Fresnel domain nonlinear optical image encryption scheme based on Gerchberg–Saxton phase-retrieval algorithm Sudheesh K. Rajput and Naveen K. Nishchal* Department of Physics, Indian Institute of Technology Patna, Patliputra, Patna 800 013, India *Corresponding author: [email protected] Received 4 October 2013; revised 23 November 2013; accepted 15 December 2013; posted 18 December 2013 (Doc. ID 198920); published 16 January 2014

We propose a novel nonlinear image-encryption scheme based on a Gerchberg–Saxton (G-S) phaseretrieval algorithm in the Fresnel transform domain. The decryption process can be performed using conventional double random phase encoding (DRPE) architecture. The encryption is realized by applying G-S phase-retrieval algorithm twice, which generates two asymmetric keys from intermediate phases. The asymmetric keys are generated in such a way that decryption is possible optically with a conventional DRPE method. Due to the asymmetric nature of the keys, the proposed encryption process is nonlinear and offers enhanced security. The cryptanalysis has been carried out, which proves the robustness of proposed scheme against known-plaintext, chosen-plaintext, and special attacks. A simple optical setup for decryption has also been suggested. Results of computer simulation support the idea of the proposed cryptosystem. © 2014 Optical Society of America OCIS codes: (070.0070) Fourier optics and signal processing; (070.4560) Data processing by optical means; (100.2000) Digital image processing; (100.5070) Phase retrieval. http://dx.doi.org/10.1364/AO.53.000418

1. Introduction

Optical image encryption is one of the important fields of optical information processing technologies. In this field, after double random phase encoding (DRPE) [1], several optical encryption schemes have appeared in the literature [2–15]. To enlarge the key space and enhance the security of DRPE, different optical domains have been employed [2–7]. However, optical DRPE scheme and its derivatives have been found vulnerable to some attacks in different encryption domains including Fourier [8–10], Fresnel [11], and fractional Fourier transform (FRT) [12]. Kumar et al. [13] proposed the securityenhanced DRPE scheme using randomized lens function, which has immunity against impulse function attack. Some optical image-encryption schemes 1559-128X/14/030418-08$15.00/0 © 2014 Optical Society of America 418

APPLIED OPTICS / Vol. 53, No. 3 / 20 January 2014

based on interference [14], polarization [15,16], and photon counting imaging [17] have also been proposed to broaden the area of optical information security. Recently, Shi et al. [18] proposed optical imageencryption using the concept of ptychography. Nakano et al. [19] proposed a generalized model of DRPE based on linear algebra. Further, some optical asymmetric cryptosystems [20–31] have been proposed, which show immunity against existing attacks such as known-plaintext, chosen-plaintext, and chosen-ciphertext attacks. However, asymmetric cryptosystems based on phase-truncated Fourier transforms [20–22] have been found to be vulnerable to special attack in which encrypted information is revealed if encryption keys are considered as public keys [23]. The phasetruncation-based cryptosystem has also been combined with other optical encryption schemes [24–27]. Further, collision attack on phase-truncation-based cryptosystem has been studied [28]. Recently,

