All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Congratulations, your manuscript has been much improved and is almost ready for publications. I just ask that you do one more grammar check to ensure that the wording is perfect.
[# PeerJ Staff Note - this decision was reviewed and approved by Massimiliano Fasi, a PeerJ Section Editor covering this Section #]
**PeerJ Staff Note:** Although the Academic and Section Editors are happy to accept your article as being scientifically sound, a final check of the manuscript shows that it would benefit from further English editing. Therefore, please identify necessary edits and address these while in proof stage.
-
-
-
Please address th eremainig comments from Reviewer 1
There are still some comments that should be considered:
1. The main implications of the study did not add ?
2. I suggested to add the main cybersecurity risks in different IT domains
3. Add more discussion for the findings.
4. Add more recent studies between 2024 and 2025.
None
None
None
The paper has been improved in the current version.
The experimental work is clear.
All comments have been addressed.
The paper is accepted in the current form.
**PeerJ Staff Note:** Please ensure that all review, editorial, and staff comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
This paper developed a novel image encryption model to enhance security against both conventional and future cyber threats. The approach combines multiple encryption techniques, including Advanced Encryption Standard (AES), Triple DES (DES3), and Elliptic Curve Cryptography (ECC), along with additional security measures
such as pixel shuÿing, left circular shifting, and exclusive NOR (XNOR) operations.
The paper has a interesting contribution by encapsulating the encrypted image and keys within a secure archive, this method provides a strong and future-proof solution to safeguard digital images in the evolving landscape of cybersecurity.
Comments should be considered to improve the quality of this paper:
1. The abstract is written well. Add the main implications of the study.
2. In the Introdcution section, the study discussed the drawbacks of conventional image encryption algorithms such as Rivest Cipher 4 (RC4), Data Encryption Standard (DES), etc., and are now largely obsolete or less commonly used alone. Then, the study suggest to focus on new algorithms such as AES and ECC. Its very good. But the study also must to discuss the main cybersecurity risks in different IT domains.
3. Also, you should mention the research objectives at the end of the Introdcution section.
4. Add table to summarize the related works.
5. Research methodoloy secion is missing. Its very important to calrify the research methodology steps that have been applied in this study.
Overall, the experimental design is clear and written well.
The findings are valid. There is a comparison between the findings of the currect study with findings from previous studies.
• The manuscript is written in clear, professional English.
• Not many grammatical or typographical errors are there making the article accessible to an international audience.
• The introduction provides a good context highlighting growing need for robust image encryption due to increasing cyber threats, referencing recent statistics.
• The structure of the article conforms to the acceptable format of journal’s ‘standard sections’.
• Figures are relevant to the content of the article, of sufficient resolution, and appropriately described and labelled.
• The literature review covers recent advancements in image encryption, such as chaotic maps and lightweight cryptosystems. However, critical analysis of prior works highlighting the research gaps addressed and novelty of the proposed model are lacking.
The research question is well-defined and no ethical concerns are noted. However, the manuscript uses the text encryption algorithms AES and DES3 as components of the suggested crypto model those are not suitable for image encryption as:
a. Images have correlated pixels, which AES/DES do not effectively disrupt, potentially leaving patterns in ciphertexts.
b. Images require processing large data, making AES/DES computationally intensive.
c. AES/DES are not optimized for image-specific metrics (e.g., uniform histograms, high NPCR), risking statistical vulnerabilities.
d. These algorithms are heavy for IoT devices, in comparison to the lightweight or chaotic systems.
e. The authors have treated images as binary streams ignoring spatial relationships and used computationally intensive AES/3DES which can be considered as a major drawback of the design.
f. The use of left circular shift (line 183) seems to redundant as the AES/DES algorithms have several rounds of inbuilt shift operations.
• The definition “NPCR measures the percentage of pixels that change in the encrypted image when a single-bit modification is made to the encryption key.( lines 293-295)” is not correct!
The paper incorrectly applies NPCR to measure differences between encrypted images generated with “slightly different keys”. It should have been tested with slightly different plaintexts (differing by one pixel).
Standard NPCR tests plaintext sensitivity to assess differential attack resistance, not key sensitivity. Key sensitivity is evaluated through the avalanche effect or other key sensitivity tests.
This misapplication undermines claims of differential attack resistance, as the reported NPCR values (e.g., 99.45% for Baboon, Table 3) reflect key sensitivity.
• Overstated “highest” metrics claim (Line 423), as Rout and Mishra (2024) report higher entropy (7.9991).
• Encryption/decryption times (Table 4) lack benchmarking. Without benchmarking, it is unclear whether the times are competitive or suitable for claimed applications (e.g., resource constraint applications such as mobile devices and IoT, Lines 65-66), where sub-second processing is often required.
3.1 Novelty
• The work lacks novelty. It simply combines the classical cryptographic algorithms and lightweight transformations those have been used in many prior works.
• The suggested model is more of an applied integration than a fundamentally new algorithm.
4.General comments
• The paper proposes a multilayered encryption model integrating AES, DES3, ECC, pixel shuffling, circular shifting, and XNOR operations to address vulnerabilities in image encryption systems. However, the use of text encryption algorithms like AES and DES and moreover the use of both these algorithms is not clear.
• The introduction is overly general and should specify vulnerabilities of text encryption algorithms (e.g., AES, DES) for image encryption, such as their failure to disrupt pixel correlation or optimize for large data volumes.
• The statement “This work xxx introduces a future-proof methodology” (line 77) is overstated.
1- Ali et al. reference is missing in page 2 line 101.
2- Mohammed et al. is missing in page 2 line 108.
3- Naim and Pacha in line 117, where cited as Naim and Ali Pacha (2023) in line 117. It is not consistent.
4- Line 175, This sentence is ambiguous, some data is missing. “In this section, we present the details of the proposed cryptosystem which is depicted in Figure1, which details both the encryption and decryption methodologies discussed in Subsections and , respectively.”
5- Table 2 appeared after table 3 and table 4.
6- Generally, the contributions are not clear, the authors just combined between different encryption methods.
7- The comparison study presented in table 5 did not show an improvement against the related work.
8- The presentation of the results is not well organized and could be significantly improved. The results are not displayed in the most effective or clear manner.
The paper can not be accepted in the current form.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.