Quantum Image Encryption Using a Self-Adaptive Hash Function-Controlled Chaotic Map (SAHF-CCM)

Recently, quantum image encryption algorithms are attracting more and more attention, due to the upcoming quantum threat problem to the current cryptographic encryption algorithms with the rapid progress toward the quantum computer production. The aim of this paper is to introduce a self-adaptive encryption scheme to protect quantum image efficiently with minimal storage requirements. The methodology is to use two rounds of encryption with two different pseudorandom number sequences which are obtained from a new designed pseudorandom number generator (PRNG). This PRNG consists of two parts. The first part is based on iterating a recently proposed chaotic-based parallel keyed hash function which is used as a controller for a second part. The second part is a multiplication of Tent and Chebyshev chaotic maps (TCM). This combination of hash function and chaotic maps provides high randomness and a dramatical increase in the control parameters and initial values number which achieves extremely large key space and so makes the scheme stronger against brute force attacks. The seed or initial value of PRNG depends on the input image itself which makes the scheme self-adaptive and so it is stronger against chosen plaintext attacks and known-plaintext attacks. In the first round of encryption, the value of each pixel qubits of the input image is changed to a new value by XORing it with the corresponding qubits of the first pseudorandom sequence using CNOT and Toffoli quantum gates then shifting to the next qubit with the Swap quantum gate. In this round, the pixel value is changed. In the second round, diffusion of the changed pixel value is extended to each pixel in the input image using the second pseudorandom sequence and Toffoli quantum gates. The time complexity of the proposed scheme is less than many recently published quantum image encryption schemes. The scheme security analysis is discussed, and the experimental results proved that the scheme is robust, secure and efficient.


I. INTRODUCTION A. BACKGROUND
Images are important data carriers as they contain huge digital information with high redundancy and volume.This matter makes it more difficult to transmit or store images in a secure manner than text data.So, security of image has become an important matter and a common concern for researchers.With security, images can be protected against The associate editor coordinating the review of this manuscript and approving it for publication was Zheng Yan .various threats such as illegal duplication and modification and eavesdropping.A lot of image encryption schemes originated from the classical encryption theories.These schemes convert the original images into meaningless form.Recently, with the rapid progress of the Internet, the database required for storing images such as fingerprints collected by Internet of Things (IOT) networks around the world is getting larger and larger which requires more storage space and faster processing speed.Feynman in 1982 first introduced the concept of quantum computer.Since then, quantum computing is continuously developed.In [1], Shor proposed Quantum factorization and quantum search algorithms had been proposed by Shor and Grover respectively in 1990s, [1], [2].With the quantum computations rapid development, the studies on image processing have been developed from the classical image processing [3] to the quantum image processing (QIP) which has triggered researchers' interest.QIP is a rising field because of the quantum characteristics of coherence, entanglement, superposition and parallelism and so it an excellent tool to achieve real time processing.Also, n bits classical information can be stored with only Log 2 n quantum bits in QIP [4].This exponential storage ability makes it more efficient tool to process, store and transmit images and has a significant reduced complexity [5].However, QIP as rising technology has just begun and encryption of quantum images is still in its infancy in comparison with classical image encryption and research on it is still introductory and in its first steps.Quantum image representation and storage are important issues in QIP.In [6], Venegas-Andraca introduced the concept of Qubit Lattice.Then Latorre in [7] proposed the Real Ket expression which needs n qubits to represent a 2 n × 2 n image.The authors in [8], introduced Flexible Representation of Quantum Image (FRQI) that is very common model for quantum image expressions due to its simplicity.Some schemes have been proposed to represent the color images [6] [9].In [6], the authors introduced a Novel Enhanced Quantum Representation (NEQR) model which has many advantages compared to FRQI model where any color is represented with q qubits, and hence 2 q colors can be represented at most.The main problem of quantum computing is that many complex operations are hard to be implemented, so the classical methods to scramble images can't be directly used in QIP.That is why quantum image scrambling schemes have high complexity and still in their first steps.The most common used image scrambling techniques use gray code, Arnold transformation, magic square transformation, ect.But all these scrambling techniques have major deficiency that the scrambling period is too short which causes iterations in image encryption have narrow range.This matter makes the encryption algorithm less secure and impractical.Chaotic systems are suitable for solving these problems due to their special features as initial values sensitivity, high performance, ergodicity, and mixing property.Recently, many schemes for encrypting images have been introduced based on chaotic maps for generating key streams [10], [11], as a Pseudo-Random Number Generator (PRNG).The output sequence of PRNG should have high randomness, high performance, sensitivity and huge key space to be strongly resistant to brute force attacks.PRN are generated by deterministic scheme which starts with initial seed value then pulling it out to obtain a long random sequence by iterations.
Many techniques can be used to implement PRNG such as chaotic maps.However, shorter period and less key space are chaotic maps weakness points.Some techniques are proposed to overcome these problems by combining various maps or multi chaotic maps, cellular automata, genetic algorithm, and hash functions [12], [13].

