Cryptanalysis and Improvement of the Image Encryption Scheme Based on Feistel Network and Dynamic DNA Encoding

In order to improve the security and efficiency of image encryption, many researchers have continuously proposed new image encryption schemes in recent years. However, these image encryption schemes have not been fully analyzed and evaluated. In this paper, a newly reported image encryption scheme based on Feistel network and dynamic Deoxyribonucleic Acid (DNA) encoding is deeply and comprehensively investigated. This encryption scheme mainly adopts four encryption steps to encrypt the plain image, which are Generation of chaotic sequences, Hill encryption, Feistel network, and Pixel diffusion. Our analyses show that there are some problems in the secret key design and encryption process of this encryption scheme. After pointing out and analyzing these problems, we have made several necessary improvements to this encryption scheme and proposed the corresponding chosen-plaintext attack algorithm. The subsequent simulation tests and analyses have confirmed the effectiveness and feasibility of the proposed attack algorithm. Finally, for the problems in this encryption scheme and some current image encryption schemes, improvement suggestions are presented to provide references for the designers of future image encryption schemes.


I. INTRODUCTION
Nowadays, digital images are widely used because they can convey information vividly and intuitively. In order to ensure commercial security, military security, privacy protection, and so on, people hope to provide secure and efficient protection for digital images [1], [2]. As we know, among various protection technologies, image encryption is the most convenient and effective one. The encrypted image looks similar to a noisy image. Without the correct secret key, no one can obtain any valuable information from it. However, image data has many salient features that are different from text data, such as large amount of data, high information redundancy, and strong correlation between adjacent pixels. Consequently, in many application scenarios, traditional The associate editor coordinating the review of this manuscript and approving it for publication was Lefei Zhang . encryption schemes such as Data Encryption Standard (DES) cannot well meet the requirements of protecting image data [3], [4]. At present, image encryption is receiving more and more attention from researchers, who are committed to using new technologies and methods to improve the security and efficiency of image encryption [5]- [33]. Among these new technologies and methods, chaotic systems and Deoxyribonucleic Acid (DNA) computing have been favored by many researchers [5], [6], [8], [9], [12], [13], [16]- [19], [21], [24], [29].
Since Lorenz [34] discovered the first chaotic attractor in 1963, chaotic systems have now been widely used [3], [4], [35]- [38]. As a deterministic pseudo-random and nonlinear phenomenon, chaotic systems have many characteristics that are very suitable for the design requirements of modern cryptographic systems [24], [29], [39]. For example, the trajectory of a chaotic system is very sensitive to its initial state VOLUME 9, 2021 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ values and control parameters, even if the two change very slightly, the chaotic system presents a completely different trajectory. This characteristic of chaotic systems makes their initial state values or control parameters very suitable for use as the secret key [40]. Therefore, in recent years, more and more researchers have exploited chaotic systems to design new image encryption schemes. In [41], an image encryption scheme based on the Lorenz chaotic system was proposed. This scheme encrypts the plain image through layered pixel diffusion and non-sequential pixel access mechanism, and its improved permutation process can change the pixel values while scrambling the pixels. Exploiting the Logistic-sinecosine map, Hua et al. [42] proposed an image encryption scheme using four round iterative structure. Their scheme first changes the position of the pixels through high efficiency scrambling, and then shuffles all the pixels through image rotation. Lastly, the final cipher image is obtained through random order substitution. In [43], a chaotic image encryption scheme based on Galois fields was presented. This scheme first uses matrix multiplication operations to diffuse the plain image, and then scrambles the pixels through two chaotic maps. Based on a spatiotemporal chaotic system, Wang et al. [44] designed an image encryption scheme with the classic permutation-diffusion structure. Their scheme adopts different strategies to encrypt gray and color images, and has demonstrated good encryption effects through a series of tests. In [45], an image encryption scheme based on high level chaotic maps and improved gravity model was presented. This scheme uses a new chaotic map with excellent chaotic characteristics, and introduces an improved gravity model, thus achieving a very ideal encryption effect. Based on two novel chaotic maps, a color image encryption including two encryption steps of pixel shuffling and pixel diffusion was proposed. Compared with other pixel permutation methods, while