known-plaintext attack has been studied on phasetruncation-based cryptosystem in [29], in which a pair of decryption keys (DKs) is generated. The generated keys can retrieve information content independent of the random phase-encoding domain. Recently, some schemes have been proposed, which have immunity against special attack [30,31]. An asymmetric cryptosystem based on mixture retrieval type of Yang–Gu algorithm has been reported by Liu et al. [30], which uses random binary phase modulation. Wang and Zhao [31] proposed a special attack-free image-encryption scheme based on a direct attack to the phase-truncated Fourier-transform-based encryption scheme. These cryptosystems [30,31] improve the security of a phase-truncation-based cryptosystem by making it especially attack free. The schemes, which can efficiently improve the security of existing cryptosystems and can be realized by simple optical setup are always desired. Therefore the investigations on such alternative schemes may be useful for a practically realizable optical cryptosystem. In this paper, we propose a novel security scheme based on a G-S phase-retrieval algorithm and DRPE in the Fresnel transform (FrT) domain. The study involves the use of a G-S algorithm, as used in our previously proposed encryption scheme [29], with a difference that the intermediate amplitude has been replaced with a random amplitude mask (RAM) instead of unity. The scheme uses the benefit of amplitude modulation as reported in [30] and [31]. The encrypted image is obtained by using the G-S phaseretrieval algorithm twice, and two asymmetric keys are generated. The first DK is computed with generated phases during the first level of encryption, and, similarly, the second DK is computed with generated phases during the second level of encryption. For decryption, generated DKs can be used in a conventional DRPE setup for successful retrieval of the original image. The encryption process is based on a phase-retrieval algorithm, so it should be performed digitally; the decryption is simple and can be implemented optically or digitally. We performed the cryptanalysis, which shows that the proposed scheme has immunity against various types of attacks such as known-plaintext, chosen-plaintext, and special attacks. The computer simulation results support the idea of the proposed scheme.

of encryption, the intermediate amplitude value of first step of G-S algorithm and another RPM are used as input to the G-S algorithm. Suppose f
x; y denotes input image to be encrypted, and expfi2πr1
x; yg is the RPM. The encryption of the first level can be obtained by the following steps [29,32–34]: (1) The product of the amplitude of input image to be encrypted and the RPM after nth iteration can be written as a complex function, f 0n
x; y: f 0n
x; y  jf
x; yj × expfi2πrn
x; yg:

(2) Now perform FrT with a free-space propagation distance, z1 , to this complex function: En1
u; v  FrTzλ1 f 0n
x; y o n Z 1 Z exp i2πz λ f 0n
x; y  iλz1 
iπ 2 2

x − u 
y − v  dxdy × exp λz1  jEn1
u; vj × expfiφn
u; vg: (2) The obtained amplitude, En1
u; v, is called the first level of encryption. The first DK can be obtained with the help of phase, exp
iφn
u; v. (3) Replace the amplitude with RAM, R1
u; v, as E0n1
u; v  R1
u; v × expfiφn
u; vg:

Encryption

In this encryption scheme, the G-S algorithm is used twice for obtaining two levels of encryption. The aim of using the G-S algorithm is to generate intermediate phases, which help obtain asymmetric DKs. Also, these DKs can retrieve original images according to a conventional DRPE setup. For obtaining the first level of encryption, the image to be encrypted and a random phase mask (RPM) are used as input to the G-S algorithm. For obtaining the second level

(3)

In this scheme, RPM, expfi2πr1
x; yg, and RAM, R1
u; v, serve as encryption keys for the first level of encryption. (4) Now perform inverse FrT as 1 0 E00n1
x; y  FrT−z λ En1
u; v

 jE00n1
x; yj × expfiφn
x; yg:

(4)

(5) Replace amplitude with amplitude of image to be encrypted: f 0n1
x; y  jf
x; yj × exp
iφn
u; v  jf
x; yj × expfirn1
u; vg:

2. Proposed Cryptosystem A.

(1)

(5)

Convergence of the iteration process is completed by computing the mean square error (MSE) between absE00n1
x; y and absf
x; y, which is defined as MSE 

PN−1 PN−1 x0

y0

fjf
x; yj − jE00n1
x; yjg2 N×N

:

(6)

For obtaining the second level of encryption, the G-S algorithm is again used. Now the first level of the encrypted image, En1
u; v, and another RPM, 20 January 2014 / Vol. 53, No. 3 / APPLIED OPTICS

419

expfi2πr2
x; yg, are used as input to the G-S algorithm. Encryption of the second level can be obtained by the following steps: (1) Any complex function G0m
u; v after mth iteration can be written with the help of the first level of the encrypted image, En1
u; v, and another RPM, expfi2πr2
u; vg, as G0m
u; v  jEn1
u; vj × expfi2πr2m
u; vg:

