Optical color-image encryption in the diffractive-imaging scheme

Optics and Lasers in Engineering 77 (2016) 191–202

Contents lists available at ScienceDirect

Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng

Optical color-image encryption in the diffractive-imaging scheme Yi Qin a,n, Zhipeng Wang a, Qunna Pan b, Qiong Gong a a b

College of Physics and Electronic Engineering, Nanyang Normal University, Nanyang 473061, China College of Computer and Information Technology, Nanyang Normal University, Nanyang 473061, China

art ic l e i nf o

a b s t r a c t

Article history: Received 23 June 2015 Received in revised form 10 August 2015 Accepted 7 September 2015

By introducing the theta modulation technique into the diffractive-imaging-based optical scheme, we propose a novel approach for color image encryption. For encryption, a color image is divided into three channels, i.e., red, green and blue, and thereafter these components are appended by redundant data before being sent to the encryption scheme. The carefully designed optical setup, which comprises of three 4f optical architectures and a diffractive-imaging-based optical scheme, could encode the three plaintexts into a single noise-like intensity pattern. For the decryption, an iterative phase retrieval algorithm, together with a filter operation, is applied to extract the primary color images from the diffraction intensity map. Compared with previous methods, our proposal has successfully encrypted a color rather than grayscale image into a single intensity pattern, as a result of which the capacity and practicability have been remarkably enhanced. In addition, the performance and the security of it are also investigated. The validity as well as feasibility of the proposed method is supported by numerical simulations. & 2015 Elsevier Ltd. All rights reserved.

Keywords: Optical encryption Color image Coherent diffractive imaging

1. Introduction Optically encrypting images has been a hot research topic over the past three decades [1–8]. The double random phase encoding (DRPE) has received extensive attention since it is the pioneer and representative optical method for image encryption [9]. In DRPE, the image is encoded to be complex stationary white noise picture with two random phase plates, which are placed respectively at the input plane and Fourier plane. The DRPE is proved to have huge key space and to be robust against brute force attack, and it is soon put forward to the Fresnel domain [10] and fractional Fourier domain [11]. Moreover, various multiple-image and color image encryption means based on DPRE are also developed [12–14]. However, the DRPE was puzzled by two issues that hinder its further applications. On one hand, the DRPE shows vulnerability to many attacks, such as known-plaintext [15], chosen-plaintext [16] and chosen-ciphertext [17] attacks, because of its inherent linearity. On the other hand, its ciphertext is complex field and should be always registered with holographic setups, and thus high stability of the encryption architecture is prerequisite. In 2010, Chen et al. propose a diffractive-imaging-based encryption (DIBE) approach as an alternative to the DRPE scheme [18]. Thereafter, Chen's research group also developed n

Corresponding author. E-mail address: [email protected] (Y. Qin).

http://dx.doi.org/10.1016/j.optlaseng.2015.09.002 0143-8166/& 2015 Elsevier Ltd. All rights reserved.

other DIBE approaches by wavelength multiplexing and distance multiplexing [19,20]. Compared with DRPE, the DIBE extremely simplified the encryption architecture since only intensity patterns are needed for decryption and the phase information can be discarded. Furthermore, the system has relatively high security as the linearity of the DRPE encryption schemes is broken. It should be emphasized that the above mentioned DIBE methods request at least three intensity patterns to completely retrieve the plaintext. To simplify the encryption procedure, we further proposed some new algorithms that are able to extract the plaintext from single intensity pattern [21–23]. In particular, we have describe a phase retrieval algorithm using redundant data of the primary image as partial support constraint in the input plane [21], which enables one to completely retrieve the primary image from a single intensity. Although the DIBE methods have obvious merits over the DRPE, the currently available contributions [18–23] show that, to our best knowledge, they can only be adopted to encrypt single image (i. e. grayscale image or binary image). In practical applications, the color information of an image is always of especial importance. In this sense, it is strongly expected that color image can be encrypted by using the DIBE scheme. Meanwhile, in many color image encryption approaches [24–26], the R, G, B channels of the plaintext are encrypted individually. Consequently, the size of the ciphertext is often three times over that of each channel. In this regard, encryption of color image in DIBE scheme will extensively

192

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

reduce the ciphertext size and make its storage and transmission more convenient. In other words, if we can encrypt color image in the DIBE scheme without enlarging the ciphertext size, the efficiency and practicability of it will be effectively improved. Motivated by this intention, we propose here, for the first time to our knowledge, a novel color image encryption approach in the diffractive-imaging-based scheme. This new approach is achieved by combining our preceding contribution [21] and the theta modulation [27–29]. The theta-modulation is a convenient way of encoding optical images by modulating them with gratings at different orientations or with different space frequencies, and it has been applied to speckle patterns to primarily store different images into a single record [24]. With the help of the 4f scheme, the encryption could be accomplished with pure optical manner, as a result of which the efficiency has been greatly improved. Numerical results indicate that the proposed method is effective as well as feasible, and may open up a novel perspective for optical color image encryption.

