3.1 End-to-end workflow overview

Fig 1 summarizes the complete end-to-end workflow of the proposed framework. At the sender side, each DICOM image is first normalized and compressed using an -regularized near-lossless scheme that produces two self-contained compressed outputs: a primary JPEG 2000 codestream and a primary JPEG 2000 codestream and a residual codestream produced under -regularized correction constraints applied prior to entropy coding. These compressed codestreams form the exclusive inputs to the cryptographic layer. Next, a post-quantum–resilient key establishment procedure (Protocol A) derives a shared session secret, from which an image-specific symmetric key is deterministically generated using DICOM identifiers. This per-image key initializes the hyperchaotic encryption engine, which independently encrypts the primary and residual codestreams using domain-separated sub-keys, without operating on raw pixel data. Before transmission, an authentication tag is computed over the encrypted streams and associated metadata, and a privacy-preserving verification record is written to a permissioned ledger. At the receiver side, the same cryptographic keys are re-derived locally, integrity and provenance are verified prior to decryption, and the encrypted codestreams are decrypted and decoded to reconstruct a near-lossless image consistent with the applied -regularized residual refinement.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 1. End-to-end step-by-step workflow of the proposed DICOM-compliant framework.

https://doi.org/10.1371/journal.pone.0348013.g001

Algorithms 1 and 2 present the complete sender- and receiver-side workflows implementing the proposed secure imaging framework. Protocol A defines the post-quantum–resilient session key establishment and the subsequent image-specific key derivation used by both sender and receiver.

Notation Summary (used in Protocol A and Algorithms 1,2)

• pk_PQC, sk_PQC: Receiver’s PQC public/private keys (e.g., ML-KEM).
• ct_pqc: Ciphertext output from PQC encapsulation.
• : KEM shared secret recovered after decapsulation.
• S: Session seed from HKDF (, ...).
• K_img: Per-image key derived from S and DICOM UIDs.
• : Encrypted primary and residual streams.
• Tag: HMAC tag over canonical bundle.
• LedgerTxnID: Ledger transaction identifier for verification record.

3.2 Sender-side framework

Algorithm 1 presents the sender-side workflow of the proposed secure DICOM imaging framework.

Algorithm 1 Sender-side algorithm

1:   Goal: Compress, encrypt, authenticate, and register verification for a DICOM image without transmitting any symmetric keys.

2:   Inputs: DICOM image I, PQC public key pk_PQC, quality parameters Q_p, Q_r, error bound , receiver identifier, session nonce

3:   Outputs: Encrypted streams , bit depth B, PQC ciphertext ct_pqc, authentication tag Tag, ledger transaction ID LedgerTxnID

   Step 1 — Preprocess & Compress (-regularized near-lossless)

4:   Load DICOM file and extract pixel data, bit depth B, and UIDs

5:   Normalize pixel intensities to [0,1]

6:   Encode primary JPEG 2000 stream with quality Q_p

7:   Compute residual and clamp correction amplitudes to prior to entropy coding

8:   Encode residual stream using JPEG 2000 with quality Q_r

    Step 2 — Key establishment (Protocol A)

9:   Encapsulate with pk_PQC to obtain and ct_pqc

10:   Derive session seed S using HKDF with nonce and receiver identifier

11:   Derive per-image key K_img from S and DICOM UIDs

12:   Derive sub-keys via HKDF:

13:   Initialize hyperchaotic generator seeded with K_img

  Step 3 — Encrypt

14:   Permute and diffuse primary stream using and

15:   Produce encrypted primary stream

16:   Permute and diffuse residual stream using and

17:   Produce encrypted residual stream

   Step 4 — Authenticate & record

18:   Define canonical KDF_labels including UIDs, parameters, and metadata

19:   Compute Tag using HMAC with key K_mac

20:   Store ledger entry containing hashes of sender key, UIDs, and ciphertext

21:   Obtain ledger transaction ID LedgerTxnID

   Step 5 — Transmit

22:   Send to receiver

23:   Summary: The sender performs -regularized near-lossless compression, post-quantum resilient key establishment, encryption, authentication, and verification recording with the constraints of diagnostic fidelity, confidentiality, and integrity verification.

3.2.1 DICOM-aware pixel normalization.

Before -regularized near-lossless compression, the intensity values are normalized to the unit interval to provide a uniform interpretation of the error bound for all DICOM modalities and bit depths. Let I_m(x, y) represent the original intensity values obtained from the DICOM file, and B represent the effective bit depth obtained from the BitsStored attribute. A linear, reversible normalization is applied:

(1)

The normalization process does not include windowing, clipping, histogram equalization, and modality-specific rescaling. It preserves all relative intensity relationships and ensures that the parameter represents a physically meaningful bound on residual correction amplitudes prior to encoding, independent of image resolution or modality.

After decompression and reconstruction, the inverse operation is applied:

(2)

restoring the image to its original intensity scale. Because the normalization is strictly linear and fully reversible, it does not alter diagnostic contrast or clinically relevant intensity patterns. All quantitative fidelity metrics (PSNR and SSIM) are therefore computed in the normalized domain to enable fair comparison across images with different bit depths.

3.2.3 post-quantum–resilient key establishment (Protocol A).

A post-quantum Key Encapsulation Mechanism (KEM) such as ML-KEM [6] begins with the shared session secret initialization:

(5)

From this, a session seed S is derived through HKDF [9]:

(6)

followed by a per-image master key bound to DICOM identifiers:

(7)

To avoid re-use of keystreams or correlation between domains, independent sub-keys are generated from K_img using domain-separated HKDF labels:

(8)

These sub-keys drive both the primary and residual encryption streams, as well as the authentication phase, ensuring that key isolation is strict.

