During the past decade, a lot of effort has been made to develop the techniques of optical cryptography owing to the inherent nature of parallel and multidimensional capability of optical signal processing.^{1, 2, 3} Most of those optical cryptosystems employ random phase masks (RPMs) as secret keys due to the advantage of huge key space. They always contribute to resistance of an encryption scheme against brute force attacks. However, RPMs are not sufficiently sensitive as expected. This may result in another security worry. It has been recently demonstrated that the double random phase encoding scheme is vulnerable to known-plaintext attacks.^{4, 5, 6} With phase retrieval techniques, an attacker can easily find the estimates of RPM keys, with which the attacker can recover the plaintext from the corresponding ciphertext. Nevertheless, using phase retrieval strategy to access estimates of RPM keys is only available for linear systems. From another perspective, if employing an appropriate nonlinear transform for encryption, we find out that the insensitivity of RPM will not only avoid suffering a potential crack, but also may allow a cryptosystem possessing other unique features, as introduced later.

From the cryptography point of view, a symmetric cryptosystem would suffer from several problems in practical use, in particular, under the network environment such as key distribution and management.^{7, 8} Asymmetric scheme is the solution. In this paper, we design a novel asymmetric optical encryption system, in which two different types of decryption keys are particularly involved, named universal key *K*_{u}, and special key *K*_{s} respectively. The decryption keys differ from the encryption key. Each decryption key has its own function and applicable region in the process of decryption. One universal key corresponds to one encryption key (*K*_{e}). *K*_{u} can be used to decrypt any ciphertext encoded by *K*_{e}, but with poor legibility. On the contrary, *K*_{s} is adequate for legible decryption but only valid for one ciphertext corresponding to the specified plaintext.

Now let us discuss the detail about this asymmetric cryptosystem. Phase-truncated Fourier transform (PTFT), which is proposed in our earlier work for the construction of optical asymmetric cryptosystem,^{9} is used again here to build a multifunctional scheme. PTFT is a process of Fourier transform with an operation of phase truncation, which means only the amplitude (modular part) of Fourier spectrum is retained, while the phase part of the spectrum is truncated. For the sake of simplicity, one-dimensional notation is used to illustrate this concept. Let *f*(*x*) denote the image to be encoded, FT( · ) the operator of Fourier transform, PT( · ) the operator of phase truncation, and PR( · ) the operator of phase reservation. Given a Fourier transformation *F*(*u*) = FT[*f*(*x*)] = |*F*(*u*)|exp [*i*2πφ(*u*)], the phase truncation and the phase reservation can be respectively expressed as follows:

## Eq. 1

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{equation} {\rm PT}\left[ {F\left( u \right)} \right] = \left| {F\left( u \right)} \right|, \end{equation}\end{document} $$\mathrm{PT}\left[F\left(u\right)\right]=\left|F\left(u\right)\right|,$$## Eq. 2

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{equation} {\rm PR}\left[ {F\left( u \right)} \right] = \exp \left[ {i2\pi \varphi \left( u \right)} \right]. \end{equation}\end{document} $$\mathrm{PR}\left[F\left(u\right)\right]=\mathrm{exp}\left[i2\pi \varphi \left(u\right)\right].$$By implementing the phase-truncated Fourier transform, one can encrypt a plaintext into a noise-like cipher. The encryption process is illustrated in Fig. 1. Let *P*_{1} denote an image plaintext and *C*_{1} the corresponding ciphertext. The encoded image *C*_{1} can be obtained by the following equation:

## Eq. 3

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{eqnarray} C_1 \left( u \right) = {\rm PT}\left\{ {{\rm FT}\left[ {P_1 \left( x \right) \cdot K_e \left( x \right)} \right]} \right\}. \end{eqnarray}\end{document} $$\begin{array}{c}\hfill {C}_{1}\left(u\right)=\mathrm{PT}\left\{\mathrm{FT}\left[{P}_{1}\left(x\right)\xb7{K}_{e}\left(x\right)\right]\right\}.\end{array}$$## Eq. 4