B. RELATED WORK
Generally, image encryption uses two basic tools which are scrambling and diffusion.Although the quantum image encryption is still in its first steps, researchers begin to study new encryption techniques as in [14], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24], and [25].In [14], the authors introduced a quantum medical image encryption scheme which uses gray code and a chaotic map.In [15], Arnold and Sine chaotic map are used in a quantum image encryption.The authors in [17], introduced a scheme for encrypting quantum image using Arnold map and wavelet transforms.A scheme for quantum image encryption scheme using one particle quantum walks on a circle has been proposed in [19].In [22], 3D Lorenz chaotic map and QR decomposition has been used for quantum image encryption.The authors in [23], introduced a quantum image scheme using bit-plane permutation and Sine Logistic map.
In [26], a quantum image encryption scheme using mutation and crossover operation in proposed.The authors in [27], used a key image for quantum image encryption.In [28], XOR operation has been used for encrypting quantum image.Image decomposition has been used for quantum image encrypting in [29].Discrete Baker map has been used to encrypt quantum image in [30].The authors introduced in [31], have encrypted quantum image using normal arbitrary superposition state (NASS) and random phase transformation.In [32], the authors used generalized Arnold transform and Logistic map for quantum image encrypting.Intra and inter bit permutation using Logistic map has been used for quantum image encryption in [33].In [34], a double quantum image encryption based on Arnold transform has been introduced.The authors in [35], have encrypted quantum image with DNA Controlled Not.In [36], the authors used Lorenz hyper-chaotic system for encrypting quantum image.Feistel structure has been used for quantum image encryption [37].
However, most of the current schemes for encrypting quantum images are divided into three types: schemes use scrambling by gray code and bit plane (GC & BP), schemes use scrambling by improved (GC & BP), and schemes use scrambling with (GC & BP), and positioning.So, these schemes use only one tool, which is, scrambling.But the other image encryption tool which is diffusion needs to be more improved.That will be done in this paper.
-Applications of the proposed scheme: Generally, image encryption has many applications in Internet communication, multimedia systems, healthcare, and military systems, where storage and transmission of images requires protection from different types of threats such as eavesdropping, unauthorized duplication and modification.Recently, with the fast growing of the Internet, the databases required for storing images become larger and larger which requires more space for storing and less processing time.
As the proposed scheme incorporates quantum computing with image processing and due to the quantum properties, such as parallel computations, exponential storage capability, and tamper-proof security it could be used for powerful storing, processing, and retrieving of images and it is very suitable for real-time communications.

