#### Abstract

In this paper, an image encryption algorithm based on the H-fractal and dynamic self-invertible matrix is proposed. The H-fractal diffusion encryption method is firstly used in this encryption algorithm. This method crosses the pixels at both ends of the H-fractal, and it can enrich the means of pixel diffusion. The encryption algorithm we propose uses the Lorenz hyperchaotic system to generate pseudorandom sequences for pixel location scrambling and self-invertible matrix construction to scramble and diffuse images. To link the cipher image with the original image, the initial values of the Lorenz hyperchaotic system are determined using the original image, and it can enhance the security of the encryption algorithm. The security analysis shows that this algorithm is easy to implement. It has a large key space and strong key sensitivity and can effectively resist plaintext attacks.

#### 1. Introduction

In modern society, technologies such as the Internet and block-chains are rapidly developing, and human beings have entered the big data era. Internet technology has brought great convenience to human life and promoted the establishment of global information access. With the development of multimedia technology, digital offices and electronic payments have become more popular in various fields of human life. Compared with textual information, the informative features that are expressed by images are more intuitive, and the amount of information that images contain has increased. At this stage, images are being used as the main carrier of information. While enjoying the convenience brought by the information society, we must also be more vigilant about the disasters that can be caused by information leakage. For example, in June 2013, former CIA employee Snowden revealed the “PRISM Project” to the world. Some high-tech companies with great influence left back doors in the equipment that they produced, making it convenient for the US government to monitor the public. During the Korean Winter Olympics in January 2018, the identity information and bank account information of a large number of athletes and spectators were maliciously acquired by hackers, thereby causing adverse effects. Protecting the security of information and avoiding losses due to information leakage is an urgent task for human beings. Traditional encryption algorithms such as DES [1–3] and RSA [4–9] have a wide range of applications in text encryption, but the applications of traditional encryption algorithms are not sufficient to meet the timeliness and security requirements of image information encryption. Therefore, how to encrypt image information quickly and effectively has become a popular research field.

There are two main types of methods in image encryption algorithms: scrambling [10–15] and diffusion [16–20]. Scrambling is achieved by transforming the positions of the pixels. Transforming the positions of the pixels can decrease the correlation between adjacent pixels and achieve encryption. For example, in 2004, Maniccam et al. proposed an encryption method based on SCAN mode in which the image is encrypted by using a different scanning path [21]. In 2010, Jolfaei et al. proposed an encryption algorithm based on the Henon chaotic system that uses the sorting transformation method to encrypt images. This method makes cipher images more pseudorandom [22]. In 2011, Zhu proposed an encryption method based on bit-plane scrambling [10]. Diffusion is performed by changing the values of the pixels. Diffusion encryption can enhance the randomness and break the statistical characteristics of the cipher images. For example, in 2009, Acharya proposed an encryption algorithm based on the Hill matrix that uses an invertible matrix to encrypt images [23]. In 2011, El-Zoghdy proposed an improved DES algorithm to encrypt images [24]. In recent years, some hybrid image encryption algorithms have been proposed. For example, in 2004, Gehani proposed an encryption method using DNA strings that applied DNA coding to image encryption [25]. In 2005, Guan proposed an encryption algorithm based on Arnold-Chen chaotic sequences that combined scrambling and diffusion in the image encryption process [26]. In 2008, Tong et al. proposed an encryption method that combined cyclic shifts and sequence encryption [27].

In this paper, an image encryption algorithm based on the H-fractal structure and dynamic self-invertible matrix is proposed. This algorithm combines the scrambling and diffusion encryption methods. Section 2 introduces the basic theory of this algorithm, Section 3 introduces the encryption scheme, and the security analyses of this encryption algorithm are given in Section 4. The results of the security analysis show that the encryption algorithm has good security, and it can be applied in the field of image encryption.

