With the rapid popularity of computer networks, images as an effective carrier of information have been widely used in various fields of modern society and image encryption issues have become an important field for information security. Since Refregier and Javidi1 proposed the classical optical double-random phase encoding (DRPE) technique, many optical encryption and authentication systems in Fourier transform (FT), Fresnel transform (FrT), fractional Fourier transform (FrFT), and gyrator transform (GT) domains have been proposed during the past decades.188.8.131.52.184.108.40.206.–11 Moreover, Alfalou and Brosseau12 pointed out that these techniques can be used for compression operations simultaneously. Though most reported optical encryption techniques based on DRPE have the excellent parallel and multidimensional capability of signal processing, it should be pointed out that these schemes belong to the category of symmetric cryptosystems, where the keys in the encryption process are used for decryption. Some research investigations indicate that these schemes are vulnerable to the conventional attacks because of the inherently linear property of mathematical or optical transformation.1314.–15 In order to resist these attacks, Qin and Peng16 proposed an asymmetric encryption based on the phase-truncated Fourier transform (PTFT), where the decryption keys are different from the encryption keys and the linearity of the cryptosystem is broken by using the nonlinear operation of phase truncation.
Recently, multiple-image encryption based on multiplexing techniques has received increasing attention in the field of information security since Situ and Zhang17 proposed the multiple-image encryption approaches using wavelength and position multiplexing with Gaussian low-pass filtering. Alfalou and Mansour18 proposed an encryption scheme which is divided into two security layers, and target images are multiplexed and simultaneous encoded by using the iterative Fourier transformations in the first layer. In subsequent work, Alfalou et al.19 implemented simultaneous fusion, compression, and encryption of multiple images based on the discrete cosine transform. Wang and Zhao20 proposed a fully phase image encryption based on superposition principle and hologram, where a real-valued original image is encoded into a phase-only function (POF). Deng and Zhao21 suggested a multiple-image encryption by using a phase retrieval algorithm and intermodulation in the Fourier domain, which avoids the cross-talk of decrypted images. Hwang et al.22 proposed a multiple-image encryption and multiplexing approach based on a modified Gerchberg–Saxton algorithm (MGSA) in the FrT domain, which reduces the cross-talks significantly. Chang et al.23,24 also suggested the position multiplexing encryption using cascaded phase-only masks based on the MGSA.
As a special case, double-image encryption also has attracted much attention in optical cryptosystem. Li and Wang25 proposed a double-image encryption algorithm based on phase-retrieval technique and GT, where two images can be simultaneously encrypted into a single one as the amplitudes of gyrator. Liu et al.26 encrypted two original images into the real part and imaginary part of a complex function, respectively, which are exchanged randomly by using a random binary encoding data generated by chaotic map. Wang and Zhao27 suggested an asymmetric algorithm to encrypt two covert images into an overt image based on phase retrieval and PTFT, in which the encryption keys are different from those in decryption process. However, Wang and Zhao28 designed a specific attack by using a two-step iterative amplitude-retrieval approach according to PTFT-based cryptosystems. With this attack, the encrypted information would be revealed when the encryption keys are used as public keys. Subsequently, Wang and Zhao29 suggested another asymmetric double-image encryption, which has a high level of robustness against this attack. Li and Wang30 proposed a double-image encryption based on discrete fractional random transform and chaotic maps, which can raise the efficiency when encrypting, storing, or transmitting. Zhang and Xiao31 designed a double-optical images encryption using discrete Chirikov standard map and chaos-based discrete fractional random transform, where Chirikov standard map is utilized to scramble the pixel positions and intensity values, respectively.
In this article, a double-image encryption scheme is proposed based on an asymmetric technique, in which the encryption and decryption processes are different and the encryption keys are not identical to the decryption ones. The encryption process can be performed digitally, in which the POFs of two plain images are obtained by using the iterative phase retrieval algorithm, and the interim-encrypted matrices generated with POFs are modulated into a complex image with the convolution operation in FrFT domain. Finally, the complex image is transformed to the real-value ciphertext with stationary white-noise distribution. The decryption process can be implemented optically and only two decryption keys produced in the encryption process are used as phase masks, which is convenient and efficient by using the classical DRPE system. Simulation results and security analysis verify that the proposed double-image encryption has a high level of robustness against brute-force attack, known plaintext attack and specific attack.
The rest of this article is organized as follows. In Sec. 2, the basic principles and the processed of encryption and decryption are introduced in detail. In Sec. 3, numerical simulation results and security analysis are given. Finally, the conclusion is given in Sec. 4.