reducing the computational overhead, the pixel shuffling adopted by this scheme can better reduce the correlation between adjacent pixels [46]. Because of the remarkable advantages of high parallelism, low power consumption, and high information density, DNA computing is increasingly being adopted in image encryption schemes. In [47], an image encryption scheme based on DNA sequence operations was proposed. This scheme performs scrambling operations at the DNA plane level, and generate the cipher image by performing DNA XOR on scrambled matrices. By combining DNA sequence operations and a Mandelbrot set, Jithin and Sankar [48] presented an image encryption scheme based on Arnold map. In their scheme, a map selection algorithm is designed to select the chaotic map according to image attributes, and the DNA sequence operations are used to enhance the encryption effect. In [49], a multi-image encryption scheme using Algebrachaos amalgamated random sequence and DNA transform was suggested. This scheme utilizes the Algebra-chaos amalgamated random sequence to replace traditional S-box, and combines DNA transformation and substitution-permutation operations to complete the encryption of the plain image.
Like the designers of image encryption schemes, there are also many researchers dedicated to the cryptanalysis of image encryption schemes [50]- [59]. In [55], a chaotic image encryption scheme based on Latin square was cryptanalyzed. And the equivalent key streams of permutation and diffusion are determined in turn by chosen-plaintext attacks. For an image encryption scheme based on a discrete chaotic map and DNA encoding, Chen et al. [56] simplified it to a substitution and permutation structure, and then broke it by a chosenplaintext attack algorithm. In [57], the design and structure of a chaotic image encryption scheme for embedded systems was scrutinized. And this image encryption scheme is proved to be weak against differential attacks. Chen et al. [58] analyzed and evaluated an image encryption scheme using highspeed scrambling and pixel adaptive diffusion. They find that the encryption scheme does not have the claimed security, and successfully break it by chosen-plaintext attacks. Undoubtedly, for the security, feasibility and practicality problems pointed out in the cryptanalysis works, the designers of image encryption schemes will pay attention to them, so as to avoid the recurrence of similar problems. It can be said that cryptanalysis is an important guarantee for the sound development of image encryption technology. Therefore, in this paper, an Image Encryption Scheme based on Feistel network and Dynamic DNA encoding (IES-FD) is comprehensively analyzed and evaluated, and the security, feasibility and practicality problems in it are pointed out and discussed. Besides, after necessary improvements to IES-FD, a targeted chosenplaintext attack algorithm is proposed. Without knowing any information about the secret key, the proposed attack algorithm can completely recover the plain image from the cipher image. The contributions of this paper can be summarized as follows.
(1) A newly reported image encryption scheme is comprehensively analyzed and its problems are pointed out and discussed.
(2) Necessary improvements are made to IES-FD, and a targeted chosen-plaintext attack algorithm is proposed.
(3) The effectiveness and feasibility of the proposed attack algorithm is confirmed by simulation tests and theoretical analyses.
(4) Some common problems existing in current image encryption schemes are listed and analyzed, and several improvement suggestions are given.
The rest of this paper is organized as follows. Section II presents a brief description of IES-FD. In Section III, IES-FD is comprehensively cryptanalyzed, and the identified problems are pointed out and discussed. Section IV describes the necessary improvements made to IES-FD. And the targeted chosen-plaintext attack algorithm is proposed in Section V. In Section VI, simulation tests and theoretical analyses are carried out to verify the effectiveness and feasibility of the proposed attack algorithm. Section VII lists and analyzes some common problems in current image encryption schemes, and puts forward several improvement suggestions. Finally, the conclusion is given in Section VIII.

II. BRIEF DESCRIPTION OF IES-FD
In this section, IES-FD is briefly described. For more information about IES-FD, please refer to the original paper [1]. IES-FD consists of four parts, Generation of chaotic sequences, Hill encryption, Feistel network, and Pixel diffusion. Because the symbols in the original paper are inconsistent and irregular, some equations and symbols are adjusted appropriately. Please note that we describe IES-FD as it is. For the security, feasibility, and practicability problems identified in IES-FD, we point out and analyze them in Section III.

A. GENERATION OF CHAOTIC SEQUENCES
For the plain image P with the size of M × N , use the Keccak algorithm to generate its hash value H . Divide H into 64 bytes, namely h 1 , h 2 , . . . , h 64 . Generate the initial state values x 0 , y 0 , z 0 , w 0 of the hyper-chaotic Chen system by using (1) and (2).
where fix(·) returns the integer part of the operand, mod(·, ·) represents modular operation.

