Asymmetric multiple-image encryption based on the cascaded fractional Fourier transform

Optics and Lasers in Engineering 72 (2015) 18–25

Contents lists available at ScienceDirect

Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng

Asymmetric multiple-image encryption based on the cascaded fractional Fourier transform Yanbin Li a,b, Feng Zhang a,b,n, Yuanchao Li a,b, Ran Tao a,b a b

Department of Electronic Engineering, Beijing Institute of Technology, Beijing 100081, China Beijing Key Laboratory of Fractional Signals and Systems, China

art ic l e i nf o

a b s t r a c t

Article history: Received 18 December 2014 Received in revised form 26 March 2015 Accepted 31 March 2015 Available online 17 April 2015

A multiple-image cryptosystem is proposed based on the cascaded fractional Fourier transform. During an encryption procedure, each of the original images is directly separated into two phase masks. A portion of the masks is subsequently modulated into an interim mask, which is encrypted into the ciphertext image; the others are used as the encryption keys. Using phase truncation in the fractional Fourier domain, one can use an asymmetric cryptosystem to produce a real-valued noise-like ciphertext, while a legal user can reconstruct all of the original images using a different group of phase masks. The encryption key is an indivisible part of the corresponding original image and is still useful during decryption. The proposed system has high resistance to various potential attacks, including the chosenplaintext attack. Numerical simulations also demonstrate the security and feasibility of the proposed scheme. & 2015 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Keywords: Fractional Fourier transform Asymmetric encryption Chosen-plaintext attack

1. Introduction With the rapid development of information technology, secure transmission systems have become the focus of many studies. During the past two decades, a large number of image encryption systems have been proposed after Refregier and Javide encrypted a primary image into stationary white noise using the double random phase encoding (DRPE) in the Fourier domain [1]. Due to the capability of the DRPE to ensure the security of the data transmission and communication, this algorithm has been developed based on different transforms, such as the general fractional Fourier transform [2–5], the vector power multiple-parameter fractional Fourier transform [6], the Fresnel transform [7], and the Gyrator transform [8–11]. However, most cryptosystems are linear, which makes them vulnerable to potential attacks such as the chosen plaintext attack. Additionally, many studies have only considered the encryption of a single image, which can reduce the efficiency of the cryptosystem due to practical matters. To satisfy today's encryption requirements, double-image and multiple-image encryption techniques have been investigated in depth. Tao et al. [12] encrypted two images into the amplitude and phase of a complex function. Liu and Liu. [13] suggested that two images could be encrypted into a single ciphertext image using the n Corresponding author at: Department of Electronic Engineering, Beijing Institute of Technology, Beijing 100081, China. E-mail address: [email protected] (F. Zhang).

iterative fractional Fourier transform. Sui et al. [14] proposed a double-image encryption technique based on the discrete fractional random transform, where a chaotic process is used to break the correlations between adjacent pixels efficiently. Liu et al. [8] designed a double image encryption system using iterative random binary encoding in the Gyrator domain. Wang and Zhao [15] encrypted two images into one ciphertext image based on phase retrieval and the phase-truncated Fourier transform. For multipleimage encryption, Kong et al. [16] designed a multiple-image encryption scheme based on the cascaded fractional Fourier transform. Sui et al. [17] encrypted multiple images into a single ciphertext using the phase mask multiplexing technique in the fractional Fourier domain, while Wang et al. [18] transformed this algorithm into the Gyrator domain. In Ref. [19], Sui et al. modified the multiple-image encryption scheme using the chaotic technique, in which the security is considerably enhanced. In addition, as a special case of multiple-image encryption, color image encryption has also developed rapidly [20,21]. However, Peng et al. [22,23] claimed that traditional linear cryptosystems could be vulnerable when confronted with potential attacks. To resist a potential attack, some studies have investigated breaking the linearity of the cryptosystem. Qin and Peng [24] introduced the asymmetric cryptosystem based on the phasetruncated Fourier transform, in which the encryption keys are different from those used in the decryption process. Wang and Zhao [25] and Sui et al. [26] transformed this technique for use in double-image encryption.

