A Chaos-Guided Feature Level Image Encryption Framework Based on Tinkerbell Map and Fusion Autoencoder

2.1 Chaotic map based on Tinkerbell

Chaotic maps have been extensively utilized in cryptographic systems due to their intrinsic nonlinear behavior, sensitivity to initial conditions, and capability to generate pseudo-random sequences. In contrast to commonly used one-dimensional chaotic maps, two-dimensional chaotic systems provide higher dynamical complexity and a substantially larger phase space, which are critical for enhancing security in modern image encryption frameworks [23]. In this study, the Tinkerbell chaotic map is employed as the core chaotic mechanism owing to its strong nonlinear coupling and rich chaotic dynamics, making it particularly suitable for feature-level encryption in deep learning–based architectures. The Tinkerbell chaotic map is defined as a discrete-time two-dimensional nonlinear dynamical system [24]. Given an initial state $\left(x_0, y_0\right)$ and a set of control parameters $(a, b, c, d)$, the evolution of the chaotic system is governed by the iterative equations, as calculated in Eq. (1). Here, $x_n$ and $y_n$ are the chaotic state variables at the $n$-th iteration, while $a$, $b$, $c$, and $d$ are real-valued control parameters that determine the system’s chaotic behavior. For appropriate parameter selections, the Tinkerbell map exhibits strong chaotic properties, including aperiodicity and ergodicity, which are essential for secure cryptographic key generation. To enhance sensitivity to initial conditions and prevent transient effects, the chaotic system is iterated for a predefined number of steps $N_t$, during which the initial transient states are discarded. The effective chaotic sequences are then obtained as calculated in Eq. (2). The resulting chaotic sequences $X$ and $Y$ typically exhibit unbounded amplitudes, which are unsuitable for direct integration with deep learning models. Therefore, a normalization operation is applied to map the chaotic values into a bounded interval. This normalization process is performed as expressed in Eq. (3).

$\begin{gathered}x_{n+1}=x_n^2-y_n^2+a x_n+b y_n, \\ y_{n+1}=2 x_n y_n+c x_n+d y_n\end{gathered}$          (1)

$X=\left\{x_n \mid n>N_t\right\}, Y=\left\{y_n \mid n>N_t\right\}$         (2)

$\begin{aligned} \hat{x}_n & =\frac{x_n-\min (\mathrm{X})}{\max (\mathrm{X})-\min (\mathrm{X})}, \\ \hat{y}_n & =\frac{y_n-\min (\mathrm{Y})}{\max (\mathrm{Y})-\min (\mathrm{Y})}\end{aligned}$        (3)

The normalized chaotic sequences $\hat{x}_n$ and $\hat{y}_n$ are then combined to construct a composite chaotic control signal, which is used to guide feature-level transformations within the proposed encryption framework. This fusion operation is formulated as calculated in Eq. (4). In Eq. (4), $\mathrm{C}_n$ represents the final chaos-driven control sequence, while $\alpha$ is a weighting factor that balances the influence of both chaotic dimensions. This formulation enables flexible adjustment of chaotic intensity and ensures high randomness in the generated control signal. Unlike conventional chaotic encryption methods that apply chaotic sequences solely for pixel permutation or diffusion [25], the proposed approach integrates the Tinkerbell chaotic dynamics directly into the feature representation domain of a deep autoencoder.

$\mathrm{C}_n=\alpha \hat{x}_n+(1-\alpha) \hat{y}_n, 0<\alpha<1$        (4)

