Asymmetric double-image encryption based on cascaded discrete fractional random transform and logistic maps Liansheng Sui,1,2,* Kuaikuai Duan,1Junli Liang,3Xinhong Hei1 1

School of Computer Science and Engineering, Xi’an University of Technology, Xi’an, 710048, China 2 Shaanxi Key Laboratory for Network Computing and Security Technology, Xi’an, 710048, China 3 School of Automation and Information, Xi'an University of Technology, Xi’an, 710048, China * [email protected]

Abstract: A double-image encryption is proposed based on the discrete fractional random transform and logistic maps. First, an enlarged image is composited from two original images and scrambled in the confusion process which consists of a number of rounds. In each round, the pixel positions of the enlarged image are relocated by using cat maps which are generated based on two logistic maps. Then the scrambled enlarged image is decomposed into two components. Second, one of two components is directly separated into two phase masks and the other component is used to derive the ciphertext image with stationary white noise distribution by using the cascaded discrete fractional random transforms generated based on the logistic map. The cryptosystem is asymmetric and has high resistance against to the potential attacks such as chosen plaintext attack, in which the initial values of logistic maps and the fractional orders are considered as the encryption keys while two decryption keys are produced in the encryption process and directly related to the original images. Simulation results and security analysis verify the feasibility and effectiveness of the proposed encryption scheme. © 2014 Optical Society of America OCIS codes: (100.2000) Digital image processing; (060.4510) Optical communications.

References and links 1.

P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20(7), 767–769 (1995). 2. B. Javidi, “Securing information with optical technologies,” Phys. Today 50(3), 27–32 (1997). 3. G. Situ and J. Zhang, “Double random-phase encoding in the Fresnel domain,” Opt. Lett. 29(14), 1584–1586 (2004). 4. L. Chen and D. Zhao, “Optical color image encryption by wavelength multiplexing and lensless Fresnel transform holograms,” Opt. Express 14(19), 8552–8560 (2006). 5. W. Chen and D. Chen, “Optical color image encryption based on an asymmetric cryptosystem in the Fresnel domain,” Opt. Commun. 284(16–17), 3913–3917 (2011). 6. G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25(12), 887–889 (2000). 7. B. Zhu, S. Liu, and Q. Ran, “Optical image encryption based on multifractional Fourier transforms,” Opt. Lett. 25(16), 1159–1161 (2000). 8. B. Hennelly and J. T. Sheridan, “Optical image encryption by random shifting in fractional Fourier domains,” Opt. Lett. 28(4), 269–271 (2003). 9. Y. Sheng, Z. Xin, M. S. Alam, L. Xi, and L. Xiao-Feng, “Information hiding based on double random-phase encoding and public-key cryptography,” Opt. Express 17(5), 3270–3284 (2009). 10. M. He, Q. Tan, L. Cao, Q. He, and G. Jin, “Security enhanced optical encryption system by random phase key and permutation key,” Opt. Express 17(25), 22462–22473 (2009). 11. W. Chen and X. Chen, “Space-based optical image encryption,” Opt. Express 18(26), 27095–27104 (2010). 12. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical color-image encryption and synthesis using coherent diffractive imaging in the Fresnel domain,” Opt. Express 20(4), 3853–3865 (2012).