B. HILL ENCRYPTION
Construct ceil(M × N /4) Hill encryption matrices, each matrix is a self-inverse matrix obtained as follows. Here, ceil(·) returns the smallest integer greater than the operand.
Divide P into 4 × 1 blocks, that is, every four pixels form a block. Then, use the Hill encryption matrices to encrypt these blocks. The encryption method is as follows.
whereC is a 4 × 1 block obtained after Hill encryption, * denotes matrix multiplication, andP is a 4 × 1 plain image block. After performing Hill encryption on all plain image blocks, the intermediate cipher image C (1) is obtained.

C. FEISTEL NETWORK
As shown in Figure 2 of the original paper, the so-called Feistel network of IES-FD actually iterates the two encryption steps of pixel scrambling and DNA XOR for three rounds. The encryption process of the first round is as follows.
(1) Pixel scrambling: Sort B (1) in ascending order to obtain the index sequence I . Then, pixel scrambling is performed on C (1) according to I to obtain the scrambled image C (2) .
(2) DNA XOR based on dynamic DNA encoding: Download the specified DNA sequence from the GenBank database and extract 6 × M × N bases from it. Then, C (2) is divided into blocks, and every 8 pixels constitute a block. The dynamic DNA encoding is performed on each block. The encoding rule used for each pixel depends on where each pixel is located. Specifically, the encoding rule r (i,j) of C (2) i,j is defined as follows.
where i = 1, 2, . . . , M , j = 1, 2, . . . , N . The encoded DNA sequences are further divided into two parts, L and R, and DNA XORed with the downloaded bases. Finally, select DNA encoding rule 1 to perform decoding, and restore the decoding result to a matrix form, thereby obtaining the intermediate cipher image C (3) .
In the second round of iterations, according to B (2) , scramble C (3) to obtain C (4) . Then, perform dynamic DNA encoding, DNA XOR and DNA decoding to obtain C (5) .
In the third round of iterations, according to B (3) , scramble C (5) to obtain C (6) , and perform dynamic DNA encoding, DNA XOR and DNA decoding to obtain C (7) .
where i = 1, 2, . . . , M × N ands 0 = 127. Finally, the final cipher image C is obtained throughS. The decryption process of IES-FD is the inverse process of its encryption process, and it is no longer elaborated. VOLUME 9, 2021

III. CRYPTANALYSIS AND IDENTIFIED PROBLEMS
According to the description of the original paper, IES-FD have no substantial difference in processing different types of images. Therefore, we only discuss its encryption processing for gray images. After careful study of the original paper, we have identified the following security, feasibility, and practicability problems.

A. PROBLEMS RELATED TO SECRET KEY
In terms of the secret key of IES-FD, the problems identified in the original paper and IES-FD are as follows.
(1) For the secret key of IES-FD, the description in the original paper is vague and inconsistent. Firstly, in Section 4.1 of the original paper, the hash value of the plain image generated by the Keccak algorithm is described as the secret key. And it is claimed that using the hash value as the secret key can ensure the key space of 2 512 ≈ 10 154 . Secondly, in step 7) of the encryption process described in the original paper, the DNA sequence downloaded from the GenBank database is described as the secret key. And this secret key is as long as 6 × M × N . Lastly, in Section 5 and Section 5.1 of the original paper, {x 0 , y 0 , z 0 , w 0 } is described as the secret key, and it is claimed that the key space of 10 100 can be ensured.
(2) For the DNA sequence whose data volume exceeds the plain image and needs to be downloaded from a third party, it is not practical and feasible to be used as the secret key. Obviously, the DNA sequence as long as 6 × M × N can never be used as the secret key. To encrypt the plain image with the size of M × N , a DNA sequence of length 6 × M × N should be securely transmitted, which would make the encryption meaningless.
(3) The claims on the key space proposed in the original paper do not hold. Firstly, in Section 4.1 of the original paper, it is claimed that using the hash value of the plain image as the secret key can ensure the key space of 2 512 , thus effectively resisting brute force attacks. But according to (1) ≈ 2 28 ≈ 10 8 . Obviously, this is not enough to effectively resist brute force attacks. Secondly, in Section 5.1 of the original paper, it is claimed that if the computation precision is 10 −14 , the key space is 10 100 . However, the key space using {x 0 , y 0 , z 0 , w 0 } as the secret key is much smaller than this value. Even without considering the calculation precision and the value ranges of four chaotic system state values, the number of possible combinations of four 64-bit floating point numbers will not exceed 2 64×4 ≈ 10 77 . (4) Whether the hash value of the plain image is used as the secret key or not, IES-FD has problems in the use of the hash value. Firstly, if the hash value is used as the secret key, every time a different image is encrypted, the encryption party must change the secret key and provide it to the decryption party securely. When a large number of images need to be encrypted, such a secret key design is not practical. A welldesigned symmetric cryptographic system should not rely on constantly changing secret keys to ensure the security. Secondly, if only the given values {x 0 , y 0 , z 0 , w 0 } are used as the secret key, the decryption party cannot complete the decryption just with the secret key.