#### 2. Fundamental Theory

##### 2.1. Lorenz Hyperchaotic System

Chaotic systems are widely used in the information encryption field because their initial values and parameters are sensitive and pseudorandom [28, 29]. Low-dimensional chaotic systems have small key spaces and weak pseudorandomness. Therefore, many scholars have improved upon low-dimensional chaotic systems by developing chaotic systems to higher dimensions. These improved high-dimensional chaotic systems are called hyperchaotic systems. To generate the four pseudorandom sequences that are required by the encryption algorithm, we apply the Lorenz hyperchaotic system [30] to the encryption algorithm. The Lorenz hyperchaotic system is described aswhere *a*, *b*, *c*, and *r* are the four parameters of the Lorenz hyperchaotic system. When *a* = 10, *b* = 8/3, *c* = 28, and −1.52 ≤ *r* ≤ 0.06, the Lorenz hyperchaotic system is in a hyperchaotic state. The hyperchaotic system is iterated by using the Runge–Kutta method when *r* = −1. The simulation results of the Lorenz hyperchaotic system are shown in Figure 1.

##### 2.2. Self-Invertible Matrix Encryption

In 1929, Hill proposed an encryption algorithm that used invertible matrices [31]. The fundamental theory of the algorithm is to use a matrix to convert the plain-text into cipher-text, and the key is the matrix itself. The encryption method is described as

In formula (2), *M* represents a plain-text matrix, *C* represents a cipher-text matrix, *R* is the plain-text value range (in the image encryption process, *R* = 256), *K* represents an encryption key, and matrix *K* must be an invertible matrix. The Hill encryption algorithm is uncompressed. Assuming that the length of the plain-text and cipher-text is *l*, the encryption formula can also be described as

In formula (3),

The decryption process is the inverse of formula (3) and can be described as

To ensure the existence of matrix *K*^{−1}, this paper constructs matrix *K* as a 4 × 4 self-reversible matrix so that . The decryption process can be simplified as

The method of calculating a 4 × 4 self-invertible matrix is as follows. When matrix *A* is a self-invertible matrix, . If , *A*_{11}, …, *A*_{22} are 2 × 2 matrices, and formula (7) can be derived:

Then, formula (8) can be calculated by expanding formula (7):

To construct the self-invertible matrix, *A*_{12} is constructed as a factor of (*E* − *A*11) and *A*_{21} is constructed as a factor of (*E* + *A*_{11}). *k* is a prime number that is mutually prime with *R.* When *A*_{12} ≠ 0, formula (9) can be derived:

The self-invertible matrix *A* can be calculated using a given matrix *A*_{22}. Taking *k* = 3, *R* = 256 and as an example, to calculate the self-reversible matrix *A*, first we should calculate the matrix *A*_{11}. Because *A*_{11} = −*A*_{22} (mod *R*), we can get

Because *A*_{12} = *k*(*E* − *A*_{11})(mod *R*), we can get

Because *A*_{21} = (*E* + *A*_{11})/*k*(mod *R*), we can get

Then, the self-invertible matrix *A* can be obtained. . It can be verified that .

##### 2.3. Fractal

In 1967, Mandelbrot published a paper entitled, “How Long is the British Coastline,” in Science. In it, he used fractals to describe a large class of complex irregularities that cannot be described using traditional Euclidean geometry in nature. It marked the emergence of fractal thought. A fractal is a set of mathematical theories that uses fractal features as the research object. Some common geometric fractals are the Koch curve, the H-fractal, the Sierpinski triangle, and the Vivsek triangle. Fractal theory is not only a frontier and important branch of nonlinear science but also a new cross-discipline. It is a new mathematics discipline that studies the characteristics of a class of phenomena. Compared with its geometric form, it is more connected with differential equations and dynamic systems theory. The fractals are not limited to geometric forms and times and processes can also form fractals. As a new concept and method, the fractal is being applied in many fields. In recent years, fractal sensitivity, especially the sensitivity of the Mandelbrot sets and Julia sets to initial values, has been widely used in image encryption.

