An Integrated Image Encryption Scheme Based on Elliptic Curve

Due to the extensive demand for digital images across all fields, the security of multimedia data over insecure networks is a challenging task. The majority of the existing modern encryption schemes are merely developed that ensure the confidentiality of the image data. This manuscript presents a new image encryption scheme that ensures confidentiality, user authentications, and secure key sharing among the communicating parties. Initially, the users share a secret parameter using Diffie-Hellman over the elliptic curve and pass it through SHA-256. Afterwards, the proposed scheme uses the first 128-bits for the confidentiality of the data, while the remaining 128-bits are for authentication. In the encryption algorithm, the confusion module is achieved by affine power affine transformation. At the same time, the diffusion module is attained through highly nonlinear sequences, which are generated through the elliptic curve. Experimental testing and the latest available security tools are used to verify the effectiveness of the proposed algorithm. The simulation findings and the comparison of the proposed scheme with the existing image encryption techniques reveal that the suggested scheme offers a sufficient degree of security. Furthermore, the outcome of the simulation results divulges several advantages of the proposed scheme, including a large key space, resistance to differential attacks, high efficiency, and strong statistical performance.


I. INTRODUCTION
The transmission of multimedia information, such as digital images, audio data, and video, via various networks significantly increased due to the rapid development in network evolution. However, mostly the data transmission procedures occurred through unsecured networks. Therefore, there is a chance that information might be lost, intercepted (i.e., copied and distributed illegally), and can be altered maliciously [1], [2], [3], [4]. Over the internet, the digital image is an essential source for data communication. For instance, in the medical field, images are used for visualizing different analyses and diagnoses. These analyses are transmitted in the form of images. The patients use these images and get The associate editor coordinating the review of this manuscript and approving it for publication was Yilun Shang.
consultations from medical specialists anywhere around the globe. So, in this case, integrity and confidentiality violation are very dangerous for the patients. Similarly, a secure image transmission technique over the open network is also required for criminal investigations. The government domain needs to ensure the secrecy and integrity of the data in order to avoid injustice. So, the security of digital image data has become a growing source of worry. Due to the inherent properties of the digital image, high correlation among the adjacent pixels and the quantity of data, the standard cryptographic techniques such as data encryption standard (DES) and advanced encryption standard (AES) algorithms are not suitable for digital image encryption. Therefore, various cryptographic techniques are presented in the literature for secure multimedia data over the open network. The properties of a nonlinear dynamical system, sensitivity to initial conditions, ergodicity, VOLUME 11, 2023 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ mixed characteristics, convenient algorithmic description, and high complexity are beneficial for cryptographic applications. Since hyperchaotic maps produce more randomness than chaotic systems, therefore these are more suited for image encryption applications. Different scholars have presented numerous schemes based on hyperchaotic systems. In [7], a four-dimensional (4D) hyperchaotic algorithm is suggested. In the recommended work, the scheme creates key stream and controls parameters that are used to shift rows and columns of the image. In [8], suggested a 2D compound homogeneous hyperchaotic system that performed permutation of pixels. However, the proposed work is vulnerable to chosen plaintext attacks [9]. To address this flaw, plaintext was correlated with the stream of the chaotic key in the generation of the final encryption key. The stream derived from the hyperchaotic sequences improved the security against the chosen-plaintext attack [10]. Elliptic Curve Cryptography (ECC), which is based on algebraic geometry, is a cryptographic technique for power-constrained devices. ECC has recently been used for image encryption applications. RGB image encryption based on ECC is investigated in [13]. The presented scheme utilized DNA encoding and decoding for RGB image encryption and decryption followed by elliptic curve Diffie Hellman. The algorithm presented in [14], employed a cyclic group of an elliptic curve with the combination of chaos. Consequently, it increased the key space of the suggested scheme. Similarly, the image encryption based on chaos with the elliptic curve ElGamal is presented in [15]. The suggested work compressed the plain images and enhanced the complexity of the 4-D cat map. Subsequently, the encryption is executed by EC-based asymmetric encryption. Likewise, the author designed a hybrid multilayered mathematical model for colour image encryption presented in [5]. In [26], Bellare and Rogaway introduced a hybrid cryptographic architecture named Elliptic Curve Integrated Encryption Scheme (ECIES). The ECIES is a pair of keyderivation functions, a symmetric key encryption algorithm, and a MAC algorithm. Since the message is sometimes difficult to encode in the points of the curve, so challenging to encrypt; contrastingly, one can easily encrypt any message using a symmetric-key scheme of ECIES. This is a significant advantage of ECIES over the Massey-Omura and ElGamal public-key approaches [26]. In [27], the author presented a technique for medical image encryption based on the improved version of ECIES. In the suggested work, the author identified some flaws and weaknesses in the EC Hill-Cipherbased image encryption and improved the security parameter using IECIES. However, the computational complexity of the suggested scheme is slightly increased due to the serval time of scalar multiplication of the curve points. In view of the shortcomings above, we proposed a novel integrated image encryption algorithm. The proposed scheme consists of a secure key exchange protocol, hash algorithm, and symmetric key algorithm. The exchange protocol is used for the communication of secret keys among the communicating parties. The hash function is used for data integrity, and the symmetric algorithm is used for data confidentiality. The confusion and diffusion module of the symmetric encryption is achieved by using simple operations that provide optimum security with less computational effort. Furthermore, the security performance of the scheme is thoroughly analyzed using the available tools. The resultant output demonstrates the scheme's efficiency compared to the existing scheme.
The remaining manuscript is organized as follows: The basic notation of EC is provided under Section II of this work. A detailed description of E-ECIES introduces in section III. Sections IV, V and VI, evaluate the nonlinear component and the simulation results of proposed symmetric encryption and their analysis for RGB images. The manuscript is concluded in section VII.