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10605

13. M. R. Abuturab, “Color image security system based on discrete Hartley transform in gyrator transform domain,” Opt. Lasers Eng. 51(3), 317–324 (2013). 14. M. R. Abuturab, “Noise-free recovery of color information using a joint-extended gyrator transform correlator,” Opt. Lasers Eng. 51(3), 230–239 (2013). 15. N. Zhou, Y. Wang, and J. Wu, “Image encryption algorithm based on the multi-order discrete fractional Mellin transform,” Opt. Commun. 284(24), 5588–5597 (2011). 16. A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photonics 1(3), 589–636 (2009). 17. G. Situ and J. Zhang, “Multiple-image encryption by wavelength multiplexing,” Opt. Lett. 30(11), 1306–1308 (2005). 18. G. Situ and J. Zhang, “Position multiplexing for multiple-image encryption,” J. Opt. A, Pure Appl. Opt. 8(5), 391–397 (2006). 19. A. Alfalou and A. Mansour, “Double random phase encryption scheme to multiplex and simultaneous encode multiple images,” Appl. Opt. 48(31), 5933–5947 (2009). 20. A. Alfalou, C. Brosseau, N. Abdallah, and M. Jridi, “Simultaneous fusion, compression, and encryption of multiple images,” Opt. Express 19(24), 24023–24029 (2011). 21. Z. Liu, Y. Zhang, H. Zhao, M. A. Ahmad, and S. Liu, “Optical multi-image encryption based on frequency shift,” Optik (Stuttg.) 122(11), 1010–1013 (2011). 22. X. Wang and D. Zhao, “Multiple-image encryption based on nonlinear amplitude-truncation and phasetruncation in Fourier domain,” Opt. Commun. 284(1), 148–152 (2011). 23. X. Wang and D. Zhao, “Fully phase multiple-image encryption based on superposition principle and the digital holographic technique,” Opt. Commun. 285(21–22), 4280–4284 (2012). 24. H. E. Hwang, H. T. Chang, and W. N. Lie, “Multiple-image encryption and multiplexing using a modified Gerchberg-Saxton algorithm and phase modulation in Fresnel-transform domain,” Opt. Lett. 34(24), 3917–3919 (2009). 25. H. T. Chang, H. E. Hwang, and C. L. Lee, “Position multiplexing multiple-image encryption using cascaded phase-only masks in Fresnel transform domain,” Opt. Commun. 284(18), 4146–4151 (2011). 26. H. T. Chang, H. E. Hwang, C. L. Lee, and M. T. Lee, “Wavelength multiplexing multiple-image encryption using cascaded phase-only masks in the Fresnel transform domain,” Appl. Opt. 50(5), 710–716 (2011). 27. J. J. Huang, H. E. Hwang, C. Y. Chen, and C. M. Chen, “Optical multiple-image encryption based on phase encoding algorithm in the Fresnel transform domain,” Opt. Laser Technol. 44(7), 2238–2244 (2012). 28. X. Deng and D. Zhao, “Multiple-image encryption using phase retrieve algorithm and intermodulation in Fourier domain,” Opt. Laser Technol. 44(2), 374–377 (2012). 29. S. Liansheng, X. Meiting, and T. Ailing, “Multiple-image encryption based on phase mask multiplexing in fractional Fourier transform domain,” Opt. Lett. 38(11), 1996–1998 (2013). 30. H. Li and Y. Wang, “Double-image encryption based on iterative gyrator transform,” Opt. Commun. 281(23), 5745–5749 (2008). 31. H. Li and Y. Wang, “Double-image encryption by iterative phase retrieval algorithm in fractional Fourier domain,” J. Mod. Opt. 55(21), 3601–3609 (2008). 32. Z. Liu, Q. Guo, L. Xu, M. A. Ahmad, and S. Liu, “Double image encryption by using iterative random binary encoding in gyrator domains,” Opt. Express 18(11), 12033–12043 (2010). 33. Z. Liu, Y. Zhang, S. Li, W. Liu, W. Liu, Y. Wang, and S. Liu, “Double image encryption scheme by using random phase encoding and pixel exchanging in the gyrator transform domains,” Opt. Laser Technol. 47, 152– 158 (2013). 34. Z. Liu, M. Gong, Y. Dou, F. Liu, S. Lin, A. A. Muhammad, J. Dai, and S. Liu, “Double image encryption by using Arnold transform and discrete fractional angular transform,” Opt. Lasers Eng. 50(2), 248–255 (2012). 35. Y. Zhang and D. Xiao, “Double optical image encryption using discrete Chirikov standard map and chaos-based fractional random transform,” Opt. Lasers Eng. 51(4), 472–480 (2013). 36. H. Li and Y. Wang, “Double-image encryption based on discrete fractional random transform and chaotic maps,” Opt. Lasers Eng. 49(7), 753–757 (2011). 37. L. Sui, H. Lu, Z. Wang, and Q. Sun, “Double-image encryption using discrete fractional random transform and logistic maps,” Opt. Lasers Eng. 56, 1–12 (2014). 38. X. Wang and D. Zhao, “Double-image self-encoding and hiding based on phase-truncated Fourier transforms and phase retrieval,” Opt. Commun. 284(19), 4441–4445 (2011). 39. X. Wang and D. Zhao, “Double images encryption method with resistance against the specific attack based on an asymmetric algorithm,” Opt. Express 20(11), 11994–12003 (2012). 40. L. Sui, H. Lu, X. Ning, and Y. Wang, “Asymmetric double-image encryption method by using iterative phase retrieve algorithm in fractional Fourier transform domain,” Opt. Eng. 53(2), 026108 (2014). 41. N. Singh and A. Sinha, “Optical image encryption using fractional Fourier transform and chaos,” Opt. Lasers Eng. 46(2), 117–123 (2008). 42. N. Singh and A. Sinha, “Gyrator transform-based optical image encryption, using chaos,” Opt. Lasers Eng. 47(5), 539–546 (2009). 43. N. Singh and A. Sinha, “Chaos based multiple image encryption using multiple canonical transforms,” Opt. Laser Technol. 42(5), 724–731 (2010).

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10606

44. H. Li, Y. Wang, H. Yan, L. Li, Q. Li, and X. Zhao, “Double-image encryption by using chaos-based local pixel scrambling technique and gyrator transform,” Opt. Lasers Eng. 51(12), 1327–1331 (2013). 45. J. Wu, X. Luo, and N. Zhou, “Four-image encryption method based on spectrum truncation, chaos and the MODFrFT,” Opt. Laser Technol. 45, 571–577 (2013). 46. Z. Liu, H. Zhao, and S. Liu, “A discrete fractional random transform,” Opt. Commun. 255(4-6), 357–365 (2005). 47. Original images: http://sipi.use.edu/database/database.php. 48. J. Lang, R. Tao, and Y. Wang, “Image encryption based on the multiple-parameter discrete fractional Fourier transform and chaos function,” Opt. Commun. 283(10), 2092–2096 (2010). 49. A. Carnicer, M. Montes-Usategui, S. Arcos, and I. Juvells, “Vulnerability to chosen-cyphertext attacks of optical encryption schemes based on double random phase keys,” Opt. Lett. 30(13), 1644–1646 (2005). 50. X. Peng, H. Wei, and P. Zhang, “Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain,” Opt. Lett. 31(22), 3261–3263 (2006). 51. W. Qin and X. Peng, “Asymmetric cryptosystem based on phase-truncated Fourier transforms,” Opt. Lett. 35(2), 118–120 (2010).

