’ and corresponding cipher image histogram.

J. LINEAR STRUCTURE linear structure if = 1. Table 4, shows that the proposed APA
The linear structure of the S-box is examined for its cryptog- S-box has no linear structure and is suitable for cryptographic
raphy importance. It has been noted that attacks that could primitive.
be carried out far more quickly than a thorough key search
can break block ciphers with linear designs [47]. Therefore, V. SIMULATION RESULTS OF ENCRYPTION
in the block cipher, the confusion phase must avoid the linear In this section, we evaluated the simulation results of the sym-
structure. The mathematical expression of the linear structure metric key encryption of different standard images of Lena,
of an S-box is defined as: Apple, Babul-Quaid, and Baboon, to examine the strength
of E-ECIES. The figure 2, shows the plan images listed
f(x) + f(x + a) = C
and corresponding to their encrypted images; from figure 2,
where f(x) ∈ F2n
∀x ∈ F2n and for some a ∈ F2n and shows that the randomization of the encryption scheme is
C ∈ F2 . Then C is called the linear structure of the S- achieved. The image obtained after the encryption process
box. There are two types of linear structure invariant linear reveals its unpredictability, and it is impossible to decipher
structure if C = 0 and the other one is a complementary the plan image without the decryption key. As a result, from

VOLUME 11, 2023 5489

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

FIGURE 4. Histogram of plain image ‘‘Cat’’ and corresponding their Cipher image histogram.

FIGURE 5. Correlation analysis multidirectional (horizontal, vertical, and diagonal) of plain image Lena and corresponding their cipher
image.

the simulation analysis, we identified that the original secret plaintext image. Moreover, the histogram’s distribution was
information could be accurately recovered without any differ- figured out from the cipher image and is relatively uniform,
ence or loss, proving the usefulness and validity of the entire reducing the association between neighbouring pixels and
encryption scheme. preventing the attackers from learning anything. Figure 3 and
Figure 4, illustrate the histogram analysis of the plan images
of Lena and Cat and their encrypted versions of Lena and Cat,
VI. STATISTICAL ANALYSIS respectively.
A. HISTOGRAM ANALYSIS
An image’s histogram can effectively and graphically depict
a digital image’s distribution of grey values. When the dis- B. CHAI SQUARE TEST
tribution of the grey value is more even, it will be more The Chi-square test measures the amount of variation
difficult for the eavesdropper to extract information from the between the original sample data and the theoretical inference
encrypted image through statistical attacks [6]. As such, the value of the statistical samples. Sometimes the visual rep-
histogram of the encrypted image should almost be uniform resentation of the histogram is not sufficient to measure the
while differentiating itself from the one derived from the pixels of the encrypted image. So the quantitative measure of

5490 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

FIGURE 6. Correlation analysis multidirectional (horizontal, vertical, and diagonal) of plain image ‘‘Cat’’ and corresponding
their cipher image.

2,23
TABLE 2. Proposed APA S-box S1,54 .

histogram monotony, we employ the chi-square test analysis. the numerical value of the chi-square test, at the significance
The mathematical description of the chi-square test is as level of 5%, is 293.2478. The test values of the chi-square
follows: analysis of the proposed scheme is shown in Table 5, which
255 ensures that the value of the suggested encryption scheme is
X (ob (fi ) − ex(f0 ))
X2 = (30) not greater than 293.2478. Hence, the proposed method is to
ex(f0 )
i=0 resist Statistical attacks.
(M × N )
ex (f0 ) = (31)
Q
where ob (fi ) is the observed frequency, i (i = o to 255), C. CORRELATION ANALYSIS
while ex (f0 ) is the expected frequency. The value of Q, in In plaintext images, the coefficient correlation between two
our case, is 256. According to the chi-square distribution, contiguous distinct pixels is typically significant, so a secure

VOLUME 11, 2023 5491

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

TABLE 3. S-box-based on only power permutation p (x) = x254 .

TABLE 4. Comparison of the nonlinear component with the existing algorithm.

TABLE 5. Results of chi square test.

and efficient encryption procedure is needed to minimize this two adjacent pixels is defined as [42]:
correlation. After the encryption procedure for the plaintext
e(x 0 − e(x 0 )(y − e(y))
image, the goal of a low coefficient correlation among the R x 0, y = (32)
D(x 0 )D(y)
p
adjacent pixels should be conducted in the cipher image. The 0 1 X
x0


e x = (33)
mathematical formula for the correlation analysis between N i=1:n i

5492 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

FIGURE 7. Key Sensitivity Analysis: 1st row (a) Original image (b)Encrypt with K1 (c) Encrypt with K2 (d) Encrypt with K3 , 2nd row
(e) Encrypted image (f) decrypt with K1 (g) decrypt with K2 (h) decrypt with K3 .

FIGURE 8. Occlusion Analysis 1st row from (a-h) ‘‘LENA’’ encrypted image with different rate of lose the data, 2nd row from (i-p) Cros- ponding
Decrypted image of ‘‘LENA’’, 3rd row from(a-h) ‘‘CAT’’ encrypted image with different rate of lose the data 4th row from (i-p) Corresponding
Decrypted image of ‘‘CAT’’.