ML-KEM parameter selection: The proposed framework employs the ML-KEM-768 parameter set, as standardized by NIST, for post-quantum key establishment. ML-KEM-768 provides NIST security level 3, offering a balanced trade-off between quantum-resistant security, key size, and computational efficiency. The parameter selection is suitable for medical image transfer applications, which require strong long-term confidentiality without causing significant communication overhead. In particular, ML-KEM-768 offers quantum resistance with the ability to maintain good performance for per-image key establishment in the PACS and tele-radiology environments. The post-quantum service is only used for symmetric key establishment, while the protection of bulk image data relies on efficient symmetric encryption.

3.2.4 Hyperchaotic encryption.

This encryption engine uses a four-dimensional memristive hyperchaotic system [22–24] which is initiated with K_img:

(9)

whose discretized evolution yields the pseudorandom keystream:

(10)

The primary code stream uses , while the residual uses . Each stream is then subjected to chaotic permutation followed by bidirectional diffusion, thereby ensuring high entropies, pixel-level key sensitivities, and lack of statistical correlations between neighboring pixels.

3.2.6 Authentication and ledger attestation.

To provide tamper-evident integrity and verification, both encrypted codestreams are authenticated with the special key K_mac. All non-secret context parameters, such as session IDs, compressed parameters, and UIDs, are packaged into a standardized bundle:

  (11)

Sender calculates the authentication tag:

(12)

which ties the ciphertexts to any related parameters in such a manner that it is impossible to make any changes undetected in the compression quality, error tolerance, or study identifier. A permissioned ledger contains merely the non-secret information: public key fingerprint for PQC, context hash of the UID, or the ciphertext digest, establishing a privacy-preserving verification path that is compatible with existing PACS systems [14].

3.2.7 Transmission.

The transmitted bundle,

(13)

is self-contained and verifiable. The receiver can independently re-derive the same cryptographic context and validate both the tag and the ledger entry before decryption. This sender-side workflow thus unifies -regularized near-lossless compression, post-quantum keying, hyperchaotic encryption, and verifiable verification into a single, standards-aligned imaging framework.

3.3 Receiver-side framework

Algorithm 2 Receiver-side algorithm

1: Goal: Verify authenticity, reconstruct keys locally, decrypt, and recover a high-fidelity reconstructed image.

2: Inputs: , , ct_pqc, KDF_labels, Tag, LedgerTxnID, receiver’s private key sk_PQC

3: Output: Reconstructed image I_final

  Step 1 — Key Recovery (Protocol A)

4: Decapsulate ct_pqc using sk_PQC to recover

5: Recreate session seed S from using HKDF with nonce and ReceiverID

6: Recreate per-image key K_img from S using HKDF with Study UID, Series UID, SOP Instance UID, and SOP Class UID

7: Derive domain-separated sub-keys:

8: Recreate chaos parameters from K_img

  Step 2 — Integrity & Verification

9: Generate using HMAC with key K_mac over encrypted streams and labels

10: if then

11:   Abort

12: end if

13: Retrieve ledger record using LedgerTxnID and verify context hash and ciphertext digest

14: if ledger mismatch then

15:   Abort

16: end if

  Step 3 — Decrypt

17: Reverse bit-plane diffusion on primary stream using

18: Reverse permutation on primary stream using

19: Reverse bit-plane diffusion on residual stream using

20: Reverse permutation on residual stream using

21: Obtain original JPEG 2000 codestreams

  Step 4 — Decode & reconstruct

22: Decode primary and residual streams

23: Reconstruct normalized image I_norm = base + residual

24: Denormalize to bit depth B and clamp to valid range

  Step 5 — Return

25: Output I_final as the verified, near-lossless image

The receiver module is responsible for the secure reconstruction of the DICOM image. This is governed by the strict “verify before decrypt” policy, where no computational work is involved in decrypting until it is established that the received bundle is authentic, untampered with, and received from the right source. This deterministic re-derivation of the cryptographic context validates integrity, decrypts the streams, and reassembles the reconstructed image refined by an -regularized residual.

3.3.1 Post-quantum key decapsulation (Protocol A).

When the message bundle is received, the first operation of the receiver is to derive independently the whole cryptographic context. Using its private key sk_PQC and the received ciphertext ct_PQC, the receiver decapsulates the KEM [6] to recover the identical shared session secret:

(14)

Using the and the session parameters from the received KDF_labels bundle (i.e., nonce, ReceiverID), the receiver executes the identical HKDF [10] step from Eq. (6) to re-derive the session seed S. Next, using S and the DICOM identifiers from KDF_labels, the receiver re-derives the per-image master key K_img identically to Eq. (7). Finally, it re-derives the complete set of domain-separated sub-keys by executing the same HKDF expansion from Eq. (8):

(15)

At this stage, the receiver possesses the same set of six symmetric keys as the sender, without any of them having been transmitted.

3.3.2 Integrity and verification.

Before any decryption is attempted, the receiver performs two mandatory verification checks. First, it validates the in-band authentication tag. The receiver locally computes its own HMAC [11] over the received data using the derived key K_mac:

(16)

The calculated is then compared with the received Tag. If , it implies that the message has been tampered with or corrupted, and the process is immediately aborted. Next, the receiver performs provenance verification based on the LedgerTxnID. The receiver queries the permissioned ledger [14], extracts the stored record, and verifies its authenticity. The receiver locally recalculates the UID-context hash and ciphertext digest, which are then compared with the stored record on the ledger. Any mismatch implies that the image is not the expected image or its origin is not trusted, and the process is aborted.