1. Introduction With the rapid popularity of computer networks, issues about illegal image data access on internet being more and more serious and image encryption technique has attracted a growing attention. Due to their capability to ensure the security of data transmission and communication, optical image encryption techniques have become an important research field. Various optical encryption and encoding techniques in different domains such as the Fourier transform (FT), Fresnel transform (FrT), fractional Fourier transform (FrFT), gyrator transform (GT) and fractional Mellin transform domain have been proposed in the past two decades [1–15]. Moreover, Alfalou and Brosseau [16] analyzed the performance on different methods and pointed out many schemes can be used for compression simultaneously. Though these optical methods have excellent properties such as parallel and multidimensional capability of signal processing, most schemes mainly discuss the single image encryption, which reduce the efficiency when encrypting, storing and transmitting double or multiple images. Additionally, these schemes belong to the category of symmetric cryptosystems, in which the encryption keys are identical to decryption ones. Because of the inherently linear property of mathematical or optical transformation, these schemes are vulnerable to various attacks such as chosen plaintext attack. In order to ensure security and improve efficiency of image transmission and communication on network, the multiple-image encryption has attracted lots of attentions. Situ and Zhang [17, 18] proposed the multiple-image encryption schemes based on wavelength multiplexing and position multiplexing. Alfalou and Mansour [19] multiplexed target images by using FT based on double random phase encoding. Subsequently, Alfalou et al. [20] suggested a multiple-image encryption scheme by using the discrete cosine transform (DCT) and the specific spectral filtering technique, which implemented simultaneous fusion, compression and encryption of multiple images. Liu et al. [21] proposed an optical multiimage encryption based on frequency shift technique, where the lower frequency parts of the plain images are selected, shifted and encrypted by using double phase encoding in FrFT domain. Wang and Zhao [22] designed a multiple-image encryption based on the nonlinear phase truncation operations in FT domain, which is vulnerable to various attacks such as chosen plaintext attack. Additionally, Wang and Zhao [23] proposed a fully phase multipleimage encryption based on superposition principle and digital holographic technique. Hwang et al. [24] proposed a multiple images encryption in FrT domain based on modified Gerchberg-Saxton algorithm (MGSA), which reduces the cross-talks of the decrypted images significantly. Based on MGSA, Chang et al. [25, 26] suggested the position multiplexing encryption schemes by using cascaded phase-only masks and Huang et al. [27] designed the scheme with architecture of two adjacent phase-only functions to increase capacity of the cryptosystem. Deng and Zhao [28] proposed a multiple-image encryption algorithm using phase retrieve algorithm and intermodulation in Fourier domain, which can avoid the crosstalk noise completely. Sui et al. [29] encrypted multiple images based on phase mask multiplexing technique in FrFT domain, in which the capacity is considerable enhanced. #208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10607

As a special case, double-image encryption techniques also have attracted more attention than ever before. Li and Wang [30, 31] proposed the double-image encryption schemes in the GT and FrFT domains, where the iterative process between two plain images has high convergent speed. Liu et al. [32, 33] suggested the double-image encryption schemes in the GT domain not only by using iterative random binary encoding but also by using random phase encoding and pixel exchanging. Additionally, Liu et al. [34] encrypted two plain images into the amplitude and phase of a complex function, in which the discrete fractional angular transform is used. Zhang and Xiao [35] designed a double optical image encryption by using the discrete Chirikov standard map which is utilized to scramble the pixel positions and intensity values, respectively. Li and Wang [36] proposed a double-image encryption based on discrete fractional random transform and chaotic maps, which can raise the efficiency when encrypting, storing or transmitting. Sui et al. [37] proposed a double-image encryption based on discrete fractional random transform, where a chaotic confusiondiffusion process is used to break the correlations between adjacent bit planes efficiently. Wang and Zhao [38] suggested an algorithm to encrypt two covert images into an overt image based on phase retrieval and phase-truncated Fourier transform, which is asymmetric and the encryption keys are different from those in decryption process. Furthermore, Wang and Zhao [39] suggested an asymmetric double-image encryption which has a high level of robustness against the specific attack. Sui et al. [40] designed the asymmetric encryption between two plain images based on convolution operation in FrFT domain, which make the optical implementation of the decryption process convenient and efficient. Recently, due to the excellent properties such as ergodicity, pseudo-randomness, sensitivity to initial conditions and control parameters, the chaotic maps are used to encrypt image in different transform domains, which can strengthen the nonlinearity of plain image in spatial and transform domains. Singh and Sinha [41, 42] proposed an optical image encryption schemes based on chaos not only in FrFT domain but also in GT domain. Additionally, Singh and Sinha [43] encrypted multiple images based on chaos and multiple canonical transforms, where three linear canonical transforms such as FrFT, extended FrFT and FrT are utilized. Li et al. [44] designed a double-image encryption based on the chaosbased local pixel scrambling technique in GT domain, Arnold transform is used to scramble pixels at the local area. Wu et al. [45] proposed a four-image encryption method based on spectrum truncation, chaos and the multiple-order discrete fractional Fourier transform (MODFrFT), where the spectrum truncation is employed in discrete FT domain and the resultant performance is better than similar algorithm. In this paper, an asymmetric double-image encryption algorithm based on the cascaded chaotic discrete fractional random transforms and logistic maps is proposed. First, two original images are combined into an enlarged one which is scrambled in a confusion process. The confusion process consists of a number of rounds, and the pixel positions of the enlarged image are relocated by using the cat maps in each round. Next, the enlarged image is divided into two new components. With this confusion process, the statistical information of original images can be destroyed thoroughly. Second, one component is directly separated into two phase masks and used as for encryption keys. By multiplying one phase mask, another component is transformed to a complex interim by using the discrete fractional random transform and its phase is extracted as one decryption key. By multiplying another phase mask, the amplitude of the interim is transformed to a complex image, in which the amplitude is the final ciphertext with stationary white noise distribution and the phase is used as another decryption key. The private keys include the encryption keys such as the initial values of the logistic maps and the fractional orders of the discrete fractional random transform. Simultaneously, two decryption keys produced in the encryption process also used as the private keys, which makes the encryption scheme is asymmetric and high resistance against to the various attacks such as chosen plaintext attack. Simulation results and security analysis verify the feasibility and effectiveness of the proposed method.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10608