http://dx.doi.org/10.1016/j.optlaseng.2015.03.027 0143-8166/& 2015 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

The above-mentioned studies have improved image encryption techniques significantly, discovering and solving various types of troubles while improving security and the feasibility of these techniques; every step forward is also based on the predecessors. We also found that the security of the cryptosystems proposed in [17–19] would be more effective, and resources would be utilized more efficiently than those proposed in [24–26]. In this study, an asymmetric multiple-image encryption scheme based on the cascaded fractional Fourier transform is proposed. Before encryption, all of the original images are separated into two phase masks. A portion of them are multiplied into a one phase function, the angle of which is transformed into an interim mask that will be encrypted; the others are used as the encryption keys to encrypt the interim mask into the final noise-like ciphertext image. The decryption keys are generated during encryption using the phase-truncated technique and are not identical to the encryption keys, producing an asymmetric cryptosystem. Unlike other asymmetric cryptosystems, the encryption keys are also required during decryption, which makes the scheme highly robustness to the various types of attacks. Simulation results and a security analysis are used to demonstrate the security and feasibility of the proposed method. The remainder of this paper is organized as follows. In Section 2, the principles are introduced and the processes of encryption and decryption are described in detail. In Section 3, numerical simulations and security analyses are described. Lastly, the conclusions are presented in Section 4.

2. Encryption and decryption process

Before encryption, every original image is separated into two phase masks using the algorithm proposed in [15]. Assuming that the function f ðx; yÞ denotes a normalized image, we generate a phase function expðiθðx; yÞÞ that is used as the first phase mask, where the distribution of θðx; yÞ randomly ranges from 0 to 2π . Because the two phase masks can be viewed mathematically as two unit vectors in a two-dimensional Cartesian coordinate system, the original image can be expressed as: pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi f ðx; yÞ ¼ 2  2 cos ðπ  αðx; yÞÞ ð1Þ where the angle αðx; yÞ denotes the relation between expðiθðx; yÞÞ and the second phase mask expðiφðx; yÞÞ. αðx; yÞ can then be calculated by 2

2  f ðx; yÞ : 2

Consequently, the second phase mask expðiφðx; yÞÞ can be described by expðiφðx; yÞÞ ¼ expðiðθðx; yÞ þ αðx; yÞÞÞ:

ð3Þ

Therefore, the normalized image f ðx; yÞ has been separated into two phase masks and can be expressed as   f ðx; yÞ ¼ expðiφðx; yÞÞ þ expðiðθðx; yÞÞ: ð4Þ 2.2. Fractional Fourier transform The fractional Fourier transform (FrFT) is a generalization of the ordinary Fourier transform, which has been widely used in image and signal processing techniques. The α  th FrFT of the signal f ðx0 Þ can be expressed as Z þ1   f ðx0 ÞK α ðx0 ; xα Þdx0 ð5Þ F α f ðx0 Þ ¼ 1

where 8 2 2 > < Aϕ exp½iπ ðx0 cot ϕ  2x0 xα cscϕ þ xα cot ϕÞ; K α ðx0 ; xα Þ ¼ δðx0  xα Þ; > : δðx þ x Þ; α 0

if if if

α a 2n α a 4n α ¼ 4n 7 2 ð6Þ

where x0 denotes the spatial coordinates, xα denotes the coordinates of the α  th order domain and       1=2 iπ sgn ϕ iϕ απ   þ ; ϕ¼ ð7Þ Aϕ ¼ sin ϕ exp  4 2 2 2.3. Encryption and decryption algorithms