3.3.4 Image reconstruction.

Finally, the receiver decodes both codestreams using a standard JPEG 2000 decoder [5,7]. The final normalized image, I_recon(x,y), is reconstructed by summing the base and residual layers:

(17)

This image is then denormalized using the bit depth B (from the KDF_labels bundle) to produce the final image, I_final. Because residual values are constrained prior to encoding, the reconstruction error is strongly regularized and empirically bounded, resulting in stable near-lossless behavior with high fidelity, though without enforcing a strict deterministic per-pixel error bound after decoding.

3.4 Experimental reproducibility notes

To ensure that it is conducive to the reproduction of the study, the implementation details used in this study are explicitly listed in Section 5. A Python-based implementation of the entire procedure, from -regularized near-lossless image compression to post-quantum–resilient key establishment, hyperchaotic encryption, and verification processes, was accomplished using standard Python libraries for parsing the image data, JPEG 2000 image encoding, numerical computation, and metric analysis. All experiments were carried out using publicly accessible MRI image data with fixed resolution and bit depth, and with fixed compression and cryptographic parameters within each experimental configuration, hyperchaotic map initialization, PQC encapsulation, or authentication. These factors, including data description, hardware setup, metric definition, and fixed parameters for reproduction of the study, are provided in explicit detail in Section 5 without any need to refer to any black-box tool or intellectual property involved.

4.1 Threat model and security assumptions

The proposed framework is evaluated in a system-level threat model that matches real-world scenarios of PACS-based medical imaging. The protected resources include the pixel information of medical images, DICOM identifiers, and cryptographic keys used for encryption and authentication. The attacker is assumed to have access to the encrypted medical images, network communication channels, and the stored ciphertexts. The adversary does not have access to secret cryptographic keys or the internal state of the encryption process. The security objectives of this work are to preserve image confidentiality, enable integrity verification prior to decryption, and empirically evaluate robustness against ciphertext-only, known-plaintext, and limited chosen-plaintext attack scenarios. Formal cryptographic proofs, side-channel attacks, denial-of-service attacks, and ledger-level adversarial behaviors such as rollback or fork attacks are considered outside the scope of this study.The security analysis assumes a secure post-quantum key encapsulation mechanism for establishing shared secrets between communicating parties. ML-KEM is used in this work as a representative NIST-standardized post-quantum KEM; however, the proposed framework does not rely on any ML-KEM–specific structural properties. The confidentiality, integrity, and provenance guarantees analyzed in this section depend only on the existence of a quantum-resistant shared secret, and remain unchanged if ML-KEM is replaced with another secure post-quantum KEM. A comparative performance or security evaluation of alternative post-quantum schemes is therefore considered outside the scope of this study. The threat model explicitly includes replay of previously observed ciphertexts and potential misuse or collision of DICOM UIDs, which are mitigated through per-image key derivation, integrity verification, and ledger-based provenance mechanisms described below.

4.2 Ciphertext-only statistical analysis

In the ciphertext-only attack scenario, the attacker aims to obtain information about the original image from the ciphertext without access to the plaintext. To test the robustness of the encrypted images against ciphertext-only attacks, the encrypted images were analyzed using standard statistical measures such as intensity histogram and entropy. The histogram of the encrypted images show in Fig 2 follows a uniform distribution, which is unstructured compared to the histogram of the original images. The unstructured histogram of the encrypted image implies that first-order intensity statistics and structural patterns are well hidden by the encryption process. Additionally, the entropy of the encrypted images is close to the maximum possible value, which implies high uncertainty and resistance to simple statistical analysis. These results imply that statistical analysis of ciphertext alone does not provide any useful information about the original medical image content.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 2. Histogram comparison between (a) the original medical image and (b) the corresponding encrypted image.

https://doi.org/10.1371/journal.pone.0348013.g002

The encrypted image has a near-uniform distribution, which is a clear indication of the successful suppression of the plaintext statistical features.

4.3 Randomness analysis using NIST SP 800-22

To further evaluate the statistical properties of the encrypted image data, a set of tests from the NIST SP 800−22 randomness test suite was applied to the ciphertext bitstreams obtained from the encrypted medical images (Table 2). Although the NIST SP 800−22 test suite was designed to test pseudorandom number generators, rather than image-derived ciphertexts, it has been widely used in the literature on image encryption as an empirical statistical measure of randomness. The following tests were applied to the bitstreams at a significance level of : Frequency (Monobit) Test, Block Frequency Test, Runs Test, Approximate Entropy Test, and Serial Test. The bitstreams passed all the test criteria, such as the Monobit, Runs, Approximate Entropy, and Serial tests, which indicate that the bitstreams are empirically balanced and lack significant short-range statistical dependencies in the tested ciphertext bitstreams. The Block Frequency test showed a marginal failure, as reported in the image encryption literature, where the Block Frequency test is highly sensitive to the statistical variations in the plaintext image data. The marginal failure does not contradict the diffusion process, as the Block Frequency test is known to be sensitive to the structural correlations in image-derived bitstreams. The results indicate that the proposed encryption scheme produces ciphertext exhibiting strong statistical randomness characteristics under multiple NIST SP 800−22 tests, which is consistent with the differential security results (NPCR, UACI, and entropy) and further confirms that the encryption process successfully suppresses the plaintext statistical features.

