Simplified optical image encryption approach using single diffraction pattern in diffractive-imaging-based scheme Yi Qin,* Qiong Gong, and Zhipeng Wang College of Physics and Electronic Engineering, Nanyang Normal University, Nanyang 473061, China *[email protected]
In previous diffractive-imaging-based optical encryption schemes, it is impossible to totally retrieve the plaintext from a single diffraction pattern. In this paper, we proposed a new method to achieve this goal. The encryption procedure can be completed by proceeding only one exposure, and the single diffraction pattern is recorded as ciphertext. For recovering the plaintext, a novel median-filtering-based phase retrieval algorithm, including two iterative cycles, has been developed. This proposal not only extremely simplifies the encryption and decryption processes, but also facilitates the storage and transmission of the ciphertext, and its effectiveness and feasibility have been demonstrated by numerical simulations. ©2014 Optical Society of America OCIS codes: (060.4785) Optical security and encryption; (070.0070) Fourier optics and signal processing.
References and links 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17.
B. Javidi, “Securing information with optical technologies,” Phys. Today 50(3), 27–32 (1997). W. Chen, B. Javidi, and X. Chen, “Advances in optical security systems,” Adv. Opt. Photon. 6(2), 120–155 (2014). A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photon. 1(3), 589–636 (2009). E. Pérez-Cabré, M. Cho, and B. Javidi, “Information authentication using photon-counting double-random-phase encrypted images,” Opt. Lett. 36(1), 22–24 (2011). W. Liu, Z. Liu, and S. Liu, “Asymmetric cryptosystem using random binary phase modulation based on mixture retrieval type of Yang-Gu algorithm,” Opt. Lett. 38(10), 1651–1653 (2013). Z. Liu, Q. Guo, L. Xu, M. A. Ahmad, and S. Liu, “Double image encryption by using iterative random binary encoding in gyrator domains,” Opt. Express 18(11), 12033–12043 (2010). S. Liu, C. Guo, and J. T. Sheridan, “A review of optical image encryption techniques,” Opt. Laser Technol. 57, 327–342 (2014). N. K. Nishchal, J. Joseph, and K. Singh, “Fully phase encryption using fractional Fourier transform,” Opt. Eng. 42(6), 1583–1588 (2003). A. Alfalou and C. Brosseau, “Dual encryption scheme of images using polarized light,” Opt. Lett. 35(13), 2185–2187 (2010). J. F. Barrera, A. Mira, and R. Torroba, “Optical encryption and QR codes: Secure and noise-free information retrieval,” Opt. Express 21(5), 5373–5378 (2013). N. Zhou, T. Dong, and J. Wu, “Novel image encryption algorithm based on multiple-parameter discrete fractional random transform,” Opt. Commun. 283(15), 3037–3042 (2010). N. Zhou, Y. Wang, and L. Gong, “Novel optical image encryption scheme based on fractional Mellin transform,” Opt. Commun. 284(13), 3234–3242 (2011). P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20(7), 767–769 (1995). G. Situ and J. Zhang, “Double random-phase encoding in the Fresnel domain,” Opt. Lett. 29(14), 1584–1586 (2004). G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25(12), 887–889 (2000). A. Carnicer, M. Montes-Usategui, S. Arcos, and I. Juvells, “Vulnerability to chosen-cyphertext attacks of optical encryption schemes based on double random phase keys,” Opt. Lett. 30(13), 1644–1646 (2005). X. Peng, P. Zhang, H. Wei, and B. Yu, “Known-plaintext attack on optical encryption based on double random phase keys,” Opt. Lett. 31(8), 1044–1046 (2006).
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21790
18. X. Peng, H. Wei, and P. Zhang, “Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain,” Opt. Lett. 31(22), 3261–3263 (2006). 19. U. Gopinathan, D. S. Monaghan, T. J. Naughton, and J. T. Sheridan, “A known-plaintext heuristic attack on the Fourier plane encryption algorithm,” Opt. Express 14(8), 3181–3186 (2006). 20. S. K. Rajput and N. K. Nishchal, “Fresnel domain nonlinear image encryption scheme based on Gerchberg-Saxton phase retrieval algorithm,” Appl. Opt. 53(3), 418–425 (2014). 21. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical image encryption based on diffractive imaging,” Opt. Lett. 35(22), 3817–3819 (2010). 22. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical double-image cryptography based on diffractive imaging with a laterally-translated phase grating,” Appl. Opt. 50(29), 5750–5757 (2011). 23. W. Chen, X. Chen, A. Anand, and B. Javidi, “Optical encryption using multiple intensity samplings in the axial domain,” J. Opt. Soc. Am. A 30(5), 806–812 (2013). 24. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical image encryption based on coherent diffractive imaging using multiple wavelengths,” Opt. Commun. 285(3), 225–228 (2012). 25. Y. Shi, T. Li, Y. Wang, Q. Gao, S. Zhang, and H. Li, “Optical image encryption via ptychography,” Opt. Lett. 38(9), 1425–1427 (2013). 26. Y. Qin, Z. Wang, and Q. Gong, “Diffractive-imaging-based optical image encryption with simplified decryption from single diffraction pattern,” Appl. Opt. 53(19), 4094–4099 (2014).