1 X 2
D x0 = (xi − e(xi0 )) close to zero, which ensures that correlation is significantly


(34)
N i=1:n
reduced. Hence, the proposed E-ECIES scheme is not vulner-
able to correlation analysis.
where, x 0 y are the pixels of the plan and cipher image,
respectively. We choose the pixel pairings in the encrypted D. GLOBAL INFORMATION ENTROPY
and plaintext image in the multidirectional: Horizontal, ver-
The global information entropy(GIE), which shows the
tical, and diagonal directions. The above eq (32-34) mathe-
degree of confusion in the image, is one of the key character-
matical formulas was used to get the coefficient correlation
istics of showing the randomness of the image and evaluating
between the cipher image and the associated plaintext image
the encryption method. The following equation was used to
in three directions. Table 6, displays the test results for the
find the information entropy [27].
correlation in three directions between plaintext images and
images after the encryption process. Table 6, shows that Xj
H (m) = − P(mi ) log2 P(mi ) (35)
the correlation of cipher image in multidirectional is nearly i=1

VOLUME 11, 2023 5493

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

FIGURE 9. Noise attacks: 1st row shows, (a) the encrypted image of ‘‘LENA’’ (b) salt & pepper with random noise, (c) salt & pepper with (0.1)
noise. 2nd row shows, (c) salt & pepper with (0.6) noise (d) speckle with random noise (d) speckle with noise (0.001). 3rd- row shows
(d) Gaussian noise (d) Gaussian with 0.4 noise, and (e) Passion noise.

TABLE 6. Correlation analysis of proposed E-ECIES.

where H (m), represent the value of entropy and P(mi ) show images and their corresponding encrypted images are shown
the probability of mi . The theoretical result of the informa- in Table 7. Concluding from the values in the table, following
tion entropy is 8. Much more uncertainty is visible, along encryption, the entropy for each of the above images is close
with the image’s increasing entropy. The more challenging to the ideal theoretical value and utterly different from the
it is for the attackers to extract information from the image, values in the corresponding plaintext image. Considering the
the closer it gets to the optimal value of 8. The entropy entropy values, we conclude that the algorithm proposed here
values of the Lena, Baboon, Babul-Quaid, Cat and Apple performs effectively against the statistical attacks.

5494 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

E. LOCAL SHANON ENTROPY INFORMATION and UACI using the following mathematical equations:
Local Shannon entropy calculates the sample mean of global
NPCR a = µNPCR − ϕ −1 (a)σNPCR
information entropy (GIE) over several non-overlapping and q , !
randomly selected image blocks. It overcomes some weak-
= F − ϕ (a) M×N F + 1
−1 F
(40)
nesses of (GIE) because sometimes, GIE fails to find the true
randomness of the image. We can define the local Shanon −1 a
UACI+a = µUACI − ϕ σUACI


(41)
entropy information by the following mathematical equation:
−1 a
2

UACI a = µUACI + ϕ
−
2 σUACI (42)
Xk H(Si )
Hk,tb (S) =
i=1 k
(36) where, ϕ −1 is the inverse of the cumulative distributive func-
tion(CDF) of the normal standard distribution N(0, 1), µ
where Si (i = 1 . . . . . . , k), are non-overlapping blocks and σ , represent the expectation and variance of NPCR and
with randomly chosen pixels tb, of the cipher image. UACI and a is the significance value of the two encrypted
H (Si ) , represent the global information entropy of images E 0 , E 00 , respectively. Table 10, shows the critical val-
S1 , S2 , S3 , . . . . . . . . . , Sk. For the test, we select k images ues of NPCR and UACI with different significance levels.
and tb pixels and k = 64, tb = 1024. The
range of k = 64, tb = 1024, should be from 2) PSNR, NC AND SSIM
[7.901901305 − 7.903037329], with a significance level of Three important sensitive analyses, Peak Signal-to-Noise
0.05 [50]. Table 8, represents the information on local Shan- Ratio (PSNR), Normalized Correlation (NC), and Structural
non entropy, showing that the cipher images’ results possess Similarity (SSIM), are used to measure the quality and change
true randomness. the values of pixels in images after decryption [43]. The
following formula is used to calculate the value of PSNR
F. SENSITIVITY ANALYSIS
216 − 1
1) DIFFERENTIAL ATTACKS PSNR = 10 × log10 (43)
MSE
The differential attack evaluates an image encryption algo-
rithm’s plaintext sensitivity [24]. Therefore, the encryption where MSE is defined by the following equation
algorithm can extend this influence over the entire encryption Pm Pn 2
j=1 (P (i, j) − E (i, j))
0
i=1
process if we slightly alter the plain image, a desirable image. MSE = (44)
The Number of Pixels Change Rate (NPCR) and Unified M×N
Average Changing Intensity (UACI) are measures of the where P (i, j) , E 0 (i, j) represent the plan and encrypted
ability to withstand the differential attack and are defined as receptively of dimension M × N. The similarity degree is
follows: evaluated by the normalization correlation NC metric.
Pm Pn In addition, this result could be considered a reliable indi-
i=1 j=1 F(i, j) cator of the encryption algorithms’ effectiveness because two
NPCR = × 100% (37)
Pm M Pn× N 0
entirely unrelated images have a correlation coefficient that is
E (i, j) − E 00 (i, j) almost zero. The equation is shown below the computed NC
UACI = i=1 i=1 × 100% (38) value.
255 × M × N
Xm Xn (P (i, j) − E 0 (i, j))
where E 0 (i, j) is cipher image of the original image after the NC = Pm Pn (45)
j=1 P (i, j)
i=1 j=1 2
entire encryption process E 00 (i, j) anther encrypted image i=1
after a one-bit change in plan-image, both the encrypted The structural similarity between two images is evaluated
image put into the above two formulas to get the experimental using the SSIM index. This metric improves on methods like
analysis of NPCR and UACI. Where, F(i, j) is defined as mean squared error (MSE) and conventional PSNR. On sev-
[11], [42], [27]. eral windows of a given image, the SSIM index is calculated.
( As a result, the following mathematical expression provides
1, E 0 (i, j) 6 = E 00 (i, j) the SSIM between two windows, X and Y , of standard size
F (i, j) = (39)
0, E 0 (i, j) = E 00 (i, j) N × N.
(2µx0 µ y0 + b1 )(2σx0 y0 + b2 )
Consequently, the proposed E-ECIES offers excellent resis- SSIM (X , Y ) = 2 (46)
(µx0 + µ2y0 + b1 )(σx20 + σ y2 0 + b2 )
tance to the differential attack. The results NPCR and UACI
measurements in this manuscript and other references are also where µx0 and µ y0 shows the mean values of X and Y ,
shown in Table 9. However, the value in our algorithm for the respectively. σx0 and σ y0 used for standard deviations of X
UACI results is closer to the theoretical value than for any and Y , respectively. The covariance of X and Y is represented
other encryption scheme. As a result, the suggested encryp- by σx0 y0 , and to avoid the value of zero in dominators, the
tion method is useful and efficient for encrypting multimedia coefficients b1 and b2 are used in eq-(46). The comparison
data. Moreover, we also calculated the critical value of NPCR of the plan image with the encrypted image should have