Download:

• PNG
  larger image
• TIFF
  original image

Table 2. NIST SP 800−22 randomness test results for encrypted image bitstreams ().

https://doi.org/10.1371/journal.pone.0348013.t002

4.4 Scope of comparison with standard DICOM security mechanisms

Standard medical image security mechanisms specified in DICOM PS3.15 are largely based on traditional block cipher algorithms such as AES, typically used in authenticated encryption schemes such as AES-GCM [40]. These security mechanisms encrypt the DICOM bitstream as a whole and do not work with spatial image data or pixel-level image structure. Therefore, image-differential security metrics such as Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) cannot be used in AES-based DICOM security profiles, as these metrics are designed to assess diffusion and confusion capabilities of image-aware encryption schemes. The proposed framework is not meant to replace standard AES-based DICOM security, but rather to complement it by adding image-aware encryption properties, post-quantum secure key establishment, and verifiable provenance. In this context, the proposed image-aware encryption scheme can coexist with existing AES-based DICOM transport security without requiring any changes to the existing PACS or DICOM infrastructure.

4.5 Known-plaintext attack analysis

The known-plaintext attack scenario was considered, where the attacker has available one or more pairs of plaintext and ciphertext. In the context of medical imaging systems, this could occur if similar images or previous images of the same patient are available. To test the robustness in this scenario, two different plaintext images with a minimal pixel-level difference were encrypted using the same system. The corresponding ciphertexts were then compared using the Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) measures. High NPCR and UACI values were found (NPCR ≈ 99.6%, UACI ≈ 33.4%), which indicates high sensitivity of the ciphertext to small changes in the plaintext. This phenomenon is also shown in Fig 3, where a negligible difference in the plaintext causes a large number of uncorrelated changes in the encrypted image. These findings confirm the diffusion and confusion properties of the proposed encryption system, which makes it very difficult for an attacker to deduce any information about the encryption process or the keys used, within the evaluated known-plaintext attack setting.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 3. Difference maps for plaintext and ciphertext under a known-plaintext attack.

(a) Difference map for two plaintext images differing by a single-pixel change, showing negligible differences. (b) Difference map for the corresponding ciphertext images, showing extensive and random variations throughout the entire image.

https://doi.org/10.1371/journal.pone.0348013.g003

4.6 Limited chosen-plaintext attack analysis

In a limited chosen-plaintext attack, the attacker is assumed to have the capability to choose input images of their choice and analyze the resulting ciphertext images. In the context of medical imaging systems, such attacks may be launched through compromised input interfaces or repeated attacks on the system with carefully designed inputs. To assess the system’s resilience against this attack, structured plaintext images, including uniform images and images with locally controlled perturbations, were encrypted using the proposed system. Unlike in the known-plaintext attack, the attacker has the capability to choose the input images with the aim of exploiting structural or differential weaknesses. The resulting ciphertext images showed high sensitivity to the chosen plaintext images, with NPCR and UACI measures similar to those in the known-plaintext attack analysis.This indicates that, under the evaluated conditions, the ciphertext exhibits strong sensitivity to chosen plaintext variations, limiting the practical exploitability of structural or differential information. This analysis indicates that the proposed encryption system has practical resilience against limited chosen-plaintext attacks in the context of medical imaging systems.

4.7 DICOM UID collision–based key sensitivity analysis

To evaluate the sensitivity of the proposed per-image key derivation scheme to DICOM identifiers, a UID collision-based sensitivity attack was performed. Two encryption processes were carried out on the same compressed image with all parameters remaining unchanged, except for a single-digit variation in the SOP Instance UID. The generated ciphertexts shown in Fig 4 demonstrated close-to-ideal differential properties, with NPCR = 99.60% and UACI = 33.42%, indicating that even the slightest variation in DICOM UIDs leads to cryptographically independent encryption results. This verifies that the per-image key derivation scheme is heavily dependent on DICOM identifiers and is robust against accidental or intentional DICOM UID collisions. Since the replayed ciphertexts are still linked to the original DICOM UID-derived key information, any successful replay or substitution attack are effectively mitigated under the assumed threat model, including ciphertext replay scenarios.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 4. DICOM UID collision-based key sensitivity analysis.

The ciphertexts produced from the same compressed medical image with the same system parameters show substantial and statistically uncorrelated differences, only differing by a single digit in the SOPInstanceUID.

https://doi.org/10.1371/journal.pone.0348013.g004

4.8 Residual stream confidentiality

The proposed system employs a two-stream compression scheme consisting of a main JPEG 2000 stream and an -regularized residual refinement stream. To avoid information leakage, both streams are encrypted before transmission with image-specific keys generated from a shared per-image secret, with domain-separated sub-keys assigned to the main and residual streams. This ensures that the streams are uncorrelated without requiring a complex key management infrastructure. Statistical analysis of the encrypted residual streams shown in Fig 5 shows similar behavior to that of the encrypted main stream, with nearly uniform intensity distributions and high entropies. This indicates that the encrypted residual stream does not reveal visually interpretable or statistically exploitable information under the evaluated attack models. Hence, the compress-and-encrypt order does not introduce detectable information leakage under the assumed ciphertext-only and tampering attack model, as further supported by integrity checks and ledger analysis.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 5. A histogram comparison of the encrypted primary and encrypted residual streams is shown in this Figure 5.

https://doi.org/10.1371/journal.pone.0348013.g005

4.9 Integrity and replay considerations

Message integrity is maintained using a keyed-hash message authentication code (HMAC) that is checked before any decryption. This allows the detection of any unauthorized message tampering or ciphertext substitution before image reconstruction. Furthermore, a cryptographic hash of the per-image derived key material is stored in a permissioned blockchain to facilitate tamper-evident verification of key authenticity and image provenance. The blockchain does not store any image data or ciphertext. While this provides an additional verification step, a thorough analysis of active ledger-level attacks such as rollback or forking attacks is a distributed adversarial scenario and thus is outside the current work. The integrity of the image ciphertext is enforced via HMAC verification, and the blockchain provides key-level provenance but not ciphertext storage. Taken together, HMAC verification, UID-constrained per-image key derivation, and ledger attestation ensure that replayed or substituted ciphertexts are detected and rejected prior to decryption under the defined verification workflow.