As seen in Figure 1, the bifurcation diagram of the Tinkerbell chaotic map with respect to the control parameter $a$, while the remaining parameters $(b, c, d)$ and the initial conditions $\left(x_0, y_0\right)$ are kept fixed. As the parameter $a$ varies, the evolution of the state variable $x_n$ demonstrates a clear transition from stable behavior to chaotic dynamics [26]. For lower values of $a$, the sequence $\left\{x_n\right\}$ converges to a narrow range, indicating periodic or quasi-periodic motion governed by stable fixed points. Mathematically, this corresponds to regions where the magnitude of the dominant eigenvalues of the system’s Jacobian matrix remains less than unity, resulting in bounded and predictable trajectories. As $a$ increases and enters the chaotic regime, the distribution of $x_n$ becomes dense over a wider interval, as observed in Figure 1. In this region, the recurrence relation defined in Eq. (1) produces trajectories that are extremely sensitive to both initial conditions and parameter perturbations, such that $\left|x_n-x_n^{\prime}\right|\rightarrow \infty$ for arbitrarily small differences in $\left(x_0, y_0\right)$ or $a$ after sufficient iterations. This sensitivity implies that the long-term evolution of the system cannot be predicted through linear approximation or short-term observation, which is a desirable property for cryptographic key generation. The broad chaotic interval illustrated in the bifurcation diagram confirms that the Tinkerbell map offers a richer and more stable chaotic domain compared to low-dimensional maps with narrow chaotic windows. The encryption effect of the Tinkerbell chaotic dynamics is visually demonstrated in Figure 2. As shown in Figure 2(a), the plain image exhibits strong spatial correlations, where neighboring pixel intensities $p_i$ and $p_j$ satisfy a high correlation coefficient $\rho\left(p_i, p_j\right)=1$. Such correlations reflect the inherent redundancy present in natural images and represent a structural weakness from a cryptographic perspective. If not properly disrupted, these correlations can be exploited through statistical analysis or chosen-plaintext attacks. After applying the Tinkerbell-based encryption process, the cipher image shown in Figure 2(b) displays a noise-like appearance with no visually discernible structures. This indicates that the permutation and diffusion processes driven by the chaotic sequence have effectively transformed the original pixel distribution $P(p)$ into a cipher distribution $P(c)$ that approaches uniformity. From a mathematical standpoint, the encryption aims to minimize spatial correlations such that $\rho\left(c_i, c_j\right) \rightarrow 0$ for adjacent cipher pixels, while simultaneously increasing entropy toward its theoretical maximum.

(a) Plain image

(b) Cipher of Tinkerbell map

Figure 2. Encryption result using Tinkerbell chaotic map

2.2 Chaotic feature key generation

The plaintext image is first processed using the SHA-256 hashing algorithm, which produces a fixed-length 256-bit hash value [27]. Due to the avalanche property of SHA-256, even a minimal variation in the plaintext image results in a significantly different hash output. This characteristic ensures that feature keys generated for two visually similar images remain completely independent, even when identical chaotic parameters are employed. The SHA-256 hash of I is denoted as h = SHA256(I) [27, 28]. In order to introduce spatial dependency between the image content and the chaotic initialization, a plaintext-related offset parameter $p$ is calculated by Eq. (5). Based on Eq. (5), $\operatorname{im}$ $(i)$ is the grayscale intensity value of the $i$-th pixel obtained through raster scanning of the plaintext image. The hash vector $h$ is subsequently segmented into multiple disjoint blocks, each of which is used to perturb the initial conditions of the Tinkerbell chaotic map. Based on the offset parameter $p$, four 64-bit segments are selected from the hash vector and combined with user-defined secret values $\left\{b_1, b_2, b_3, b_4\right\}$ to generate the chaotic initial states. This process is calculated using Eq. (6). The plaintext-dependent components derived from the SHA-256 hash are embedded into the key initialization parameters or securely transmitted alongside the ciphertext, allowing the receiver to reconstruct the same chaotic sequences without requiring access to the original plaintext. Where $h_{m: n}$ is the hash segment extracted from position $m$ to $n$. Using the initial conditions and parameters defined in Eq. (6), the Tinkerbell chaotic map is iterated according to Eq. (1) to generate chaotic sequences $\left\{x_n\right\}$, and $\left\{y_n\right\}$. After removing transient states, the resulting sequences are normalized and fused to form a chaos-guided control sequence whose length matches the total number of elements in the encoded feature tensor. Consequently, the generated feature key exhibits strong sensitivity to both the secret parameters and the plaintext image, ensuring that the same secret key produces entirely different feature keys when applied to different images.

