A Dynamic Triple-Image Encryption Scheme Based on Chaos, S-Box and Image Compressing

To guarantee the security and high-efficiency of image transmission, a novel triple-image encryption scheme based on chaotic system, S-box and image compressing is proposed in this paper. Firstly, the combination process is performed by compressing three plain images to 25% and combining the compressed images with a stochastic matrix generated by the 2D-LSCM system to construct a new image. This process makes the proposed image encryption scheme have higher image transmission efficiency comparing to that of the state-of-the-art methods. Then, Z-scan and the proposed coded lock scrambling algorithm with low time complexity is used to randomly scramble the positions of pixels in the new construct image. Next, a cipher image is obtained by performing the diffusion operation on the scrambled image through S-box and chaotic sequences. In addition, the added stochastic matrix in the combination process makes the cipher image dynamic. In other words, the generated cipher images are always different to each other even when they are generated by the proposed encrypt scheme with identical plain images under the same secret keys, which can resist chosen-plaintext attacks. Finally, experimental results and simulation analysis are performed, which shows the proposed scheme can effectively resist common kinds of attacks.

and diffusion. (2) The second category is to improve the chaotic systems and to apply them to image encryption. There are some defects in the classical one-dimensional chaotic system, such as small key space, blank windows and weak chaotic behavior. As a result, some image encryption schemes based on the improved chaotic systems were proposed. For example, Parvaz and Zarebnia [9] created a new chaotic system by combining Logistic, Sine and Tent chaotic systems, which eliminated the influence of blank windows and made the improved chaotic system have a very large key space. And then, the authors proposed a robust image encryption scheme based on the improved one-dimensional chaotic system. Similarly, a chaos improvement method was proposed by Hua et al. [10], and the defects of the seed chaotic systems can be solved perfectly through the cosine transform. (3) The third category is to add new technologies into chaotic image encryption schemes, for instance, DNA coding technology [11], Boolean network and matrix semi-tensor product theory [12]. DNA coding is characterized by parallel processing, massive storage and ultra-low power consumption. Chai et al. [11] combined chaos theory and DNA coding technology to encrypt the plain images. In their encryption scheme, the RGB com-ponents of the color plain image is extracted separately, and then a simultaneous intra-inter-component permutation mechanism is used for randomly scrambling the three components, and the cipher image can be obtained by diffusing the matrix encoded by DNA. The advantage of this scheme is that it can realize a dynamic DNA coding mechanism according to different plain images. Recently, Wang and Gao [12] combined Boolean network, matrix semitensor product theory and chaos theory to proposed a highsecurity image encryption scheme, which also can be used to encrypt other complex networks. (4) The fourth category is to enhance the speed of image encryption. Some encryption sche-mes have complex processes and high time complexity during the encryption, which cannot meet the requirements of real-time communication. Therefore, fast image encryption schemes emerged. In order to reduce the computational complexity, the most common method is to merge the scrambling operation with the diffusion operation. Another advantage of performing this is that it can resist separate attacks. Such as [13] and [14], both of them follow this rule to enhance the encryption speed. In [13], the initial value of the 2D Hénon-Sine system is generated according to the secret keys and plain image. Then the chaotic sequences are used to simultaneously scramble and diffuse the rows and columns to enhance the time speed. In [14], a cross-cyclic shift algorithm which is also a kind of simultaneous scrambling and diffusion scheme, is proposed for fast encryp-tion. The abovementioned encryption schemes all have splendid security performance. However, the transmission efficiency of these schemes is not high. That is to say that only one cipher image is transmitted at a time.
Multi-plain image encryption is a research hotspot in the field of image encryption, and many scholars have also proposed lots of related encryption algorithms [24]- [29]. For example, Patro et al. [24] proposed that using the crosscoupled chaotic system to scramble and diffuse multiple plain images in pixel-level. In addition, Zhang and Wang [25] also proposed a set of multiple plain image encryption scheme based Deoxyribonucleic acid encoding and chaos. However, these proposed algorithms that encrypt multiple images simultaneously have the same transmission efficiency as that of encrypting one plain image at a time. One way to enhance the image transmission efficiency is to compress several plain images into one image for transmission.