(7)

algorithm during the encryption process randomizes the input function, and, due to the use of RAM, the security is enhanced. The number of iterations is chosen in such a way that computational cost is optimum. For successful decryption of the original images, the DKs are calculated with the help of Eqs. (2), (8), and (11), as follows: C1
u; v  expfiφn
u; vg × expf−ir2
m1
u; vg; (12)

(2) Perform FrT with free space propagation distance, z2 , to the above complex function: Gm1
ξ; η 

FrTzλ2 G0m
u; v

 jGm1
ξ; ηj ×

expfiφ0m
ξ; ηg:

(8)

(3) Replace amplitude with another RAM, R2
ξ; η: G0m1
ξ; η  R2
ξ; η × expfiφ0m
ξ; ηg:

(9)

(4) Now perform inverse FrT as 0 2 G00m1
u; v  FrT−z λ Gm1
u; v

 jG00m1
u; vj × expfiφ00m
u; vg:

(10)

(5) Replace amplitude with intensity of the first level of the encrypted image: G0m1
u; v  jEn1
u; vj × exp
iφ00m
u; v  jEn1
u; vj × expfir2
m1
u; vg:

(11)

C2
ξ; η  expfiφ0m
ξ; ηg:

(13)

We find that the inverse FrT of Eq. (8) is equivalent to Eq. (11), and if it is multiplied with expf−ir2
m1
u; vg, then it returns to the first level of the encrypted image, En1
u; v. Here, unlike [28], both DKs are not the same as the intermediate phases obtained through the G-S algorithm. They are derived from intermediate phases. Therefore the DKs can retrieve the original image using conventional DRPE scheme. It can be seen from the encryption procedure that the generation of DKs are nonlinear, so knownplaintext and chosen-plaintext attacks would not be effective. The special attack can also not be applied because the scheme uses the two RPMs and two RAMs as encryption keys. The proposed encryption scheme can also be used for security of color and multiple gray-scale images (hiding and encryption) [33–35] in other optical domains such as Fourier [1], FRT [3–5], and gyrator [7] domains. B. Decryption

In this case, the convergence of the iteration process is completed by computing MSE between absG00m1
u; v and absEn1
u; v. The RPM2 , expfi2πr2
x; yg, and RAM2 , R2
u; v, are the encryption keys for the second level of encryption. Here the amplitude of Gm1
ξ; η [Eq. (8)] is an encrypted image of the proposed scheme. The block diagram of proposed encryption scheme is shown in Fig. 1. The use of a phase-retrieval

For decryption, the encrypted image bonded with the second DK is the inverse Fresnel transformed with a free space propagation distance, z2 , at wavelength λ. The obtained spectrum is further multiplied with the first DK and inverse Fresnel transformed with free space propagation distance, z2 , at the same wavelength. Mathematically, the decrypted image is obtained by using asymmetric keys as obtained in Eqs. (12) and (13):

Fig. 1. Block diagram of G-S algorithm-based encryption scheme. 420

APPLIED OPTICS / Vol. 53, No. 3 / 20 January 2014

2 d1
u; v  FrT−z λ jGm1
ξ; ηj × C2
ξ; η;

1 d
x; y  FrT−z λ d1
u; v × C1
u; v:

Fig. 2. Schematic diagram for decryption. SLM, spatial light modulator; CCD, charge-coupled device camera; z1 and z2 , Fresnel propagation distances.

(14)

(15)

The decryption process explained through Eqs. (14) and (15) can be realized optically with the help of a DRPE setup, as shown in Fig. 2. Usually, in a DRPE-based decryption scheme, an encrypted image is directly used in the input plane, while in this

Fig. 3. Simulation results for gray-scale image. (a) Image of flower plot to be encrypted. (b) First DK. (c) Second DKs. (d) Encrypted image. (e) Plot between number of iterations and MSE during first level of encryption. 20 January 2014 / Vol. 53, No. 3 / APPLIED OPTICS

421

scheme the encrypted image is used along with the second DK. An encrypted image bonded with second DK can be displayed on the first spatial light modulator (SLM) and illuminated with a laser light source. Its Fresnel spectrum at free space propagation distance, z1 , is multiplied with a second DK, which can be displayed on the second SLM. The intensity of the decrypted image can be recorded at a free space propagation distance, z2 , through a charge-coupled device (CCD) camera.

