- Email: [email protected]
Multilevel image authentication using row scanning compressive ghost imaging and hyperplane secret sharing algorithm
Optics and Lasers in Engineering 108 (2018) 28–35
Contents lists available at ScienceDirect
Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng
Multilevel image authentication using row scanning compressive ghost imaging and hyperplane secret sharing algorithm Xianye Li a, Xiangfeng Meng a,∗, Yongkai Yin a, Yurong Wang a, Xiulun Yang a, Xiang Peng b, Wenqi He b, Guoyan Dong c, Hongyi Chen d a
Department of Optics, School of Information Science and Engineering, and Shandong Provincial Key Laboratory of Laser Technology and Application, Shandong University, Jinan 250100, China b College of Optoelectronics Engineering, Shenzhen University, Shenzhen 518060, China c College of Materials Science and Opto-Electronic Technology, University of Chinese Academy of Sciences, Beijing 100049, China d College of Electronic Science and Technology, Shenzhen University, Shenzhen 518060, China
a r t i c l e
i n f o
Keywords: Compressive ghost imaging Optical authentication Hyperplane secret sharing Digital holography
a b s t r a c t A multilevel image authentication method is proposed which is based on row scanning compressive ghost imaging and a hyperplane secret sharing algorithm. In the image encoding process, after the wavelet transform and Arnold transform for the certification image, through row scanning compressive ghost imaging, the ciphertext matrix can be first detected by a bucket detector (BD). Based on a hyperplane secret sharing algorithm, the measurement key using in the row scanning compressive ghost imaging, can be decomposed and shared into n subkeys, which are then distributed to n different participants. In the high-level authentication process, based on a hyperplane secret sharing algorithm and a compressive reconstruction algorithm, any t or more participants with the corresponding correct subkeys can be gathered to reconstruct the original meaningful certification image with high correlation coefficient (CC); While in the case of low-level authentication process, only one authenticator who possesses a correct subkey will gain no significant information of certification image, however, it can result in a remarkable peak output in the nonlinear correlation coefficient distribution. Theoretical analysis and numerical simulations both verify the feasibility of the proposed method.
1. Introduction Recently, information security has received increasing attention with the acceleration of informatization. Optical information security, a branch of information security including encryption, authentication, information hiding, and so on, has become more challenging and attracted more and more researchers because of its advantages, such as high degrees of freedom, high speed, parallel computing, etc. Réfrégier and Javidi first realized optical encryption in the Fourier domain with a double random phase encoding (DRPE) scheme in 1995 [1]. The optical encryption scheme was further extended in the Fresnel transform [2,3], fractional Fourier transform [4–6], joint transform correlator (JTC) [7], phase-shifting interferometry [8], phase retrieval [9,10], gyrator transform [11], fractional Mellin transform [12], two beam interference [13], diffractive imaging [14], polarization encoding [15], etc. In addition, many researchers proposed different attack schemes and discussions for DRPE in different transform domains [16,17]. Recently, ghost imaging applied in optical image encryption has attracted increasing attention. In this case the wave scattered at the object
∗
Corresponding author. E-mail address: [email protected] (X. Meng).
beam arm is collected by a bucket or pinhole detector, and after scanning the detector at the reference beam arm in which the object is not located, the object can be reconstructed by intensity correlation computation [18,19]. In 2010, Clemente et al. proposed an optical encryption scheme using computational ghost imaging [20], in which the image decoding process is digitally realized through a correlation algorithm between two intensity data from a single pixel detector and a computational optical filed distribution [21]. To reduce the measurement times, the compressive ghost imaging was recently applied in optical encryption, which realized the computational ghost imaging based on a compressive sensing algorithm instead of the intensity correlation operation [22–24]. Besides image encryption, image authentication and digital signature based on optical transforms have been reported. In 2004, Kishk and Javidi first proposed the optical authentication method based on DRPE and phase-shift digital holography [25], in which the recovered hidden image is authenticated using nonlinear correlation. Situ and Zhang proposed an optical watermarking authentication scheme based on a fragile image hiding scheme in 2005 [26]. In 2012, He et al. proposed an optical hierarchical authentication based on interference, a modified phase retrieval algorithm, and a hash function, which not only checks the legality of the users but also verifies their identity levels [27]. To eliminate the collision risk, we proposed an optical identity authentica-
https://doi.org/10.1016/j.optlaseng.2018.04.014 Received 29 November 2017; Received in revised form 19 April 2018; Accepted 20 April 2018 0143-8166/© 2018 Elsevier Ltd. All rights reserved.
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 1. The hyperplane concept in a 3-dimensional space.
tion scheme based on an elliptic curve digital signature algorithm and a phase retrieval algorithm in 2013 [28]; Subsequently, a multiple-image authentication method with a cascaded multilevel architecture was reported, which is implemented by amplitude field random sampling and phase information multiplexing [29]. To overcome the weakness of the traditional system based on a oneto-one principle, threshold secret sharing using a Lagrange interpolating polynomial [30] can be applied in optical information security, by which the secret data are encoded into n shares and then distributed to n participants, where any t (t ≤ n) or more of the shares can be collected to recover the secret, but any t − 1 or fewer of them cannot. In 2014, we proposed a multilevel image authentication method using threshold secret sharing and a phase retrieval algorithm [31]. Subsequently, Deng et al. reported a (2, n) threshold secret sharing scheme based on vector operation and coherence superposition for binary images [32]. However, the existing secret sharing methods based on the Lagrange interpolating polynomial mentioned in [30,31] need at least two shadow images for a shareholder to decode the secret information, which increases key space redundancy and is hard to be implemented. Accordingly, the vector decomposition scheme has certain threshold number restrictions—only 2 threshold keys can be employed as in [32]—which is inflexible for multi-participant management. To decrease the key data and build a flexible multilevel authentication system, we present here a multilevel image authentication scheme based on row scanning compressive ghost imaging and a hyperplane secret sharing algorithm, in which any subkey is seen as a hyperplane in a t-dimension space and the secret is the unique point of intersection of the n (t < n) hyperplanes; any t or more hyperplanes can uniquely intersect in this point, and then pass the high-level authentication with high correlation coefficient (CC), but fewer than t hyperplanes cannot. Any participant who has only one subkey can attempt to pass the lowlevel authentication with a peak in the nonlinear correlation coefficient (NCC) distribution. Obviously, the proposed scheme makes up for the disadvantages of existing schemes efficiently, since only one shadow is demanded for a participant and the threshold values can be selected as required. The details are described in the following sections and a set of simulations are made to verify the feasibility of the scheme.
Fig. 2. The 5 × 5 example matrix for (a) initial key and (b) initial subkey.