The common method for image compression in image encryption is the compressive sensing (CS) technology [30]- [42]. It can simultaneously sample and compress signals to reduce the transmission burden and storage space. For example, in [30], color plain images were compressed by CS and Arnold chaotic system, which can release transmission space. However, the measurement matrices used to compress the color plain image in [30] were randomly generated, which caused the decryption end should obtain these random matrices as secret keys. This increased the storage space of the secret keys and the transmission channel burden. To solve this problem, in [31], Zhou et al. proposed a hybrid image compression-encryption algorithm based on compressive sensing which can encrypt and compress the plain images simultaneously without generating extra secret keys. Subsequently, [32] used 2D compressive sensing technology to compress the plain images so that the data capacity of the cipher images can be further reduced. In [33], Chai et al. proposed a plain related image encryption scheme by combining the memristive chaotic system, the elementary cellular automata and the compressive sensing technology. The permutated sparse coefficient matrix was compressed by a circular measurement matrix generated by the memristive chaotic system to decrease data transmission. In [34], Xu et al. proposed a fast and high-efficiency image encryption scheme by the improved chaotic system and compressive sensing. in which the plain images were compressed by two circular measurement matrices from two directions. Note that, although the application of CS technology to image encryption can improve the trans-mission efficiency, there are still some disadvantages. (a) Though plain images can be compressed by the compressive sensing to any size, the decrypted image has large distortions when the compression rate is lower than 0.5, such as that in [35]. (b) In the decryption process, the decryption algorithm needs the maximum value and the minimum value of the observation matrix besides the secret keys. Subtle differences of plain images can result in the observation matrices being different to each other, which caused the extreme value of observation matrices should be transmitted to the decryption end for decrypting. (c) The ability to resist the occlusion attack is limited. It is very difficult to identify the decrypted image when a certain amount of cipher image information is lost during transmitted in the public channel.
In order to enhance the security and transmission efficiency for image encryption, a novel triple image encryption scheme VOLUME 8, 2020 based on chaotic systems, S-box and image compressing is proposed in this paper. The proposed encryption scheme consists of three processes: combination, scrambling and diffusion. In the combination process, three plain images are compressed and then combined with a stochastic matrix generated by the 2D-LSCM system to construct the combined image. In the scramb-ling process, the combined image is transformed into the 1D sequence by Z-scan. Then the coded lock scrambling algorithm is adopted to randomly scramble the positions of the 1D sequence. Finally, in the diffusion process, the S-box generated by the Sin-Tent piecewise chaotic system (STS) system and the chaotic sequence generated by the 2D-LSCM system are used to diffuse the scrambled image to obtain the cipher image. More-over, the proposed encryption scheme is not a one-time pad. Batches of cipher images can be decrypted with a group of fixed secret keys. It does not need to manage huge secret keys like one-time pad schemes. The proposed encryption scheme has the following four advantages.
(1) The generated cipher image has the dynamic characteristic (see in section V.A). Every time the cipher image is different even when they are generated by the proposed encrypt scheme with the identical plain image under the same secret keys. So, it is unavailable to construct the special images like [43], [44] to attack the proposed encryption scheme.
(2) It has high efficiency, which can encrypt three images at a time. And its efficiency is higher than that of in [33], [36].
(3) It is robust against noise attacks and occlusion attacks. Even the cipher image is cut off 50% or suffer 30% salt and pepper noise attacks, the decrypted image is still visible (see in Section V.H).
(4) The proposed encryption scheme has low time complexity (see in section V.J), which benefits from the proposed coded lock scrambling (the detailed analysis of this scrambling algorithm is shown in section III).
The rest of this paper consists of the following sections. The second section briefly introduces the required theoretical knowl-edge. The third and the fourth section elaborate on the proposed encryption and the corresponding decryption algorithm. The security performance analyses of the encryption algorithm are presented in the fifth section. The last section summarizes our research work.

II. FUNDAMENTAL KNOWLEDGE
In general, the classical one-dimensional chaotic systems, such as Logistic system, Sine system, Tent system, have some drawbacks like simple structure, small key space and weak chaotic characteristics. This causes these chaotic systems are easy to be attacked by the signal estimation algorithm [45] in the encryption scheme. Therefore, we should try to use the system with complex chaotic characteristics to devise the encryption rules when designing the image encryption scheme. In this paper, the two-dimensional chaotic system [46] and the improved one-dimensional chaotic system [47] are adopted to design the encryption rules.  A. THE 2D LOGISTIC-SINE-COUPLING MAP The 2D chaotic system (2D-LSCM) used in the paper is obtained by coupling the Logistic system and the Sine system. The mathematical iterative formula [46] is expressed in Eq.(1).
where, θ is the control parameter of this 2D chaotic system, which belongs to [0, 1], x and y are the generated pseudorandom sequences. As shown in  the trajectories of this 2D coupled chaotic system can occupy all phase plane and distribute uniform.