3. Simulation Results

To check the effectiveness of proposed scheme, a numerical simulation study was carried out using MATLAB 7.10. In this study, the free space propagation distances, z1  12 cm and z2  10 cm, respectively. The value for wavelength used was 632 nm. Figure 3(a) shows the gray-scale image of a flower plot to be encrypted of size 256 × 256 pixels. This image is encrypted according to our proposed scheme as

Fig. 4. Decrypted image obtained after using (a) all correct keys. (b) Wrong DKs. (c) Wrong free space propagation distance. (d) Wrong optical wavelength. (e) Keys generated according to phase-truncation approach. (f) Intermediate phases of G-S phase-retrieval algorithm. 422

APPLIED OPTICS / Vol. 53, No. 3 / 20 January 2014

shown in Fig. 3(d). Two DKs are generated during encryption as shown in Figs. 3(b) and 3(c), respectively. Figure 3(e) shows the plot between number of iterations and MSE during first level of encryption. During key generation, the number of iterations is chosen in such a way that the computational cost is optimized. It can be seen from Fig. 3(e) that the best choice may be up to 70 iterations because at this number the input image is randomized. The same choice is opted during the second level of encryption. The decryption is performed using generated keys based on conventional DRPE architecture. The decrypted image obtained after using all correct keys has been shown in Fig. 4(a). The decryption has also been performed to check robustness of the scheme with the wrong keys, as shown in Figs. 4(b)–4(d). Figure 4(b) shows the decrypted image obtained after using the wrong DKs. Figure 4(c) shows the decrypted image obtained after using the wrong free space propagation distance. The free space propagation distances, z1  20 cm and z2  30 cm, were used instead of the correct free space propagation distances. Figure 4(d) shows the decrypted image obtained after using the wrong wavelength. The wrong wavelength, 530 nm, was used instead of the correct wavelength, 632 nm. Figure 4(e) shows the decrypted image obtained after using keys generated according to the phasetruncation approach. Figure 4(f) shows the decrypted image obtained after using intermediate phases of the G-S algorithm. These results show that the

proposed cryptosystem has immunity against blind decryption and also offers multiple levels of security. The special attack results are shown in Fig. 5. Figures 5(a) and 5(b) show the relation between MSE and number of iterations during generation of first and second keys, respectively. Figure 5(c) shows the corresponding retrieved image. The obtained keys are tried to retrieve a different image, which was encrypted using same encryption keys, as shown in Fig. 5(d). With these results, it is inferred that the proposed scheme is free from special attack. The immunity of proposed scheme has also been checked against known-plaintext attack. Figures 6(a) and 6(b) show the plots between MSE and number of iterations when RPM and RAM are generated, respectively. Figure 6(c) shows the retrieved image after using known-plaintext attack. This retrieved image shows that the scheme has immunity against known-plaintext attack. In this case, a different image, as shown in Fig. 5(d), has been used. The relative error (RE) between the original and the decrypted image has been calculated to check the quality of decrypted images. The RE between original and decrypted image is defined as RE 

PN PN

2 y1 fjd
x; yj − jf
x; yjg PN PN : 2 x1 y1 fjf
x; yjg

x1

(16)

Here d
x; y is the decrypted image. The RE for the decrypted image obtained after using all the correct

Fig. 5. Special attack results. (a) Relation between MSE and number of iterations during generation of first key. (b) Relation between MSE and number of iterations during generation of second key. (c) Corresponding decrypted image. (d) A different image of cameraman, which is encrypted using same encryption keys. 20 January 2014 / Vol. 53, No. 3 / APPLIED OPTICS