II. PRELIMINARIES
ECC is an asymmetric or public key method based on the algebraic structure of elliptic curves. Koblitz and Miller [28], [29] introduced its application in cryptography in 1985. The ECC offers a comparable level of security to traditional asymmetric cryptosystems like RSA but with noticeably reduced key sizes. This section consists of essential preliminaries and their related results presented in Washington and Galbraith [26]. An elliptic curve over a finite field F q is defined as.
where both a and b are the parameters of EC, with the condition that is 4a 3 + 27b 2 = 0. Otherwise, the EC is said to be singular. All the points E a,b F q , that has a specific sort of addition law from an abelian group with the neutral element ∞, called the point of infinity.

A. ELLIPTIC CURVE ARITHMETIC OPERATION
The following mathematical equation governs an elliptic curve over a finite field. Let P 1 = (x 1 , y 1 ) and Q 1 = (x 2 , y 2 ) are the two points of the elliptic curve such that P 1 = Q 1 , then the addition of P 1 and Q 1 compute using the following mathematical formula. where, If P 1 and Q 1 are the same points (That is, P 1 = Q 1 ) then the point doubling calculation is defined as: 5484 VOLUME 11, 2023 where, In addition to scalar point multiplication, multiple point addition is carried out.
The following Hass's inequality theorem calculates the cardinality of points on the EC.
q be the elliptic curve over the finite prime field F q , where p is prime and a, b ∈ F q . The discrete logarithm problem for an elliptic curve is defined as given a point Q 1 , and Q 2 on E a,b q , to find the positive integer M , if it exists, such that Q 2 = MQ 1 [31].

D. SECURE HASH ALGORITHM
A category of hash functions is called Secure Hash Algorithms (SHA). It was made public by the National Institute of Standards and Technology (NIST). Applications of SHA are predominantly located in integrity security services [30]. One of the well-known SHA algorithms is SHA-256, which generates message digests with 256-bit lengths. The proposed algorithm generates the Hash of key of 256-bit between users A and B. The first 128-bit is utilized for encryption, while the 128-bit length key is used for authentication.

III. ENHANCED ELLIPTIC CURVE INTEGRATED ENCRYPTION SCHEME (E-ECIES)
The E-ECIES is used to improve the secret parameter in the negotiation phase. The improvement is made by adding the initialization vector IV to prevent repeated data encryption. The initialization vector makes it harder for the hacker to detect patterns and break encryption using a dictionary attack. Furthermore, the IV must be known by user B in order to decrypt the cipher image. There are numerous techniques to make the IV accessible to user B in order to aid in decryption. However, the IV would be agreed upon prior to communication in our suggested algorithm for user's A and B. Moreover, the symmetric key is extracted using secure SHA-256. The detailed process of the E-ECIES is summarized in the below subsection. Let user A want to send a plain image M of size U × V to user B over the insecure channel. At the initial step of the protocol user, B first creates his public key by choosing the elliptic curve over the finite field F q such that the discrete log problem for EC(F q ) is difficult, and he picks a point p on EC that is generally of big prime of order N. He then calculates the public key P B = mp using a secret number m. The public key parameter of user B is {F q , EC, N , p, P B ), while the private key of user B is m. The following steps are computed to transmit the data between user A and user B.
• Create a random initialization vector V with the increment of the prime number for every block of message.
• Compute the Hash and extract the symmetric key; the mathematical description of the hash function is given below.
• Compute the proposed symmetric key encryption function with K 1

B. USER B COMPUTATION
In response to receiving the message from user A, the user B generates a new timestamp T B O , and follows these steps: If the condition does not hold, user B aborts, or else he sustained. The duration of t is a short, predetermined time.
• User B computes P A 1 = mP A using the knowledge of private key m.
• Calculate the Hash(P A 1 , P A (x ⊕ y) , V)) = H 2 . If H 2 = H 1 , when it does not hold, he passes over the session. Otherwise, B continues the remaining steps of the protocol.
• Computes H 2 (C, K 2 ) = T 1 . If T 1 = T, user B rejects the cipher image; otherwise, continue the protocol steps.
• Calculate the plan-image M = Dec K 1 (C), where Dec K 1 , is a symmetric key decryption function. As a part of user B computation, the second last step involves authentication, which is an essential aspect.

