Multimedia Tools and Applications (2021) 80:4693–4718

https://doi.org/10.1007/s11042-020-09892-5

Block cipher’s nonlinear component design by elliptic

curves: an image encryption application

Muhammad Imran Haider1 · Asif Ali1 · Dawood Shah1 · Tariq Shah1

Received: 7 March 2020 / Revised: 21 August 2020 / Accepted: 16 September 2020 /

Published online: 1 October 2020
© Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract
Due to less computational effort with strong security, Elliptic curve based cryptographic
architectures are more reliable as compared to the existing cryptographic methods. In this
manuscript, we have introduced an efficient cryptosystem based on elliptic curves for digi-
tal image encryption. The designed scheme is consisting of three steps. Initially, the
system uses the special type of the isomorphic elliptic curves over a prime field and
scrambles the pixel position of the plain image. Consequently, it disperses the intra-
correlation among the pixels of the original image, and capable the scheme to be secure
against statistical attacks. In the next step, the scheme generates multiple S-boxes with
good cryptographic features by using isomorphic elliptic curves. The generated S-boxes
are then used to sub- stitute the scrambled data that produce optimum confusion in the
ciphered data. Eventually, the encryption procedure generates pseudo-random numbers
(PRNs) through the arith- metic operation of the elliptic curves instead of elliptic curve
group law; the operation used in the scheme creates high randomness as a result our
proposed scheme shows high security against classical attacks. The simulation results and
performance analysis divulge that the proposed scheme has excellent encryption
performance with less computational effort, which indicates that the scheme has effective
potential in real-time image encryption application.

Keywords Elliptic curves · Substitution box · Pseudo-random numbers · Image encryption

1 Introduction

Data transmission through any communication channel is a sensitive task securely. Before
transmission, various techniques including substitution box (S-box), chaotic maps in all
three dimensions, and many more are being established to encrypt the digital data
securely. The main source of secure information is lying under the scope of cryptography,
steganogra- phy, and watermarking. The theme behind cryptography, steganography, and
watermarking is to hide information from casual readers. In recent years, rapid
development has been

 Muhammad Imran Haider

[email protected]

1
Department of Mathematics, Quaid-i-Azam University, Islamabad, Pakistan
 2 Multimedia Tools and Applications (2021) 80:4693–4718

increasingly taken place in the field of digital information technology and multimedia
data. With these advances, security has a key factor in sharing secret information which is
not accessible for unauthorized persons. One of the reliable channels for this purpose is an
image as a base, using standard-based cryptosystems. Images itself are very important,
send- ing them in routine or unusual activity regarding personal, institutional, military
circles, medical history, and so on. To ensure the protection of secure image transmission,
various algorithms have been made such as chaotic and logistic based systems [8, 18, 22,
23, 29, 30,
41, 46, 48, 53] and encryption using the elliptic curve (EC) [4, 5, 21, 25, 28, 44, 45].
Elliptic curve based-algorithms are most commonly used to provide more security to the
informa- tion. Here, we shall focus our attention on elliptic curve cryptography (ECC)
using different techniques suggested by many researchers. The first proposed scheme to
employ the elliptic curve as a public key cryptosystem was designed in 1985 by Miller
[37] and independently by Koblitz [27]. Later on, the significant advantages of (ECC) on
which researchers are being attracted, where power consumption or bandwidth and storage
is of prime objective [20]. These aspects enhance our attention to use the elliptic curve as a
foundation for image encryption. Image encryption is the process to convert the original
image in such a way that unauthorized source cannot access to understand without having
secret keys. The digital image is a matrix of numerical values. These values are denoted as
pixels. With the devel- opment of information technologies, digital images are a source of
information, such as medical images, color images. To protect this information is a big
challenge. To consider the characteristic of the digital image, various image encryption
schemes have been designed on the basis of different mathematical structures, including
SCAN-CA [11], circular ran- dom grids [12], Ordered elliptic curve [5], (n, k, p)-Gray
code for image [55], Self-adaptive wave transmission [31], vector quantization and index
compression [13], fractional wavelet transform [8], chaotic theory [33, 40, 54], vector
quantization and index compression [14],
fractional wavelet transform [10, 35] and DNA sequences [30, 48, 52]. The Security per-
formance of the encryption algorithm can be measured based on three parameters such as
Low (L), Medium (M), and High (H). The security of a cryptographic scheme is assessed
below if it is insecure against cryptanalysis attacks. If the cryptographic scheme is
unbreak- able through some of the cryptanalysis attacks, then its security is labeled as
moderate, and finally, whenever it is secure against all kinds of cryptanalysis attacks, then
the scheme is evaluated to be highly secure. Some of the existing cryptographic schemes
and their secu- rity performance have been discussed in [19]. The application of chaos
theory played a significant role in the development of crypto algorithms using substitution
boxes (S-boxes), pseudo-random numbers (PRNs), and permutation maps to enhance
diffusion and confu- sion [2, 8, 9, 29, 39, 41, 46]. Belazi et al. [6] proposed a technique
for the construction of an S-box via a chaotic sin map. The stated technique generates
static S-box with min- imum nonlinearity score 103 and maximum nonlinearity not greater
than 108. Nonlinear dynamical systems are extensively used for multimedia data security
[40]. These systems are further divided into two categories: one dimensional chaotic
systems and high dimen- sional chaotic systems. Since one-dimensional systems consist of
less number of parameters and initial conditions. Therefore, the cryptanalyst can easily
figure out the initial values and parameters used for encryption and decryption.
Accordingly, the encryption schemes based on one-dimensional chaotic maps are
considered insecure. Besides, the high dimen- sional chaotic based cryptosystems have
large keyspace, exceeding dynamical behavior and ergodicity [34, 42, 46]. Thus, the
encryption schemes based on high dimensional are con- sidered more secure than the
scheme based on a low dimensional scheme. However, due to the high computational
Multimedia Tools and Applications (2021) 80:4693–4718
complexity of the high dimensional, chaotic system makes their
 Multimedia Tools and Applications (2021) 80:4693–4718 4
implementation on hardware-software costly. On the other hand, elliptic curves group
struc- tures are much sensitive to input parameters similar to chaos-based structures, but it
ensures more security by comparison with chaos. In [32], the author designed a hybrid
cryptosystem based on AES and elliptic curve cryptography (ECC). The pseudo-random
numbers are gen- erated via EC points whereas encryption keys are achieved by the
implementation of AES to pseudo-random numbers. The stated scheme provides more
security but pseudo-random numbers are based on elliptic curve group law, which
increases the computational cost of the encryption algorithm. The combination of a chaotic
map and cyclic EC are used to design an encryption algorithm in [15]. In this scheme, the
author overcomes the problem of small key-space but is insecure against chosen-
plaintext/known-plaintext attacks [32]. Similarly, an image encryption scheme in reference
[21], generates pseudo-random numbers and S- box using EC, where the generation of S-
box is not possible for each input EC, which is time-consuming. Based on the above
discussion, we have suggested an improved encryp- tion scheme using substitution boxes
(S-box), pseudo-random numbers generator (PRNG), and action of permutation on each
channel of digital image coordinates using elliptic curves over different prime fields. The
proposed S-box depends only on y-coordinates by applying modulo operation of all
isomorphic elliptic curves (IECs) to any fixed elliptic curve over one of the prime fields.
The proposed work is novel in the sense that it gives us a guar- antee to generate a
dynamic S-box. Furthermore, simple arithmetic operations are utilized in the generation of
pseudo-random numbers (PRNs). In our proposed scheme, we use an elliptic curve which
yields a permutation on the field, on which it is defined. So, for any two distinct primes p1,
p2 greater than the dimension of the image, a set of any six ellip- tic curves are chosen.
These elliptic curves are paired in such a way that each pair consists of elliptic curves of
different orders depending on the primes. We organize our work in the fashion that
Section 2 comprises some basic definitions and preliminaries of elliptic curves. In Section
3, we propose an efficient technique to construct S-boxes using isomorphic ellip- tic
curves and present their security performance by evaluating some metrics. The detailed
description of the proposed image encryption scheme based on permutation operation, S-
box, and PRNs are given in Section 4. Moreover, the security analyses results and
computer simulation outputs of the proposed encryption algorithm are examined in
Section 5. At last, comparison and some conclusive remarks are given in Section 6.

