High-Capacity Reversible Data Hiding in Encrypted Images Using Multi-Layer Embedding

Reversible Data Hiding in Encrypted Images (RDH-EI) has gained much popularity in the field of signal processing and cloud computing. In this study, we propose a high-capacity RDH-EI scheme using multi-layer embedding. It ensures that after extraction of the embedded additional data from the marked encrypted image, the original image is recovered completely. Broadly, the method comprises three parties: the content owner, the data hider/ cloud owner, and the receiver. In the beginning, the image is encrypted by the content owner using encryption based on the chaotic behaviour of PWL-memristor and sent to the data hider. At the data hider’s side, even-odd value embedding technique is applied in multiple layers of the encrypted image to increase the embedding capacity. Meanwhile, the auxiliary information consisting of location map (LM) for each layer and the number of layers, to be used in the recovery phase, is recorded during the embedding. After completing the embedding procedure, permutation operation is applied on the marked encrypted image to prevent the perceptual information leakage. Finally, at the receiver’s side the embedded additional data and the original image is recovered losslessly with the help of valid keys and shared auxiliary information. From the experimental results, it is observed that the quality of the directly decrypted image is 51.0 dB or above. The advantage of the proposed scheme is that the PSNR is almost same for each layer, i.e. even for the n number of layers used, the PSNR is 51.0 dB or above. Moreover, we applied chosen plaintext attack to test the encryption function and in case of any cropping attack on the marked encrypted image during the transfer, the cover image can be recovered with less distortion.

as steganography, watermarking and Reversible Data Hiding (RDH) [1]- [4] have some special characteristics. Steganography is used for covert communication over the Internet which means secret digital data is embedded in cover media in an imperceptible way, so that the adversary does not get any knowledge of its existence. Whereas, in digital watermarking, the focus is on how to reliably recover the embedded data from a possibly degraded marked media. Robustness is the main concern in watermarking, and original cover media's recovery is not taken care of. Another type of data hiding known as RDH, has its pros and cons over the popular data hiding techniques. RDH focusses on the recovery of both the embedded data and the original media in a lossless manner from the marked media. In some sensitive scenarios, RDH plays an important role and used extensively in many areas like law, forensics, military imagery, and medical imagery. By this technique, the content owner embeds the additional data into the cover media (image, audio, video), and later allows the intended receiver to recover the embedded additional data and original media from the marked media losslessly. Basically, RDH can be categorized into compressed, spatial, frequency, and encrypted domain.
In recent years, with the growing popularity of cloud based services, users rely on cloud server to upload their multimedia files. The uploaded multimedia files can be accessed from the cloud server any time and anywhere. But, the users demand privacy of their original multimedia files from the cloud servers. In this scenario, the use of Reversible Data Hiding in Encrypted Images (RDH-EI) [5]- [7] has become popular. This not only provides independence for security from the third party but also gives freedom to the data hider/ cloud service provider to embed the additional data into it, without revealing the original content of media. And the receiver can recover the original media as well as the embedded additional data.
The two important metrics to show the performance of RDH-EI schemes are the Embedding Rate (ER) and the visual quality of the directly decrypted image. However, visual quality is measured in terms of Peak Signal to Noise Ratio (PSNR) in Decibel (dB) and the ER is measured in terms of Bit Per Pixels (bpp). During the embedding process distortion is introduced which results in the PSNR of directly decrypted image being effected by embedding rate. For a good RDH-EI scheme, researchers have to maintain an optimum balance between ER and the PSNR of directly decrypted image.
It is worth highlighting the following aspects of the proposed scheme.
• Our proposed RDH-EI scheme is a combination of PWL memristor and even-odd embedding technique, where PWL memristor is used to secure the original content of gray-scale image and even-odd embedding technique is used to efficiently encrypt the image at data hiding phase.
• The proposed RDH-EI scheme falls in the category of Vacating Room After Encryption (VRAE), i.e. the preprocessing step is not required at the content owner phase, and allows multi-layer embedding which further enhance the embedding capacity at the data hiding phase.
• Experimental results show that the proposed scheme is independent of image texture and PSNR of the marked encrypted image after the direct decryption is at least 51dB or above for more than 1 bpp. And it also shows that, after applying chosen plaintext attack, the encryption function achieves better security performance. Besides, in case of any cropping attack on the marked encrypted image during the transfer, the cover image can be recovered with less distortion.
The rest of the paper is organized as follows: Section 2 provides with the related work. Section 3 explains the framework of the proposed scheme in detail. We present experimental results in Section 4. Section 5 concludes the remarks and future work.