B. PROBLEMS RELATED TO CHAOTIC SEQUENCES
In terms of the chaotic sequences used by IES-FD, the problems identified in the original paper and IES-FD are as follows.
(1) The original paper does not give any introduction to the hyper-chaotic Chen system used in IES-FD, and even does not cite the paper that proposed this system. IES-FD utilizes the chaotic sequences generated by a hyper-chaotic Chen system to complete image encryption. Actually, since Li et al. [60] proposed a hyper-chaotic Chen system in 2005, researchers have successively proposed many different hyperchaotic Chen systems. In order to analyze and study IES-FD, we adopt the hyper-chaotic Chen system introduced in [61], which is defined as follows.
(2) IES-FD may not be feasible due to insufficient length of B (4) . The lengths of B (1) , B (2) , B (3) , B (4) generated by IES-FD are all L. According to Section 4.5 of the original paper or Section II-C of this paper, IES-FD uses the sort indexes of B (1) , B (2) , B (3) to scramble the intermediate cipher images, so it can be determined that L = M × N . This means that the length of B (4) should also be M × N . However, in step 3) of the encryption process described in the original paper, the number of Hill encryption matrices to be constructed is

C. PROBLEMS RELATED TO HILL ENCRYPTION
In terms of the Hill encryption of IES-FD, the problems identified in the original paper and IES-FD are as follows.
(1) The plain image may not be divided normally in the way described in IES-FD. In the process of performing Hill encryption, IES-FD divides the plain image into the blocks with the size of 4 × 1. Therefore, when M × N is not an integer multiple of 4, there is not only the problem of insufficient length of B (4) , but also the problem that the plain image cannot be divided normally. (2) The encryption effect of Hill encryption performed by IES-FD is poor, and there is the design defect that can be exploited by the attacker. According to Section 4.3 of the original paper or Section II-B of this paper, and whereP = p 1 p 2 p 3 p 4 T . As one can see, letting p 1 = p 3 and p 2 = p 4 can completely invalidate Hill encryption. In other words, for the plain image with single pixel value, Hill encryption has no encryption effect. It is well known that such plain images are often used by the attacker to launch chosen-plaintext attacks [3], [50], [51].

D. PROBLEMS RELATED TO FEISTEL NETWORK
In terms of the Feistel network of IES-FD, the problems identified in the original paper and IES-FD are as follows.
(1) For the Feistel network of IES-FD, the description in the original paper is vague and inconsistent. Firstly, the iterative structure of DES is introduced in Section 3.1 of the original paper, but the specific iterative structure of IES-FD is not clearly described. As we know, various cryptographic systems that follow the Feistel structure/network have their own unique iterative structure. For example, the encryption process of each round of RC5 mentioned in the original paper is significantly different from DES. Secondly, there are obvious errors in the iterative structure given in Figure 2 of the original paper. For a Feistel structure/network, the round function F should be part of the iterative structure rather than its input. Besides, according to the description of the original paper, the DNA XOR operation should not be the input of the round function but the round function itself. Combining the descriptions in Section 4.5 and Section 6 of the original paper, the iterative structure of IES-FD should be as shown in Figure 2.
(2) The input image may not be divided normally in the way described in IES-FD. In each iteration of Feistel network, the input image is divided into the blocks with the length of 8. Therefore, when M × N is not an integer multiple of 8, there is the problem that the input image cannot be divided normally.
(3) When processing the input image, the Feistel network of IES-FD needs to rely on a long DNA sequence downloaded from a third party. Such a design not only has the problem pointed out in Section III-A, but also has the problem of feasibility. If the GenBank database becomes unavailable, or the genetic data in it changes, IES-FD will not work properly.