The rest of this article is organized as follows. In Section 2, the basic principles and the processed of encryption and decryption are introduced in detail. In Section 3, numerical simulation results and security analysis are given. Finally, the conclusion is given in Section 4. 2. Encryption and decryption process 2.1 Two phase masks generated from an image An image can be separated into two phase masks by using the algorithm proposed in [38], in which two phase masks can be considered as two unit vectors in a two-dimensional Cartesian coordinate system mathematically. For the sake of simplicity, the separation process is explained by using one-dimensional notations. Supposing f ( x ) denotes a normalized image with maxima as 1, the main steps are described as follows (1) Generating a random distribution exp ( iφ1 ( x ) ) as one phase mask, in which φ1 ( x ) is a phase function distributed in the interval [0, 2π ] . (2)

Denoting

the

angle

between

exp ( iφ1 ( x ) )

and

another

phase

mask exp ( iφ2 ( x ) ) as α ( x ) , the relation between α ( x ) and f ( x ) can be expressed

as f ( x ) = 2 − 2 cos (π − α ( x ) ) .

(1)

So the angle α ( x ) can be obtained as

α ( x ) = π − arccos

2 − f 2 ( x) . 2

(2)

(3) Another phase mask exp ( iφ2 ( x ) ) can be given by

(

)

exp ( iφ2 ( x ) ) = exp i (φ1 ( x ) + α ( x ) ) .

(3)

Additionally, the normalized image f ( x ) is the modulus of the sum of two phase masks and can be calculated by the following equation f ( x ) = exp ( iφ1 ( x ) ) + exp ( iφ2 ( x ) ) .

(4)

2.2 Logistic map and chaos-based discrete fractional random transform Chaos theory is a distinguished theory, which describes that the nonlinear dynamical systems convert from ordered state to disordered state. The dynamical systems are established based on various chaos functions such as logistic map, which are very sensitive to the initial parameters. With a chaotic map, a large number of random iterative values with the desirable properties of non-correlation, pseudo-randomness, ergodicity is generated. The chaotic maps have demonstrated great potential for information security, especially for image encryption. The logistic map is a one-dimensional nonlinear chaos function and defined as f ( x ) = p ⋅ x ⋅ (1 − x ).

(5)

The function is bounded for 0 ≤ p ≤ 4 , which is the system parameter known as bifurcation parameter. The iterative form of the logistic map is written as

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10609

xn +1 = p ⋅ xn ⋅ (1 − xn ).

(6)

where xn ∈ (0,1) is the iterative value and x0 is the initial value. When p ∈ [ 3.5699456, 4] , the dynamical system is in chaotic state and slight variations of the initial parameter can yield a totally different random iterative value which is a non-periodic and non-converging sequence over time. Similar to the fractional Fourier transform, the discrete fractional random transform (DFrRT) has mathematical properties such as linearity, multiplicity, index additivity and Parseval energy conservation and so on, which has widely been used in the implementation of image encryption cryptosystem. According to a one-dimensional signal x which size is N , the discrete fractional random transform [46] with order α can be expressed as follows F α ( x ) = Rα x,

(7)

where Rα is the kernel transform matrix of the DFrRT and can be written as Rα = VDαV t .

