Optical phase-truncation-based double-image encryption using equal modulus decomposition and random masks

Abstract

This work reports an optical double-image crosstalk free encryption scheme that employs equal modulus decomposition and random masks. For the encryption, two plaintexts by a random amplitude mask and a random phase mask have been encrypted into a single ciphertext mask and two private key masks. Owing to the two random masks introduced, the functional relation between the plaintext pair and the ciphertext indirectly cause the paucity of constraints employed for the specific attack. Unlike the traditional phase-truncation-based techniques, this scheme is immune to the information leakage and different types of attacks. Furthermore, the three different diffraction distances and the illuminating wavelength also function as four additional keys to significantly reinforce the security. Simulation results demonstrate the feasibility and validity of the proposal.

Introduction

Recently, optical techniques^1–11 in image encryption have been intensely studied, owing to their inherent superiority with respect to multiple parameters and parallel processing. The pioneering work of optical image encryption is on double-random phase encoding (DRPE)¹², which is done on the Fourier transform domain. Several works that followed have reported the expansion of initial DRPE work into different transform domains^13–17, comprising the domains such as fractional Fourier transform (FrFT), Fresnel transform (FrT), and fractional random transform. During the period, other optical encryption works^18–30 that employ compressive sensing, optical interference, iterative phase retrieval, digital holography, photon counting, and polarized light, have also emerged to improve the image security in succession.

However, owing to intrinsic linearity, DRPE-based structures cannot withstand several types of attacks^31–34. Various nonlinear encryption methods have been proposed to overcome these weaknesses, and the best illustrative work is on phase-truncated Fourier transform by Qin and Peng³⁵. Subsequently, there are several works based on phase truncation (PT) in FrT and FrFT domains^36–39. Wang et al.⁴⁰ showed that there is an information leakage in the work³⁵ if one of two private keys are utilized, and hence, proposed a solution. They also pointed out the works^36–39 being susceptible to information-leakage issue. Chen et al.⁴¹ developed a multi-image encryption scheme through feature fusion, compressed sensing, and PT. Yi and Tan⁴² presented a binary-tree multiple image encryption scheme. Su et al.⁴³ proposed an optical encryption strategy for multiple color images through a complete trinary tree structure. Besides, the specific attack (SA)⁴⁴, which employs an amplitude-phase-retrieval method, indicates that it can break the traditional PT-based technique³⁵. Unfortunately, these techniques^41–43 cannot be also an alternative to SA⁴⁴. Additionally, the work⁴⁵ has utilized the coherent superposition and equal modulus decomposition (EMD) to fully address the silhouette problem. However, there is the same modulus (i.e. same amplitude information) of two masks in EMD. The complex-valued masks cannot directly display in optical system. Chen et al.⁴⁶ presented an optical image cryptosystem via two-beam coherent superposition and unequal amplitude decomposition for security improvement. However, unequal amplitude decomposition requires an additional random phase distribution than EMD. Thus, constantly improving the security of encryption scheme based on PT, despite the progress in the field, is still inevitable.

This study presents a double-image crosstalk free encryption scheme. The scheme, which works by utilizing the equal modulus decomposition and random masks, generates a single ciphertext mask and two private key masks. The random masks have been introduced to bring the indirect mathematical relation between the plaintext pair and the ciphertext, where an illegal user has insufficient constraints utilized for SA. Compared with certain PT-based works^35–39, the proposal eliminates information leakage. When compared with other existing PT-based work^41–43, the proposal is still effective against SA. The additional keys, which comprise the three different diffraction distances and the illuminating wavelength, can strengthen the security. Simulation results and performance analysis demonstrate the reliability and validity of the proposal.

Principle of the method

The diagram of the proposed double-image cryptosystem is depicted as Fig. 1. The random amplitude mask (RAM) and a random phase mask (RPM) have been described with respect to the encryption (Fig. 1a) and decryption (Fig. 1b). The encryption keys have been generated from the random masks RAM and RPM by applying EMD in the Fresnel domain. Figure 2 shows the optical relationship between RAM, $S_1$, and $S_2$. In this setup, a collimated plane wave with the wavelength λ, perpendicularly illuminates RAM and the image which is subsequently Fresnel transformed with the diffraction distance d₁. The first spatial light modulator (SLM₁) were employed for amplitude modulation. SLM₂ and SLM₃ were utilized for phase modulation.

Figure 1.

Schematic diagram for the proposed (a) encryption and (b) decryption.

Figure 2.

Optical relationship between RAM and S₁, S₂. M reflective mirrors.

In the proposed double-image encryption process, $R_1(x,y)$ and $R_2\left(u,v\right)$ are the random functions, whose values fall in the interval [0, 1]. The following encryption steps have been depicted.