The H-fractal is a kind of fractal, and the diagram of the H-fractal is shown in Figure 2. Fractal graphics can be used for information encryption and security. This algorithm uses the H-fractal to encrypt image information.

#### 3. Encryption Scheme

##### 3.1. Key Generation

SHA-3 algorithm is a kind of Secure Hash Algorithm. This encryption algorithm uses the Hash sequence that is generated by the SHA-3(256) algorithm, and the prime number *k* is used to construct the self-invertible matrices that are used as keys. The initial values *x*_{0}, *y*_{0}, *z*_{0}, and of the Lorenz hyperchaotic system are generated by the original image. To obtain the 256 bit binary Hash sequence H, the algorithm inputs the original image into the SHA-3(256) function. Then, the sequence H is divided into 32 8 bit binary sequences as *h*_{1}, *h*_{2}, …, *h*_{32}, and the initial values of the Lorenz hyperchaotic system are calculated using

The number of iterations of the hyperchaotic system is selected according to the size of the original image after obtaining the initial values of the Lorenz hyperchaotic system. If the size of the original image is *M* × *N*, it is necessary to iterate the Lorenz hyperchaotic system *M* × *N* + 800 times and delete the first 800 iterations to avoid the transient effect. Finally, four pseudorandom sequences *X*, *Y*, *Z*, and *W* of length *M* × *N* are obtained.

##### 3.2. Scrambling Based on the Self-Invertible Matrix

The sequence *Y* that is generated by the Lorenz hyperchaotic system is chosen to produce the self-invertible matrices. When an *M* × *N* original image is encrypted using dynamic self-invertible matrices, the encryption process is described as follows: Step 1: The original image is divided into *M* × *N*/16 matrices that are sized 4 × 4, which are, respectively, labeled as *PM*_{i} (*i* = 1, 2, …, *M* × *N*/16) using the row-first method. Step 2: The pseudorandom sequence *Y* in the Lorenz chaotic system is conducted using formula (14) to obtain the pseudorandom matrix *YM.* In formula (14), floor(*x*) is a floor function, and reshape(*x*) is a column-first ordering function: Step 3: The matrix *YM* is divided into *M* × *N*/16 matrices that are sized 4 × 4 according to the method in Step 1, and we label the 4 × 4 matrices as *YM*_{i} (*i* = 1, 2, …, *M* × *N*/16). Step 4: The 4 × 4 matrices *YM*_{i} (*i* = 1, 2, …, *M* × *N*/16) are divided into four 2 × 2 matrices, and the matrices in the upper left corner are reserved as (*i* = 1, 2, …, *M* × *N*/16). Step 5: The 2 × 2 matrices (*i* = 1, 2, …, *M* × *N*/16) are transformed into the self-invertible matrices as *K*_{i} (*i* = 1, 2, …, *M* × *N*/16) using the prime number *k* with the construction method of the self-invertible matrix. Step 6: The cipher matrices *C*_{i} (*i* = 1, 2, …, *M* × *N*/16) are calculated, and *C*_{i} = *K*_{i}*PM*_{i} (*i* = 1, 2, 3, …, *M* × *N*/16). Step 7: The cipher image is composed of the cipher matrices *C*_{i} (*i* = 1, 2, …, *M* × *N*/16) using the row-first method.

The decryption process of the self-invertible matrix encryption algorithm is the inverse of the encryption process, so it will not be described again.

##### 3.3. H-Fractal Diffusion

The H-fractal cross-diffusion method that is proposed in this paper uses the intermediate pixel that is covered by the H-fractal as an operator to cross-process the two pixels on both ends of the H-fractal to complete the diffusion. Taking a 3 × 3 block as an example, the diffusion process based on the H-fractal is shown in Figure 3.