1. Introduction Over the past few decades, securing information using optical methods has been an attractive research area [1–12], since optical processing approaches possess some distinct advantages, such as parallel processing and multiple parameter characteristic. In 1995, Refregier and Javidi invented the double random phase encoding (DRPE) approach, involving two random phase masks in the input and Fourier domains of a 4f optical correlator [13]. It is proved that the encoded image will be stationary white noise if the two phase masks are statistically independent. Due to its remarked merits, such as huge key space and robustness against blind decryption, the DRPE method was later put forward to the Fresnel domain [14] and fractional Fourier domain [15]. However, there are two obvious defects that hinder its further applications. The first one is its vulnerability to various attacks [16–19], which originates from the linearity of the DRPE scheme. Consequently, more and more people focus on developing nonlinear optical encryption systems. For instance, Rajput and Nishchal presented a nonlinear image-encryption scheme based on a Gerchberg–Saxton phase retrieval algorithm in the Fresnel transform domain [20]. Another shortcoming persecutes the DPRE method is that it produces a complex value ciphertext that should always be recorded with holographic schemes, as a result of which high stability of the encryption architecture is required. There is no satisfactory approach for simultaneously overcoming both the two defects until the diffractive-imaging is introduced for encryption. The first optical cryptosystem based on diffractive imaging is proposed by Chen et al. [21], and thereafter some derivatives of it are also developed [22–24]. Moreover, Shi et al. proposed to apply ptychography in optically encrypting the complex-amplitude image [25]. The main advantage of these methods lies in that the plaintext can be retrieved from several diffraction intensity patterns. Therefore, the interferometric optical path is avoided and the stability of the encryption environment has been exceedingly relaxed. On the other hand, the linearity of the encryption schemes is broken since only the intensity of the encrypted complex field is preserved, as a result of which the system security will be enhanced. In this sense, diffractive-imaging-based optical encryption methods may open up a new research perspective for optical image encryption. However, the encryption procedures in these methods are relatively complicate, because at least three different diffraction patterns should be recorded to completely retrieval the primary image and hence the illuminations manner or positions of optical elements should be altered during encryption. If two or less diffraction patterns are employed for decryption, the current phase retrieval algorithms will encounter the stagnation problems and therefore fail to exactly reconstruct the primary image. Most recently, we describe an approach capable of recovering the original image form one diffraction pattern [26]. Nevertheless, it requires digitally appending redundant data to the
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21791
primary image before a standard optical encrypting procedure. Consequently, the encryption will be no longer a pure optical procedure. What’s more, the redundant data will enlarge the sizes of the ciphertext as well as the phase masks, which will lead to inconvenience for transmitting these images. In this paper, we propose, for the first time to our knowledge, a novel method that enables one to reconstruct the plaintext from a single diffraction in the diffractive-imaging-based encryption system. Compared with some previous works, our approach not only simplifies the encryption process but also facilitates the storage and transmission of the ciphertext, since the record of the diffraction pattern involves no changes in the optical architecture, and management of one image is much more convenient. Numerical results are presented to demonstrate feasibility and effectiveness of the proposed method. 2. Theoretical analysis 2.1 Encryption scheme and previous decryption method
Fig. 1. A schematic setup for the proposed optical image encryption based on coherent diffractive imaging.
In order to illustrate the proposed method, a typical diffractive-imaging-based schematic of optical image encryption [23], which is shown in Fig. 1, is employed, and a more general form of it could be found in [24]. U stands for the primary image to be encoded, and M1, M2 and M3 represent three phase only masks, which are randomly distributed in [0,2π] and are statistically independent. The whole system is illuminated by a collimated monochromatic plane wave with a wavelength of λ. Under the Fresnel approximation, the complex-valued wavefront just before phase only mask M2 is given by [14]
U (η , ξ ) =
exp ( j 2π d1 λ ) 2 2 U ( x, y ) M 1 ( x, y ) exp jπ ( x-η ) + ( y -ξ ) λ d1 dxdy (1) jλ d1
Where U ( x, y ) is the amplitude of the plaintext, j = −1 , k = 2π λ . For convenience, symbols
( x, y ) , (η , ξ ) , ( p, q )
and
( μ ,ν )
are used to denote coordinates of the input
image, M2, M3, and the CCD plane, respectively. For the sake of simplicity, Eq. (1) is rewritten as [26] U (η , ξ ) =FrTλ U ( x, y ) M 1 ( x, y ) ; λ ; d1
(2)
Under this premise, the diffraction intensity distribution recorded by the CCD camera can be expressed as [26]
{
}
2
I ( μ ,ν ) = FrTλ FrTλ FrTλ U ( x, y ) M 1 ( x, y ) ; d1 M 2 (η , ξ ) ; d 2 M 3 ( p, q ) ; d 3 (3)
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21792
Where
denotes a modulus operation. In this article, I ( μ ,ν ) is saved as the ciphertext and
we will completely retrieve the plaintext from it with a new developed phase retrieval algorithm. Before the description of the new method, some previous encryption schemes based on diffractive imaging should be reviewed [21–24]. In these works, multiple diffraction patterns are recorded by changing the status of one of the optical elements. Each of them contains the information of the plaintext as well as the particular status of the optical architecture. If a phase-retrieval algorithm is applied between real and reciprocal spaces during image decryption, the primary image will be exactly extracted by using these diffraction patterns. However, if only one diffraction pattern is utilized for plaintext reconstruction, the iterative phase retrieval algorithm will stagnate, and the plaintext will hence be retrieved with severe noise. In order to illustrate this phenomenon, the phase retrieval approach described in [23] is tested. Meanwhile, the criterion for evaluating the similarity between the plaintext and the decrypted image is the correlation coefficient, which is defined as CC=
{
}
E U o − E (U o ) U r − E (U r )
{
}{
E U o − E (U o ) E U r − E (U r ) 2
2
}
(4)
where U o ( x, y ) and U r ( x, y ) denote respectively the primary image and the decrypted image, and E denotes the expectation value. The coordinates are omitted here for brevity. Figure 2(a) shows the image to be encoded (256 × 256pixels), and Fig. 2(b) shows the diffraction pattern. Figure 2(c) shows the relationship between CC values and the iteration number. It is evident that CC value increases rapidly during the first thirty iterations but then reaches a plateau at a level of about 0.78, and a typical decrypted image corresponding to this value is shown in Fig. 2(d). It is demonstrated that the iterative phase retrieval algorithm proposed by Chen et al. cannot converge to a satisfactory point when adopting a single diffraction map, which does not contain sufficiently useful information for plaintext retrieval.
