Asymmetric double-image encryption method by using iterative phase retrieval algorithm in fractional Fourier transform domain

Liansheng Sui; Haiwei Lu; Xiaojuan Ning; Yinghui Wang

doi:10.1117/1.OE.53.2.026108

4 March 2014 Asymmetric double-image encryption method by using iterative phase retrieval algorithm in fractional Fourier transform domain

Liansheng Sui, Haiwei Lu, Xiaojuan Ning, Yinghui Wang

Author Affiliations +

Optical Engineering, Vol. 53, Issue 2, 026108 (March 2014). https://doi.org/10.1117/1.OE.53.2.026108

Abstract

A double-image encryption scheme is proposed based on an asymmetric technique, in which the encryption and decryption processes are different and the encryption keys are not identical to the decryption ones. First, a phase-only function (POF) of each plain image is retrieved by using an iterative process and then encoded into an interim matrix. Two interim matrices are directly modulated into a complex image by using the convolution operation in the fractional Fourier transform (FrFT) domain. Second, the complex image is encrypted into the gray scale ciphertext with stationary white-noise distribution by using the FrFT. In the encryption process, three random phase functions are used as encryption keys to retrieve the POFs of plain images. Simultaneously, two decryption keys are generated in the encryption process, which make the optical implementation of the decryption process convenient and efficient. The proposed encryption scheme has high robustness to various attacks, such as brute-force attack, known plaintext attack, cipher-only attack, and specific attack. Numerical simulations demonstrate the validity and security of the proposed method.

1. Introduction

With the rapid popularity of computer networks, images as an effective carrier of information have been widely used in various fields of modern society and image encryption issues have become an important field for information security. Since Refregier and Javidi¹ proposed the classical optical double-random phase encoding (DRPE) technique, many optical encryption and authentication systems in Fourier transform (FT), Fresnel transform (FrT), fractional Fourier transform (FrFT), and gyrator transform (GT) domains have been proposed during the past decades.²^–¹¹ Moreover, Alfalou and Brosseau¹² pointed out that these techniques can be used for compression operations simultaneously. Though most reported optical encryption techniques based on DRPE have the excellent parallel and multidimensional capability of signal processing, it should be pointed out that these schemes belong to the category of symmetric cryptosystems, where the keys in the encryption process are used for decryption. Some research investigations indicate that these schemes are vulnerable to the conventional attacks because of the inherently linear property of mathematical or optical transformation.¹³^–¹⁵ In order to resist these attacks, Qin and Peng¹⁶ proposed an asymmetric encryption based on the phase-truncated Fourier transform (PTFT), where the decryption keys are different from the encryption keys and the linearity of the cryptosystem is broken by using the nonlinear operation of phase truncation.

Recently, multiple-image encryption based on multiplexing techniques has received increasing attention in the field of information security since Situ and Zhang¹⁷ proposed the multiple-image encryption approaches using wavelength and position multiplexing with Gaussian low-pass filtering. Alfalou and Mansour¹⁸ proposed an encryption scheme which is divided into two security layers, and target images are multiplexed and simultaneous encoded by using the iterative Fourier transformations in the first layer. In subsequent work, Alfalou et al.¹⁹ implemented simultaneous fusion, compression, and encryption of multiple images based on the discrete cosine transform. Wang and Zhao²⁰ proposed a fully phase image encryption based on superposition principle and hologram, where a real-valued original image is encoded into a phase-only function (POF). Deng and Zhao²¹ suggested a multiple-image encryption by using a phase retrieval algorithm and intermodulation in the Fourier domain, which avoids the cross-talk of decrypted images. Hwang et al.²² proposed a multiple-image encryption and multiplexing approach based on a modified Gerchberg–Saxton algorithm (MGSA) in the FrT domain, which reduces the cross-talks significantly. Chang et al.²³^,²⁴ also suggested the position multiplexing encryption using cascaded phase-only masks based on the MGSA.

As a special case, double-image encryption also has attracted much attention in optical cryptosystem. Li and Wang²⁵ proposed a double-image encryption algorithm based on phase-retrieval technique and GT, where two images can be simultaneously encrypted into a single one as the amplitudes of gyrator. Liu et al.²⁶ encrypted two original images into the real part and imaginary part of a complex function, respectively, which are exchanged randomly by using a random binary encoding data generated by chaotic map. Wang and Zhao²⁷ suggested an asymmetric algorithm to encrypt two covert images into an overt image based on phase retrieval and PTFT, in which the encryption keys are different from those in decryption process. However, Wang and Zhao²⁸ designed a specific attack by using a two-step iterative amplitude-retrieval approach according to PTFT-based cryptosystems. With this attack, the encrypted information would be revealed when the encryption keys are used as public keys. Subsequently, Wang and Zhao²⁹ suggested another asymmetric double-image encryption, which has a high level of robustness against this attack. Li and Wang³⁰ proposed a double-image encryption based on discrete fractional random transform and chaotic maps, which can raise the efficiency when encrypting, storing, or transmitting. Zhang and Xiao³¹ designed a double-optical images encryption using discrete Chirikov standard map and chaos-based discrete fractional random transform, where Chirikov standard map is utilized to scramble the pixel positions and intensity values, respectively.

In this article, a double-image encryption scheme is proposed based on an asymmetric technique, in which the encryption and decryption processes are different and the encryption keys are not identical to the decryption ones. The encryption process can be performed digitally, in which the POFs of two plain images are obtained by using the iterative phase retrieval algorithm, and the interim-encrypted matrices generated with POFs are modulated into a complex image with the convolution operation in FrFT domain. Finally, the complex image is transformed to the real-value ciphertext with stationary white-noise distribution. The decryption process can be implemented optically and only two decryption keys produced in the encryption process are used as phase masks, which is convenient and efficient by using the classical DRPE system. Simulation results and security analysis verify that the proposed double-image encryption has a high level of robustness against brute-force attack, known plaintext attack and specific attack.

The rest of this article is organized as follows. In Sec. 2, the basic principles and the processed of encryption and decryption are introduced in detail. In Sec. 3, numerical simulation results and security analysis are given. Finally, the conclusion is given in Sec. 4.

2. Encryption and Decryption Process

2.1.

