Robust multidepth object encryption based on a computer-generated hologram with a cascaded structure

Mei-Lan Piao; Shi-Gang Wang; Yan Zhao; Jian Wei; Yu Zhao; Nam Kim

doi:10.1364/AO.58.009921

1. INTRODUCTION

Optical encryption technology has attracted attention owing to the increasing importance of information security in data transmission and communication. Recently, it has become possible to generate and transmit massive three-dimensional (3D) image data in various fields in modern technology, medicine, and education. Nevertheless, these transmissions are susceptible to serious threats and attacks by unauthorized users, thus motivating and justifying the studies conducted on 3D information encryption [1–7]. Among different types of 3D image optical encryption schemes, cryptosystems based on computer-generated holograms (CGHs) are particularly efficient and popular in optical information processing as they have many significant characteristics, such as easier preservation, transmission, and reconstruction for both real and virtual 3D scenes [8,9]. In addition, optical approaches can be easily adopted as the generated holograms can be flexibly controlled by devices. Thus, the encryption of a target image using CGH has been a topic of immense interest. Situ and Zhang [10] proposed a lensless optical security scheme based on a computer-generated phase hologram, which performs masking for a much simpler and safer security system. However, optical encryption methods based on double-random-phase encryption (DRPE) are vulnerable to attacks, such as known-plaintext (NPA) and chosen-plaintext (CPA) attacks, owing to their inherent linearity properties [11]. To resist potential attacks, cryptosystems based on phase-truncated Fourier transform (PTFT) were introduced in which the encryption keys were different from the decryption keys and the linear response of the cryptosystem was altered [12]. In a PTFT-based cryptosystem, two public keys are used to encrypt the original image into a real-value ciphertext, whereas two phase distributions in the Fourier and output domains are retained as decryption keys. These systems resisted the current state-of-the-art attacks and were hence determined to be better encryption schemes [13]. However, the encrypted information of this scheme is revealed using encryption keys considered as public keys. Accordingly, these PTFT-based schemes are also vulnerable to attacks known as specific attacks [14–16].

In addition to PTFT-based cryptosystems, various asymmetric encryption schemes based on CGH have been proposed. Wang et al. [17] proposed an optical image encryption system that is robust against occlusion and noise based on Fourier CGH and pixel scrambling. Xi et al. [18] proposed an optical image encryption experimental method based on asymmetric double random phases and CGH. Although the asymmetric encryption system was implemented in an actual optical system, the robustness against some common attacks still needs to be analyzed and verified. Ma and Jin [19] proposed a symmetric and asymmetric hybrid cryptosystem based on compressive sensing and CGH for high-level security. Their computer simulation results confirmed the feasibility of this method and its robustness against occlusion and additional noise. Piao et al. [20] proposed a method for multidepth image encryption using a phase retrieval algorithm and intermodulation in Fresnel and fractional Fourier domains. The main concern in this study is to reduce the speckle noise and cross talk between encrypted multidepth images. In addition, the display of the 3D contents and the encryptions based on CGH were investigated. Tsang et al. [21] proposed a method for the fast generation and encryption of a holographic video sequence. In this approach, the Rivest–Shamir–Adleman algorithm was adopted for the generation of public and private keys, and anyone who was given the public key could encrypt the information, but only the user who held the private key could decrypt the content. However, the original image could be recovered even with a private key error, but this would lead to extensive distortion. Cao et al. [22] proposed a 3D image encryption and display method based on CGH. In this method, the 3D image was encoded into two phase-only CGHs and was decrypted by a single phase-only hologram, which was generated by interleaving two phase-only CGHs. Despite such a nonlinear encryption approach, the resistances to decryption attacks constitute major issues that need to be confirmed and further analyzed.