$p=\bmod \left(\sum_{i=1}^{W H} i \cdot \operatorname{im}(i), 256\right)$        (5)

$\left\{\begin{aligned} x_0 & =\frac{\bmod \left(h_{p: p+64} \oplus b_1, 2^{64}\right)}{2^{64}}, \\ y_0 & =\frac{\bmod \left(h_{p+65: p+128} \oplus b_2, 2^{64}\right)}{2^{64}}, \\ a & =\frac{\bmod \left(h_{p+129: p+192} \oplus b_3, 2^{64}\right)}{2^{64}}, \\ b & =\frac{\bmod \left(h_{p+193: p+256} \oplus b_4, 2^{64}\right)}{2^{64}},\end{aligned}\right.$          (6)

2.3 Autoencoder network configuration

The autoencoder provides a deterministic and hierarchical mapping between the image domain and a latent feature domain, enabling multi-scale feature extraction and reconstruction while preserving essential spatial and structural information. This backbone serves as a foundational representation framework and, by itself, does not perform any encryption-specific operations. The backbone architecture follows a symmetric encoder–decoder configuration composed of convolutional, deconvolutional, residual, and dense connectivity components. The encoder progressively transforms the input image into higher-dimensional feature representations by reducing spatial resolution while increasing channel depth. Conversely, the decoder performs the inverse transformation, reconstructing the image from encoded features through a mirrored sequence of operations.

This symmetric design ensures dimensional consistency and supports stable reconstruction across multiple feature scales. As seen in Figure 3, the autoencoder backbone is organized into four primary functional modules that define the overall flow of feature representations throughout the network. The Feature Extraction Module (FEM) operates along the encoding pathway and performs hierarchical feature extraction using convolutional and residual operations, capturing progressively abstract representations from the input image. The Feature Decoding Module (FDM) is employed along the decoding pathway and reconstructs spatial details through deconvolutional and residual transformations.

In addition, Feature Fusion Enhancement Modules (FFEM) are incorporated to facilitate multi-scale feature interaction and refinement without altering spatial resolution, while Feature Fusion Decoding Modules (FFDM) support effective feature fusion and detail recovery during the reconstruction process. The detailed layer-wise parameter configuration of the autoencoder backbone is summarized in Table 1, which demonstrates a carefully designed balance between representational capacity and computational complexity. Here, Table 1 shows that the backbone begins with a convolutional input layer employing a 5 × 5 kernel to map the single-channel grayscale image into 32 feature channels, requiring only 832 learnable parameters. This initial expansion enables effective capture of low-level spatial patterns while maintaining a lightweight parameter footprint. Subsequent convolutional layers with 3 × 3 kernels progressively increase the channel dimensionality from 32 to 256, reflecting a deliberate design choice to enhance representational capacity as spatial resolution decreases. The cumulative parameter count of the convolutional and residual blocks within the FEM reaches approximately 3.7 × 10⁶, indicating a moderate-depth encoder capable of extracting rich hierarchical features without excessive computational burden. In the decoding pathway, the FDM mirrors the encoder structure through a sequence of deconvolutional layers and residual blocks. As summarized in Table 1, these layers progressively reduce the channel dimensionality from 256 back to 32 while restoring spatial resolution. The total number of learnable parameters within the FDM is approximately 2.5 × 10⁶, which is slightly lower than that of the encoder, reflecting the reduced complexity required for reconstruction compared to feature abstraction. This asymmetric parameter distribution contributes to stable reconstruction performance while avoiding unnecessary redundancy in the decoder.

Figure 3. Our architecture model

Table 1. Parameter layer initialization

The autoencoder is trained prior to the encryption process to learn stable grayscale image reconstruction and is not optimized specifically for the test images used in the evaluation. The training data consist of grayscale images resized to a fixed input resolution and are split into training and validation sets using an 80:20 ratio. The network is trained using the Adam optimizer with a learning rate of 1 × 10⁻⁴, a mini-batch size of 16, and Mean Squared Error (MSE) as the reconstruction loss function, for a total of 50 epochs while monitoring validation performance. After training, all learned parameters, including convolutional, deconvolutional, residual, and dense block weights, are kept fixed and used as a feature transformation backbone during both encryption and decryption stages, ensuring that the reported performance is attributed to the proposed chaos-guided feature-level encryption mechanism rather than task-specific retraining.