Phase-Retrieval Algorithm Based on Iterative FrFT

The Gerchberg–Saxton algorithm (GSA) is a powerful tool which is used in image encryption cryptosystems, which is usually employed to encode plaintext into a POF in the Fourier domain. Though it is sufficient to retrieve the phase function with the FTs back and forth between the object and the Fourier domains, it suffers from some drawbacks such as slow convergence speed in practical applications. In order to solve this problem, a POF-retrieval algorithm shown in Fig. 1 is implemented in Ref. 32.

Fig. 1

Diagram of the iterative phase-retrieval process in the fractional Fourier transform domain.

The FrFT at order $α$ of a two-dimensional function $f (x_{i}, y_{i})$ can be expressed as

Eq. (1)

f (x_{o}, y_{o}) = F^{α} [f_{i} (x_{i}, y_{i})] (x_{o}, y_{o}) = \iint_{- \infty}^{+ \infty} K (x_{i}, y_{i}; x_{o}, y_{o}) f (x_{i}, y_{i}) d x_{i} d y_{i},

where

(x_{i}, y_{i})

and

(x_{o}, y_{o})

indicate the input and output coordinates, respectively, and the transform kernel is denoted as

Eq. (2)

K (x_{i}, y_{i}; x_{o}, y_{o}) = A_{ϕ} \exp {i π [(x_{i}^{2} + y_{i}^{2} + x_{o}^{2} + y_{o}^{2}) \cot ϕ_{α} - 2 (x_{i} x_{o} + y_{i} y_{o}) \csc ϕ_{α}]},

Eq. (3)

A_{ϕ} = \frac{\exp [- i π sgn (\sin ϕ_{α}) / 2 + i ϕ_{α}]}{| \sin ϕ_{α} |} .

The $A_{ϕ}$ is a trivial phase parameter and $ϕ_{α} = α π / 2$ is the transform angle. The FrFT is linear and has the property that it is index additive

Eq. (4)

F^{α} {F^{β} [f (x, y)]} = F^{α + β} [f (x, y)] .

In addition, the FrFT satisfies the Parseval energy conservation theorem

Eq. (5)

\iint_{- \infty}^{+ \infty} {| F^{α} [f (x_{i}, y_{i})] |}^{2} d x_{0} d y_{0} = \iint_{- \infty}^{+ \infty} {| f (x_{i}, y_{i}) |}^{2} d x_{i} d y_{i} .

The POF-retrieval algorithm is based on the iterative FrFT process between two grayscale images proposed firstly in Ref. 33. Images $f$ and $g$ are placed at the input and output planes, respectively, between which are three phase masks placed in three continuous FrFT planes. Let the function $h$ denotes an interim-encrypted image and $α_{1}$ , $α_{2}$ , $β_{1}$ , $β_{2}$ denote two different groups of fractional orders. Giving five-phase functions, which are distributed in the interval $[0, 2 π]$ and denoted by $ϕ_{1}$ , $ϕ_{2}$ , $ξ_{1}$ , $ξ_{2}$ and $ψ$ , respectively, the relationship between the images and phase functions is expressed as

Eq. (6)

h \exp (j ψ) = F^{α_{2}} {F^{α_{1}} [f \exp (j ϕ_{1})] \exp (j ϕ_{2})} = F^{β_{2}} {F^{β_{1}} [g \exp (j ξ_{1})] \exp (j ξ_{2})},

where

F^{α}

denotes FrFT with the fractional order

α

. Initially, the functions

h

,

ϕ_{1}

,

ϕ_{2}

,

ξ_{1}

,

ξ_{2}

and

ψ

are unknown. Equation (6) indicates that the two images satisfy the following relationship:

Eq. (7)

F^{- β_{1}} (F^{α_{2} - β_{2}} {F^{α_{1}} [f \exp (j ϕ_{1})] \exp (j ϕ_{2})} \exp (- j ξ_{2})) = g \exp (j ξ_{1}) .

According to Eq. (7), the phase functions $ϕ_{1}$ , $ϕ_{2}$ , $ξ_{1}$ and $ξ_{2}$ are obtained with the iterative process, which consists of a number of cycling iterations. Suppose that in the $k$ ’th iteration the phase distributions $ϕ_{1}^{k}$ , $ϕ_{2}^{k}$ , $ξ_{2}^{k}$ are known, then the output-complex image ${\hat{g}}^{k}$ is expressed as

Eq. (8)

{\hat{g}}^{k} = F^{- β_{1}} (F^{α_{2} - β_{2}} {F^{α_{1}} [f \exp (j ϕ_{1}^{k})] \exp (j ϕ_{2}^{k})} \exp (- j ξ_{2}^{k})) .

Its phase and amplitude are expressed as follows

Eq. (9)

ξ_{1}^{k} = \arg {{\hat{g}}^{k}}, g^{k} = | {\hat{g}}^{k} | .

Substituting the phase function $ξ_{1}^{k}$ into Eq. (6), the phase functions $ξ_{2}^{k + 1}$ , $ϕ_{2}^{k + 1}$ , $ϕ_{1}^{k + 1}$ in next iteration are updated by

Eq. (10)

ξ_{2}^{k + 1} = \arg (\frac{F^{α_{2} - β_{2}} {F^{α_{1}} [f \exp (j ϕ_{1}^{k})] \exp (j ϕ_{2}^{k})}}{F^{β_{1}} [g \exp (j ξ_{1}^{k})]}),

Eq. (11)

ϕ_{2}^{k + 1} = \arg (\frac{F^{β_{2} - α_{2}} {F^{β_{1}} [g \exp (j ξ_{1}^{k})] \exp (j ξ_{2}^{k + 1})}}{F^{α_{1}} [f \exp (j ϕ_{1}^{k})]}),

Eq. (12)

ϕ_{1}^{k + 1} = \arg [F^{- α_{1}} (F^{β_{2} - α_{2}} {F^{β_{1}} [g \exp (j ξ_{1}^{k})] \exp (j ξ_{2}^{k + 1})} \exp (- j ϕ_{2}^{k + 1}))] .