C. CONTRIBUTION AND PAPER ORGANIZATION
In this paper, a scheme for encrypting a quantum image using a new design for PRNG is introduced.The PRNG consists of two parts: the first part is used as a controller to the second one.The controller is an adaptive as its seed or initial value is extracted from the input original image and depends on iterating a chaotic-based parallel keyed hash function which has been introduced recently in [38].It has five control parameters besides a secret seed or initial value.The second part of the PRNG is a multiplication of Tent and Chebyshev chaotic maps (TCM) and so it has four control parameters and one secret initial value.Image encryption consists of only two rounds of simple CNOT, Toffoli, and Swap quantum gates operations.Each round uses a pseudorandom sequence generated by the combined PRNG but with different control parameters and initial values.
The key contributions of this paper are summarized as following 1.Using a novel design for PRNG which combines hash function and chaotic maps including four different chaotic maps: Chebyshev, Logistic, Sine and Tent maps providing higher randomness and dramatically enlarges the space of control parameters and secret values.The combined PRNG has nine control parameters and two secret seeds which gives a huge key space against brute force attacks.2. The proposed PRNG is self-adaptive as its seed or initial value depends on the hash function SHA256 of the input image and varies with it.So, it can strongly resist both known-plaintext and chosen-plaintext attacks.3. Most of the existing quantum image encryption schemes as in [14], [15], [16] , [17], [21], [23], [24], [25], [30], [31], [33], [34], [35], and [36] use two independent rounds, scrambling and diffusion.In the scrambling round, the qubits are reordered with different types scrambling as gray code, bit-plane, Arnold map, Baker map, Hilbert transform, while in the diffusion round the qubit values are changed using XOR with a secret key.Generally, scrambling confuses the relation between the encrypted and unencrypted images, while diffusion spreads one qubit value change in the unencrypted image to the whole encrypted image.Unlike these existing schemes, the proposed scheme, uses two rounds for quantum image encryption, but each round combines both scrambling and XOR diffusion using a different secret key obtained from the proposed PRNG with different control parameters and initial values.This matter will double the total number of the control parameters from 9 to 18 and the number of initial secret values from 2 to 4 which provides extremely huge key space and so achieves much higher security.4. The first round of encryption is designed such that each qubit of the input pixel affects all the 8 qubits of the output pixel.This is done by using Toffoli gates with the first pseudorandom sequence and Swap gates.This effect is extended to all the qubits of the encrypted image in the second round of encryption with Toffoli gates and the second pseudorandom sequence.This design is different from most of the previously mentioned known scrambling methods in which each input qubit affects only one or two output qubits of the encrypted image.So, the proposed scheme achieves complex relation between the key and the encrypted image and a complex relation between the unencrypted image and the quantum encrypted image.This ensures that small differences in the input image or in the keys lead to substantial changes in encrypted quantum image such that a potential attacker is unable to analyze the encrypted image.
Security analysis of scheme shows that the scheme has higher security and at the same time less complexity compared with other recent quantum image encryption schemes.Although, the proposed scheme mixes some of already available techniques is the design of the proposed PRNG, but this is done in a new different way.These techniques are the keyed hash function (Khash) introduced recently in [38], Tent and Chebyshev chaotic maps.Firstly, Khash has been introduced in [38] as a novel structure for chaotic-based parallel hash function, but in the proposed scheme, it is modified to be used as PRNG by iteration.Secondly, this PRNG is in turn used as a controller for a second chaotic-based PRNG combing Tent and Chebyshev chaotic maps but in a new multiplicative form.The target of this mix is to merge larger number of different chaotic maps with huge number of control parameters in one new design PRNG and hence enhance the security of the scheme.
Besides, the quantum image encryption itself has a different design from most of the recently existing schemes as it has been explained previously.
The rest of the paper is organized as following: in Section II, the preliminaries are presented; in Section III, the proposed scheme is introduced.Section IV incudes performance analysis, simulation results, and comparisons.Conclusions are given in Section V

II. PRELIMINARIES A. QUANTUM QUBITS AND GATES
A qubit is used to store, manipulate and measure information in quantum computing.Quantum mechanics is used to describe the qubit.A unit vector in two-dimension Hilbert space is used to describe the quantum state of a single qubit which denoted by the notation | .A qubit | ϕ can be written in a general form as: where α, β ∈ C, C is the complex set and | 0 and | 1 are the two-dimensional quantum computational basis states.α, β are the amplitude of the basis states |α| 2 + |β| 2 = 1.⊗ is the tensor product.Let X be a i × i matrix and Y be a j × j matrix, then the tensor product X ⊗ Y is a ij × ij block matrix defined as: Quantum gates are the basic components of the quantum circuit.Any complex quantum gate can be represented by a series of one-qubit and two-qubit gates [39].A quantum gate for n-qubit can be described by a 2 n × 2 n unitary matrix.The proposed scheme for encrypting quantum image uses the quantum gates: Controlled-NOT gate (CNOT), Swap gate, and Toffoli (Controlled CNOT) gate.The matrix and symbol representations of these gates are shown in Figure 1: CNOT gate: It acts on 2 qubits, and carries out the NOT operation on the second qubit only when the first qubit is | 1 , and otherwise leaves it unchanged.The CNOT (or controlled Pauli-X ) gate can be described as the gate that maps the basis states | a, b → | a, a ⊕ b , → here (⊕) is XOR logic operation.
SWAP gate: It swaps two qubits.
Toffoli gate: It is related to the classical AND (∧) and XOR (⊕) operations as it performs the mapping NEQR [6] is a better alternative to FRQI [8] as it uses the basic states of qubit sequence to substitute the probability of amplitude which help in the accurate recovery of original image.An image of size 2 n ×2 n can be represented with 2n+q qubits, where 2n qubits represent the position of the pixels while q bits represent the gray values.A 2 n × 2 n grayscale image I with a 256-pixel values from 0 to 255 can represented as follows: where . represents the gray information of corresponding pixel in the position | i .