2.1. Image separation

αðx; yÞ ¼ π  arccos

19

ð2Þ

The proposed multiple-image encryption method is based on the cascaded FrFT. The schematic diagram of the encryption process is shown in Fig. 1. Considering that there are m images to be encrypted, and that f k denotes the k  th image, the details of the encryption procedures can be described as follows: (1) Each of the images is sent to the phase mask generation module in succession. The first phase mask expðiθk ðx; yÞÞ of each image is generated randomly, and the second one expðiφk ðx; yÞÞ is produced based on the self-coding of the image using Eqs. (2) and (3). (2) During phase modulation, all of the phase masks expðiφk ðx; yÞÞ are modulated into one single phase functionG

Xm  G ¼ exp i φ ðx; yÞ ð8Þ k¼1 k During this process, some additional keys that are used during the decryption of each phase mask are required. However, in

Fig. 1. Diagram of the encryption process.

20

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

references [17–19], the additional keys are generated by

Xm  expðiϑk ðx; yÞÞ ¼ exp i φ ðx; yÞ d ¼ 1;d a k d

ð9Þ

Then, G is encrypted into the ciphertext image using various schemes. However, we found that the additional keys can be used to obtain the phase mask expðiφk ðx; yÞÞ using an equation set without any other keys 8 P ϑ1 ðx; yÞ ¼ m φ ðx; yÞ > > > Pdm¼ 2 d > > > ϑ ðx; yÞ ¼ 2 > d ¼ 1;d a 2 φd ðx; yÞ < P ϑ3 ðx; yÞ ¼ m d ¼ 1;d a 3 φd ðx; yÞ > > > ⋮ > > > > : ϑm ðx; yÞ ¼ Pm  1 φ ðx; yÞ d¼1

Now, Xm ð10Þ

d

In this equation set, ϑ1 ðx; yÞ; ϑ2 ðx; yÞ; ⋯; ϑm ðx; yÞ are known. There are m equations and m unknown variables (i.e., the variables φ1 ðx; yÞ; φ2 ðx; yÞ; ⋯; φm ðx; yÞ can be directly determined without G); this indicates that the next encryption process designed to protect G is insignificant. We can make improvements to Eq. (10) to help solve this problem: a random term can be added somewhere in the equation set. For instance, we can place a random term into the first equation of the equation set 8 P ϑ1 ðx; yÞ ¼ m φ ðx; yÞ þ randðx; yÞ > > > Pdm¼ 2 d > > > ϑ 2 ðx; yÞ ¼ > d ¼ 1;d a 2 φd ðx; yÞ < P ϑ3 ðx; yÞ ¼ m d ¼ 1;d a 3 φd ðx; yÞ > > > ⋮ > > > > : ϑm ðx; yÞ ¼ Pm  1 φ ðx; yÞ d¼1

ð11Þ

d

Eq. (11) thus has infinite solutions. During the procedure of decryption, there is no need to determine randðx; yÞ. The private key expðiφk ðx; yÞÞ can be obtained using the simultaneous equations, which can be shown as P 8 ϑ1 ðx; yÞ ¼ m φ ðx; yÞ þ randðx; yÞ > > > Pdm¼ 2 d > > ϑ ðx; yÞ ¼ > 2 d ¼ 1;d a 2 φd ðx; yÞ > > > < ϑ ðx; yÞ ¼ Pm 3 d ¼ 1;d a 3 φd ðx; yÞ > ⋮ > > P 1 > > > ϑm ðx; yÞ ¼ m > d ¼ 1 φd ðx; yÞ > P > : G ¼ expði m φ ðx; yÞÞ k¼1

k

 P  (3) Because exp i m φ ðx; yÞ is a periodic function with a Pmk ¼ 1 k period of 2π , k ¼ 1 φk ðx; yÞ can be from  π to π . Now, we introduce a one-way binary phase modulation expðiπγ ðx; yÞÞ Pm to make k ¼ 1 φk ðx; yÞ have a positive amplitude; this allows it to be captured by optical detection. γ ðx; yÞ is generated by ( Pm 1 k ¼ 1 φk ðx; yÞ o 0 Pm γ ðx; yÞ ¼ ð13Þ 0 k ¼ 1 φk ðx; yÞ 4 0