2. Description of the method 2.1. The encryption principle A color image usually consists of red, green and blue elements with certain proportions, and is first decomposed into three channels, i.e., red, green and blue. During the encryption, each channel of the plaintext is appended with redundant data in the manner that is shown in Fig. 1. The redundant data are the dark area around the primary image and the values of them are zeros. To facilitate the discussion, a parameter ρ is introduced for

Redundant Data

Primary Image (R/G/B Channel)

Fig. 1. The primary R/G/B channel image appended with redundant data.

quantitatively describing the redundant data, which is defined as

ρ¼

Quantity of the redundant dataðPixelsÞ Quantity of the original imageðPixelsÞ

ð1Þ

Thereafter, the redundant R, G, B components are encoded with the optical setup illustrated in Fig. 2. The components, each bonded with a sinusoidal gratings SGi(i¼ 1,2,3), are put at the input planes of three 4f schemes, of which the focal length of the lens are f. The output planes of the 4f schemes are located at the same plane, which we denote as P. When the three images are illuminated by a plane wave with a wavelength of λ, we can get a synthetic image (SI) at plane P. Then SI is successively modulated by two random phase masks, of which M1 is immediately behind SI in plane P, and the distance between M1 and M2 is d1. The light wave emerging from M2 reach to the CCD plane after propagating a distance of d2, and its intensity is recorded by a CCD camera. It should be emphasized that the input images, the sinusoidal gratings as well as POMs M1 and M2, are displayed with space light modulator (SLM) in practical application. The phase values of M1 and M2 are between ½0; 2π . For con

 venience, symbols ðx; yÞ, η; ξ , and μ; ν are used to respectively denote coordinates of plane P, M1, M2 and the CCD plane. Although the architecture seems to be complicated to some extent, it can be considered as to comprise two functional modules. The first module consists of the three 4f schemes, and each of them generates the product of the component and the sinusoidal grating, the sum of which gives rise to the SI. The second one is the DIBE scheme that includes the two phase masks M1 and M2. In particular, the second functional module can be considered as a lensless double random phase encoding scheme with an intensity ciphertext. Obviously, the SI is the output of the first module and is simultaneously the input of the second module. Let U ðx; yÞ stand for SI, we can obtain the expression of the ciphertext recorded by CCD after a simple deduction:

 ð2Þ I μ; ν ¼ j ½FrTfFrT½U ðx; yÞM 1 ðx; yÞ; d1   M 2 η; ξ ; d2 gj 2 where jj denotes a modulus operation, FrT means the Fresnel transform with respect to λ. It is evident from Fig. 2 that the encryption process of our method can be implemented in a pure optical manner, and the speed approaches light theoretically discarding the response time of the SLMs and CCD. This is an important advantage of our proposal over the image encryption methods based on computational principles.

Fig. 2. Schematic optical setup for the proposed optical security system. R, G, B, the three channels of a color image; SG, the sinusoidal gratings; M, phase only mask; RM, reflective mirror; BS, beam splitter; SLM, space light modulator; L, lens; CCD, charge-coupled device.

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

193

Fig. 3. (a) The primary color image; (b) the primary image (R channel) with redundant data; (c) one of the sinusoidal gratings; (d) the synthetic image (SI); (e) M1; (f) M2; (g) the ciphertext.

2.2. The decryption principle The decryption procedure should be completed digitally. We will extract the R, G, B components from the ciphertext and then compose the primary color image from them. For this purpose, the SI is first extracted from the single intensity with a phase retrieval algorithm, in which the redundant data serves as partial input plane support constraint [21]. First of all, we make a constant or random estimate of the plaintext, and propagate it, which we denote as T n ðx; yÞ; n ¼ 1, forward to the CCD plane:
   
  U n μ; ν ¼ FrT FrT T n ðx; yÞM 1 ðx; yÞ; d1 M 2 η; ξ ; d2

ð3Þ


 Thereafter, we retain the phase information of U n μ; ν while substitute its amplitude with the square root of the intensity map