C. CHAOTIC MAPS
Confusion and diffusion are the two basic tools for encrypting images in most of the modern schemes.Confusion is to make more complex relation between the ciphertext and the key as possible.Diffusion is to completely dissipate the statistic of plaintext in the ciphertext statistics.In cryptography, chaotic maps have been used as a tool of achieving confusion and diffusion due to its high sensitivity to its control parameters and seeds.This matter makes the system more random.So, by making these parameters secret, chaotic maps can be used for encryption.
Chaotic maps are classified into two types: onedimensional which has little parameters and high dimensional chaotic maps which has larger parameter space but are more complex.
Examples of one-dimensional maps are Sine map, Logistic, Chebyshev, and Tent map which are defined as follows: Sine map: Logistic map: Chebyshev map: VOLUME 10, 2022 Tent map: where z 0 is initial value, z n ∈ [0, 1] and r, µ, γ and ω are control parameters.

D. CHAOTIC-BASED KEYED HASH FUNCTION
Hash function is a very important tool of achieving message integrity in cryptography.Hash function is classified into unkeyed hash function as MD5, SHA-1, SHA-2, and SHA-3 and keyed hash function which takes the message and secret keys as input.In [38], the authors proposed a parallel keyed hash algorithm using multiple chaotic maps which are Logistic, Tent, and Sine maps.
In this algorithm the coupling lattice structure is modified and the diamond lattice is used as a new structure.Its output length is 128 or 256.This algorithm achieved many advantages compared with recently published schemes such as higher efficiency, simplicity, and speed.The authors in [38] give quantitative indicators for these advantages by making a speed comparison with other schemes as [40], [41], and [42].The speed in [40] is 0.697 Gbps.In [41], the speed is 0.761 Gbps, while in [42], it is 0.314 Gbps.The Keyed hash (Khash) used in the proposed PRNG has the highest speed among these schemes which is 0.883 Gbps.
The structure of this algorithm is shown in Figure 2. Where, M 1 , M 2 , M 3 . . . . . .., M L are the input message blocks.Where M i refers to i th input message block.A is a logistic map used to generate Tent map initial values for the next stage, F 1 is Tent map, F 2 is Sine map, and F 3 is Logistic map.The secret keys are initial value x 0 , control parameters r 1 , r s2 , r s3 , q, and proportion coefficient p.More details about this algorithm are provided in [38].

III. PROPOSED SCHEME METHODOLOGY AND PARAMETERS A. PROPOSED PRNG
A new design of PRNG is introduced in this paper which combines two parts: The first part: It is a controller to the other part.The controller is based on iterating the keyed hash function Khash, proposed in [38].The output length is 256 bits.The basic operation of the algorithm is as following: For i = 1 to m : where seed is the initial value of length 256 bit.Thus, the pseudorandom sequence output of the controller is The secret keys for this part are: The seed h 0 , the secret key SK 1 , Logistic map initial value x 0 , and control parameters r 1 , r s2 , r s3 , q, and proportion coefficient p.
The second part: It is the multiplication of both Tent and Chebyshev chaotic maps (TCM) as follows: The secret keys for TCM are: Z 0 , µ and k.

The proposed PRNG:
It is a combination of the controller and TCM as shown in Figure 3 Its operation is as follows: When the binary output of the controller is 0 the TCM is iterated as in Eq. ( 9) with control parameters, µ 1 and k 1 , while when the binary output of the controller is 1, the TCM is iterated as in Eq. ( 9) but with different control parameters µ 2 , and k 2 .

The basis for the selection of these parameters
The control parameters range for the first part of the proposed PRNG are as follows:  [43] shown in Table 1, where one or more P values are computed.
If P is greater than 0.01, the test is passed, otherwise, the test is failed.10 6 bit binary sequence output of the proposed PRNG is tested by SP800-22 with 10 3 iterations and the results are shown Table 1.The proposed PRNG output passes all the 17 tests as P-values are greater than 0.01.

B. PROPOSED QUANTUM IMAGE ENCRYPTION
The block diagram of the proposed scheme is indicated in Figure 4.The image encryption consists of two rounds.Each round needs a PR sequence of size 2 n ×2 n (same size of input image).
1) GENERATION OF THE TWO PR SEQUENCES 1. Use SHA-256 to compute the hash of the input image then use it as a seed to the controller of the proposed PRNG (Keyed hash) as follows: 2. Set the appropriate values for the Control Parameters#1 [x 0, r 1 , q r s2 , r s3, p] as follows: -The first logistic map: x 0 = 0.98765 and r 1 = 3.9393.The Tent map: q = 1.5151.-The second and third Logistic maps: r s2 = 3.83, and r s3 = 3.73 respectively.-With the Control Parameters #2, iterate Eq. ( 9) to obtain PR 1 sequence of size 2 n × 2 n as follows: • When the controller output is ''1'' then iterate the TCM with values: µ 1 = 0.56, k 1 = 5.782595812953629, and Z 0 = 0.25.
• So, the Control Parameter#2 • The output of the TCM is the required first pseudo random sequence of the first round (PR 1 ).3. To obtain the pseudo random sequence for the second round (PR 2 ) use the proposed PRNG but with different seed computed as follows: where SK 1 is a secret key of length 256 bit.It uses also different control parameters: Control Parameters#3: [x 0 , r 1 , q , r s2 , r s3 p ], and TCM control parameters#4: The first pseudo random sequence: where The second pseudo random sequence: where