In Figure 3, pixel 2 is used as a control word, and pixel 1 and pixel 3 are controlled to perform a crossover operation. Then, pixel 8 is used as a control word, and pixel 7 and pixel 9 are controlled to perform a crossover operation. Finally, pixel 5 is used as a control word, and pixel 2 and pixel 8 are controlled to perform a crossover operation. The crossover operation method is shown in Figure 4, where *E* is the control word, *B* and *D* are the endpoint pixels, and *B*′ and *D*′ are the pixels after the crossover operation. When the values of the binary control bits in the pixel *E* are “1,” the binary words in pixels *B* and *D* corresponding to the control bits are exchanged. Conversely, when the values of the binary control bits in pixel *E* are “0,” the binary words in pixels *B* and *D* corresponding to the control bits have no operation. The decryption process is the inverse of the diffusion process, so it will not be described here.

Taking a 256 × 256 image as an example, the image that is covered by the H-fractal is shown in Figure 5. The first pixel in the upper left corner of the image is used as the starting point to construct the H-fractal. The pixels that are not covered by the H-fractal in the image are not operated on.

##### 3.4. Cipher-Pixels Feedback Encryption

In this paper, a cipher-pixel feedback method is used to enhance the diffusion effect. The cipher-pixel feedback method makes the pixels in the front of the pixel sequence affect the pixels behind them. Assuming that the size of the original image is *M* × *N*, the specific process of cipher-pixel feedback is described as follows. First, rearrange the original images into a pixel sequence *P*{1, 2, 3, …, *M* × *N*}. Then, a diffused sequence *P*′{1, 2, 3, …, *M* × *N*} is obtained by operating on sequence *P* using

##### 3.5. Scrambling Process

The algorithm uses the pseudorandom sequences *X*, *Z*, and *W* that are generated by the Lorenz hyperchaotic system to scramble the image. Taking the *M* × *N* image as an example, assuming that the given key is a pseudorandom sequence *S*{1, 2, 3, …, *M* × *N*}, the global scrambling operation is described as follows. First, the original image is expanded into a one-dimension pixel sequence *P*_{1}{1, 2, 3, …, *M* × *N*}, and the positions of the pixels in sequence *P*_{1} are corresponded with the positions of the elements in sequence *S*. Then, the pseudorandom sequence *S* is rearranged in ascending order to obtain an index sequence *S*′. Finally, the pixel sequence *P*_{1}{1, 2, 3, …, *M* × *N*} is mapped to the new pixel sequence {1, 2, 3, …, *M* × *N*} according to the rules for mapping the elements in the sequence *S* to the sequence *S*′. The decryption process of scrambling is the inverse of the encryption process, so it will not be described here.

##### 3.6. Encryption Scheme

The flow chart of the encryption scheme is shown in Figure 6. Taking image *I* that is sized 256 × 256 as an example, the encryption process is described as follows: Step 1: Image **I** is input into the SHA-3(256) algorithm to obtain a Hash sequence *H*. Step 2: The initial values *x*_{0}, *y*_{0}, *z*_{0}, and of the Lorenz hyperchaotic system are obtained by conducting the Hash sequence *H*. Step 3: The Lorenz hyperchaotic system is iterated *M* × *N* + 800 times, and four sequences *X*, *Y*, *Z*, and *W* are obtained by discarding the values of the first 800 iterations. Step 4: The image matrix **I**_{1} is obtained by scrambling the original image **I** using sequence *X.* Step 5: The image matrix **I**_{2} is obtained by using the dynamic self-invertible matrix encryption method to encrypt image matrix **I**_{1} using sequence *Y.* Step 6: The image matrix **I**_{3} is obtained by scrambling the image matrix **I**_{2} using sequence *Z.* Step 7: The image matrix **I**_{4} is obtained by using the H-fractal encryption method to encrypt image matrix **I**_{3}. Step 8: The image matrix **I**_{5} is obtained by scrambling the image matrix **I**_{4} using sequence *W.* Step 9: The cipher-text feedback operation is performed on the image matrix **I**_{5} to obtain the image matrix **I**_{6}, namely, the ciphertext image.