Fig. 2. (a)The original image; (b) the ciphertext(diffraction pattern); (c) the relationship between CC values and iterative number by use of Chen’s method; (d) the corresponding decrypted plaintext after 1000 times.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21793
2.2 The proposed method In the approach discussed above, the current estimation will always get new information about the plaintext from the ciphertext in each iterative recycle before CC reaching the plateau, and therefore CC increases. However, the estimation can no longer get new information from the ciphertext after that, so the stagnation problem emerges. If more information about the plaintext can be obtained from the estimation itself and further applied in the subsequent iteration, the stagnation problem may be resolved. Is it possible for us to achieve this goal? The answer is yes. It is noted that, although contaminated severely by random noise, most information of the primary image are revealed during the iteration procedure, and the decrypted image can be considered as the primary image polluted by random noise. It is well known that there are various methods that can be utilized to deal with the noise and make the estimation more correlated with the primary one. Therefore, we propose to take advantage of the filtering operation to suppress the random noise and then a prostprocessed decrypted image containing more information of the primary image can be acquired and further employed in the iteration procedure. Keeping this in mind, a new method for retrieving the primary image that includes two iterative cycles can be specified as follows. Cycle A:
First of all, we assign a constant or random Tn ( x, y ) , n = 1 as the initial estimation of the plaintext, and propagate it forward to the CCD plane:
{
}
U n ( μ ,ν ) =FrTλ FrTλ FrTλ Tn ( x, y ) M 1 ( x, y ) ; d1 M 2 (η , ξ ) ; d 2 M 3 ( p, q ) ; d 3 . (5)
Thereafter, the square root of the intensity map I ( μ ,ν ) is used as the support constraint of real part of U n ( μ ,ν ) and we have U n ( μ ,ν ) = I ( μ ,ν ) U n ( μ ,ν ) U n ( μ ,ν ) . 12
(6)
Afterwards, this new complex amplitude is propagated back to the input plane and the intensity of the input plane can be expressed as
{
}
2
Tn′ ( x, y )= FrTλ FrTλ FrTλ U n ( μ ,ν ); −d 3 M 3∗ ( p, q ) ; −d 2 M 2∗ (η , ξ ) ; −d1 , (7)
where the superscript * stands for the complex conjugate. Then a low-pass filtering operation is imposed on Tn ( x, y ) and a new estimated plaintext is constructed as Tn ( x, y )=LPFilter Tn′ ( x, y ) ,
(8)
where LPFilter[ ] indicates the low-pass filtering function. Then Tn ( x, y ) is employed as a new estimate to substitute Tn ( x, y ) in Eq. (5). This procedure will always proceed until the iterative error between Tn −1 ( x, y ) and Tn ( x, y ) , which can be expressed by [23] Error1 = Tn ( x, y ) − Tn −1 ( x, y ) , 2
(9)
becomes smaller than a preset threshold (δ1). The flow chart for illustrating cycle A is shown in Fig. 3.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21794
Fig. 3. Flow chart for illustrating cycle A.
Cycle B:
Once this condition (i. e. Error1 ≤ δ1 ) is fulfilled, the filtering operation described by Eq. (8) is removed from cycle A and a new iterative procedure begins. Assuming there are k times before cycle A terminated, Tn ( x, y ) , n = k is employed as the initial estimation of the plaintext in the new iterative procedure (i. e. cycle B). Similar to Eq. (5), we propagate it to the CCD plane and have
{
}
U n ( μ ,ν ) =FrTλ FrTλ FrTλ Tn ( x, y ) M 1 ( x, y ) ; d1 M 2 (η , ξ ) ; d 2 M 3 ( p, q ) ; d 3 , (10)
and then I ( μ ,ν ) is used as the support constraint of real part of U n ( μ ,ν ) : U n ( μ ,ν ) = I ( μ ,ν ) U n ( μ ,ν ) U n ( μ ,ν ) . 12
(11)
Afterwards, we propagate U n ( μ ,ν ) back to the plaintext plane and the intensity of the input plane can be calculated as
{
}
2
Tn′ ( x, y )= FrTλ FrTλ FrTλ U n ( μ ,ν ); −d 3 M 3∗ ( p, q ) ; − d 2 M 2∗ (η , ξ ) ; − d1 . (12)
Then, Tn ( x, y ) will be replaced by Tn′ ( x, y ) in each iteration of this new iterative cycle. Then we judge whether cycle B should be stopped by calculating the error between Tn′ ( x, y ) and Tn′-1 ( x, y ) Error2 = Tn′ ( x, y ) − Tn′-1 ( x, y )
2
(13)
If the iterative error is not larger than a threshold (δ2), iteration operation is terminated and Tn′ ( x, y ) is considered as a decrypted image. Otherwise, the iterative process goes on. The implementation of cycle B can be illustrated in the flow chart as shown in Fig. 4.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21795
Fig. 4. Flow chart for illustrating cycle B.
3. Numerical results and discussion
To check the effectiveness of proposed scheme, a numerical simulation study was performed using MATLAB 7.10. Experiment results cannot be provided due to the lack of experimental conditions of our laboratory. The grayscale image comprising 256 × 256pixels, as shown in Figs. 2(a), is chosen as the original image to be encrypted. All of the axial distances d1, d2, and d3 equal 100mm. The thresholds δ1 and δ2 in the iterative retrieval algorithm are set as 0.0001 and 0.000001, respectively. The filtering is performed with a 3 × 3 neighborhood median filter. Phase-only masks M1−M3 are randomly distributed in a range of [0; 2π] and are shown in Figs. 5(a)–5(c). The diffraction intensity pattern ((i.e., ciphertext) is shown in Fig. 2(b). It can be seen in Fig. 2(b) that the plaintext has been fully hidden into the ciphertext.
Fig. 5. (a) The phase-only masks (a) M1, (b) M2 and (c) M3.
The decrypted image is shown in Fig. 6(a), for which the CC value is 0.9994. It can therefore be claimed that the primary image has been exactly retrieved. There are total 750 iterations before the decryption completed, with 27 iterations corresponding to cycle A and 723 iterations corresponding to cycle B. The dependence of CC value on the iteration number is depicted in Fig. 6(b). In order to illustrate the roles of the two iterative procedures, the behaviors of CC associated with them are separately displayed in Fig. 6(c) and Fig. 6(d). It can be seen in Fig. 6(c) that CC value increases rapidly during the first several iterations and thereafter reaches a plateau at a level of about 0.9902. By comparing Fig. 6(c) with Fig. 2(c), it can be concluded that, by aid of the filter operation, the CC value reaches a significantly higher level with a faster convergence rate. Figure 6(d) indicates that the CC value can be further improved when the filter operation is removed from the iterative cycle A. The roles of the two iterative procedures are clear: although the filter operation in the first procedure can ensure a relative high CC value as well as a fast convergence rate, it prevents the CC value from reaching a more satisfactory point, since the filter operation retains only the high frequency information of the primary image; the second procedure is implemented to further improve it by eliminating the negative impact of the filter operation.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21796
Fig. 6. The decrypted image (a) with our proposal and the corresponding dependence of CC on iteration number (b); the dependence of CC on iteration number corresponding to the first iterative procedure (c) and the second iterative procedure (d).