2 Preliminaries

General references for this section are Galbraith- [17] and Washington- [50]. An elliptic
curve over a finite field Fp is defined as

E(a,b,p) = {O}∪ {(x, y) : x, y ∈ Fp; y2 = x3 + ax + b modp}

where a, b F p ,p 2, 3 satisfy the equation (27b2 4a3) 0(modp). All points E(a,b,p)
∈ /= + /=
equipped with a special type of addition law, form an abelian group with neutral element
(a,b,p)
O, denoted by E (Fp). Throughout the paper, we refer to an elliptic curve rather than
an elliptic curve over a prime field, otherwise stated.

2.1 Elliptic curve group operations

P ⊕ O = P ; for all P ∈ E(a,b,p) In this section, we describe main operations on the points
of an elliptic curve which can be stated as follows. Let P1 = (x1, y1) and P2 = (x2, y2) be
 4 Multimedia Tools and Applications (2021) 80:4693–4718

any two points lie on elliptic curve E(a,b,p) such that P1 P2. Then the addition P1 P2
/= ⊕ =
R (x3, y3) lies on same EC E(a,b,p).
=
Whereas
(x3, y3) = ((m2 − x1 − x2)modp, m(x1 − x3) −
And y1modp),
y2 − y1
m modp
= x2 − x1

2.2 Point doubling

Let P (x, y) E(a,b,p). Then 2P P P (xr, yr) is given by

r = r ∈ r= ⊕ =
(x , y ) (s 2
2xmodp, s(x x ) ymodp)
= − − −
Whereas
3x2 a
s= +
2y
Theorem 2.1 E(a,b,p) be an elliptic curve over the finite field Fq. Then the order of
E(a,b,p)(Fq) satisfy
√
|q + 1 − #E(a,b,p)(Fq)|≤ 2 q

2.3 The isomorphism between elliptic curves

Definition 2.2 Let (E(a1,b1,p), OE ) and (E(a2,b2,p), OE ) be elliptic curves over the prime
1 1 2 2
field Fp. An isomorphism of elliptic curves
(a1 ,b1 ,p) (a2 ,b2 ,p)
θ :E 1 →E 2

The mapping θ is an isomorphism over F¯p of algebraic varieties such that θ (OE1 ) = OE2
. If there is an isomorphism between1 E(a1,b1,p) and E2(a2,b2,p), then we write
(a1 ,b1 ,p) (a2 ,b2 ,p)
E 1 = E 2

Definition 2.3 Let E(a1,b1,p) be an elliptic curve over Fq . An elliptic curve E(a2,b2,p) over
1 2
Fq is called a twist of E(a1,b1,p), if there is an isomorphism θ : E(a2,b2,p) → E(a1,b1,p)
over F¯q of pointed(a1,b1,p)
1 2 1
that θ (OE1 ) = θ (OE2 ). If(a1,b1,p)
curves, such (a2,b2,p) there is an isomorphism between
elliptic curves E and E over Fq , then E and E(a2,b2,p) of E(a,b,q)
1 2 1 2
are called equivalent twists.

Theorem 2.4 Let p > 2 be any prime integer and r E(a,b,p) r

: y2 = x3 + ax + b is an
(a ,b ,p)
elliptic curve over Fp . Then the twist E (a,b,p)
/= E with a r = t 2 a and br = t 3 b;
∗ ∗
for any t ∈ Fp if and only if t is non-square in Fp .

3 Proposed S-boxes based on IECS

In this study, we show the worth of isomorphic elliptic curves to any fixed EC in the con-
 Multimedia Tools and Applications (2021) 80:4693–4718 4
struction of S-box. In [21], S-boxes are designed using total order relation and y-
coordinates
 4 Multimedia Tools and Applications (2021) 80:4693–4718

of any isomorphic elliptic curve corresponds to a fixed elliptic curve and showed that at
1
most p−2 S-boxes can be constructed. But we utilize all trivial twists of an elliptic
curve over Fp to increase the quantity of efficient, cryptographically strong S-boxes up to
1
( p−2 )2

Definition 3.1 Let E(a,b,p) : y2 = x3 + ax + b be an elliptic curve over a finite field Fp.
Suppose for any (x, y) ∈ E(a,b,p). Define a set

k k k k p p−
2 1
Sy = y : y = t 3y; ∀ t ∈ (F ∗ ) 2 ,k = 1, 2, ...,

Then obviously for each yk ∈ Sy there exists an isomorphic elliptic curve E(a,b,p) to
r r r r
,b ,p) ,b ,p)
E (a such that (xk , yk ) ∈ E (a ; with a r = t 2 a and br = t 3 b; for some tk ∈
∗
(Fp )2 .
Also, for any (x1, y1), (x2, y2) E(a,b,p) with y1 is squared and y2 is square free, which is
∈
given below.
∗
S y1 ∩ S y2 = φ and S y1 ∪ S y2 = Fp

Proposition 3.2 Let E(a,b,p) : y2 = x3 + ax + b be an elliptic curve over a finite field

Fp. Then for any (x1, y1), (x2, y2) ∈ E(a,b,p) with y1 is squared and y2 is square free,
Sy 1 ∩ Sy = φ
2

Proof Suppose Sy1 ∩ Sy2 /= φ. Then there exist u ∈ Sy1 ∩ Sy2 , such that u ∈ Sy1 and
∗
u ∈ S y2 . So, by definition 3.1, u = t 3 y1 and u = t 3 y2 ; for some t1 , t2 ∈ (Fp )2 .
1 2
This
means, t 3y1 = t 3y2. A contradiction, as L.H.S is squared while R.H.S is square free, hence
Sy1 Sy2 1 φ. Furthermore,
2
each element of Sy is lying on one of the elliptic curves,
∩ = (a,b,p)
which are isomorphic to E .

Proposition 3.3 For E(a,b,p) : y2 = x3 + ax + b, the elliptic curve over a finite field Fp
with odd prime p, let (x1, y1), (x2, y2) ∈2 E(a,b,p), where x1, x2, y1, y2 ∈ Fp and x1, y1 are
square and x2, y2 are non-square. Then t x1 /= t 2x2 and t 3y1 /= t 3y2 implies (t 2 x 1 ,t 3 y 1 )
/=
i j i j i i
∗
(t 2 x2 , t 3 y2 ) for all ti , tj ∈ (Fp )2 .
j j

Proof Suppose

t −3t 3y1 = y2 (1)

j i
Implies
(t −1 ti )2 x1 = x2 (2)
j
And
(t −1 ti )3 y1 = y2 (3)
j
Which is not possible as L.H.S of (1) is multiple of squares while R.H.S is non-square.
Similarly, in (2); ti , t −1 are squares. (As inverse, product, any power of square element is
square infinite field).j So, L.H.S of (2) is squared, whereas R.H.S is non-squared.

i j i j
 Multimedia Tools and Applications (2021) 80:4693–4718 4
∗
Hence t 2 x1 /= t 2 x2 and t 3 y1 /= t 3 y2 ; for all ti , tj ∈ Fp 2 .

Corollary 3.4 Let E(a,b,p) : y2 = x3 + ax + b be an elliptic curve over a finite field

Fp, where p > 257 and (x1, y1), (x2, y2) ∈ E(a,b,p) such that y1 is squared and y2 is non-
squared in F ∗. Then there is a substitution box Sy1,y2 such that Sy1,y2 = Sy1 ∪ Sy2 .
p a, a,
 4 Multimedia Tools and Applications (2021) 80:4693–4718

Proof Proof Followed by Propositions 3.2 and 3.3.