planes given by the following Cartesian equations: ⎧𝐴 𝑥 + 𝐵 𝑦 + 𝐶 𝑧 = 𝐷 1 1 1 ⎪ 1 ⎨𝐴 2 𝑥 + 𝐵 2 𝑦 + 𝐶 2 𝑧 = 𝐷 2 , ⎪𝐴 3 𝑥 + 𝐵 3 𝑦 + 𝐶 3 𝑧 = 𝐷 3 ⎩
(1)
the condition for the three planes with only a point intersection is that both the rank of its coefficient matrix r and the rank of the augmented matrix r′ are 3. The description in the matrix form can be written as |𝐴 | 1 | |𝐴 2 | |𝐴 3 |
𝐵1 𝐵2 𝐵3
|A 𝐶1 || | 1 | | 𝐶2 | ≠ 0 && |A2 | | | |A3 𝐶3 | |
B1 B2 B3
𝐶1 𝐶2 𝐶3
𝐷1 || | 𝐷2 | ≠ 0, | 𝐷3 ||
(2)
and, therefore, three equations of planes can calculate the position, but two or less cannot. Regarding the pixel values as the coordinates of the point of intersection, here we propose a (t, n) threshold multilevel image authentication scheme in a t-dimensional space. Only t or more hyperplanes can determine a point, but fewer than t will get a low-dimensional space. Here, a (4, n) threshold scheme is taken as an example. In a 4dimensional space, any hyperplane can be expressed in Cartesian equations as 𝐴𝑥 + 𝐵𝑦 + 𝐶𝑧 + 𝐷𝑤 = 𝐸,
2. Theoretical analysis and scheme description
(3)
so any point can be described as 2.1. Hyperplane secret sharing algorithm
⎧ ⎪𝐴 1 𝑥 + 𝐵 1 𝑦 + 𝐶 1 𝑧 + 𝐷 1 𝑤 = 𝐸 1 ⎪𝐴 2 𝑥 + 𝐵 2 𝑦 + 𝐶 2 𝑧 + 𝐷 2 𝑤 = 𝐸 2 ⎨𝐴 𝑥 + 𝐵 𝑦 + 𝐶 𝑧 + 𝐷 𝑤 = 𝐸 , 3 3 3 3 ⎪ 3 ⎪𝐴 4 𝑥 + 𝐵 4 𝑦 + 𝐶 4 𝑧 + 𝐷 4 𝑤 = 𝐸 4 ⎩
The concept of hyperplane secret sharing was first proposed by Blakley [33]. Here, we implement its mathematical implementation for row scanning compressive ghost imaging in the multilevel authentication system. As shown in Fig. 1(a), in a 3-dimensional space, any two unparallel planes (planes 𝛼 and 𝛽) have a line intersection. Furthermore, any three planes (planes 𝛼, 𝛽 and 𝛾) in 3-dimensional space have several possible intersections, but if the normal vectors 𝑛⃗𝛼 , 𝑛⃗𝛽 , 𝑛⃗𝛼 of three planes are not coplanar as 𝑛⃗𝛼 ⋅ |⃗ 𝑛𝛽 × 𝑛⃗𝛾 | ≠ 0, three planes will have a unique intersection into a point as given in Fig. 1(b). That is, considering three
(4)
where both the ranks of the equations’ coefficient matrix r and the augmented matrix r′ are 4. So, the pixel values of the initial measurement key are regarded as the unknowns in the hyperplane expressions. The coefficients of the equations (Fig. 2(a)) are selected randomly and then form the subkeys’ pixels (Fig. 2(b)); here, the 5 × 5 matrices are taken 29
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 3. The schematic diagram of random sampling and filling for the initial subkey.
as an example in the diagram of Fig. 2. To realize the low-level authentication, the initial subkey is generated through a random sampling and filling algorithm as shown in Fig. 3, in which the sampled subkey matrix is acquired from the initial key by a binary sampling matrix and the blank pixels are randomly filled with random numbers in the range of 0–1. Then, each four pixels in initial key, regarded as the unknown numbers xk , yk , zk, and wk , work in a group, and each four elements in the initial subkey are the coefficients Ai , Bi , Ci, and Di , respectively. Therefore, the constant Ek can be easily calculated by Eq. (4), and Ak +1 in the next group is replaced by Ek /4. Repeat the calculation process above until the remaining pixels in the initial key i are less than 5. Finally, the subkey is generated, and it is easy to acquire other sub-keys by repeating all the above steps. In initial key reconstruction, each of the four sub-keys can easily consist of a set of equations with the groups of pixel values depicted as ⎧ ⎪ 𝐴1,𝑘 𝑥 + 𝐵1,𝑘 𝑦 + 𝐶1,𝑘 𝑧 + 𝐷1,𝑘 𝑤 = 4 ⋅ 𝐴1,𝑘+1 ⎪𝐴2,𝑘 𝑥 + 𝐵2,𝑘 𝑦 + 𝐶2,𝑘 𝑧 + 𝐷2,𝑘 𝑤 = 4 ⋅ 𝐴2,𝑘,+1 , ⎨𝐴 𝑥 + 𝐵 𝑦 + 𝐶 𝑧 + 𝐷 𝑤 = 4 ⋅ 𝐴 3,𝑘 3,𝑘 3,𝑘 3,𝑘+1 ⎪ 3,𝑘 ⎪ 𝐴4,𝑘 𝑥 + 𝐵4,𝑘 𝑦 + 𝐶4,𝑘 𝑧 + 𝐷4,𝑘 𝑤 = 4 ⋅ 𝐴4,𝑘+1 ⎩
transform (DWT). An Arnold transform is also used in sparse images to get a more uniform pixel distribution as shown in Fig. 4(a). Then a measurement key, whose size is M × N, is randomly selected with the range from 0 to 1, where M is related to the maximum row sparsity K of the scrambled certification image and can be expressed as [ ] 𝑀 ≥ 𝑂 𝐾 log(𝑁∕𝐾 ) , (6) Where each of the M row’s data in measurement keys will be copied to N rows to form a new measurement matrix, which is uploaded to a SLM device (SLM1 ) in turn. Then, the intensity modulation occurs to the plane wave by the SLM device. A convex lens L is placed in the middle position between the SLM1 and SLM2 in the object plane, and the distance between the lens L and two SLMs are both two focal lengths 2f, so the optical intensity distributions in the object plane are the reverse of the measurement matrixes. Then the scrambled certification image is uploaded to the SLM2 in the object plane, where N bucket detectors are located in a line to detect the intensity of each row. So, each row of measurement keys will get multiplexing by N copies, and then N intensity values are generated as row data in ciphertext. When M rows of measurement data have been detected, a M × N ciphertext matrix is acquired and the mathematical description is denoted as ∑[ ] 𝑀𝑗 (𝑘, ∶)𝑆 (𝑘, ∶) , 𝐵 (𝑗, 𝑘) = (7)
(5)
where the subscript (j, k) denotes the pixel values of kth group in jth subkey. Therefore, it is easy to calculate the pixel values of the initial image from the above equations. The few points remaining at the last of the subkey have a very small influence on the quality of decryption and will be verified in the following simulation. But with subkeys less than t, the equations have infinite solutions or no solution, and they cannot get a certain decryption result. Therefore, in the hyperplane secret sharing algorithm, a dealer can divide the secret image or initial key into n shadow images or subkeys and distribute them to n different participants. The initial image can be reconstructed by any t or more participants and fewer than t will get a low-dimensional space. The subkey has some random sampling data from the initial key, which provides the possibility for low-level authentication which will be introduced in Section 2.3.
where S(K,:) is the kth row distribution of the scrambled certification image, Mj (k,:) is the measurement matrix generated from the jth row of measurement keys, and B(j, K) is the jth row and kth column data of ciphertext. Reconstruct the certification image from the measurement key and ciphertext image is a convex optimization problem and can be solved by ′‖ ′ 𝑆̂ ′ = arg min ‖ ‖𝑆 ‖1 𝑠.𝑡.𝐵 = Φ × 𝑆 ,
(8)
where ‖·‖1 means the L1 -norm, S′ is the transposed matrix of the scrambled image S, and Φ is the distribution of measurement keys. There are many alternative reconstruction techniques which range from greedy, to stochastic, to variational algorithms [35]. Here, we adopted a sparsity adaptive matching pursuit algorithm (SAMP) [36] modified from an orthogonal match pursuit (OMP) [37] algorithm to get a more accurate result. In the row scanning compressive ghost imaging algorithm, each row data of measurement keys is multiplexed for N times, but the total measurement times are kept unchanged, which decreases the key space effectively and results in a better application in optical information security. Furthermore, the computing by column in the reconstruction procedure can save much computational time.
2.2. Row scanning compressive ghost imaging Compared with computational correlation imaging, compressive ghost imaging decreases the measurement times and improves the reconstruction image quality. But applied in optical information security, there is also a key space redundancy problem for compressive ghost imaging, because of its numerous measurement matrixes. Here, we propose a modified compressive ghost imaging, in which each row of data in the measurement matrix will get a multiplexing through row scanning intensity detection by a linear intensity detector; therefore, it can obviously decrease the redundancy of the key space. In the compressive ghost imaging algorithm [34], any image which is sparse or can be sparse in some transform domain, can be compressed through a set of measurement matrices. The certification image with the N × N size can be sparse through a four-order “haar” discrete wavelet
2.3. Multilevel image authentication process Combined with a hyperplane secret sharing algorithm, a multilevel image authentication scheme is proposed in row scanning compressive 30
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 4. The schematic diagram of the image encoding and authentication process. (a) The process of image encoding and secret key sharing; (b) Two-level authentication process.