In order to decide whether the iteration stops, the correlation coefficient (CC) or the mean square error (MSE) between the iterated image and the original one is used as convergent criterion. These criterions are expressed as

Eq. (13)

CC = \frac{E {[g - E (g)] [g^{k} - E (g^{k})]}}{\sqrt{E {{[g - E (g)]}^{2}}} \sqrt{E {{[g^{k} - E (g^{k})]}^{2}}}},

Eq. (14)

MSE = \frac{\sum_{0}^{M - 1} \sum_{0}^{N - 1} {[g - g^{k}]}^{2}}{M \times N},

where

g

and

g^{k}

denote the original image and the iterated one, and

E [\cdot]

denotes the expected value operator. In the process of iteration, if CC is larger than a predefined threshold which is close to 1 or MSE is lower than a predeﬁned threshold which is close to 0, the iterative process ends. Suppose the number of iteration is

K

, then the optimized phase functions are obtained as follows:

Eq. (15)

ϕ_{1} = ϕ_{1}^{K}, ϕ_{2} = ϕ_{2}^{K}, ξ_{1} = ξ_{1}^{K - 1}, ξ_{2} = ξ_{2}^{K} .

In Fig. 1, $f (x_{i}, y_{i})$ and $g (x_{o}, y_{o})$ denote the input and output image, respectively. In order to compute the POF of the image $f (x_{i}, y_{i})$ , $g (x_{o}, y_{o})$ is constrained to unity amplitude [ $g (x_{o}, y_{o}) = 1$ ]. When the convergent criterion between $f (x_{i}, y_{i})$ and its approximation $\hat{f} (x_{i}, y_{i})$ is reached, the resultant pure phase functions $ϕ_{1} (x_{i}, y_{i})$ and $ξ_{1} (x_{o}, y_{o})$ are obtained, respectively, where the function $ξ_{1} (x_{o}, y_{o})$ is finally used as the POF of image $f (x_{i}, y_{i})$ . At the beginning of the iterative process, the initial phase masks $ϕ_{1}^{0}$ , $ϕ_{2}^{0}$ , $ξ_{2}^{0}$ are generated randomly.

2.2.

Encryption and Decryption Processes

The proposed double-image encryption is based on the iterative phase-retrieval algorithm, which belongs to the category of asymmetric cryptosystem. The encryption process is shown in Fig. 2. Let $f_{i} (i = 1, 2)$ denote two original plaintext images to be encoded, the encryption process is described as follows:

• Given a three initial random phase function $ϕ_{1}^{0}$ , $ϕ_{2}^{0}$ , $ξ_{2}^{0}$ , the iterative phase-retrieval process is performed on the image $f_{i}$ in the POF-retrieval module. First, the relationship between $f_{i}$ and the unity amplitude image $g$ is built by using Eq. (6), and then the iterative phase-retrieval process is performed by using Eqs. (10)–(12). The convergent criterion is set to a MSE threshold. When the MSE between $f_{i}$ and its approximation ${\hat{f}}_{i}$ is lower than the threshold, the iteration process ends and the optimized phase functions $ϕ_{i, 1}$ , $ϕ_{i, 2}$ , $ξ_{i, 1}$ , and $ξ_{i, 2}$ are obtained by using Eq. (15). In this process, the fractional orders $α_{1}$ , $α_{2}$ are used for the plaintext image $f_{i}$ and $β_{1}$ , $β_{2}$ for the unity amplitude image $g$ . In addition, the phase function $ϕ_{i, 2}$ will be used as the decryption key.
• In the interim image generation module, a complex matrix is produced by using the unity amplitude image $g$ and two corresponding phase functions $ξ_{i, 1}$ , $ξ_{i, 2}$ , which is expressed as
Eq. (16)
$H_{i} = h_{i} \exp (j ψ_{i}) = F^{β_{2}} {F^{β_{1}} [g \exp (j ξ_{i, 1})] \exp (j ξ_{i, 2})} .$
• In the phase modulation, two matrices $H_{i}$ are combined into one complex matrix $H$ by using convolution and the combined matrix $H$ can be written as
Eq. (17)
$H = [h_{1} \exp (j ψ_{1})] * [h_{2} \exp (j ψ_{2})],$
where the symbol * denotes the convolution operation.
• The combined matrix $H$ is transformed to $\hat{H}$ by using the FrFT with the fractional order $α_{3}$ , which is expressed as
Eq. (18)
$\hat{H} = F^{α_{3}} (H) = F^{α_{3}} {[h_{1} \exp (j ψ_{1})] * [h_{2} \exp (j ψ_{2})]} .$

Fig. 2

Diagram of double-image encryption process.

In the same time, the amplitude of $\hat{H}$ is extracted as the real-value ciphertext $C_{final}$ by using following equation

Eq. (19)

C_{final} = | \hat{H} | = | F^{α_{3}} {[h_{1} \exp (j ψ_{1})] * [h_{2} \exp (j ψ_{2})]} | .

Additionally, a decryption key $ϕ_{i, d}$ is generated as following:

Eq. (20)

ϕ_{i, d} = \arg [\exp (j \arg {F^{α_{3}} [h_{i} \exp (j ψ_{i})]}) \frac{| F^{α_{3}} [h_{i} \exp (j ψ_{i})] |}{| H |}],

where

| H |

denotes the amplitude of the combined matrix.

The decryption process is depicted in Fig. 3, which is different from the encryption process and much simple. It should be paid attention to the following main steps

• When decrypting the plaintext image $f_{i}$ , the complex matrix ${\hat{H}}_{i}$ is first generated by multiplying the ciphertext $C_{final}$ with the phase function $\exp (j ϕ_{i, d})$ produced with the corresponding decryption key $ϕ_{i, d}$ .
• The complex matrix ${\hat{H}}_{i}$ is transformed to $H_{i}$ by using the inverse FrFT with the fractional order $- (α_{2} + α_{3})$ , and then $h_{i}$ is generated by multiplying $H_{i}$ with the phase matrix $\exp (- j ϕ_{i, 2})$ produced with another corresponding decryption key $ϕ_{i, 2}$ .
• The complex matrix $h_{i}$ is transformed to ${\hat{h}}_{i}$ by using the inverse FrFT with the fractional order $- α_{1}$ , and then the amplitude of the matrix ${\hat{h}}_{i}$ is extracted as the decrypted image $f_{i}$ , which is expressed as
Eq. (21)
$f_{i} = | F^{- α_{1}} {F^{- (α_{2} + α_{3})} [C_{final} \exp (j ϕ_{i, d})]} \exp (- j ϕ_{i, 2}) | .$

Fig. 3

Diagram of double-image decryption process.