VOLUME 11, 2023 5495

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

TABLE 7. Global entropy information of proposed E-ECIES.

TABLE 8. Local Shanon entropy information.

TABLE 9. Differential analysis.

TABLE 10. Critical values of NPCR and UACI.

low PSNR, NC and SSIM values. Otherwise, the plan and terms of low PSNR, NC and SSIM . Finally, it can be con-
encrypted image show the value of SSIM and NC is 1 and cluded that the E-ECIES is secure against sensitive analysis
a high PSNR value. Additionally, it’s important to note that attacks based on the PSNR, NC and SSIM .
the image after decryption is the same as the plan image.
Table 11, shows the value of PSNR, NC and SSIM of the plan- 3) KEY SENSITIVITY
images cross-ponding their encrypted images. The results in The secret key must be highly sensitive to an encryption tech-
Table 11, ensure that our enhanced scheme performs well in nique for the actual key space to match the theoretical one.

5496 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

TABLE 11. PSNR, NC and SSIM values between plain and encrypted images.

A high key sensitivity means two entirely different encrypted the encrypted colour image with data loss rates of 50% from
and decrypted outputs will arise from slightly modifying the the right and left from the top and below. Similarly, 25% were
secret key throughout the encryption and decryption proce- left and right and from top to bottom. As shown in figure 8,
dures. We generate an original secret key K1 utilizing the after the decryption, the loss rate of 50% and 25% in an
E-ECIES at random and then creating two other secret keys, encrypted image, the corresponding decrypted image keeps
K2 and K3 By modifying one bit in K1 . This process is most of the visual data from the original image. Consequently,
done to determine the sensitivity of the secret keys. The it ensures that the E-ECIES is effective and resists occlusion
original secret key K1 and the modifying keys K2 , K3 by the attacks.
following expression.
K1 = b1 b2 b3 b4 b5 b6 b7 b8 b9 b10 b11 b12 b13 b14 b15 b16 2) NOISE ATTACKS
This section examines how a cryptosystem responds to noise
K2 = b1 b2 b3 b4 b5 b6 b7 b8 b9 b10 b11 b12 b13 b14 b15 b16
during encryption and decryption. Some noise is always
K3 = b1 b2 b3 b4 b5 b6 b7 b8 b9 b10 b11 b12 b13 b14 b15 b16 present when digital images are broadcast across commu-
Figure 7, shows the key sensitivity analysis results attained nication channels. Most of the encrypted digital images are
throughout the encryption process of the E-ECIES. The 1st affected by different noises, and therefore, to investigate the
row of figure 7 shows the original image of Lena and three proposed E-ECIECS, we must check the noise analysis of the
encrypted images encrypted using K1 , K2 and K3 . proposed encryption scheme and ensure that the suggested
In the 2nd row of figure 7, only the original secret key K1 work is noise resistant in such a manner that the digital image
can exactly retrieve the original image. Figure 7, illustrates after decryption algorithm must be understandable for the
how the decrypted results with just a single bit of difference receiver sides. So, to evaluate the E-ECIECS, the encrypted
between K2 and K3 they yield entirely indistinguishable image is anticipated by different kinds of noise with differ-
results. ent densities, namely: Gaussian, Salt, speckle, Poisson, and
Pepper Noise. Major sources of Gaussian, Salt and Pepper,
4) KEY SPACE ANALYSIS and other noise appear in remote sensing images during
The key space shall be sufficiently large to withstand a brute acquisition, including Poor illumination, high temperatures,
force attack. The number of keys employed in the permuta- inadequate transmission, and other factors that can all lead to
tion, diffusion and confusion processes is used to compute the sensor noise, such as electronic circuit noise [43].
key space. The proposed E-ECIES initially utilized b1 b2 b3 b4
for diffusion process, after that b5 b6 b7 b8 b9 b10 b11 b12 used 3) GAUSSIAN NOISE
for the permutation process and again utilized for diffusion, The normal distribution, which is also referred to as the
and the last four bytes b13 b14 b15 b16 is for the confusing Gaussian distribution, has a probability distribution func-
process. The total number of key spaces is 2128 which is larger tion (PDF) equal to that of Gaussian noise. Additive white
than 280 and enough for brute force attacks. Moreover, the Gaussian noise(AWGN) is the most popular name for this
security of E-ECIES is based on the discreet logarithm prob- type of noise [43]. The proper definition of Gaussian noise is
lem at the initial stage of key sharing. Hence, the proposed noise with a Gaussian amplitude distribution. The following
work has a comparatively large key space. mathematical expression describes the Gaussian distribution
of this kind of noise
G. ROBUSTNESS ANALYSIS
1) OCCLUSION ANALYSIS 1 (g − m)2 2
F (g) = √ −e 2σ (47)
Decryption operations for encrypted images delivered across 2π σ 2
communication channels may be ineffective due to data loss
[43]. In this case, the ciphered images are subjected to a where in eq-(47), σ represents the standard deviation, g, m
loss operation known as an occlusion attack to examine the shows the average and gray level of the function. For a
enhanced encryption scheme noise tolerance. Figure 8 shows random variable S of the gaussian, the PDF is expressed by

VOLUME 11, 2023 5497

 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

the following equation. encapsulates. Photon noise offers a lower bound on the mea-
2.
surement error of light since it derives from the nature of
1 (S − u) the signal itself. Any measurement would be prone to photon
PG(S) = √ −e 2σ 2 (48)
2πσ noise even under perfect imaging circumstances, devoid of
any additional sensor-based noise sources of noise (such as
where u and σ represent the mean and standard deviation.
read noise). Figure 9, shows the encrypted images, Lena of
The simulation results of the Lena encrypted image with the
the proposed algorithm, with the addition of Poisson noise
addition of gaussian noise to the decrypted image of Lena in
and corresponding decrypted images, which are still under-
figure 9 are still readable for the receiver side.
standable after the decryption algorithm. As a result, the
proposed E-ECIES are secure against poison noise.
4) SALT AND PEPPER
Intensity spikes, often known as salt and pepper noise, are an
impulsive form of noise. Generally, data transmission failures H. COMPUTATIONAL COMPLEXITY AND RUNNING TIME
are what cause this. Each usually has a chance of less than The asymptotic complexity theoretically approximates the
0.1. The image has a ‘‘salt and pepper’’ appearance because execution time of an algorithm. In general, the asymptotic
the contaminated pixels are alternately assigned to the mini- complexity is denoted by big oh O. This subsection presented
mum or maximum value. The impairment of pixel elements the proposed algorithm’s asymptotic complexity and running
in-camera sensors is the primary cause of the salt and pepper encryption time. We have theoretically analyzed the proposed
noise [43]. The encryption image of the suggested technique, scheme’s encryption and decryption procedure and skipped
Lena, with the addition of Salt and Pepper noise, is shown the preprocessing for secret key exchange. Since the pro-
in figure 9, along with the matching decrypted images that posed scheme is a substitution permutation network, in the
remain readable after the decryption procedure. By The fol- substitution module, each byte is substituted in constant time
lowing expression, compute the PDF for the bipolar impulse O(1). So, the complexity of the overall substitution module is
noise model O(M × N ) for the image of the dimension of (M × N ). More-
 over, the complexity of addition and multiplication modulo
P a for S = a
 n is log(n) and log(n)2 , respectively, and the permutation
PI (S) = P b for S 6 = a (49) module is an affine transformation that consists of addition
and multiplication modulo n. So, the complexity of the per-