During decryption, the phase only masks, the axial distances, and the wavelength can act as principle security keys. Figure 7(a) shows the decrypted image after 1000 iterations when an incorrect M1 is adopted, and the corresponding relationship between CC values and the iteration number is shown in Fig. 7(b). The CC value for Fig. 7(a) is 0.0028. Simulation results for incorrect M2 and M3 are similar with that for incorrect M1, and they are not presented here for brevity. It can be concluded from Figs. 7(a) and 7(b) that the primary image cannot be obtained when any one of the three masks is wrong. The decrypted image after 1000 iterations is depicted in Fig. 7(c), when the axial distance employed has a deviation of 1mm from the original one during decryption. The CC value for Fig. 7(c) is −0.0171, which means the decrypted image is completely irrelevant to the primary one. In this case, the relationship between CC values and the iteration number is shown Fig. 7(d). Similarly, when a wavelength error of 10 um exists during decryption, the retrieved image after 1000 iterations is shown in Fig. 7(e), for which the CC value is −0.0171. The corresponding dependence of CC values on the iteration number is presented in Fig. 7(f). It can be concluded from Figs. 7(a)-7(f) that the decrypted results are rather sensitive to the security keys, as a result of which a large key space can be guaranteed.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21797
Fig. 7. The decrypted image (a) after 1000 iterations with incorrect M1 and the corresponding dependence of CC on iteration number (b); the decrypted image (c) after 1000 iterations with incorrect d1 and the corresponding dependence of CC on iteration number (d); the decrypted image (e) after 1000 iterations with incorrect wavelength and the corresponding dependence of CC on iteration number (f).
In practical applications, the ciphertext may suffer from contaminations, so robustness of the proposal against the contaminations is also tested. Figure 8(a) shows ciphertext polluted by additive white noise, which is randomly distributed in [0, 0.1]. The decrypted image, associated with a CC value of 0.8732, is shown Fig. 8(b), and the relationship between CC values and iteration number in this case is shown in Fig. 8(c). It can be learned from Fig. 8(b) that, the decrypted image reveals most information of the primary image. In this regard, it can be claimed that the proposal shows high robustness against noise attack. We also test the behavior of the proposed method when occlusion contamination occurred. Figure 8(d) illustrates one typical ciphertext contaminated by the occlusion, with 10% parts ciphertext occluded. The decrypted image after 1000 iterations is shown in Fig. 8(e), for which the CC value is 0.3724. The relationship between CC values and the iteration number corresponding to this case is given in Fig. 8(f). It can be seen from Figs. 8(d)-8(f) that this proposal is not so robust against occlusions attack, so possible occlusions must be avoided during data storage or transmission.
Fig. 8. The contaminated ciphertext (a), the decryption results (b), and the corresponding dependence of CC value on the iteration number; (d) 10% occluded ciphertext; (e) the decrypted
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21798
image obtained after 1000 iterations and (f) the dependence of CC on iteration number corresponding to (d).
The immunity of proposed scheme against attacks has also been analyzed. In the proposed encryption system, not only the ciphertext and random phase masks, but also the wavelength and three axial distances are essential for the decryption. The original image is unable to be recovered when any one of the encryption keys is wrong. As a result, the key space of the proposal is very large, and thus the proposed method is invulnerable to brute force attack. Because of its linear characteristic, the double random phase encoding encryption system has been shown to be vulnerable to several forms of attack [16–19], such as chosen-ciphertext attack, known-plaintext attack, chosen-plaintext attack and ciphertext-only attack. As for our method, only the intensity distribution in the output plane is recorded as ciphertext by a CCD camera, and the phase information is not recorded. Therefore, the relationship between the output and the input is nonlinear in the proposed method. As a result, the proposal can well resist chosen-ciphertext attack, known-plaintext attack, chosen-plaintext attack and ciphertext-only attack. Additionally, we would like to compare the proposal with some related works. In several previous methods [21–24], movements of optical elements or alterations of illuminations must be done to register several intensity maps, which will lead to complicated encryption and decryption procedures. Therefore, efficiency becomes a major obstacle to promoting these methods. Compared with the above mentioned methods, our proposal has extremely simplified the encryption and decryption processes, as only a single intensity map is required for retrieving the primary image. What is more, the storage of the ciphertext (i.e. intensity map) need a smaller memory space and transmission of it become more convenient. It is also significant to compare this proposal with a recent publication written by us [26]. Although the approach described in [26] also enables one to retrieve the original image from a single diffraction pattern [26], it requires digitally appending redundant data to the primary image before a standard optical encrypting procedure, thus the encryption efficiency would also be reduced to some extent. In particular, the sizes of the phase only masks as well as the ciphertext, will be enlarged due to the redundant data, which will make a lot of inconvenience for storing, transmitting, and processing these data. By contrast, this proposal is not perplexed by these problems and can be claimed to be a distinct improvement from our previous approach. Nevertheless, the drawback of the proposal is evident. First, the algorithm convergence cannot be highly ensured under ciphertext contaminations, therefore multiple recordings can be preferred when high-level contaminations are probable to happen [2]. Second, in the multiple-exposure approaches, the changes of the optical architecture will generate more additional secret keys and hence create a gigantic key space. In this regard, our method cannot be claimed to be with higher security due to its relatively small key space. 4. Conclusions
To summarize, we present a simplified optical image encryption approach in the diffractive-image-based scheme. By aid of a novel phase retrieval algorithm, one can completely reconstruct the primary image with a single diffraction pattern. Consequently, the encryption and decryption procedures are both extremely simplified. Furthermore, the storage and transmission of the ciphertext become more convenient in comparison with previous methods. The feasibility and effectiveness of the proposal have been demonstrated by numerical experiments. Acknowledgments
This study was supported by the Excellent Young Teacher Fund of Nanyang Normal University (QN2014016, QN2014017) and the Fundamental and Cutting-edge Technology Research Program of Henan Province (142300410184).