From above description of the encryption and decryption processes, one can see that only three random phase functions denoted by $ϕ_{1}^{0}$ , $ϕ_{2}^{0}$ , and $ξ_{2}^{0}$ is used as the encryption keys, which have no relationship with decryption. Simultaneously, the phase functions $ϕ_{i, 2}$ and $ϕ_{i, d}$ produced in the encryption process are used as the decryption keys according to each decrypted image $f_{i}$ , which are directly related to the original plaintext images. Apparently, the keys for decryption are different from those for encryption, which means the entire cryptosystem is asymmetric. As we all know, some cryptosystems are vulnerable to the conventional attacks such as known plaintext attack and chosen plaintext attack because of the linearity and symmetry existed in these encryption schemes.¹³^–¹⁵ The proposed asymmetric double-image encryption scheme can break the linearity of the cryptosystem and has high resistance against to these conventional attacks. In addition, the decryption keys $ϕ_{i, 2}$ and $ϕ_{i, d}$ can be assigned to different valid users in order to enhance the security, in which each original plaintext image $f_{i}$ can be decrypted if all two phase masks $\exp (j ϕ_{i, d})$ and $\exp (- j ϕ_{i, 2})$ are correctly placed in the verification system.

The proposed asymmetric double-image encryption scheme can be implemented with an electro-optical hybrid setup. It is worth noting that although the encryption process and the formation of decryption keys are complicated and can be realized digitally with the help of computer, the decryption process is much simple and can be implemented with some optoelectronic devices. A simple optical setup is depicted in Fig. 4, which is based on the $4 f$ imaging system similar to DRPE. When decrypting the image $f_{i}$ , the phase masks PM1 and PM2 are only placed with the phase masks $\exp (j ϕ_{i, d})$ and $\exp (- j ϕ_{i, 2})$ , respectively. Obviously, the decryption process is convenient and efficient.

Fig. 4

Optical implementation of decryption process.

3. Numerical Simulation and Security Analysis

Numerical simulations have been performed to verify the feasibility and effectiveness of the proposed asymmetric double-image encryption scheme. Two grayscale images “Zelda” and “Baboon” with $256 \times 256 pixels$ and 256 Gy levels, which are shown in Figs. 5(a) and 5(b), are used for encryption. The related fractional orders are set as $α_{1} = 0.2$ , $α_{2} = α_{1} + 0.4$ , $β_{1} = α_{1} + 0.3$ , $β_{2} = α_{2} + 0.1$ , and $α_{3} = α_{1} + 0.1$ . The ciphertext image encrypted by using three random phase functions as encryption keys is shown in Fig. 5(c), which looks like white noise. The decryption keys generated in the encryption process and used for the correct decrypted image “Zelda” are shown in Figs. 6(a) and 6(b), whereas the keys for image “Peppers” are shown in Figs. 6(c) and 6(d). The corresponding decrypted images with the correct decryption keys are shown in Figs. 6(e) and 6(f).

Fig. 5

(a) Image “Zelda,” (b) image “Peppers,” and (c) ciphertext.

Fig. 6

(a) Decryption key $ϕ_{i, 2}$ for image “Zelda,” (b) decryption key $ϕ_{i, d}$ for image “Zelda,” (c) decryption key $ϕ_{i, 2}$ for image “Peppers,” (d) decryption key $ϕ_{i, d}$ for image “Peppers,” (e) decrypted image “Zelda,” and (f) decrypted image “Peppers.”

3.1.

Brute-Force Attack Analysis

The robustness against the brute-force attack is tested, in which an invalid user attempts to retrieve the original images with two possible ways, namely decode plaintext with (1) no keys, (2) two arbitrarily selected phase functions from the encryption keys. Figures 7(a) and 7(b) display the decrypted results by using no keys and arbitrarily selected phase functions, from which an invalid user cannot obtain any useful information. So, the proposed asymmetric has powerful ability to resist the brute-force attack.

Fig. 7

Decrypted results using (a) no keys and (b) two arbitrarily selected phase functions.

3.2.

Potential Attack Analysis

Usually, there are four conventional potential attacks, such as cipher-only attack, known plaintext attack, chosen plaintext attack, and chosen ciphertext attack, in which chosen plaintext attack is the most powerful attack. If a cryptosystem can resist chosen plaintext attack, it can resist other attacks. According to the proposed asymmetric double-image encryption, an illegal user can use the same encryption keys $ϕ_{1}^{0}$ , $ϕ_{2}^{0}$ , and $ξ_{2}^{0}$ to encrypt two fake plaintext images and obtain the phase functions $ϕ_{i, 2}$ , $ϕ_{i, d}$ to decrypt the original ciphertext in order to retrieve the corresponding plaintext $f_{i}$ . Supposing images “Lena” and “Baboon” shown in Figs. 8(a) and 8(b) are chosen as fake plaintext images, the phase functions $ϕ_{i, 2}$ and $ϕ_{i, d}$ are obtained in the encryption process and used to decrypt the original ciphertext of “Zelda” and “Peppers”. Figures 8(c) and 8(d) display the decrypted images of “Zelda” and “Peppers,” respectively. As it is seen from Figs. 8(c) and 8(d), the retrieved images provide no valuable information on the content of “Zelda” and “Peppers” though the fake plaintexts themselves can be seen faintly.

Fig. 8

Two fake plaintext images (a) “Lena,” (b) “Baboon,” (c) decrypted “Zelda,” and (d) decrypted “Peppers.”