C. PROPOSED SYMMETRIC KEY ENCRYPTION
In this section, we proposed a new symmetric key encryption algorithm based on E-ECIES. The symmetric key encryption algorithm encapsulates the following steps to perform image encryption. Initially, the scheme uses secure SHA-256 to generate the key using the following mathematical formula.
where K 1 followed by K 2 . To perform the encryption using key K 1 the following steps are to be done. For the VOLUME 11, 2023 K 1 = 128bit is utilized for the encryption, while the 128bit of K 2 are used for authentication purposes. Initially, the first four-byte b 1 b 2 b 3 b 4 , are utilized for the permutation of the plain image using affine mapping. The mathematical construction for the permutation of the plan image using affine mapping is defined as.
where b 1 , b 3 the unit's elements are z m , while, b 2 and b 4 , are any elements in from z m . The i and j , the output of the affine transformation, which shows the permuted pixel of the image.

D. DIFFUSION PHASE BASED ON ELLIPTIC CURVE PSEUDO-RANDOM NUMBER SEQUENCES
The next six bytes b 5 b 6 b 7 b 8 b 9 b 10 b 11 b 12 is again utilized for the permutation purpose using the elliptic curve parameter with the large prime p, which is the concatenation of the last two bytes, i.e., p = b 11 ||b 12 . After the generation of points on each elliptic curve, pick the y-coordinate of the first elliptic curve, i.e., E Y i 1 , and get the first sequence, namely K 1 , similarly, we can compute the K 2 , K 3 , sequences by choosing the After that, pick out K 1 , and K 2 , and again permute the affine permuted image A and then bit-xor with K 1 , sequence to get A R , where A R , represent the red channel of a permuted image next, choose the K 2 , and K 3 and permute the A and bit-xor with K 2 , to get A G , where A R , shows the permuted image green channel. Finally, get A B , using the sequences of K 3 , and K 1 , and bit-xor with K 3 . The mathematical description of the above execution is defined as: where the length of each sequence is 1 × mn mod m. The pixel scrambling and diffusion of each layer of the above affine permuted image are defined in eq(15) Concatenate all the above three-layer (A R , A G , A B ) and get the permuted image.

E. CONFUSION PHASE BASED ON AFFINE POWER AFFINE TRANSFORMATION
After that, the last four-byte b 13 b 14 b 15 b 16 , is utilized for the confusion phase (S-box). To construct the s-box, we use affine power affine transformation (APA) [32] using the following mathematical construction. 16 are the affine surjection [33]. Where Pis still a nonlinear component, which is to be defined as: For n = 8 the power polynomial becomes, P (x) = x 254 is a bijective permutation using any primitive polynomial in GF (2 8 ). Moreover, the elements b 13 c,d , with strong algebraic properties. The proposed APA S-box with different parameters is given in Tables 1 and 2, respectively. Furthermore, we analyzed the S-box not only by the coordinate functions but also by evaluating all the security analysis by their component function and comparing it with excellent literature [17], [18], [19], [20], [21], [22], [23], [24], [25]. The comparison analysis in table 4, shows that the proposed new APA S-box has excellent algebraic properties and affine equivalent to the AES S-box [34]. Meanwhile, the only power permutation, P (x) = x 254 , some vulnerable properties like fixed point and opposite fixed are given in Table 3, which improve by the affine parameter chosen by the proposed symmetric key extracted from the Hash of the E-ECIES. After the substitution phase, we get a cipher image. The flow chart of the proposed E-ECIES is illustrated in Figure 1.

IV. SECURITY ANALYSIS OF THE PROPOSED SYMMETRIC KEY ENCRYPTION
This section compares our proposed symmetric encryption algorithm security and performance against the findings of several experiments in [5], [13], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24], [25], and [27]. The enhanced version is subjected to several security analyses to assess the suggested work randomization and prove its resiliency against various known attacks. We take the substitution permutation network (SPN). The permutation phase is achieved by three different kinds of elliptic curves utilized for the permutation as well, as we add the nonlinear component APA S-box for the confusion phase. In the APA S-box, the encryption is evaluated by substituting uncorrelated encrypted data for plan image data. Our suggested APA S-boxes are examined using the standard S-box evaluation criteria in the results and evaluation section, which include nonlinearity score (   and differential branch number(LDBN), linear approximation probability(LP), strict avalanche criterion(SAC), and differential approximation probability(DP). Moreover, in other literature [17], [18], [19], [20], [21], [22], [23], [24], [25], the S-box analysis is evaluated by their coordinate function, but the in our proposed work, we implement all the results on component functions wel; in the case of n = 8, we examined 2 n , Component function by their different S-box analysis.
While the permutation phase evaluates the diffusion properties, including two effective tools, namely, the number of pixels change rate (NPCR) and unified average changing intensity (UACI). The portable PC with Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz is used to conduct the various evolution tests using different coloured images. Figure 2, shows the proposed symmetric encryption algorithm's plan and corresponding encrypted images. VOLUME 11, 2023 A. NONLINEARITY SCORE The nonlinearity score of function or S-box, S = F n 2 → F m 2 is represented by NLS(S) and defined by [35].
The NLS proposed S-box is 112, as shown in Table 4.