(8)

Here, the matrix V satisfies the constraint VV t = I and Dα is a diagonal matrix as 2πα 2( N − 1)πα   Dα = diag 1,exp( −i ), ,exp( −i ) , T T  

(9)

where the coefficient T is a positive number and usually set to 1. The matrix V is generated with the eigenvectors of a symmetric random matrix S which can be constructed by using a N × N real random matrix Q as follows S=

Q + Qt . 2

(10)

For an image f which size is N × N pixels, the two-dimensional DFrRT with two fractional orders α is expressed as

F (α ,α ) ( f ) = R1α fR2α ,

(11)

where R1α and R2α denote the kernel transform matrices, respectively. In this paper, the chaos-based DFrRT is used in the encryption process, in which the real random matrix Q in Eq. (10) is generated based on the logistic map. Firstly, a random sequence X = {x1 , x2 , , xN × N + K }, xi ∈ (0,1) is generated based on Eq. (6) with an initial values x0 and any integer K . Discarding the previous K values, the new sequence X = {x1 , x2 , , xN × N }, xi ∈ (0,1) is obtained. Secondly, the matrix Q is obtained by converting

this sequence to a two-dimensional matrix. 2.3 Double-image encryption and decryption processes The proposed double-image encryption and decryption is based on the cascaded DFrRT and logistic maps. The encryption process is shown in Fig. 1. Let f i ( i = 1, 2 ) denote two plaintext images with size of N × N pixels, the detailed procedures are described as follows

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10610

Fig. 1. Flowchart of encryption process.

(1) In the combination and decomposition module, two original images are firstly normalized with maxima as 1, and combined into an enlarged one f e with size of N × 2 N pixels by the means of connecting f 2 with f1 successively in the horizontal direction. When the enlarged image f e is obtained, a confusion process which consists of a number of rounds is performed to scramble pixel positions. In the ith round, a cat map is used to relocate pixel positions, which is expressed by the following equation  x′  1  y ′ =  q    i

pi   x  , pi qi + 1  y 

(12)

x ′ = x ′ mod 2 N ,

(13)

y ′ = y ′ mod N .

(14)

The coefficient ( pi , qi ) is obtained by the Eqs. (15) and (16) as follows pi = ( s1 (i ) × 109 ) mod 2 N ,

(15)

qi = ( s2 (i ) × 109 ) mod 2 N ,

(16)

where s1 and s2 are two random sequences generated by using Eq. (6) based on two logistic maps with the initial values x01 and x02 , respectively. Finally, the scrambled image f e is decomposed into two new components denoted by f i ′( i = 1, 2 ) . Thus, the

statistical information of original images can be destroyed thoroughly.

Fig. 2. (a) Plaintext images “Lena” and “Baboon” and (b) two new components.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10611

In this module, the two initial values of above logistic maps can be used as encryption keys in the encryption and decryption processes. Figure 2(a) shows the two grayscale images “Lena” and “Baboon” with 256 × 256 pixels and 256 Gy levels. The original images used in this paper are selected from USC-SIPI image database [47]. The two new components are shown in Fig. 2(b). (2) In the phase masks generation module, one phase mask exp ( iφ1 ) is produced randomly and another one exp ( iφ2 ) is generated based on the scrambled component f1′ by using Eq. (2) and (3).

(3) Another component f 2′ is multiplied by the phase mask exp ( iφ1 ) and transformed to a complex distribution by using the DFrRT with fractional order α . The complex distribution can be written as h exp ( iξ1 ) = F (α ,α ) ( f 2′ exp ( iφ1 ) ) = R1α ( f 2′ exp ( iφ1 ) ) R2α ,

(17)

where R1α and R2α denote the kernel transform matrices, respectively. The amplitude h and phase function ξ1 of the complex distribution can be extracted with the operators h exp ( iξ1 ) and arg {h exp ( iξ1 )} , respectively. The fractional order α is used as the encryption key and phase function ξ1 is used as a decryption key. (4) Similarly, the amplitude distribution h is multiplied by the phase mask exp ( iφ2 ) and transformed to another complex distribution by using the DFrRT with fractional order β . The resultant distribution can be written as g exp ( iξ2 ) = F ( β ,β ) ( h exp ( iφ2 ) ) = R1β ( h exp ( iφ2 ) ) R2β ,

(18)

where R1β and R2β denote the kernel transform matrices, respectively. The amplitude g of the resultant distribution can be extracted with the operators g exp ( iξ2 ) , which is the final ciphertext image with stationary white noise distribution.

The

corresponding

phase

function

ξ2

is

obtained

by

using arg {g exp ( iξ2 )} , which is used as another decryption key while the fractional order β is used as the encryption key. Obviously, a cascaded DFrRTs are employed to encrypt two original images, in which the related DFrRTs are chaos-based and the corresponding kernel transform matrices are produced by using Eqs. (8)-(10). In order to reduce the complexity of the cryptosystem, the related kernel transform matrices are identical, which are generated based on the logistic map with the same initial value x03 . So, the difference of cascaded DFrRTs lies in the different fractional orders.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10612

Fig. 3. Flowchart of decryption process.

The decryption process is depicted in Fig. 3, which is similar to the encryption process but in the reversed order. It should be paid attention to the following main steps (1) In the inverse DFrRT modules, two interim complex matrices are obtained by the reverse DFrRTs with fractional orders −α and − β , respectively, which are expressed as h2 exp(iφ2 ) = F ( − β ,− β ) ( g exp(iξ2 )) = R1− β ( g exp(iξ2 )) R2 − β .

(19)

h1 exp(iφ1 ) = F ( −α ,−α ) ( h2 exp(iξ1 )) = R1−α ( h2 exp(iξ1 )) R2 −α .

(20)

(2) In the phase masks combination module, the scrambled component f1′ can be recovered by using Eq. (4) as f1′ = exp(iφ1 ) + exp(iφ2 ) .