In this paper, considering the need for a 3D image encryption method that is highly secure, we propose a robust 3D object encryption scheme in which the encryption is performed using CGH combined with matrix superposition and decomposition methods. The original 3D objects to be encrypted are converted into the Fresnel CGH based on point cloud and depth plane methods [9,23]. The Fresnel hologram is then decomposed into two phase-only masks (POMs), which are used as fractional Fourier transform (FrFT) domain keys for the encryption of the 3D object. Asymmetric private keys are generated from two cascaded FrFT modules to enhance the level of security. The wavelength and propagation distance of the Fresnel CGH and the fractional orders of FrFT are considered as the additional decryption keys and are directly related to the original image. Simulation results and security analyses confirmed that the proposed asymmetric cryptosystem with matrix superposition and decomposition methods is resistant to various types of attacks, such as brute-force attack (BFA), CPA, NPA, and ciphertext-only attack (COA). The proposed scheme was used to secure a point cloud 3D object and for multidepth 3D images. To the best of our knowledge, this is the first paper reporting the successful development of a multidepth encryption algorithm with cryptanalysis.

2. ENCRYPTION AND DECRYPTION

The concept of the proposed method for generating a CGH of a multidepth 3D object is outlined as follows. Consider an object scene defined in 3D space, as shown in Fig. 1. We record the complex amplitude $ H(u,v) $ on a hologram plane of a 3D object, which consists of N object points and is expressed by the $i$th coordinates $ ({x_i},{y_i},{z_i}) $ and intensity $ {O_i} $ of the object point. The groups of object points are divided into multiple layers at different depths. Therefore, the 3D object can be considered a series of sub-layers. Every point in a given sub-layer can be considered a pixel in a two-dimensional (2D) image. Accordingly, a significantly smaller amount of time is required to calculate each 3D depth layer compared with each 3D point cloud. The sub-hologram of the 3D object is obtained by performing the Fresnel diffraction calculation at each sub-layer. A phase mask is generated by assigning a uniformly distributed random phase value $ \theta (x,y) $ within the range $ [0,2\pi] $ to each pixel. For each sub-layer, its pixel value is multiplied with the corresponding phase term in the phase mask to yield a modified image $ O^\prime_i(x,y) $ given by

(1)$$O^\prime_i(x,y) = {O_i}(x,y)\exp [j\theta (x,y)].$$

Under the Fresnel approximation, the relationship between the input signal $ O^\prime_i (x,y,{z_i}) $ and the transformed result $ {H_i}(u,v,0) $ in the hologram plane can be expressed as

(2)$$\begin{split}{H_i}(u,v,0) = \,& \frac{{\exp (jk{z_i})}}{{j\lambda {z_i}}}\iint O_i^\prime (x,y,{z_i})\\ &\times \exp \left\{ {j\frac{\pi }{{\lambda {z_i}}}\left[ {{{(u - x)}^2} + {{(v - y)}^2}} \right]} \right\}{\rm d}x{\rm d}y,\end{split}$$

where $ {z_i} $ is the perpendicular distance between the hologram plane and the sub-layer plane, $ \lambda $ is the wavelength of the object wave, and $ k = 2\pi /\lambda $ is the wavenumber. Accordingly, by superimposing the contributed complex amplitude of each sub-layer, we can obtain the full complex amplitude of the 3D object in the hologram plane as follows:

(3)$$H(u,v) = \sum\limits_{i = 1}^L {{H_i}(u,v)} ,$$

where $ L $ is the total number of calculated holograms. After obtaining the complex hologram $ H(u,v) $, its phase and amplitude component are obtained by $ {H_P}(u,v){\rm = }\arg \{ {H(u,v)} \} $ and $ {H_A}(u,v){\rm = }{\rm abs}\{ {H(u,v)} \} $, where $ \arg \{ \cdot \} $ represents the phase angle and $ {\rm abs}\{ \cdot \} $ represents the complex modules.

Fig. 1. Fresnel hologram calculation for an L-layer 3D scene.