Let E(0,b,p) : y2 = x3 + b be an elliptic curve over the prime field Fp, where p ≡
2(mod3) and p > 3. In [50], the number of points on E(0,b,p) are p + 1 including OE
and no repetition occurs in y-coordinate (such that for each yi ∈ Fp , there exists
r
,p)
unique xi ∈ Fp such that (xi , yi ) ∈ E (0,b,p) . Let I = {E (0,b : br = t 3 b; ∀ tk ∈
∗ k
(Fp )2 , k =
1
1, 2, ..., p−2 } be the set of all elliptic curves which are isomorphic to E (0,b,p) . Then for
any two (x1, y1), (x2, y2) E(a,b,p) with y1 is squared and y2 is square-free in the field Fp.
∈
Then by Corollary 3.3, there exist two disjoint sets Sy1 and Sy2 which generate S-box Sy1,y2 ,
0,
for instance Sy1,y2 Sy1 Sy2 . Also, we note that the square element generates sets Sy1 ,
a, = ∪ y2
containing only squared elements while square free points generate sets S having square
free elements. Besides, the same number of sets contains squared and square-free
elements. Since all points of the field Fp appear only once on the y-coordinate of the
elliptic curve E(0,b,p). One can obtain p number of such sets by the proposed technique. In
this collection, half of the sets contain squared elements only and the remaining half
contain square free elements. It follows that either two sets are disjoint or equal in the
collection. To generate
the proposed S-box, we can choose any two disjoint sets in the collection. It is observed
1
that for each set S y1 having squared entries there are p−2 sets, containing square free
elements
in each set. Thus, the total numbers of S-boxes are ( p−1 )2. For instance, the S-box Sy1,y2
2 0,b,p
constructed b the proposed scheme is shown in standard form 16 16 matrix format in
×
Table 1.

4 The proposed encryption scheme

In this section, we have introduced a new color image encryption algorithm. Let the color
image IM×N of dimension M × N × 3, where M and N indicate the width of the image

Table 1 The S-box S85,49

based on the proposed method
0,2,

85 171 138 147 191 40 180 148 49 153 137 118 225 144 134 173
43 37 150 108 94 209 156 175 52 236 26 29 30 187 99 116
28 188 80 14 131 151 115 65 255 60 31 0 9 81 157 234
182 45 55 39 91 93 230 186 244 162 198 89 122 232 57 207
206 203 130 33 181 103 161 5 22 114 211 16 189 11 117 18
250 10 210 245 237 102 125 216 129 36 242 111 185 213 193 58
38 63 6 24 254 167 201 19 34 124 73 35 92 190 4 17
83 112 53 152 179 97 183 87 196 249 88 136 79 195 42 159
109 82 192 71 252 41 238 170 84 141 23 50 239 199 240 98
77 101 142 27 96 132 56 74 123 158 100 200 140 64 253 215
217 48 106 164 154 155 90 160 113 70 176 25 246 44 67 62
66 163 126 166 76 20 3 78 32 227 248 135 68 72 165 178
110 149 243 218 224 12 233 105 139 228 1 168 241 146 222 121
119 107 177 202 127 47 251 204 120 231 226 59 46 15 184 169
 Multimedia Tools and Applications (2021) 80:4693–4718 4
86 220 69 212 54 247 194 145 104 21 197 95 143 221 133 8
172 214 229 75 51 7 219 174 208 205 2 13 235 128 223 61
 4 Multimedia Tools and Applications (2021) 80:4693–4718

and height N of the image respectively. In this work, we denote the color components Red,
Green, and Blue of the image by R, G, and B of M N . Also, in the encryption process all
×
three channels R, G, and B considered as a gray image, each component will be encrypted
independently. The flowchart of the proposed scheme is provided in Fig. 1 while the detail
description is given after the flowchart.
Step 1. Let I be the true color image of dimensions M rows and N columns, with size
M N 3 pixels. Here, 3 represents the intensities of red, green, blue layers. We work
× ×
separately on red, green, blue channels. We choose two primes p1, p2 with p1 > M and
p2 > N and p1, p2 2mod3. For each i 1, 2, ...,M and j 1, 2, ...,N, the pair
≡ = =
(i, j) denotes the coordinate of a pixel location in the image. One can observe the one-
one correspondence between all the pixel positions and ring ZM ZN , where ZM and
×
ZN are finite rings modulo M and N respectively. Therefore, we refer to the
locations of all pixels in an image IM N by simply a ring ZM ZN . Now it is easy to see
××
that y- coordinates of both elliptic curves E(0,α,p1 ) and E(0,β,p2 ) act as permutations on
the set
ZM × ZN . Define a set A = {(E(0,αi,p1 ), E(0,βi,p2 )); with αi = t 3α and βi = s3β , for
∗ ∗
some t ∈ (Fp )2 , s ∈ (Fp )2 }
1 2
Where left component of A is an elliptic curve isomorphic to E(0,α,p1 ) and right com-
ponent corresponds E(0,β,p2 ) over finite fields Fp1 and Fp2 respectively. So, we
introduce some simple notations, we denote ZM ZN ZM N , Sp is symmetric group of all
× = ×
per- mutations over a finite field Fp; y-coordinates of both elliptic curves E(0,αi,p1 ),
(0,βi,p2 )
E
by ep1 and ep2 respectively. Let B = {(ep1 , ep2 ); b ∈ F ∗ , br ∈ F ∗ }. Then clearly,
p1 b b p2 b b p p
e ∈ Sp1 an br , ∈ Sp1 . We now define maps
b,y
y
μ1 : Sp1 × ZM×N −→ ZM×N and μ2 : Sp2 × ZM×N −→ ZM×N
Defined by
μ1(ep1 , (zm, zn)) = (ep1 (zm), zn) (2.1)
b,y b,y

μ (ep2 , (z ,z )) = (ep2 (z ), z ) (2.2)

2 b m n b m n
ep1 (zm, zn) = zm+l if zm ≺ zm+l and zm+l ∈ ep1 ∩ ZM
b b
 Multimedia Tools and Applications (2021) 80:4693–4718 4
Fig. 1 Flowchart of the proposed encryption scheme
 4 Multimedia Tools and Applications (2021) 80:4693–4718

ep2 (zm, zn) = zm+l if zm ≺ zm+l and zm+l ∈ ep2 ∩ ZM The above action of per-
b b
mutation is applied to each color component of the image to scramble the position of
the pixels of the image. Consequently, one can get new components PR, PG and PB . The
scrambled image after the action of permutation is shown in Fig. 2a.
Step 2 In any cryptographic algorithm, the substitution step is an essential part, which
boosts the security strength of the scheme against the chosen plain text attack. In the
proposed scheme, the S-box generated scheme (which we have discussed in section 3)
is deployed, which generates good quality S-box having good cryptographic features.
Subsequently, the obtained S-boxes are then used to substitute the scrambled
components PR, PG and PB of the image (the procedure is the same as AES
substitution). As a result, one can get the substituted components SR, SG and SB . The
ciphered image after substitution is shown in Fig. 2c.
Step 3. There are three classes of random numbers generators, pseudo-random number
generators (PRNGs), true random number generators (TRNGs), and hybrid random
num- ber generators (PRNGs). In cryptography, many security applications like
encryption, protocols make use of Pseudo-random number generators (PRNGs).
Besides, Pseudo- random number generators (PRNGs) are used to create high
diffusion in the pixels of the plain image. Various PRNGs using the elliptic curve have
been established [43, 45]. Most of them have very complex computations due to the
elliptic curve group law oper- ation. In this section, we generate PRNs through fixed
EC using square free elements of
finite field FP . Let E(0,d,P ) \ {O} be an elliptic curve over a finite field FP .Then, for
∗
each square free element t r (> 0) ∈ FP that is t r /= r 2 modp; ∀ r ∈ Fp . There
1
is a non-isomorphic elliptic curve E (0,l,P ) to E (0,d,P ) . Thus, one may have p−2
number of
non-isomorphic elliptic curves to given EC E(0,d,P ). On each curve, the y-coordinates
play a vital role to generate the proposed PRNs. The following algorithm is used to cal-
culate the PRNs.
Select a prime number P with P 2mod3, greater than the length M and width N of
≡
the color image I.
1. Generate an elliptic curve E(0,d,P ), (where d < P 1 is a non-negative integer) over a
−
finite field FP ).
2. Pick y-coordinates of the EC E(0,d,P ) and leaving x-coordinates to reduce the time
complexity of the proposed algorithm for further consideration.
3. Generate a set Sy for each value of EC E(0,d,P ) O by using square free elements in
\ { as y-component lying on the non-
the field FP . each such set Sy consisting of elements
isomorphic elliptic curve. Select a prime pr > P and t with the conditions; pr ≡
2mod3
r
∗
and t ∈ Fp r Generate EC E (0,b,p ) over prime field Fpr . Choose a non-identity element
r
Q ∈ E (0,b,p ) and define a translation map
r r
τQ : E (0,b,p ) −→ E (0,b,p )