E. PROBLEMS RELATED TO PIXEL DIFFUSION
In terms of the Pixel diffusion of IES-FD, the problems identified in the original paper and IES-FD are as follows.
(1) The Pixel diffusion of IES-FD is not feasible. According to Section 4.4 of the original paper or Section II-D of this paper, obviously,s M ×N +1 in (6) does not exist.
(2) Since its encryption effect can be eliminated under the condition of the ciphertext-only attack, the Pixel diffusion of IES-FD has no meaning. For the attacker,S is known, so the attacker can utilize the following simple processing to obtain S.

IV. IMPROVEMENTS TO IES-FD
Undoubtedly, an image encryption scheme is meaningless if it is not practical and feasible. Therefore, before launching VOLUME 9, 2021 the chosen-plaintext attack, we first make necessary improvements to IES-FD. It is worth noting that our improvements have not weakened the original security of IES-FD. Besides, to avoid major changes to IES-FD, we do not consider the problems that the plain image and input image cannot be divided normally. In fact, unless the encryption structure of IES-FD is changed, simple pixel filling may cause other feasibility and practicality problems.
(1) In order to solve the problems related to the secret key, a 256-bit binary sequence K = S is designed as the secret key. Here,

.
According to the floating-point number representation defined in IEEE 754 [62], K is converted into the initial state value x 0 , y 0 , z 0 , w 0 and system parameter r 5 of the adopted hyper-chaotic Chen system as follows.
(4) In fact, the Pixel diffusion of IES-FD is just the singlepixel forward diffusion. Obviously, its correct form is as follows.s where s i is the element of the input pixel sequence S,s i is the element of the output pixel sequenceS, i = 1, 2, . . . , M × N ands 0 = 127.

V. PROPOSED ATTACK ALGORITHM
Based on the cryptanalysis done in Section III, the specific chosen-plaintext attack algorithm against IES-FD is proposed in this section. For the cipher image C with the size of M × N , it is known that C is generated by IES-FD with the unknown secret key K , and the corresponding plain image is P. As one can see, under the condition of the chosen-plaintext attack, the attacker can arbitrarily choose special plain images and obtain the corresponding cipher images generated by IES-FD with K . As shown in Figure 3, the step-by-step breaking strategy is adopted to break IES-FD. Specifically, the pixel diffusion effect is first eliminated by Algorithm 1. Then, Algorithm 2 is exploited to obtain the equivalent substitution matrix, so as to eliminate the pixel substitution effect. Finally, the Hill encryption matrices and equivalent scrambling matrix are determined by Algorithm 3, so as to eliminate the pixel scrambling effect and Hill encryption effect. In this way, the plain image can be recovered without knowing the secret key.
According to the original paper or Section II of this paper, one can use the following mathematical model to describe IES-FD.
where h(·, K ) represents the Hill encryption performed on the input image under the control of K , f (·, K ) represents the Feistel iterations performed on the input image under the control of K , and d(·, K ) represents the Pixel diffusion performed on the input image under the control of K . As mentioned in Section III-E, using Algorithm 1, one can simplify IES-FD into the following mathematical model.  (7) ; Output: The intermediate cipher image C (7) , whose pixel diffusion effect has been eliminated.
where C (7) is the intermediate cipher image whose pixel diffusion effect has been eliminated. According to Section III-E, one can know that the Hill encryption of IES-FD has no encryption effect on the plain image with single pixel value, which meanŝ whereP (i) is the plain image with single pixel value, i = 0, 1, 2, . . . , 255. Then, IES-FD can be further simplified.
whereĈ (i) is the corresponding cipher image ofP (i) obtained after encryption processing. In this way, one can useP (i) and its corresponding cipher imageĈ (i) to construct an equivalent substitution matrix, so as to eliminate the substitution effect of f (·, K ). Specifically, forP (0) whose pixel values are all 0, convert its corresponding cipher imageĈ (0) into the 1D vector in row-first order. Then, add the vector to the equivalent substitution matrixM (f ) , and make it the first row ofM (f ) . Similarly, forP (i) whose pixel values are all i, convert its corresponding cipher imageĈ (i) into the 1D vector in row-first order. Then, add the vector toM (f ) , and make it the i-th row ofM (f ) . After the above processing, one can obtain the equivalent substitution matrix whereC (7) is the intermediate cipher image whose diffusion effect and substitution effect have been eliminated, f (·, K ) represents the Feistel iterations with only scrambling effect. Algorithm 2 shows the main steps to determineM (f ) . Construct the special plain imageP (i−1) with single pixel value i − 1, and encrypt it to obtain its corresponding cipher imageĈ (i−1) ; 4: Call Algorithm 1 to eliminate the pixel diffusion effect ofĈ (i−1) , and stretchĈ (i−1) into a 1D row vector, let M (f ) (i, :) =Ĉ (i−1) ; 5: end for Output: The equivalent substitution matrixM (f ) .