B. THE SINE-TENT SYSTEM
The second chaotic system used in this paper is the Sin-Tent piecewise chaotic system (STS) proposed in [37]. The mathematical model of STS is shown in Eq. (2).
where, µ is the control parameter of the Sin-Tent piecewise chaotic system. When µ is evaluated between [0, 4], this system is in a chaotic state. Fig.1.b is the bifurcation chart of this improved chaotic system (parameters: z 0 = 0.21, µ = 3.9982789374626). It indicates that compared with the Sine system and Tent system, the STS chaotic system has a wider chaotic range and eliminates the blank windows. Therefore, the generated chaotic sequence has better randomness and is more difficult to predict.

C. THE BICUBIC INTERPOLATION
The bicubic interpolation is also called cubic convolution interpolation, which is first proposed in [48]. This VOLUME 8, 2020 interpolation algorithm adopts sixteen-pixel points around the sampled point for interpolation operation, which not only takes into account the gray values of four directly adjacent pixels, but also takes into account the gray value change rate between the adjacent pixel points [49]. Thus, we can obtain a high resolution enlarge-ed image by using the bicubic interpolation algorithm. In the interpolation process, it is necessary to select the appropriate basis function S(w) to fit the sampled data. The most common interpolation basis function is represented in Eq.(3). Fig.2 shows the functional image of the interpolation basis function S(w). The method of enlarging the sampled image by using the bicubic interpolation algorithm is shown in Eq.(4).