0 otherwise

mutation module is Mlog(M ) × Nlog(N ). So, the complexity
5) SPECKLE NOISE of the overall algorithm is M log M 2 ×N log N 2 . Additionally,
A grayscale image’s pixels can be affected by speckle noise, we evaluate the proposed E_ECIES running time using Mat-
a multiplicative noise. It mainly appears in images with lab R2021a. The following specifications apply to the experi-
low brightness levels, such as MRI and Synthetic Aperture mental environments: Windows 10 operating system, Intel(R)
Radar (SAR) images. Before further image processing, such Core(TM) i7-6600U CPU @ 2.60GHz 2.80 GHz and 8 GB of
as object detection, picture segmentation, edge detection, etc., RAM. The proposed method takes 0.2230/sec to encrypt the
image enhancement is essential to reduce speckle noise [45]. standard image Lena of dimension 256 × 256. Comparing the
Figure 9, shows the encrypted images, Lena of the proposed computational complexity and running time of the proposed
algorithm, with the addition of Poisson noise and correspond- E-ECIES with other existing excellent algorithms is shown in
ing decrypted images, which are still understandable after the Table 12. The suggested encryption scheme performed better
decryption algorithm results compared to the [36], [38], [39], and [41] but was less
effective than [40]. For evaluating encryption time, we also
6) POISSON NOISE utilized different images of the same dimensions, 256 × 256.
A random temporal distribution may be used to treat indi- The results are displayed in Table 12.
vidual photon detections as separate, discrete occurrences.
Thus, photon counting is a standard Poisson process. The dis- I. COMPARATIVE ANALYSIS AND DISCUSSION
crete probability distribution describes the number of photons In this subsection, we will compare our proposed encryption
recorded by a specific sensor element across time intervals algorithm with other existing cryptosystems based on EC
using the following mathematical formula. and chose-based mathematical structures [7], [12], [23], [48],
[49], [50], [16], [18], [19], [20], [27], [43]. The comparative
e−γ τ (γ τ )K
Pro (N = K) = (50) analysis and discussion are based on some state-of-the-art
K! differential and statistical analysis mentioned in Table 13.
This is a standard Poisson distribution with a rate parameter We have tested all of these metrics on a standard digital image
γ τ that equates to the anticipated incidence photon count, Lena based on the proposed encryption algorithm. Image
where γ , the expected number of photons per unit of time, encryption techniques based on chaos, presented in [48],
is proportional to the incident scene irradiance [46]. Photon [49], [50], and [51], are complex, have high memory require-
noise is the term for the uncertainty that this distribution ments, and are difficult to implement on modern devices. The

5498 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

TABLE 12. Computational complexity and running time with other algorithms.

TABLE 13. Comparative analysis.

scheme presented [43] is based on the fusion of improved symmetric encryption algorithm with the existing excellent
ECIES and chaotic equations, namely the Hyper chaotic literature.
Lorenz generator (HCLG) and Arnold cat map (ACT). • According to Table 13, the proposed cryptosystem out-
The HCLG was utilized for the confusion module, which performs in the differential analysis compared to other
is unsuitable and involves more mathematical operations. chaotic and EC-based encryption techniques presented
They also did not properly describe the analysis of the con- in [7], [12], [19], [48], [49], [50], and [51] and below
fusion phase. Moreover, the Cat map was utilized for the from [20].
matrix multiplication, which is more expensive. While in • The Entropy information of the proposed encryption is
the suggested encryption scheme, the confusion module is nearly close to the ideal value and shows better results
achieved by the nonlinear component (S-box) followed by from [16], [18], [48], [49], and [50] and nearly below the
the APA transformation. As a result, obtaining the confu- [7], [19], [20], [43] and equal to the [51].
sion by the proposed scheme is less time-consuming than • According to the correlation analysis, the results of the
integrating the confusion and diffusion, which requires more horizontal, vertical and diagonal of the proposed sym-
fusion of EC and chaotic operation. Furthermore, the follow- metric encryption scheme are nearly close to the ideal
ing bullet points give a detailed comparison of the proposed value, which makes sure that the suggested encryption
VOLUME 11, 2023 5499
 I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