Defined by r
)
τQ (P ) = P ⊕ Q; ∀ P ∈ E (0,b,p
Clearly, the map τQ is bijective. The ordering of points is a matter of concern. Pick
only y-coordinates of the imaging set of τQ. Place each set S y , where its first entry
lying in the sequence consisting y coordinates obtained via translation map. Form
a
rectangular box P −1 of height P −1 and width P . Finally, defuse each pixel
S value
Multimedia Tools and Applications (2021) 80:4693–4718 4
P× 2 2
of the color image I by
3
E(R,G,B) (i, j ) = S(R,G,B) (i, j ) + rpr (d, P )( i × j ) = S(R,G,B) (i, j ) + tj yi mod256
 Multimedia Tools and Applications (2021) 80:4693–4718 4
∗
for some tj ∈ FP \ (FP )2

Where S(R,G,B)(i, j) and r(d, P)i×j are (i j)th element of the substituted component S(R,G,B)
×
(i, j). Consequently, one can get the new components ER, EG and EB , then combine
the new components and get the ciphered image, shown in Fig. 2d.

5 Experimental results and comparison

An encryption algorithm is said to be good enough for implementation purpose if it is

thoroughly tested through various security performance tests and satisfies the correspond-
ing criteria. To examine the security performance against various attacks, in this study we
used the color images of Lena, Baboon, Peppers, Deblur, and encrypt these images by the
proposed cryptosystem, shown in Fig. 2. The encrypted images are then analyzed through
various performance tests, which we discuss in upcoming subsection.

5.1 Performance analyses of the generated S-box

In this section, we discuss the experimental results of randomly generated S-boxes based
on the proposed technique. One can examine that the S-boxes generated by the proposed
scheme are very efficient to use for secure communication. Here, we consider some S-
boxes generated by the proposed technique and compare them with some existing S-boxes,
presented in the tables [44, 45].

5.1.1 Nonlinearity (NL)

The key role of an S-box is to create confusion in the data up to the required level to keep
safe from unauthorized people. The non-linearity security test is a metric which calculates
the confusion ability of an S-box over GF(2n), which is defined as below

N(S) = min(ξ, ζ, η){α ∈ GF(2n)| ξ .S(α) /= ζ · α ⊗ η}

Where ξ GF(2n), η GF(2), ζ GF(2n) 0 and ”.” is the dot product over
∈ ∈ ∈ \
GF(2). The upper bound for non-linearity (NL) score of an S-box is 120. It is observed
that an S-box S with the maximum score of non-linearity (that is 120) may not satisfy
the required criteria of other cryptographic security tests [36]. In Table 2, the non-linearity
(NL) criteria of newly design S-boxes by the proposed method and some existing S-Boxes
are given comparatively. It can be seen easily that the newly constructed S-boxes have
greater non-linearity when compare to the elliptic curve-based S-boxes in [5, 21]. The
newly constructed S-boxes have much capability of resistance against linear attack.

5.1.2 Linear approximation probability (LP)

The concept of linear approximation probability test of an S-box is used to calculate the
highest value LP(S) of coincident masked input bits with masked output bits [3]. The
mathematical form of LP test is given in the following

1
{ max (α,β) {#x ∈ GF(2 ) : α.x = β.S(x)}− 2 }
n n−1
LP(S) =
2n
 4 Multimedia Tools and Applications (2021) 80:4693–4718

Fig. 2 Original and Ciphered images: a The original color images of Lena, Baboon, Pepper, and Deblur; b
The Permuted images; c The Substituted images; d The Ciphered images

Table 2 Non-linearity of some existing and proposed S-boxes

313,229 122,179 440,270 114,1
S-box S Ref. Ref. Ref. Ref. Ref. Ref.
0,3,257 S
0,49,599 S
0,49,599 S
0,2,353
[21] [5] [24] [2] [6] [1]

Nonlinearity 107 107 107 107 106 106 103.25 107 105.5 106.25
 Multimedia Tools and Applications (2021) 80:4693–4718 4
Where α GF(2n) and β GF(2n) 0 . A cryptographically strong S-box has the
∈ ∈ \
property that it attains a low score of LP. In Table 3, some of the newly constructed S-
boxes by the proposed technique and their corresponding LP values are listed, which
shows that the S-boxes based on the proposed scheme is suitable for secure
communication against linear approximation attacks.

5.1.3 Strict Avalanche Criterion (SAC)

Webster et al. [3, 51] introduced the concept of strict avalanche criterion. The primary
objec- tive of his test is used to analyze the diffusion creation capability of an S-box in the
data. The strict avalanche criterion indicates the likelihood of change in all yield bits by
applying a single change at an info bit. The mathematical description of SAC of an S-box
is given as follows

1
m(i, j) = [w(S i(x + αj )S i (x))]|α j ∈ GF(2n), w(α j) = 1 and 1 ≤ i, j ≤ n
2
Clearly, m(i, j) are entries of the dependency matrix. If all the entries of the SAC matrix
are lying in the small neighborhood of 0.5, then one can say that the SAC criterion is
fulfilled. The proposed S-boxes Sy1,y2 and their corresponding SAC scores are shown in
0,
Table 3. These results show a clear sign to have enough diffusion capability of the newly
constructed S-boxes. Furthermore, the SAC results indicate the effectiveness of the
proposed S-boxes in comparison with some existing S-boxes.

5.1.4 Bit independence criterion (BIC)

This criterion is also introduced by Webster et al. [3, 51] to examine the inversion of
the plain-text bit p effects the cipher bit r without dependence on each other. This test is
inves- tigated by means of the correlation coefficient. The BIC test of standard S-box is a
square matrix of dimension 16 16. If the entries of the BIC matrix of an S-box are
close to 0.5 then the S-box× is said to satisfy the BIC criteria. The BIC test is applied to the
various pro- posed and existing S-boxes. Our designed S-boxes Sy1,y2 and BIC test
scores are given in Table 3. The average scores of 0,the BIC matrices corresponding to
some newly constructed

Table 3 Comparison of experimental results of the proposed S-boxes with standard S-boxes

S-box SAC BIC LP DP

S313,229
0,3,257 0.499023 0.50635 0.1250000 0.0390620
S122,179
0,49,599 0.493408 0.50628 0.1328125 0.0468750
S440,270
0,49,599 0.495117 0.50691 0.1328125 0.0390620
S114,1
0,2,353 0.499023 0.49665 0.1328125 0.0390620
S397,606
0,9,653 0.504639 0.50216 0.1484375 0.0468750
Ref. [47] 0.506836 0.5017 0.140625 0.03906
Ref. [24] 0.5151 0.4864 0.15625 0.171875
Ref. [46] 0.5095 0.5092 0.1250 —
Ref. [2] 0.4973 0.5052 0.1172 0.0391
Ref. [41] 0.4960 0.4994 0.1094 0.0313
Ref. [8] 0.5001 0.498 0.102 0.0313
 4 Multimedia Tools and Applications (2021) 80:4693–4718

S-boxes are given in Table 3. The scores of the BIC test ensure the resistance of the
proposed S-boxes against common attacks.

5.1.5 Differential Approximation Probability (DP)

The differential approximation probability (DP) of S-box is used to calculate the

differential uniformity and is defined as:
{a ∈ X|S(a) ⊗ S(a ⊗ δa) = δb}
DP(δa →δb) = 2m
This implies that for each an input differential δai, there exists a unique output differential
δbi, thus ensuring a uniform mapping probability for each i. The average value of differen-
tial approximation probability of some proposed S-boxes is listed in Table 3. We conclude
that the results of the DP test of the proposed box are comparable with S-boxes in [2, 8,
41, 46] based on the chaotic map.