II. RELATED WORK
Barton proposed the notion of a RDH scheme in the year of 1997 [1]. Subsequently, many RDH schemes have been proposed, which can be broadly classified into the following three categories: Difference expansion (DE) [2], histogram shifting (HS) [3] and Lossless compression [4].
In the first category, Tian [2] proposed a high capacity RDH method based on DE where the idea is based on two neighboring pixels used as group and each group is used to embed one bit of secret data by modifying their pixel difference. The DE technique achieved high embedding capacity but it distorted the marked media which leads to low visual quality. Furthermore, this idea was extended in various methods to improve: the embedding performance in pixel prediction step [8], location map compression [9] and generalized integer transformation [10].
HS-based method, representing the second category, was initially proposed by Ni et al. [3] in 2006. The algorithm is simpler than DE approach based algorithms as it requires less computational complexity. The method uses shifting of bin intensities from maximum (or peak) to minimum (or zero) in the histogram of the input image pixel values to make space for data hiding. Embedding here is realized by bin shifting from peak to zero, after the maximum value bin has been assumed. One of the advantages of HS-based schemes is high PSNR of the marked image. However, the capacity of Ni's algorithm is limited and depends on peak valued bin, which makes it inefficient for most of the applications. However, Ni's algorithm have formed a base for research in this area. Hwang et al. [11] used the pixel values from the image histogram between the maximum point and two left-right minimum points, to embed the additional data. However, the embedding capacity was low with PSNR as high as 48.40 dB. Chung et al. [12] used dynamic programming to choose the fittest peak valley pair from the histogram, to improve the embedding capacity. The drawbacks include dependence of the algorithm on the texture of the image where complexity in texture costs the increase in the execution time.
Lossless compression, the third category utilizes the redundancy in the original media and use compression to make space for embedding additional data. This is done in as lossless manner such that the additionally embedded data is extracted losslessly along with the complete recovery of the original media. Some new works in the field of RDH schemes have combined the feature of above techniques, e.g., prediction error as a special case of DE has been used to attain high PSNR and ER [13], [14]. Moreover, the idea of RDH schemes also growing with video processing as in [15], [16]. With the valuable characteristics of RDH in plain image, the idea has attracted attention of many researchers to implement the technique in the field of cloud computing and signal processing for the encrypted domain. To explain it, with the help of a scenario as in Fig. 2, the content owner may wish to share an original image only with the receiver. The content owner of original image converts the original image into unintelligible form (i.e. encrypts the original image) before sending it to the cloud. That is, the adversary doesn't know the content of original image, in order to do so, a secure encryption technique is choosen, that resist against adversarial attacks, for example chaotic image encryption must resist against the chosen-plaintext attack [17]- [19]. In this way the cloud (or the adversary) doesn't know the original content of the image. In order to deal with the encrypted media, the cloud owner wishes to attach some additional data, related to the media for the sake of file management, such as origin information, multimedia file notation, authentication, and validation based data. The receiver can recover both the original media and the embedded additional data with valid keys. The extended version of RDH idea in the presence of third party (i.e. data hider) is known as Reversible Data Hiding in Encrypted Image (RDH-EI). The cloud owner can embed the additional data without any information being revealed about the original image. At the receiver's side, both the embedded additional data and the original media are recovered without any loss. Finding the optimum value for both the ER and the PSNR of the directly decrypted image is the main goal.
Furthermore, the idea of RDH has got much attention from the researchers, to develop with the third party without disclosing the original content. In the recreant study, RDH-EI schemes [20] are challenging and can be categorized in two major categories: Vacating Room After Encryption (VRAE) and Vacating Room Before Encryption (VRBE).
First, VRAE [5] which is more practical, where the embedding is performed after the image has been encrypted. Zhang [5] proposed the first RDH-EI scheme in 2011, where a stream cipher is used to encrypt the original image. After that, the encrypted image is decomposed into blocks where each block is responsible for carrying a bit of additional data. In order to embed the additional bit in each block, half of number of pixels are modified such that their three least significant bits (LSBs) are flipped. Further improvement of Zhang's scheme is done by Hong et al. [6] by side-matching to lower down the rate of error in the additional data extraction. Zhang [7] proposed a RDH-EI scheme based on separable manner,where the parameters are carried by a part of the encrypted bits and the Least Significant Bits (LSBs) of the remaining part of the encrypted bits are compressed in order to make space for the additional data using data the hiding key. Three cases arise at the receiver's side, 1) Extraction of the additional data with the use of the data hiding key, 2) Approximate image recovery with the use of decryption key and 3) Complete original image recovery with the use of both the keys. The scheme [7] provides lossless recovery of both the additional data and the original image but with a disadvantage of low payload. Further, Qian and Zhang [21] modified the histogram to enable additional data embedding enhancing the ER. VRAE exploits the redundancy in the encrypted image which has high entropy due to encryption. Thus, for high entropy, redundancy is low which results into low ER.
Second category is VRBE [22], where the spare space for additional data embedding is created by the content owner before the original image is encrypted. This is a preprocessing VOLUME 8, 2020 step taken before encryption. The VRBE method might be impractical as the content owner needs to do an extra effort to create the space for the data hider. In the method [22], payload is 0.5 bpp and the reconstructed image quality in PSNR is close to 40dB. Zhang et al. [23] exploited the pixel prediction errors to make space for additional data prior to encryption, by histogram shifting of these prediction errors. In [24], Xu and Wang proposed a scheme using histogram shifting and difference expansion where the interpolation-error is encrypted using a unique mode of encryption using stream cipher. In [25], Cao et al. proposed a high capacity RDH-EI using sparse coding technique and over-complete dictionary method in order to get a high embedding capacity. To further improve the embedding capacity, Huang et al. proposed a new image encryption method, which includes image block partition, stream cipher encryption, and block permutation [26]. Geetha and Geetha [27] has been presented multi-layered odd-even RDH-EI scheme, where non-overlapping block-wise disordering of bit planes with pixel and block scrambling to encrypt the original image and embedding is done by ± LSB based. Moreover, the average PSNR for 1 bpp and 1.5 bpp are 46.51 dB and 43.36 dB respectively. There are some classical RDH-EI schemes which have been presented with symmetric key cryptography [28]- [37] and some of the works with public key cryptography [38]- [46] in the recent years..