III. THE PROPOSED ENCRYPTION ALGORITHM
In this paper, we propose a dynamic triple image encryption scheme based on the chaotic system, S-box and image compressing technology. The proposed encryption scheme can be divided into three stages: combination, scrambling and diffusion. The flowchart of the proposed encryption scheme is shown in Fig.3. In the combination stage, three plain images are compressed by the image compressing technology. Then, the three compressed images are combined with a stochastic matrix generated by a two-dimensional chaotic system. This makes the cipher image dynamic since the parameter θ of the two-dimensional chaotic system is a dynamic variable (θ is not the secret in combination process, and it is randomly selected in [0, 1] each time) which causes the stochastic matrix generat-ed by the chaotic system is different each time.
In other words, the generated cipher is different even when it is generated by the proposed encrypt scheme with the identical plain images under the same secret keys, which can resist chosen-plaintext attacks. In the scrambling stage, a novel fast scrambling algorithm named coded lock scrambling is proposed to improve the processing speed. The pseudo-code of the proposed scrambling algorithm is demonstrated in Tab.11 (shown in Appendices). In the last stage, we introduce a nonlinear component S-box of which the pseudo-code is demonstrated in Tab.12 (shown in Appendices) to participate in the diffusion process. Next, we will describe the encryption process of the proposed scheme in detail. For the sake of description, we assume that the three plain images are P1 ∈ N M ×N , P2 ∈ N M ×N and P3 ∈ N M ×N respectively.
Note that, parameter θ 0 is randomly selected in [0, 1] each time for image encryption. That is, for the ith and jth (i = j) encryption process, we have θ 0 . This causes matrices R1, R2 to be dynamic changing (R1 (i) = R1 (j) , R2 (i) = R2 (j) ) even for encrypting the identical plain images under the same secret keys.
Step 3. Obtain the quantized matrices QR1, QR2 by Eq. (10), where, mod(·) represents the remainder operation performed on the two elements in parentheses, floor(·) performs rounding the element in parentheses to the negative infinity direction. Then, the matrix R which is used to combine with the three compressed images is obtained by Eq. (11), where bitxor(·) performs bitwise xor operation on the two elem-ents in parentheses. R is also dynamics changing each time for encryption, since R1 and R2 are dynamics matrices.
Step 4. Combine the three compressed images SP1, SP2 and SP3 with the stochastic matrix R by Eq. (12) and obtain the combined image C with the size M × N . Step 5. Scan the combined image C like a Z-shape, and denote the obtained sequence as ZC. Then, ZC is divided into four equal sub-bocks that are denoted as ZC1 (13). The schematic diagram of the Z-scan is shown in Fig.4.a, where the red arrow indicates the scanning direction. Fig.4.b shows the gener-ated sequence by Z-scanning. The variable i belongs to 1, 2, 3, 4} in Eq. (13).
Step 6. Iterating the 2D-LSCM (T 0+MN/4) times through the secret keys x 0 , y 0 and θ 1 to obtain the chaotic sequences u and v. T 0 is any positive integer greater than 100, which is used to eliminate the transient effects. Generating another two sets of chaotic sequences w (w = u(:) + v(:)) and z(z = u(:) − v(:)).
Step 7. Sort the obtained four sets of chaotic sequences u, v, w and z by Eq. (14).
where sort(tmp) indicates that the sequence tmp in parentheses is sorted in ascending order. The index sequence Ttmp is then returned.
Step 9. Iterate the two-dimensional chaotic system (T 0+256) times through the secret keys x 1 , y 1 and θ 2 to generate the chaotic sequence m ∈ N 16×16 . Then, input another set of secret keys µ, z 0 and odd integer d which is greater than 0 to generate the S-box S ∈ N 16×16 . Tab.12 (shown in Appendices) shows the pseudo-code used to generate a Sbox.
Step 10. Generate a sequence T by Eq. (16). Then obtain a chaotic sequence z ∈ R 1×256 by using µ, z 0 and N 0 to iterate the STS chaotic system (defined by Eq.(2) in section II.B). Next, the sequence T is scrambled by the index sequence Tz which is obtained by sorting the chaotic sequence z. Then the S-box used for diffusion can be obtained through Eq. (19).
Step 11. The scrambled matrix img_p is divided into blocks with the size of 16 × 16. Then, use the chaotic sequence m(obtained in step 9 above) and the S-box S to diffuse all blocks by Eq. (20). Finally, all the diffused blocks are stitched to obtain the cipher image with the size of M × N .
where, i and j are integers and belong to [1], [16]. Note that, from the aforementioned descriptions, the proposed encryption scheme has the following advantages. (1) The generated cipher image has the dynamic characteristic. That is to say, the proposed encryption scheme can encrypt three identical plain images into different cipher images even under the same secret keys. The reason is that the parameter θ 0 in step 2 is randomly selected in [0,1] each time, which causes the 2D-LSCM chaotic system to generate different sequences each time. This makes the stochastic matrix R (in step 6) which is used to combine the three compressed plain images, to be dynamic changing. (2) It has high transmission efficiency which up to 300% compared to that of conventional image encryption schemes. The decrypted image also has a well visual effect under such high transmission efficiency (the peak signal-to-noise ratio is greater than 30 dB, shown in Section V.G). (3) The proposed scheme has low time complexity which benefit by the new scrambling algorithm named coded lock scrambling. Fig.5.a shows a scrambled image obtained by performing one round of coded lock scrambling on the Lena image with the time 0.02352s. Fig.5.b shows the scrambling time comparison, which illustrates the proposed scrambling algorithm has high time speed.

IV. THE PROPOSED DECRYPTION ALGORITHM
The specific steps for decryption are described as follows. Firstly, the reverse diffusion of the cipher image is performed according to the diffusion matrix and the S-box which are constructed based on the decryption secret keys. Eq. (21) shows the inverse diffusion process. The proposed coded lock scrambling algorithm in this paper is also reversible, so the obtained matrix after inverse diffusion operation is then performed by inversing scrambling by the pseudo-code in VOLUME 8, 2020 Tab.11 (shown in Appendices). Finally, the combined image C generated in the previous operation is segmented into three compressed plain images and a stochastic image which is useless and will be discarded. The corresponding plain images are reconstructed at a high resolution by the bicubic interpolation algorithm to three compressed images (shown in Section II.C). Thus, the decryption process of the cipher image is completed.
It is worth mentioning that although the generated cipher image changes dynamically, the encryption rules in the scrambling and diffusion process are controlled by the secret keys. So, when the encrypted image is transmitted to the receiver, the receiver can decrypt the cipher image according to the obtained secret keys and decryption scheme, since the dynamic stochastic image R is discarded, which does not affect the process of decryption. In addition, the proposed encry-ption algorithm is only suitable for the plain image whose length is equal to width. Fig.6 shows the results of the simulation experiments. In Fig.6, (A1)-(A3) are three plain images. (A4) is a stochastic image with the size of 256 × 256 generated during the encryption process. (A5) is the final generated cipher image with the size of 512 × 512. (A6)-(A8) are the corresponding decrypted images under the correct decryption secret keys. In the same way, the images of group B and group C can be obtained. It can be seen from the experiment results. (1) The cipher images generated by the proposed encryption scheme are disordered, and the related texture information of the plain images are completely covered up. (2) The proposed encryption scheme has good compression performance. Although the compression rate is as high as 33.33%, the decrypted image is basically the same as the plain image, which means that the decrypted images have well visual effect.
Next, we will analyze the security performance of the proposed encryption scheme and compare it with that of the state-of-the-art methods [33], [36], [39]- [41] published in recent years.