 I μ; ν , and then we have
 qffiffiffiffiffiffiffiffiffiffiffiffiffiffi


 U n μ; ν ¼ I μ; ν U n μ; ν = U n μ; ν

ð4Þ

Afterwards, this new complex amplitude is propagated back to the input plane, and then we construct a new estimated plaintext by combining the support constraint and the intensity estimation, which is given by n h
i o 2    T n þ 1 ðx; yÞ ¼ RD ðx; yÞ; ρ FrT FrT U n μ; ν ;  d2 M 2 ðp; qÞ;  d1



ð5Þ   where RD ðx; yÞ; ρ stands for the support constraint with the parameter of ρ, and the superscript * represents the complex conjugate. Then T n þ 1 ðx; yÞ is employed as a new estimate to substitute T n ðx; yÞ in Eq. (3). This procedure will go on until the

194

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

Iterative error(log)

5

R G B

0 B

-5

G

0

100 200 300 Iteration number

400

R

Fig. 4. (a) The corresponding relationship between the number of iterations and iterative errors; (b) the retrieved SI after removing the redundant data; (c) the Fourier transform of SI; (d), (e), (f), the retrieved R, G, B components; (g) the reconstructed primary color image.

iterative error between T n þ 1 ðx; yÞ and T n ðx; yÞ, which can be expressed by X   T n þ 1 ðx; yÞ  T n ðx; yÞ 2 ; Error ¼ ð6Þ becomes smaller than a preset threshold (δ). If iteration process is terminated, T n þ 1 ðx; yÞ is considered as a decrypted SI. Once the SI is obtained, we will then extract the R, G, B components from it. The SI retrieved after removing the redundant data can be expressed as X g ðx; yÞ ¼ f i ðx; yÞSGi ðxÞ ð7Þ i ¼ 1;2;3

Where f i ðx; yÞði ¼ 1; 2; 3Þ represents respectively the R, G, B components of the primary color image, SGi ðxÞ ¼ m0 þ m cos 2π pi x, Where m0 and m are two constants, and pi is the spatial frequency of the sinusoidal grating SGi ðxÞ. Generally speaking, it is hard to separate any one of several frames if they are spatially overlapped.

However, this goal can be achieved thanks to the sinusoidal gratings in contact with each image, which is also referred to as thetamodulation [24–26]. In other words, we can extract each f i ðx; yÞ from g ðx; yÞ with low cross-talk. For this purpose, we perform Fourier transform on both sides of Eq. (7) and have Gðp; qÞ ¼ FT½g ðx; yÞ X

 ¼ m0 F i ðp; qÞ þ mF i p þ pi ; q þ mF i p  pi ; q

ð8Þ

i ¼ 1;2;3

Where F i ðp; qÞ is the Fourier transform of f i ðx; yÞ. It can be seen that for each f i ðx; yÞ, there are three terms one centered in the origin and the other two symmetrically located around the centered term. By carefully choosing pi , we can make all the spectra but those centered in the origin separated from each other in the Fourier plane. Consequently, it is possible to reserve only the
 Fourier spectrum corresponding to f i ðx; yÞ, i. e. F i p þpi ; q or
 F i p  pi ; q , by filtering out all other spectra with a filter. Then f i

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

ðx; yÞ can be recovered after the inverse FT operation. Therefore, a decrypted color image can be obtained by an incorporation of three decrypted channels. It can be known that sinusoidal gratings are pivotal for carrying out the theta-modulation. The Δp ¼ pi  pi  1 should not be too small, otherwise the spectra of the primary images (i. e. the R, G, B components) will overlap in the Fourier plane. In addition, the theta-modulation can also employ sinusoidal gratings formed by rotating a sinusoidal grating with different orientations.

1 0.9

CC

0.8 0.7 0.6

R Channel G Channel B Channel

0.5 0.06 0.08 0.10 0.12 0.14 0.16 0.18 0.20

Δp Fig. 5. The dependence of CC on Δp.

195

3. Simulation results and discussion We performed numerical simulations to confirm the effectiveness of the proposed color image encryption system. To objectively estimate the quality of the decrypted results, the correlation coefficient (CC) and peak signal-to-noise ratio (PSNR) between the original image and recovered image are employed as the criterion for evaluating the similarity between them. The secret color image is Peppers with a size of 256  256 pixels and is displayed in Fig. 3(a). The threshold δ is set as 0.000001. The parameters m0 and m are set as 2 and 1, respectively. The frequencies associated with the sinusoidal gratings are p1 ¼ 0:4, p2 ¼ 0:28 and p3 ¼ 0:14. The primary image (R channel) with redundant data is shown in Fig. 3(b), which is of 300  300 pixels and corresponds to ρ ¼0.37. The sinusoidal gratings have the same orientations but different frequencies, and one of them is shown in Fig. 3 (c). The light for illumination is a plane wave and its wavelength is 632.8 nm. The distances of d1 and d2 are both equal to 100 mm. The SI obtained in plane P is shown in Fig. 3(d). Fig. 3(e) and (f) shows the phase values of M1 and M2. The intensity pattern recorded by CCD, namely the ciphertext, is shown in Fig. 3(g). In order to illustrate the iterative process, the dependence of the number of iterations on the iterative error (with a logarithm scale) is displayed in Fig. 4(a). It can be learn from Fig. 4(a) that the recycle terminated after total 306 iterations, thus it can be concluded that the proposed method possesses a rapid convergence