The FFEM implemented using dense connectivity contributes the largest share of parameters, with approximately 3.3 × 10⁷ learnable weights. This substantial parameter allocation enables extensive feature reuse and strengthens information flow among intermediate representations. In contrast, the FFDM, composed of stacked residual blocks with decreasing channel dimensions, contains approximately 1.9 × 10⁷ parameters, supporting effective feature refinement and detail recovery during image reconstruction.

This section presents the experimental evaluation and performance analysis of the proposed chaos-guided feature-level image encryption method. Comprehensive experiments are conducted to assess the effectiveness, security, and robustness of the proposed scheme. The results are discussed in detail through quantitative metrics and visual analysis, and comparisons with existing encryption methods are provided to demonstrate the advantages and practical feasibility of the proposed approach.

4.1 Experimental results

All experiments are conducted using standard grayscale test images (Barbara, House, Tree, and Candy), which are widely used due to their diverse structural characteristics. Each image is resized to a unified resolution without additional preprocessing to ensure consistent evaluation. To maintain fair comparison, all methods, including different chaotic maps, are tested within the same experimental framework under identical conditions, including image inputs, resolution, and processing pipeline. It should be noted that the evaluation is limited to these representative grayscale images, and therefore the results are interpreted within this experimental scope and may not fully generalize to more complex image types such as color or large-scale datasets.

To visually demonstrate the effectiveness of the proposed encryption scheme, a set of standard grayscale test images is employed, namely barbara.tiff, house.tiff, tree.tiff, and candy.tiff. The corresponding encryption and decryption results are illustrated in Figure 6. As seen in Figure 6(a), the plain images are arranged from top to bottom in the following order: barbara.tiff, house.tiff, tree.tiff, and candy.tiff. These images are selected to represent diverse image characteristics, including high-frequency textures (Barbara), strong geometric structures (House), complex natural contours (Tree), and clustered object patterns (Candy), thereby providing a comprehensive evaluation of the proposed method under different visual conditions. The encryption results using the Tinkerbell chaotic map alone, as shown in Figure 6(b), still exhibit residual structural patterns, particularly in texture-rich images, indicating limitations of pixel-level chaos encryption. In contrast, the proposed method in Figure 6(c) produces uniformly noise-like cipher images with no visible structures, demonstrating more effective disruption of spatial correlations. The decrypted results in Figure 6(d) closely resemble the original images, confirming accurate and reliable reconstruction when the correct key is applied.

Figure 6. Visual comparison of encryption and decryption results on standard test images

4.2 Entropy analysis

In this subsection, entropy analysis is conducted to evaluate the effectiveness of the proposed encryption method in disrupting the statistical characteristics of the original images. The entropy values of the plain images, Tinkerbell-based encrypted images, and the proposed cipher images are compared to provide a quantitative assessment of encryption performance. The comparison results as seen in Figure 7. As observed, the entropy values produced by the Tinkerbell-based encryption remain slightly below the ideal value of 8 bits for all test images, indicating that residual statistical patterns still exist when chaotic encryption is applied directly. In contrast, the proposed cipher consistently achieves entropy values that are closer to the theoretical ideal value, with values of 7.999 for Barbara, House, and Tree, and 7.998 for Candy. This improvement demonstrates that the proposed chaos-guided feature-level encryption more effectively randomizes pixel intensity distributions. The observed increase in entropy confirms that embedding chaotic control signals into the deep feature domain significantly enhances statistical randomness compared to conventional chaos-based encryption. The consistently high entropy across different image types further indicates that the proposed method is robust against statistical attacks and maintains stable encryption performance regardless of image content complexity.