A. CHOSEN PLAINTEXT ATTACK ANALYSIS
Chosen-plaintext analysis on the encryption scheme is the most common and effective way of attacking. An excellent image encryption scheme should not only completely conceal the plain image information, but also resist the chosen-plaintext attacks. To address this issue, we propose a dynamic image encryption scheme. In other words, each time the generated cipher image is random and unpredictable. Tab.1 shows the experimental results of analyzing cipher images with the dynamic characteristic, where (A1)-(A3) are three plain images. Besides, (A4) and (A5) are the cipher images obtained by encrypting the three plain images two times with the same secret keys. The structural similarity of the two cipher images is 74.9062%, and the pixel change rate is 24.9134%, which can be seen from Tab. 1. This means that millions of different cipher images can be generated by the proposed scheme with the same secret keys for encrypting identical plain images. Therefore, the proposed encryption scheme can resist the chosen-plaintext attacks very well.

B. KEY SPACE ANALYSIS
The key space represents the total number of all different secret keys, and its size reflects the ability of the encryption scheme to resist brute-force attacks. From a security perspective, A keys pace greater than 2 100 can satisfy a high level of security [54]. Assume that the calculation accuracy of the computer is 10 −15 . In this paper, the secret keys of the encryption scheme are mainly composed of the following three parts.    which is much larger than that of the references listed in Tab. 2. That is to say, the proposed encryption scheme has an outstanding ability to resist the brute-force attacks.

C. KEY SENSITIVITY ANALYSIS
Secret key sensitivity reflects the sensitivity of the encryption scheme to the secret keys, which means that the difference between the decrypted image and the plain image when the secret keys changed imperceptibly. Mean square error (MSE) is an indicator to measure the sensitivity of the encryption scheme to the secret keys. In this part, we also evaluate the secret key sensitivity of the encryption scheme through the MSE. The mathematical model of the MSE is where, M and N represent the size of the image P or D, respectively. (i, j) respectively represent the positions of pixels in the image. Fig.7 shows the Lena image obtained by decrypting with the incorrect secret keys. Fig. 8 shows the MSE curves of the secret keys x 0 , y 0 , θ 1 , x 1 , y 1 , θ 2 , µ and z 0 . It is illustrated that when the correct secret keys are changed slightly, the cipher image cannot be decrypted correctly, and the decrypted image visually does not reveal any information of the plain image, which means the proposed encryption scheme has well secret key sensitivity.

D. HISTOGRAM ANALYSIS
The histogram describes the frequency of each gray level in the image, which reflects the gray level distribution of the image. In order to resist statistical attacks, it requires the histogram distribution of the cipher image to be uniform. According to [43], we can analyze the distribution of any image histogram by histogram variance through Eq. (23).
where N = 256, u i and u j respectively represent the number of pixel value i and j(i, j = 0, 1, 2, . . . , 255) in image. Tab.3 is the histogram test results of the multiple plain images and corresponding cipher images. In addition, the Kolmogorov-Smirnov Goodness of Fit Test [55] is also applied to check the distribution of the cipher image. Firstly, constructing a completely uniform cipher image X, and the library function kstest2 provided by Matlab is used to verify whether the cipher images generated by the proposed encryption scheme are identically distributed with X. Then, the results we get are all zero. That is to say, the histogram of the cipher image generated by the proposed encryption scheme is evenly distributed, which can block statistical attacks. Fig.9 shows the histograms of different plain images and the correspo-nding cipher images. It is shown that the encryption scheme can well cover the gray-scale distribution information of the plain image.