Similar to the ciphertext-only attack proposed in Ref. 26, the phase-retrieval algorithm shown in Fig. 9 is introduced into the decryption process as a test. Supposing the invalid user has known the phase function $ϕ_{i, d}$ , he can recover the function $ϕ_{i, 2}$ by use of FrFT. Thus, the original images $f_{i}$ can be decrypted by using Eq. (21). Initially, the phase function $ϕ_{i, 2}^{0}$ is generated randomly. The process is simulated with 300 iterations. The decryption results are displayed in Fig. 10. Figure 10(a) shows that the values of the MSE curves are large, which means the phase function $ϕ_{i, 2}$ cannot be retrieved. Figures 10(b) and 10(c) show the decrypted image “Zelda” and “Peppers,” respectively, which are noise-like images. The results have demonstrated that the proposed encryption scheme has high security under the ciphertext-only attack.

Fig. 9

The diagram of ciphertext-only attack by using the phase-retrieval algorithm.

Fig. 10

The results of ciphertext-only attack: (a) mean square error (MSE) curves, (b) decrypted image “Zelda,” and (c) decrypted image “Peppers.”

3.3.

Occlusion Attack Analysis

The robustness against occlusion attack is analyzed. When considering the robustness against occlusion, the decryption process should be performed on the ciphertext of “Zelda” and “Peppers” with all correct decryption keys, in which the ciphertext image is occluded partly. Figure 11(a) shows the occluded ciphertext whose pixel values at the left-top corner are replaced with 0 in simulation, namely the ciphertext is cropped by 50% in the left side. Figures 11(b) and 11(c) display the corresponding recovered images from Fig. 11(a). Figure 12(a) shows the occluded ciphertext whose left-side pixel values are replaced with 0, and Figs. 12(b) and 12(c) display the recovered. Apparently, the main information of the original images can be recognized visually from the decrypted ones. Similar results can be obtained when the ciphertext is cropped by 50% or 100% in the right side. So, the proposed asymmetric double-image encryption has high robustness against occlusion attack.

Fig. 11

(a) Ciphertext with 50% occlusion in the left side, (b) decrypted image “Zelda,” and (c) decrypted image “Peppers.”

Fig. 12

(a) Ciphertext with 100% occlusion in the left side, (b) decrypted image “Zelda,” and (c) decrypted image “Peppers.”

3.4.

Noise Attack Analysis

When considering the robustness against noise, a Gaussian random noise is added to the ciphertext of “Zelda” and “Peppers,” in which the noise interferes with the ciphertext image in the following way:

Eq. (22)

C^{'} = C (1 + k G),

where

C

and

C^{'}

are the original ciphertext and the noise-affected ciphertext image, respectively,

k

is a coefficient which denotes the noise strength, and

G

is a Gaussian random noise with zero-mean and identity standard deviation. Figure 13 shows the decrypted images of “Zelda” when

k

is set to 0.2, 0.4, 0.6, 0.8, and 1.0. Similar results can be obtained for image “Peppers.” From Fig. 13, it is obvious that the content of the decrypted images can be recognized despite of noise interference, and the proposed encryption scheme has high robustness against noise attack.

Fig. 13

Decrypted images with coefficient $k$ : (a) $k = 0.2$ , (b) $k = 0.4$ , (c) $k = 0.6$ , (d) $k = 0.8$ , and (e) $k = 1.0$ .

3.5.

Statistical Analysis

The contribution of fractional orders on the security of the proposed double-image encryption is researched. Figure 14 shows the relationship between MSE and the deviation of the fractional order $α_{1}$ . When $α_{1}$ is correct, the MSE value between the original image “Zelda” with its decrypted one approximates to zero. When $α_{1}$ slightly departs from the correct value, the MSE value sharply increases. Similar result is obtained according to image “Peppers.” In practical, if the deviation of the order $α_{1}$ is larger than 0.006, the content of decryption images cannot be recognized totally. Figures 15(a) and 15(b) show the decrypted images “Zelda” and “Peppers,” respectively, while the deviation of the order $α_{1}$ equals 0.006.

Fig. 14

The MSE versus the perturbation of the fractional order $α_{1}$ .

Fig. 15

(a) Decrypted image “Zelda” and (b) decrypted image “Peppers.”

In order to test the correlations of adjacent pixels, the 2000 pairs of adjacent pixels are randomly selected in vertical, horizontal, and diagonal directions from the plaintext images “Zelda” and “Peppers” as well as from the ciphertext, and then the CCs of two adjacent pixels is calculated as follows:

Eq. (23)

Cor = \frac{\sum_{i = 1}^{N} (x_{i} - \bar{x}) (y_{i} - \bar{y})}{\sqrt{[\sum_{i = 1}^{N} {(x_{i} - \bar{x})}^{2}] [\sum_{i = 1}^{N} {(y_{i} - \bar{y})}^{2}]}},

where

\bar{x} = 1 / N \sum_{i = 1}^{N} x_{i}

and

\bar{y} = 1 / N \sum_{i = 1}^{N} y_{i}

. Table 1 shows the results of CCs of the plaintext images and ciphertext, which indicates that the correlations of two adjacent pixels of the plaintext image is significant while that of ciphertext are very low. So, illegal user also cannot obtain any valid information from this statistical data.

Table 1

Correlation results in the plaintext images and ciphertext.

Correlation coefficient	Plaintext image		Encrypted image
Correlation coefficient	Zelda	Peppers	Ciphertext
Horizontal direction	0.9689	0.9677	0.0228
Vertical direction	0.9842	0.9753	0.0211
Diagonal direction	0.9528	0.9453	0.0400

Figure 16 displays the histograms of the ciphertext of two groups of original images, namely “Zelda” and “Peppers” shown in Figs. 5(a) and 5(b), “Lena” and “Baboon” shown in Figs. 8(a) and 8(b). Obviously, it can be concluded that the different original images have consistent statistical properties because the distributions of the histograms are similar. Thus, the histograms of ciphertext cannot provide any useful information for the invalid user to perform this kind of statistical analysis attack.

Fig. 16

(a) Histogram of the ciphertext of “Zelda” and “Peppers” (b) histogram of the ciphertext of “Lena” and “Baboon.”