423

Fig. 6. Known-plaintext attack results. (a) Relation between MSE and number of iterations when RPM is generated. (b) Relation between MSE and number of iterations when RAM is generated. (c) Corresponding decrypted image.

keys [Fig. 4(a)] is 2.43 × 10−7, while the calculated values of RE were 12.42, 9.15, and 11.36 for Figs. 4(b)–4(d), respectively. The calculated values of RE for the decrypted image obtained after using all the correct keys is very small, while the calculated values of RE for the decrypted image obtained after using all correct keys is high. 4. Conclusion

In this paper, a security scheme based on a G-S phase-retrieval algorithm and FrT domain DRPE technique has been proposed. Two asymmetric keys are obtained from intermediate phases, generated through the G-S phase-retrieval algorithm. The encryption process offers multiple levels of security. The decryption is simple and straightforward, which can be performed optically using a conventional DRPE method. It is shown that the proposed scheme has immunity against known-plaintext, chosenplaintext, and special attacks. As a quality measure, we computed relative error between the decrypted and original image. The computer simulation results have been presented in support of the proposed encryption scheme. The authors acknowledge funding from the Council of Scientific and Industrial Research (CSIR), Government of India, under grant no. 03/(1183)/10/ EMR-II. References 1. P. Refregier and B. Javidi, “Optical image encryption based on input plane encoding and Fourier plane random encoding,” Opt. Lett. 20, 767–769 (1995). 424

APPLIED OPTICS / Vol. 53, No. 3 / 20 January 2014

2. O. Matoba and B. Javidi, “Encrypted optical memory system using three-dimensional keys in the Fresnel domain,” Opt. Lett. 24, 762–764 (1999). 3. G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25, 887–889 (2000). 4. B. Hennelly and J. T. Sheridan, “Optical image encryption by random shifting in fractional Fourier domains,” Opt. Lett. 28, 269–271 (2003). 5. N. K. Nishchal and T. J. Naughton, “Flexible optical encryption with multiple users and multiple security levels,” Opt. Commun. 284, 735–739 (2011). 6. G. Situ and J. Zhang, “Double random phase encoding in the Fresnel domain,” Opt. Lett. 29, 1584–1586 (2004). 7. J. A. Rodrigo, T. Alieva, and M. L. Calvo, “Applications of gyrator transform for image processing,” Opt. Commun. 278, 279–284 (2007). 8. A. Carnicer, M. M. Usategui, S. Arcos, and I. Juvells, “Vulnerability to chosen-cyphertext attacks of the optical encryption schemes based on double random phase keys,” Opt. Lett. 30, 1644–1646 (2005). 9. X. Peng, P. Chang, H. Wei, and B. Yu, “Known plaintext attack on optical encryption based on double random phase keys,” Opt. Lett. 31, 1044–1046 (2006). 10. Y. Frauel, A. Castro, T. J. Naughton, and B. Javidi, “Resistance of the double random phase encryption against various attacks,” Opt. Express 15, 10253–10265 (2007). 11. X. Peng, H. Wei, and P. Zhang, “Chosen-plaintext attack on lensless double random phase encoding in Fresnel domain,” Opt. Lett. 31, 3261–3263 (2006). 12. W. Qin and X. Peng, “Vulnerability to known-plaintext attack of optical encryption schemes based on two fractional Fourier transform order keys and double random phase keys,” J. Opt. 11, 075402 (2009). 13. P. Kumar, A. Kumar, J. Joseph, and K. Singh, “Impulse attack free double random-phase encryption scheme with randomized lens-phase function,” Opt. Lett. 34, 331–333 (2009). 14. Y. Zhang and B. Wang, “Optical image encryption based on interference,” Opt. Lett. 33, 2443–2445 (2008).

