**4. Compared the current algorithms and approaches**

In refs. [8–10], by comparing three papers, I presented them in my study, which compared their results.

#### **4.1 Hybrid algorithms**

In ref. [8], three hybrid methods have been proposed for image encrypting and decrypting. This section describes the key generation, background process, and algorithm for image encryption and decryption. The algorithms are mentioned below:


In this section I will explain two things:


#### *4.1.1 Key generation of ECC*

Here is an overview of the elliptical curve cryptography method. Elliptical curves are used over a finite prime field.

$$\mathbf{f}\left(\mathbf{F\_p}\right) = \{\mathbf{a}, \mathbf{b}, \mathbf{p}, \mathbf{G}\} \tag{1}$$

$$\mathbf{Y}^2 \equiv \mathbf{x}^3 + \mathbf{a}\mathbf{x} + \mathbf{b} \pmod{\mathbf{p}} \text{ and } 4\mathbf{a}^3 + 2\Im \mathbf{b}^2 \neq \mathbf{0} (\text{mod } \mathbf{p}) \tag{2}$$

Where Fp is the finite field over a prime number p with generator G. a, b are curve parameters.

Whenever you multiply a point with different scalars, it creates every point on the curve. This is the generator of the curve G. To generate keys for elliptic curve cryptography, they have been defined the order of elliptic curve n as the smallest integer which when multiplied by generator G gives the zero point at infinity, that is, nG = O. **Figure 3** shows how does the ECC key generates.

#### *4.1.2 ECC with AES for image encryption and decryption*

For the encryption and decryption of images, Elliptic Curve Cryptography (ECC) is used in combination with AES. AES-128, AES-192, or AES-256 encryption and decryption are performed using the Cipher Feedback (CFB) mode. The initialization vector (IV) must be the same length and it should be a multiple of 16 or 24 or 32 bits, respectively. The initialization vector (IV) is not required for the Electronic Code Book (ECB) mode. AES encrypted bytes are converted to large integers to reduce operating costs by encrypting 2 � group size number of bytes in one ECC operation. This is because Base 256 represents values from 0 to 255 on the XY plane, and ECC encryption uses a point addition formula to encrypt any point on the XY plane. The algorithm is working with an 8-bit image whose pixel intensities range from 0 to 255. The benefit of performing such an operation is to eliminate the need to create a mapping table, which would otherwise be computationally impossible if an extremely large prime number was used to generate the finite field and share it between users.

#### **Figure 3.**

*Key generation of ECC [11]. Using ECC as an asymmetric approach, we have included key generation in their algorithm.*

**Figure 4.** *AES-ECC hybrid encryption system [8].*

Decrypting is achieved by reflecting the SSK coordinates for the x-axis and taking modulus p. The reflected point is then added to the x-axis using the point addition formula for performing the inverse operation. **Figure 4** shows an AES-ECC hybrid encryption system.

#### **4.2 Texture encryption scheme**

In ref. [9], Using Salsa20/12 for the upper nibble image encryption, the bitstreams of the lower nibble image are scrambled by permuting a zigzag pattern on the bitstream. They have been called our encryption mechanism 'Salsa Dance'since it is consistent with (Latin American) Salsa movement. Infer the steps of the encryption algorithm, P being the plain image, N being the nibble image, and C being the cipher image. If RGB is a 24-bit representation, each flat image, nibble image, or cipher image is represented by three M \* N matrices, so R, G, and B color layers. For any pair of x (1 ≤ x ≤ M) and y (1 ≤ y ≤ N), multiply p (x, y) by n (x, y) and the result is the flat image, nibble image, or cipher image. P (x, y) and c (x, y) are the entry values for the plain-images, nibble images, and cipher images, respectively; n (x, y) ∈ {0, 1, … , 15}.

A 24-bit texture image with one color layer has the encryption procedure described below. For the other color layers, the procedure is similar. By splitting every entry into upper and lower nibbles, we could break the plain image into two nibble images that correspond to x and y. For any x (1 ≤ x ≤ M) and y (1 ≤ y ≤ N), n1 (x, y) and n2 (x, y) are defined as follows:

$$\mathbf{n}\_1\left(\mathbf{x}, \mathbf{y}\right) = \mathbf{p}\left(\mathbf{x}, \mathbf{y}\right) \bmod 2^4 \tag{3}$$

$$\mathbf{n}\_2\ (\mathbf{x}, \mathbf{y}) = \left(\mathbf{p}\ (\mathbf{x}, \mathbf{y}) - \mathbf{n}\mathbf{1}\ (\mathbf{x}, \mathbf{y})\right) \cdot \mathbf{2}^{-4} \tag{4}$$

**Figure 5** shows a zigzag path for scanning an image with the dimensions 3 \* 4 in **Figure 5a** if mod(s, 12) = 7. In this case, entry scanning starts at the 7th entry and ends at the 9th entry, which is the entry immediately before the initial one. Scanning involves the placement of bits, column by column, in a matrix sequentially as they have been encountered. Permutation affects both bit-plane image bits (diffusion) as well as the values of nibbles (confusion). A mod (s, 12) = 7, the permutation result of the test bit-plane image can be seen in **Figure 5b**. Following the permutation process, when the scrambled bit-plane image is combined with every 4 consecutive columns, the encrypted lower nibble-image with size M \* N can be reconstructed.

The final step is to create the cipher image by combining the encrypted upper and lower nibble images. To summarize, the whole encryption process is as follows:

$$\mathbf{P} = \mathbf{2}^4 \ \mathbf{N}\_2 + \mathbf{N}\_1 \tag{5}$$

$$\mathbf{C} = \mathbf{E}\left(\mathbf{P}\right) = \mathbf{2}^4 \cdot \mathbf{E}\_2\left(\mathbf{N}\_2\right) + \mathbf{E}\_1\left(\mathbf{N}\_1\right) \tag{6}$$

Where,

$$\mathbf{E\_2 \ (N\_2)} = \mathbf{Salsa20/12 \ (N\_2)}\tag{7}$$

$$\mathbf{E\_1 (N\_1) = Perm (N\_1)}\tag{8}$$

PK (plain image), N1, N2 (lower nibble image), and C (upper nibble image) refer to plain, lower, and upper nibble images, respectively. In decryption, cipher images are further divided into upper and lower nibble images. In 24-bit texture images, there is a close correlation between different layers of color in the image. The upper and lower nibbles are decrypted with the same keystream used in encryption, while the inner nibble is decrypted by inverse permutation. To meet this requirement, Salsa20/ 12 uses a 64-bit nonce each time the color layer is encrypted. The same message will

**Figure 5.** *(a) A zigzag path to scramble bits of a bit-plane image, and (b) permutation result [9].*

never be encrypted twice in the same way so that there is always a different ciphertext. If the same nonce and key are used on two different plaintexts, then you can cancel the keystream out by masking the ciphertexts together.

## **4.3 PLIE method**

In ref. [10], this method ensures image data security using three different processes, of splitting, distributing, and scrambling the images. In addition, it ensures user privacy by keeping metadata in the mobile device, and finally storing it on the cloud. A split image file is broken into two parts: the header and the contents. The header contains several privacy-protecting features, including the image type, size, date of creation, chunk size, height, width, and resolution. There are many chunks of content. For distribution, chunks may be divided based on a pattern, such as a key, a predefined function, or an individual chunk. PLIE categorizes patterns as odd chunks (file1) and even chunks (file2) that are sequentially repeated. The maximum number of chunks is m = (image size/chunk size)—header size, where the image size is the size in bytes of the image file, and chunk size is the size of the chunks.