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{equation} K_u \left( u \right) = {\rm PR}\left\{ {{\rm FT}\left[ {K_e \left( x \right)} \right]} \right\}. \end{equation}\end{document} $${K}_{u}\left(u\right)=\mathrm{PR}\left\{\mathrm{FT}\left[{K}_{e}\left(x\right)\right]\right\}.$$## Eq. 5

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{equation} K_s \left( u \right) = {\rm PR}\left\{ {{\rm FT}\left[ {P_1 \left( x \right) \cdot K_e \left( x \right)} \right]} \right\}. \end{equation}\end{document} $${K}_{s}\left(u\right)=\mathrm{PR}\left\{\mathrm{FT}\left[{P}_{1}\left(x\right)\xb7{K}_{e}\left(x\right)\right]\right\}.$$*K*

_{s}and

*K*

_{u}can be used for the purpose of decryption, as shown in Fig. 1. When employing

*K*

_{s}, the decryption is just a reverse operation of the encryption. Under an ideal circumstance, the decryption is lossless because the truncated information is compensated completely. Mathematically it can be written as

## Eq. 6

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{equation} P_1 \left( x \right) = {\rm PT}\left\{ {{\rm IFT}\left[ {C_1 \left( u \right) \cdot K_s \left( u \right)} \right]} \right\}, \end{equation}\end{document} $${P}_{1}\left(x\right)=\mathrm{PT}\left\{\mathrm{IFT}\left[{C}_{1}\left(u\right)\xb7{K}_{s}\left(u\right)\right]\right\},$$*K*

_{s}is only applicable to decode

*C*

_{1}because

*K*

_{s}is generated from

*P*

_{1}, whereas

*K*

_{u}is applicable to decrypt any ciphertext encoded by

*K*

_{e}. If substituting

*K*

_{u}for

*K*

_{s}in Eq. 6, one can still retrieve

*P*

_{1}except for being blurred as

## Eq. 7

[TeX:] \documentclass[12pt]{minimal}\begin{document}\begin{eqnarray} P_1 ^\prime \left( x \right) &=& {\rm PT}\left\{ {{\rm IFT}\left[ {C_1 \left( u \right) \cdot K_u \left( u \right)} \right]} \right\}\nonumber \\ &=& {\rm PT}\left( {{\rm IFT}\left\{ {FT\left[ {P_1 \left( x \right) \cdot K_e \left( x \right)} \right] \cdot B\left( u \right)} \right\}} \right), \end{eqnarray}\end{document} $$\begin{array}{ccc}\hfill {P}_{1}^{\prime}\left(x\right)& =& \mathrm{PT}\left\{\mathrm{IFT}\left[{C}_{1}\left(u\right)\xb7{K}_{u}\left(u\right)\right]\right\}\hfill \\ & =& \mathrm{PT}\left(\mathrm{IFT}\left\{FT\left[{P}_{1}\left(x\right)\xb7{K}_{e}\left(x\right)\right]\xb7B\left(u\right)\right\}\right),\hfill \end{array}$$*B*(

*u*) is a blurring function given by

*FT*(

*P*

_{1}(

*x*)) will be narrow and

*B*(

*u*) will be close to 1, leading to a good decryption. Therefore, the blurring degree of the decryption result depends on the frequency content of the plaintext. It should be noted that the proposed encryption strategy is only suitable for phase-only keys and real-value plaintexts. If either of them is complex-valued, the decryption function [Eq. 6] will be invalid.