B. STRICT AVALANCHE CRITERIA
Webster and Tavares introduced the SAC idea. The strict avalanche criterion (SAC) is the essential component of the S-boxes. Informally, an S-box satisfies SAC if one input bit is altered. 50% of the output bits must also be changed [33]. The mathematical expression of SAC is defined in eq (24).

C. BIT INDEPENDENCE CRITERION
The concept of bit-independent creation (BIC) was also developed by Webster and Tavares. For any two Boolean is highly nonlinear and satisfies the criterion of SAC. Then, when one input bit is changed, the correlation coefficient of each pair of output bits may be extremely near zero. So, by confirming that f i ⊕ f j (i = j) is holds, we may find out the BIC of the S-box of any two output bits that satisfy the SAC criterion [37]. Table 4, shows the performance of the new APA S-box and the comparison with excellent existing literature.

D. DIFFERENTIAL APPROXIMATION PROBABILITY
Measurement of differential uniformity is the differential approximation probability (DP) of the S-box, which is defined as where a, b is the input differential and output differential, which implies that an input differentia a i must precisely map to an output differential b i Order to guarantee a uniform chance of mapping for each i. According to the Performance indexes of the new APA, the average differential approximation probability is 0.01562. The comparisons Table 4, shows that the differential approximation probability (DP) of the new APA S-box is better than [17], [19], [20], [21], [22], and [23] and the same as with AES S-box.

E. LINEAR APPROXIMATION PROBABILITY
The linear approximation probability (LP) is the highest possible value of an event's imbalance. The mask chooses the output bits ψ a , have the same parity as the input bits chosen by the mask ψ b . The original Matsui formulation states that the linear approximation probability of a given S-box is defined as: where x is the set of input space and 2 n , is the total number of elements in x. The input-output masks are respectively represented by ψ a and ψ b Them.

F. FIXED POINT
Given an S-box, The new APA S-box has no FP due to the affine transformation parameter chosen by the hash value of 128-bit in symmetric key encryption. In contrast, only the power permutation has 4 FP. The comparison Table 4, shows that the new-APA S-box is on top of no fixed point like the AES S-box.

G. OPPOSITE FIXED POINT
Given an S-box, S = F n 2 → F m 2 , the input element x ∈ F n 2 is said to be the opposite fixed point (OFP) if S (x) =x [6].
The new APA S-box has no OFP.

H. AUTO CORRELATION
The autocorrelation (AC) of an S-box, which is defined from, S = F n 2 → F m 2 , taken concerning o ∈ F n 2 denoted by its polarity form S, is represented by r S (o) and defined as: The range of r S (o) is [−2 n , 2 n ] for all o ∈ F n 2 . For any n variable boolean function, the low value of autocorrelation is expected. The new APA S-box's auto-correlation value is 32, the same as the AES S-box.

I. DIFFERENTIAL AND LINEAR BRANCH NUMBER
Given an S-box, S = F n 2 → F m 2 The differential branch number (DBN) is represented by ϕ DBN (S) as defined as The linear branch number of the S-box is denoted by ϕ LBN (S), and defined as: where r S (o, B) shows the coefficient of autocorrelation. The suggested APA S-box the ϕ DBN (S) and ϕ LBN (S) , is 2, as shown in Table 4.

J. LINEAR STRUCTURE
The linear structure of the S-box is examined for its cryptography importance. It has been noted that attacks that could be carried out far more quickly than a thorough key search can break block ciphers with linear designs [47]. Therefore, in the block cipher, the confusion phase must avoid the linear structure. The mathematical expression of the linear structure of an S-box is defined as: where f(x) ∈ F n 2 ∀x ∈ F n 2 and for some a ∈ F n 2 and C ∈ F 2 . Then C is called the linear structure of the Sbox. There are two types of linear structure invariant linear structure if C = 0 and the other one is a complementary linear structure if = 1. Table 4, shows that the proposed APA S-box has no linear structure and is suitable for cryptographic primitive.