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21799
In previous diffractive-imaging-based optical encryption schemes, it is impossible to totally retrieve the plaintext from a single diffraction pattern. In this paper, we proposed a new method to achieve this goal. The encryption procedure can be completed by proceeding only one exposure, and the single diffraction pattern is recorded as ciphertext. For recovering the plaintext, a novel median-filtering-based phase retrieval algorithm, including two iterative cycles, has been developed. This proposal not only extremely simplifies the encryption and decryption processes, but also facilitates the storage and transmission of the ciphertext, and its effectiveness and feasibility have been demonstrated by numerical simulations. ©2014 Optical Society of America OCIS codes: (060.4785) Optical security and encryption; (070.0070) Fourier optics and signal processing.
References and links 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17.
B. Javidi, “Securing information with optical technologies,” Phys. Today 50(3), 27–32 (1997). W. Chen, B. Javidi, and X. Chen, “Advances in optical security systems,” Adv. Opt. Photon. 6(2), 120–155 (2014). A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photon. 1(3), 589–636 (2009). E. Pérez-Cabré, M. Cho, and B. Javidi, “Information authentication using photon-counting double-random-phase encrypted images,” Opt. Lett. 36(1), 22–24 (2011). W. Liu, Z. Liu, and S. Liu, “Asymmetric cryptosystem using random binary phase modulation based on mixture retrieval type of Yang-Gu algorithm,” Opt. Lett. 38(10), 1651–1653 (2013). Z. Liu, Q. Guo, L. Xu, M. A. Ahmad, and S. Liu, “Double image encryption by using iterative random binary encoding in gyrator domains,” Opt. Express 18(11), 12033–12043 (2010). S. Liu, C. Guo, and J. T. Sheridan, “A review of optical image encryption techniques,” Opt. Laser Technol. 57, 327–342 (2014). N. K. Nishchal, J. Joseph, and K. Singh, “Fully phase encryption using fractional Fourier transform,” Opt. Eng. 42(6), 1583–1588 (2003). A. Alfalou and C. Brosseau, “Dual encryption scheme of images using polarized light,” Opt. Lett. 35(13), 2185–2187 (2010). J. F. Barrera, A. Mira, and R. Torroba, “Optical encryption and QR codes: Secure and noise-free information retrieval,” Opt. Express 21(5), 5373–5378 (2013). N. Zhou, T. Dong, and J. Wu, “Novel image encryption algorithm based on multiple-parameter discrete fractional random transform,” Opt. Commun. 283(15), 3037–3042 (2010). N. Zhou, Y. Wang, and L. Gong, “Novel optical image encryption scheme based on fractional Mellin transform,” Opt. Commun. 284(13), 3234–3242 (2011). P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20(7), 767–769 (1995). G. Situ and J. Zhang, “Double random-phase encoding in the Fresnel domain,” Opt. Lett. 29(14), 1584–1586 (2004). G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25(12), 887–889 (2000). A. Carnicer, M. Montes-Usategui, S. Arcos, and I. Juvells, “Vulnerability to chosen-cyphertext attacks of optical encryption schemes based on double random phase keys,” Opt. Lett. 30(13), 1644–1646 (2005). X. Peng, P. Zhang, H. Wei, and B. Yu, “Known-plaintext attack on optical encryption based on double random phase keys,” Opt. Lett. 31(8), 1044–1046 (2006).
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21790
18. X. Peng, H. Wei, and P. Zhang, “Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain,” Opt. Lett. 31(22), 3261–3263 (2006). 19. U. Gopinathan, D. S. Monaghan, T. J. Naughton, and J. T. Sheridan, “A known-plaintext heuristic attack on the Fourier plane encryption algorithm,” Opt. Express 14(8), 3181–3186 (2006). 20. S. K. Rajput and N. K. Nishchal, “Fresnel domain nonlinear image encryption scheme based on Gerchberg-Saxton phase retrieval algorithm,” Appl. Opt. 53(3), 418–425 (2014). 21. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical image encryption based on diffractive imaging,” Opt. Lett. 35(22), 3817–3819 (2010). 22. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical double-image cryptography based on diffractive imaging with a laterally-translated phase grating,” Appl. Opt. 50(29), 5750–5757 (2011). 23. W. Chen, X. Chen, A. Anand, and B. Javidi, “Optical encryption using multiple intensity samplings in the axial domain,” J. Opt. Soc. Am. A 30(5), 806–812 (2013). 24. W. Chen, X. Chen, and C. J. R. Sheppard, “Optical image encryption based on coherent diffractive imaging using multiple wavelengths,” Opt. Commun. 285(3), 225–228 (2012). 25. Y. Shi, T. Li, Y. Wang, Q. Gao, S. Zhang, and H. Li, “Optical image encryption via ptychography,” Opt. Lett. 38(9), 1425–1427 (2013). 26. Y. Qin, Z. Wang, and Q. Gong, “Diffractive-imaging-based optical image encryption with simplified decryption from single diffraction pattern,” Appl. Opt. 53(19), 4094–4099 (2014).