ð12Þ

Pm

k¼1

k¼1

φk ðx; yÞ can be expressed as

φk ðx; yÞ ¼ h0 ðx; yÞexpðiπγ ðx; yÞÞ

ð14Þ

As shown in Fig. 1, the amplitude h0 ðx; yÞ is then used as the input to the cascaded FrFT system. (4) Then, h0 ðx; yÞ is firstly multiplied by the random phase mask expðiθ1 ðx; yÞÞ and transformed to a complex function using the FrFT with a fractional order α1 . The complex function can be written as h1 ðx; yÞexpðiξ1 ðx; yÞÞ ¼ F α1 ðh0 ðx; yÞexpðiθ1 ðx; yÞÞÞ

ð15Þ

α1

where F denotes the α1  order FrFT, h1 ðx; yÞ is used as the input of the next encryption process, and the phase ξ1 ðx; yÞ is used as the decryption key. The amplitude h1 ðx; yÞ and the phase ξ1 ðx; yÞ can be extracted by the operators h1 ðx; yÞexp ðiξ1 ðx; yÞÞj and argfh1 ðx; yÞexpðiξ1 ðx; yÞÞg, respectively. (5) Similarly, the amplitude h1 ðx; yÞ is then multiplied by the random phase mask expðiθ2 ðx; yÞÞ and transformed into a complex function by the FrFT with a fractional order α2 . The result can be written as h2 ðx; yÞexpðiξ2 ðx; yÞÞ ¼ F α2 ðh1 ðx; yÞexpðiθ2 ðx; yÞÞÞ

ð16Þ

Then, the amplitude h2 ðx; yÞ and the phase ξ2 ðx; yÞ can be calculated. (6) After the cascaded process repeats m times, we obtain the final amplitude hm ðx; yÞ and the last decryption key ξm ðx; yÞ. The amplitude hm ðx; yÞ is the final ciphertext image.

The decryption procedure is described in Fig. 2, which is similar to the encryption procedure but in the reverse order. The following shows the primary steps of the decryption process: (1) During decryption, a complex function hm  1 ðx; yÞexpðiθm ðx; yÞÞ can be obtained using the reversed FrFT with a fractional

Fig. 2. Diagram of the decryption process.

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

21

Fig. 3. Three plain images for encryption: (a) “Lena”; (b) “Barb”; and (c) “Baboon.”.

Fig. 4. (a) Ciphertext image; (b) decrypted “Lena;” (c) decrypted “Barb;” and (d) decrypted “Baboon.”.

order  αm and the decryption key ξm ðx; yÞ, which can be expressed as: hm  1 ðx; yÞexpðiθm ðx; yÞÞ ¼ F  α1 ðhm ðx; yÞexpðiξm ðx; yÞÞÞ

shown, this method has no complex iterative process. Therefore, this scheme has a lower complexity and a higher processing speed.

ð17Þ

Then, the amplitude hm  1 ðx; yÞ and the phase expðiθm ðx; yÞÞ can be determined. (2) In the same way, expðiθ1 ðx; yÞÞ; expðiθ2 ðx; yÞÞ; ⋯; exp ðiθm  1 ðx; yÞÞ and h0 ðx; yÞ are easily obtained. (3) Finally, the phase functions expðiφ1 ðx; yÞÞ; expðiφ2 ðx; yÞÞ; ⋯; expðiφm ðx; yÞÞ can be calculated by Eqs. (12) and (14). (4) In the phase mask combination module, each of the original images can be reconstructed using Eq. (4) as   f k ðx; yÞ ¼ expðiφk ðx; yÞÞ þ expðiðθk ðx; yÞÞ: ð18Þ From the above description of the encryption and decryption processes, it is found that the phase functions expðiθk ðx; yÞÞ can be used as the encryption keys to encrypt the interim mask h0 ðx; yÞ into the noise-like ciphertext image, which is different than the process of the inverse cascaded FrFT. Simultaneously, the phase functions ξm ðx; yÞ produced during encryption are only used as the decryption keys. The keys for encryption are different from those used for decryption (i.e., the cryptosystem is asymmetric). In addition, the techniques of self-coding and phase truncation break the linearity of the cryptosystem, which produce a high resistance to various types of potential attacks. Particularly, the trapdoor oneway function is also considered here to test this asymmetric cryptosystem. Unlike the asymmetric algorithm proposed in [24,25], each of the random phase functions expðiθk ðx; yÞÞ is an indivisible part of the corresponding original image. Although expðiθk ðx; yÞÞ is the encryption key, it is still useful after encryption has finished, which significantly improves the utilization of the keys and also enhances the security of the cryptosystem. As