First, the RAM denoted as $R_1\left(x,y\right)$ was Fresnel transformed given by Eq. (1).

$$S=Fr{T}_{\left(d_1,\lambda \right)}\left[\mathit{RAM}\right]=Fr{T}_{\left(d_1,\lambda \right)}\left[R_1\left(x,y\right)\right]$$ 1

where $Fr{T}_{(d_1,\lambda )}\left[·\right]$ is the FrT operator, and d₁ and λ are the diffraction distance and the wavelength, respectively. The amplitude part and the phase part of S are represented as $A=\left|S\right|$ and $\phi =arg\left[S\right]$, respectively, and “$\left|·\right|$” and “$arg\left[·\right]$” are the modulus and argument operators, respectively.

Subsequently, the complex-valued function S was separated into two masks, viz, S₁ and S₂, with equal moduli, as illustrated in Fig. 3. Owing to the random phase distribution RPM (denoted as, $\theta (u,v)$) introduced, and the geometrical relationship, $S_1$ and $S_2$ can be deduced as

$$\theta =RPM=2\pi R_2\left(u,v\right)$$ 2

$$S_1=\frac{A/2}{cos\left(\theta \right)}exp[i\left(\phi -\theta \right)]$$ 3

$$S_2=\frac{A/2}{cos\left(\theta \right)}exp[i\left(\phi +\theta \right)]$$ 4

Figure 3.

Principle of EMD.

The phase parts of $S_1$ and $S_2$ serve as the encryption keys.

Next, a new complex-value function $f(x,y)$ was constructed by the two original images, viz., ($I_1(x,y)$ and $I_2(x,y)$), and RAM, as follows

$$f\left(x,y\right)=k_1{I}_1(x,y)exp[i{k}_2{I}_2(x,y)]+k_{3}RAM(x,y)$$ 5

where $k_i(i=1,2,3)$ are the constants.

Then, by employing the encryption keys obtained in the above-mentioned step, the function $f(x,y)$ was encrypted based on PT in the Fresnel domain. Thus, the ciphertext $E$ can be expressed as

$$E=\left|F{\text{rT}}_{\left(-d_3,\lambda \right)}\left[\left|F{\text{rT}}_{\left(-d_2,\lambda \right)}\left[f\left(x,y\right)exp\left[i(\phi +\theta )\right]\right]\right|exp\left[i(\phi -\theta )\right]\right]\right|$$ 6

where d₂ and d₃ are the diffraction distances. Meanwhile, two decryption keys, viz., $D{K}_1$ and $D{K}_2$, generated are given by

$$D{K}_1\text{= conj}\left\{exp\left[i(\phi -\theta )\right]\right\}PR\left[F{\text{rT}}_{\left(-d_2,\lambda \right)}\left[f\left(x,y\right)exp\left[i(\phi +\theta )\right]\right]\right]$$ 7

$$D{K}_2=PR\left[F{\text{rT}}_{\left(-d_3,\lambda \right)}\left[\left|F{\text{rT}}_{\left(-d_2,\lambda \right)}\left[f\left(x,y\right)exp\left[i(\phi +\theta )\right]\right]\right|exp\left[i(\phi -\theta )\right]\right]\right]$$ 8

where “$\text{conj}\left\{·\right\}$” is the complex conjugate operator, $PR\left[·\right]$ the phase reservation operator.

For the decryption, the retrieved function $f\prime (x,y)$ by the authorized users can be derived as,

$$f\prime \left(x,y\right)=\left|F{\text{rT}}_{\left(d_2,\lambda \right)}\left[F{\text{rT}}_{\left(d_3,\lambda \right)}\left[D{K}_{2}E\right]D{K}_1\right]\right|exp\left[i\left[PR\left[F{\text{rT}}_{\left(d_2,\lambda \right)}\left[F{\text{rT}}_{\left(d_3,\lambda \right)}\left[D{K}_{2}E\right]D{K}_1\right]\right]-\left(\phi +\theta \right)\right]\right]$$ 9

After obtaining the $f\prime (x,y)$, two retrieved images, $I_1\prime \left(x,y\right)$ and $I_2\prime \left(x,y\right)$, are mathematically represented as,

$$I_1\prime \left(x,y\right)=\frac{1}{k_1}\left|f\prime \left(x,y\right)-k_{3}RAM(x,y)\right|$$ 10

$$I_2\prime \left(x,y\right)=\frac{1}{k_2}PR\left[f\prime \left(x,y\right)-k_{3}RAM(x,y)\right]$$ 11

Figure 4 illustrates the optical schematic apparatus for decryption. A light beam carrying the information of ciphertext E was modulated by SLM₁. SLM₁ and SLM₂ are being employed for phase modulation. CCD captures the intensity part of $f\prime (x,y)$. The phase part of $f\prime (x,y)$ is digitally acquired. Then two decrypted images, viz.,$I_1\prime \left(x,y\right)$ and $I_2\prime \left(x,y\right)$, are digitally acquired with the function $f\prime \left(x,y\right)$.

