Algorithm 1 The proposed chosen-plaintext attack

Output:  The plaintext P of C Input:  The ciphertext C of size H × D 1:// step1: construct an all-zero matrix and obtain the equivalent key T of diffusion stage 2:$P0$ = zeros$(H,W)$; 3:$C0$ = encrypt$\left(P0\right)$; 4:$T=C0$; 5:// step2: initialize $\lceil {\log }_L\left(HW\right)\rceil$ matrices and get the corresponding ciphertexts 6:for $i=1$ to $\lceil {\log }_L\left(HW\right)\rceil$ do 7:   $Pi$ = JolfaeiAlgorithmGeneration(i); 8:   $Ci$ = encrypt$\left(Pi\right)$; 9:end for 10:// step3: obtain $\lceil {\log }_L\left(HW\right)\rceil$ middle results with the diffusion matrix T and the ciphertexts which are obtained in the step2 11:for $i=1$ to $\lceil {\log }_L\left(HW\right)\rceil$ do 12:   $Si=$ inverseDiffusionAttack$(Ci-T)$; 13:end for 14:// step4: obtain the equivalent permutation matrix by the input plaintexts and the middle results 15:for $i=1$ to $\lceil {\log }_L\left(HW\right)\rceil$ do 16:   JolfaeiAlgorithmAdd$(Pi,Si)$; 17:end for 18:$permutationMatrix$ = JolfaeiAlgorithm(); 19:// step5: recover the the plaintext of the target ciphertext with the equivalent key stream elements which are obtained in previous steps 20:$SC$ = inverseDiffusionAttack$(C-T)$; 21:P = inversePermute($SC,permutationMatrix$);