Similar to the analysis process proposed in Ref. 34, the key spaces of the phase function $ϕ_{i, 2}$ , $ϕ_{i, d}$ as the decryption keys are analyzed, respectively. When decrypting the image “Zelda,” the phase function $ϕ_{1, d}$ is considered to fluctuate in certain range, namely there is a pseudo-key $ϕ_{1, d}^{'}$ satisfying the following relation:

Eq. (24)

\exp (j ϕ_{1, d}^{'}) = \exp (j ϕ_{1, d}) + \exp (j d Δ ϕ),

where

Δ ϕ

is a random phase function whose value is located in the range

(- π, π)

, and

d

is a coefficient whose value is located in the range

(- 1, 1)

. Then, the pseudo-key

ϕ_{1, d}^{'}

is used to decrypt the ciphertext, and the normalized MSE curve versus to coefficient

d

is shown in Fig. 17(a). When the MSE is more than 50, any valid information cannot be obtained from the decrypted image in vision. From Fig. 10, it is obvious that the maximum value of

Δ d

is 0.0538 while the normalized MSE is equal to 50, and the number of possible value for every pixel in the phase function is huge as

{(2 π / 0.0538)}^{256 \times 256}

. So, the key space of

ϕ_{1, d}

is estimated to be

S_{1} \approx 116^{256 \times 256}

. Similarly, the normalized MSE curve of the phase function

ϕ_{1, 2}

is shown in Fig. 17(b), and the corresponding key space is estimated

S_{2} \approx 6^{256 \times 256}

. So, the entire key space of the cryptosystem almost equals

S_{1} \times S_{2}

, which is enormous enough to resist brute-force attack.

Fig. 17

(a) The normalized MSE versus the perturbation of the phase function $ϕ_{1, d}$ and (b) the normalized MSE versus the perturbation of the phase function $ϕ_{1, 2}$ .

3.6.

Specific Attack Analysis

The proposed asymmetric double-image encryption scheme has inherent immunity to the specific attack proposed in Ref. 28. The encryption process of the asymmetric cryptosystem based on PTFT proposed in Ref. 16 is shown in Fig. 18, in which an image $f (x)$ is encrypted to the ciphertext $E_{o} (x)$ by using following equations:

Eq. (25)

g (u) = PT {FT [f (x) R (x)]},

Eq. (26)

E_{o} (x) = PT {IFT [g (u) R^{'} (u)]},

where

R (x)

and

R^{'} (u)

are two random phase functions as encryption keys. The decryption keys

P (u)

and

P^{'} (x)

are generated in the encryption process by following equations:

Eq. (27)

P (u) = PR {FT [f (x) R (x)]},

Eq. (28)

P^{'} (x) = PR {IFT [g (u) R^{'} (u)]},

where

PT (\cdot)

and

PR (\cdot)

denote the phase truncation and phase reservation operator, respectively. According to Fig. 18, the specific attack is divided into two steps.²⁸ The first step is used to retrieve estimations of

g (u)

and decryption by

P^{'} (x)

using

R^{'} (u)

and

E_{o} (x)

with an iteration process, which is expressed as

Eq. (29)

g_{k} (u) = PT {FT [E_{o} (x) P_{k}^{'} (x)]},

Eq. (30)

E_{k + 1} (x) = PT {IFT [g_{k} (u) R^{'} (u)]},

Eq. (31)

P_{k + 1}^{'} (x) = PR {IFT [g_{k} (u) R^{'} (u)]},

where the phase function

P_{0}^{'} (x)

is arbitrarily chosen. The second step is to obtain the decrypted image

f (x)

and decryption

P (u)

by using the estimation of

g (u)

and

R (x)

with another iteration process, which is expressed as

Eq. (32)

f_{k} (u) = PT {IFT [g_{0} (u) P_{k} (u)]},

Eq. (33)

g_{k + 1} (u) = PT {FT [f_{k} (x) R (x)]},

Eq. (34)

P_{k + 1} (u) = PR {FT [f_{k} (x) R (x)]},

where the initial phase function

g_{0} (u)

is the estimation of

g (u)

in first step.

Fig. 18

Diagram of the encryption process proposed in Ref. 28.

From above description of the specific attack, the encryption keys $R^{'} (u)$ and $R (x)$ is very important, which is used to retrieve the decryption keys $P^{'} (x)$ and $P (u)$ in two steps, respectively. The encryption mechanism of the proposed asymmetric scheme is different from the PTFT-based cryptosystem, where three random encryption keys $ϕ_{1}^{0}$ , $ϕ_{2}^{0}$ , and $ξ_{2}^{0}$ are only used for the POF retrieve of the plain image $f_{i}$ . In addition, the generation of the decryption key $ϕ_{i, d}$ has no relation to these encryption keys. So, the encryption keys cannot afford any information to recover the decryption keys and plaintext images.

4. Conclusion

In conclusion, a double-image encryption scheme based on asymmetric technique is proposed, in which the encryption and decryption processes are different and the decryption keys are not identical to the encryption ones. Three random phase functions are employed as encryption keys and used to retrieve the POFs of plain images based on the iterative phase retrieval process. Meanwhile, two interim-encrypted images generated with the corresponding phase functions are combined into a complex matrix, which is transformed to the real-value ciphertext with stationary white noise distribution. Owing to applications of the asymmetric technique, the fundamental drawbacks resulted from the linearity can be avoided and therefore high robustness against existing attacks can be achieved. A set of numerical simulations have illustrated the feasibility and effectiveness of the proposed encryption scheme.

Acknowledgments

This work was supported by Foundation of Shaanxi Education Department of Shaanxi Province under grant 11JK1032, Xi’an Science and Technology Bureau under grant CXY1120-1, the National Natural Science Foundation of China under grant number 61302135 and 61272284.

References

1.

P. RefregierB. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett., 20 (7), 767 –769 (1995). http://dx.doi.org/10.1364/OL.20.000767 OPLEDP 0146-9592 Google Scholar

2.

G. UnnikrishnanJ. JosephK. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett., 25 (12), 887 –889 (2000). http://dx.doi.org/10.1364/OL.25.000887 OPLEDP 0146-9592 Google Scholar

3.

B. HennellyJ. T. Sheridan, “Optical image encryption by random shifting in fractional Fourier domains,” Opt. Lett., 28 (4), 269 –271 (2003). http://dx.doi.org/10.1364/OL.28.000269 OPLEDP 0146-9592 Google Scholar

4.