III. PROPOSED SCHEME
We have proposed a new scheme which allows multi-layer data embedding in encrypted images using well known even-odd value embedding technique. The idea can be divided into three basic phases namely: 1) image encryption, 2) data embedding, and 3) data extraction and image recovery. A sketch of the proposed scheme can be visualized in Fig. 3. The original image is encrypted by the content owner in phase 1. In phase 2, the data hider, without knowing the original content of image, can embed the additional data into it. The procedure of embedding the additional data into the encrypted image, using multi-layer even-odd embedding technique followed by the recording of the auxiliary information(i.e information of layer wise even/odd value of pixels and the number of layers). To the best of our knowledge, this is the first work to use even-odd embedding in encrypted images. In order to improve the privacy and security during the transmission of the marked encrypted image, the data hider applies permutation operation on the marked encrypted image. In phase 3, the receiver recovers the additional data and the original image with the help of shared auxiliary information and in accordance with the valid keys possessed. The auxiliary information and the keys are shared through another private channel. If the receiver does not have the auxiliary information, he/she can recover image similar to the original image(i.e approximate image), with quality of directly decrypted image being constant.

A. IMAGE ENCRYPTION
In our proposed scheme, image encryption is applied to convert the original image I into unreadable form, where I has size = M × N , each pixel value of image lies in [0,255] and is represented by 8 bits. We have used a popular Chaos-based Chua's circuit with PWL memristor for image encryption [47]. Three chaotic sequence sets are generated i.e. P = {p i |i = 1, 2, . . . }, Q = {q i |i = 1, 2, . . . }, R = {r i |i = 1, 2, . . . } by the Chua's circuit using PWL memristor as in [48], where each sequence is of length equal to . The normalized Chua's circuit with a PWL memristor is given below, which has the characteristics of a chaos attractor.
where a, b, m, n, p, q ∈ R (R is real number set) and a, b > 0 After choosing the system parameters a = 10, b = 18, n = −0.15, m = −1.56, p = q = −0.8, the resulting chaotic attractor is shown in Fig. 4. Next, with the help of quantization Eq: 3, the chaotic sequence sets are P, Q is used to give quantization sets P , Q with the maximum value M and N respectively i.e.
where p i ∈ P and q i ∈ Q . Also, the chaotic sequence set S is converted to quantization set S using the quantization Eq: 4 i.e s i is converted into s i = f (s i ) where s i ∈ S . The quantization function (a mapping technique where finite large set is converted to finite smaller set) are defined by where L is the maximum value which we need after quantization andê is the element of chaotic sequence. Furthermore, original image is scrambled using the sequence P , Q , same as in [49] and subsequently the scrambled image goes through pixel replacement using the sequence S . Note that in the scrambling process, statistical property of pixels remain same but changes when the pixel replacement function is applied. The pixel replacement function is defined by where I sc is the scrambled image. Finally, the encrypted image I e is generated. The decryption is the reverse process of the encryption. Moreover, the memristor is a passive circuit element which have the property of a resistor with memory [50]. The use of PWL memristor as a memory device in computers will further reduce power consumption by saving the time for data reloading.
The initial parameters (x, y, z) in Chua's circuit with a PWL memristor are used as an encryption key, Key 1 = (x, y, z). However, it is noticeable that instead of a chaotic generator, as used in our method, a pseudo-random sequence generated with a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) can also be used or, for example, the Advanced Encryption Standard (AES) algorithm can also be used in Output Feedback (OFB) mode.