Fig. 5. (a) The certification image “Peppers”; (b) The sparse image using DWT transform; (c) The scrambled image through Arnold transform.
Fig. 6. (a) The measurement key; (b) The ciphertext image.
Fig. 7. (a)–(f) Six subkeys generated by the hyperplane secret algorithm with a 40% sampling ratio. 31
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 8. The authentication result with correct subkeys in high-level authentication. (a) The recovered measurement key through four subkeys; (b) The reconstructed certification image with CC 0.9836.
certification image g and the recovered image g′ [38]m { [ ( )]} E [𝑔 − E(𝑔 )] − 𝑔 ′ − E 𝑔 ′ CC = , 𝜎𝑔 𝜎𝑔 ′
(9)
where E{·} denotes the expected value operator, and 𝜎 is the standard deviation of the corresponding image. A threshold value of CC is preselected, such as 0.9, if the CC of the recovered image is larger than the preselected threshold value, that means all the subkeys are correct and the participants can pass the high-level authentication. But if only one participant wants to pass the system, he/she can use one subkey as a measurement key to reconstruct the certification image g′′. Undoubtedly, the CC between output image g′′ and the original certification image g is smaller than the threshold value since any meaningful information is not retrieved visually and is just a noise-like pattern. But the fact is that there is some slight relationship between the reconstructed image and the initial image, because the subkeys have several pieces of information through the sampling of the measurement key. The nonlinear correlation coefficient (NCC) is adopted to describe this relationship [39,40], | ( ]}∗ { [ NCC(𝑖, 𝑗 ) = ||IFT FT[𝑔 (𝑖, 𝑗 )] ⋅ FT 𝑔 ′′ (𝑖, 𝑗 ) | )|2 ]}∗ { [ ⋅|FT[𝑔 (𝑖, 𝑗 )] ⋅ FT 𝑔 ′′ (𝑖, 𝑗 ) |𝜓−1 || , |
(10)
where FT{·} and IFT{·} denote the Fourier and inverse Fourier transform, and the symbol ∗ represents conjugate operation. The coefficient 𝜓 is the strength parameter of the applied nonlinearity whose range is [0.2, 0.4]. If there is a remarkable peak in the center of 3D NCC distribution, that means the reconstruction image g′′ has some nonlinear relationship with the certification image g, so the participant can pass this low-level authentication, while no remarkable peak indicates a failure of the lowlevel authentication.
Fig. 9. The authentication result (CC: 0.0634) with only one correct subkey in low-level authentication.
ghost imaging device and the whole process is shown in Fig. 4. The image encoding process is shown in Fig. 4(a), and after sparsity, the certification image g is scrambled and compressed by a measurement key, and, then, a chipertext image is generated by row scanning compressive ghost imaging mentioned above. Finally, the measurement key will be shared to n subkeys and distributed to n different participants by the authentication center. The authentication process is illustrated in Fig. 4(b), any t participants who possess correct subkeys can upload their subkeys to the authentication center. The correct measurement key can be recovered by the hyperplane secret sharing algorithm mentioned in Section 2.1, and subsequently, the certification image g′ can be reconstructed by the compressive reconstruction algorithm in Section 2.2 with the chipertext image and the recovered measurement key. The correlation coefficient (CC) is adopted as a criterion to evaluate the similarity between the
3. Computer simulations A set of simulations has been done using the MATLAB software to verify the feasibility and security of the authentication system. The focal length f of lens is 0.2 cm, and the wavelength of the plane wave is 532.0 nm. The sizes of the measurement key, the subkeys, and the ciphertext image are 128 × 256, and the sizes of other images are 256 × 256. The certification image, as shown in Fig. 5(a), is sparse by the DWT transform, and the corresponding result is shown in Fig. 5(b), and then 32
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 10. The 3D NCC distribution of Fig. 9.
Fig. 12. The 3D NCC distribution with wrong subkey of Fig. 11(c).
authentication and the low-level authentication failed with the wrong subkeys. To furtherly verify the feasibility of the proposed system, the robustness test has been simulated with additional noise and occlusion attacks. In the noise attack process, Gaussian white noise with mean 0 and 0.01 variance, salt and pepper noise with different densities, speckle noise with mean 0, and different variances are added in different subkeys. The corresponding results are shown in Fig. 13. For a more objective evaluation, we adopt both CC and mean square error (MSE) to evaluate the reconstruction results, and the mathematic expression of MSE can be defined as [41,42]
after the Arnold transform, the scrambled image is given in Fig. 5(c). Fig. 6(a) and (b) shows the measurement key and ciphertext image, respectively. Using the (4, 6) threshold hyperplane secret sharing algorithm with 40% sampling ratio, the measurement key will be shared into 6 subkeys which are shown in Figs. 7(a)–(f), respectively. In the high-level authentication process, the recovered measurement key from any 4 subkeys is shown in Fig. 8(a), and Fig. 8(b) gives the final recovered image with CC 0.9836, obtained from all the correct keys. It is clear that the recovered image with good quality is very similar to the original certification images, which means the high-level authentication is successful, and the participants with the correct 4 subkeys can pass the high-level authentication. In the circumstance of low-level authentication, when only one participant with his correct subkey (such as Fig. 7(a)) tries to pass the authentication, a noise-like image with low CC is retrieved, as shown in Fig. 9, from which we can see that any meaningful information cannot be identified by direct visual inspection, but in NCC distribution shown in Fig. 10, a remarkable peak can be obviously observed, which means the low-level authentication is successful, and the participant with only one correct subkey can pass the low-level authentication. Then, a security test is done with four wrong subkeys and the result is shown in Fig. 11. Fig. 11(a) shows the recovered measurement key using four wrong subkeys, and Fig. 11(b) and (c) gives the reconstructed certification images for high-level authentication and low-level authentication, respectively, which are both noise-like images. The corresponding NCC distribution of Fig. 11(c) is displayed in Fig. 12, where, obviously, the retrieved image is too fuzzy or meaningless to distinguish the original authentication information. Therefore, both the high-level
MSE =
( )2 ∑ 𝑔(𝑖, 𝑗) − 𝑔 ′ (𝑖, 𝑗) 𝑖,𝑗
𝑀 ×𝑁
.
(11)
The simulation results are shown in Fig. 13(a) and (b). For Gaussian noise, the horizontal ordinate represents different ratios in subkeys; for salt and pepper noise, it means different noise densities; and for speckle noise, it shows different variances. Then the occlusion attacks also have been done when the subkeys are occluded with 1/16, 1/8, and 1/4. Fig. 14(a)–(c) shows the occluded subkeys with different ratios, and Fig. 14(d)–(f) are the corresponding decoded images, with the CCs of 0.5092, 0.3879, and 0.2819, and the MSE values of 0.491, 0.579, and 0.599, respectively. From the above tests, we can see that the proposed system has the best performance towards Gaussian noise, but it is relatively sensitive for other noises and occlusion attacks. But the lowlevel authentications have been accomplished for all the attacks, and a remarkable peak can be obviously observed. Furthermore, the system management can flexibly adjust the threshold value in high-level
Fig. 11. The authentication result with wrong subkeys. (a) The recovered measurement key through four subkeys; (b) The reconstructed certification image with CC 0.0006 in high-level authentication; (c) The reconstructed certification image with CC 0.0035 in low-level authentication. 33
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 13. The results of noise attacks. (a) The CC curves with different noise parameters; (b) The MSE curves with different noise parameters.
Fig. 14. The occluded subkeys and results of occlusion attacks. (a)–(c) Three subkeys with 1/16, 1/8 and 1/4 occluded; (e)–(f) Three corresponding reconstruction images.
Acknowledgments
authentication and the sampling ratio in subkey generation to control robustness and security in different authentication links, which is very flexible.
This work was supported by the National Natural Science Foundation of China (NSFC) (61775121, 61307003, 61405122, 11574311), the Natural Science Foundation of Shandong Province (ZR2016FM03), and the Fundamental Research Funds of Shandong University Grant (2015GN031). We also thank the reviewers for some useful suggestions.