3. Numerical simulation and security analysis Without a loss of generality, the three images shown in Fig. 3 are used in the simulations performed in this study. The fractional orders α1 ; α2 ; and α3 are set to 0.234, 0.345, 0.111, respectively, and the results of the encryption and decryption processes are shown in Fig. 4. Fig. 4(a) shows the ciphertext image, while Fig. 4(b)– (d) show the decrypted images with their keys. Based on the image “Lena,” Fig. 5(a)–(h) show the decrypted images using the incorrect keys; Fig. 5(a)–(c) display the decrypted images using the incorrect fractional orders α1 ¼ 0:239; α2 ¼ 0:35; and α3 ¼ 0:116, respectively; Fig. 5(d)–(g) show the decrypted images using the incorrect phases ξ1 ðx; yÞ,ξ2 ðx; yÞ, ξ3 ðx; yÞ and θ1 ðx; yÞ; and Fig. 5(h) shows the decrypted image using the incorrect γ ðx; yÞ. Similar results can be obtained with the other images. During the numerical simulations, we can encrypt any number of images using the method described above. However, it is known that the DRPE benefits from its optical implementation, producing significant advantages, such as the potential for parallel processing, high precision and spatial resolution. Therefore, the maximum number of images that the optical system can receive should be investigated further, as in [27]. 3.1. Sensitivity analysis To determine the sensitivity of the fractional orders, the decryption procedure is processed by varying one fractional order while the others held constant. The mean square error (MSE) of

22

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

Fig. 5. Decrypted “Lena” using the (a) incorrect α1 ; (b) incorrect α2 ; (c) incorrect α3 ; (d) incorrect ξ1 ; (e) incorrect ξ2 ; (f) incorrect ξ3 ; (g) incorrect θ1 ; and (h) incorrect γ.

Fig. 6. MSE versus the deviation of the fractional orders (a) α1 ; (b) α2 ; and (c) α3 .

multiple images [19] is used to evaluate the quality of the decryption results and can be defined as: MSE ¼

P X

1 MSEk Pk¼1

where MSEk ¼ ð1=M  NÞ

ð19Þ

M P

N   P f ðm; nÞ  f 0 ðm; nÞ2 , in which k k

m¼1n¼1

0

f k ðm; nÞ denotes the k  th original image, and f k ðm; nÞ denotes the corresponding decrypted result. The curves that describe the MSE of multiple images and the deviation of the fractional orders are shown in Fig. 6, in which the deviation ranges from  0.2 to 0.2 with a step size of 0.01. The MSE value becomes nearly zero only when the order is correct; when the order has a slight deviation, the MSE value increases significantly. In practical applications, the decryption results cannot be recognized if the deviation of the orders are larger than 0.005. Fig. 5(a)–(c) show the decrypted image “Lena” when the deviation of the orders is 0.005. Next, the sensitivity of the encryption keys ξ1 ðx; yÞ,ξ2 ðx; yÞ, and ξ3 ðx; yÞ are analyzed. If ξm ðx; yÞ were perturbed within a certain

0

range, the fluctuated key ξm ðx; yÞ could be denoted as

ξ0m ðx; yÞ ¼ ξm ðx; yÞ þ dnΔξðx; yÞ

ð20Þ

where d is a fluctuant coefficient in [1,–1], and Δξðx; yÞ is a random phase function in ½  π ; π . The relationship curves between the MSE of multiple images and the fluctuant coefficient are shown in Fig. 7. When the MSE value is more than 6000, the decrypted images cannot be recognized. From Fig. 7, it is found that if the fluctuant coefficient is equal to or greater than 0.3, the MSE value is always greater than 6000.