Figure 4.

Optical schematic system for decryption.

Numerical results and performance analysis

To demonstrate the validity and the advantages of the proposal, numerical simulations have been implemented. In those simulations, the illumination wavelength λ is 633 nm, and the three axial distances, viz., d₁, d₂, and d₃, are 60, 50, and 70 mm, respectively, and the parameters k₁, k₂, and k₃ are set as 0.6, 0.5, and 1.5, respectively. Furthermore, the correlation coefficient (CC) was utilized to objectively assess the similarity between the plaintext $I_k(x,y)$ (k = 1, 2) and its corresponding decrypted image $I_k\prime (x,y)$ as

$$CC=\frac{E\left\{\left[I_k(x,y)-E\left[I_k(x,y)\right]\right]\right\}\left\{\left[I_k\prime (x,y)-E\left[I_k\prime (x,y)\right]\right]\right\}}{E\sqrt{\left\{{\left[I_k(x,y)-E\left[I_k(x,y)\right]\right]}^2\right\}}\sqrt{\left\{{\left[I_k\prime (x,y)-E\left[I_k\prime (x,y)\right]\right]}^2\right\}}}$$ 12

For convenience of the analysis, the CC values were directly labelled in the recovered images.

Figure 5a, b show two original images having 512 × 512 pixels, which are employed as the two plaintexts. The two random masks, RAM and RPM, are shown in Fig. 5c, d. By employing RAM, RPM, and EMD, the encryption keys (Fig. 5e, f) are acquired. The ciphertext and decrypted keys, after conducting the proposed encryption process, are displayed in Fig. 5g–i, respectively. Finally, the decrypted images acquired by using all the correct keys are shown in Fig. 5j, k. These results signify that each decrypted image and its corresponding plaintext are completely equal, or the influence of crosstalk noise is non-existent. Thus, the proposal is feasible and effective, and can retrieve the high-quality images without the crosstalk noise.

Figure 5.

(a, b) The two plaintexts, (c) RAM, (d) RPM, (e, f) the two encryption keys, (g) the ciphertext E, (h) DK₁, (i) DK₂, (j, k) the two decrypted images.

To evaluate the information-leakage-free of the proposal, Fig. 6a–f show the decrypted images with releasing of E, DK₁, and DK₂. Figure 7a–f illustrate the decrypted images when two of these masks are utilized. According to Figs. 6 and 7, each of all the decrypted images has the noise-like distribution, where no useful information of the two plaintexts appears. We illustrated that the information-leakage issue has been thoroughly settled in the proposal.

Figure 6.

Decrypted images with (a, b) E, (c, d) DK₁, and (e, f) DK₂.

Figure 7.

Decrypted images with (a, b) E and DK₁, (c, d) E and DK₂, and (e, f) DK₁ and DK₂.

We have further validated the sensitivity of the proposal for the additional keys, i.e., the three diffraction distances d₁, d₂, and d₃, and the illuminating wavelength λ. Figures 8, 9, 10 and 11 illustrate the sensitive results of those keys, where the deviation ranges of those keys are [− 50 50]. These results invariably reveal that the CC values are one, only when the deviation is equal to zero. And for other values of the deviation, the CC values are below or equal to 0.0863. Moreover, when the deviations are − 1 and 1, all the decrypted images have no useful content of the two plaintexts. Therefore, the proposal has four sensitive additional keys, which can further reinforce the security of the proposal.

Figure 8.

Relation curves of the CC value versus Δd₁, where the decrypted images using Δd₁ of (a, b) − 1, and (c, d) 1.

Figure 9.

Relation curves of the CC value versus Δd₂, where the decrypted images using Δd₂ of (a, b) − 1, and (c, d) 1.

Figure 10.

Relation curves of the CC value versus Δd₃, in which decrypted images using Δd₃ of (a, b) − 1, and (c, d) 1.

Figure 11.

Relation curves of the CC value versus Δλ, in which decrypted images using Δλ of (a, b) − 1, and (c, d) 1.