E. CORRELATION ANALYSIS
There is a very strong correlation between adjacent pixels in a plain image, which is an inherent property. Therefore, it requires that the image encryption algorithm to break this strong correlation. In order to test the correlation of the generated cipher image, we randomly select 100,000 pairs of adjacent pixels from multiple plain and cipher images. Then calculate the correlation coefficient between adjacent pixels by using Eq. (24). The results are shown in Tab.4.
x,ȳ are the expected values of x i and y i , respectively. Fig. 10    shows the correlation distribution of the Lena image and the corresponding cipher image in the horizontal direction, vertical direction and diagonal direction, respectively. It can be seen from (A1)-(A3) in Fig.10 that the adjacent pixels in the Lena image have a strong correlation and are distributed in a positive correlation. But (B1)-(B3) in Fig.10 shows that the correlation between adjacent pixels in the generated cipher image is very low, and it presents a disorderly distrib-ution. Especially compared with the cross-shaped distribution in [36], the pixel distribution of the produced VOLUME 8, 2020  cipher image is more uniform. Tab.5 shows the comparison results of correl-ation coefficients with different encryption schemes [33], [36], [39]- [41], which shows that the proposed encryption scheme has a lower correlation between adjacent pixels than that of [33], [36], [39]- [41].

F. LOCAL INFORMATION ENTROPY ANALYSIS
Shannon information entropy reflects the overall randomness of an image. We use the local Shannon information entropy [56] to quantitatively measure this, which is calculated by Eq. (25).
where S i is the randomly selected non-overlapping blocks containing T B pixels in the cipher image. For p(S i,j ), it represents the probability of the pixel level j in the ith nonoverlapping block. According to [57], we will set the confidence level α to 0.05, k to 30, and T B to 1936. Then, the value of the local Shannon information entropy should fluctuate between [7.901901305, 7.903037329]. Tab.6 shows the local Shannon information entropy of encrypted images, which means that the distribution of pixels in the generated cipher image is random.

G. COMPRESSION PERFORMANCE ANALYSIS
In this part, the compression performance of the proposed encryption scheme is analyzed. As can be seen from Fig.5 in section III, the lossy compression algorithm is adopted in this paper and the compression rate reaches 1/3. Thus, there is some loss of pixel information in the final reconstructed image. Peak signal-to-noise ratio (PSNR) is often used as a measurement method for image reconstruction quality in the field of image compression. The calculation for the PSNR is shown in Eq. (27).
where, M and N represent the length and width of an image, respectively. D and I are expressed as plain image and its corresponding decrypted image, respectively. In addition, the structural similarity index measure (SSIM) which measures the similarity of two images from the brightness, contrast, and structure is also performed for analysis by Eq.(28)-Eq. (31).
SSIM (X, Y) = l(X, Y) × c(X, Y) × s(X, Y) (31) where, k1 = 0.01, k2 = 0.03, µ X , σ X are the expected and standard deviation of the image X, respectively. µ Y , σ Y are the expected and standard deviation of the image Y. σ XY represents the covariance of the image X and Y. Tab.7 shows the results of compressing performance analysis. In Tab.7 we   can see that when different images are encrypted, the PSNR of the corresponding decrypted images finally reconstructed are greater than 30 dB, and the SSIM is greater than 0.97,   which indicates that the decrypted images are very close to their corresponding plain images. For comparison, PSNR of other encryption schemes with compressing ratio equaling to 1/3 are performed in Fig.11. As can be seen in Fig.11, PSNR in this paper is higher than that in [33], [36], [39]- [41].

H. ROBUSTNESS ANALYSIS OF NOISE AND DATA LOSS
It will inevitably be affected by noise when the cipher image is transmitted through the public network, resulting in the loss of some pixel values. In this section, we artificially add interferences to cipher images to test the robustness of the encryption scheme. Tab.8 displays the experimental results of different intensity noise attacks and occlusion attacks on the  cipher images. Tab.9 displays the comparative experimental results of the ability of three encryption schemes to resist noise attacks. From the result, it shows that the proposed encryption scheme in this paper is equivalent to that in [36], and is superior to that in [33]. Fig.12 shows the effect of three different kinds of noise attacks on the reconstructed and decrypted images. As can be seen from Tab.8 and Fig.12, the encryption algorithm not only has a high compression rate, but also has well robustness.