First round of encryption:
In this round, XOR operation with the corresponding qubit of the first pseudorandom sequence PR 1 is used to change the value the qubit of each pixel at position i, where 0 ≤ i ≤ 2 2n −1 of the input image.The quantum gates used are CNOT and Toffoli gates then the new value is shifted to the next qubit with the Swap quantum gate.In this round, the pixel value is changed such that each qubit affects all the new value of all the subsequent qubits but in the same pixel at position i.In this round, the gray information of each pixel in the image at position i is changed from by using the first pseudo random sequence PR 1 of gray information | K i = | K i7 K i6 . . ...K i1 K i0 For each pixel at position i, the gray information change operation from C old to C new can be defined by as follows: These operations are followed by the qubits shifting or permutation of qubits of each pixel at position i, where, 0 ≤ i ≤ 2 2n − 1, which changes the order of the qubits in each pixel.This operation is done by swap gates indicated in Figure 5, where the gray value of the pixel at position i is changed from To make the effect of this one pixel change of the input image be extended to all the next pixels of the image, there will be a second round of encryption as follows:

Second round of encryption:
The input to this round is the output of the first round , where i is the pixel position, 0 ≤ i ≤ 2 2n − 1.In this round, each pixel at position i will be diffused to all the subsequent pixels of the image.
The new value of current pixel at position i + 1, (0 ≤ i ≤ 2 2n − 2): )0 is the addition of the new value of the previous pixel at posi- and This operation is done with Toffoli gates, one for each qubit of the image pixels.For decryption, the encryption process shown in Figure 4 is reversed.

Note:
We can apply the proposed scheme to color images as follows: -Decompose the original RGB image of size 2 n × 2 n into three layers (R = Red, G = Green, and B = Blue).-Apply the encryption scheme separately to each layer.
-Each layer R, G, and B is represented with NEQR model as in Eq. ( 3).-Apply the proposed PRNG three times but with different control parameters and initial values to obtain six different pseudorandom sequences PRs: two PRs for each layer.-Use SHA-256 to compute the hash of each layer R, G, and B then use it as a seed h 0 to the controller of the proposed PRNG.Also, three different secret keys SK 1 are used: one for each layer.-Finally, after applying the encryption scheme to each layer, recompose the three encrypted layers into one RGB image.The number of secret keys for RGB images is three that of the gray scale ones.
Similarly, MATLAB platform on classical computer will be used to verify the security and performance of the proposed scheme because MATLAB provides facility to represent and manipulate arrays of vectors and matrices, and effective stimulation for quantum states and operator.The laptop used is 11 th Gen Intel(R) Core (TM) i7-1165G7@2.80GHz,2803Mhz, 4 Cores, 8L.16 GB.Windows 11 Pro (64-bit), MATLAB 2017a.
Basically, Heisenberg uncertainty principle and quantum no-cloning theory is the main reason for the security of proposed quantum image encrypting scheme.That is due to the destruction of a quantum superposition state and its collapse to a determinate quantum state irreversibly with measurement.So, the intended receiver will detect changes when any attack takes place.This will provide strong defense against eavesdropping and leakage during transmission.
Further, the is secured by the two rounds of encryption with the two different pseudo random outputs and huge number of secret keys.To prove the security and efficiency of the proposed scheme, some simulation experiments will be carried Without losing generality, public test images taken from the USC-SIPI Image Database are adopted.Test images are 8-bit grayscale images with a size of 256 × 256, such as Lena, Cameraman, Baboon, Pepper, and Barbara.Also, the scheme is applied to a 512 × 512 Baboon image as an example of larger size images.