To further demonstrate the robustness of the proposal against noise and occlusion attacks, Fig. 12 illustrates the decrypted results when the ciphertext is contaminated by the zero-mean white additive Gaussian noise with $\sigma =0.2$ and $\sigma =0.3$. Figure 13 represents the decrypted results acquired from the ciphertexts with 3% and 5% occlusion. According to Figs. 12 and 13, the quality of the decrypted images steadily worsens with the increase of the noise or occlusion strength. Although the content of those images becomes blurred for $\sigma =0.3$ noise or 5% occlusion, the main-structure information can be still distinguished. Hence, it is verified for these results that the proposal has the resistance to noise and occlusion attacks.

Figure 12.

Decrypted images with Gaussian noise with (a, b) $\sigma =0.2$, (c, d) $\sigma =0.3$.

Figure 13.

(a) Ciphertext with 3% occlusion, (b, c) decrypted images of (a, d) ciphertext with 5% occlusion, (e, f) decrypted images of (d).

Furthermore, we have proved the validity of the proposal against known-plaintext attack (KPA). The decryption keys of our scheme varies with the different plaintext pair. In the KPA simulation, Fig. 5a, b, g serve as a known plaintext pair and their corresponding ciphertext. Using the proposal, RAM (Fig. 5c) and RPM (Fig. 5d) encrypt the plaintext pair in Fig. 5a, b, and the private keys in Fig. 5h, i are generated. Figure 14a, b demonstrate the other plaintext pair. Figure 14c illustrates the ciphertext of Fig. 14a, b, which were produced by the proposal, RAM′ and RPM′. RAM and RPM are different from RAM′ and RPM′, respectively. When all the correct parameters, viz., RAM (Fig. 5c), RPM (Fig. 5d), and the private keys (Fig. 5h, i) are used, the two retrieved results of Fig. 14c are shown in Fig. 14d, e. For better explaining the security of this scheme, we have retrieved Fig. 14c in the other two cases in which we suppose that the attacker has known one out of RAM′ and RPM′. Figure 14f, g demonstrate the results of Fig. 14c with RPM′, $D{K}_1^{\prime }$, $D{K}_2^{\text{RPM}\prime }$, and for the other abovementioned conditions. Figure 14h, i illustrate the results of Fig. 14c using RAM′, $D{K}_1^{\text{RAM}\prime }$, $D{K}_2^{\text{RAM}\prime }$, and the other conditions mentioned above. The information of Fig. 14a, b cannot be deciphered from Fig. 14d–i. Hence, the proposal is immune to KPA.

Figure 14.

(a, b) the other plaintext pair, (c) ciphertext of (a, b) with RPM' and RAM', retrieved images of (c) using (d, e) RAM, RPM, DK₁, DK₂, (f, g) RAM, RPM', $D{K}_1^{\prime }$, $D{K}_2^{\prime }$, and (h, i) RAM', RPM, $D{K}_1^{\prime }$, $D{K}_2^{\prime }$.

Finally, we have also demonstrated that the proposal can resist SA⁴⁴. SA is a single iteration process, which stem from the modified amplitude-phase retrieval algorithm. The results of SA with two unknown masks, viz., RAM and RPM, are illustrated in Fig. 15a–c. Moreover, the results of SA, when the knowledge of one of RAM and RPM is lacking, are illustrated in Fig. 15d–i. Figure 16 shows the results of SA using Qin and Peng’s scheme³⁵. It is shown in Fig. 15a, d, g, that the six curves are unstable and non-convergent. According to Fig. 15b, c, e, f, h, i, no information can be deciphered of the two plaintexts (Fig. 15a, b). Therefore, we have shown that the proposal can effectively resist SA.

Figure 15.

Results of SA using our proposal: the CC value versus number of iterations with (a) two unknown masks (RAM and RPM), (d) unknown RPM, and (g) unknown RAM, respectively; the recovered images after 200 iterations with (b, c) two unknown masks (RAM and RPM), (e, f) unknown RPM, and (h, i) unknown RAM, respectviely.

Figure 16.

Results of SA using Qin and Peng’s scheme: (a) the CC value versus number of iterations, and (b, c) recovered images after 200 iterations.

Concluding remarks

An optical phase-truncation-based double-image encryption was developed using the equal modulus decomposition and random masks. The proposal utilizes RAM and RPM to generate a single ciphertext and two private keys. This scheme is novel, and acquires the decrypted images immune to the crosstalk noise. Particularly, the random masks cause insufficient constraints to be utilized for SA. Our proposal, when compared with the reported techniques via PT, has no problem of information leakage, and can efficiently resist different types of attacks. Furthermore, the four parameters serve as additional keys for enhancing the security. Numerical simulation results validate the advantages of the proposal.

Author contributions

G.L. conceived idea, performed programming and numerical analysis, and wrote manuscript. C.Q. reviewed the manuscript.

Data availability

Data are available from the corresponding author upon reasonable request.

Competing interests

The authors declare no competing interests.