Encryption and Decryption Process
Phase-Retrieval Algorithm Based on Iterative FrFT
The Gerchberg–Saxton algorithm (GSA) is a powerful tool which is used in image encryption cryptosystems, which is usually employed to encode plaintext into a POF in the Fourier domain. Though it is sufficient to retrieve the phase function with the FTs back and forth between the object and the Fourier domains, it suffers from some drawbacks such as slow convergence speed in practical applications. In order to solve this problem, a POF-retrieval algorithm shown in Fig. 1 is implemented in Ref. 32.
The FrFT at order of a two-dimensional function can be expressed as
The is a trivial phase parameter and is the transform angle. The FrFT is linear and has the property that it is index additive
In addition, the FrFT satisfies the Parseval energy conservation theorem
The POF-retrieval algorithm is based on the iterative FrFT process between two grayscale images proposed firstly in Ref. 33. Images and are placed at the input and output planes, respectively, between which are three phase masks placed in three continuous FrFT planes. Let the function denotes an interim-encrypted image and , , , denote two different groups of fractional orders. Giving five-phase functions, which are distributed in the interval and denoted by , , , and , respectively, the relationship between the images and phase functions is expressed as6) indicates that the two images satisfy the following relationship:
According to Eq. (7), the phase functions , , and are obtained with the iterative process, which consists of a number of cycling iterations. Suppose that in the ’th iteration the phase distributions , , are known, then the output-complex image is expressed as
Its phase and amplitude are expressed as follows
Substituting the phase function into Eq. (6), the phase functions , , in next iteration are updated by
In order to decide whether the iteration stops, the correlation coefficient (CC) or the mean square error (MSE) between the iterated image and the original one is used as convergent criterion. These criterions are expressed as
In Fig. 1, and denote the input and output image, respectively. In order to compute the POF of the image , is constrained to unity amplitude . When the convergent criterion between and its approximation is reached, the resultant pure phase functions and are obtained, respectively, where the function is finally used as the POF of image . At the beginning of the iterative process, the initial phase masks , , are generated randomly.
Encryption and Decryption Processes
The proposed double-image encryption is based on the iterative phase-retrieval algorithm, which belongs to the category of asymmetric cryptosystem. The encryption process is shown in Fig. 2. Let denote two original plaintext images to be encoded, the encryption process is described as follows:
• Given a three initial random phase function , , , the iterative phase-retrieval process is performed on the image in the POF-retrieval module. First, the relationship between and the unity amplitude image is built by using Eq. (6), and then the iterative phase-retrieval process is performed by using Eqs. (10)–(12). The convergent criterion is set to a MSE threshold. When the MSE between and its approximation is lower than the threshold, the iteration process ends and the optimized phase functions , , , and are obtained by using Eq. (15). In this process, the fractional orders , are used for the plaintext image and , for the unity amplitude image . In addition, the phase function will be used as the decryption key.
• In the interim image generation module, a complex matrix is produced by using the unity amplitude image and two corresponding phase functions , , which is expressed as
• In the phase modulation, two matrices are combined into one complex matrix by using convolution and the combined matrix can be written as
• The combined matrix is transformed to by using the FrFT with the fractional order , which is expressed as
In the same time, the amplitude of is extracted as the real-value ciphertext by using following equation
Additionally, a decryption key is generated as following:
The decryption process is depicted in Fig. 3, which is different from the encryption process and much simple. It should be paid attention to the following main steps
• When decrypting the plaintext image , the complex matrix is first generated by multiplying the ciphertext with the phase function produced with the corresponding decryption key .
• The complex matrix is transformed to by using the inverse FrFT with the fractional order , and then is generated by multiplying with the phase matrix produced with another corresponding decryption key .
• The complex matrix is transformed to by using the inverse FrFT with the fractional order , and then the amplitude of the matrix is extracted as the decrypted image , which is expressed as
From above description of the encryption and decryption processes, one can see that only three random phase functions denoted by , , and is used as the encryption keys, which have no relationship with decryption. Simultaneously, the phase functions and produced in the encryption process are used as the decryption keys according to each decrypted image , which are directly related to the original plaintext images. Apparently, the keys for decryption are different from those for encryption, which means the entire cryptosystem is asymmetric. As we all know, some cryptosystems are vulnerable to the conventional attacks such as known plaintext attack and chosen plaintext attack because of the linearity and symmetry existed in these encryption schemes.1314.–15 The proposed asymmetric double-image encryption scheme can break the linearity of the cryptosystem and has high resistance against to these conventional attacks. In addition, the decryption keys and can be assigned to different valid users in order to enhance the security, in which each original plaintext image can be decrypted if all two phase masks and are correctly placed in the verification system.
The proposed asymmetric double-image encryption scheme can be implemented with an electro-optical hybrid setup. It is worth noting that although the encryption process and the formation of decryption keys are complicated and can be realized digitally with the help of computer, the decryption process is much simple and can be implemented with some optoelectronic devices. A simple optical setup is depicted in Fig. 4, which is based on the imaging system similar to DRPE. When decrypting the image , the phase masks PM1 and PM2 are only placed with the phase masks and , respectively. Obviously, the decryption process is convenient and efficient.