4. Conclusion In conclusion, we have proposed a multilevel image authentication scheme based on row scanning ghost imaging and a hyperplane secret sharing algorithm. Followed by wavelet transform, Arnold transform, and row scanning compressive ghost imaging for the certification image, the ciphertext image matrix can be detected by a BD. The measurement key used in the row scanning compressive ghost imaging can be decomposed and shared into n subkeys, which are then distributed to n different participants. In the authentication process, any t subkeys can pass the high-level authentication with high CC, while one correct subkey can only get the permission for low-level authentication with a remarkable peak in NCC distribution. The use of row scanning compressive ghost imaging decreases the redundancy of the key. Furthermore, the hyperplane secret sharing algorithm realizes measurement key sharing. In other words, it overcomes the weakness of the traditional system based on the one-to-one principle. Besides, compared with the existing threshold secret sharing scheme, the hyperplane secret sharing algorithm can remarkably decrease the key data and flexibly set threshold values as required. Theoretical analysis and numerical simulations both validate the feasibility of the proposed method.
References [1] Refregier P, Javidi B. Optical image encryption based on input plane and fourier plane random encoding. Opt Lett 1995;20:767–9. [2] Situ G, Zhang J. Double random-phase encoding in the Fresnel domain. Opt Lett 2004;29:1584–6. [3] Chen L, Zhao D. Optical color image encryption by wavelength multiplexing and lensless Fresnel transform holograms. Opt Express 2006;14:8552–60. [4] Unnikrishnan G, Singh K. Double random fractional Fourier domain encoding for optical security. Opt Eng 2000;39:2853–9. [5] Gong LH, Liu XB, Zheng F, Zhou NR. Flexible multiple-image encryption algorithm based on log-polar transform and double random phase encoding technique. J Mod Opt 2013;60:1074–82. [6] Liu ST, Yu L, Zhu B. Optical image encryption by cascaded fractional Fourier transforms with random phase filtering. Opt Commun 2001;187:57–63. [7] Nomura T, Javidi B. Optical encryption using a joint transform correlator architecture. Opt Eng 2000;39:2031–5. [8] Cai LZ, He MZ, Liu Q, Yang XL. Digital image encryption and watermarking by phase-shifting interferometry. Appl Opt 2004;43:3078–84. [9] Wang RK, Watson IA, Chatwin C. Random phase encoding for optical security. Opt Eng 1996;35:2464–9. 34
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
[10] Li Y, Kreske K, Rosen J. Security and encryption optical systems based on a correlator with significant output images. Appl Opt 2000;39:5295–301. [11] Rodrigo JA, Calvo ML, Alieva T. Gyrator transform: properties and applications. Opt Express 2007;15:2190. [12] Zhou NR, Wang YX, Gong LH. Novel optical image encryption scheme based on fractional Mellin transform. Opt Commun 2011;284:3234–42. [13] Zhang Y, Wang B. Optical image encryption based on interference. Opt Lett 2008;33:2443–5. [14] Chen W, Chen XD, Sheppard CJR. Optical image encryption based on diffractive imaging. Opt Lett 2009;35:3817–19. [15] Mogensen PC, Glückstad JA. phase-based optical encryption system with polarisation encoding. Opt Commun 2000;173:177–83. [16] Liu ZJ, Shen C, Tan JB, Liu ST. A recovery method of double random phase encoding system with a parallel phase retrieval. IEEE Photon J 2016;8:7801807. [17] Peng X, Zhang P, Wei H, Yu B. Known-plaintext attack on optical encryption based on double random phase keys. Opt Lett 2006;31:1044–6. [18] Klyshko DN. Combine EPR and two-slit experiments: interference of advanced waves. Phys Lett A 1999;132:199–304. [19] Chen W, Chen XD. Ghost imaging using labyrinth-like phase modulation patterns for high-efficiency and high security optical encryption. EPL 2015;109:14001. [20] Clemente P, Durán V, Torrescompany V, Tajahuerce E, Lancis J. Optical encryption based on computational ghost imaging. Opt Lett 2010;35:2391–3. [21] Bromberg Y, Katz O, Silberberg Y. Ghost imaging with a single detector. Phys Rev A 2010;79:1744–7. [22] Katz O, Bromberg Y, Silberberg Y. Compressive ghost imaging. Appl Phys Lett 2007;95:131110–13. [23] Zhang LY, Wong KW, Zhang YS, Zhou JT. Bi-level protected compressive sampling. IEEE Trans Multimedia 2016;18:1720–32. [24] Zhang YS, Zhou JT, Chen F, Zhang LY, Xiao D, Chen B, Liao XF. A block compressive sensing based scalable encryption framework for protecting significant image regions. Int J Bifurcat Chaos 2016;26:1650191. [25] Kishk S, Javidi B. Optical 3D watermarking and authentication by correlation techniques. In: Proc. SPIE in conference on optical pattern recongnition XV, 5437; 2004. p. 17–26.
[26] Situ G, Zhang J. Image hiding with computer-generated phase codes for optical authentication. Opt Commun 2005;245:55–65. [27] He WQ, Peng X, Meng XF, Liu XL. Optical hierarchical authentication based on interference and Hash function. Appl Opt 2012;51:7750–7. [28] Fan DS, Meng XF, Wang YR, Yang XL, Peng X, He WQ, Dong GY, Chen HY. Optical identity authentication scheme based on elliptic curve digital signature algorithm and phase retrieval algorithm. Appl Opt 2013;52:5645–52. [29] Fan DS, Meng XF, Wang YR, Yang XL, Pan XM, Peng X, He WQ, Dong GY, Chen HY. Multiple-image authentication with a cascaded multilevel architecture based on amplitude field random sampling and phase information multiplexing. Appl Opt 2015;54:3204–15. [30] Shamir A. How to share a secret. Commun ACM 1979;22:612–13. [31] Pan XM, Meng XF, Wang YR, Yang XL, Peng X, He WQ, Dong GY, Chen HY. Multilevel image authentication using shared secret threshold and phase retrieval. J Mod Opt 2014;61:1470–8. [32] Deng XP, Wen W, Mi XW, Long XW. Optical threshold secret sharing scheme based on basic vector operations and coherence superposition. Opt Commun 2015;341: 22–27. [33] Blakley GR. Safeguarding cryptographic keys. Proc AFIPS 1979;48:313–17. [34] Chai XL, Gan ZH, Chen YR, Zhang YS. A visually secure image encryption scheme based on compressive sensing. Signal Process 2017;134:35–51. [35] Duarte MF, Davenport MA, Takbar D, Laska JN, Sun T, Kelly KF. Single-pixel imaging via compressive sampling. IEEE Signal Process Mag 2008;25:83–91. [36] Do TT, Gan L, Nguyen N, Tran TD. Sparsity adaptive matching pursuit algorithm for practical compressed sensing. In: Proc. 42nd asilomar conf. signals. syst. comput.; 2008. p. 581–7. [37] Theis FJ, Jung A, Puntonet CG, Lang EW. Signal recovery from partial information via orthogonal matching pursuit. IEEE Trans Inf Theory 2007;15:419–39. [38] Meng XF, Cai LZ, Wang YR, Yang XL, Xu XF, Dong GY, Shen XX, Zhang H, Cheng XC. Information security system by iterative multiple-phase retrieval and pixel random permutation. Appl Opt 2006;45:3289–97. [39] Javidi B. Nonlinear joint power spectrum based optical correlation. Appl Opt 1989;28:2358–67. [40] Chen W, Chen XD, Stern A, Javidi B. Phase-modulated optical system with sparse representation for information encoding and authentication. IEEE Photon J 2013;5:6900113. [41] Singh H, Yadav AK, Vashisth S, Singh K. Fully phase image encryption using double random structured phase masks in gyrator domain. Appl Opt 2014;53:6472–81. [42] Singh H, Yadav AK, Vashisth S, Singh K. Double phase-image encryption using gyrator transforms, and structured phase mask in the frequency plane. Opt Laser Eng 2015;67:145–56.