5.2 Key Space analysis

One of the main components of a secure cryptosystem is a large key-space. An encryp-

tion algorithm is said to be much secure against brute-force attack or commonly known as
exhaustive key search whenever the set of keys involved in the algorithm has sufficiently
large cardinality. In this proposed scheme, the order, the base fields for elliptic curves,
coefficients of the elliptic curve and translation map are used as secret keys. We analyze
key- space by calculating all keys in each step of the proposed scheme. The detailed
description is given as follows;
1. The permutation operation of the proposed scheme uses six parameters
b1, b2, b3, p1, p2, p3 of length at least 9-bits. Thus, the total precision turns out to be
{
254.
2. The substitution box acquires six parameters t, s, b4, p4, y1, y2 . Each having length
{
not less than 10-bits. So, the total precision turns into 260.
3. The pseudo-random numbers (PRNs) phase requires four secret keys
l, r, b5, b6, p5, p6, Q . The minimum length of each key is 10-bits. The precision of
{
l, r, b5, b6, p5, p6 is 260 and Q has a precision of 220. The total precision is 280.
The total key-space is 25 260 280 2194 , which describes that the keyspace of the
× × = 128
proposed technique is much greater than 2 . Therefore, it is evident that the proposed
cryptosystem is much secure against all kinds of brute force attacks.

5.3 Algorithm complexity

Some of the factors such as Structure of CPU, memory size, image dimension plays a vital
role in the execution of an encryption algorithm. Furthermore, the measurement of an
algo- rithm is a very important part of computer science. An encryption algorithm is
considered to be most efficient in terms of time complexity if completion of task requires
the smallest number of operations. The standard way of expressing the time complexity of
an algorithm using Big O notation. Therefore, the time complexity of our proposed
encryption algorithm is discussed in the following steps.
Step 1: (p2) number of operations are expected to find all solutions of an elliptic curve.
Step 2: (M ×N) number of operations are expected to permute each channel of the image.
 Multimedia Tools and Applications (2021) 80:4693–4718 4
Step 3: (p) number of operations are expected to construct S-box.
Step 4: (p2) number of operations are expected to generate PRNGs.
Step 5: (M × N) number of operations are expected in the final step.
Thus, our proposed encryption algorithm requires O{max(p2,M × N)} bits operations.

5.4 Statistical analysis

5.4.1 Histogram analysis

A histogram is an important tool that measures the total number of pixels having the same
intensity value in the image. A well-designed encryption algorithm can create uniform-
ness in the distribution of the pixels of a ciphered image and is completely different than
the histogram of the original colour image. To observe the resistance of the proposed
encryp- tion technique against statistical attacks, we investigate the histograms of ciphered
images. Figure 3 shows the histograms of the original colour images and corresponding
ciphered images of ‘Lena’, ‘Swat’, and ‘Nature’. The histograms of the ciphered images
have almost uniform distribution and significantly dissimilar from those of the
corresponding original images. Thus, it is revealed that the proposed scheme is highly
resistive against the statistical attacks.

5.4.2 Entropy analysis

The entropy test is used to measure the probability of occurrence and randomness in the
ciphered image. The maximum value of the entropy analysis test for the encrypted image
is 8. The ciphered image I r of the original color image, I is considered to have efficient
encryption if its entropy test gets a high score that is 8. Besides the high entropy, its
encryp-
tion strength is resistant to common attacks. The following mathematical description is
used to compute the entropy
255
EA(I r) p(x) log2( 1= )
p(x)
x=0
[ × ]
p(x) , represents the probability of the happening of the pixel x.
The entropy results of the proposed scheme and some of the existing are given in Table
4. In the table, it can be seen that the results of the proposed scheme are approximately
equal to 8 , which is comparatively better than the result of the existing scheme. So, the
scheme can efficiently resist the statistical analysis.

5.4.3 Contrast

One of the main aspects of the picture quality is the contrast ratio, enabling the viewer to
identify the object in the picture. Contrast analysis (CA) is used to measure the intensity
level of contrast in the neighborhood of pixels in the whole image. If the contrast ratio is
high in the ciphered image, the encryption scheme is said to satisfy the contrast test. The
mathematical representation of the contrast coefficient is given the following
p(i, j)
C=
i
1 + |i −
Where p(i,j) denotes the number of gray level co-occurrence matrices of the image.
 4 Multimedia Tools and Applications (2021) 80:4693–4718

Fig. 3 Histograms of original color images and ciphered images: a The original color images: Lena, Swat
image and Nature image. b The histograms of the original images. c The ciphered images. d The
histograms of the ciphered images

Table 4 Comparison for the

entropy results of the ciphered Images Entropy
images
Proposed Method Deblur 7.9993
Lena 7.9993
Pepper 7.9993
Baboon 7.9993
Ref. [49] Lena 7.9927
Ref. [16] Lena 7.9952
Ref. [49] Lena 7.9927
Ref. [16] Lena 7.9952
Ref. [33] Lena 7.9878
Ref. [51] Lena 7.9971
Ref. [38] Lena 7.9974
 Multimedia Tools and Applications (2021) 80:4693–4718 4
5.4.4 Energy

The energy analysis (AE) of an image is dependent on the gray-levels co-occurrence

matri- ces of the encrypted image. The energy test measures the uniformity in pixel
intensities by calculating the square root of the angular second moment. The following
mathematical equation is used to calculate energy
E= p(i, j)2
i,j

Whereas p(i,j) represents Gray-level co-occurrence matrices (GLCM).

5.4.5 Homogeneity

Images have naturally distributed contents when captured. This analysis is used to mea-
sures the closeness of distributed elements of Gray Level Co-occurrence Matrix (GLCM)
to GLCM diagonal. It is also documented as a gray tone spatial dependency matrix.
Mathe- matically, the look for homogeneity analyses is represented by the equation:

f(i, j)
H ∗=
i j
1 − |i −
The value of contrast is zero for the constant image.
The texture results of the different color images of Deblur, Lena, Pepper and Baboon
via proposed scheme are given in Table 5. The contrast score of each channel of the origi-
nal color image Lena is in between 0.3405 and 0.3946, whereas corresponding scores of
an ciphered image is approximately 10.45, which clearly shows the occurrence of high
change in the intensity of a pixel and its neighbor of the entire ciphered image. The
homogeneity score for ciphered image of Lena is very low. Consequently, it indicates that
GLCM differ- ence is higher. Energy score of Lena original and ciphered images illustrate
the low quantity of recurring pairs, which describes the worth of the proposed encryption
scheme.

Table 5 Statistical analysis of the proposed scheme with some existing techniques

Image Original color Image Ciphered Image

R G B R G B

Our scheme Deblur Contrast 0.1193 0.1210 0.1051 10.4439 10.5109 10.4721
Energy 0.1749 0.2139 0.2606 0.0156 0.0156 0.0156
Homogeneity 0.9484 0.9482 0.9532 0.3905 0.3906 0.3913
Lena Contrast 0.3672 0.3946 0.3405 10.4758 10.4449 10.4788
Energy 0.1391 0.0988 0.1755 0.0156 0.0156 0.0156
Homogeneity 0.8720 0.8706 0.8784 0.3894 0.3894 0.3897
Pepper Contrast 0.4370 0.4520 0.3849 10.5370 10.6502 10.4483
Energy 0.1160 0.1054 0.1425 0.0156 0.0156 0.0156
Homogeneity 0.8576 0.8704 0.8661 0.3891 0.3882 0.3890
Baboon Contrast 0.4116 0.4297 0.4530 10.5565 10.3775 10.4869
Energy 0.0881 0.1021 0.0862 0.0156 0.0156 0.0156
Homogeneity 0.8397 0.8332 0.8265 0.3890 0.3902 0.3895
 4 Multimedia Tools and Applications (2021) 80:4693–4718

5.4.6 Correlation

In the color image, the correlation between the adjacent pixels is high due to their pixel
values are close to each other. The correlation coefficient measures the linearity among
the value of the adjacent pixel in the neighborhood. The main objective of the encryption
scheme is to distort the pixels to get the least correlation among the adjacent pixels along
with horizontal, diagonal, and vertical directions in the image. An image encryption
scheme is robust and healthy enough for security applications if the correlation coefficient
of the ciphered image is near to zero. The correlation coefficient of two adjacent pixels u
and v are represented by the following equation.
ruv = cov(u,
√ v)
D .D
u v

1
cov(u, v) = (uM
— E(u))(v i— E(v))
i
M× i

255
E(u) 1 ui
M×N=
i=1
The experimental results of the correlation test of various plain and ciphered images
along each channel are shown in Table 6. In this paper, it is easy to observe that the
correla- tion of two adjacent pixels of plain images along vertical, horizontal, and diagonal
directions are almost equal to 1. While the correlation coefficient scores along all three
directions of two adjacent pixels in the ciphered images by the proposed scheme are nearly
0. Further- more, the results of the correlation coefficient show that the proposed
encryption scheme is much efficient and resistant against statistical attacks in comparison
to some existing relevant literature (Figs.4 and 5).

