Optical phase-truncation-based double-image encryption using equal modulus decomposition and random masks

This work reports an optical double-image crosstalk free encryption scheme that employs equal modulus decomposition and random masks. For the encryption, two plaintexts by a random amplitude mask and a random phase mask have been encrypted into a single ciphertext mask and two private key masks. Owing to the two random masks introduced, the functional relation between the plaintext pair and the ciphertext indirectly cause the paucity of constraints employed for the specific attack. Unlike the traditional phase-truncation-based techniques, this scheme is immune to the information leakage and different types of attacks. Furthermore, the three different diffraction distances and the illuminating wavelength also function as four additional keys to significantly reinforce the security. Simulation results demonstrate the feasibility and validity of the proposal.


Principle of the method
The diagram of the proposed double-image cryptosystem is depicted as Fig. 1.The random amplitude mask (RAM) and a random phase mask (RPM) have been described with respect to the encryption (Fig. 1a) and decryption (Fig. 1b).The encryption keys have been generated from the random masks RAM and RPM by applying EMD in the Fresnel domain.Figure 2 shows the optical relationship between RAM, S 1 , and S 2 .In this setup, a collimated plane wave with the wavelength λ, perpendicularly illuminates RAM and the image which is  subsequently Fresnel transformed with the diffraction distance d 1 .The first spatial light modulator (SLM 1 ) were employed for amplitude modulation.SLM 2 and SLM 3 were utilized for phase modulation.
In the proposed double-image encryption process, R 1 (x, y) and R 2 (u, v) are the random functions, whose values fall in the interval [0, 1].The following encryption steps have been depicted.
First, the RAM denoted as R 1 x, y was Fresnel transformed given by Eq. (1).
where FrT (d 1 , ) [•] is the FrT operator, and d 1 and λ are the diffraction distance and the wavelength, respectively.The amplitude part and the phase part of S are represented as A=|S| and ϕ = arg [S] , respectively, and " |•| " and " arg [•] " are the modulus and argument operators, respectively.Subsequently, the complex-valued function S was separated into two masks, viz, S 1 and S 2 , with equal moduli, as illustrated in Fig. 3. Owing to the random phase distribution RPM (denoted as, θ(u, v) ) introduced, and the geometrical relationship, S 1 and S 2 can be deduced as The phase parts of S 1 and S 2 serve as the encryption keys.Next, a new complex-value function f (x, y) was constructed by the two original images, viz., ( I 1 (x, y) and I 2 (x, y) ), and RAM, as follows where k i (i = 1, 2, 3) are the constants.
Then, by employing the encryption keys obtained in the above-mentioned step, the function f (x, y) was encrypted based on PT in the Fresnel domain.Thus, the ciphertext E can be expressed as where d 2 and d 3 are the diffraction distances.Meanwhile, two decryption keys, viz., DK 1 and DK 2 , generated are given by where " conj{•} " is the complex conjugate operator, PR[•] the phase reservation operator.
For the decryption, the retrieved function f ′(x, y) by the authorized users can be derived as, After obtaining the f ′(x, y) , two retrieved images, I 1 ′ x, y and I 2 ′ x, y , are mathematically represented as, (1) Figure 4 illustrates the optical schematic apparatus for decryption.A light beam carrying the information of ciphertext E was modulated by SLM 1 .SLM 1 and SLM 2 are being employed for phase modulation.CCD captures the intensity part of f ′(x, y) .The phase part of f ′(x, y) is digitally acquired.Then two decrypted images, viz.,I 1 ′ x, y and I 2 ′ x, y , are digitally acquired with the function f ′ x, y .