35
Contents lists available at ScienceDirect
Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng
Multilevel image authentication using row scanning compressive ghost imaging and hyperplane secret sharing algorithm Xianye Li a, Xiangfeng Meng a,∗, Yongkai Yin a, Yurong Wang a, Xiulun Yang a, Xiang Peng b, Wenqi He b, Guoyan Dong c, Hongyi Chen d a
Department of Optics, School of Information Science and Engineering, and Shandong Provincial Key Laboratory of Laser Technology and Application, Shandong University, Jinan 250100, China b College of Optoelectronics Engineering, Shenzhen University, Shenzhen 518060, China c College of Materials Science and Opto-Electronic Technology, University of Chinese Academy of Sciences, Beijing 100049, China d College of Electronic Science and Technology, Shenzhen University, Shenzhen 518060, China
a r t i c l e
i n f o
Keywords: Compressive ghost imaging Optical authentication Hyperplane secret sharing Digital holography
a b s t r a c t A multilevel image authentication method is proposed which is based on row scanning compressive ghost imaging and a hyperplane secret sharing algorithm. In the image encoding process, after the wavelet transform and Arnold transform for the certification image, through row scanning compressive ghost imaging, the ciphertext matrix can be first detected by a bucket detector (BD). Based on a hyperplane secret sharing algorithm, the measurement key using in the row scanning compressive ghost imaging, can be decomposed and shared into n subkeys, which are then distributed to n different participants. In the high-level authentication process, based on a hyperplane secret sharing algorithm and a compressive reconstruction algorithm, any t or more participants with the corresponding correct subkeys can be gathered to reconstruct the original meaningful certification image with high correlation coefficient (CC); While in the case of low-level authentication process, only one authenticator who possesses a correct subkey will gain no significant information of certification image, however, it can result in a remarkable peak output in the nonlinear correlation coefficient distribution. Theoretical analysis and numerical simulations both verify the feasibility of the proposed method.
1. Introduction Recently, information security has received increasing attention with the acceleration of informatization. Optical information security, a branch of information security including encryption, authentication, information hiding, and so on, has become more challenging and attracted more and more researchers because of its advantages, such as high degrees of freedom, high speed, parallel computing, etc. Réfrégier and Javidi first realized optical encryption in the Fourier domain with a double random phase encoding (DRPE) scheme in 1995 [1]. The optical encryption scheme was further extended in the Fresnel transform [2,3], fractional Fourier transform [4–6], joint transform correlator (JTC) [7], phase-shifting interferometry [8], phase retrieval [9,10], gyrator transform [11], fractional Mellin transform [12], two beam interference [13], diffractive imaging [14], polarization encoding [15], etc. In addition, many researchers proposed different attack schemes and discussions for DRPE in different transform domains [16,17]. Recently, ghost imaging applied in optical image encryption has attracted increasing attention. In this case the wave scattered at the object
∗
Corresponding author. E-mail address: [email protected] (X. Meng).
beam arm is collected by a bucket or pinhole detector, and after scanning the detector at the reference beam arm in which the object is not located, the object can be reconstructed by intensity correlation computation [18,19]. In 2010, Clemente et al. proposed an optical encryption scheme using computational ghost imaging [20], in which the image decoding process is digitally realized through a correlation algorithm between two intensity data from a single pixel detector and a computational optical filed distribution [21]. To reduce the measurement times, the compressive ghost imaging was recently applied in optical encryption, which realized the computational ghost imaging based on a compressive sensing algorithm instead of the intensity correlation operation [22–24]. Besides image encryption, image authentication and digital signature based on optical transforms have been reported. In 2004, Kishk and Javidi first proposed the optical authentication method based on DRPE and phase-shift digital holography [25], in which the recovered hidden image is authenticated using nonlinear correlation. Situ and Zhang proposed an optical watermarking authentication scheme based on a fragile image hiding scheme in 2005 [26]. In 2012, He et al. proposed an optical hierarchical authentication based on interference, a modified phase retrieval algorithm, and a hash function, which not only checks the legality of the users but also verifies their identity levels [27]. To eliminate the collision risk, we proposed an optical identity authentica-
https://doi.org/10.1016/j.optlaseng.2018.04.014 Received 29 November 2017; Received in revised form 19 April 2018; Accepted 20 April 2018 0143-8166/© 2018 Elsevier Ltd. All rights reserved.
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 1. The hyperplane concept in a 3-dimensional space.
tion scheme based on an elliptic curve digital signature algorithm and a phase retrieval algorithm in 2013 [28]; Subsequently, a multiple-image authentication method with a cascaded multilevel architecture was reported, which is implemented by amplitude field random sampling and phase information multiplexing [29]. To overcome the weakness of the traditional system based on a oneto-one principle, threshold secret sharing using a Lagrange interpolating polynomial [30] can be applied in optical information security, by which the secret data are encoded into n shares and then distributed to n participants, where any t (t ≤ n) or more of the shares can be collected to recover the secret, but any t − 1 or fewer of them cannot. In 2014, we proposed a multilevel image authentication method using threshold secret sharing and a phase retrieval algorithm [31]. Subsequently, Deng et al. reported a (2, n) threshold secret sharing scheme based on vector operation and coherence superposition for binary images [32]. However, the existing secret sharing methods based on the Lagrange interpolating polynomial mentioned in [30,31] need at least two shadow images for a shareholder to decode the secret information, which increases key space redundancy and is hard to be implemented. Accordingly, the vector decomposition scheme has certain threshold number restrictions—only 2 threshold keys can be employed as in [32]—which is inflexible for multi-participant management. To decrease the key data and build a flexible multilevel authentication system, we present here a multilevel image authentication scheme based on row scanning compressive ghost imaging and a hyperplane secret sharing algorithm, in which any subkey is seen as a hyperplane in a t-dimension space and the secret is the unique point of intersection of the n (t < n) hyperplanes; any t or more hyperplanes can uniquely intersect in this point, and then pass the high-level authentication with high correlation coefficient (CC), but fewer than t hyperplanes cannot. Any participant who has only one subkey can attempt to pass the lowlevel authentication with a peak in the nonlinear correlation coefficient (NCC) distribution. Obviously, the proposed scheme makes up for the disadvantages of existing schemes efficiently, since only one shadow is demanded for a participant and the threshold values can be selected as required. The details are described in the following sections and a set of simulations are made to verify the feasibility of the scheme.
Fig. 2. The 5 × 5 example matrix for (a) initial key and (b) initial subkey.