The decryption process of this encryption scheme is the inverse of the encryption process, so it will not be repeated.

#### 4. Simulation Results and Security Analysis

In order to verify the effectiveness and feasibility of our algorithm, simulated experiments are undertaken on the MATLAB R2018a platform. The environment of development is Windows 7, 4.00 GB RAM, Intel(R) Core(TM) i3-4130 CPU @ 3.4 GHz. Mean execution time of test images with size of 256 × 256 is 1.518s. Part of the encryption keys are set as and the Hash sequences are generated by the original images. Some original images are shown in Figures 7(a)–7(d), and their cipher images are shown in Figures 7(e)–7(h). Because the encryption algorithm that we proposed is lossless, the decrypted images of the cipher images are exactly the same. The algorithm does not destroy the characteristics of the original image.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

**(h)**

##### 4.1. Key Sensitivity Analysis

The encryption algorithm that is proposed in this paper uses the 256 bit Hash sequence that is generated by the SHA-3(256) algorithm and the prime number *k* as the key. The key space of the 256 bit Hash sequence is 2^{128}. Therefore, the key space of the algorithm is large enough to resist brute-force attacks. The initial values of the Lorenz hyperchaotic system are generated by the Hash sequence. When the Hash sequence has a slight change, the initial value of the hyperchaotic system also changes. The algorithm is very sensitive to the changes of these initial values. When these initial values have been slightly changed by 10^{−13}, the encryption system cannot be decrypted. When the prime number *k* = 3, the original image and the correct decrypted image are shown in Figures 8(a) and 8(b). In Figures 8(c)–8(g), the decrypted images after the initial values have been changed are listed. The encryption algorithm is very sensitive to the key, and the algorithm is sufficient to resist attacks on the key.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

##### 4.2. Differential Attack Analysis

When the original image has a slight change, the cipher image will have a big change. This phenomenon reflects that the encryption system is very sensitive to changes in the original image. The higher the sensitivity of the plaintext, the stronger the cryptosystem’s ability to resist differential attacks. Here, we use the number of pixel changes rate (NPCR) and the unified average changing intensity (UACI) to measure the antidifferential attack capability of the encryption system. The methods for calculating the NPCR and UACI are described as

In formula (15), *P*_{1} is the correct cipher image, and *P*_{2} is the cipher image where the original image has a little change. *M* and *N*, respectively, represent the length and width of the image. Sign(*x*) represents the symbol function, and its calculation method is described as

The maximum theoretical value of the NPCR is 100%, and the ideal value of the UACI is 33.4635%. The larger the NPCR is, the greater the pixel changes. When the original image has been changed by 1 bit, the values of the NPCR and UACI are shown in Table 1. In addition, the values of the NPCR and UACI in the references [32] are listed in Table 1. By comparison, it is known that the algorithm that we proposed is very sensitive to plaintext and can resist differential attacks very well.

##### 4.3. Information Entropy Analysis

Information entropy is the concept that was proposed by Shannon to quantify information. It can usually be expressed as *H*(*s*). The concept of information entropy is described as

In formula (17), *p*(*i*) represents the probability of the occurrence of the case and *n* represents the total number of all possible occurrences. The information entropy is used to measure the randomness of the information. The closer the information entropy is to the ideal value, the stronger the randomness of the information is. The pixels in the grayscale image are all in the interval [0, 255]. When the image is completely random, the probability of each pixel value is 1/256, so the information entropy of a completely random grayscale image is 8. The information entropies of some original images and their cipher images are listed in Table 2. It can be seen from the comparison that the cipher images that are encrypted by this algorithm are close to random.