1. Introduction Over the past few decades, securing information using optical methods has been an attractive research area [1–12], since optical processing approaches possess some distinct advantages, such as parallel processing and multiple parameter characteristic. In 1995, Refregier and Javidi invented the double random phase encoding (DRPE) approach, involving two random phase masks in the input and Fourier domains of a 4f optical correlator [13]. It is proved that the encoded image will be stationary white noise if the two phase masks are statistically independent. Due to its remarked merits, such as huge key space and robustness against blind decryption, the DRPE method was later put forward to the Fresnel domain [14] and fractional Fourier domain [15]. However, there are two obvious defects that hinder its further applications. The first one is its vulnerability to various attacks [16–19], which originates from the linearity of the DRPE scheme. Consequently, more and more people focus on developing nonlinear optical encryption systems. For instance, Rajput and Nishchal presented a nonlinear image-encryption scheme based on a Gerchberg–Saxton phase retrieval algorithm in the Fresnel transform domain [20]. Another shortcoming persecutes the DPRE method is that it produces a complex value ciphertext that should always be recorded with holographic schemes, as a result of which high stability of the encryption architecture is required. There is no satisfactory approach for simultaneously overcoming both the two defects until the diffractive-imaging is introduced for encryption. The first optical cryptosystem based on diffractive imaging is proposed by Chen et al. [21], and thereafter some derivatives of it are also developed [22–24]. Moreover, Shi et al. proposed to apply ptychography in optically encrypting the complex-amplitude image [25]. The main advantage of these methods lies in that the plaintext can be retrieved from several diffraction intensity patterns. Therefore, the interferometric optical path is avoided and the stability of the encryption environment has been exceedingly relaxed. On the other hand, the linearity of the encryption schemes is broken since only the intensity of the encrypted complex field is preserved, as a result of which the system security will be enhanced. In this sense, diffractive-imaging-based optical encryption methods may open up a new research perspective for optical image encryption. However, the encryption procedures in these methods are relatively complicate, because at least three different diffraction patterns should be recorded to completely retrieval the primary image and hence the illuminations manner or positions of optical elements should be altered during encryption. If two or less diffraction patterns are employed for decryption, the current phase retrieval algorithms will encounter the stagnation problems and therefore fail to exactly reconstruct the primary image. Most recently, we describe an approach capable of recovering the original image form one diffraction pattern [26]. Nevertheless, it requires digitally appending redundant data to the
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21791
primary image before a standard optical encrypting procedure. Consequently, the encryption will be no longer a pure optical procedure. What’s more, the redundant data will enlarge the sizes of the ciphertext as well as the phase masks, which will lead to inconvenience for transmitting these images. In this paper, we propose, for the first time to our knowledge, a novel method that enables one to reconstruct the plaintext from a single diffraction in the diffractive-imaging-based encryption system. Compared with some previous works, our approach not only simplifies the encryption process but also facilitates the storage and transmission of the ciphertext, since the record of the diffraction pattern involves no changes in the optical architecture, and management of one image is much more convenient. Numerical results are presented to demonstrate feasibility and effectiveness of the proposed method. 2. Theoretical analysis 2.1 Encryption scheme and previous decryption method
Fig. 1. A schematic setup for the proposed optical image encryption based on coherent diffractive imaging.
In order to illustrate the proposed method, a typical diffractive-imaging-based schematic of optical image encryption [23], which is shown in Fig. 1, is employed, and a more general form of it could be found in [24]. U stands for the primary image to be encoded, and M1, M2 and M3 represent three phase only masks, which are randomly distributed in [0,2π] and are statistically independent. The whole system is illuminated by a collimated monochromatic plane wave with a wavelength of λ. Under the Fresnel approximation, the complex-valued wavefront just before phase only mask M2 is given by [14]
U (η , ξ ) =
exp ( j 2π d1 λ ) 2 2 U ( x, y ) M 1 ( x, y ) exp jπ ( x-η ) + ( y -ξ ) λ d1 dxdy (1) jλ d1
Where U ( x, y ) is the amplitude of the plaintext, j = −1 , k = 2π λ . For convenience, symbols
( x, y ) , (η , ξ ) , ( p, q )
and
( μ ,ν )
are used to denote coordinates of the input
image, M2, M3, and the CCD plane, respectively. For the sake of simplicity, Eq. (1) is rewritten as [26] U (η , ξ ) =FrTλ U ( x, y ) M 1 ( x, y ) ; λ ; d1
(2)
Under this premise, the diffraction intensity distribution recorded by the CCD camera can be expressed as [26]
{
}
2
I ( μ ,ν ) = FrTλ FrTλ FrTλ U ( x, y ) M 1 ( x, y ) ; d1 M 2 (η , ξ ) ; d 2 M 3 ( p, q ) ; d 3 (3)
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21792
Where
denotes a modulus operation. In this article, I ( μ ,ν ) is saved as the ciphertext and
we will completely retrieve the plaintext from it with a new developed phase retrieval algorithm. Before the description of the new method, some previous encryption schemes based on diffractive imaging should be reviewed [21–24]. In these works, multiple diffraction patterns are recorded by changing the status of one of the optical elements. Each of them contains the information of the plaintext as well as the particular status of the optical architecture. If a phase-retrieval algorithm is applied between real and reciprocal spaces during image decryption, the primary image will be exactly extracted by using these diffraction patterns. However, if only one diffraction pattern is utilized for plaintext reconstruction, the iterative phase retrieval algorithm will stagnate, and the plaintext will hence be retrieved with severe noise. In order to illustrate this phenomenon, the phase retrieval approach described in [23] is tested. Meanwhile, the criterion for evaluating the similarity between the plaintext and the decrypted image is the correlation coefficient, which is defined as CC=
{
}
E U o − E (U o ) U r − E (U r )
{
}{
E U o − E (U o ) E U r − E (U r ) 2
2
}
(4)
where U o ( x, y ) and U r ( x, y ) denote respectively the primary image and the decrypted image, and E denotes the expectation value. The coordinates are omitted here for brevity. Figure 2(a) shows the image to be encoded (256 × 256pixels), and Fig. 2(b) shows the diffraction pattern. Figure 2(c) shows the relationship between CC values and the iteration number. It is evident that CC value increases rapidly during the first thirty iterations but then reaches a plateau at a level of about 0.78, and a typical decrypted image corresponding to this value is shown in Fig. 2(d). It is demonstrated that the iterative phase retrieval algorithm proposed by Chen et al. cannot converge to a satisfactory point when adopting a single diffraction map, which does not contain sufficiently useful information for plaintext retrieval.