V. SIMULATION RESULTS OF ENCRYPTION
In this section, we evaluated the simulation results of the symmetric key encryption of different standard images of Lena, Apple, Babul-Quaid, and Baboon, to examine the strength of E-ECIES. The figure 2, shows the plan images listed and corresponding to their encrypted images; from figure 2, shows that the randomization of the encryption scheme is achieved. The image obtained after the encryption process reveals its unpredictability, and it is impossible to decipher the plan image without the decryption key. As a result, from  the simulation analysis, we identified that the original secret information could be accurately recovered without any difference or loss, proving the usefulness and validity of the entire encryption scheme.

VI. STATISTICAL ANALYSIS A. HISTOGRAM ANALYSIS
An image's histogram can effectively and graphically depict a digital image's distribution of grey values. When the distribution of the grey value is more even, it will be more difficult for the eavesdropper to extract information from the encrypted image through statistical attacks [6]. As such, the histogram of the encrypted image should almost be uniform while differentiating itself from the one derived from the plaintext image. Moreover, the histogram's distribution was figured out from the cipher image and is relatively uniform, reducing the association between neighbouring pixels and preventing the attackers from learning anything. Figure 3 and

B. CHAI SQUARE TEST
The Chi-square test measures the amount of variation between the original sample data and the theoretical inference value of the statistical samples. Sometimes the visual representation of the histogram is not sufficient to measure the pixels of the encrypted image. So the quantitative measure of  histogram monotony, we employ the chi-square test analysis. The mathematical description of the chi-square test is as follows: where ob (f i ) is the observed frequency, i (i = o to 255), while ex (f 0 ) is the expected frequency. The value of Q, in our case, is 256. According to the chi-square distribution, the numerical value of the chi-square test, at the significance level of 5%, is 293.2478. The test values of the chi-square analysis of the proposed scheme is shown in Table 5, which ensures that the value of the suggested encryption scheme is not greater than 293.2478. Hence, the proposed method is to resist Statistical attacks.

C. CORRELATION ANALYSIS
In plaintext images, the coefficient correlation between two contiguous distinct pixels is typically significant, so a secure VOLUME 11, 2023   and efficient encryption procedure is needed to minimize this correlation. After the encryption procedure for the plaintext image, the goal of a low coefficient correlation among the adjacent pixels should be conducted in the cipher image. The mathematical formula for the correlation analysis between two adjacent pixels is defined as [42]: where, x y are the pixels of the plan and cipher image, respectively. We choose the pixel pairings in the encrypted and plaintext image in the multidirectional: Horizontal, vertical, and diagonal directions. The above eq (32-34) mathematical formulas was used to get the coefficient correlation between the cipher image and the associated plaintext image in three directions. Table 6, displays the test results for the correlation in three directions between plaintext images and images after the encryption process. Table 6, shows that the correlation of cipher image in multidirectional is nearly close to zero, which ensures that correlation is significantly reduced. Hence, the proposed E-ECIES scheme is not vulnerable to correlation analysis.

D. GLOBAL INFORMATION ENTROPY
The global information entropy(GIE), which shows the degree of confusion in the image, is one of the key characteristics of showing the randomness of the image and evaluating the encryption method. The following equation was used to find the information entropy [27].     Table 7. Concluding from the values in the table, following encryption, the entropy for each of the above images is close to the ideal theoretical value and utterly different from the values in the corresponding plaintext image. Considering the entropy values, we conclude that the algorithm proposed here performs effectively against the statistical attacks.

E. LOCAL SHANON ENTROPY INFORMATION
Local Shannon entropy calculates the sample mean of global information entropy (GIE) over several non-overlapping and randomly selected image blocks. It overcomes some weaknesses of (GIE) because sometimes, GIE fails to find the true randomness of the image. We can define the local Shanon entropy information by the following mathematical equation:  [50]. Table 8, represents the information on local Shannon entropy, showing that the cipher images' results possess true randomness.

F. SENSITIVITY ANALYSIS 1) DIFFERENTIAL ATTACKS
The differential attack evaluates an image encryption algorithm's plaintext sensitivity [24]. Therefore, the encryption algorithm can extend this influence over the entire encryption process if we slightly alter the plain image, a desirable image. The Number of Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI) are measures of the ability to withstand the differential attack and are defined as follows: (38) where E (i, j) is cipher image of the original image after the entire encryption process E (i, j) anther encrypted image after a one-bit change in plan-image, both the encrypted image put into the above two formulas to get the experimental analysis of NPCR and UACI. Where, F(i, j) is defined as [11], [42], [27].
Consequently, the proposed E-ECIES offers excellent resistance to the differential attack. The results NPCR and UACI measurements in this manuscript and other references are also shown in Table 9. However, the value in our algorithm for the UACI results is closer to the theoretical value than for any other encryption scheme. As a result, the suggested encryption method is useful and efficient for encrypting multimedia data. Moreover, we also calculated the critical value of NPCR and UACI using the following mathematical equations: where, ϕ −1 is the inverse of the cumulative distributive function(CDF) of the normal standard distribution N(0, 1), µ and σ , represent the expectation and variance of NPCR and UACI and a is the significance value of the two encrypted images E , E , respectively. Table 10, shows the critical values of NPCR and UACI with different significance levels.