H. LiY. Wang, “Information security system based on iterative multiple-phase retrieval in gyrator domain,” Opt. Laser Technol., 40 (7), 962 –966 (2008). http://dx.doi.org/10.1016/j.optlastec.2008.01.005 OLTCAS 0030-3992 Google Scholar

5.

S. Yuanet al., “Information hiding based on double random-phase encoding and public-key cryptography,” Opt. Express, 17 (5), 3270 –3284 (2009). http://dx.doi.org/10.1364/OE.17.003270 OPEXFF 1094-4087 Google Scholar

6.

M. Heet al., “Security enhanced optical encryption system by random phase key and permutation key,” Opt. Express, 17 (25), 22462 –22473 (2009). http://dx.doi.org/10.1364/OE.17.022462 OPEXFF 1094-4087 Google Scholar

7.

W. ChenX. Chen, “Space-based optical image encryption,” Opt. Express, 18 (26), 27095 –27104 (2010). http://dx.doi.org/10.1364/OE.18.027095 OPEXFF 1094-4087 Google Scholar

8.

N. ZhouY. WangJ. Wu, “Image encryption algorithm based on the multi-order discrete fractional Mellin transform,” Opt. Commun., 284 (2), 5588 –5597 (2011). http://dx.doi.org/10.1016/j.optcom.2011.08.034 OPCOB8 0030-4018 Google Scholar

9.

M. R. Abuturab, “Color information security system using discrete cosine transform in gyrator transform domain radial-Hilbert phase encoding,” Opt. Lasers Eng., 50 (9), 1209 –1216 (2012). http://dx.doi.org/10.1016/j.optlaseng.2012.03.020 OLENDN0 0143-8166 Google Scholar

10.

M. R. Abuturab, “Securing color image using discrete cosine transforming gyrator transform domain structured-phase encoding,” Opt. Lasers Eng., 50 (10), 1383 –1390 (2012). http://dx.doi.org/10.1016/j.optlaseng.2012.04.011 OLENDN0 0143-8166 Google Scholar

11.

W. ChenX. ChenC. J. R. Sheppard, “Optical color-image encryption and synthesis using coherent diffractive imaging in the Fresnel domain,” Opt. Express, 20 (4), 3853 –3865 (2012). http://dx.doi.org/10.1364/OE.20.003853 OPEXFF 1094-4087 Google Scholar

12.

A. AlfalouC. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photonics, 1 (3), 589 –636 (2009). http://dx.doi.org/10.1364/AOP.1.000589 AOPAC7 1943-8206 Google Scholar

13.

A. Carniceret al., “Vulnerability to chosen-cyphertext attacks of optical encryption schemes based on double random phase keys,” Opt. Lett., 30 (13), 1644 –1646 (2005). http://dx.doi.org/10.1364/OL.30.001644 OPLEDP 0146-9592 Google Scholar

14.

X. PengH. WeiP. Zhang, “Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain,” Opt. Lett., 31 (22), 3261 –3263 (2006). http://dx.doi.org/10.1364/OL.31.003261 OPLEDP 0146-9592 Google Scholar

15.

X. Penget al., “Known-plaintext attack on optical encryption based on double random phase keys,” Opt. Lett., 31 (8), 1044 –1046 (2006). http://dx.doi.org/10.1364/OL.31.001044 OPLEDP 0146-9592 Google Scholar

16.

W. QinX. Peng, “Asymmetric cryptosystem based on phase-truncated Fourier transforms,” Opt. Lett., 35 (2), 118 –120 (2010). http://dx.doi.org/10.1364/OL.35.000118 OPLEDP 0146-9592 Google Scholar

17.

G. SituJ. Zhang, “Multiple-image encryption by wavelength multiplexing,” Opt. Lett., 30 (11), 1306 –1308 (2005). http://dx.doi.org/10.1364/OL.30.001306 OPLEDP 0146-9592 Google Scholar

18.

A. AlfalouA. Mansour, “Double random phase encryption scheme to multiplex and simultaneous encode multiple images,” Appl. Opt., 48 (31), 5933 –5947 (2009). http://dx.doi.org/10.1364/AO.48.005933 APOPAI 0003-6935 Google Scholar

19.

A. Alfalouet al., “Simultaneous fusion, compression, and encryption of multiple images,” Opt. Express, 19 (24), 24023 –24029 (2011). http://dx.doi.org/10.1364/OE.19.024023 OPEXFF 1094-4087 Google Scholar

20.

X. WangD. Zhao, “Fully phase multiple-image encryption based on superposition principle and the digital holographic technique,” Opt. Commun., 285 (21–22), 4280 –4284 (2012). http://dx.doi.org/10.1016/j.optcom.2012.06.061 OPCOB8 0030-4018 Google Scholar

21.

X. DengD. Zhao, “Multiple-image encryption using phase retrieve algorithm and intermodulation in Fourier domain,” Opt. Laser Technol., 44 (2), 374 –377 (2012). http://dx.doi.org/10.1016/j.optlastec.2011.07.019 OLTCAS 0030-3992 Google Scholar

22.

H. E. HwangH. T. ChangW. N. Lie, “Multiple-image encryption and multiplexing using a modified Gerchberg-Saxon algorithm and phase modulation in Fresnel-transform domain,” Opt. Lett., 34 (24), 3917 –3919 (2009). http://dx.doi.org/10.1364/OL.34.003917 OPLEDP 0146-9592 Google Scholar

23.

H. T. ChangH. E. HwangC. L. Lee, “Position multiplexing multiple-image encryption using cascaded phase-only masks in Fresnel transform domain,” Opt. Commun., 284 (18), 4146 –4151 (2011). http://dx.doi.org/10.1016/j.optcom.2011.04.065 OPCOB8 0030-4018 Google Scholar

24.

H. T. Changet al., “Wavelength multiplexing multiple-image encryption using cascaded phase-only masks in the Fresnel transform domain,” Appl. Opt., 50 (5), 710 –716 (2011). http://dx.doi.org/10.1364/AO.50.000710 APOPAI 0003-6935 Google Scholar

25.

H. LiY. Wang, “Double-image encryption based on iterative gyrator transform,” Opt. Commun., 281 (23), 5745 –5749 (2008). http://dx.doi.org/10.1016/j.optcom.2008.09.001 OPCOB8 0030-4018 Google Scholar

26.