A. VISUAL EFFECTS
The proposed scheme is applied to the five images of size 256 × 256 and results are indicated in Figure 7. Also, it is applied to Baboon × 512 image to prove its security and robust performance when applied to larger size image.In Figure 6, the qubits from 1 to 8 represent the pixel value, the qubits from 9 to 16 represent the ous pixel value, while the qubits from 17 to 24 represent the current qubits of the second pseudorandom sequence PR 2 .The proposed scheme transfers the input images (as in 7 (a)-(e)) into approximately random meaningless encrypted images (as in Figure 7 (k)-(o)) and no information can be seen from it.So, it visually secures the original image.While the decrypted images and the original images are identical (Figure 7 (u)-(y)).Figure 8 shows Baboon 512 × 512 plain image, its corresponding cipher image, and the histogram of both.

B. STATISTICAL ANALYSIS
The ability of the proposed scheme to resist statistical analysis attacks can be measured by different metrices such as, histogram, correlation coefficients, information entropy, UACI and NPCR.It is a good judge for the scheme advantages and disadvantages.

1) HISTOGRAM
Histogram is a graph which measures the pixels intensities distribution of the image.In Figure 7, the histogram of the original images: Lena, Baboon, Cameraman, Pepper and Barbara is from (f)-(j), histogram of the corresponding encrypted images is from (p) to (t).It is shown that the encrypted images histogram has flat uniform distribution.There is another measure of evenly distributed pixels of encrypted image ''histogram variance'' given as follows: Table 2 indicates the of both the original and the encrypted images and comparison with other recent schemes as [23], and [35] indicates that our scheme has smaller value of Var.It is clear that the original images have high Var while the encrypted images have very low values.After encryption, the variance is reduced.
When the variance decreases, the uniformity of pixels distribution increases and the strength of encryption scheme against statistical attack

2) CORRELATION COEFFICIENT
In general, unencrypted image adjacent pixels correlation is strong.But, after encryption this correlation has be reduced.The following equation defines the correlation coefficient (CC): where j and y j represents two neighboring pixels gray values, respectively.x and ȳ represent corresponding mean values.
For the proposed scheme, 10 4 pairs of pixels of the original and encrypted images are chosen in random in horizontal, vertical, and diagonal dimensions.the correlation value between adjacent pixels gets closer to this increases the difference between them, and hence makes it harder for an opponent the scheme from this side.The CC values are of the tested images are in Table .3. It is clear that CC values of original images are closer to1, where the CC of the encrypted images are closer to 0. For more clarifying of the difference, Baboon image is taking as an example and the correlation distribution is the three dimensions are shown in Figure 9.

3) INFORMATION ENTROPY
Generally, the entropy measures system confusion.According to Shannon's definition for entropy in information theory, a 8-bit image with probability distribution P, the information entropy is E is given as follows: −1 j=0 P (j) log 2 P(j) (26) where P(j) is the probability of an image gray value j.When all the gray values with equal probability, this means that pixels of the image have enough confusion, and the ideal value of E is 8. Table 4 shows the entropy values of both the unencrypted and original tested images.These values prove that our scheme has high confusion as the values exceed 7.99 and extremely near 8.The same table also shows a comparison with other recent quantum image schemes.This comparison proves that our scheme is more resistant against entropy attack.

4) UACI AND NPCR ANALYSIS
A measure of an encryption scheme pixel change sensitivity is the unified average changing intensity (UACI) and number of pixels change rate (NPCR) which is used as a good tool to evaluate the resistance against differential attack.It is given as following: where C 1 and C 2 represent encrypted images of the original image and the original image with one pixel change, respectively.If two pixels C 1 (i, j) and C 2 (i, j) have equal value the D(i, j) equals 0, while there is a difference between the two pixels C 1 (i, j) and C 2 (i, j) then D(i, j) equals 1.
Theoretically, NPCR = 99.6094% and UACI = 33.4635%.Table 5 lists the results compared with some recent schemes.Tables 3, 4, and 5 listed the experimental results of images of size 256 × 256, while all the results of Baboon 512 × 512 image are listed in Table 6 as an example of larger size images.The results shown in Table 6 prove that the proposed scheme achieves high security for lager size images also.The amplitude spectrum of Spectrum analysis mainly measures the encryption scheme robustness against statistical attacks.Figure 10 indicates the spectrum of the tested original and encrypted images.It is clear that the original image has a non-uniform amplitude spectrum, while the encrypted image has nearly uniform amplitude spectrum.This proves that the attacker cannot extract any beneficial data from the spectrum amplitude, so the proposed scheme is well resistant against spectrum attack.

C. KEY SPACE ANALYSIS
The larger key space the stronger resistance against brute force attack.With the current computing abilities, the key space should exceed 2 100 .The proposed scheme has 24 secret key parameters which are: h 0 the hash function of the input image of length 256 bit.
-The secret key SK 1 of length 256 bits.