(21)

Simultaneously, another scrambled component f 2′ is derived by using the operator h1 exp ( iφ1 ) , namely the amplitude h1 of the complex matrix h1 exp(iφ1 ) . (3) In the inverse combination and decomposition module, the components f1′ , f 2′ are assembled successively to form an enlarged image f e′ , and then f e′ is scrambled based on the random sequences s1 , s2 in accordance with the reversed order of confusion rounds in the encryption process. Finally, the scrambled f e′ is decomposed into two images, namely the decrypted images. From the description of the encryption process, it is obvious that the initial values x01 , x02 and x03 of three logistic maps and the fractional orders α and β of the DFrRT can be used as the encryption keys. The other parameters of the logistic maps such as p and K are fixed usually. In the computer simulation, the parameter p is set to 3.56995 and K set to 2000. Actually, these control parameters can be used as the encryption keys increase security of the cryptosystem due to the sensitivity of the logistic map to these parameters. In the process of decryption, the original images can be decrypted not only by using the encryption keys but also by using the decryption keys ξ1 and ξ2 , which are derived in the encryption process and directly related to the plaintext images. So, with the encryption keys x01 , x02 , x03 , α , β and the decryption keys ξ1 , ξ2 , the cryptosystem enlarge the key space greatly. Moreover, the proposed double-image encryption scheme belongs to the category of asymmetric technique as proposed in [38, 39], which can break the linearity of the DFrRT and has high resistance against to the potential attacks such as chosen-plaintext attack. #208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10613

As pointed out in Ref [48], though the exact optical implementation of DFrRT remains an open problem, the encryption scheme based on DFrRT can be approximately implemented optically in the Fourier domain with the help of a typical 4 f system as shown in Fig. 4. Additionally, two gray scale images can be encrypted into one with same image size, which means the compression ratio of the proposed encryption scheme can achieve to 1:2.

Fig. 4. Optical implementation of DFrRT.

3. Numerical simulation and security analysis

To verify the feasibility and effectiveness of the proposed encryption scheme, numerical simulations are performed on two original images “Lena” and “Baboon” shown in Fig. 2(a). The initial values x01 , x02 and x03 of three logistic maps are set to 0.19, 0.73 and 0.56, respectively. The fractional orders α and β are set to 0.23 and 0.85, respectively. The encryption and decryption results are given in Fig. 5. Figure 5(a) shows the ciphertext image with stationary white noise distribution. Figure 5(b) and 5(c) display the decrypted images with all correct keys.

Fig. 5. (a) Ciphertext image, (b) decrypted “Lena” and (c) decrypted “Baboon”.

Figure 6(a)-6(c) display the decrypted image “Lena” with x01 = 0.19 + 1.0 × 10−15 , x02 = 0.73 + 1.0 × 10−13 and x03 = 0.56 + 1.0 × 10−15 , respectively. Similar results are obtained for the decrypted image “Baboon”.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10614

Fig. 6. Decrypted “Lena” with (a) incorrect

x01 , (b) incorrect x02 and (c) incorrect x03 .

Figure 7(a) and 7(b) show the decrypted images with incorrect α = 0.231 . Figure 7(c) and 7(d) show the decrypted images with incorrect β = 0.8505 . Figure 8(a) and 8(b) show the decrypted images with incorrect ξ1 which is generated randomly. Figure 8(c) and 8(d) show the decrypted images with incorrect ξ2 .

Fig. 7. (a) Decrypted “Lena” with incorrect α , (b) decrypted “Baboon” with incorrect decrypted “Lena” with incorrect β , (d) decrypted “Baboon” with incorrect β .

α , (c)

ξ1 , (b) decrypted “Baboon” with incorrect ξ1 , (c) ξ2 , (d) decrypted “Baboon” with incorrect ξ2 .

Fig. 8. (a) Decrypted “Lena” with incorrect decrypted “Lena” with incorrect

In order to evaluate the quality of the decrypted image, the mean square error (MSE) between the original plaintext image and decrypted one is calculated as follows MSE =

1 N2

N

N

 g (i, j ) − g ′(i, j )

2

,

(22)

i =1 j =1

where g (i, j ) denotes the original plaintext image and g ′(i, j ) denotes the corresponding decrypted one.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10615

Apparently, the security of the proposed encryption scheme is mainly determined by the initial values of three related logistic maps and the fractional orders of the DFrRT. As is illustrated in Fig. 6(a)-6(c), any valid information from the decrypted images cannot be reconstructed visually when the deviation of the initial value x01 , x03 is up to 10−15 as well as the deviation of the initial value x02 is up to 10−13 . So, the initial values of the logistic maps are sensitive to the proposed encryption scheme. In order to test the sensitivity of the fractional orders, the decryption processes are performed by fixing one fractional order and varying the other. The relationship curves between the average MSE and the deviation of the fractional order are shown in Fig. 9, in which the deviation ranges from −0.1 to 0.1 and the step is 0.005. The average MSE is computed as MSEave = ( MSE first + MSEsec ond ) / 2,

(23)

where MSE first and MSEsec ond are the MSE values of two decrypted images, respectively. Obviously, the average MSE value approximates to zero when α or β is correct while the value sharply increases when α or β slightly departs from the correct value, which indicate that any tiny fluctuation will lead to false decryption. Actually, the content of decrypted image cannot be recognized totally if the deviation of order α is larger than 0.001 as illustrated in Fig. 7(a) and 7(b) as well as the content cannot be recognized if the deviation of order β is larger than 0.0005 as illustrated in Fig. 7(c) and 7(d).