scheme would perform better and be resistant to statis- [8] H. Zhu, X. Zhang, H. Yu, C. Zhao, and Z. Zhu, ‘‘An image encryption algo-
tical attacks as compared to other chaotic and elliptic rithm based on compound homogeneous hyper-chaotic system,’’ Nonlinear
Dyn., vol. 89, no. 1, pp. 61–79, Jul. 2017.
curve-based encryption schemes [5], [7], [12], [18], [43], [9] M. Li, K. Zhou, H. Ren, and H. Fan, ‘‘Cryptanalysis of permutation–
[48], [50], [51] and less from the [19], [20], and [49]. diffusion-based lightweight chaotic image encryption scheme using CPA,’’
• The PSNR values of the encrypted versus plan image Appl. Sci., vol. 9, no. 3, p. 494, Jan. 2019.
[10] C. Zhu, ‘‘A novel image encryption scheme based on improved hyper-
and plain versus the decrypted image of the proposed
chaotic sequences,’’ Opt. Commun., vol. 285, no. 1, pp. 29–37, 2012.
symmetric encryption are 7.8536 and ∞, respectively, [11] W. Liu, K. Sun, and C. Zhu, ‘‘A fast image encryption algorithm based on
show better results than other cryptographic algorithms chaotic map,’’ Opt. Lasers Eng., vol. 84, pp. 26–36, Sep. 2016.
presented in [49] and [51] and somehow below from the [12] M. Zarebnia, H. Pakmanesh, and R. Parvaz, ‘‘A fast multiple-image
encryption algorithm based on hybrid chaotic systems for gray scale
[5] and [43]. images,’’ Optik, vol. 179, pp. 761–773, Feb. 2019.
Based on the comparative analysis of Table 13, we can [13] M. Kumar, A. Iqbal, and P. Kumar, ‘‘A new RGB image encryption
see that the proposed symmetric cryptosystem testing find- algorithm based on DNA encoding and elliptic curve Diffie–Hellman
cryptography,’’ Signal Process., vol. 125, pp. 187–202, Aug. 2016.
ings have shown better outcomes than recent chaotic and
[14] A. A. A. El-Latif and X. Niu, ‘‘A hybrid chaotic system and cyclic elliptic
EC-based encryption techniques and give robust security and curve for image encryption,’’ AEU-Int. J. Electron. Commun., vol. 67,
high resistance against state-of-art cryptanalysis. no. 2, pp. 136–143, 2013.
[15] J. Wu, X. Liao, and B. Yang, ‘‘Color image encryption based on chaotic
systems and elliptic curve ElGamal scheme,’’ Signal Process., vol. 141,
VII. CONCLUSION pp. 109–124, Dec. 2017.
In this research, we proposed an elliptic curve integrated [16] S. Farwa, N. Bibi, and N. Muhammad, ‘‘An efficient image encryption
encryption scheme (ECIES) to secure RGB images. In the scheme using Fresnelet transform and elliptic curve based scrambling,’’
Multimedia Tools Appl., vol. 79, nos. 37–38, pp. 28225–28238, Oct. 2020.
initial module, the suggested approach of the symmetric [17] M. Khan and Z. Asghar, ‘‘A novel construction of substitution box for
encryption scheme achieves the aim of diffusion using the image encryption applications with Gingerbreadman chaotic map and
first twelve bytes of the symmetric key of 128-bits. The S8 permutation,’’ Neural Comput. Appl., vol. 29, no. 4, pp. 993–999,
Feb. 2018.
confusion module is accomplished by the affine power affine [18] N. A. Azam, U. Hayat, and M. Ayub, ‘‘A substitution box generator, its
transformation followed by the last four bytes of the sym- analysis, and applications in image encryption,’’ Signal Process., vol. 187,
metric key. A comparison of the proposed encryption scheme Oct. 2021, Art. no. 108144.
with the existing algorithm is presented in Table 13. From [19] U. Hayat, I. Ullah, N. A. Azam, and S. Azhar, ‘‘A novel image encryption
scheme based on elliptic curves over finite rings,’’ Entropy, vol. 24, no. 5,
the table, we can observe that the statistical and sensitivity p. 571, Apr. 2022.
analysis of the proposed algorithm offers excellent security [20] M. I. Haider, A. Ali, D. Shah, and T. Shah, ‘‘Block cipher’s nonlinear