Figure 7. Value of entropy

4.3 Number of Pixels Change Rate and Unified Average Changing Intensity analysis

An effective image encryption scheme should exhibit high NPCR and UACI values, indicating that a minimal change in the input image leads to significant differences in the resulting cipher image. The comparison of NPCR values between the Tinkerbell-based encryption and the proposed method is seen in Figure 8. As seen in Figure 8, the proposed cipher consistently achieves higher NPCR values across all test images. Specifically, the proposed method attains NPCR values of 99.64% for Barbara, 99.63% for House, 99.62% for Tree, and 99.62% for Candy, which are all very close to the theoretical ideal value of 99.6%. In contrast, the Tinkerbell-based encryption produces slightly lower NPCR values ranging from 99.42% to 99.48%. This improvement indicates that the proposed encryption scheme exhibits stronger sensitivity to plaintext changes, effectively amplifying minor pixel variations into widespread differences in the cipher image. As seen in Figure 9, the proposed cipher achieves consistently higher UACI values compared to the Tinkerbell-based encryption. The proposed method yields UACI values of approximately 33.47% for Barbara, House, and Tree, and 33.46% for Candy, which are very close to the ideal theoretical value of 33.46%. Meanwhile, the UACI values obtained using the Tinkerbell-based approach remain lower, ranging from 33.25% to 33.28%. These results demonstrate that the proposed scheme induces stronger average pixel intensity changes.

Figure 8. Value of Number of Pixels Change Rate (NPCR)

Figure 9. Value of Unified Average Changing Intensity (UACI)

4.4 Differential noise attack

Evaluating the robustness of an image encryption scheme against noise perturbations is an important aspect of security analysis. A robust encryption method should preserve its randomness characteristics and resist information leakage even when the encrypted data is corrupted by noise. In this subsection, differential noise attacks are conducted by introducing different noise models to both the plain images and the corresponding cipher images. The impact of Gaussian noise and salt-and-pepper noise at different intensity levels is analyzed to assess the resilience of the proposed encryption scheme. The experimental results provide insight into how well the encrypted images maintain statistical security under noisy conditions.

4.4.1 Gaussian noise attack

To evaluate the robustness of the proposed encryption scheme under additive noise interference, a Gaussian noise attack with a noise intensity of 10% is conducted in this experiment. Gaussian noise is commonly used to model random disturbances introduced during image acquisition or transmission processes. An effective encryption scheme should maintain its security properties and enable reliable decryption even when the encrypted data is corrupted by such noise. As shown in Figure 10(a), the plain image corrupted by 10% Gaussian noise remains visually recognizable, indicating that Gaussian noise alone is insufficient to hide image details. The Tinkerbell-based encrypted image in Figure 10(b) still exhibits residual directional patterns, reflecting limited robustness to noise at the pixel level. In contrast, the proposed cipher shown in Figure 10(c) maintains a uniformly random, noise-like appearance with no visible structures. The decrypted image in Figure 10(d) closely matches the original plain image, demonstrating that the proposed scheme ensures reliable image recovery even under Gaussian noise interference.

Figure 10. Gaussian noise attack

4.4.2 Salt and peppers noise attack

In addition to Gaussian noise, salt-and-pepper noise is considered to further evaluate the robustness of the proposed encryption scheme against impulse noise disturbances. Salt-and-pepper noise introduces random occurrences of extreme pixel values, typically represented by black and white dots, and is commonly encountered during image transmission or sensor malfunction. Similar to the Gaussian noise attack, a noise density of 10% is applied in this experiment. As shown in Figure 11(a), the plain image corrupted by 10% salt-and-pepper noise remains visually recognizable, indicating that impulse noise alone does not sufficiently conceal image content. The Tinkerbell-based encrypted image in Figure 11(b) exhibits residual structural patterns and uneven noise distribution, reflecting limited robustness against impulse noise. In contrast, the proposed cipher in Figure 11(c) preserves a uniformly random, noise-like appearance with no discernible structures. The decrypted result in Figure 11(d) closely matches the original plain image, demonstrating that the proposed method maintains both encryption security and reliable image recovery under salt-and-pepper noise conditions. As seen in Table 2, the proposed cipher demonstrates stable reconstruction quality under both Gaussian and salt-and-pepper noise attacks. For all test images, the Peak Signal-to-Noise Ratio (PSNR) values under 10% Gaussian noise remain above 30 dB, indicating that the decrypted images preserve a high level of visual fidelity despite noise corruption. Correspondingly, the Structural Similarity Index Measure (SSIM) values consistently exceed 0.94, confirming strong structural similarity between the decrypted images and their original counterparts.