Download Full Size | PDF

For encryption, the phase component $ {H_P}(u,v) $ is divided into two POMs using matrix superposition and decomposition methods, as shown in Fig. 2. First, we generate a phase function $ \exp [j\vartheta (u,v)] $, where the distribution $ \vartheta (u,v) $ randomly ranges from 0 to ${2}\pi $. The phase distribution of the CGH $ {H_P}(u,v) $ is added to the phase function $ \exp [j\vartheta (u,v)] $ to create a matrix $ A $ and its transpose matrix $ B $, both of which have sizes equal to $ m \times m $ pixels. These matrices are then combined into an enlarged matrix $ P $ with a size equal to $ m \times {2}m $ pixels by interleaving the columns of matrices $ A $ and $ B $. Finally, the matrix $ P $ can be divided into two POMs ($ m \times m $), which are used to encode the amplitude-only distribution of the CGH. In the decomposition operation, the rows of matrix POM1 are rearranged sequentially according to the odd rows of matrix $ P $. Similarly, the rows of matrix POM2 are rearranged sequentially according to the even rows of matrix $ P $.

Fig. 2. POM generation process using the matrix superposition and decomposition algorithm.

Download Full Size | PDF

The two created POMs are then used for multidepth 3D object encryption and are considered as public keys in cascaded FrFT structures. The schematic of the encryption process is shown in Fig. 3. In this study, instead of the Fourier and Fresnel spectra, the fractional Fourier spectrum [24] is subject to amplitude and phase truncations. The most significant features of the fractional Fourier domain and optical image encryption benefit from the extra degrees-of-freedom provided by the fractional orders. Those offered by the FrFT were utilized as a new key in our encryption schemes, as will be discussed later.

Fig. 3. Multidepth object encryption process.

Download Full Size | PDF

According to our proposed method, only the amplitude distribution of the CGH is retained and multiplied by the encryption key $ \exp [j\phi (u,v)] $, and its FrFT is defined as

(4)$$\begin{split}{E_\alpha }({\xi _1},{\eta _1}) &= \iint {K_{{\phi _\alpha }}}(u,v;{\xi _1},{\eta _1}){H_A}(u,v)\\&\quad\times\exp [j\phi (u,v)]{\rm d}u{\rm d}v,\\& = \left| {{E_\alpha }({\xi _1},{\eta _1})} \right| \times \exp [j{\psi _\alpha }({\xi _1},{\eta _1})],\end{split}$$

where $ {\phi _\alpha } = {{\alpha \pi } / 2} $ is the angle corresponding to the fractional transform order $ \alpha $,

(5)$$ \begin{split}&{K_{{\phi _\alpha }}} (u,v;{\xi _1},{\eta _1}) \\&\quad = \frac{{\exp [ - j(\pi /4){\rm sign}(\sin {\phi _\alpha }) + j{\phi _\alpha }/2]}}{{\sqrt {\left| {\lambda {f_1}\sin {\phi _\alpha }} \right|} }}\\ &\qquad\times \exp \left\{ {j\pi \left[ {\frac{{{u^2} + {v^2} + {\xi _1}^2 + {\eta _1}^2}}{{\lambda {f_1}\tan {\phi _\alpha }}} - 2\frac{{uv + {\xi _1}{\eta _1}}}{{\lambda {f_1}\sin {\phi _\alpha }}}} \right]} \right\}\end{split}$$

is the transform kernel, and $ {f_1} $ is a scaling factor related to the optical setup [25]. Then, $ | {{E_\alpha }({\xi _1},{\eta _1})} | $ is the amplitude distribution and $ \exp [j{\psi _\alpha }({\xi _1},{\eta _1})] $ is the phase distribution, which is truncated from the fractional Fourier spectrum $ {E_\alpha }({\xi _1},{\eta _1}) $. Thus, we achieve the first layer of encryption. The amplitude distribution of $ {E_\alpha }({\xi _1},{\eta _1}) $ is then multiplied with a different encryption key $ \exp [j\varphi ({\xi _1},{\eta _1})] $. Accordingly, its FrFT of order $ \beta $ is obtained as