and can withstand common attacks. In light of the results component design by elliptic curves: An image encryption application,’’
Multimedia Tools Appl., vol. 80, no. 3, pp. 4693–4718, Jan. 2021.
in Table 13, our approach may be utilized for secure image [21] A. Javeed, T. Shah, and A. Ullah, ‘‘Construction of non-linear component
transmission and is more valuable when sending RGB images of block cipher by means of chaotic dynamical system and symmetric
to several recipients. group,’’ Wireless Pers. Commun., vol. 112, no. 1, pp. 467–480, May 2020.
[22] N. Siddiqui, A. Naseer, and M. Ehatisham-ul-Haq, ‘‘A novel scheme
of substitution-box design based on modified PASCAL’s triangle and
ACKNOWLEDGMENT elliptic curve,’’ Wireless Pers. Commun., vol. 116, no. 4, pp. 3015–3030,
This work was partially funded by the research center of the Feb. 2021.
Future University in Egypt, 2022. We are very thankful to [23] F. Masood, J. Masood, L. Zhang, S. S. Jamal, W. Boulila, S. U. Rehman,
and J. Ahmad, ‘‘A new color image encryption technique using DNA
Future University Egypt for funding. computing and Chaos-based substitution box,’’ Soft Comput., vol. 26,
no. 16, pp. 1–17, 2021.
[24] F. Artuğer and F. Özkaynak, ‘‘An effective method to improve nonlinearity
REFERENCES
value of substitution boxes based on random selection,’’ Inf. Sci., vol. 576,
[1] L. Liu, Z. Zhang, and R. Chen, ‘‘Cryptanalysis and improvement in a pp. 577–588, Oct. 2021.
plaintext-related image encryption scheme based on hyper chaos,’’ IEEE [25] D. Lambić, ‘‘A new discrete-space chaotic map based on the multiplication
Access, vol. 7, pp. 126450–126463, 2019. of integer numbers and its application in S-box design,’’ Nonlinear Dyn.,
[2] C. E. Shannon, ‘‘Communication theory of secrecy systems,’’ Bell Syst. vol. 100, no. 1, pp. 699–711, 2020.
Tech. J., vol. 28, no. 4, pp. 656–715, 1949. [26] M. Abdalla, M. Bellare, and P. Rogaway, ‘‘The Oracle Diffie–Hellman
[3] F. Ö. Çatak and A. F. Mustacoglu, ‘‘CPP-ELM: Cryptographically privacy- assumptions and an analysis of DHIES,’’ in Proc. Cryptographers’ Track
preserving extreme learning machine for cloud systems,’’ Int. J. Comput. RSA Conf. Berlin, Germany: Springer, Apr. 2001, pp. 143–158.
Intell. Syst., vol. 11, no. 1, p. 33, 2018. [27] M. Benssalah, Y. Rhaskali, and K. Drouiche, ‘‘An efficient image encryp-
[4] F. O. Catak, I. Aydin, O. Elezaj, and S. Yildirim-Yayilgan, ‘‘Practical tion scheme for TMIS based on elliptic curve integrated encryption and lin-
implementation of privacy preserving clustering methods using a partially ear cryptography,’’ Multimedia Tools Appl., vol. 80, no. 2, pp. 2081–2107,
homomorphic encryption algorithm,’’ Electronics, vol. 9, no. 2, p. 229, Jan. 2021.
Jan. 2020. [28] N. Koblitz, A. Menezes, and S. Vanstone, ‘‘The state of elliptic curve
[5] N. Sasikaladevi, K. Geetha, K. Sriharshini, and M. D. Aruna, ‘‘H3 -hybrid cryptography,’’ Designs, Codes Cryptogr., vol. 19, nos. 2–3, pp. 173–193,
multilayered hyper chaotic hyper elliptic curve based image encryption Mar. 2000.
system,’’ Opt. Laser Technol., vol. 127, Jul. 2020, Art. no. 106173. [29] V. S. Miller, ‘‘Use of elliptic curves in cryptography,’’ in Proc. Conf.
[6] Y. Q. Zhang and X. Y. Wang, ‘‘A symmetric image encryption algorithm Theory Appl. Cryptograph. Techn. Berlin, Germany: Springer, Aug. 1985,
based on mixed linear-nonlinear coupled map lattice,’’ Inf. Sci., vol. 273, pp. 417–426.
pp. 329–351, Jul. 2014. [30] R. Guesmi, M. A. B. Farah, A. Kachouri, and M. Samet, ‘‘A novel
[7] L.-L. Huang, S.-M. Wang, and J.-H. Xiang, ‘‘A tweak-cube color image chaos-based image encryption using DNA sequence operation and secure
encryption scheme jointly manipulated by chaos and hyper-chaos,’’ Appl. hash algorithm SHA-2,’’ Nonlinear Dyn., vol. 83, no. 3, pp. 1123–1136,
Sci., vol. 9, no. 22, p. 4854, Nov. 2019. Feb. 2016.