5.5 Differential attack

The NPCR (Number of pixel change rate) analysis measure the number of pixel change
rate when one byte is adjusted of the plain image. The NPCR value of a sensitive
cryptosystem when changing original data is close to 100%. UACI mean average intensity
of difference between original color image and cipher image. The increase of UACI
analysis implies the resistance of the cryptosystem against differential attacks increase.
The NPCR and UACI analysis mathematically represented as:
ζ ,ζ B(ζ1, ζ2)
NPCR . 1 1 100%
M×N
=
Where

1 if C1(ζ1, ζ2) = C2(ζ1, ζ2)

B(ζ ,ζ
1 )= 0 if C1(ζ1, ζ2) /= C2(ζ1, ζ2).

1 |C1(ζ1, ζ2) − C2(ζ1, ζ2)|

UACI =M × N 2 × 100%
Table 6 Comparison of correlation coefficient results of the proposed scheme with some existing techniques in three layers

Multimedia Tools and Applications (2021) 80:4693–4718

47
 4 Multimedia Tools and Applications (2021) 80:4693–4718
Image Original color Image Ciphered Image

R G B R G B

Proposed scheme Deblur Vertical 0.9802 0.9819 0.9625 0.0000082 0.0000089 0.0000052
Diagonal 0.9344 0.9320 0.9018 — 0.000035 — 0.000022 0.0000950
Horizontal 0.9604 0.9619 0.9303 0.0000094 0.0000065 — 0.000071
Lena Vertical 0.9802 0.9819 0.9625 — 0.000035 0.0000092 0.0000110
Diagonal 0.9344 0.9320 0.9018 0.0000140 0.0000620 — 0.000037
Horizontal 0.9604 0.9619 0.9303 0.0000052 0.0000043 0.0000058
Pepper Vertical 0.9532 0.9743 0.9527 0.0000300 0.0000220 0.0000860
Diagonal 0.9225 0.9550 0.9053 0.0000230 0.0000640 0.0000340
Horizontal 0.9510 0.9783 0.9509 − 0.000060 0.0000940 0.0000230
Baboon Vertical 0.9570 0.9303 0.9608 0.0000250 0.0000340 0.0000430
Diagonal 0.9299 0.8758 0.9317 0.0000075 0.0000190 0.0000830
Horizontal 0.9600 0.9402 0.9641 − 0.000052 0.0000084 − 0.0000074
Ref. [52] Lena Vertical 0.9803 0.9594 0.9294 0.0203 — 0.0025 0.0006
Diagonal 0.9668 0.9433 0.9099 — 0.0073 — 0.0131 0.0111
Horizontal 0.9813 0.9691 0.9455 0.0092 0.0002 0.0076
Ref. [30] Lena Vertical 0.9682 0.9755 0.9642 0.0031000 0.0001000 0.0022000
Diagonal 0.9377 0.9474 0.9271 0.0007000 0.0017000 0.0007000
Horizontal 0.9651 0.7202 0.9572 0.0049000 0.0054000 0.0053000
Ref. [48] Lena Vertical 0.9508 0.9370 0.9171 — 0.001300 — 0.005100 − 0.007800
Diagonal 0.9259 0.9111 0.8867 — 0.002500 — 0.010300 0.0099000
Horizontal 0.9777 0.9670 0.9496 0.0090000 — 0.002700 − 0.015500
Ref. [7] Lena Vertical 0.9635 0.9648 0.9280 — 0.0141 — 0.0134 — 0.0486
Diagonal 0.8993 0.9075 0.8449 — 0.0464 — 0.0189 — 0.0501
Horizontal 0.9278 0.9278 0.8867 — 0.0362 — 0.0089 — 0.0105
 4 Multimedia Tools and Applications (2021) 80:4693–4718

Fig. 4 Correlation plots of two adjacent pixels of R, G, and B channels of the original color image Lena
from the first to third row illustrates: the vertical, diagonal and horizontal adjacent pixels of each channel
respectively
 Multimedia Tools and Applications (2021) 80:4693–4718 4

Fig. 5 Correlation plots of two adjacent pixels of R, G, and B channels of the ciphered Lena image: from the
first to third row illustrates the vertical, diagonal and horizontal adjacent pixels of each channel,
respectively

Where C1(ζ1, ζ2) and C2(ζ1, ζ2) represent the original image and one-pixel change image.
Table 7 shows the result of NPCR and UACI analysis of the proposed and previous
cryptosystems. From Table 7, we can see that the proposed algorithm illustrates good
performance that would resist differential attacks.
 4 Multimedia Tools and Applications (2021) 80:4693–4718

Table 7 Comparison of NPCR and UACI analysis results of the proposed scheme with some existing
techniques

NPCR% UACI% Average

R G B R G B

99.980 99.976 99.983 36.9809 30.0386 33.7423 33.5872

Proposed scheme 99.979 99.985 99.982 33.4044 33.7832 35.6901 34.2925
99.981 99.982 99.977 33.7500 32.4338 33.1319 33.1052
99.970 99.979 99.974 34.4991 35.0323 34.3105 34.6140
Ref. [21] 99.5964 (Gray Image) 33.4762 (Gray Image) —-
Ref. [52] Lena 99.653 99.652 99.651 33.4572 33.4715 33.4715 33.4384
Ref. [30] Lena 99.650 99.644 99.662 33.4462 33.4131 33.4399 33.4330
Ref. [48] Lena 99.630 99.602 99.601 33.60 33.30 33.40 —

5.6 Robustness analyses

In this section, we investigate the performance of the encryption-decryption algorithm

with noises. During transmission, some sort of noises creates distortion/errors in
multimedia data via the communication channel. Therefore, to send the ciphered image
through the commu- nication channel, some noises are added to examine the efficiency of
the decryption of the proposed scheme, which are briefly discussed as under.

5.6.1 Noise analyses

Impulsive or fat-tail distribution is usually known as salt and Pepper noise. An image with
salt and Pepper noise degrades the dark and bright regions by sudden and sharp
disturbances. Consequently, it is scattered randomly over the image in the form of dark
and white pixels. This noise is occurred due to bit errors in transmission or during the
conversion of the analog signal to a digital signal. Many techniques/algorithms like non-
local means, block-matching 3D filtering (BM3D), dark frame subtraction and
interpolation are applied to remove such noise. In this study, we added the salt and peppers
and Gaussian noise to the ciphered colour image of Deblur and subsequently decipher the
noisy image ciphered images as shown in Figs. 6 and 7. In the above figures, (a-d) depicts
the noisy cipher images and (e-h) display the decrypted images of the corresponding noisy
images. It can be observed easily from the figures that deciphered images are still
recognizable, even after the existence of noises in the ciphered images. Besides, the UACI,
NPCR, MSE and PSNR and scores are measured among the noiseless decrypted images
and the noisy decipher images, the results are listed in Table 8.