##### 4.4. Histogram Statistical Analysis

Histogram statistical analysis is a kind of statistical attack, and the histogram can characterize the image. The pixel distribution in the histogram of the original image is not uniform, which is not conducive to resisting statistical attacks. A good encryption algorithm can make the pixel distribution in the histogram of the cipher image more uniform, and thus, it can resist known-plaintext attacks and chosen-plaintext attacks. The histograms of the original images are shown in Figures 9(a)–9(c), and the histograms of the cipher images are shown in Figures 9(d)–9(f). It can be seen from the comparison that the algorithm can destroy the histogram of the statistical law of the original image and achieve good performance.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

##### 4.5. Correlation Analysis

10000 pixels and their adjacent pixels from the original Lena image are randomly selected in the horizontal, vertical, and diagonal directions, and the values of these pixels are shown in Figures 10(a)–10(c), respectively. It can be seen from the analysis that there is a strong correlation between adjacent pixels. A good encryption algorithm can break the correlation between adjacent pixels, and it can enhance the ability to resist statistical attacks. 10000 pixels and their adjacent pixels from the cipher Lena image are randomly selected in the horizontal, vertical, and diagonal directions, and the values of these pixels are shown in Figures 10(d)–10(f), respectively. It can be seen from the comparison that the algorithm can break the correlation between adjacent pixels.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

The correlation coefficient is used as an indicator to measure the correlation between adjacent pixels. Its calculation method is described as

In formula (18), *N* is the total number of selected pixels, *E*(*x*) is the mean of the selected pixels, *D*(*x*) represents the variance of the selected pixels, cov(*x*, *y*) represents the covariance of the selected pixels, and *r* represents the correlation coefficient. An absolute value of the correlation coefficient that is close to 1 indicates that the correlation of the data is strong, and an absolute value of the correlation coefficient that is close to 0 indicates that the data have almost no correlation. The correlation coefficients of the original images and the cipher images are listed in Table 3. It can be seen from the comparison that the image correlation coefficient of the encryption algorithm is almost zero, and the encryption algorithm can break the correlation between adjacent pixels.

##### 4.6. Antiocclusion Attack Capability Analysis

The antiocclusion attack capability of the encryption system can reflect the degree of recovery of the decrypted image when the cipher image data are lost. In a cryptosystem without global scrambling, when the cipher image data are lost, its decrypted image may lose some important features in the original image. The Lena cipher images cut by 0, 1/256, 1/64, and 1/16 are shown in Figures 11(a)–11(d), and the corresponding decrypted images are shown in Figures 11(e)–11(h).

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

**(h)**

The NPCR, UACI, and correlation coefficients between the original images and the decrypted images after the occlusion attacks are listed in Table 4. The comparison between the data proves that the encryption algorithm that we proposed has a good antiocclusion attack capability.

##### 4.7. Practicality Analysis

Some characteristics of the cipher images with different sizes encrypted by the proposed algorithm are listed in Table 5; these images are encrypted by *k* = 3. It can be seen from the data in Table 5 that the proposed algorithm can encrypt images with different size and has good encryption effects.

#### 5. Conclusions

In this paper, an image encryption algorithm based on the H-fractal structure and dynamic self-invertible matrix is proposed. The algorithm uses the Hash sequence that is generated by the SHA-3(256) algorithm and a prime number as the keys. The image is scrambled and diffused by the four pseudorandom sequences that are generated by the Lorenz hyperchaotic system. In this encryption scheme, a cross-diffusion operation based on the H-fractal structure is applied for the first time. The algorithm enriches the means of digital image encryption. It has high security to resist brute-force attacks and statistical attacks, and it has the ability to recover when the cipher data are lost. Thus, this algorithm can be used to protect the security of digital images.

#### Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.

#### Acknowledgments

This study was supported by the National Natural Science Foundation of China (grant nos. 61572446, 61602424, and U1804262), Key Scientific and Technological Project of Henan Province (grant nos. 174100510009 and 192102210134), and Key Scientific Research Projects of Henan High Educational Institution (18A510020).