B. DATA EMBEDDING IN AN ENCRYPTED IMAGE
In the data embedding phase, the data hider embeds the additional data in the encrypted image I e , even if the data hider is unaware of the content of original image and encryption key (Key 1 ). Getting comprehensive, the even-odd value embedding method is used to embed one bit of additional data per pixel. The embedding order of each layer involves scanning from left to right, and then from top to bottom (scan line order).
The Location Map (LM) in the embedding phase for each layer is recorded as a part of the necessary auxiliary information, that will be used to recover the original image and the additional embedded data in the recovery phase. The LM for each layer, refers to the even and odd valued pixel for that particular layer. The procedure for the additional data embedding depends on whether the encrypted pixel value is even or odd. Let, the additional data be d and d 1 , d 2 · · · d k be the corresponding bit sequence, where k represents k th bit of the additional data. If d k = '1 , then we increase the pixel value by one for the corresponding even pixel value and decrease the pixel value by one for the corresponding odd pixel value. And, if the additional data bit is d k = '0 then the corresponding pixel value is left unchanged. In layer 1, after the marked encrypted image and the LM is generated, the LM is recorded as a part of the auxiliary information. If the pixel value is even, LM is recorded as '0' otherwise '1'. Similarly in layer 2, after additional data embedding, the LM is recorded for the second layer as a part of the auxiliary information. Continuing this procedure for the remaining layers till all the bits of the additional data are embedded completely. At the data hider side as shown in Fig. 5, the embedding of additional data 14 end 15 end 16 I p = I 17 return I p (in the 1st layer) produces binary location map (for the 1st layer), then the embedding of additional data (in the 2nd layer) is done producing binary location map (for the 2nd layer) and so on till we reach the n-th layer. After, LM generation for the last or the n-th layer, we get the marked encrypted image. That is, after all the additional data bits are embedded, the marked encrypted image is generated after embedding is done in the last layer and the axillary information (LM and the number of layers) of each layer is collected. The marked encrypted image (I d ) is further processed by the permutation function. Moreover, the permutation operation can be understand by the Algorithm 1. We have chosen the block permutation operation on (I d ) to convert it into permutated marked encrypted image(I p ) using the initial value as a key Key 2 . In [51], lower the block size higher the security, in order to keep the security high, we have chosen the block size 4 and the 'rand' function from MATLAB is used to get the random sequence R, where Key 2 is the initial state. This scheme can survives illegal modification to some extent due to this inherent chaotic property. detailed embedding procedure can be seen in Algorithm 2.

C. EXTRACTION OF ADDITIONAL DATA AND RECONSTRUCTION OF IMAGE
At the receiver's side, to extract the additional data and recover the original image, the receiver must have both the keys (Key 1 , Key 2 ) and the auxiliary information shared via some private channel. First of all, the receiver applies the reverse permutation operation on I p using Key 2 to get marked encrypted image(I d ). Marked encrypted image (I d ) with the help of auxiliary information (A) is used to extract the additional data correctly. As shown in Fig. 5, the recovery of additional data (in the n-th layer) is done by using binary location map (for the nth layer), then the recovery of additional data (in the (n-1)-th layer) is done by using binary location map (for the n-1-th layer) and so on till we reach the 1st layer. After, we use the LM to extract additional data for the first layer, we get the encrypted image. After extracting the additional data from each layer, all the additional data is combined together to generate the original additional data. For the image recovery, the receiver performs the same procedure until the additional data is extracted completely, if corresponding bit of LM is the same as the current pixel value then 8 The embedded additional data bit is '0'; up to the first layer (layer 1). After that, the key Key 1 is used to recover the original image losslessly. The detailed procedure of additional data extraction and image recovery can be understood by the Algorithm 3. If the receiver dose not have auxiliary information, he/she can recover the approximate image.