5.6.2 Occluded attack

Due to congestion in the source of communication, some amount of image data may be
occluded during transmission. The efficient cryptosystem should be capable to decrypt the
recognizable image, whenever some portion of the corresponding ciphered image is lost
dur- ing the communication. To examine the proposed encryption scheme against the
occluded attack, we remove various parts from the ciphered images and then decipher
these images
 Multimedia Tools and Applications (2021) 80:4693–4718 4

Fig. 6 Slat and Peppers analysis of Deblur image: a-d Deblur ciphered image with salt and peper variance
0.0005, 0.005, 0.05 and 0.5. e–h corresponding deciphered images

as shown in Fig. 8. Figure 8a–i shows the occluded ciphered images and the correspond-
ing deciphered images are shown in Fig. 8j-q. The resultant deciphered images
demonstrate that the proposed ecryption scheme is capable to preserve the information of
the images, whenever 1 potion of the ciphered image is lost during communications.
2

Fig. 7 Gaussian analysis of Deblur Image: a-d Deblur ciphered image with salt and peper variance 0.0004,
0.0003, 0.0002 and 0.0001. e–h corresponding deciphered images
 4 Multimedia Tools and Applications (2021) 80:4693–4718

Table 8 UACI, NPCR, MSE and PSNR scores of proposed scheme

Noise Attack Proposed Encryption Scheme

Parameters PSNR MSE NPCR UACI

Salt &peppers 0.0005 30.690 71.68 10.61 3.92

0.005 28.965 103.12 15.62 5.61
0.05 25.732 314.22 30.59 9.77
0.5 20.126 587.76 49.98 16.3

Gaussian 0.0004 23.856 409.92 46.21. 12.54.

0.0003 22.687 413.57 46.74 12.87
0.0002 22.976 429.92 47.23 13.654
0.0001 21.562 465.98 48.67 14.021

Occluded Attack 1/16 36.765 20.654 9.761 01.36

1/8 34.932 32.453 15.54 03.15
3/16 32.167 43.654 21.65 06.25
1/4 29.765 55.176 25.76 07.75
5/16 28.564 62.453 30.43 10.43
3/8 26.876 76.987 37.65 13.65
7/16 23.564 88.433 43.87 15.86
1/2 20.543 120.76 49.54 21.76

5.6.3 Peak Signal to Noise Ratio (PSNR)

The quality of signal representation is affected by corrupted noise. Peak signal to noise
ratio (PSNR) is a metric that measures the ratio between the actual power of a signal and
the power of a noisy signal and expressed in decibel unite. Furthermore, it is one of the
tools that assess the quality of the image encryption scheme. We have used a digital image
as an actual signal, and the distortion produced by encryption is termed as the noise in our
study. The higher score of PSNR usually indicates that a negligible amount of data is lost
in the deciphered image and specifies the higher strength of the encryption algorithm. The
mathematical formula for computing PSNR is given by:
255
PSNR 20.log10
= MSE
√ as:
where MSE (mean square error) is defined
M M
1
MSE I(i, j) I r(i, j)
M×N
i=0 j =0
=
where I(i, j), I r(i, j) are the pixel values of the original and ciphered image respectively.

5.7 Comparison and discussion

Most of the researchers have tried to merge improved techniques to eliminate the existing
drawbacks in the previous work. Here, we analyze and give a comparison of the proposed
cryptosystem with some of the recent works including ECC [21]. The comparison is based
 Multimedia Tools and Applications (2021) 80:4693–4718 4

Fig. 8 Occlusion attack: a-h Occluded ciphered images, i–p Deciphered images corresponding to occluded
ciphered images

on some of the evaluation metrics such as entropy, correlation, NPCR, UACI, PSNR and
so on. All these metrics are tested on the digital Lena image by the noted encryption algo-
rithms. The analysis results of the above-mentioned tests are given in tables [18, 20, 22,
37, 44, 45]. It is clear from the tables [18, 20, 22, 37] that the proposed scheme has better
secu- rity performance in comparison to the listed encryption methods. In the schemes
of [21,
 4 Multimedia Tools and Applications (2021) 80:4693–4718

28], the PRN is generated using single EC with core operation. While in the proposed
cryp- tosystem, we used mutually non-isomorphic elliptic curves to compute PRNs.
Accordingly, it has less time complexity to obtain the PRN as compared to [28] having
more operations involved to integrate PRN on EC. Similarly, the analysis of correlation
coefficient scores of each channel along all three directions is better than the other
correlation coefficient scores of some existing encryption schemes listed in the table [37].
This reveals that the proposed image encryption technique has many capabilities of
breaking the correlation among the adjacent pixels of the original color image. Hence, the
proposed scheme has strong resis- tance against common statistical attacks. In addition to
all these, the proposed encryption scheme is better for security application purposes as it is
equipped with a strong dynamic S-box in terms of non-linearity in comparison to the most
recent existing cryptosystems available in [21, 23, 26]. Finally, it can also be observed by
the analyses that the diffusion property of the proposed method is surprisingly much better
in the context of entropy and NPCR security analysis than schemes presented in [18, 45].

6 Conclusion

In the first phase of this article, we constituted S-box through elliptic curves. The newly
obtained S-box has better statistical and algebraic characteristics as compared to the
existing ECC S-boxes. However, in the second stage, we developed an image encryption
scheme based on S-box, pseudo-random numbers (PRN) and permutation using both
group-theoretic aspects (Isomorphic and Non-isomorphic) of elliptic curves, distinguishing
the encryption schemes available in the literature. The y-coordinates of an elliptic curve
followed by modulo 256 play a dynamic role in the proposed scheme. All y-components
of the isomorphic class of a fixed elliptic curve are used to generate multiple efficient S-
boxes. While the same approach as in S-box construction is taken for the generation of
PRNs over the non-isomorphic class of a fixed elliptic curve. Furthermore, various
permutations oper- ations depending on the dimension of the original colour image are
created over the elliptic curves preferably with different finite fields. The proposed
cryptosystem has three main features: One, simultaneous implements permutation
operation independently along each channel of the original color image; two, the
confusion block is generated in the permuted image by dynamic S-box; third, masks the
post-confused image by the proposed PRN. By the futuristic point of view, the proposed
scheme could also be extended to the audio and video data.