2) PSNR, NC AND SSIM
Three important sensitive analyses, Peak Signal-to-Noise Ratio (PSNR), Normalized Correlation (NC), and Structural Similarity (SSIM), are used to measure the quality and change the values of pixels in images after decryption [43]. The following formula is used to calculate the value of PSNR where MSE is defined by the following equation where P (i, j) , E (i, j) represent the plan and encrypted receptively of dimension M × N. The similarity degree is evaluated by the normalization correlation NC metric. In addition, this result could be considered a reliable indicator of the encryption algorithms' effectiveness because two entirely unrelated images have a correlation coefficient that is almost zero. The equation is shown below the computed NC value.
The structural similarity between two images is evaluated using the SSIM index. This metric improves on methods like mean squared error (MSE) and conventional PSNR. On several windows of a given image, the SSIM index is calculated. As a result, the following mathematical expression provides the SSIM between two windows, X and Y , of standard size N × N.
where µ x and µ y shows the mean values of X and Y , respectively. σ x and σ y used for standard deviations of X and Y , respectively. The covariance of X and Y is represented by σ x y , and to avoid the value of zero in dominators, the coefficients b 1 and b 2 are used in eq- (46). The comparison of the plan image with the encrypted image should have VOLUME 11, 2023     low PSNR, NC and SSIM values. Otherwise, the plan and encrypted image show the value of SSIM and NC is 1 and a high PSNR value. Additionally, it's important to note that the image after decryption is the same as the plan image. Table 11, shows the value of PSNR, NC and SSIM of the planimages cross-ponding their encrypted images. The results in Table 11, ensure that our enhanced scheme performs well in terms of low PSNR, NC and SSIM . Finally, it can be concluded that the E-ECIES is secure against sensitive analysis attacks based on the PSNR, NC and SSIM .

3) KEY SENSITIVITY
The secret key must be highly sensitive to an encryption technique for the actual key space to match the theoretical one. A high key sensitivity means two entirely different encrypted and decrypted outputs will arise from slightly modifying the secret key throughout the encryption and decryption procedures. We generate an original secret key K 1 utilizing the E-ECIES at random and then creating two other secret keys, K 2 and K 3 By modifying one bit in K 1 . This process is done to determine the sensitivity of the secret keys. The original secret key K 1 and the modifying keys K 2 , K 3 by the following expression. Figure 7, shows the key sensitivity analysis results attained throughout the encryption process of the E-ECIES. The 1 st row of figure 7 shows the original image of Lena and three encrypted images encrypted using K 1 , K 2 and K 3 .
In the 2 nd row of figure 7, only the original secret key K 1 can exactly retrieve the original image. Figure 7, illustrates how the decrypted results with just a single bit of difference between K 2 and K 3 they yield entirely indistinguishable results.

4) KEY SPACE ANALYSIS
The key space shall be sufficiently large to withstand a brute force attack. The number of keys employed in the permutation, diffusion and confusion processes is used to compute the key space. The proposed E-ECIES initially utilized b 1 b 2 b 3 b 4 for diffusion process, after that b 5 b 6 b 7 b 8 b 9 b 10 b 11 b 12 used for the permutation process and again utilized for diffusion, and the last four bytes b 13 b 14 b 15 b 16 is for the confusing process. The total number of key spaces is 2 128 which is larger than 2 80 and enough for brute force attacks. Moreover, the security of E-ECIES is based on the discreet logarithm problem at the initial stage of key sharing. Hence, the proposed work has a comparatively large key space.

G. ROBUSTNESS ANALYSIS 1) OCCLUSION ANALYSIS
Decryption operations for encrypted images delivered across communication channels may be ineffective due to data loss [43]. In this case, the ciphered images are subjected to a loss operation known as an occlusion attack to examine the enhanced encryption scheme noise tolerance. Figure 8 shows the encrypted colour image with data loss rates of 50% from the right and left from the top and below. Similarly, 25% were left and right and from top to bottom. As shown in figure 8, after the decryption, the loss rate of 50% and 25% in an encrypted image, the corresponding decrypted image keeps most of the visual data from the original image. Consequently, it ensures that the E-ECIES is effective and resists occlusion attacks.