Fig. 2. (a)The original image; (b) the ciphertext(diffraction pattern); (c) the relationship between CC values and iterative number by use of Chen’s method; (d) the corresponding decrypted plaintext after 1000 times.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21793
2.2 The proposed method In the approach discussed above, the current estimation will always get new information about the plaintext from the ciphertext in each iterative recycle before CC reaching the plateau, and therefore CC increases. However, the estimation can no longer get new information from the ciphertext after that, so the stagnation problem emerges. If more information about the plaintext can be obtained from the estimation itself and further applied in the subsequent iteration, the stagnation problem may be resolved. Is it possible for us to achieve this goal? The answer is yes. It is noted that, although contaminated severely by random noise, most information of the primary image are revealed during the iteration procedure, and the decrypted image can be considered as the primary image polluted by random noise. It is well known that there are various methods that can be utilized to deal with the noise and make the estimation more correlated with the primary one. Therefore, we propose to take advantage of the filtering operation to suppress the random noise and then a prostprocessed decrypted image containing more information of the primary image can be acquired and further employed in the iteration procedure. Keeping this in mind, a new method for retrieving the primary image that includes two iterative cycles can be specified as follows. Cycle A:
First of all, we assign a constant or random Tn ( x, y ) , n = 1 as the initial estimation of the plaintext, and propagate it forward to the CCD plane:
{
}
U n ( μ ,ν ) =FrTλ FrTλ FrTλ Tn ( x, y ) M 1 ( x, y ) ; d1 M 2 (η , ξ ) ; d 2 M 3 ( p, q ) ; d 3 . (5)
Thereafter, the square root of the intensity map I ( μ ,ν ) is used as the support constraint of real part of U n ( μ ,ν ) and we have U n ( μ ,ν ) = I ( μ ,ν ) U n ( μ ,ν ) U n ( μ ,ν ) . 12
(6)
Afterwards, this new complex amplitude is propagated back to the input plane and the intensity of the input plane can be expressed as
{
}
2
Tn′ ( x, y )= FrTλ FrTλ FrTλ U n ( μ ,ν ); −d 3 M 3∗ ( p, q ) ; −d 2 M 2∗ (η , ξ ) ; −d1 , (7)
where the superscript * stands for the complex conjugate. Then a low-pass filtering operation is imposed on Tn ( x, y ) and a new estimated plaintext is constructed as Tn ( x, y )=LPFilter Tn′ ( x, y ) ,
(8)
where LPFilter[ ] indicates the low-pass filtering function. Then Tn ( x, y ) is employed as a new estimate to substitute Tn ( x, y ) in Eq. (5). This procedure will always proceed until the iterative error between Tn −1 ( x, y ) and Tn ( x, y ) , which can be expressed by [23] Error1 = Tn ( x, y ) − Tn −1 ( x, y ) , 2
(9)
becomes smaller than a preset threshold (δ1). The flow chart for illustrating cycle A is shown in Fig. 3.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21794
Fig. 3. Flow chart for illustrating cycle A.
Cycle B:
Once this condition (i. e. Error1 ≤ δ1 ) is fulfilled, the filtering operation described by Eq. (8) is removed from cycle A and a new iterative procedure begins. Assuming there are k times before cycle A terminated, Tn ( x, y ) , n = k is employed as the initial estimation of the plaintext in the new iterative procedure (i. e. cycle B). Similar to Eq. (5), we propagate it to the CCD plane and have
{
}
U n ( μ ,ν ) =FrTλ FrTλ FrTλ Tn ( x, y ) M 1 ( x, y ) ; d1 M 2 (η , ξ ) ; d 2 M 3 ( p, q ) ; d 3 , (10)
and then I ( μ ,ν ) is used as the support constraint of real part of U n ( μ ,ν ) : U n ( μ ,ν ) = I ( μ ,ν ) U n ( μ ,ν ) U n ( μ ,ν ) . 12
(11)
Afterwards, we propagate U n ( μ ,ν ) back to the plaintext plane and the intensity of the input plane can be calculated as
{
}
2
Tn′ ( x, y )= FrTλ FrTλ FrTλ U n ( μ ,ν ); −d 3 M 3∗ ( p, q ) ; − d 2 M 2∗ (η , ξ ) ; − d1 . (12)
Then, Tn ( x, y ) will be replaced by Tn′ ( x, y ) in each iteration of this new iterative cycle. Then we judge whether cycle B should be stopped by calculating the error between Tn′ ( x, y ) and Tn′-1 ( x, y ) Error2 = Tn′ ( x, y ) − Tn′-1 ( x, y )
2
(13)
If the iterative error is not larger than a threshold (δ2), iteration operation is terminated and Tn′ ( x, y ) is considered as a decrypted image. Otherwise, the iterative process goes on. The implementation of cycle B can be illustrated in the flow chart as shown in Fig. 4.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21795
Fig. 4. Flow chart for illustrating cycle B.
3. Numerical results and discussion
To check the effectiveness of proposed scheme, a numerical simulation study was performed using MATLAB 7.10. Experiment results cannot be provided due to the lack of experimental conditions of our laboratory. The grayscale image comprising 256 × 256pixels, as shown in Figs. 2(a), is chosen as the original image to be encrypted. All of the axial distances d1, d2, and d3 equal 100mm. The thresholds δ1 and δ2 in the iterative retrieval algorithm are set as 0.0001 and 0.000001, respectively. The filtering is performed with a 3 × 3 neighborhood median filter. Phase-only masks M1−M3 are randomly distributed in a range of [0; 2π] and are shown in Figs. 5(a)–5(c). The diffraction intensity pattern ((i.e., ciphertext) is shown in Fig. 2(b). It can be seen in Fig. 2(b) that the plaintext has been fully hidden into the ciphertext.
Fig. 5. (a) The phase-only masks (a) M1, (b) M2 and (c) M3.
The decrypted image is shown in Fig. 6(a), for which the CC value is 0.9994. It can therefore be claimed that the primary image has been exactly retrieved. There are total 750 iterations before the decryption completed, with 27 iterations corresponding to cycle A and 723 iterations corresponding to cycle B. The dependence of CC value on the iteration number is depicted in Fig. 6(b). In order to illustrate the roles of the two iterative procedures, the behaviors of CC associated with them are separately displayed in Fig. 6(c) and Fig. 6(d). It can be seen in Fig. 6(c) that CC value increases rapidly during the first several iterations and thereafter reaches a plateau at a level of about 0.9902. By comparing Fig. 6(c) with Fig. 2(c), it can be concluded that, by aid of the filter operation, the CC value reaches a significantly higher level with a faster convergence rate. Figure 6(d) indicates that the CC value can be further improved when the filter operation is removed from the iterative cycle A. The roles of the two iterative procedures are clear: although the filter operation in the first procedure can ensure a relative high CC value as well as a fast convergence rate, it prevents the CC value from reaching a more satisfactory point, since the filter operation retains only the high frequency information of the primary image; the second procedure is implemented to further improve it by eliminating the negative impact of the filter operation.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21796
Fig. 6. The decrypted image (a) with our proposal and the corresponding dependence of CC on iteration number (b); the dependence of CC on iteration number corresponding to the first iterative procedure (c) and the second iterative procedure (d).