Numerical results and performance analysis
To demonstrate the validity and the advantages of the proposal, numerical simulations have been implemented.In those simulations, the illumination wavelength λ is 633 nm, and the three axial distances, viz., d 1 , d 2 , and d 3 , are 60, 50, and 70 mm, respectively, and the parameters k 1 , k 2 , and k 3 are set as 0.6, 0.5, and 1.5, respectively.Furthermore, the correlation coefficient (CC) was utilized to objectively assess the similarity between the plaintext I k (x, y) (k = 1, 2) and its corresponding decrypted image I k ′(x, y) as For convenience of the analysis, the CC values were directly labelled in the recovered images.Figure 5a, b show two original images having 512 × 512 pixels, which are employed as the two plaintexts.The two random masks, RAM and RPM, are shown in Fig. 5c, d.By employing RAM, RPM, and EMD, the encryption keys (Fig. 5e, f) are acquired.The ciphertext and decrypted keys, after conducting the proposed encryption process, are displayed in Fig. 5g-i, respectively.Finally, the decrypted images acquired by using all the correct keys are shown in Fig. 5j, k.These results signify that each decrypted image and its corresponding plaintext are completely equal, or the influence of crosstalk noise is non-existent.Thus, the proposal is feasible and effective, and can retrieve the high-quality images without the crosstalk noise.
To evaluate the information-leakage-free of the proposal, Fig. 6a-f show the decrypted images with releasing of E, DK 1 , and DK 2 .Figure 7a-f illustrate the decrypted images when two of these masks are utilized.According to Figs. 6 and 7, each of all the decrypted images has the noise-like distribution, where no useful information of the two plaintexts appears.We illustrated that the information-leakage issue has been thoroughly settled in the proposal.
We have further validated the sensitivity of the proposal for the additional keys, i.e., the three diffraction distances To further demonstrate the robustness of the proposal against noise and occlusion attacks, Fig. 12 illustrates the decrypted results when the ciphertext is contaminated by the zero-mean white additive Gaussian noise with σ = 0.2 and σ = 0.3 .Figure 13 represents the decrypted results acquired from the ciphertexts with 3% and 5% occlusion.According to Figs. 12 and 13, the quality of the decrypted images steadily worsens with the increase of the noise or occlusion strength.Although the content of those images becomes blurred for σ = 0.3 noise or 5% occlusion, the main-structure information can be still distinguished.Hence, it is verified for these results that the proposal has the resistance to noise and occlusion attacks.
Furthermore, we have proved the validity of the proposal against known-plaintext attack (KPA).The decryption keys of our scheme varies with the different plaintext pair.In the KPA simulation, Fig. 5a, b, g serve as a known plaintext pair and their corresponding ciphertext.Using the proposal, RAM (Fig. 5c) and RPM (Fig. 5d) encrypt the plaintext pair in Fig. 5a, b, and the private keys in Fig. 5h, i are generated.Figure 14a, b demonstrate the other plaintext pair.Figure 14c illustrates the ciphertext of Fig. 14a, b, which were produced by the proposal, ( 11) RAM′ and RPM′.RAM and RPM are different from RAM′ and RPM′, respectively.When all the correct parameters, viz., RAM (Fig. 5c), RPM (Fig. 5d), and the private keys (Fig. 5h, i) are used, the two retrieved results of Fig. 14c are shown in Fig. 14d, e.For better explaining the security of this scheme, we have retrieved Fig. 14c in the other two cases in which we suppose that the attacker has known one out of RAM′ and RPM′., and the other conditions mentioned above.The information of Fig. 14a, b cannot be deciphered from Fig. 14d-i.Hence, the proposal is immune to KPA.
Finally, we have also demonstrated that the proposal can resist SA 44 .SA is a single iteration process, which stem from the modified amplitude-phase retrieval algorithm.The results of SA with two unknown masks, viz., RAM and RPM, are illustrated in Fig. 15a-c.Moreover, the results of SA, when the knowledge of one of RAM and RPM is lacking, are illustrated in Fig. 15d-i.Figure 16 shows the results of SA using Qin and Peng's scheme 35 .It is shown in Fig. 15a, d, g, that the six curves are unstable and non-convergent.According to Fig. 15b, c, e, f,  h, i, no information can be deciphered of the two plaintexts (Fig. 15a, b).Therefore, we have shown that the proposal can effectively resist SA.

Concluding remarks
An optical phase-truncation-based double-image encryption was developed using the equal modulus decomposition and random masks.The proposal utilizes RAM and RPM to generate a single ciphertext and two private keys.This scheme is novel, and acquires the decrypted images immune to the crosstalk noise.Particularly, the random masks cause insufficient constraints to be utilized for SA.Our proposal, when compared with the reported techniques via PT, has no problem of information leakage, and can efficiently resist different types of attacks.Furthermore, the four parameters serve as additional keys for enhancing the security.Numerical simulation results validate the advantages of the proposal.

Figure 1 .
Figure 1.Schematic diagram for the proposed (a) encryption and (b) decryption.
d 1 , d 2 , and d 3 , and the illuminating wavelength λ.Figures 8, 9, 10 and 11 illustrate the sensitive results of those keys, where the deviation ranges of those keys are [− 50 50].These results invariably reveal that the CC values are one, only when the deviation is equal to zero.And for other values of the deviation, the CC values are below or equal to 0.0863.Moreover, when the deviations are − 1 and 1, all the decrypted images have no useful content of the two plaintexts.Therefore, the proposal has four sensitive additional keys, which can further reinforce the security of the proposal.

1 , DK RPM′ 2 , 1 ,
Figure 14f, g demonstrate the results of Fig. 14c with RPM′, DK RPM ′ and for the other abovementioned conditions.Figure 14h, i illustrate the results of Fig. 14c using RAM′, DK RAM′ DK RAM′

Figure 11 .
Figure 11.Relation curves of the CC value versus Δλ, in which decrypted images using Δλ of (a, b) − 1, and (c, d) 1.

Figure 15 .
Figure 15.Results of SA using our proposal: the CC value versus number of iterations with (a) two unknown masks (RAM and RPM), (d) unknown RPM, and (g) unknown RAM, respectively; the recovered images after 200 iterations with (b, c) two unknown masks (RAM and RPM), (e, f) unknown RPM, and (h, i) unknown RAM, respectviely.

Figure 16 .
Figure 16.Results of SA using Qin and Peng's scheme: (a) the CC value versus number of iterations, and (b, c) recovered images after 200 iterations.