5.1 Experimental setup

Dataset: The experimental assessment uses T1- and T2-weighted brain MRI images from the publicly available Brain Tumour MRI Dataset on Kaggle [41]. A smaller version of the dataset containing 60 images has been provided, which is enough to generate the results presented in the paper [42]. The dataset contains clinical images in DICOM format and is commonly used for benchmarking studies of medical image analysis techniques. The images in the dataset have varying spatial resolutions. To assess scalability without compromising the clarity of the presentation, a set of representative resolutions was chosen, namely 256 × 256, 800 × 800, and 960 × 960 pixels, to assess scalability for images of different sizes. The resolutions chosen represent the working range of the proposed framework. The bit depth and dynamic range of the images were considered during the preprocessing step based on the DICOM BitsStored attribute.

Environment: The experiments were written in Python 3.9 and conducted in a CPU-only setting using Google Colaboratory. The runtime environment provided an Intel Xeon-class processor with 16 GB of RAM. The main libraries used are pydicom for DICOM image processing, NumPy for numerical computations, Pillow for JPEG 2000 compression, scikit-image for image quality assessment, and Matplotlib for plotting. Post-quantum key establishment was done using the Open Quantum Safe (liboqs) Python interface for ML-KEM, while cryptographic key derivation and message authentication were done using the standard Python hashlib and hmac libraries.

Parameters: The same set of parameters was used for all experiments in the framework to provide a fair and comparable assessment.

Compression: The JPEG 2000 quality factor (Q_P) was chosen empirically to provide visually acceptable base-layer image quality while allowing residual refinement to preserve diagnostic image quality.

Encryption: The 4D memristive hyperchaotic system parameters are not fixed constants but are deterministically derived from the per-image symmetric key. After post-quantum key establishment and HKDF-based key derivation, the resulting image-specific key is mapped to the initial state variables (x₀, y₀, z₀, w₀) and control parameters (a, b, c, d, e) of the hyperchaotic system using a predefined key-to-parameter mapping function. This ensures that each image instance is encrypted with a unique chaotic trajectory, while allowing identical regeneration of the parameters at the receiver. The number of diffusion rounds was set to 2 for all experiments.

The parameters of the 4D memristive hyperchaotic system are not fixed values but are deterministically extracted from the per-image symmetric key. After the establishment of the post-quantum key and the HKDF-based key derivation, the obtained image-specific key is then transformed into the initial state variables (x₀, y₀, z₀, w₀) and the control parameters (a, b, c, d, e) of the hyperchaotic system using a pre-defined key-to-parameter mapping function. This method allows each image to be encrypted by a distinct chaotic trajectory while enabling the same parameter regeneration at the receiver side. The number of diffusion rounds used in all experiments was fixed at 2.

Runtime Measurement: The execution time was estimated for each main step of the proposed scheme, namely compression, post-quantum key establishment (ML-KEM encapsulation and decapsulation), encryption, and decryption. The execution times were measured using high-resolution wall-clock timers (time.perf_counter) in Python. To reduce variability, the results are averaged over several images of the same spatial resolution, and the results are shown separately for small, medium, and large images.

5.2 Evaluation metrics

In order to rigorously evaluate the performance of the proposed framework, two distinct sets of performance metrics were used:

1. Compression metrics: measuring reconstruction accuracy, efficiency, and other factors, and
2. Encryption metrics, measuring cryptographic strength and statistical security.

All the data was averaged over the experimental data set mentioned in Section 5.1.

5.2.1 Compression metrics.

The performance of the compression algorithms was measured using three image quality assessment metrics: Compression Ratio (CR), PSNR, and SSIM.

The compression ratio is given by as the ratio between the original uncompressed image size S_original to the compressed codestream size S_compressed:

(18)

PSNR calculates the pixel-by-pixel reconstruction error between the original image I(x,y) and the decompressed image . It is related to the mean squared error (MSE) by:

(19)(20)

where MAX_I denotes the maximum possible pixel intensity for a given by the bit depth B.

The SSIM quantifies perceptual similarity by jointly comparing luminance (), contrast (), and structural correlation () between I and :

(21)

High PSNR and SSIM values indicate reduced distortion and improved reconstruction fidelity, reflecting the combined effect of JPEG 2000 compression and the -regularized residual refinement stage.

Role of the parameter: The value of is a residual regularization threshold that limits large correction values before entropy coding, as opposed to being a hard bound on post-decompression reconstruction error. In the proposed processing pipeline, the dominant cause of reconstruction error is from the primary JPEG 2000 compression step, and the residual refinement step provides bounded correction values with magnitudes limited before compression. For the set of values tested in our experiments, the choice of below the effective quantization noise level of the primary compression step does not provide a measurable difference in global quality metrics such as PSNR or SSIM. This is consistent with the function of as a residual regularization parameter rather than an average distortion optimizer, and it explains the observed saturation of quality metrics over images and resolutions.

5.2.2 Encryption metrics.

To evaluate the statistical diffusion and confusion properties of the hyperchaotic image cipher, three classic statistical parameters: Number of Pixels Change Rate (NPCR), Unified Average Changing Intensity (UACI), and Information Entropy (H), were employed.