planes given by the following Cartesian equations: ⎧𝐴 𝑥 + 𝐵 𝑦 + 𝐶 𝑧 = 𝐷 1 1 1 ⎪ 1 ⎨𝐴 2 𝑥 + 𝐵 2 𝑦 + 𝐶 2 𝑧 = 𝐷 2 , ⎪𝐴 3 𝑥 + 𝐵 3 𝑦 + 𝐶 3 𝑧 = 𝐷 3 ⎩
(1)
the condition for the three planes with only a point intersection is that both the rank of its coefficient matrix r and the rank of the augmented matrix r′ are 3. The description in the matrix form can be written as |𝐴 | 1 | |𝐴 2 | |𝐴 3 |
𝐵1 𝐵2 𝐵3
|A 𝐶1 || | 1 | | 𝐶2 | ≠ 0 && |A2 | | | |A3 𝐶3 | |
B1 B2 B3
𝐶1 𝐶2 𝐶3
𝐷1 || | 𝐷2 | ≠ 0, | 𝐷3 ||
(2)
and, therefore, three equations of planes can calculate the position, but two or less cannot. Regarding the pixel values as the coordinates of the point of intersection, here we propose a (t, n) threshold multilevel image authentication scheme in a t-dimensional space. Only t or more hyperplanes can determine a point, but fewer than t will get a low-dimensional space. Here, a (4, n) threshold scheme is taken as an example. In a 4dimensional space, any hyperplane can be expressed in Cartesian equations as 𝐴𝑥 + 𝐵𝑦 + 𝐶𝑧 + 𝐷𝑤 = 𝐸,
2. Theoretical analysis and scheme description
(3)
so any point can be described as 2.1. Hyperplane secret sharing algorithm
⎧ ⎪𝐴 1 𝑥 + 𝐵 1 𝑦 + 𝐶 1 𝑧 + 𝐷 1 𝑤 = 𝐸 1 ⎪𝐴 2 𝑥 + 𝐵 2 𝑦 + 𝐶 2 𝑧 + 𝐷 2 𝑤 = 𝐸 2 ⎨𝐴 𝑥 + 𝐵 𝑦 + 𝐶 𝑧 + 𝐷 𝑤 = 𝐸 , 3 3 3 3 ⎪ 3 ⎪𝐴 4 𝑥 + 𝐵 4 𝑦 + 𝐶 4 𝑧 + 𝐷 4 𝑤 = 𝐸 4 ⎩
The concept of hyperplane secret sharing was first proposed by Blakley [33]. Here, we implement its mathematical implementation for row scanning compressive ghost imaging in the multilevel authentication system. As shown in Fig. 1(a), in a 3-dimensional space, any two unparallel planes (planes 𝛼 and 𝛽) have a line intersection. Furthermore, any three planes (planes 𝛼, 𝛽 and 𝛾) in 3-dimensional space have several possible intersections, but if the normal vectors 𝑛⃗𝛼 , 𝑛⃗𝛽 , 𝑛⃗𝛼 of three planes are not coplanar as 𝑛⃗𝛼 ⋅ |⃗ 𝑛𝛽 × 𝑛⃗𝛾 | ≠ 0, three planes will have a unique intersection into a point as given in Fig. 1(b). That is, considering three
(4)
where both the ranks of the equations’ coefficient matrix r and the augmented matrix r′ are 4. So, the pixel values of the initial measurement key are regarded as the unknowns in the hyperplane expressions. The coefficients of the equations (Fig. 2(a)) are selected randomly and then form the subkeys’ pixels (Fig. 2(b)); here, the 5 × 5 matrices are taken 29
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 3. The schematic diagram of random sampling and filling for the initial subkey.
as an example in the diagram of Fig. 2. To realize the low-level authentication, the initial subkey is generated through a random sampling and filling algorithm as shown in Fig. 3, in which the sampled subkey matrix is acquired from the initial key by a binary sampling matrix and the blank pixels are randomly filled with random numbers in the range of 0–1. Then, each four pixels in initial key, regarded as the unknown numbers xk , yk , zk, and wk , work in a group, and each four elements in the initial subkey are the coefficients Ai , Bi , Ci, and Di , respectively. Therefore, the constant Ek can be easily calculated by Eq. (4), and Ak +1 in the next group is replaced by Ek /4. Repeat the calculation process above until the remaining pixels in the initial key i are less than 5. Finally, the subkey is generated, and it is easy to acquire other sub-keys by repeating all the above steps. In initial key reconstruction, each of the four sub-keys can easily consist of a set of equations with the groups of pixel values depicted as ⎧ ⎪ 𝐴1,𝑘 𝑥 + 𝐵1,𝑘 𝑦 + 𝐶1,𝑘 𝑧 + 𝐷1,𝑘 𝑤 = 4 ⋅ 𝐴1,𝑘+1 ⎪𝐴2,𝑘 𝑥 + 𝐵2,𝑘 𝑦 + 𝐶2,𝑘 𝑧 + 𝐷2,𝑘 𝑤 = 4 ⋅ 𝐴2,𝑘,+1 , ⎨𝐴 𝑥 + 𝐵 𝑦 + 𝐶 𝑧 + 𝐷 𝑤 = 4 ⋅ 𝐴 3,𝑘 3,𝑘 3,𝑘 3,𝑘+1 ⎪ 3,𝑘 ⎪ 𝐴4,𝑘 𝑥 + 𝐵4,𝑘 𝑦 + 𝐶4,𝑘 𝑧 + 𝐷4,𝑘 𝑤 = 4 ⋅ 𝐴4,𝑘+1 ⎩
transform (DWT). An Arnold transform is also used in sparse images to get a more uniform pixel distribution as shown in Fig. 4(a). Then a measurement key, whose size is M × N, is randomly selected with the range from 0 to 1, where M is related to the maximum row sparsity K of the scrambled certification image and can be expressed as [ ] 𝑀 ≥ 𝑂 𝐾 log(𝑁∕𝐾 ) , (6) Where each of the M row’s data in measurement keys will be copied to N rows to form a new measurement matrix, which is uploaded to a SLM device (SLM1 ) in turn. Then, the intensity modulation occurs to the plane wave by the SLM device. A convex lens L is placed in the middle position between the SLM1 and SLM2 in the object plane, and the distance between the lens L and two SLMs are both two focal lengths 2f, so the optical intensity distributions in the object plane are the reverse of the measurement matrixes. Then the scrambled certification image is uploaded to the SLM2 in the object plane, where N bucket detectors are located in a line to detect the intensity of each row. So, each row of measurement keys will get multiplexing by N copies, and then N intensity values are generated as row data in ciphertext. When M rows of measurement data have been detected, a M × N ciphertext matrix is acquired and the mathematical description is denoted as ∑[ ] 𝑀𝑗 (𝑘, ∶)𝑆 (𝑘, ∶) , 𝐵 (𝑗, 𝑘) = (7)
(5)
where the subscript (j, k) denotes the pixel values of kth group in jth subkey. Therefore, it is easy to calculate the pixel values of the initial image from the above equations. The few points remaining at the last of the subkey have a very small influence on the quality of decryption and will be verified in the following simulation. But with subkeys less than t, the equations have infinite solutions or no solution, and they cannot get a certain decryption result. Therefore, in the hyperplane secret sharing algorithm, a dealer can divide the secret image or initial key into n shadow images or subkeys and distribute them to n different participants. The initial image can be reconstructed by any t or more participants and fewer than t will get a low-dimensional space. The subkey has some random sampling data from the initial key, which provides the possibility for low-level authentication which will be introduced in Section 2.3.
where S(K,:) is the kth row distribution of the scrambled certification image, Mj (k,:) is the measurement matrix generated from the jth row of measurement keys, and B(j, K) is the jth row and kth column data of ciphertext. Reconstruct the certification image from the measurement key and ciphertext image is a convex optimization problem and can be solved by ′‖ ′ 𝑆̂ ′ = arg min ‖ ‖𝑆 ‖1 𝑠.𝑡.𝐵 = Φ × 𝑆 ,
(8)
where ‖·‖1 means the L1 -norm, S′ is the transposed matrix of the scrambled image S, and Φ is the distribution of measurement keys. There are many alternative reconstruction techniques which range from greedy, to stochastic, to variational algorithms [35]. Here, we adopted a sparsity adaptive matching pursuit algorithm (SAMP) [36] modified from an orthogonal match pursuit (OMP) [37] algorithm to get a more accurate result. In the row scanning compressive ghost imaging algorithm, each row data of measurement keys is multiplexed for N times, but the total measurement times are kept unchanged, which decreases the key space effectively and results in a better application in optical information security. Furthermore, the computing by column in the reconstruction procedure can save much computational time.
2.2. Row scanning compressive ghost imaging Compared with computational correlation imaging, compressive ghost imaging decreases the measurement times and improves the reconstruction image quality. But applied in optical information security, there is also a key space redundancy problem for compressive ghost imaging, because of its numerous measurement matrixes. Here, we propose a modified compressive ghost imaging, in which each row of data in the measurement matrix will get a multiplexing through row scanning intensity detection by a linear intensity detector; therefore, it can obviously decrease the redundancy of the key space. In the compressive ghost imaging algorithm [34], any image which is sparse or can be sparse in some transform domain, can be compressed through a set of measurement matrices. The certification image with the N × N size can be sparse through a four-order “haar” discrete wavelet
2.3. Multilevel image authentication process Combined with a hyperplane secret sharing algorithm, a multilevel image authentication scheme is proposed in row scanning compressive 30
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 4. The schematic diagram of the image encoding and authentication process. (a) The process of image encoding and secret key sharing; (b) Two-level authentication process.