5500 VOLUME 11, 2023

I. Khalid et al.: Integrated Image Encryption Scheme Based on Elliptic Curve

[31] S. D. Galbraith and P. Gaudry, ‘‘Recent progress on the elliptic curve dis- TARIQ SHAH received the Ph.D. degree in mathe-
crete logarithm problem,’’ Des., Codes Cryptogr., vol. 78, no. 1, pp. 51–72, matics from the University of Bucharest, Romania,
Jan. 2016. in 2000. He is currently a Professor with the
[32] L. Cui and Y. Cao, ‘‘A new S-box structure named affine-power-affine,’’ Department of Mathematics, Quaid-i-Azam Uni-
Int. J. Innov. Comput., Inf. Control, vol. 3, no. 3, pp. 751–759, Jun. 2007. versity, Islamabad, Pakistan. His research inter-
[33] P. P. Mar and K. M. Latt, ‘‘New analysis methods on strict avalanche crite-
ests include commutative algebra, non-associative
rion of S-boxes,’’ World Acad. Sci., Eng. Technol., vol. 48, nos. 150–154,
algebra, error-correcting codes, and cryptography.
p. 25, 2008.
[34] J. Daemen and V. Rijmen, ‘‘Reijndael: The advanced encryption standard,’’
J. Softw. Tools Prof. Programmer, vol. 26, no. 3, pp. 137–139, 2001.
[35] C. Carlet and C. Ding, ‘‘Nonlinearities of S-boxes,’’ Finite Fields Appl.,
vol. 13, no. 1, pp. 121–135, Jan. 2007.
[36] Q. Lai, H. Zhang, P. D. K. Kuate, G. Xu, and X. W. Zhao, ‘‘Analysis
and implementation of no-equilibrium chaotic system with application in
image encryption,’’ Appl. Intell., vol. 2022, pp. 1–24, Jan. 2022.
[37] M. Matsui, ‘‘Linear cryptanalysis method for DES cipher,’’ in Proc. SAYED M. ELDIN is currently with the Faculty
Workshop Theory Appl. Cryptograph. Techn. Berlin, Germany: Springer, of Engineering and Technology, Future University,
May 1993, pp. 386–397. in Egypt, on leave from Cairo University after
[38] L. Xu, Z. Li, J. Li, and W. Hua, ‘‘A novel bit-level image encryption nearly 30 years of service at the Faculty of Engi-
algorithm based on chaotic maps,’’ Opt. Lasers Eng., vol. 78, pp. 17–25, neering, Cairo University. He was the Dean of the
Mar. 2016.
Faculty of Engineering, Cairo University, where he
[39] M. Alawida, A. Samsudin, J. S. Teh, and R. S. Alkhawaldeh, ‘‘A new
hybrid digital chaotic system with applications in image encryption,’’ achieved many unique signs of progress in both
Signal Process., vol. 160, pp. 45–58, Jul. 2019. academia and research on the impact of emerging
[40] X. Wang and S. Gao, ‘‘Image encryption algorithm for synchronously technologies in electrical engineering. He was a
updating Boolean networks based on matrix semi-tensor product theory,’’ PI of several nationally and internationally funded
Inf. Sci., vol. 507, pp. 16–36, Jan. 2020. projects. He has many publications in highly refereed international journals
[41] B. Jasra and A. H. Moon, ‘‘Color image encryption and authentication and specialized conferences in the applications of artificial intelligence on
using dynamic DNA encoding and hyper chaotic system,’’ Expert Syst. protection of electrical power networks. He is in the editorial boards of
Appl., vol. 206, Nov. 2022, Art. no. 117861. several international journals.
[42] H. Liang, G. Zhang, W. Hou, P. Huang, B. Liu, and S. Li, ‘‘A novel
asymmetric hyperchaotic image encryption scheme based on elliptic curve