3.2. Statistical analysis In this section, a statistical analysis is shown in two aspects: the histograms of different groups of images' ciphertext image are tested; and the correlations of the adjacent pixels of the original images and their corresponding ciphertext image are calculated and compared. Fig. 8 shows another group of images. Fig. 9(a) and (b) show the ciphertext image's histograms of the original images and Fig. 8, respectively, which are nearly uniform. Therefore, the histograms of different ciphertext images have similar distributions.

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

23

Fig. 7. MSE versus the fluctuant phase keys (a) ξ1 ðx; yÞ; (b) ξ2 ðx; yÞ; and (c) ξ3 ðx; yÞ.

Fig. 8. (a) “Peppers;” (b) “Frog;” and (c) “Boat.”.

Fig. 9. (a) Histograms of the original images' ciphertext image; and (b) another group of images' ciphertext image.

To evaluate the self-correlations of adjacent pixels, 4000 pairs of pixels are randomly selected in the vertical, horizontal, and diagonal directions from the original images, the decryption keys, and the ciphertext image. The correlation coefficients of the two adjacent pixels then can be calculated as PN i ¼ 1 ðxi  xÞðyi  yÞ ffi Cor ¼ rffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi

P

N 2 PN 2 ðx  xÞ Þ ðy  yÞ Þ i i i¼1 i¼1

ð21Þ

P PN where x ¼ 1=N N i ¼ 1 xi and y ¼ 1=N i ¼ 1 yi . Table 1 shows the results, which indicate that the correlations of two adjacent pixels in the original images are significant while that of the ciphertext and the decryption keys are quite low. The results suggest that an illegal user cannot obtain any valid information based on the statistical property.

3.3. Noise attack analysis To evaluate the proposed method's robustness against a noise attack, the ciphertext image is added to a Gaussian random noise in the following way: C 0 ¼ Cð1 þ λGÞ

ð22Þ

where C is the ciphertext image, C 0 is the noise-affected ciphertext image, λ denotes a coefficient that represents the noise strength, and G is a standard Gaussian random noise. Fig. 10 a, b, c and d display the decrypted image “Lena” when the coefficient λ is set to 0.4, 0.6, 0.8 and 1.0, respectively. It is shown that the encrypted results can be easily recognized, although the strength of the noise is increasing. Similar results can be obtained using the other images.

24

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

Table 1 Correction coefficients. Correlation coefficient

Original images

Horizontal direction Vertical direction Diagonal direction

Encrypted images

Lena

Barb

Baboon

Ciphertext

ξ1

ξ2

ξ3

0.9745 0.9687 0.9411

0.9075 0.9330 0.8922

0.9559 0.9438 0.9232

 0.0167 0.0115 0.0174

0.0186 0.0012 0.0111

0.0165 0.0035  0.0131

 0.0091  0.0019 0.0021

Fig. 10. Decrypted image “Lena” with the strength coefficients (a) λ ¼ 0:4; (b) λ ¼ 0:6; (c) λ ¼ 0:8; and (d) λ ¼ 1:0.

Fig. 11. Ciphertext image that is half-destroyed from the left side: (a) destroyed left-top corner; (b) the corresponding decrypted result; (c) destroyed left-bottom corner; and (d) the corresponding decrypted result.

Fig. 12. (a) Decrypted “Lena;” (b) “Barb;” (c) and “Baboon.”.