Fig. 6. The quality-improved decryption (d) with another three sinusoidal gratings [(a)–(c)].

196

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

-3

x 10

4

CC

2 0 -2 -4 -6

0

500 1000 1500 Iteration number

2000

-3

x 10

8

CC

6 4 2 0

0

500 1000 1500 Iteration number

2000

500 1000 1500 Iteration number

2000

-3

x 10

0

CC

-2 -4 -6 -8

0

-3

6

x 10

CC

4 2 0 -2

0

500 1000 1500 Iteration number

2000

Fig. 7. (a) The dependence of CC on iteration number with incorrect M1; (b) the retrieved SI after 2000 iterations corresponding to (a); (c) the recovered color image from (b); (d) the dependence of CC on iteration number with incorrect d1(Δd1 ¼ 1 mm); (e) the retrieved SI after 2000 iterations corresponding to (d); (f) the recovered color image from (e); (g) the dependence of CC on iteration number with incorrect d2 (Δd2 ¼ 1 mm); (h) the retrieved SI after 2000 iterations corresponding to (g); (i) the recovered color image from (h); (j) the dependence of CC on iteration number with incorrect λ (Δλ ¼ 10 nm); (k) the retrieved SI after 2000 iterations corresponding to (j); (i) the recovered color image from (k).

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

rate. The retrieved SI after removing the redundant data is shown in Fig. 4(b), and the CC and PNSR between it and the primary one are CC ¼1 and PSNR ¼63.90 dB, which indicates that the SI has been exactly recovered. The Fourier spectrum of it is shown in Fig. 4(c), on which the spectra corresponding to the R, G, B components are marked by black rectangles. For retrieving f 1 ðx; yÞ, we filter out all but the given spot associated with it and thereafter perform the Fourier transform. The recovered f 1 ðx; yÞ is given in Fig. 4(d), and the CC and PNSR between it and the primary one are CC ¼0.8814 and PSNR ¼32.50 dB. By using the same method, f 2 ðx; yÞ and f 3 ðx; yÞ are reconstructed and respectively displayed in Fig. 4(e) and (f), for which The CC values are CC ¼0.9417 (PSNR ¼33.01 dB) and CC¼ 0.7241 (PSNR ¼32.33 dB). The recovered color image is shown in Fig. 4(g). It can be seen from Fig. 4 (d)–(g) that there is some degradation in quality of the decryption results, which is mainly due to the cross-talk in the Fourier plane. Intuitively, the frequency of the grating should fulfill the following requirements to alleviate cross-talk. On one hand, all of the high frequency spectra should locate far from the origin in the Fourier plane; on the other hand, every two of the high frequency spectra should separate fully from each other. In order to quantitatively evaluate of the decrypted images, we calculate the CC values when Δp take different values, provided the frequency of the sinusoidal grating for modulating G component is fixed to p2 ¼ 0:28. It can be seen from Fig. 5 that the change of Δp has little influence on the decrypted R channel, but the increase of it will deteriorate the B channel evidently. This can be interpreted that with the increase of Δp, the spectrum corresponding to B component will shift to the origin and is mainly affected by the zero frequency components. To the contrary, the CC values for G component slightly grow with the raise of Δp, which makes the spectra of R and B locate farther from that of G and therefore reduces the cross-talk. Consequently, we can hardly simultaneously obtain high quality recoveries of all three channels. Therefore, the value of Δp should be carefully chosen for actual applications. To further improve the quality of the decrypted image, we select another group of sine gratings for encryption, the selection of which is intended to separate the spectra of the R, G, B components as far as possible. The three new gratings are shown in Fig. 6(a)–(c), and the frequencies associated with them are p1 ¼ 0:37, p2 ¼ 0:20 and p3 ¼ 0:29 and the decrypted color image is shown in Fig. 6(d). It is clear that the quality of it is obviously better that that shown in Fig. 4(d).