NPCR calculates the percentage of pixels that change between two ciphertext images produced from plaintext images differing by a minimal perturbation, illustrating the strength of diffusion:

(22)(23)

The UACI represents the mean of absolute differences between the intensities of any two cipher images produced from texts with difference of one pixel:

(24)

Finally, the information entropy is utilized to evaluate the randomness of the encrypted image, which resists statistical attacks:

(25)

where p(i) is the probability distribution of gray-level i. For an ideal 8-bit ciphertext with uniform intensity distribution, the entropy approaches H ≈ 8, indicating maximal uncertainty.

5.3 Performance evaluation and results

The results were obtained using the parameters defined in the methodology. The results show that the encryption process has a consistent level of encryption performance regardless of the image and resolution, as well as the compression ratio achieved by the main JPEG 2000 process. The results are all shown in mean ± standard deviation form for 20 images in each resolution category, to account for the variation in performance for different images. The low variance of NPCR, UACI, and entropy values for different images and resolutions indicates that the diffusion and confusion properties of the encryption process are stable.

5.3.1 Compression performance.

The testing of the compression phase was done using images classified into three categories with varying sizes. One of the major observations made is that the level of compression ratio achieved depends on the content and resolution of the images. The average performance for each category is shown in Table 3.

Download:

• PNG
  larger image
• TIFF
  original image

Table 3. Compression performance across representative image resolutions (20 images per class).

https://doi.org/10.1371/journal.pone.0348013.t003

Analysis of the results shows a strong correlation between spatial resolution and compression efficiency. With an increase in image resolution, the compression ratio becomes significantly better while maintaining high fidelity in the reconstructed image, as indicated by the PSNR values being above 46 dB and SSIM values remaining above 0.92 for all the tested resolutions. This trend indicates that the proposed framework is able to capitalize on the statistical redundancy present in large, sparsely textured medical images to achieve a high degree of compression.

5.3.2 Per-pixel error distribution analysis.

Fig 6 shows the histogram of per-pixel absolute error values for representative image resolutions. For all cases, the distribution of pixel errors is strongly concentrated around zero, with the 95th and 99th percentiles well below the perceptually significant levels. As the resolution grows, the distribution becomes slightly wider, as expected with the increase in the compression ratios, but without any sign of heavy tails or artifacts. These findings suggest that the reconstruction errors are spatially bounded and support the role of the regularization term in the residuals.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 6. Per-pixel absolute error distributions for representative image resolutions: (a) 256 × 256 (small/dense), (b) 800 × 800 (medium), and (c) 960 × 960 (large/sparse).

Errors are shown in normalized intensity units.

https://doi.org/10.1371/journal.pone.0348013.g006

5.3.4 Encryption performance.

The crypto-security of the encryption algorithm has been evaluated based on the fundamental security requirements. The results are compared against commonly cited theoretical reference values for image-aware encryption metrics, as presented in Table 4.

Download:

• PNG
  larger image
• TIFF
  original image

Table 4. Encryption Security Analysis.

https://doi.org/10.1371/journal.pone.0348013.t004

The calculated NPCR and UACI values are very close to the theoretical maximum, indicating strong diffusion behavior and empirical resistance to differential attacks. Moreover, the entropy of the encrypted images is very close to the theoretical maximum entropy of 8 bits, which indicates that the encrypted image exhibits near-uniform statistical behavior and does not reveal exploitable plaintext structure.

5.3.6 Runtime performance and scalability analysis.

To assess the feasibility of the proposed framework in a practical scenario, the runtime performance was measured for representative image sizes that correspond to small, medium, and large images in the medical domain. For each image size, ten images were considered, and the average runtime was measured for the compression process, post-quantum key establishment (ML-KEM) process, encryption process, decryption process, and overall process. The results are summarized in Table 5. The results show that the ML-KEM process has a negligible overhead compared to the image processing tasks, and the encryption and decryption processes have a runtime complexity proportional to the image size, as expected.

Download:

• PNG
  larger image
• TIFF
  original image

Table 5. Runtime performance of the proposed framework for representative image sizes (mean over 10 images).

https://doi.org/10.1371/journal.pone.0348013.t005

To further analyze the trade-off between system integration and computational complexity, Table 6 summarizes the incremental cost and security benefits of enabling each component of the proposed framework. The results show that post-quantum key establishment introduces negligible overhead compared to image processing stages, while ledger-based verification adds minimal cost but enables verifiable integrity and provenance. This demonstrates that the proposed integration achieves enhanced security properties at a predictable and manageable increase in system complexity.

Download:

• PNG
  larger image
• TIFF
  original image

Table 6. Trade-off between system integration and computational complexity.

https://doi.org/10.1371/journal.pone.0348013.t006

5.3.7 Visual results.

Fig 7 is used to visually demonstrate the performance of the framework on a small but dense image 256 × 256 with a high amount of content, as well as a large but sparse image 960 × 960. It is evident from the visual verification that the conclusion from the quantitative analysis is consistent with the visual verification, with an explicit verification pathsuch that the reconstructed images are visually indistinguishable from the original images under standard radiological inspection, while the encrypted image appears as uniform random noise devoid of structure. The best reconstruction error is further represented in the difference map.

Download:

• PNG
  larger image
• TIFF
  original image

Fig 7. Visual illustration of the suggested framework’s end-to-end processing.

https://doi.org/10.1371/journal.pone.0348013.g007

Top Row (Small/Dense Image – 256 × 256):

• Original DICOM (a): The original, high-fidelity input image.
• Compressed Reconstructed (b): The compressed-reconstructed image after undergoing compression and decompression (CR = 7.06:1, PSNR = 51.07 dB), visually indistinguishable from the original.
• Encrypted (c): The encrypted image, appearing as uniform random noise, demonstrating robust cryptographic transformation.
• Decrypted (d): The decrypted image, restored in full to its compressed/reconstructed state.