Fig. 5. (a) The certification image “Peppers”; (b) The sparse image using DWT transform; (c) The scrambled image through Arnold transform.
Fig. 6. (a) The measurement key; (b) The ciphertext image.
Fig. 7. (a)–(f) Six subkeys generated by the hyperplane secret algorithm with a 40% sampling ratio. 31
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 8. The authentication result with correct subkeys in high-level authentication. (a) The recovered measurement key through four subkeys; (b) The reconstructed certification image with CC 0.9836.
certification image g and the recovered image g′ [38]m { [ ( )]} E [𝑔 − E(𝑔 )] − 𝑔 ′ − E 𝑔 ′ CC = , 𝜎𝑔 𝜎𝑔 ′
(9)
where E{·} denotes the expected value operator, and 𝜎 is the standard deviation of the corresponding image. A threshold value of CC is preselected, such as 0.9, if the CC of the recovered image is larger than the preselected threshold value, that means all the subkeys are correct and the participants can pass the high-level authentication. But if only one participant wants to pass the system, he/she can use one subkey as a measurement key to reconstruct the certification image g′′. Undoubtedly, the CC between output image g′′ and the original certification image g is smaller than the threshold value since any meaningful information is not retrieved visually and is just a noise-like pattern. But the fact is that there is some slight relationship between the reconstructed image and the initial image, because the subkeys have several pieces of information through the sampling of the measurement key. The nonlinear correlation coefficient (NCC) is adopted to describe this relationship [39,40], | ( ]}∗ { [ NCC(𝑖, 𝑗 ) = ||IFT FT[𝑔 (𝑖, 𝑗 )] ⋅ FT 𝑔 ′′ (𝑖, 𝑗 ) | )|2 ]}∗ { [ ⋅|FT[𝑔 (𝑖, 𝑗 )] ⋅ FT 𝑔 ′′ (𝑖, 𝑗 ) |𝜓−1 || , |
(10)
where FT{·} and IFT{·} denote the Fourier and inverse Fourier transform, and the symbol ∗ represents conjugate operation. The coefficient 𝜓 is the strength parameter of the applied nonlinearity whose range is [0.2, 0.4]. If there is a remarkable peak in the center of 3D NCC distribution, that means the reconstruction image g′′ has some nonlinear relationship with the certification image g, so the participant can pass this low-level authentication, while no remarkable peak indicates a failure of the lowlevel authentication.
Fig. 9. The authentication result (CC: 0.0634) with only one correct subkey in low-level authentication.
ghost imaging device and the whole process is shown in Fig. 4. The image encoding process is shown in Fig. 4(a), and after sparsity, the certification image g is scrambled and compressed by a measurement key, and, then, a chipertext image is generated by row scanning compressive ghost imaging mentioned above. Finally, the measurement key will be shared to n subkeys and distributed to n different participants by the authentication center. The authentication process is illustrated in Fig. 4(b), any t participants who possess correct subkeys can upload their subkeys to the authentication center. The correct measurement key can be recovered by the hyperplane secret sharing algorithm mentioned in Section 2.1, and subsequently, the certification image g′ can be reconstructed by the compressive reconstruction algorithm in Section 2.2 with the chipertext image and the recovered measurement key. The correlation coefficient (CC) is adopted as a criterion to evaluate the similarity between the
3. Computer simulations A set of simulations has been done using the MATLAB software to verify the feasibility and security of the authentication system. The focal length f of lens is 0.2 cm, and the wavelength of the plane wave is 532.0 nm. The sizes of the measurement key, the subkeys, and the ciphertext image are 128 × 256, and the sizes of other images are 256 × 256. The certification image, as shown in Fig. 5(a), is sparse by the DWT transform, and the corresponding result is shown in Fig. 5(b), and then 32
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 10. The 3D NCC distribution of Fig. 9.
Fig. 12. The 3D NCC distribution with wrong subkey of Fig. 11(c).
authentication and the low-level authentication failed with the wrong subkeys. To furtherly verify the feasibility of the proposed system, the robustness test has been simulated with additional noise and occlusion attacks. In the noise attack process, Gaussian white noise with mean 0 and 0.01 variance, salt and pepper noise with different densities, speckle noise with mean 0, and different variances are added in different subkeys. The corresponding results are shown in Fig. 13. For a more objective evaluation, we adopt both CC and mean square error (MSE) to evaluate the reconstruction results, and the mathematic expression of MSE can be defined as [41,42]
after the Arnold transform, the scrambled image is given in Fig. 5(c). Fig. 6(a) and (b) shows the measurement key and ciphertext image, respectively. Using the (4, 6) threshold hyperplane secret sharing algorithm with 40% sampling ratio, the measurement key will be shared into 6 subkeys which are shown in Figs. 7(a)–(f), respectively. In the high-level authentication process, the recovered measurement key from any 4 subkeys is shown in Fig. 8(a), and Fig. 8(b) gives the final recovered image with CC 0.9836, obtained from all the correct keys. It is clear that the recovered image with good quality is very similar to the original certification images, which means the high-level authentication is successful, and the participants with the correct 4 subkeys can pass the high-level authentication. In the circumstance of low-level authentication, when only one participant with his correct subkey (such as Fig. 7(a)) tries to pass the authentication, a noise-like image with low CC is retrieved, as shown in Fig. 9, from which we can see that any meaningful information cannot be identified by direct visual inspection, but in NCC distribution shown in Fig. 10, a remarkable peak can be obviously observed, which means the low-level authentication is successful, and the participant with only one correct subkey can pass the low-level authentication. Then, a security test is done with four wrong subkeys and the result is shown in Fig. 11. Fig. 11(a) shows the recovered measurement key using four wrong subkeys, and Fig. 11(b) and (c) gives the reconstructed certification images for high-level authentication and low-level authentication, respectively, which are both noise-like images. The corresponding NCC distribution of Fig. 11(c) is displayed in Fig. 12, where, obviously, the retrieved image is too fuzzy or meaningless to distinguish the original authentication information. Therefore, both the high-level
MSE =
( )2 ∑ 𝑔(𝑖, 𝑗) − 𝑔 ′ (𝑖, 𝑗) 𝑖,𝑗
𝑀 ×𝑁
.
(11)
The simulation results are shown in Fig. 13(a) and (b). For Gaussian noise, the horizontal ordinate represents different ratios in subkeys; for salt and pepper noise, it means different noise densities; and for speckle noise, it shows different variances. Then the occlusion attacks also have been done when the subkeys are occluded with 1/16, 1/8, and 1/4. Fig. 14(a)–(c) shows the occluded subkeys with different ratios, and Fig. 14(d)–(f) are the corresponding decoded images, with the CCs of 0.5092, 0.3879, and 0.2819, and the MSE values of 0.491, 0.579, and 0.599, respectively. From the above tests, we can see that the proposed system has the best performance towards Gaussian noise, but it is relatively sensitive for other noises and occlusion attacks. But the lowlevel authentications have been accomplished for all the attacks, and a remarkable peak can be obviously observed. Furthermore, the system management can flexibly adjust the threshold value in high-level
Fig. 11. The authentication result with wrong subkeys. (a) The recovered measurement key through four subkeys; (b) The reconstructed certification image with CC 0.0006 in high-level authentication; (c) The reconstructed certification image with CC 0.0035 in low-level authentication. 33
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
Fig. 13. The results of noise attacks. (a) The CC curves with different noise parameters; (b) The MSE curves with different noise parameters.
Fig. 14. The occluded subkeys and results of occlusion attacks. (a)–(c) Three subkeys with 1/16, 1/8 and 1/4 occluded; (e)–(f) Three corresponding reconstruction images.
Acknowledgments
authentication and the sampling ratio in subkey generation to control robustness and security in different authentication links, which is very flexible.
This work was supported by the National Natural Science Foundation of China (NSFC) (61775121, 61307003, 61405122, 11574311), the Natural Science Foundation of Shandong Province (ZR2016FM03), and the Fundamental Research Funds of Shandong University Grant (2015GN031). We also thank the reviewers for some useful suggestions.