During decryption, the phase only masks, the axial distances, and the wavelength can act as principle security keys. Figure 7(a) shows the decrypted image after 1000 iterations when an incorrect M1 is adopted, and the corresponding relationship between CC values and the iteration number is shown in Fig. 7(b). The CC value for Fig. 7(a) is 0.0028. Simulation results for incorrect M2 and M3 are similar with that for incorrect M1, and they are not presented here for brevity. It can be concluded from Figs. 7(a) and 7(b) that the primary image cannot be obtained when any one of the three masks is wrong. The decrypted image after 1000 iterations is depicted in Fig. 7(c), when the axial distance employed has a deviation of 1mm from the original one during decryption. The CC value for Fig. 7(c) is −0.0171, which means the decrypted image is completely irrelevant to the primary one. In this case, the relationship between CC values and the iteration number is shown Fig. 7(d). Similarly, when a wavelength error of 10 um exists during decryption, the retrieved image after 1000 iterations is shown in Fig. 7(e), for which the CC value is −0.0171. The corresponding dependence of CC values on the iteration number is presented in Fig. 7(f). It can be concluded from Figs. 7(a)-7(f) that the decrypted results are rather sensitive to the security keys, as a result of which a large key space can be guaranteed.
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21797
Fig. 7. The decrypted image (a) after 1000 iterations with incorrect M1 and the corresponding dependence of CC on iteration number (b); the decrypted image (c) after 1000 iterations with incorrect d1 and the corresponding dependence of CC on iteration number (d); the decrypted image (e) after 1000 iterations with incorrect wavelength and the corresponding dependence of CC on iteration number (f).
In practical applications, the ciphertext may suffer from contaminations, so robustness of the proposal against the contaminations is also tested. Figure 8(a) shows ciphertext polluted by additive white noise, which is randomly distributed in [0, 0.1]. The decrypted image, associated with a CC value of 0.8732, is shown Fig. 8(b), and the relationship between CC values and iteration number in this case is shown in Fig. 8(c). It can be learned from Fig. 8(b) that, the decrypted image reveals most information of the primary image. In this regard, it can be claimed that the proposal shows high robustness against noise attack. We also test the behavior of the proposed method when occlusion contamination occurred. Figure 8(d) illustrates one typical ciphertext contaminated by the occlusion, with 10% parts ciphertext occluded. The decrypted image after 1000 iterations is shown in Fig. 8(e), for which the CC value is 0.3724. The relationship between CC values and the iteration number corresponding to this case is given in Fig. 8(f). It can be seen from Figs. 8(d)-8(f) that this proposal is not so robust against occlusions attack, so possible occlusions must be avoided during data storage or transmission.
Fig. 8. The contaminated ciphertext (a), the decryption results (b), and the corresponding dependence of CC value on the iteration number; (d) 10% occluded ciphertext; (e) the decrypted
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21798
image obtained after 1000 iterations and (f) the dependence of CC on iteration number corresponding to (d).
The immunity of proposed scheme against attacks has also been analyzed. In the proposed encryption system, not only the ciphertext and random phase masks, but also the wavelength and three axial distances are essential for the decryption. The original image is unable to be recovered when any one of the encryption keys is wrong. As a result, the key space of the proposal is very large, and thus the proposed method is invulnerable to brute force attack. Because of its linear characteristic, the double random phase encoding encryption system has been shown to be vulnerable to several forms of attack [16–19], such as chosen-ciphertext attack, known-plaintext attack, chosen-plaintext attack and ciphertext-only attack. As for our method, only the intensity distribution in the output plane is recorded as ciphertext by a CCD camera, and the phase information is not recorded. Therefore, the relationship between the output and the input is nonlinear in the proposed method. As a result, the proposal can well resist chosen-ciphertext attack, known-plaintext attack, chosen-plaintext attack and ciphertext-only attack. Additionally, we would like to compare the proposal with some related works. In several previous methods [21–24], movements of optical elements or alterations of illuminations must be done to register several intensity maps, which will lead to complicated encryption and decryption procedures. Therefore, efficiency becomes a major obstacle to promoting these methods. Compared with the above mentioned methods, our proposal has extremely simplified the encryption and decryption processes, as only a single intensity map is required for retrieving the primary image. What is more, the storage of the ciphertext (i.e. intensity map) need a smaller memory space and transmission of it become more convenient. It is also significant to compare this proposal with a recent publication written by us [26]. Although the approach described in [26] also enables one to retrieve the original image from a single diffraction pattern [26], it requires digitally appending redundant data to the primary image before a standard optical encrypting procedure, thus the encryption efficiency would also be reduced to some extent. In particular, the sizes of the phase only masks as well as the ciphertext, will be enlarged due to the redundant data, which will make a lot of inconvenience for storing, transmitting, and processing these data. By contrast, this proposal is not perplexed by these problems and can be claimed to be a distinct improvement from our previous approach. Nevertheless, the drawback of the proposal is evident. First, the algorithm convergence cannot be highly ensured under ciphertext contaminations, therefore multiple recordings can be preferred when high-level contaminations are probable to happen [2]. Second, in the multiple-exposure approaches, the changes of the optical architecture will generate more additional secret keys and hence create a gigantic key space. In this regard, our method cannot be claimed to be with higher security due to its relatively small key space. 4. Conclusions
To summarize, we present a simplified optical image encryption approach in the diffractive-image-based scheme. By aid of a novel phase retrieval algorithm, one can completely reconstruct the primary image with a single diffraction pattern. Consequently, the encryption and decryption procedures are both extremely simplified. Furthermore, the storage and transmission of the ciphertext become more convenient in comparison with previous methods. The feasibility and effectiveness of the proposal have been demonstrated by numerical experiments. Acknowledgments
This study was supported by the Excellent Young Teacher Fund of Nanyang Normal University (QN2014016, QN2014017) and the Fundamental and Cutting-edge Technology Research Program of Henan Province (142300410184).
#214802 - $15.00 USD Received 25 Jun 2014; revised 12 Aug 2014; accepted 23 Aug 2014; published 2 Sep 2014 (C) 2014 OSA 8 September 2014 | Vol. 22, No. 18 | DOI:10.1364/OE.22.021790 | OPTICS EXPRESS 21799