D. KEY SENSITIVITY ANALYSIS
A reliable quantum image encryption scheme should have high sensitivity to any small change in the key's values.So, a little change in the values of the keys causes a highly changed cipher image.To evaluate this property for the proposed scheme, Baboon plain image is encrypted as in Figure 11 with certain keys (control parameters) values, then tiny changes are applied to the keys values as shown in Table 8 and the obtained cipher images are shown in Figure 11 (c) -(k).The correlation coefficient (CC) and NPCR are displayed in Table 8.Its is obvious from these values that both the cipher image obtained by encryption by the original keys and the cipher images obtained with tiny change in the key's values are not statistically similar.It is a proof that the proposed scheme has high sensitivity to the secret control parameters.

E. ATTACK RESISTANCE ANALYSIS DUE TO SELF-ADAPTATIVE PROPERTY
In general, there are four types of common attacks on encryption scheme.These types are ciphertext-only attack, known plaintext attack, chosen plaintext attack, and chosen ciphertext attack.Chosen-plaintext attack is the most powerful one among these attacks because the attacker may choose a plaintext and obtain its corresponding ciphertext.If the encryption scheme is strong against this type of attack, it can resist all other types of attack.
The proposed PRNG uses the hash function of the plain image (h o ) as a secret key for encryption, so the key depends on the plain image and varies with it which makes the proposed scheme self-adaptive.As a result, the attacker will be unable to penetrate the encryption scheme if he chooses some plain images to encrypt and decrypt.So, the scheme will resist chosen-plaintext attack and hence other types of attack.This is proven by the experimental values of NPCR and UACI shown in Table 5 which measure the sensitivity of the cipher image to one pixel value change in the plain image.One reason for high sensitivity is the self-adaptive criteria of the proposed PRNG, besides the design of the encryption rounds.It is clear that the proposed scheme has greater values for NPCR comparing with other schemes which reflects its plain image higher sensitivity.

F. COMPUTATIONAL COMPLEXITY ANALYSIS
The elementary gates such as Control-Not gate which is a two-qubit quantum exclusive OR gate and NOT gate which is a one -qubit quantum gate are the basic units in computing the quantum circuit complexity of any unitary operation U (2 n ) on n qubits [39].As mentioned in [39], a C n (U ) quantum gate is represented as 2(n − 1) Toffoli gates (C 2 (X )) and one twoqubit controlled U gate (C 1 (U )), where n is the control qubits number, X is NOT gate and U is any 2 × 2 unitary matrix.Toffoli gate is represented with five two-qubit quantum gates.So, a C n (U ) quantum gate has a circuit complexity equals 2 (n − 1) × 5 + 1 = 10n − 9.In [46], the authors proved that the time complexities of image preparation and recovery for NEQR are O(qn2 2n ) and O(2 2n ), respectively.But in general, these two-time complexities are neglected, and the time complexity of encryption and decryption process only are considered.
So, the circuit complexity of our scheme can be computed as following: the Toffoli gate is represented by 5 CNOT gates, while the swap gate is composed of 3 CNOT gates.The first round of encryption shown in Figure 5 includes one CNOT gate, 7 Toffoli gate, and 7 swap gates.So, there are a total of 1 7 × (5) + 7 (3) = 57.So, the encryption first round complexity O(n).The second round of encryption consists of 8 Toffoli gate which equivalent to 40-CNOT gates.The encryption second round complexity is O(n).So, the overall computational complexity of the proposed scheme is O(n).Generally, the time complexity of a quantum computer is greatly reduced compared to the classical computer which needs O 2 2n operation to encrypt an image.This is due to the quantum parallel computations of the superposition states which represent a quantum computer input and output.So, our scheme has a much better computational complexity compared to the classical computer and some recent quantum image encryption schemes listed in Table 9.

G. COMPARATIVE ANALYSIS
A comparative analysis of the proposed scheme with other related works will be given.The security metrics used for comparison are variance, correlation coefficient, entropy, UACI, NPCR, key space, and computational complexity.The comparison listed in Table 10 shows that the proposed scheme has approximately the lowest variance, the lowest correlation coefficient, the highest entropy, UACI, and NPCR values, the largest key space and the lowest computational complexity which proves its robustness and efficiency.

H. PERFORMANCE AND SECURITY WITH QUANTUM COMPUTER
As mentioned previously, the security and performance of the proposed scheme are verified with numerical simulation by MATLAB platform on a classical computer due to the quantum computer lack, but if quantum computer is used, how the security and performance results will differ?