197

In actual applications, the phase only masks, along with the axis distances and the illumination wavelength, serve as secret keys. Fig. 7(a) shows the relationship between CC values and the iteration numbers when an incorrect M1 is used for decryption. It can be seen that the CC values are maintained at a low stage of value. A typical decrypted SI after 2000 iterations is shown in Fig. 7(b), for which CC¼ 0.0020 (PSNR¼26.00 dB). It is evident that the decrypted SI has irrelevant to the expected image shown in Fig. 4(b), and Fig. 7(c) shows a failure recovery of the primary color image. The decryption results for a wrong M2 resemble those for M1, thus they are not given here for conciseness. While the axial distance employed has a deviation of 1 mm from the correct value during decryption, the relationship between CC values and the iteration numbers is shown Fig. 7(d). A typical decrypted SI after 2000 iterations in this case is shown in Fig. 7(e), for which CC¼  0.0034 (PSNR¼26.23 dB). The retrieved color image in this case is shown in Fig. 7(f). Fig. 7 (g) shows the curve of CC versus iteration number when d2 has a deviation of 1 mm from the correct value, and Fig. 7(h) shows the decrypted SI after 2000 iterations, which is associated with CC¼  0.0020 (PSNR¼25.99 dB). Fig. 7(i) displays the color image obtained in this case. In addition, the dependence of CC values on the iteration numbers is presented in Fig. 7(j) in case of a deviation of 10 nm in wavelength during decryption. A typical decrypted SI after 2000 iterations in this case is shown in Fig. 7(k), for which CC¼  0.0025 (PSNR¼26.24 dB), and the corresponding recovered color image is shown in Fig. 7(l). This means that an unauthorized user will fail to recover the original color image without any one of the secret keys. Thus the security system is highly resistant against brute force attacks due to possible permutations of multiple keys.

4. System performance analysis 4.1. Key space and sensitivity analysis For a practical cryptosystem, the key space of it is wished to be as large as possible. For our proposal, we first test the sensitivity of the secret keys of M1 and M2. Fig. 8(a) and (b) shows the decrypted image when 40% of pixels of them are respectively incorrect. This means that, one must hold 60% correct values of M1 and M2 at the same time, provided all other parameters are

Fig. 8. The decrypted images when 40% pixels of M1 (a) and M2 (b) are incorrect.

198

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

already mastered. Assuming each pixel of the masks is of 8 bit, the key space created by M1 and M2 reaches to 2283000:6 . As it has been shown in Fig. 7, the sensitivity of wavelength and distance are respectively 10 nm and 1 mm and hence the key space created

300

by them is calculated as 40  103  103 provided the their scopes are defined as 400 nm and 1000 mm. Hence, the key space of our method is totally 40  103  103  2283000:6 , which is huge enough to resist to the brute-force attack.

250 200

200

150 100

100

50 0

50

100

150

200

250

200

0

50

100

150

200

250

50

100

150

200

250

50

100

150

200

250

50

100

150

200

250

150

150

100

100 50

50 0

50

100

150

200

250

0

150

300

100

200

50

100

0

50

100

150

200

250

0

300

150

200

100

100

50

0

50

100

150

200

250

0

Fig. 9. Histograms for the primary images and encrypted images. (a) Histogram of R channel of Lena; (b) histogram of G channel of Lena; (c) histogram of B channel of Lena; (d) histogram of ciphered image of Lena; (e) histogram of R channel of Peppers; (f) histogram of G channel of Peppers; (g) histogram of B channel of Peppers; (h) histogram of ciphered image of Peppers.

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

199

Fig. 10. The 6.5% occluded ciphertext (a) and its decryption results (b); the contaminated images (c) and the its decryption results (d).

4.2. Histogram analysis

4.4. The correlation of adjacent pixels

Let us consider the statistical analysis of the primary image and the encrypted image. For comparison, the image Peppers shown in Fig. 3(a) as well as another color image Lena are encrypted using the proposed scheme. Fig. 9(a), (b), and (c) shows the gray histograms of the three channels of Lena and Fig. 9(e), (f), and (g) show those of Peppers. Fig. 9(d) and (h) show the gray histograms of encrypted Lena and Peppers, respectively. We can see that, although the two primary images have distinctly different statistical characters, the histograms of their encrypted forms are almost identical. As a result, one cannot get any valuable information from the statistical analysis of the histograms.