Compliance with Ethical Standards The authors declare no conflict of interest

References

1. Abd EL-Latif AA, Abd-El-Atty B, Venegas-Andraca SE (2019) A novel image steganography

technique based on quantum substitution boxes. Opt Laser Technol 116:92–102
2. Abd El-Latif AA, Abd-El-Atty B, Mazurczyk W, Fung C, Venegas-Andraca SE (2020) Secure data
encryption based on quantum walks for 5G Internet of Things scenario. IEEE Trans Netw Serv Manag
17(1):118–131
3. Adams C, Tavares S (1990) The structured design of cryptographically good S-boxes. J Cryptol
3(1):27– 41
 Multimedia Tools and Applications (2021) 80:4693–4718 4
4. Ahmad M, Bhatia D, Hassan Y (2015) A novel ant colony optimization-based scheme for substitution
box design. Procedia Computer Science 57:572–580
5. Azam NA, Hayat U, Ullah I (2018) An injective S-box design scheme over an ordered isomorphic
elliptic curve and its characterization. Security and communication networks, 2018
6. Belazi A, Abd El-Latif AA (2017) A simple yet efficient S-box method based on chaotic sine map.
Optik 130:1438–1444
7. Belazi A, Abd El-Latif AA, Belghith S (2016) A novel image encryption scheme based on substitution-
permutation network and chaos. Signal Process 128:155–170
8. Belazi A, Abd El-Latif AA, Diaconu AV, Rhouma R, Belghith S (2017) Chaos-based partial image
encryption scheme based on linear fractional and lifting wavelet transforms. Opt Lasers Eng 88:37–50
9. Belazi A, Abd El-Latif AA, Rhouma R, Belghith S (2015) Selective image encryption scheme based on
DWT, AES S-box and chaotic permutation. In 2015 International wireless communications and mobile
computing conference (IWCMC). IEEE, pp 606–610
10. Bhatnagar G, Wu QJ, Raman B (2013) Discrete fractional wavelet transforms and its application to
multiple encryptions. Inform Sci 223:297–316
11. Chen RJ, Horng SJ (2010) Novel SCAN-CA-based image security system using SCAN and 2-D von
Neumann cellular automata. Signal Process Image Commun 25(6):413–426
12. Chen TH, Li KC (2012) Multi-image encryption by circular random grids. Inform Sci 189:255–265
13. Chen TH, Wu CS (2010) Compression-unimpaired batch-image encryption combining vector quantiza-
tion and index compression. Inform Sci 180(9):1690–1701
14. Chen TH, Wu CS (2010) Compression-unimpaired batch-image encryption combining vector quantiza-
tion and index compression. Inform Sci 180(9):1690–1701
15. El-Latif AAA, Niu X (2013) A hybrid chaotic system and cyclic elliptic curve for image encryption.
AEU-Int
16. Faraoun KM (2014) Fast encryption of RGB color digital images using a tweakable cellular
automaton- based schema. Opt Laser Technol 64:145–155
17. Galbraith SD (2012) Mathematics of public key cryptography. Cambridge University Press, Cambridge
18. Gao T, Chen Z (2008) Image encryption based on a new total shuffling algorithm. Chaos, Solitons and
Fractals 38(1):213–220
19. Ghadirli HM, Nodehi A, Enayatifar R (2019) An overview of encryption algorithms in color images.
Signal Processing
20. Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and
RSA on 8-bit CPUs. In: International workshop on cryptographic hardware and embedded systems.
Springer, Berlin, pp 119–132
21. Hayat U, Azam NA (2019) A novel image encryption scheme based on an elliptic curve. Signal
Process 155:391–402
22. Indrakanti SP, Avadhani PS (2011) Permutation based image encryption technique. Int J Comput Appl
28(8):45–47
23. Jakimoski G, Kocarev L (2001) Chaos and cryptography: block encryption ciphers based on chaotic
maps. IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications 48(2):163–
169
24. Khan M, Asghar Z (2018) A novel construction of substitution box for image encryption applications
with Gingerbreadman chaotic map and S 8 permutation. Neural Comput and Applic 29(4):993–999
25. Khan M, Shah T, Batool SI (2016) Construction of S-box based on chaotic Boolean functions and its
application in image encryption. Neural Comput and Applic 27(3):677–685
26. Kim J, Phan RC (2009) Advanced differential-style cryptanalysis of the NSA’s skipjack block cipher.
Cryptologia 33(3):246–270
27. Koblitz N (1987) Elliptic curve cryptosystems. Mathematics of computation 48(177):203–209
28. Lee LP, Wong KW (2004) A random number generator based on elliptic curve operations. Computers
and Mathematics with Applications 47(2-3):217–226
29. Li L, Abd-El-Atty B, Elseuofi S, Abd El-Rahiem B, Abd El-Latif AA (2019) Quaternion and multi-
ple chaotic systems based pseudo-random number generator. In: 2019 2nd International Conference on
Computer Applications and Information Security (ICCAIS). IEEE, pp 1–5
30. Li X, Wang L, Yan Y, Liu P (2016) An improvement color image encryption algorithm based on DNA
operations and real and complex chaotic systems. Optik-International Journal for Light and Electron
Optics 127(5):2558–2565
31. Liao X, Lai S, Zhou Q (2010) A novel image encryption algorithm based on self-adaptive wave
transmission. Signal Process 90(9):2714–2722
32. Liu H, Liu Y (2014) Cryptanalyzing an image encryption scheme based on hybrid chaotic system and
cyclic elliptic curve. Opt Laser Technol 56:15–19
 4 Multimedia Tools and Applications (2021) 80:4693–4718

33. Liu H, Wang X (2011) Color image encryption using spatial bit-level permutation and high-dimension
chaotic system. Opt Commun 284(16-17):3895–3903
34. Liu G, Yang W, Liu W, Dai Y (2015) Designing S-boxes based on 3-D four-wing autonomous chaotic
system. Nonlinear Dynamics 82(4):1867–1877
35. Mehra I, Nishchal NK (2014) Image fusion using wavelet transform and its application to asymmetric
cryptosystem and hiding. Opt Express 22(5):5474–5482
36. Meier W, Staffelbach O (1989) Nonlinearity criteria for cryptographic functions. In: Workshop on the
theory and application of cryptographic techniques. Springer, Berlin, pp 549–562
37. Miller VS (1985) Use of elliptic curves in cryptography. In: Conference on the theory and application
of cryptographic techniques. Springer, Berlin, pp 417–426
38. Mohamed NA, El-Azeim MA, Zaghloul A, Abd El-Latif AA (2015) Image encryption scheme for
secure digital images based on 3D cat map and turing machine. In 2015 7th International Conference of
Soft Computing and Pattern Recognition (SoCPaR). IEEE, pp 230–234
39. Nestor T, De Dieu NJ, Jacques K, Yves EJ, Iliyasu AM, El-Latif A, Ahmed A (2020) A multidimen-
sional hyperjerk oscillator: Dynamics analysis, analogue and embedded systems implementation, and
its application as a cryptosystem. Sensors 20(1):83
40. Patro KAK, Banerjee A, Acharya B (2017) A simple, secure and time efficient multi-way rotational
permutation and diffusion-based image encryption by using multiple 1-D chaotic maps. In:
International conference on next generation computing technologies. Springer, Singapore, pp 396–418
41. Peng J, Abd El-Latif AA, Belazi A, Kotulski Z (2017) Efficient chaotic nonlinear component for
secure cryptosystems. In: 2017 Ninth International Conference on Ubiquitous and Future Networks
(ICUFN). IEEE, pp 989–993
42. Peng Z-P et al (2014) A novel four-dimensional multi-wing hyper-chaotic attractor and its application
in image encryption, pp 240506–240506
43. Reyad O, Kotulski Z (2015) On pseudo-random number generators using elliptic curves and chaotic
systems. Applied Mathematics and Information Sciences 9(1):31
44. Shankar K, Eswaran P (2016) An efficient image encryption technique based on optimized key gen-
eration in ECC using genetic algorithm. In: Artificial intelligence and evolutionary computations in
engineering systems. Springer, New Delhi, pp 705–714
45. Toughi S, Fathi MH, Sekhavat YA (2017) An image encryption scheme based on elliptic curve pseudo
random and advanced encryption system. Signal Process 141:217–227
46. Tsafack N, Kengne J, Abd-El-Atty B, Iliyasu AM, Hirota K, Abd EL-Latif AA (2020) Design and
implementation of a simple dynamical 4-D chaotic circuit with applications in image encryption.
Inform Sci 515:191–217
47. Wang Y, Wong KW, Li C, Li Y (2012) A novel method to design S-box based on chaotic map and
genetic algorithm. Phys Lett A 376(6-7):827–833
48. Wang XY, Zhang HL, Bao XM (2016) Color image encryption scheme using CML and DNA sequence
operations. Biosystems 144:18–26
49. Wang X, Zhao Y, Zhang H, Guo K (2016) A novel color image encryption scheme using alternate
chaotic mapping structure. Opt Lasers Eng 82:79–86
50. Washington LC (2008) Elliptic curves: number theory and cryptography. Chapman and Hall/CRC,
London
51. Weister AF, Tavares SE (1986) On the design of S-boxes [A], Dvances in Cryptology-CRYPTO’85 [C]
52. Xuejing K, Zihui G (2020) A new color image encryption scheme based on DNA encoding and
spatiotemporal chaotic system. Signal Process Image Commun 80:115670
53. Ye G, Huang X (2017) An efficient symmetric image encryption algorithm based on an intertwining
logistic map. Neurocomputing 251:45–53
54. Zhang M, Tong X (2014) A new chaotic map-based image encryption schemes for several image
formats. J Syst Softw 98:140–154
55. Zhou Y, Panetta K, Agaian S, Chen CP (2013) n, k, p-Gray code for image systems. IEEE Trans
Cybern 43(2):515–529

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps
and institutional affiliations.
Multimedia Tools & Applications is a copyright of Springer, 2021. All Rights Reserved.