4. Conclusion In conclusion, we have proposed a multilevel image authentication scheme based on row scanning ghost imaging and a hyperplane secret sharing algorithm. Followed by wavelet transform, Arnold transform, and row scanning compressive ghost imaging for the certification image, the ciphertext image matrix can be detected by a BD. The measurement key used in the row scanning compressive ghost imaging can be decomposed and shared into n subkeys, which are then distributed to n different participants. In the authentication process, any t subkeys can pass the high-level authentication with high CC, while one correct subkey can only get the permission for low-level authentication with a remarkable peak in NCC distribution. The use of row scanning compressive ghost imaging decreases the redundancy of the key. Furthermore, the hyperplane secret sharing algorithm realizes measurement key sharing. In other words, it overcomes the weakness of the traditional system based on the one-to-one principle. Besides, compared with the existing threshold secret sharing scheme, the hyperplane secret sharing algorithm can remarkably decrease the key data and flexibly set threshold values as required. Theoretical analysis and numerical simulations both validate the feasibility of the proposed method.
References [1] Refregier P, Javidi B. Optical image encryption based on input plane and fourier plane random encoding. Opt Lett 1995;20:767–9. [2] Situ G, Zhang J. Double random-phase encoding in the Fresnel domain. Opt Lett 2004;29:1584–6. [3] Chen L, Zhao D. Optical color image encryption by wavelength multiplexing and lensless Fresnel transform holograms. Opt Express 2006;14:8552–60. [4] Unnikrishnan G, Singh K. Double random fractional Fourier domain encoding for optical security. Opt Eng 2000;39:2853–9. [5] Gong LH, Liu XB, Zheng F, Zhou NR. Flexible multiple-image encryption algorithm based on log-polar transform and double random phase encoding technique. J Mod Opt 2013;60:1074–82. [6] Liu ST, Yu L, Zhu B. Optical image encryption by cascaded fractional Fourier transforms with random phase filtering. Opt Commun 2001;187:57–63. [7] Nomura T, Javidi B. Optical encryption using a joint transform correlator architecture. Opt Eng 2000;39:2031–5. [8] Cai LZ, He MZ, Liu Q, Yang XL. Digital image encryption and watermarking by phase-shifting interferometry. Appl Opt 2004;43:3078–84. [9] Wang RK, Watson IA, Chatwin C. Random phase encoding for optical security. Opt Eng 1996;35:2464–9. 34
X. Li et al.
Optics and Lasers in Engineering 108 (2018) 28–35
[10] Li Y, Kreske K, Rosen J. Security and encryption optical systems based on a correlator with significant output images. Appl Opt 2000;39:5295–301. [11] Rodrigo JA, Calvo ML, Alieva T. Gyrator transform: properties and applications. Opt Express 2007;15:2190. [12] Zhou NR, Wang YX, Gong LH. Novel optical image encryption scheme based on fractional Mellin transform. Opt Commun 2011;284:3234–42. [13] Zhang Y, Wang B. Optical image encryption based on interference. Opt Lett 2008;33:2443–5. [14] Chen W, Chen XD, Sheppard CJR. Optical image encryption based on diffractive imaging. Opt Lett 2009;35:3817–19. [15] Mogensen PC, Glückstad JA. phase-based optical encryption system with polarisation encoding. Opt Commun 2000;173:177–83. [16] Liu ZJ, Shen C, Tan JB, Liu ST. A recovery method of double random phase encoding system with a parallel phase retrieval. IEEE Photon J 2016;8:7801807. [17] Peng X, Zhang P, Wei H, Yu B. Known-plaintext attack on optical encryption based on double random phase keys. Opt Lett 2006;31:1044–6. [18] Klyshko DN. Combine EPR and two-slit experiments: interference of advanced waves. Phys Lett A 1999;132:199–304. [19] Chen W, Chen XD. Ghost imaging using labyrinth-like phase modulation patterns for high-efficiency and high security optical encryption. EPL 2015;109:14001. [20] Clemente P, Durán V, Torrescompany V, Tajahuerce E, Lancis J. Optical encryption based on computational ghost imaging. Opt Lett 2010;35:2391–3. [21] Bromberg Y, Katz O, Silberberg Y. Ghost imaging with a single detector. Phys Rev A 2010;79:1744–7. [22] Katz O, Bromberg Y, Silberberg Y. Compressive ghost imaging. Appl Phys Lett 2007;95:131110–13. [23] Zhang LY, Wong KW, Zhang YS, Zhou JT. Bi-level protected compressive sampling. IEEE Trans Multimedia 2016;18:1720–32. [24] Zhang YS, Zhou JT, Chen F, Zhang LY, Xiao D, Chen B, Liao XF. A block compressive sensing based scalable encryption framework for protecting significant image regions. Int J Bifurcat Chaos 2016;26:1650191. [25] Kishk S, Javidi B. Optical 3D watermarking and authentication by correlation techniques. In: Proc. SPIE in conference on optical pattern recongnition XV, 5437; 2004. p. 17–26.
[26] Situ G, Zhang J. Image hiding with computer-generated phase codes for optical authentication. Opt Commun 2005;245:55–65. [27] He WQ, Peng X, Meng XF, Liu XL. Optical hierarchical authentication based on interference and Hash function. Appl Opt 2012;51:7750–7. [28] Fan DS, Meng XF, Wang YR, Yang XL, Peng X, He WQ, Dong GY, Chen HY. Optical identity authentication scheme based on elliptic curve digital signature algorithm and phase retrieval algorithm. Appl Opt 2013;52:5645–52. [29] Fan DS, Meng XF, Wang YR, Yang XL, Pan XM, Peng X, He WQ, Dong GY, Chen HY. Multiple-image authentication with a cascaded multilevel architecture based on amplitude field random sampling and phase information multiplexing. Appl Opt 2015;54:3204–15. [30] Shamir A. How to share a secret. Commun ACM 1979;22:612–13. [31] Pan XM, Meng XF, Wang YR, Yang XL, Peng X, He WQ, Dong GY, Chen HY. Multilevel image authentication using shared secret threshold and phase retrieval. J Mod Opt 2014;61:1470–8. [32] Deng XP, Wen W, Mi XW, Long XW. Optical threshold secret sharing scheme based on basic vector operations and coherence superposition. Opt Commun 2015;341: 22–27. [33] Blakley GR. Safeguarding cryptographic keys. Proc AFIPS 1979;48:313–17. [34] Chai XL, Gan ZH, Chen YR, Zhang YS. A visually secure image encryption scheme based on compressive sensing. Signal Process 2017;134:35–51. [35] Duarte MF, Davenport MA, Takbar D, Laska JN, Sun T, Kelly KF. Single-pixel imaging via compressive sampling. IEEE Signal Process Mag 2008;25:83–91. [36] Do TT, Gan L, Nguyen N, Tran TD. Sparsity adaptive matching pursuit algorithm for practical compressed sensing. In: Proc. 42nd asilomar conf. signals. syst. comput.; 2008. p. 581–7. [37] Theis FJ, Jung A, Puntonet CG, Lang EW. Signal recovery from partial information via orthogonal matching pursuit. IEEE Trans Inf Theory 2007;15:419–39. [38] Meng XF, Cai LZ, Wang YR, Yang XL, Xu XF, Dong GY, Shen XX, Zhang H, Cheng XC. Information security system by iterative multiple-phase retrieval and pixel random permutation. Appl Opt 2006;45:3289–97. [39] Javidi B. Nonlinear joint power spectrum based optical correlation. Appl Opt 1989;28:2358–67. [40] Chen W, Chen XD, Stern A, Javidi B. Phase-modulated optical system with sparse representation for information encoding and authentication. IEEE Photon J 2013;5:6900113. [41] Singh H, Yadav AK, Vashisth S, Singh K. Fully phase image encryption using double random structured phase masks in gyrator domain. Appl Opt 2014;53:6472–81. [42] Singh H, Yadav AK, Vashisth S, Singh K. Double phase-image encryption using gyrator transforms, and structured phase mask in the frequency plane. Opt Laser Eng 2015;67:145–56.
35