15. A. Alfalou and C. Brosseau, “Dual encryption scheme of images using polarized light,” Opt. Lett. 35, 2185–2187 (2010). 16. M. Dubreuil, A. Aflalou, and C. Brosseau, “Robustness against attacks of dual polarization encryption using Stokes-Mueller formalism,” J. Opt. 14, 094004 (2012). 17. M. Cho and B. Javidi, “Three-dimensional photon counting double-random-phase encryption,” Opt. Lett. 38, 3198–3201 (2013). 18. Y. Shi, T. Li, Y. Wang, Q. Gao, S. Zhang, and H. Li, “Optical image encryption via ptychography,” Opt. Lett. 38, 1425– 1427 (2013). 19. K. Nakano, M. Takeda, H. Suzuki, and M. Yamaguchi, “Generalized model of double random phase encoding based on linear algebra,” Opt. Commun. 286, 91–94 (2013). 20. W. Qin and X. Peng, “Asymmetric cryptosystem based on phase-truncated Fourier transforms,” Opt. Lett. 35, 118–120 (2010). 21. X. Wang and D. Zhao, “Multiple-image encryption based on nonlinear amplitude-truncation and phase-truncation in Fourier domain,” Opt. Commun. 284, 148–152 (2011). 22. S. K. Rajput and N. K. Nishchal, “Image encryption based on interference that uses fractional Fourier domains asymmetric keys,” Appl. Opt. 51, 1446–1452 (2012). 23. X. Wang and D. Zhao, “A special attack on the asymmetric cryptosystem based on phase-truncated fractional Fourier transforms,” Opt. Commun. 285, 1078–1081 (2012). 24. S. K. Rajput and N. K. Nishchal, “Asymmetric color cryptosystem using polarization selective diffractive optical element and structured phase mask,” Appl. Opt. 51, 5377–5386 (2012). 25. S. K. Rajput and N. K. Nishchal, “Known-plaintext attackbased optical cryptosystem using phase-truncated Fresnel transform,” Appl. Opt. 52, 871–878 (2013).

26. S. K. Rajput and N. K. Nishchal, “Image encryption using polarized light encoding and amplitude- and phase-truncated Fresnel transform,” Appl. Opt. 52, 4343–4352 (2013). 27. I. Mehra, S. K. Rajput, and N. K. Nishchal, “Cryptanalysis of an image encryption scheme based on joint transform correlator with amplitude and phase-truncation approach,” Opt. Lasers Eng. 52, 167–173 (2014). 28. I. Mehra, S. K. Rajput, and N. K. Nishchal, “Collision in Fresnel domain asymmetric cryptosystem using phase truncation and authentication verification,” Opt. Eng. 52, 028202 (2013). 29. S. K. Rajput and N. K. Nishchal, “Known-plaintext attack on encryption domain independent optical asymmetric cryptosystem,” Opt. Commun. 309, 231–235 (2013). 30. W. Liu, Z. Liu, and S. Liu, “Asymmetric cryptosystem using random binary phase modulation based on mixture retrieval type of Yang-Gu algorithm,” Opt. Lett. 38, 1651–1653 (2013). 31. X. Wang and D. Zhao, “Amplitude-phase retrieval attack free cryptosystem based on direct attack to phase-truncated Fourier transform-based encryption using a random amplitude mask,” Opt. Lett. 38, 3684–3686 (2013). 32. Z. Zalevsky, D. Mendlovic, and R. G. Dorsch, “GerchbergSaxton algorithm applied in the fractional Fourier or the Fresnel domain,” Opt. Lett. 21, 842–844 (1996). 33. H.-E. Hwang, H. T. Chang, and W.-N. Lie, “Multiple-image encryption and multiplexing using a modified Gerchberg-Saxton algorithm and phase modulation in Fresnel-transform domain,” Opt. Lett. 34, 3917–3919 (2009). 34. A. Alfalou and A. Mansour, “Double random phase encryption scheme to multiplex and simultaneous encode multiple image,” Appl. Opt. 48, 5933–5947, (2009). 35. A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Opt. Photon. 1, 589–636 (2009).

20 January 2014 / Vol. 53, No. 3 / APPLIED OPTICS

425