IV. EXPERIMENTAL RESULTS
In this section, we have evaluated the performance of the proposed method by performing experiments on some of the standard gray-scale images 1 as shown in Fig. 6. The size of each test image is 512 × 512 pixels. All the computation is done on a PC with a Pentium (R) Dual-core CPU E5700@3.00 GHz and 4 GB RAM. The operating system used is Window 10 professional 64-bit, and all the 1 http://decsai.ugr.es/cvg/dbimagenes/g512.php where I i,j and R i,j denote the original image and the recovered image at the pixel location (i, j), respectively. A large value of PSNR shows that the constructed image has high visual quality. Wang&Bovik introduced SSIM [52] to measure the degradation in the quality based on structural information. The range of SSIM lies between -1 and 1. The value 1 indicates that the images are identically same. SSIM between two image I and R is formulated as where,µ I , µ R , σ 2 I , σ 2 R are the mean and variance of images I and R respectively, σ IR is the covariance between image I and R. c 1 and c 2 are the predefined constants which are as follows: where L is defined as the dynamic range of the pixel values. Our first experiment is based on the standard gray-scale image Lena shown in Fig. 7 (a) with the single layer. To understand the phases in our proposed scheme, image Lena has been taken as the main test image. In the initial phase, image is encrypted by [47], which is having chaotic property. Fig. 7 (b) shows the encrypted version of the original image, next, the encrypted image is sent to the data hider. In the data VOLUME 8, 2020 hiding phase, data hider embeds the additional data into the encrypted image and then permutated. Here, the additional data is a randomly generated bit stream. The permutated marked encrypted image can be visualized in Fig. 7 (c). At the recovery phase, the directly decrypted image can be seen in Fig. 7 (d) with PSNR =51.147 dB. In our proposed method the original image is recovered completely, which can be seen in Fig. 7 (e) having PSNR tends to +∞ dB and SSIM=1.0. Next, we have investigated our proposed method on six standard gray-scale images, having size of 512× 512 pixels as shown in the Fig. 6. Table 1 shows the performance of scheme, in terms of maximum embedding capacity for the single layer. The table shows PSNR (without additional data extraction), PSNR and SSIM (for the proposed scheme). It is analyzed from the PSNR and SSIM, that after data extraction and image recovery, our proposed scheme shows the property of complete reversibility.
Furthermore, we have demonstrated our results on multi-layer embedding on the test images shown in Fig. 6. The experimental results are shown in Table 2. It can be seen that up to four layers are used for embedding where the average PSNR of each layer lies between 51.00 and 51.50 dB and the maximum hiding capacity up to four layers is 4 bpp. If the PSNR value is larger than 35 dB, a human eye cannot distinguish between the marked image and the original image. In our proposed scheme, the degradation quality of the directly decrypted images is indistinguishable in the multi-layer even-odd embedding which means additional data can be embedded up to a large extent into an encrypted image without worrying about perceptible image quality of the directly decrypted image. From the fact of encryption technique, the encrypted image is become saturated i.e. the frequency of each pixel values is almost same. Moreover, the saturated encrypted image also shows the same number of even-odd values. In order to embed the encrypted additional information which is also show the saturation after encryption, only modify the approximately 50% of encrypted image pixels. In the result of directly decrypted image PSNR quality is always more than 50 dB. Additionally, applying multi-layer embedding, the resulted marked encrypted image pixel will change the encrypted pixel by approximately 50%. Hence, each layer for embedding, the proposed scheme gives guarantees for the PSNR of directly image is more than 50 dB.