Numerical Simulation and Security Analysis
Numerical simulations have been performed to verify the feasibility and effectiveness of the proposed asymmetric double-image encryption scheme. Two grayscale images “Zelda” and “Baboon” with and 256 Gy levels, which are shown in Figs. 5(a) and 5(b), are used for encryption. The related fractional orders are set as , , , , and . The ciphertext image encrypted by using three random phase functions as encryption keys is shown in Fig. 5(c), which looks like white noise. The decryption keys generated in the encryption process and used for the correct decrypted image “Zelda” are shown in Figs. 6(a) and 6(b), whereas the keys for image “Peppers” are shown in Figs. 6(c) and 6(d). The corresponding decrypted images with the correct decryption keys are shown in Figs. 6(e) and 6(f).
Brute-Force Attack Analysis
The robustness against the brute-force attack is tested, in which an invalid user attempts to retrieve the original images with two possible ways, namely decode plaintext with (1) no keys, (2) two arbitrarily selected phase functions from the encryption keys. Figures 7(a) and 7(b) display the decrypted results by using no keys and arbitrarily selected phase functions, from which an invalid user cannot obtain any useful information. So, the proposed asymmetric has powerful ability to resist the brute-force attack.
Potential Attack Analysis
Usually, there are four conventional potential attacks, such as cipher-only attack, known plaintext attack, chosen plaintext attack, and chosen ciphertext attack, in which chosen plaintext attack is the most powerful attack. If a cryptosystem can resist chosen plaintext attack, it can resist other attacks. According to the proposed asymmetric double-image encryption, an illegal user can use the same encryption keys , , and to encrypt two fake plaintext images and obtain the phase functions , to decrypt the original ciphertext in order to retrieve the corresponding plaintext . Supposing images “Lena” and “Baboon” shown in Figs. 8(a) and 8(b) are chosen as fake plaintext images, the phase functions and are obtained in the encryption process and used to decrypt the original ciphertext of “Zelda” and “Peppers”. Figures 8(c) and 8(d) display the decrypted images of “Zelda” and “Peppers,” respectively. As it is seen from Figs. 8(c) and 8(d), the retrieved images provide no valuable information on the content of “Zelda” and “Peppers” though the fake plaintexts themselves can be seen faintly.
Similar to the ciphertext-only attack proposed in Ref. 26, the phase-retrieval algorithm shown in Fig. 9 is introduced into the decryption process as a test. Supposing the invalid user has known the phase function , he can recover the function by use of FrFT. Thus, the original images can be decrypted by using Eq. (21). Initially, the phase function is generated randomly. The process is simulated with 300 iterations. The decryption results are displayed in Fig. 10. Figure 10(a) shows that the values of the MSE curves are large, which means the phase function cannot be retrieved. Figures 10(b) and 10(c) show the decrypted image “Zelda” and “Peppers,” respectively, which are noise-like images. The results have demonstrated that the proposed encryption scheme has high security under the ciphertext-only attack.
Occlusion Attack Analysis
The robustness against occlusion attack is analyzed. When considering the robustness against occlusion, the decryption process should be performed on the ciphertext of “Zelda” and “Peppers” with all correct decryption keys, in which the ciphertext image is occluded partly. Figure 11(a) shows the occluded ciphertext whose pixel values at the left-top corner are replaced with 0 in simulation, namely the ciphertext is cropped by 50% in the left side. Figures 11(b) and 11(c) display the corresponding recovered images from Fig. 11(a). Figure 12(a) shows the occluded ciphertext whose left-side pixel values are replaced with 0, and Figs. 12(b) and 12(c) display the recovered. Apparently, the main information of the original images can be recognized visually from the decrypted ones. Similar results can be obtained when the ciphertext is cropped by 50% or 100% in the right side. So, the proposed asymmetric double-image encryption has high robustness against occlusion attack.
Noise Attack Analysis
When considering the robustness against noise, a Gaussian random noise is added to the ciphertext of “Zelda” and “Peppers,” in which the noise interferes with the ciphertext image in the following way:Figure 13 shows the decrypted images of “Zelda” when is set to 0.2, 0.4, 0.6, 0.8, and 1.0. Similar results can be obtained for image “Peppers.” From Fig. 13, it is obvious that the content of the decrypted images can be recognized despite of noise interference, and the proposed encryption scheme has high robustness against noise attack.
The contribution of fractional orders on the security of the proposed double-image encryption is researched. Figure 14 shows the relationship between MSE and the deviation of the fractional order . When is correct, the MSE value between the original image “Zelda” with its decrypted one approximates to zero. When slightly departs from the correct value, the MSE value sharply increases. Similar result is obtained according to image “Peppers.” In practical, if the deviation of the order is larger than 0.006, the content of decryption images cannot be recognized totally. Figures 15(a) and 15(b) show the decrypted images “Zelda” and “Peppers,” respectively, while the deviation of the order equals 0.006.