2) NOISE ATTACKS
This section examines how a cryptosystem responds to noise during encryption and decryption. Some noise is always present when digital images are broadcast across communication channels. Most of the encrypted digital images are affected by different noises, and therefore, to investigate the proposed E-ECIECS, we must check the noise analysis of the proposed encryption scheme and ensure that the suggested work is noise resistant in such a manner that the digital image after decryption algorithm must be understandable for the receiver sides. So, to evaluate the E-ECIECS, the encrypted image is anticipated by different kinds of noise with different densities, namely: Gaussian, Salt, speckle, Poisson, and Pepper Noise. Major sources of Gaussian, Salt and Pepper, and other noise appear in remote sensing images during acquisition, including Poor illumination, high temperatures, inadequate transmission, and other factors that can all lead to sensor noise, such as electronic circuit noise [43].

3) GAUSSIAN NOISE
The normal distribution, which is also referred to as the Gaussian distribution, has a probability distribution function (PDF) equal to that of Gaussian noise. Additive white Gaussian noise(AWGN) is the most popular name for this type of noise [43]. The proper definition of Gaussian noise is noise with a Gaussian amplitude distribution. The following mathematical expression describes the Gaussian distribution of this kind of noise where in eq-(47), σ represents the standard deviation, g, m shows the average and gray level of the function. For a random variable S of the gaussian, the PDF is expressed by VOLUME 11, 2023 the following equation.
where u and σ represent the mean and standard deviation. The simulation results of the Lena encrypted image with the addition of gaussian noise to the decrypted image of Lena in figure 9 are still readable for the receiver side.

4) SALT AND PEPPER
Intensity spikes, often known as salt and pepper noise, are an impulsive form of noise. Generally, data transmission failures are what cause this. Each usually has a chance of less than 0.1. The image has a ''salt and pepper'' appearance because the contaminated pixels are alternately assigned to the minimum or maximum value. The impairment of pixel elements in-camera sensors is the primary cause of the salt and pepper noise [43]. The encryption image of the suggested technique, Lena, with the addition of Salt and Pepper noise, is shown in figure 9, along with the matching decrypted images that remain readable after the decryption procedure. By The following expression, compute the PDF for the bipolar impulse noise model

5) SPECKLE NOISE
A grayscale image's pixels can be affected by speckle noise, a multiplicative noise. It mainly appears in images with low brightness levels, such as MRI and Synthetic Aperture Radar (SAR) images. Before further image processing, such as object detection, picture segmentation, edge detection, etc., image enhancement is essential to reduce speckle noise [45]. Figure 9, shows the encrypted images, Lena of the proposed algorithm, with the addition of Poisson noise and corresponding decrypted images, which are still understandable after the decryption algorithm

6) POISSON NOISE
A random temporal distribution may be used to treat individual photon detections as separate, discrete occurrences. Thus, photon counting is a standard Poisson process. The discrete probability distribution describes the number of photons recorded by a specific sensor element across time intervals using the following mathematical formula.
This is a standard Poisson distribution with a rate parameter γ τ that equates to the anticipated incidence photon count, where γ , the expected number of photons per unit of time, is proportional to the incident scene irradiance [46]. Photon noise is the term for the uncertainty that this distribution encapsulates. Photon noise offers a lower bound on the measurement error of light since it derives from the nature of the signal itself. Any measurement would be prone to photon noise even under perfect imaging circumstances, devoid of any additional sensor-based noise sources of noise (such as read noise). Figure 9, shows the encrypted images, Lena of the proposed algorithm, with the addition of Poisson noise and corresponding decrypted images, which are still understandable after the decryption algorithm. As a result, the proposed E-ECIES are secure against poison noise.

H. COMPUTATIONAL COMPLEXITY AND RUNNING TIME
The asymptotic complexity theoretically approximates the execution time of an algorithm. In general, the asymptotic complexity is denoted by big oh O. This subsection presented the proposed algorithm's asymptotic complexity and running encryption time. We have theoretically analyzed the proposed scheme's encryption and decryption procedure and skipped the preprocessing for secret key exchange. Since the proposed scheme is a substitution permutation network, in the substitution module, each byte is substituted in constant time O (1). So, the complexity of the overall substitution module is O(M × N ) for the image of the dimension of (M × N ). Moreover, the complexity of addition and multiplication modulo n is log(n) and log(n) 2 , respectively, and the permutation module is an affine transformation that consists of addition and multiplication modulo n. So, the complexity of the permutation module is Mlog(M ) × Nlog(N ). So, the complexity of the overall algorithm is M log M 2 ×N log N 2 . Additionally, we evaluate the proposed E_ECIES running time using Matlab R2021a. The following specifications apply to the experimental environments: Windows 10 operating system, Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz 2.80 GHz and 8 GB of RAM. The proposed method takes 0.2230/sec to encrypt the standard image Lena of dimension 256 × 256. Comparing the computational complexity and running time of the proposed E-ECIES with other existing excellent algorithms is shown in Table 12. The suggested encryption scheme performed better results compared to the [36], [38], [39], and [41] but was less effective than [40]. For evaluating encryption time, we also utilized different images of the same dimensions, 256 × 256. The results are displayed in Table 12.