It is widely known that correlation of two adjacent pixels in a natural image is highly correlated, and this appearance should be significantly suppressed in the ciphertext. We randomly select 1000 pixel pairs from the R, G, B channels of the primary image (in vertical, horizontal and diagonal directions) to test the correlation. Fig. 11(a)–(c) shows the correlation of the R, G, B channels in horizontal before encryption and Fig. 11(d) shows the correlation of the ciphertext. The correlation coefficients [30] of the R, G, B channels and the corresponding ciphertext in the proposed algorithm are listed in Table 1. It can be concluded that the correlation of adjacent pixels of the ciphertext is much lower than those of original R, G, B components.

4.3. Occlusion and noise attacks Generally, the ciphertext may be contaminated or partially lost, and thus we also test the robustness of the proposal against occlusion and noise attacks. Fig. 10(a) and (b) shows the occluded ciphertext with 6.5% content loss and the corresponding decrypted image. Fig. 10(c) and (d) shows the contaminated ciphertext (polluted by random noise distributed in [0 0.1]) and the corresponding decrypted image. It can be learned from Fig. 10(b) and (d) that in both cases decrypted image reveals most information of the primary image and hence the proposal can be claimed to be robust against occlusion and noise attacks.

4.5. The differential attack To evaluate the resistant of our method to the differential attack, two critera referred to as Number of Pixels Change Rate (NPCR) and the Unified Average Changing Intensity (UACI) are employed. The formula for calculating them are given by X DR;G;B ði; jÞ NPCRR;G;B ¼

i;j

W H

 100%

ð9Þ

200

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

250

250

200

200

150

150

100

100

50

50 50

100

150

200

250

250

250

200

200

150

150

100

100

50

50 50

100

150

200

250

50

100

150

200

250

50

100

150

200

250

Fig. 11. Horizontal correlation of adjacent pixels before and after encryption: (a) R channel; (b) G channel; (c) B channel; (d) ciphertext.

Table 2. It is evident that our proposal is not sensitive to the changes of the plaintexts, and therefore the cryptosystem must be carefully protected from the attacks of this type.

Table 1 Correlation coefficients of plain image and ciphertext. Correlation

Vertical

Horizontal

Diagonal

R channel G channel B channel ciphertext

0.9507 0.9641 0.9461 0.2078

0.9459 0.9627 0.9286 0.2104

0.9059 0.9301 0.8990 0.2118

Table 2 NPCR and UACI of ciphertext by changing their original images one pixel. NPCR(%)

UACI(%)

R

G

B

R

G

B

100

100

100

0.9500

0.0133

0.0133

2X 1 6 6 UACIR;G;B ¼ W  H4

j C R;G;B ði; jÞ  C ‘R;G;B ði; jÞj

i;j

255

3 7 7  100% 5

ð10Þ

where W and H indicate respectively the width and height of the image. C R;G;B ði; jÞ and C 0R;G;B ði; jÞ stand for the ciphertexts before and after changing one pixel of the plaintext. The value of DR;G;B ði; jÞ equals 1 when C R;G;B ði; jÞ a C 0R;G;B ði; jÞ and otherwise equals 0. Both of them are expected to be as large as possible if the cryptosystem is robust to differential attack. Two primary images are engaged in the tests. The first one is the original image, and the other is generated by changing one pixel value of each channel. Then the two images are encrypted by using the same optical architecture shown in Fig. 2. The calculation of NPCR and UACI is listed in

4.6. Classical types of attacks Cryptographic attacks are often potential threats to an optical cryptosystem. With regard to this proposal, its security depends mainly on the second module, namely the lensless double random phase encoding scheme with an intensity ciphertext. So we can analysis its robustness to attacks regarding the SI as the plaintext without loss generality. We apply known-plaintext attack (KPA) methods which have been put forward in [15] to the proposal. In this case, the relationship between the CC values and the iteration number is shown in Fig. 12(a), and the retrieved SI after 2000 iterations is shown in Fig. 12(b). The retrieved results are random noises, and the plaintext cannot be cracked, which indicates that the proposed encryption system can well resist enemy's attacks. What is more, it is easy to show that our proposal is also robust to chosen-plaintext attack (CPA) that described in [16]. The CPA originates from the linearity of the encryption scheme, however, in our method, only the intensity distribution in the output plane is recorded as ciphertext, and therefore the relationship between the output and the input is nonlinear. It can be concluded that our proposal has relatively high security to CPA and KPA. In fact, the security can be further enhanced if we employ more than two masks in the second module, as a consequence of which a larger key space can be achieved. It is also very meaningful to consider the robustness of the system when occlusion happens. Since the phase retrieval algorithm in this proposal originates from the method developed in [21] where we demonstrate the decryption is rather sensitive to occlusion attack, the quality of SI will decrease quickly with the increase of the occlusion parts. Consequently, the proposed method will therefore be vulnerable to occlusion.