Now we perform a proof-of-concept study with the aid of computer simulation in the environment of MATLAB. Consider images *P*_{1} (Lena, 256×256 pixels) and *P*_{2} (Baboon, 256×256 pixels) as two plaintexts. The ciphertexts, obtained with PTFT strategy, are two noise-like images, *C*_{1} and *C*_{2} (they are not shown here for saving space). The encryption key *K*_{e} is a random phase mask with the same size as the plaintexts. By using Eq. 4, we can obtain the universal decryption key *K*_{u}. Two special decryption keys, *K*_{s}_{1} and *K*_{s}_{2}, corresponding to plaintexts, *P*_{1} and *P*_{2}, respectively, are generated in each encryption process, according to Eq. 5. Now let us verify the effectiveness of decryption using the universal key and the special keys, respectively. When the special key *K*_{s}_{1} corresponding to the first plaintext *P*_{1} was used to decrypt *C*_{1}, the Lena image can be clearly recovered, as shown in Fig. 2, whereas when *K*_{s}_{1} was used to decrypt *C*_{2}, Baboon cannot be retrieved, as shown in Fig. 2. Similarly, the special key *K*_{s}_{2} corresponding to plaintexts *P*_{2} also can only be used to effectively decode *C*_{2} [see Fig. 2], and cannot be used to recover Lena [see Fig. 2]. These results proved that special keys are only legal for decryptions of the specified ciphertexts. With the right special key, it is lossless to decode the specified cipher but incapable of decoding others. In another case, when the universal key is used in the process of decryptions, both *P*_{1} and *P*_{2} can be approximately retrieved although being corrupted by noise, as shown in Figs. 2, 2.

The computer simulation results demonstrate that the proposed optical cryptosystem can possess two independent decryption keys. This is quite a different case from that in traditional cryptology. This unique property of the proposed approach may allow the PTFT-based scheme to be used for envisaged application cases. As an example, case 1 would be to secure communications of simple messages (such as binary letters) between the members of a large group. In this case, the decryption effect of a universal key is adequate for the identification of plain messages. Thus, the PTFT scheme could serve as an ordinary asymmetric cryptosystem, regardless of the existence of special keys. As another example, case 2 would be high-security-level communication of delicate messages between two nodes in a network. In this case, the universal key would be irrelevant for the process of decryption, whereas the special key could be used to retrieve the messages precisely. Meanwhile, the security level could be guaranteed in virtue of the one-time pad manner. Some other possible cases may include setting up the security levels for different users, identification and authentication with different security levels, etc.

## Acknowledgments

This work is supported by the National Natural Science Foundation of China (Grant Nos. 60775021 and 60777008), IIFSDU (Grant No. 2010TB019), NIH ( SC COBRE P20RR021949 and Career Award 1k25hl088262-01), and NSF ( MRI CBET-0923311 and SC EPSCoR RII EPS-0903795).

## References

**,” Physics Today, 50 27 –32 (1997). https://doi.org/10.1063/1.881691 Google Scholar**

*Securing information with optical technologies***,” Opt. Lett., 20 767 –769 (1995). https://doi.org/10.1364/OL.20.000767 Google Scholar**

*Optical image encryption based on input plane and Fourier plane random encoding***,” Opt. Eng., 39 2031 –2035 (2000). https://doi.org/10.1117/1.1304844 Google Scholar**

*Optical encryption using a joint transform correlator architecture***,” Opt. Lett., 30 1644 –1646 (2005). https://doi.org/10.1364/OL.30.001644 Google Scholar**

*Vulnerability to chosen-cyphertext attacks of optical encryption schemes based on double random phase keys***,” Opt. Lett., 31 1044 –1046 (2006). https://doi.org/10.1364/OL.31.001044 Google Scholar**

*Known-plaintext attack on optical encryption based on double random phase keys***,” J. Opt. A: Pure Appl. Opt., 11 075402 (2009). https://doi.org/10.1088/1464-4258/11/7/075402 Google Scholar**

*Vulnerability to known-plaintext attack of optical encryption schemes based on two fractional Fourier transform order keys and double random phase keys***,” Opt. Eng., 42 2331 –2339 (2003). https://doi.org/10.1117/1.1588660 Google Scholar**

*Public-key-based optical image cryptosystem with data embedding techniques***,” Opt. Lett., 31 3579 –3581 (2006). https://doi.org/10.1364/OL.31.003579 Google Scholar**

*Asymmetric cryptography based on wavefront sensing***,” Opt. Lett., 35 118 –120 (2010). https://doi.org/10.1364/OL.35.000118 Google Scholar**

*Asymmetric cryptosystem based on phase-truncated Fourier transforms*