3.4. Occlusion attack analysis The robustness of the proposed method against occlusion is used to evaluate how the method manages a loss of data in the ciphertext image. Fig. 11(a) and (c) show the situation when occlusions occur at the left-top corner and the left-bottom corner of the ciphertext image. The ciphertext image is half-destroyed

from the left side, and the lost data are replaced with zeros in the simulation. The decryption process is performed with all of the correct keys. Fig. 11(b) and (d) show the corresponding decrypted “Lena,” from which the primary information of the original image can be recognized visually. The proposed cryptosystem thus has sufficient robustness against an occlusion attack. Similar results can be obtained using the other recovered images.

Y. Li et al. / Optics and Lasers in Engineering 72 (2015) 18–25

3.5. Potential attack analysis The cipher-only attack, the known-plaintext attack, the chosenplaintext attack, and the chosen-ciphertext attack are four conventional attacks that are commonly used; of these, the chosenplain attack is the most threatening. It is claimed that the cryptosystem can resist the other three types of attacks if it can resist the chosen plain attack [28]. For the proposed multipleimage encryption scheme, it is assumed that an illegal user has obtained the fractional orders α1 ; α2 ; and α3 , can encrypt a group of fake images and has obtained their decryption keys ξ1 ðx; yÞ,ξ2 ðx; yÞ, ξ3 ðx; yÞ and γ 1 ðx; yÞ. The illegal user then utilizes the obtained keys to decrypt the original images. Fig. 8(a)– (c) show the fake images. The decryption keys ξ1 ðx; yÞ,ξ2 ðx; yÞ, ξ3 ðx; yÞ and γ 1 ðx; yÞ are obtained after the encryption procedure has finished. Fig. 12(a)–(c) display the decrypted results, from which any information about the original images “Lena”, “Barb”, and “Baboon” cannot be obtained. The results demonstrate that the proposed encryption scheme is sufficiently robust to resist all forms of potential attacks. 4. Conclusions In this study, an asymmetric multiple-image cryptosystem based on the cascaded FrFT is proposed. In this system, each original image is firstly separated into two phase masks: a random phase, and the other is produced by the self-coding of the original image. A selection of random phases is used as the encryption keys, while the other phases are combined into a complex matrix. Then, the complex matrix is transformed into a real-valued ciphertext image using the cascaded FrFT. Because the cryptosystem is asymmetric, the decryption keys that are generated in the encryption process are not identical to the encryption keys. Unlike other asymmetric cryptosystems, the encryption key is an indivisible part of the corresponding original image, and these keys are also useful during decryption; the original images cannot be recovered unless all encryption and decryption keys are known. Numerical simulations have verified the feasibility and security of the proposed cryptosystem. Acknowledgments This work was supported in part by the National Natural Science Foundation of China under Grant nos.61201354, 61331021 and 61421001; by the Beijing Higher Education Young Elite Teacher Project under Grant YETP1221; and by the Excellent Young Scholars Research Fund of the Beijing Institute of Technology. References [1] Refregier P, Javidi B. Optical-image encryption based on input plane and Fourier plane random encoding. Opt Lett 1995;20:767–9.