Bottom Row (Large/Sparse Image – 960 × 960):

• Original DICOM (e): The original, full-size image.
• Compressed Reconstructed (f): The reconstructed image after decompression and compression (CR = 23.0:1, PSNR = 46.12 dB), which retains high quality even at high compression.
• Encrypted (g): The encrypted version of the large image, displaying the strong noise-like pattern.
• Decrypted (h): The decrypted image, verifying the accuracy of decryption performed on a large image.

The experimental results have proved that our approach possesses a high level of effectiveness. Our method shows robust capabilities for cryptographic security and an adaptive compression capability that outperforms larger, sparser images. The fact that our approach can achieve a dramatic reduction in image size with high-fidelity reconstructions qualifies it as a complete solution for medical image transfer with strong security properties.

The successful image recovery at the pixel level and with indistinguishability in all examples verifies stable and repeatable operation of the residual-regularized compression and encryption pipeline with all obtained image keys. Ledger-based verification enables cryptographic verification of each reconstruction without relying on any secret after the fact, thus maintaining trust in medical imaging procedures. All reported quantitative results represent average values computed over the evaluated image dataset. Formal statistical significance testing and variance analysis are not included, as the proposed framework emphasizes deterministic -bounded reconstruction guarantees and system-level security behavior rather than hypothesis-driven statistical comparison.

6.1 Interpretation of findings

The proposed framework has already been tested for both compression and encryption purposes. The experimental results show its effectiveness and robust performance across representative real-world imaging conditions. In compression, it performs well in all image resolutions with different contents. While processing small and detailed images with resolution 256 × 256: QoS parameters emphasize image quality, and high-quality image compression is achieved with a PSNR of 51.07 dB and a compression ratio of 7.06:1. In case of large images with uniform content with a resolution of 960 × 960: a high compression level with a compression ratio of 23.0:1 is achieved with a high PSNR of 46.12 dB. This is because wavelet transform residual image coding is very efficient in dealing with large uniform regions present in medical images with high resolutions. The system can successfully compress different sets of images while preserving diagnostically relevant structural details.

Coming to encryption, it provides a high level of security. The NPCR and UACI are measured with 99.60% and 33.46%, which makes them nearly ideal. Shannon entropy is measured with an average of 7.9993 bits, which is nearly 8, denoting a uniform random-looking ciphertext without exposing statistical information present in the original image. Hyperchaotic diffusion and permutation are measured at a level expected for strong image-level cryptographic protection. The primary benefit is due to the integration with DICOM HKDF key derivation function. A separate hyperchaotic seed for each image is produced using StudyUID, SeriesUID, and SOPInstanceUID. Key reuse with possible common keys is avoided, and thus unnecessary transfer of symmetric keys in total decryption steps, which have already been proved in experiments with PQC → HKDF. Ledger-only metadata authentication enables integrity and provenance verification without decrypting and without access to images or critical information.

In conclusion, based on the overall results, it can be stated that the framework preserves a high image quality, exhibits strong security properties, and is stable under different imaging tasks. The system integrating adaptive compression, hyperchaotic encryption, post-quantum keying, and verification using a ledger is competent in providing healthcare functions, cryptographic functions, and other functions in a seamless manner in a DICOM system.

6.2 Comparative analysis

The comparative results presented in Tables 7 and 8 highlight the performance of the proposed framework from two complementary perspectives: near-lossless compression efficiency and encryption statistical security characteristics.

Download:

• PNG
  larger image
• TIFF
  original image

Table 7. Comparison of compression performance with representative near-lossless medical image compression methods.

https://doi.org/10.1371/journal.pone.0348013.t007

Download:

• PNG
  larger image
• TIFF
  original image

Table 8. Comparison of encryption robustness with recent medical image encryption schemes.

https://doi.org/10.1371/journal.pone.0348013.t008

It is noted that reported PSNR and compression ratios are drawn from different datasets, modalities, and evaluation protocols in the referenced works, and are therefore intended for qualitative comparison rather than strict numerical benchmarking.

Compression comparison (Table 7):

The first table focuses exclusively on compression performance and compares the proposed -regularized near-lossless scheme against representative near-lossless and lossless medical image compression techniques that rely on classical transform-based or predictive coding strategies. The above-mentioned methods are currently used in the medical imaging processing pipeline and therefore provide a valid basis for comparison. Deep learning-based methods are not included in the above-mentioned table because they use learned representations to optimize image quality and are based on different assumptions, making it difficult to compare them with codec-based methods. In comparison with DWT-based and predictive near-lossless schemes such as DWT+SPIHT, NLIC, and DCT + RLE [44], the proposed scheme always provides higher or comparable reconstruction quality with PSNR values ranging from 46-51 dB and corresponding compression ratios. By contrast, the competing schemes provide PSNR values ranging from 38-46 dB. The improvement in reconstruction quality achieved by the proposed framework can be ascribed to the residual refinement step, where the correction residuals are normalized before entropy coding instead of purely transform-domain approximations. Compared with ROI-based lossless JPEG-LS compression with watermark recovery [43], where infinite PSNR values are obtained due to lossless reconstruction, the proposed scheme deliberately forgoes losslessness in favor of better compression ratios with controlled and bounded correction residual behavior. This aspect is especially important in telemedicine and PACS systems, where the trade-off between bandwidth, storage, and diagnostic quality is of utmost importance. Furthermore, unlike most other competing schemes, the proposed framework combines compression as part of a security-conscious imaging processing pipeline instead of being a stand-alone pre-processing module.