A. COMPARISON WITH THE RELATED SCHEMES
In depth analysis of both VRAE and VRBE is explained in [21]. Both are the methods used for vacating room in RDH-EI schemes for additional data embedding. The proposed scheme is compared in two aspects, with existing schemes following VRAE and VRBE methods like Qian and Zhang [21], Ma et al. [22], Xiao et al. [53], Puteaux et al. [54], Puyang and Puech [55], and Yin et al. [56]. These two aspects are evaluated in terms of: 1) maximum embedding capacity and 2) maximum embedding rate. Where, the schemes [22], [53]- [56] are based on VRBE and [21] is based on VRAE. Table 3, shows a high embedding capacity of the scheme [56] which is better than the other existing schemes but with a drawback of high distortion in the directly decrypted image. The technique for embedding additional data in [56] is based on VRBE i.e, applying preprocessing technique to create space for additional data. This technique uses Most Significant Bit (MSB) prediction and Huffman Coding.
In [55], [56], the image quality of the directly decrypted image is given a lesser priority and the original image is recovered completely at the receiver's side after postprocessing of marked encrypted image. As compared with schemes [55], [56], our proposed scheme (considering the first layer) have lesser embedding capacity. But in our proposed scheme, when the embedding is done in the subsequent layers (second, third and so on), the overall embedding capacity drastically increases with each subsequent layer as shown in Table 2, without degradation of PSNR of the directly decrypted image,which signifies that our scheme is independent of texture of the original image unlike [54]- [56].   [5], [6], [22], [23], [25] on four test images: (a) Lena (b) Jetplane (c) Baboon (d) Boat.
Ma et al. [22] is VRBE based scheme, where the original image is preprocessed by some existing RDH method, to vacate the space for the data hider. But, the limitation of this scheme is that vacating of space is texture dependent. Xiao et al. [53] have used the simplified version of the interpolation technique to create space for the additional data in the image preprocessing phase. In [53] the additional data is embedded into the encrypted image through flipping the MSBs of primarily assigned pixels to achieve a higher embedding capacity than [21]. In [54], the original image is preprocessed to exploit the correlation between two neighboring pixels to predict the MSBs of the pixel. This scheme is able to provide an embedding rate of less than 1 bpp. Our proposed scheme furnishes higher embedding capacity than [22], [53], [54]. Qian and Zhang [21] scheme shares two similarities with our proposed scheme: 1) they are based on VRAE and 2) both are independent of the original image texture. The advantage of our scheme over Qian et al. [21] scheme is that for the first layer, the embedding capacity is higher.
Furthermore, we have compared our proposed scheme with schemes [5], [6], [22], [23] and [25] in Fig. 8 which shows the VOLUME 8, 2020 graph of visual quality (PSNR) versus ER, for the directly decrypted image. For comparison, we have generated the results on standard test images Lena, Jetplane, Baboon, Boat as shown in Fig. 6. The comparison results in Fig. 8 show that the PSNR of the proposed scheme is higher than the other compared schemes for all the test images. The idea of gaining high PSNR in our proposed scheme is due to the even-odd value characteristic of the encrypted pixel value. The maximum change in the value of any modified pixel is '±1'. This makes it obvious that the distortion of marked media is very less as compared with the existing schemes.

B. SECURITY ANALYSIS
In order to demonstrate the visual security level, we have performed the statistical analysis on the proposed method. We have used well known different statistical metrics: correlations analysis, entropy analysis through Shannons's method, χ 2 test [54], Number of Changing Pixel Rate (NPCR), Unified Averaged Changed Intensity (UACI) [57] and PSNR for all the phases to analyze the security of the proposed method.

1) CORRELATIONS ANALYSIS
The metric used for correlation analysis is correlation coefficient (CoC). For a original image CoC is nearly equal to one whereas for encrypted image its value tends to be zero in an ideal condition. CoC of two adjacent pixels can be mathematically expressed as following: where E(x) is the sample mean of x, V (x) is the sample variance of x,CoV (x, y) is the covariance between x and y and s is the sample size.

2) ENTROPY ANALYSIS
where I is the image with gray level (βi) for i ranging from 0 to 255 and P(βi) representing the probability for each gray level. Higher value for Shannon's entropy ensures higher security.

3) CHI SQUARE (χ 2 ) TEST
where χ 2 gives the divergence of the encrypted image from its theoretical image. It must be noted that the theoretical probability of gray level βi (0 ≤ i ≤ 255) for image is 1/256.