Fig. 9. Average MSE versus (a) the deviation of fractional order α and (b) the deviation of fractional order β .

According to an ideal cryptosystem, the size of key space should be large to resist the brute-force attack, namely the total number of different keys used in the decryption process should be large enough. As pointed in [35], the size of key space should at least be larger than 2100 in order to obtain a high level of security. From the description of the proposed double-image encryption scheme, it is obvious that the chaotic permutation process in the combination and decomposition module is independent from the DFrRT. In the chaotic permutation process, the key spaces of the initial values x01 and x02 should be analyzed, which are denoted by S1 and S2 , respectively. In the DFrRT process, the key spaces of the initial value x03 and the fractional orders α and β should be analyzed, which are denoted by S3 , S4 and S5 respectively. The entire key space of the cryptosystem is S1 × S2 × S3 × S4 × S5 . From Fig. 6(a)-6(c), the initial value x01 , x02 and x03 maintain 15, 13 and 15 digits after decimal point

respectively,

so

S1 × S2 × S3 = 1043

.

Figure

7(a)-7(d),

the

fractional

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10616

orders α and β maintain 3 digits after decimal point, which means S4 × S5 = 106 . Finally, the entire key space of the cryptosystem almost equals 2162 , which is enormous enough to resist brute-force attack.

Fig. 10. (a) Top one-third of “Baboon” with

ξ1 ,

ξ1 is

unknown, (b) decrypted “Lena” with

(d) top half of

decrypted “Baboon” with

ξ2

ξ1 ,

(c) decrypted

is unknown, (e) decrypted “Lena” with

ξ2

, (f)

ξ2 .

As a double-image encryption scheme based on asymmetric technique, the decryption keys play an important role in the decryption process. In order to evaluate the affection of the decryption keys, the case having a part of known data of the decryption keys ξ1 and ξ2 is considered and calculated. In Fig. 10(a), the top one-third of ξ1 is unknown and the corresponding data is replaced with −π . The decrypted images “Lena” and “Baboon” are shown in Fig. 10(b) and 10(c), respectively. Similarly, the top half of ξ2 is replaced with −π as shown in Fig. 10(d). The decrypted images “Lena” and “Baboon” are shown in Fig. 10(e) and 10(f), respectively. From Fig. 10, it is obvious that the decrypted results are close to noise-like images if the part of the decryption keys is lost. Two aspects of statistical analysis are performed, one is testing on the histograms of the ciphertext and the decryption keys according to two groups of original images and the other is testing on the self-correlation values of adjacent pixels in the plaintext images, the ciphertext and the decryption keys. Figures 11(a)-12(c) display the histograms of the ciphertext image and the decryption keys of “Lena” and “Baboon” shown in Fig. 2(a). Figures 12(a) and12 (b) display another two original images “Aerial” and “Peppers”, which histograms of the ciphertext and the decryption keys are displayed in Fig. 13(a)-13(c). In Fig. 11 and Fig. 13, the histograms not only of the ciphertext images but also of the decryption keys have similar distribution, which mean that an illegal user cannot obtain any useful information from this statistical property. . In order to test the self-correlation values of adjacent pixels, the 2000 pairs of adjacent pixels are randomly selected in vertical, horizontal and diagonal directions from the plaintext images, the decryption keys of “Lena” and “Baboon”, respectively. Let N denotes the total number of pixels selected from the image, the self-correlation coefficients of two adjacent pixels is calculated as follows

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10617

N

Cor =

 ( x − x )( y i =1

N

i

i

N

− y) ,

(24)

(  ( xi − x ) )(  ( yi − y ) ) i =1

2

2

i =1

where x = 1 N  i =1 xi and y = 1 N  i =1 yi .Table 1 shows the results of self-correlation of N

N

the plaintext images, the ciphertext and the decryption keys, which indicates that the correlations of two adjacent pixels of the original image is significant while the results of ciphertext and the decryption keys are very low. Therefore, the proposed encryption scheme has strong capability of resisting this statistical data, which means that an illegal user cannot obtain any valid information from this analysis.

Fig. 11. (a) Histograms of the ciphertext of “Lena” and “Baboon”, (b) histograms of the decryption key ξ1 and (c) histogram of the decryption key ξ 2 .

Fig. 12. (a) Plaintext image “Aerial” and (b) plaintext image “Peppers”.

Fig. 13. (a) Histograms of the ciphertext of “Aerial” and “Peppers”, (b) histograms of the decryption key ξ1 and (c) histogram of the decryption key ξ 2 .