Encryption robustness comparison (Table 8):

The second table compares the robustness of encryption using standard differential metrics such as NPCR and UACI, comparing the proposed system with other chaos-based medical image encryption algorithms. Alexan et al. [22] combine a hyperchaotic map with SVD and RC5 to provide better diffusion properties, while Inam et al. [32] describe chaotic fractal encryption with blockchain verification. The proposed system provides NPCR and UACI values comparable to the best results reported in other chaos-based encryption algorithms, indicating near-ideal sensitivity to plaintext modifications and resistance to differential cryptanalysis. Although Inam et al. [32] report a slightly better NPCR, their system is limited to encryption alone and does not include compression, making it less applicable in bandwidth-limited medical imaging applications. Beyond raw cryptographic metrics, the proposed framework differentiates itself through the integration of post-quantum key establishment, per-image HKDF-based key derivation bound to DICOM identifiers, and a metadata-only ledger for verifiable provenance. However, none of the above-mentioned methods are reported simultaneously provide bounded-error compression, hyperchaotic encryption, post-quantum-resilient key management, and auditability in a single PACS-compatible system.

Overall assessment: The findings show that the proposed framework provides a balanced and system-level improvement by combining high-fidelity near-lossless compression with -regularized residual refinement with strong encryption guarantees and forward-looking key management. The integrated design of the framework makes it suitable for the secure transmission and storage of medical images in today’s telemedicine and PACS systems.

6.3 Significance of the integrated framework

The novelty is not only in the application of the respective modules but also in how they complement each other. The “compress-and-encrypt” workflow helps to optimize the process by ensuring that the encryption, which is a resource-intensive segment, is performed on a reduced data set. This is even more critical because this work introduces a multi-level defence-in-depth strategy for securing the entire process. This has been made certain by the hyperchaotic encryption, which provides a significantly high degree of confidentiality, in addition to which the use of a blockchain protocol provides an additional, verifiable layer of integrity.

The solution thus significantly mitigates man-in-the-middle attack vectors by binding per-image cryptographic context to authenticated key establishment and integrity verification mechanisms, which cannot be addressed by encryption alone, because the hash of the encryption key is secured. Additionally, by ensuring that PQC-based sessions and HKDF are inside the compression/encryption workflow, the solution is making healthcare data future-proof against a quantum threat.

6.4 Limitations and future work

Although the proposed framework provides an end-to-end solution for secure, verifiable, and near-lossless medical image transmission, several limitations remain that motivate further investigation and system-level refinement.

The performance consequences of the integration of several cryptographic primitives, specifically post-quantum key encapsulation, hyperchaotic encryption, and ledger-based verification, have been investigated mostly from an empirical and architectural perspective. Besides the mentioned runtime performance measurements, which prove the feasibility of the method for offline storage and store-and-forward transfer, a thorough analysis of the system performance on the deployment level is still required. In a real-world Picture Archiving and Communication Systems (PACS) setting, parameters like simultaneous image retrieval, performance of encryption under load, ledger query delay, and network delays may potentially affect overall system performance. A thorough comparison with conventional secure DICOM communication channels based on established symmetric encryption primitives (like AES-GCM used in DICOM TLS profiles) would help to better understand the trade-offs between security strength, computational complexity, and ease of implementation. Furthermore, the effect of the verify-before-decrypt strategy on latency under realistic network conditions is a topic deserving further research. The current implementation focuses solely on securing DICOM pixel data, leaving the sensitive patient information carried in the DICOM headers unencrypted. While per-image key derivation is cryptographically linked to the DICOM identifiers derived from the header, the actual header fields are assumed to be protected by other access control mechanisms. A future extension of the approach to selectively encrypt protected health information (PHI) fields in the DICOM headers, while maintaining compatibility with existing PACS system workflows, represents an important direction for future development.

Furthermore, the proposed compression approach does not involve the explicit incorporation of region-of-interest (ROI) masking or JPEG 2000 ROI coding techniques. Rather, it involves the use of a a global -regularized residual refinement approach that constrains residual magnitudes prior to entropy coding on the entire image without requiring any ROI definition or annotation. Although this approach allows for easier implementation and independence from task-dependent ROI definitions, there are some diagnostic applications that could potentially benefit from the selective preservation of fidelity in regions of clinical interest. Although the near-lossless with -regularized residual refinement approach is inherently codec-independent, the experimental analysis has been limited to static two-dimensional medical images. However, there may be differences in noise properties, intensity distributions, and acquisition protocols between different imaging modalities that may necessitate adaptive parameter tuning or modality-specific preprocessing. Therefore, further comprehensive analysis across other imaging modalities such as CT, PET, X-ray, and dynamic imaging modalities such as ultrasound and X-ray angiography is needed to fully assess the generality and robustness of the proposed framework. Finally, although the ML-KEM-768 scheme has been used in this study as a specific example of an NIST-standardized post-quantum Key Encapsulation Mechanism that provides a balanced trade-off between security strength and computational complexity, the proposed Protocol A is specifically constructed to be KEM-agnostic. Therefore, any comparative analysis of other post-quantum key encapsulation mechanisms is not within the scope of this study.

Cumulatively, these challenges would help improve the proposed framework from a validated research tool to a scalable and standards-compliant solution suitable for secure and future-proof medical image storage and transmission in clinical PACS and teleradiology settings.