I. COMPARATIVE ANALYSIS AND DISCUSSION
In this subsection, we will compare our proposed encryption algorithm with other existing cryptosystems based on EC and chose-based mathematical structures [7], [12], [23], [48], [49], [50], [16], [18], [19], [20], [27], [43]. The comparative analysis and discussion are based on some state-of-the-art differential and statistical analysis mentioned in Table 13. We have tested all of these metrics on a standard digital image Lena based on the proposed encryption algorithm. Image encryption techniques based on chaos, presented in [48], [49], [50], and [51], are complex, have high memory requirements, and are difficult to implement on modern devices. The  scheme presented [43] is based on the fusion of improved ECIES and chaotic equations, namely the Hyper chaotic Lorenz generator (HCLG) and Arnold cat map (ACT).
The HCLG was utilized for the confusion module, which is unsuitable and involves more mathematical operations. They also did not properly describe the analysis of the confusion phase. Moreover, the Cat map was utilized for the matrix multiplication, which is more expensive. While in the suggested encryption scheme, the confusion module is achieved by the nonlinear component (S-box) followed by the APA transformation. As a result, obtaining the confusion by the proposed scheme is less time-consuming than integrating the confusion and diffusion, which requires more fusion of EC and chaotic operation. Furthermore, the following bullet points give a detailed comparison of the proposed symmetric encryption algorithm with the existing excellent literature.
• According to the correlation analysis, the results of the horizontal, vertical and diagonal of the proposed symmetric encryption scheme are nearly close to the ideal value, which makes sure that the suggested encryption scheme would perform better and be resistant to statistical attacks as compared to other chaotic and elliptic curve-based encryption schemes [5], [7], [12], [18], [43], [48], [50], [51] and less from the [19], [20], and [49].
• The PSNR values of the encrypted versus plan image and plain versus the decrypted image of the proposed symmetric encryption are 7.8536 and ∞, respectively, show better results than other cryptographic algorithms presented in [49] and [51] and somehow below from the [5] and [43]. Based on the comparative analysis of Table 13, we can see that the proposed symmetric cryptosystem testing findings have shown better outcomes than recent chaotic and EC-based encryption techniques and give robust security and high resistance against state-of-art cryptanalysis.

VII. CONCLUSION
In this research, we proposed an elliptic curve integrated encryption scheme (ECIES) to secure RGB images. In the initial module, the suggested approach of the symmetric encryption scheme achieves the aim of diffusion using the first twelve bytes of the symmetric key of 128-bits. The confusion module is accomplished by the affine power affine transformation followed by the last four bytes of the symmetric key. A comparison of the proposed encryption scheme with the existing algorithm is presented in Table 13. From the table, we can observe that the statistical and sensitivity analysis of the proposed algorithm offers excellent security and can withstand common attacks. In light of the results in Table 13, our approach may be utilized for secure image transmission and is more valuable when sending RGB images to several recipients.
IJAZ KHALID is currently a Ph.D. Research Scholar with the Department of Mathematics, Quaid-i-Azam University, Islamabad, Pakistan. He has been working on an elliptic curve cryptography, since 2018.
TARIQ SHAH received the Ph.D. degree in mathematics from the University of Bucharest, Romania, in 2000. He is currently a Professor with the Department of Mathematics, Quaid-i-Azam University, Islamabad, Pakistan. His research interests include commutative algebra, non-associative algebra, error-correcting codes, and cryptography. SAYED M. ELDIN is currently with the Faculty of Engineering and Technology, Future University, in Egypt, on leave from Cairo University after nearly 30 years of service at the Faculty of Engineering, Cairo University. He was the Dean of the Faculty of Engineering, Cairo University, where he achieved many unique signs of progress in both academia and research on the impact of emerging technologies in electrical engineering. He was a PI of several nationally and internationally funded projects. He has many publications in highly refereed international journals and specialized conferences in the applications of artificial intelligence on protection of electrical power networks. He is in the editorial boards of several international journals.
DAWOOD SHAH received the M.Phil. and Ph.D. degrees in mathematics from the Department of Mathematics, Quaid-i-Azam University, Islamabad, Pakistan. His research interests include coding theory and cryptography.
MUHAMMAD ASIF received the Ph.D. degree in mathematics from Quaid-i-Azam University, Islamabad, Pakistan, in 2020. He is currently an Assistant Professor with the Department of Mathematics University of Management and Technology, Sialkot, Pakistan. His research interests include large scale of coding theory, cryptography, information theory, and fuzzy algebra.
IMRAN SADDIQUE is working as a Full Professor with the University of Management and Technology, Lahore, Pakistan. He is a reviewer of several well-known SCI and ESCI journals. His research interests include artificial intelligence, fuzzy algebra and soft sets, fuzzy fluid dynamics, fluid mechanics, lubrication theory, soliton theory, and graph theory. VOLUME 11, 2023