I. ENCRYPTION QUALITY ANALYSIS
In this subsection, we analyze the image encryption quality according to the Gray-level Co-occurrence Matrix (GLCM) [58], including its homogeneity, contrast and energy test. Homogeneity determines how closely the elements in the GLCM are distributed to its diagonal, defined in Eq. (32). And contrast, defined in Eq. (33), is used to measure the intensity of the difference between two adjacent pixels. In addition, energy reflects the evenness of GLCM distribution, which is defined in Eq. (34).
where p(a, b) represent the gray-level co-occurrence matrix, and N is the total number of rows and columns. The experimental result of the encryption quality analysis is shown in Tab.10.

J. TIME COMPLEXITY ANALYSIS
The time complexity of the proposed encryption scheme is analyzed here. Assume the size of the three different plain images are all N × N . The time complexity of the encryption scheme mainly depends on the three stages of image processing. Firstly, in the compression process, three plain images are compressed simultaneously, and the required time complexity is (N 2 /4). Then, the four sub-block images are simultaneously scrambled through the generated chaotic sequences in the second process. The time complexity of this process is also (N 2 /4 + 3N /2). Next, each pixel of the combined image needs to be diffused, so its time complexity is (N 2 ). Finally, the total time complexity of the proposed encryption scheme is (3N (N + 1)/2). Fig.13 shows the time distribution required for the proposed scheme to encrypt three plain text images with the size of 512 × 512. Fig.14 shows that of different schemes [33], [36], [39], [41] to encrypt a plain image with the size of 512 × 512. It can be seen from Fig.14 that the proposed encryption scheme takes much less time than that of other encryption schemes [33], [36], [39], [41].

VI. CONCLUSION
In this paper, a robust triple image encryption scheme based on chaos theory, S-box and image compressing is proposed, which consists of combination, scrambling and diffusion. In the combination process, three plain images are compressed into a quarter that of the original size, which makes the proposed scheme can transmit three plain images once a time. In addition, a stochastic matrix combined with the three compressed images makes the cipher image to be dynamic, which means the cipher images are different even when they are the output of the proposed scheme by encrypting the identical plain images with the same secret keys. In the scrambling process, a coded lock scrambling algorithm is proposed by randomly strike pixels in the combined image, which is used to reduce the time complexity. Next, the scrambled images are grouped and diffused by a S-box generated by STS chaotic system and a chaotic sequence generated by 2D-LSCM. Finally, the simulation results show that the encryption scheme has well compression perform-ance and can resist common attacks, noise attacks and occlusion attacks.
In the future, we will consider embedding the encrypted image into the host image adaptively in frequency domain, so as to achieve the double security of plain text and vision. Tables. 11 and 12. LIU LIDONG received the B.S. and M.S. degrees in control theory and control engineering from Southwest Jiaotong University, in 2005 and 2008, respectively, and the Ph.D. degree in signal and information processing from the University of Electronics Science and Technology of China, in 2012. He is currently an Associate Professor with Chang'an University. He has been involved with more than ten projects supported by the National Natural Science Foundation of China and the Natural Science Foundation of Shanxi province. He has authored or coauthored more than 40 papers in signal processing, control theory, and computational nonlinear journals and conferences. His current research interests include image encryption, secure communication, and nonlinear control systems.

See
DONGHUA JIANG received the B.S. degree in electronic information engineering from the College of Physical and Electrical Engineering, Harbin Normal University, China, in 2019. He is currently pursuing the degree with the College of Information Engineering, Chang'an University, China. His current research interests include image encryption, cryptanalysis, and image hiding technology.
XINGYUAN WANG received the Ph.D. degree in computer software and theory from Northeastern University, China, in 1999. From 1999 to 2001, he was a Postdoctoral Researcher with Northeastern University. He is currently a Professor of information science and technology with Dalian Maritime University, China. He has published three books and more than 400 scientific articles in refereed journals and proceedings. His research interests include nonlinear dynamics and control, image processing, chaos cryptography, systems biology, and complex networks.
LINLIN ZHANG received the B.S. degree in communication engineering from the College of Information Science and Technology, Chongqing Jiaotong University, China, in 2018. She is currently pursuing the degree with the College of Information Engineering, Chang'an University, China. Her current research interests include image encryption, cryptanalysis, and image privacy protection.
XIANWEI RONG (Member, IEEE) received the B.S. degree in physics and the M.S. degree in signal and information processing from Harbin Normal University, China, in 1996 and 2010, respectively. His current research interests include image processing and deep learning. VOLUME 8, 2020