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10618

Table 1. Correlation Results in the Plaintext Images, Ciphertext and Phase Distribution Correlation coefficient

Horizontal direction Vertical direction Diagonal direction

Plaintext images

Encrypted images

Lena

Baboon

Ciphertext image

Decryption key ξ1

Decryption key ξ 2

0.9488

0.8781

0.0150

0.0309

0.0173

0.9772

0.8403

0.0029

−0.0093

−0.0181

0.9239

0.8062

−0.0157

−0.0173

0.0203

As an important requirement in the decryption process, the robustness against noise such as Gaussian random noise should be analyzed. A Gaussian random noise is added to the ciphertext image of “Lena” and “Baboon”, in which the noise interferes with the ciphertext in the following way C ′ = C (1 + kG ),

(25)

where C and C ′ are the ciphertext image and the noise-affected ciphertext, respectively, k is a coefficient which denotes the noise strength and G is a Gaussian random noise with zeromean and identity standard deviation. Figure 14 shows the decrypted images of “Lena” when k is set to 0.4, 0.6, 0.8 and 1.0, from which it can be seen that the content of the decrypted images can be recognized despite of noise interference and the quality of the decrypted image decreases as the noise level increases. Similar results are obtained for image “Baboon”. So, the proposed double-images encryption scheme has high robustness against noise attack.

Fig. 14. Decrypted images with coefficient k : (a)

k

k

= 0.4, (b)

k

= 0.6, (c)

k

= 0.8 and (d)

= 1.0.

The robustness against occlusion is mainly carried out to evaluate the performance of the encryption scheme against loss of data in the ciphertext image. To do so, the decryption process is performed on the occluded ciphertext image of “Lena” and “Baboon” with all correct private keys, where the ciphertext image is occluded partly. Figure 15(a) shows the occluded ciphertext whose pixel values at the left-top corner are replaced with 0 in simulation, namely the ciphertext is cropped by 50% from the left side. Figure 15(b) and 15(c) displays the corresponding decrypted images “Lena” and “Baboon” from Fig. 15(a). Apparently, the main information of the original plaintext images can be recognized visually from Fig. 15(b) and 15(c). In other words, the proposed encryption scheme shows enough robustness against loss of ciphertext data. Similar results can be obtained when the ciphertext is cropped by 50% from the right side.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10619

Fig. 15. (a) Ciphertext with 50% occlusion from the left side, (b) decrypted “Lena” and (c) decrypted “Baboon”.

Usually, there are four potential attacks including cipher only attack, known plaintext attack, chosen plaintext attack and chosen ciphertext attack, in which chosen plaintext attack is the most powerful attack. As pointed out in [35], the cryptosystem should resist other attacks if it can resist chosen plaintext attack. For the proposed double-image encryption scheme, supposing an illegal user has known the encryption keys such as the initial values x01 , x02 , x03 and the fractional orders α , β , he can encrypt two fake plaintext images and produce the decryption keys ξ1 and ξ2 . Then, he can use obtained decryption keys to decrypt the original ciphertext. The images “Aerial” and “Peppers” shown in Fig. 12(a) and 12(b) are chosen as fake plaintext images, the decryption keys ξ1 and ξ2 are obtained after encryption and used to decrypt the ciphertext of “Lena” and “Baboon”. Figure 16(a) and 16(b) display the decrypted images of “Lena” and “Baboon”, from which any valuable information cannot be obtained though the content of the fake images “Aerial” and “Peppers” can be seen faintly. As pointed out in [49–51], the encryption algorithms based on double random phase encryption has been demonstrated vulnerable to chosen plaintext attacks due to the linearity of the cryptosystem. However, the chaotic DFrRT of the proposed encryption scheme not only makes the encryption process more complex but also strengthens the nonlinearity both in spatial domain and DFrRT domain. Thus, the proposed encryption scheme can resist the potential types of attacks.

Fig. 16. (a) Decrypted “Lena” and (b) decrypted “Baboon”.

4. Conclusion

In summary, an asymmetric double-image encryption scheme is proposed based on logistic maps and DFrRT. Two original images are combined into an enlarged one, which is scrambled by using the cat map based on two logistic maps and then decomposed into two new components. One of the two components is directly separated into two phase masks used in the encryption process and the other is used to derive the ciphertext by using the cascaded DFrRT. The cryptosystem is asymmetric, in which two decryption keys related to original images are generated and the chaotic DFrRT strengthens the nonlinearity both in spatial domain and DFrRT domain. The original images fail to be recovered unless all of the correct

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10620

keys including the encryption keys and decryption keys are known. Simulation analyses verify that the proposed encryption scheme has the special advantages: the size of key space is large enough to resist brute force attack; the initial values of related logistic maps possess high sensitivity; the scheme has high capability of resisting statistical analysis; the scheme can resist high strength Gaussian random noise; the scheme has high robustness against the potential attacks such as chosen plaintext attack. Acknowledgments

This work was supported by the National Natural Science Foundation of China under grant number U1334211.

#208783 - $15.00 USD Received 26 Mar 2014; revised 21 Apr 2014; accepted 21 Apr 2014; published 24 Apr 2014 (C) 2014 OSA 5 May 2014 | Vol. 22, No. 9 | DOI:10.1364/OE.22.010605 | OPTICS EXPRESS 10621

Asymmetric double-image encryption based on cascaded discrete fractional random transform and logistic maps.

A double-image encryption is proposed based on the discrete fractional random transform and logistic maps. First, an enlarged image is composited from...
4MB Sizes 0 Downloads 3 Views