4) NPCR AND UACI
The number of changing pixel rate (NPCR) and unified averaged changed intensity (UACI) tests are used to evaluate any image encryption algorithm against differential attacks. These parameters calculate the amount of pixel change rate for an encrypted image whose original image has undergone a change in just one pixel value. The maximum theoretical value for NPCR and UACI are 100% and 33.33% respectively. The encrypted images, who have these values near to theoretical values, are considered more secure. where where I is the encrypted image and I is the encrypted image after one pixel changed in the original image.
In Table 4, the correlations for the six standard test images Fig. 6, between the adjacent pixels along the three directions i.e. horizontal, vertical and diagonal for the original, the encrypted and the marked encrypted image are given. The correlations for the original images are higher than those of the encrypted and the marked encrypted images, which tend to be zero.
For the image Lena in Fig. 9, for each of the three stages: original, encrypted and marked encrypted images, correlation can be visualized in the three directions: horizontal Fig. 9(a − c), vertical Fig. 9(d − f ) and diagonal Fig. 9(g−i). In terms of entropy, the values obtained for the original test images, have greater difference with the maximum theoretical value 8, when compared with the entropies for the encrypted and the marked encrypted images. This narrow difference in the entropies of encrypted and marked encrypted images ensure the security of our scheme. The chi square (χ 2 ) values for the original images are far more than the values of the encrypted and the marked encrypted images ensuring higher security to our scheme. Allied to this, NCPR values are closer to theoretical value 100%. Same is the case with UACI,  where the results approach the theoretical value 33.33%. These results support the security claim of our scheme. For all the results, in context of PSNR, the values are less than 10 dB supporting the fact that the original images are different from the encrypted and the marked encrypted images. Hence, it can be concluded that our scheme is secure.

C. CHOSEN PLAINTEXT ATTACK
In this subsection, we have applied chosen plaintext attack for the encryption scheme to test whether the encryption function is sufficiently secure. In order to do so, a grayscale image (I 150 ) is constructed which is having size 512 × 512, whose each pixel value fixed 150, which can be visualized in Fig. 10(a). Next, the Fig. 10(b) is the encrypted image (E 150 ) of I 150 , where encryption key (Key 1 ). Furthermore, in order to predict the relationship between the plaintext and ciphertext, a mask image is (M 150 ) constructed by taking XOR operation between chosen plaintext and ciptertext (M 150 = I 150 ⊕ E 150 ), the mask image can be visualized in Fig. 10 (c). In order to see the performance of chosen plaintext attack a peppers image (I peppers ) is chosen as shown in Fig. 10(d) whose encrypted image is I peppers Fig. 10(e). The recovered plain image is calculated by applying the constructed mask image and encrypted image of peppers, which can be calculated by R peppers = M 150 ⊕E peppers and visualised in Fig. 10(f). From the Fig. 10(f) it can be easily understood that the encryption function with the same key does not disclose any information. Moreover, the chosen encryption scheme has better permutation and diffusion, which makes the encryption scheme secure against the chosen plaintext attack.

D. CROPPING ATTACK
In this subsection, we have considered that if cropping attacker on marked encrypted image after the data hiding phase, the receiver can recover the original image successfully with some distortion. Hence, the scheme survives illegal cropping attack to some extent. Fig. 11(a − c) shows the cropping attack in marked encrypted image and Fig. 11(d −f ) shows the corresponding recovered image. It shows, that even with different levels of cropping during the transmission, the legitimate receiver can decrypt the original image successfully with some level of noise.

V. CONCLUSION
In this study, we proposed a new RDH scheme for the encrypted images, using multi-layer even-odd value embedding technique. We divided the proposed scheme into three basic phases: First phase includes encryption of the original image, embedding the additional data in the data hiding phase has been considered in the second phase, and the last phase describes extraction of the additional data and recovery of the original image. In the first phase, the content owner of the original image encrypts the image by using encryption based on the chaotic behaviour of PWL-memristor. In the second phase, without knowing the original content of the original image, the data hider/service provider embeds the additional data into the encrypted image. In order prevent the perceptual information leakage to the marked encrypted image, permutation operation is applied on the marked encrypted image.
In the third phase, after the receiver obtains the permuted marked encrypted image, the receiver must have both the keys along with the auxiliary information to extract the embedded data and recover the image losslessley, i.e. without any distortion.
If the receiver has both of the decryption and the permutation keys, the approximate cover image is recovered. The experimental results show that the proposed scheme achieves reversibility with high embedding capacity. Additionally, the scheme survives cropping attack in the post embedding phase with some distortion in the directly decrypted image. Future work can be done to optimize the size of the axillary information for further improvement of the scheme.