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

5 x 10

201

-3

CC

0

-5

-10 0

1000 Iteration number

2000

Fig. 12. (a) The dependence of CC on iteration number when KPA is imposed on the proposal; (b) the retrieved SI with KPA.

4.7. The speed performance analysis

4.9. Reduction of the ciphertext size

In this subsection, the speed performance of our method will be analyzed. It should be pointed out that the encryption of our method is very time-saving since it is carried out with a pure optical manner. Thus, the performance of the decryption process is mainly investigated. Experiment for assessing the speed of our method is performed in a Windows 7 Professional operating system, and the computer is of an Intel Core 2.6 GHz CPU, 4 GB RAM and 500 GB hard disk. The most time-consuming part in computations is the iterative process, since the Fourier transform should be executed for 8 times in each iteration, and the time associated with it is 12.29 s. In contrast, the total elapsed time for completing decryption is 14.25 s. Hence, the decryption time of our method is much more than that of some previous methods [24,31]. Nevertheless, the superior of this proposal over them is the encryption time, which theoretically gets close to the speed of light neglecting the response time of the SLMs and CCD.

For an encryption scheme, people care much about the ciphertext size. Recently, various compression methods are proposed to reduce the ciphertext size [1,35]. With regard to our method, we can reduce it through decreasing the redundant data. Obviously, the value of ρ determines the quantity of the redundant data. In the above numerical simulations, the value of ρ is set as 0.37 and the size of ciphertext is 300  300 pixels. If we set ρ as 0.19, the size of ciphertext changes to 280  280 pixels. Although reduction of ρ will lead to reduction of the ciphertext size, the iteration number for correct decryption will be enhanced. Thus there must be a tradeoff between the speed and data capacity when deciding the value of ρ.

4.8. Comparison of the proposal with others It is also significant to compare our method to some other cryptography. The conventional encryption methods, such as data encryption standard (DES) [32], encryption standard (DES) as well as chaos-based encryption [33,34] have received widely interests. The encryption process of them is based on computational methods and is relatively time-consuming comparing with the DIBE, as the DIBE employs a pure optical scheme and the encryption can be performed with high speed. In particular, Liu and Wang proposed a novel method for color image encryption by aid of spatial bit-level permutation and chaotic system [24]. The main merit of our method over it is that the encryption of our method can be conducted optically, as a result of which only a very short time is required. Moreover, the size of ciphertext of our proposal is only one third of that in Liu method. As it were, the theta-modulation can be regarded as a compressive technique that reduces the size of ciphertext to 1/3 of itself. However, there are also some defaults in our proposal. First, the quality of the decrypted image is relatively low owing to the cross-talk. Meanwhile, it also exhibits vulnerability to differential attack while Liu method shown resist against common attacks.

5. Conclusion We have proposed a new method, for the first time to our knowledge, by combining diffractive imaging and the theta modulation for optical color-image encryption. The three channels of the color image are added by redundant data in advance and are then send to the encryption scheme, which contains of three 4f schemes and a diffractive-imaging-based optical scheme. The three plaintexts can be encoded into a single noise-like intensity pattern. For decryption, an iterative phase retrieval algorithm is employed to recover the SI and then one can extract the RGB components from it by aid of filtering operation. Numerical results demonstrate that the proposed methods are feasible and effective for color image encryption. In addition, the proposed method is proved to be robust to some cryptographic attacks.

Acknowledgments This study was supported by the National Natural Science Foundation of China (61505091) and the Excellent Young Teacher Fund of Nanyang Normal University (QN2015013) and the Fundamental and Cutting-edge Technology Research Program of Henan Province (142300410454).