In order to test the correlations of adjacent pixels, the 2000 pairs of adjacent pixels are randomly selected in vertical, horizontal, and diagonal directions from the plaintext images “Zelda” and “Peppers” as well as from the ciphertext, and then the CCs of two adjacent pixels is calculated as follows:Table 1 shows the results of CCs of the plaintext images and ciphertext, which indicates that the correlations of two adjacent pixels of the plaintext image is significant while that of ciphertext are very low. So, illegal user also cannot obtain any valid information from this statistical data.
Correlation results in the plaintext images and ciphertext.
|Correlation coefficient||Plaintext image||Encrypted image|
Figure 16 displays the histograms of the ciphertext of two groups of original images, namely “Zelda” and “Peppers” shown in Figs. 5(a) and 5(b), “Lena” and “Baboon” shown in Figs. 8(a) and 8(b). Obviously, it can be concluded that the different original images have consistent statistical properties because the distributions of the histograms are similar. Thus, the histograms of ciphertext cannot provide any useful information for the invalid user to perform this kind of statistical analysis attack.
Similar to the analysis process proposed in Ref. 34, the key spaces of the phase function , as the decryption keys are analyzed, respectively. When decrypting the image “Zelda,” the phase function is considered to fluctuate in certain range, namely there is a pseudo-key satisfying the following relation:Fig. 17(a). When the MSE is more than 50, any valid information cannot be obtained from the decrypted image in vision. From Fig. 10, it is obvious that the maximum value of is 0.0538 while the normalized MSE is equal to 50, and the number of possible value for every pixel in the phase function is huge as . So, the key space of is estimated to be . Similarly, the normalized MSE curve of the phase function is shown in Fig. 17(b), and the corresponding key space is estimated . So, the entire key space of the cryptosystem almost equals , which is enormous enough to resist brute-force attack.
Specific Attack Analysis
The proposed asymmetric double-image encryption scheme has inherent immunity to the specific attack proposed in Ref. 28. The encryption process of the asymmetric cryptosystem based on PTFT proposed in Ref. 16 is shown in Fig. 18, in which an image is encrypted to the ciphertext by using following equations:Fig. 18, the specific attack is divided into two steps.28 The first step is used to retrieve estimations of and decryption by using and with an iteration process, which is expressed as
From above description of the specific attack, the encryption keys and is very important, which is used to retrieve the decryption keys and in two steps, respectively. The encryption mechanism of the proposed asymmetric scheme is different from the PTFT-based cryptosystem, where three random encryption keys , , and are only used for the POF retrieve of the plain image . In addition, the generation of the decryption key has no relation to these encryption keys. So, the encryption keys cannot afford any information to recover the decryption keys and plaintext images.
In conclusion, a double-image encryption scheme based on asymmetric technique is proposed, in which the encryption and decryption processes are different and the decryption keys are not identical to the encryption ones. Three random phase functions are employed as encryption keys and used to retrieve the POFs of plain images based on the iterative phase retrieval process. Meanwhile, two interim-encrypted images generated with the corresponding phase functions are combined into a complex matrix, which is transformed to the real-value ciphertext with stationary white noise distribution. Owing to applications of the asymmetric technique, the fundamental drawbacks resulted from the linearity can be avoided and therefore high robustness against existing attacks can be achieved. A set of numerical simulations have illustrated the feasibility and effectiveness of the proposed encryption scheme.
This work was supported by Foundation of Shaanxi Education Department of Shaanxi Province under grant 11JK1032, Xi’an Science and Technology Bureau under grant CXY1120-1, the National Natural Science Foundation of China under grant number 61302135 and 61272284.
Liansheng Sui received his PhD degree in 2003, and now he is an associate professor at the School of Computer Science and Engineering, Xi’an University of Technology, China. His research interests include optics communications, image analysis, and pattern recognition.
Haiwei Lu received her BS degree in 2012, and now she is an MS candidate at the School of Computer Science and Engineering, Xi’an University of Technology, China. Her research interests include optics communications and image processing.
Xiaojuan Ning received her PhD degree in 2011, and she currently works in Xi’an University of Technology. Meanwhile, she has cooperated with Institute of LIAMA and National Laboratory of Pattern Recognition at Institute of Automation, Chinese Academy of Sciences. Her current research interests include scene modeling and shape analysis.
Yinghui Wang received his BS, MS, and PhD degrees in 1989, 1999, and 2002, respectively, and now he is a professor at the School of Computer Science and Engineering, Xi’an University of Technology, China, and Institute of Computer Science, Shaanxi Normal University, China. His research interests include software evolution, image analysis, and pattern recognition.