cryptography,’’ Appl. Sci., vol. 11, no. 12, p. 5691, Jun. 2021.
[43] N. Bhosale, R. Manza, and K. V. Kale, ‘‘Analysis of effect of Gaussian, salt
and pepper noise removal from noisy remote sensing images,’’ in Proc.
2nd Int. Conf. Emerg. Res. Comput., Inf., Commun. Appl. Amsterdam, DAWOOD SHAH received the M.Phil. and
The Netherlands: Elsevier, Aug. 2014, pp. 1–15. Ph.D. degrees in mathematics from the Depart-
[44] P. Arulpandy and M. T. Pricilla, ‘‘Speckle noise reduction and image ment of Mathematics, Quaid-i-Azam University,
segmentation based on a modified mean filter,’’ Comput. Assist. Methods
Islamabad, Pakistan. His research interests include
Eng. Sci., vol. 27, no. 4, pp. 221–239, 2020.
[45] S. W. Hasinoff, ‘‘Photon, Poisson noise,’’ in Computer Vision: A Reference coding theory and cryptography.
Guide, vol. 4, 2014.
[46] C. K. Wu and D. Feng, Boolean Functions and Their Applications in
Cryptography. Berlin, Germany: Springer, 2016.
[47] A. Girdhar, H. Kapur, and V. Kumar, ‘‘A novel grayscale image encryption
approach based on chaotic maps and image blocks,’’ Appl. Phys. B, Lasers
Opt., vol. 127, no. 3, pp. 1–12, Mar. 2021.
[48] S. Zhou, X. Wang, Y. Zhang, B. Ge, M. Wang, and S. Gao, ‘‘A novel
image encryption cryptosystem based on true random numbers and chaotic
systems,’’ Multimedia Syst., vol. 28, pp. 95–112, May 2021.
[49] C. M. Kumar, R. Vidhya, and M. Brindha, ‘‘An efficient chaos-based image MUHAMMAD ASIF received the Ph.D. degree
encryption algorithm using enhanced thorp shuffle and chaotic convolution in mathematics from Quaid-i-Azam University,
function,’’ Appl. Intell., vol. 52, no. 3, pp. 2556–2585, 2022. Islamabad, Pakistan, in 2020. He is currently
[50] Z. Bashir, M. G. A. Malik, M. Hussain, and N. Iqbal, ‘‘Multiple RGB
an Assistant Professor with the Department of
images encryption algorithm based on elliptic curve, improved Diffie
Hellman protocol,’’ Multimedia Tools Appl., vol. 81, no. 3, pp. 3867–3897, Mathematics University of Management and Tech-
Jan. 2022. nology, Sialkot, Pakistan. His research interests
[51] Z. E. Dawahdeh, S. N. Yaakob, and R. R. B. Othman, ‘‘A new image include large scale of coding theory, cryptography,
encryption technique combining elliptic curve cryptosystem with Hill information theory, and fuzzy algebra.
cipher,’’ J. King Saud Univ.-Comput. Inf. Sci., vol. 30, no. 3, pp. 349–355,
Jul. 2018.
[52] Y. Wu, Y. Zhou, G. Saveriades, S. Agaian, J. P. Noonan, and P. Natarajan,
‘‘Local Shannon entropy measure with statistical tests for image random-
ness,’’ Inf. Sci., vol. 222, pp. 323–342, Feb. 2013.

IJAZ KHALID is currently a Ph.D. Research IMRAN SADDIQUE is working as a Full Pro-
Scholar with the Department of Mathematics, fessor with the University of Management and
Quaid-i-Azam University, Islamabad, Pakistan. Technology, Lahore, Pakistan. He is a reviewer of
He has been working on an elliptic curve cryptog- several well-known SCI and ESCI journals. His
raphy, since 2018. research interests include artificial intelligence,
fuzzy algebra and soft sets, fuzzy fluid dynamics,
fluid mechanics, lubrication theory, soliton theory,
and graph theory.

VOLUME 11, 2023 5501