Figure 11. Salt & peppers noise attack

Table 2. PSNR and SSIM values under noise attacks

When subjected to 10% salt-and-pepper noise, a moderate reduction in PSNR and SSIM is observed across all images, which is expected due to the impulsive nature of this noise type. Nevertheless, the PSNR values remain close to 29 dB, while SSIM values stay above 0.92, indicating that the proposed method maintains robust reconstruction performance even under severe impulse noise conditions. These results demonstrate that the proposed encryption framework not only ensures strong security but also exhibits resilience against common noise attacks during transmission.

Beyond numerical proximity to theoretical values, the observed improvements can be attributed to the integration of chaos-driven perturbation within the feature domain. Unlike the Tinkerbell-only scheme, which operates at the pixel level, the proposed method applies diffusion and shuffling on hierarchical feature representations, enabling more effective disruption of spatial dependencies across multiple scales. This explains the consistent increase in entropy, NPCR, and UACI, indicating stronger resistance to statistical and differential attacks in practice. In terms of reconstruction, the reported PSNR values in the range of 29–31 dB under noise conditions indicate that the essential structural information of the image is preserved, while minor degradations remain perceptually acceptable. Therefore, the term “reliable reconstruction” in this study refers to the ability of the method to maintain visually consistent and structurally accurate outputs under controlled noise disturbances, rather than implying perfect or lossless recovery in all conditions.

4.5 Result comparison with other methods

To ensure a transparent and controlled comparison, all evaluated chaotic maps are reimplemented within the same fusion autoencoder framework proposed in this study. The overall architecture, training configuration, input images, resolution, and processing pipeline are kept identical for all methods. Only the chaotic map formulation and its corresponding control parameters are adopted from the respective studies, while the integration mechanism, including feature-level fusion, permutation, and diffusion stages, is unified under the proposed framework. This design isolates the effect of the chaotic system itself and avoids discrepancies arising from differences in model architecture or training strategy. Therefore, the comparison presented in Table 3 should be interpreted as a controlled internal evaluation under a unified framework rather than a direct reproduction of each original method in its native implementation.

Table 3. Comparison with other methods

As seen in Table 3, all chaos-based methods achieve entropy values close to the theoretical ideal value of 8 bits, indicating strong randomness in the encrypted images. However, the proposed method based on the Tinkerbell map consistently attains the highest entropy values across all test images, reaching 7.999 for Barbara, House, and Tree, and 7.998 for Candy. This demonstrates that the Tinkerbell-driven chaotic control introduces more effective randomness into the feature domain when combined with the fusion autoencoder. In terms of differential attack resistance, the proposed method also outperforms the other chaotic maps. The NPCR values obtained using the Tinkerbell map range from 99.62% to 99.64%, which are consistently higher than those achieved by the Logistic, Henon, and Arnold maps. Similarly, the UACI values of the proposed method reach up to 33.47%, closely approaching the theoretical ideal value of 33.46%. Although the competing chaotic maps exhibit strong diffusion characteristics, their NPCR and UACI values remain slightly lower, indicating comparatively weaker sensitivity to plaintext variations. Overall, the comparative analysis confirms that while the fusion autoencoder architecture provides a strong and stable encryption backbone for all chaotic maps, the choice of chaotic system plays a critical role in determining the final security performance. The superior results achieved by the Tinkerbell map demonstrate that its complex dynamical behavior and higher sensitivity to initial conditions offer enhanced randomness and diffusion when embedded within the proposed fusion autoencoder framework. These findings validate the effectiveness of the proposed method and highlight the advantage of combining feature-level encryption with an appropriately selected chaotic system.