Algorithm 2 Determine the Equivalent Substitution Matrix
According to the cryptanalysis done in Section III-E, combined with the chosen-plaintext attack, one can utilize (12) to determine x 1,1 , x 1,2 , x 2,1 , x 2,2 and the scrambled positions of four pixels. Let us take the encryption processing of the first VOLUME 9, 2021 block under the Hill encryption of IES-FD as an example. Construct the special plain imageP (1) , in which all pixels except two pixels are 0. The two non-zero pixels are the first pixelp (1) 1 = 2 and the third pixelp (1) 3 = 1. Then, according to (12), after the encryption process of the Hill encryption of IES-FD, the values of the first four pixels are Similarly, another special plain imageP (2) can be constructed, in which all pixels except two pixels are 0. The two non-zero pixels are the second pixelp Therefore, one can first eliminate the diffusion effect and substitution effect of the corresponding cipher images ofP (1) andP (2) , and then find (c 4 ) may not be found because they are exactly 0. At this time, one can solve it by taking the union of the found positions and constructing more special plain images. In other words, M × N /4 Hill encryption matrices and the equivalent scrambling matrix can be obtained through approximately M × N /2 special plain images. Algorithm 3 presents the main steps to determine the Hill encryption matrices and equivalent scrambling matrix.
So far, IES-FD has been completely cracked. Based on Algorithm 1, Algorithm 2, and Algorithm 3, the chosenplaintext attack algorithm for IES-FD is proposed, as shown in Algorithm 4.
Without loss of generality, 5 randomly generated secret keys are adopted for simulation tests. For each secret key, Algorithm 2 is used to obtain the equivalent substitution matrix, and Algorithm 3 is used to obtain the Hill encryption matrices and the equivalent scrambling matrix. Then, use IES-FD to encrypt the plain images to obtain corresponding cipher images. Finally, through the cipher images, Algorithm 4 is used to recover the plain images without knowing the secret key. In five rounds of 200 attack tests, the attack algorithm proposed in this paper have completely recovered the plain images without exception. Table 1 shows the result images of each attack stage saved in the last round of attack tests. The test images with the size of 128 × 128 are reduced versions of the test images with the size of 256 × 256. It can be seen that the attack algorithm proposed in this paper is effective.
The proposed attack algorithm is mainly composed of four parts, which are the elimination of pixel diffusion effect, the

Input:
The cipher image C with the size of M × N , whose plain image needs to be recovered. 1: Call Algorithm 1 to eliminate the pixel diffusion effect of C, thereby obtaining C (7) ; 2: If the equivalent substitution matrixM (f ) does not exist, call Algorithm 2 to determineM (f ) . 3: UtilizeM (f ) to eliminate the pixel substitution effect of C (7) , thereby obtaining C (1) ; 4: If the Hill encryption matrices X (1) , X (2) , . . . , X (M ×N /4) and equivalent scrambling matrixM (f ) do not exist, call Algorithm 3 to determine them; 5: UtilizeM (f ) to eliminate the pixel scrambling effect of C (1) , thereby obtaining C (1) ; 6: Utilize X (1) , X (2) , . . . , X (M ×N /4) to eliminate the Hill encryption effect of IES-FD, thereby obtaining P; Output: The recovered plain image P. elimination of pixel substitution effect, the elimination of pixel scrambling effect and the elimination of Hill encryption effect. Since the encryption of the special plain images required for the attack can be prepared in advance and can be completed in parallel by multiple computing units, the encryption of the special plain images is not considered in the following time complexity analysis and test time statistics. According to Algorithm 4, the elimination of pixel diffusion  Table 2 presents the average times required for each attack stage under different input scales. As can be seen from Table 2, the test results are basically consistent with the time complexity analysis done above. Therefore, the proposed attack algorithm is also computationally feasible.