25

[2] Unnikrishnan G, Joseph J, Singh K. Optical encryption by double-random phase encoding in the fractional Fourier domain. Opt Lett 2000;25:887–9. [3] Liu Z, Ahmad MA, Liu S. Image encryption scheme based on the commutation and anti-commutation rules. Opt Commun 2007;279:285–90. [4] Li X, Lee I. Modified computational integral imaging-based double image encryption using fractional Fourier transform. Opt Lasers Eng 2015;66:112–21. [5] Mehra I, Nishchal N. Optical asymmetric watermarking using modified wavelet fusion and diffractive imaging. Opt Lasers Eng 2014;68:74–82. [6] Ran Q, Zhao T, Yuan L, Wang J, Xu L. Vector power multiple-parameter fractional Fourier transform of image encryption algorithm. Opt Lasers Eng 2014;62:80–6. [7] Sheng Y, Xin Y, Liu M, Yao S, Sun X. An improved method to enhance the security of double random-phase encoding in the Fresnel domain. Opt Laser Technol 2012;44:51–6. [8] Liu Z, Guo Q, Xu L, Ahmad MA, Liu S. Double image encryption by using iterative random binary encoding in gyrator domains. Opt Express 2010;18:12033–43. [9] Liu Z, Xu L, Lin C, Dai J, Liu S. Image encryption scheme by using iterative random phase encoding in gyrator transform domains. Opt Lasers Eng 2011;49:542–6. [10] Chen J, Zhu Z, Liu Z, Fu C, Zhang L, Yu H. A novel double-image encryption scheme based on cross-image pixel scrambling in gyrator domains. Opt Express 2014;22:7349–61. [11] Chen J, Zhu Z, Fu C, Zhang L, Yu H. Analysis and improvement of a doubleimage encryption scheme using pixel scrambling technique in gyrator domains. Opt Lasers Eng 2015;66:1–9. [12] Tao R, Xin Y, Wang Y. Double image encryption based on random phase encoding in the fractional Fourier domain. Opt Express 2007;15:16067–79. [13] Liu Z, Liu S. Double image encryption based on iterative fractional Fourier transform. Opt Commun 2007;275:324–9. [14] Sui L, Lu H, Wang Z, Sun Q. Double-image encryption using discrete fractional random transform and logistic maps. Opt Lasers Eng 2014;56:1–12. [15] Wang X, Zhao D. Double-image self-encoding and hiding based on phasetruncated Fourier transforms and phase retrieval. Opt Commun 2011;284:4441–5. [16] Kong D, Shen X, Xu Q, Xin W, Guo H. Multiple-image encryption scheme based on cascaded fractional Fourier transform. Appl Opt 2013;52:2619–25. [17] Sui L, Xin M, Tian A. Multiple-image encryption based on phase mask multiplexing in fractional Fourier transform domain. Opt Lett 2013;38:1996–8. [18] Wang Q, Guo Q, Lei L. Multiple-image encryption system using cascaded phase mask encoding and a modified Gerchberg–Saxton algorithm in gyrator domain. Opt Commun 2014;320:12–21. [19] Sui L, Duan K, Liang J, Zhang Z, Meng H. Asymmetric multiple-image encryption based on coupled logistic maps in fractional Fourier transform domain. Opt Lasers Eng 2014;62:139–52. [20] Liu Z, Guo C, Tan J, Liu W, Wu J, Wu Q, Pan L, Liu S. Securing color image by using phase-only encoding in Fresnel domains. Opt Lasers Eng 2015;68:87–92. [21] Chen H, Du X, Liu Z, Yang C. Optical color image hiding scheme by using Gerchberg–Saxton algorithm in fractional Fourier domain. Opt Lasers Eng 2015;66:144–51. [22] Peng X, Wei H, Zhang P. Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain. Opt Lett 2006;31:3261–3. [23] Peng X, Zhang P, Wei H, Yu B. Known-plaintext attack on optical encryption based on double random phase keys. Opt Lett 2006;31:1044–6. [24] Qin W, Peng X. Asymmetric cryptosystem based on phase-truncated Fourier transforms. Opt Lett 2010;35:118–20. [25] Wang X, Zhao D. Double images encryption method with resistance against the specific attack based on an asymmetric algorithm. Opt Express 2012;20:11994–2003. [26] Sui L, Duan K, Liang J, Hei X. Asymmetric double-image encryption based on cascaded discrete fractional random transform and logistic maps. Opt Express 2014;22:10605–21. [27] Liu Z, Tan J, Liu W, Wu J, Wu Q, Liu S. A diffraction model of direction multiplexing for hiding multiple images. J Mod Opt 2014;61:1127–32. [28] Zhang Y, Xiao D. Double optical image encryption using discrete Chirikov standard map and chaos-based fractional random transform. Opt Lasers Eng 2013;51:472–80.