Z. Liuet al., “Double image encryption by using iterative andom binary encoding in gyrator domains,” Opt. Express, 18 (11), 12033 –12043 (2010). http://dx.doi.org/10.1364/OE.18.012033 OPEXFF 1094-4087 Google Scholar

27.

X. WangD. Zhao, “Double-image self-encoding and hiding based on phase-truncated Fourier transforms and phase retrieval,” Opt. Commun., 284 (19), 4441 –4445 (2011). http://dx.doi.org/10.1016/j.optcom.2011.06.025 OPCOB8 0030-4018 Google Scholar

28.

X. WangD. Zhao, “A special attack on the asymmetric cryptosystem based on phase-truncated Fourier transforms,” Opt. Commun., 285 (6), 1078 –1081 (2012). http://dx.doi.org/10.1016/j.optcom.2011.12.017 OPCOB8 0030-4018 Google Scholar

29.

X. WangD. Zhao, “Double images encryption method with resistance against the specific attack based on asymmetric algorithm,” Opt. Express, 20 (11), 11994 –12003 (2012). http://dx.doi.org/10.1364/OE.20.011994 OPEXFF 1094-4087 Google Scholar

30.

H. LiY. Wang, “Double-image encryption based on discrete fractional random transform and chaotic maps,” Opt. Lasers Eng., 49 (7), 753 –757 (2011). http://dx.doi.org/10.1016/j.optlaseng.2011.03.017 OLENDN0 0143-8166 Google Scholar

31.

Y. ZhangD. Xiao, “Double optical image encryption using discrete Chirikov standard map and chaos-based fractional random transform,” Opt. Lasers Eng., 51 (4), 472 –480 (2013). http://dx.doi.org/10.1016/j.optlaseng.2012.11.001 OLENDN0 0143-8166 Google Scholar

32.

L. Suiet al., “Single-channel color image encryption using phase retrieve algorithm in fractional Fourier domain,” Opt. Lasers Eng., 51 (12), 1297 –1309 (2013). http://dx.doi.org/10.1016/j.optlaseng.2013.06.005 OLENDN0 0143-8166 Google Scholar

33.

H. LiY. Wang, “Double-image encryption by iterative phase retrieval algorithm in fractional Fourier domain,” J. Mod. Opt., 55 (21), 3601 –3609 (2008). http://dx.doi.org/10.1080/09500340802361333 JMOPEW 0950-0340 Google Scholar

34.

N. Zhouet al., “Novel single-channel color image encryption algorithm based on chaos and fractional Fourier transform,” Opt. Commun., 284 (12), 2789 –2796 (2011). http://dx.doi.org/10.1016/j.optcom.2011.02.066 OPCOB8 0030-4018 Google Scholar

Biography

Liansheng Sui received his PhD degree in 2003, and now he is an associate professor at the School of Computer Science and Engineering, Xi’an University of Technology, China. His research interests include optics communications, image analysis, and pattern recognition.

Haiwei Lu received her BS degree in 2012, and now she is an MS candidate at the School of Computer Science and Engineering, Xi’an University of Technology, China. Her research interests include optics communications and image processing.

Xiaojuan Ning received her PhD degree in 2011, and she currently works in Xi’an University of Technology. Meanwhile, she has cooperated with Institute of LIAMA and National Laboratory of Pattern Recognition at Institute of Automation, Chinese Academy of Sciences. Her current research interests include scene modeling and shape analysis.

Yinghui Wang received his BS, MS, and PhD degrees in 1989, 1999, and 2002, respectively, and now he is a professor at the School of Computer Science and Engineering, Xi’an University of Technology, China, and Institute of Computer Science, Shaanxi Normal University, China. His research interests include software evolution, image analysis, and pattern recognition.

CC BY: © The Authors. Published by SPIE under a Creative Commons Attribution 4.0 Unported License. Distribution or reproduction of this work in whole or in part requires full attribution of the original publication, including its DOI.

Citation Download Citation

Liansheng Sui, Haiwei Lu, Xiaojuan Ning, and Yinghui Wang "Asymmetric double-image encryption method by using iterative phase retrieval algorithm in fractional Fourier transform domain," Optical Engineering 53(2), 026108 (4 March 2014). https://doi.org/10.1117/1.OE.53.2.026108

Published: 4 March 2014

Access the abstract

JOURNAL ARTICLE
11 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

CITATIONS

Cited by 20 scholarly publications.

Explore citations on Lens.org

KEYWORDS

Image encryption

Image processing

Phase retrieval

Image retrieval

Phase only filters

Computer security

Fractional fourier transform

1.

Introduction

2.

Encryption and Decryption Process

2.1.

Phase-Retrieval Algorithm Based on Iterative FrFT

Fig. 1

Eq. (1)

Eq. (2)

Eq. (3)

Eq. (4)

Eq. (5)

Eq. (6)

Eq. (7)

Eq. (8)

Eq. (9)

Eq. (10)

Eq. (11)

Eq. (12)

Eq. (13)

Eq. (14)

Eq. (15)

2.2.

Encryption and Decryption Processes

Eq. (16)

Eq. (17)

Eq. (18)

Fig. 2

Eq. (19)

Eq. (20)

Eq. (21)

Fig. 3

Fig. 4

3.

Numerical Simulation and Security Analysis

Fig. 5

Fig. 6

3.1.

Brute-Force Attack Analysis

Fig. 7

3.2.

Potential Attack Analysis

Fig. 8

Fig. 9

Fig. 10

3.3.

Occlusion Attack Analysis

Fig. 11

Fig. 12

3.4.

Noise Attack Analysis

Eq. (22)

Fig. 13

3.5.

Statistical Analysis

Fig. 14

Fig. 15

Eq. (23)

Table 1

Fig. 16

Eq. (24)

Fig. 17

3.6.

Specific Attack Analysis

Eq. (25)

Eq. (26)

Eq. (27)

Eq. (28)

Eq. (29)

Eq. (30)

Eq. (31)

Eq. (32)

Eq. (33)

Eq. (34)

Fig. 18

4.

Conclusion

Acknowledgments

References

Biography