202

Y. Qin et al. / Optics and Lasers in Engineering 77 (2016) 191–202

References [1] Alfalou A, Brosseau C. Optical image compression and encryption methods. Adv Opt Photon 2009;3:589–636. [2] Hwang HE, Chang HT, Lie WN. Fast double-phase retrieval in Fresnel domain using modified Gerchberg–Saxton algorithm for lensless optical security systems. Opt Express 2009;16:13700–10. [3] Nishchal NK, Naughton TJ. Flexible optical encryption with multiple users and multiple security levels. Opt Commun 2011;3:735–9. [4] Zhang Y, Wang B. Optical image encryption based on interference. Opt Lett 2008;33:2443–5. [5] Wang X, Chen W, Chen X. Fractional Fourier domain optical image hiding using phase retrieval algorithm based on iterative nonlinear double random phase encoding. Opt Express 2014;19:22981–95. [6] Zhou N, Wang Y, Gong L. Novel optical image encryption scheme based on fractional Mellin transform. Opt Commun 2011;13:3234–42. [7] Liu W, Liu Z, Liu S. Asymmetric cryptosystem using random binary phase modulation based on mixture retrieval type of Yang–Gu algorithm. Opt Lett 2013;10:1651–3. [8] Liu Z, Guo Q, Xu L, Ahmad MA, Liu S. Double image encryption by using iterative random binary encoding in gyrator domains. Opt Express 2010;11:12033–43. [9] Refregier P, Javidi B. Optical image encryption based on input plane and Fourier plane random encoding. Opt Lett 1995;7:767–9. [10] Situ GH, Zhang JJ. Double random-phase encoding in the Fresnel domain. Opt Lett 2004;14:1584–6. [11] Unnikrishnan G, Joseph J, Singh K. Optical encryption by double-random phase encoding in the fractional Fourier domain. Opt Lett 2000;12:887–9. [12] Situ GH, Zhang JJ. Multiple-image encryption by wavelength multiplexing. Opt Lett 2005;11:1306–8. [13] Abuturab MR. Color image security system using double random-structured phase encoding in gyrator transform domain. Appl Opt 2012;15:3006–16. [14] Zhang SQ, Karim MA. Color image encryption using double random phase encoding. Microw Opt Technol Lett 1999;21:318–23. [15] Peng X, Zhang P, Wei H, Yu B. Known-plaintext attack on optical encryption based on double random phase keys. Opt Lett 2006;8:1044–6. [16] Peng X, Wei H, Zhang P. Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain. Opt Lett 2006;31:3261–3. [17] Carnicer A, Montes-Usategui M, Arcos S, Juvells I. Vulnerability to chosencyphertext attacks of optical encryption schemes based on double random phase keys. Opt Lett 2005;30:1644–6. [18] Chen W, Chen X, Sheppard CJR. Optical image encryption based on diffractive imaging. Opt Lett 2010;35:3817–9.

[19] Chen W, Chen X, Sheppard CJR. Optical double-image cryptography based on diffractive imaging with a laterally translated phase grating. Appl Opt 2011;29:5750–7. [20] Chen W, Chen X, Anand A, Javidi B. Optical encryption using multiple intensity samplings in the axial domain. J Opt Soc Am A 2013;5:806–12. [21] Qin Y, Wang Z, Gong Q. Diffractive-imaging-based optical image encryption with simplified decryption from single diffraction pattern. Appl Opt 2014;19:4094–9. [22] Wang Z, Zhang S, Liu H, Qin Y. Single-intensity-recording optical encryption technique based on phase retrieval algorithm and QR code. Opt Commun 2014;332:36–41. [23] Qin Y, Wang Z, Gong Q. Simplified optical image encryption approach using single diffraction pattern in diffractive-imaging-based scheme. Opt Exp 2014;18:21790–9. [24] Liu HJ, Wang XY. Color image encryption using spatial bit-level permutation and high-dimension chaotic system. Opt Commun 2011;284:3895–903. [25] Liu HJ, Wang XY. Color image encryption based on one-time keys and robust chaotic maps. Comput Math Appl 2010;59:3320–7. [26] Chen W, Chen X, Sheppard CJR. Optical color-image encryption and synthesis using coherent diffractive imaging in the Fresnel domain. Opt Express 2012;20:3853–65. [27] Ojeda-Castañeda J, Sicre EE. Theta-modulation decoder based on the Lau effect. Opt Commun 1986;2:87–91. [28] Mosso F, Barrera JF, Tebaldi M, Bolognini N, Torroba R. All-optical encrypted movie. Opt Express 2011;6:5706–12. [29] Mosso F, Tebaldi M, Barrera JF, Bolognini N, Torroba R. Pure optical dynamical color encryption. Opt Express 2011;15:13779–86. [30] Liu HJ, Wang XY, kadir A. Image encryption using DNA complementary rule and chaotic maps. Appl Soft Comput 2012;12(5):1457–66. [31] Zhang YQ, Wang XY. A symmetric image encryption algorithm based on mixed linear nonlinear coupled map lattice. Inf Sci 2014;273:329–51. [32] Stinson DR. Cryptography: theory and practice. Boca Raton, FL: CRC Press; 1995. [33] Wang XY, Teng L, Qin X. A novel colour image encryption algorithm based on chaos. Signal Process 2012;92:1101–8. [34] Wang XY, Yang L, Liu R, kadir A. A chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn 2010;62:615–21. [35] Alfalou A, Brosseau C, Abdallah N, Jridi M. Simultaneous fusion, compression, and encryption of multiple images. Opt Express 2011;19:24023–9.