VII. IMPROVEMENT SUGGESTIONS FOR COMMON PROBLEMS
As we know, more and more researchers have been working on designing new image encryption schemes, hoping to continuously improve the efficiency of image encryption while achieving higher security. However, according to this paper and previous cryptanalysis works, some of the current image encryption schemes still have following problems that need to be solved.
(1) The hash value of the plain image is directly used as the secret key. Since the hash value of each image is different, directly using the hash value as the secret key means that every time a different image is encrypted, a different secret key must be replaced. In applications where a large number of images need to be encrypted, such one-time pad secret key is not practical. In addition, if such one-time pad secret key can be established, then there is no need to design any encryption scheme at all. Because the secret key will be constantly changed, only a simple XOR encryption is required.
(2) Some image encryption schemes use random values or secret parameters in the encryption process. Obviously, such design does not conform to the design principles of modern cryptographic systems.
(3) In the process of generating equivalent key streams, some image encryption schemes have a large number of equivalent secret keys in the key space. This undoubtedly reduce the ability of these encryption schemes to resist brute force attacks.
(4) In the encryption process, dependence on external data sources may reduce the practicality of an image encryption scheme. For example, if the GenBank database becomes inaccessible, or the DNA data in it changes, the cipher image generated by IES-FD cannot be decrypted normally.
(5) There are redundant encryption steps, or encryption steps with the same encryption effect are continuously adopted. For example, in terms of encryption effect, there is no difference between two consecutive pixel substitution operations and one pixel substitution operation.
(6) Under certain conditions, the encryption structures of some image encryption schemes can be easily simplified by an attacker. (7) In fact, some designers only rely on statistical tests or randomness tests to verify the security of the proposed image encryption schemes, but fail to fully analyze and evaluate their security.
In view of above problems, we put forward some suggestions for improvement. Of course, we also hope that future researchers can provide more specific and reasonable solutions to these problems.
(1) In fact, the purpose of using the hash value of the plain image as the secret key is to generate different equivalent key streams when encrypting different images. Therefore, a more reasonable way should be to apply the statistical information or hash value of the plain image to the encryption process. In other words, the security of an image encryption scheme should be based on a reasonably designed encryption process and the unknownness of the secret key, rather than an impractical or unreasonable secret key design.
(2) In modern cryptographic systems, everything except the secret key should be known, and the security of an image encryption scheme should not rely on other unknowns or uncertainties. Therefore, the designers should avoid using random values or secret parameters in the encryption process.
(3) The designers of new image encryption schemes should carefully analyze and verify the generation process of the equivalent key streams, so as to avoid the situation where different secret keys generate the same equivalent key streams. Additionally, the composition of the secret key should be clear and standardized, defined in the form of a binary bit sequence.
(4) When designing the encryption process, it is necessary to clarify the design purpose and actual encryption effect of each encryption step. That is, carefully analyze the necessity, feasibility and practicality of each introduced encryption step, and avoid redundant or meaningless encryption steps. The encryption structure of a properly designed image encryption scheme should be a complete and self-contained iterative structure with necessary cryptographic primitives.
(5) For each encryption step in the encryption process, the designers should analyze the relationship between input and output, and consider whether this relationship will degrade or be simplified under specific attack conditions. (6) When verifying the security of an image encryption scheme, in addition to common security tests, the entire encryption scheme must be analyzed and evaluated from the perspective of an attacker. In other words, for each encryption step, an in-depth and comprehensive analysis must be carried out.

VIII. CONCLUSION
In this paper, a newly proposed image encryption scheme based on Feistel network and dynamic DNA encoding, namely IES-FD, is briefly introduced. Then, some security, feasibility and practicability problems in IES-FD are pointed out. After analyzing and discussing these problems, we made necessary improvements to IES-FD and proposed a targeted chosen-plaintext attack algorithm. The proposed attack algorithm first eliminates the pixel diffusion effect of IES-FD through simple processing, and then determines its equivalent substitution matrix, equivalent scrambling matrix, and Hill encryption matrices through about 256 + (M × N /2) special plain images and their corresponding cipher images. Related simulation tests and analyses have confirmed the effectiveness and feasibility of the proposed attack algorithm. Finally, in view of common problems in some current image encryption schemes, we give some improvement suggestions, so as provide useful references for future image encryption scheme designers.