1) PERFORMANCE
Quantum computer has the advantage of parallel computing and so the complexity of the proposed scheme will be greatly reduced.It is estimated that the quantum computer is thousands of times faster than classical computer.So, the running time will be greatly reduced by using quantum computer compared to classical computer.

2) SECURITY
with the existence of quantum computer, the proposed scheme will remain secure due to the following: firstly, it depends on creating quantum states for encryption, which provides an inherent level of security against attacks, as any trial to measure the encrypted state will collapse it into a random state which is non-readable.Secondly, the proposed scheme is a symmetric key encryption which will remain secure against quantum computer as it has enough long key.The proposed scheme doesn't depend on computational hard problem such as RSA or ECC public key schemes which are threaten by quantum computer existence.These hard problems as integer factorization problem could be broken in a very little time with quantum computer.But for the symmetric key encryption, there is no known quantum algorithm, to attack it.Only Grover' quantum algorithm can speed-up a brute force attack on it.So, the proposed scheme will remain secure even with the existence of quantum computer as long as it has long enough key.AES-256 will remain secure against quantum computing with a key space size of 2 256 .The proposed scheme key space size is 2 1656 which is much larger than that of AES.

V. CONCLUSION
In this paper an adaptive quantum image encryption scheme is introduced.It consists of only two rounds with two different pseudorandom number sequences of length equals the input image size.These two different pseudorandom number sequences are obtained from a new designed pseudorandom number generator (PRNG) consists of two parts.One of them is based on iteration of a recently proposed chaotic-based parallel keyed hash function which is used as a controller for a second part.The second part is a multiplication of Chebyshev and Tent chaotic maps.This combination of hash function and chaotic maps provides high randomness and dramatically enlarges control parameters and initial values space, which provides a huge key space and hence makes the scheme stronger against brute force attacks.This PRNG combines four different chaotic map which are Chebyshev, Logistic, Sine and Tent maps.The seed of the keyed hash function depends on the input image itself which makes the scheme adaptive and stronger against chosen plaintext attacks.In the first round, the input image and the two pseudorandom sequences are converted into qubits using the novel enhanced quantum representation (NEQR).Then the qubits of each pixel of the input image is modified to a different value by XOR operation with the corresponding qubit of the first pseudorandom sequence by using Controlled CNOT quantum gate then shifting to the next qubit with the Swap quantum gate.In this round, the pixel value is changed.In the second round, diffusion of changed pixel value to each pixel in the image with the second pseudorandom sequence and by using Controlled CNOT quantum gates is performed.The time complexity of the scheme is less than many recently published quantum image encryption schemes.Performance and robustness analysis of scheme has been discussed.The results show that the scheme is highly secure and efficient.

FIGURE 1 .
FIGURE 1. Symbols and metrices of some basic quantum gates.

FIGURE 2 .
FIGURE 2. The structure of the keyed parallel hash function.

r 1 ,
r s2 and r s3 ∈ [3.57, 4].q ∈ [1, 2].p ∈ [0, 1].The control parameters range for the second part of the proposed PRNG are as follows: Both µ 1 and µ 2 ∈ [0, 2].Both k 1 and k 2 ≥ 2. SP800-22 tests by NIST can be used to measure the randomness of the proposed PRNG output as it is one of the most common standards.It consists of 17 tests on binary data

FIGURE 4 .
FIGURE 4. The block diagram of the proposed scheme.
2) IMAGE ENCRYPTIONThe original image of size 2 n × 2 n is first represented with NEQR model as in Eq. (3).where C i = C old i7 C old i6 . . ...C old i1 C old i0 , C ik ∈ {0, 1} , k = {0, . . . . . ., 7} represents the gray information for each pixel its position is i.Also, both the two pseudo random sequences PR 1 and PR 2 are represented with NEQR model as follows:

FIGURE 10 .
FIGURE 10.Spectrums of original and encrypted images.

1 x=0 N − 1 y=0I
5) SPECTRAL ANALYSISFourier spectrum measures the statistical property of the encrypted image[19].It is studying image properties with using Fourier transform.If I (x, y) is an image, the discrete Fourier transform FT (u, v) of the image I (x, y) is defined as following:FT (u, v) = N −(x, y)e −2πi( ux N + vy N )(29)

TABLE 2 .
Original and encrypted images variance values histogram.

TABLE 3 .
CC values of original and encrypted images indicated in figure7.

TABLE 4 .
Original and encrypted images entropy.

TABLE 6 .
Larger size image experimental results.

TABLE 7 .
Key space comparison.

TABLE 10 .
Comparison with related works.