(6)$$\begin{split}{E_\beta }({\xi _2},{\eta _2}) = &\iint {K_{{\phi _\beta }}}({\xi _1},{\eta _1};{\xi _2},{\eta _2}) \\& \times \left\{ \begin{array}{rl}&| {{E_\alpha }({\xi _1},{\eta _1})}|\\[6pt]& \times \exp [j\varphi ({\xi _1},{\eta _1})]\end{array} \right\}{\rm d}{\xi _1}{\rm d}{\eta _1}\\ = & | {{E_\beta }({\xi _2},{\eta _2})}| \times \exp [j{\psi _\beta }({\xi _2},{\eta _2})],\end{split}$$

where $ {\phi _2} = \beta \pi /2 $ is the angle corresponding to the fractional transform order $ \beta $ and $ {K_{{\phi _\beta }}}({\xi _1},{\eta _1};{\xi _2},{\eta _2}) $ is the transform kernel. The amplitude distribution of $ {E_\beta }({\xi _2},{\eta _2}) $ is the final ciphertext image and the corresponding phase distribution $ \exp [j{\psi _\beta }({\xi _2},{\eta _2})] $ is also generated. Accordingly, $ \alpha $ and $ \beta $, which are the fractional orders of the cascaded FrFTs, are treated as public keys for the encryption of the content. Therefore, the parameters of Fresnel diffraction, the generated POMs, and the fractional orders of the FrFT domains can be treated as the three pairs of public keys, which can encrypt the information in plaintext more effectively. Furthermore, based on the process of encryption described by Eqs. (4) and (6), the two phase functions generated in the encryption process are directly related to the amplitude distribution of $ {E_\alpha }({\xi _1},{\eta _1}) $ and the amplitude component of $ H(u,v) $. Therefore, the decryption can be achieved when private keys $ {\psi _\alpha }({\xi _1},{\eta _1}) $ and $ {\psi _\beta }({\xi _2},{\eta _2}) $ are used.

The decryption process is shown in Fig. 4, and is similar to the encryption process but in reverse order. In the cascaded inverse FrFTs, two interim complex amplitude functions are obtained using the reverse FrFT with the fractional orders $ - \alpha $ and $ - \beta $ and their respective decryption keys $ {\psi _\alpha }({\xi _1},{\eta _1}) $ and $ {\psi _\beta }({\xi _2},{\eta _2}) $, which are expressed as

(7)$$\begin{split}{D_1}({\xi _1},{\eta _1}) &={{\rm FrFT}^{ - \beta }}\{{| {{E_\beta }({\xi _2},{\eta _2})}| \times \exp [j{\psi _\beta }({\xi _2},{\eta _2})]}\}\\ &= | {{D_1}({\xi _1},{\eta _1})}| \times \exp [j\varphi ({\xi _1},{\eta _1})],\end{split}$$

(8)$$\begin{split}D(u,v) &= {{\rm FrFT}^{ - \alpha }}\{ {| {{D_1}({\xi _1},{\eta _1})}| \times \exp [j{\psi _\alpha }({\xi _1},{\eta _1})]}\}\\ &= |{D(u,v)}| \times \exp [j\phi (u,v)],\end{split}$$

where $ {{\rm FrFT}^{ - \alpha }}\{ \cdot \} $ and $ {{\rm FrFT}^{ - \beta }}\{ \cdot \} $ denote the inverse FrFTs with orders $ - \alpha $ and $ - \beta $, respectively. According to the simple inverse FrFTs in Eqs. (4) and (6), the two generated phase functions, $ \exp [j\phi (u,v)] $ and $ \exp [j\varphi ({\xi _1},{\eta _1})] $, can be treated as the encryption keys used in the encryption process. In the inverse matrix combination and decomposition method, the two generated encryption keys and the phase function $ \exp [j\vartheta (u,v)] $ are then demodulated into a single-phase function $ {H_P}(u,v) $, which is the phase distribution of the generated Fresnel hologram. Simultaneously, the amplitude distribution of $ D(u,v) $ is multiplied by the phase function $ \exp [j{H_P}(u,v)] $ and the hologram is reconstructed with the illumination wavelength $ \lambda $ and the propagation distance $ - {z_i} $, as follows:

(9)$$G(x,y,{z_i}) = {\rm FrT}_{ - {z_i}}^\lambda \{ {| {D(u,v)} | \times \exp [j{H_P}(u,v)]} \},$$

where $ {\rm FrT}_{ - {z_i}}^\lambda \{ \cdot \} $ denotes the inverse Fresnel transform, and $ G(x,y,{z_i}) $ denotes a decrypted 3D object in the corresponding depth plane $ {z_i} $. Finally, the decrypted multidepth 3D object can be expressed as $ \sum {_{i = 1}^L} G(x,y,{z_i}) $. Any attempt at the decryption of the plaintext without the use of private keys will fail not only because the phase truncation disrupts the linearity of the cryptosystem, but also because of the phase distribution $ \exp [j\vartheta (u,v)] $, which is introduced in the matrix combination and decomposition method. Notably, different public keys during the operation of each encryption are applied to different 3D objects. Thus, the proposed cryptosystem has increased resistance against potential attacks.

Fig. 4. Decryption process.

Download Full Size | PDF

The asymmetric cryptosystem can be implemented not only digitally but also optically by using some optoelectronic devices. The schematic of a possible optical setup of this system is shown in Fig. 5. The system is illuminated with monochromatic plane waves, the ciphertext is displayed by the spatial light modulation scheme 1 (SLM1), the decryption keys $ {\psi _\beta }({\xi _2},{\eta _2}) $ and $ {\psi _\alpha }({\xi _1},{\eta _1}) $ are displayed by SLM2 and SLM3, respectively, and the calculated phase key $ {H_P}(u,v) $ is displayed by SLM4. The decryption based on cascaded inverse FrFTs can be approximately implemented using the single-lens Lohmman’s configuration [26] and the distance between the lens and the input or output plane, as shown in Fig. 5. The relationship between the fractional order and the decryption distance of the optical system is expressed as $ {f_{\alpha ,\beta }} = {f_1}/\sin {\phi _{\alpha ,\beta }} $ and $ {d_{\alpha ,\beta }} = {f_1}\tan ({\phi _{\alpha ,\beta }}/2) $, where $ {f_{\alpha ,\beta }} $ denotes the physical focal length of the lens, $ {f_1} $ is an arbitrary fixed length, and $ {d_{\alpha ,\beta }} $ is the symmetric free-space propagation distance between the lens 1,2 and the input or output plane. Note that the FrFTs must be optimized to have the same scale factor in the intermediate planes to yield the exact results [27]. After the cascaded inverse FrFTs were performed, the modulated beam was multiplied by another phase key and then propagated at a distance $ z $ based on Fresnel diffraction. The implementation of Fresnel diffraction is lensless and can thus eliminate the need for another Fourier lens. Accordingly, it makes implementation much easier at the end of the decryption process. Finally, the decrypted image is recorded using a charge-coupled device in the output plane as a series of intensity patterns.

Fig. 5. Schematic of the optoelectronics used for decryption ($ {{\rm SLM}_1} $, $ {{\rm SLM}_2} $, $ {{\rm SLM}_3} $, and $ {{\rm SLM}_4} $: spatial light modulator schemes 1–4).

Download Full Size | PDF

Notably, there are two difficulties and limitations relevant to future experimental implementations. First, even though the sensitivity to the fractional order in our proposed cryptosystem can provide high-level security, the realization of accurate optical FrFT is an unavoidable problem. Second, if all the decryption keys are to be displayed by the three different SLMs, the system requires an extremely precise alignment and a pixel-to-pixel key mapping. The pixel mismatching has a negative influence on the decrypted information. Owing to the current resource limitation in our laboratory, we only conducted numerical simulations to verify the feasibility and effectiveness of the proposed scheme.

3. SIMULATION RESULTS OF THE PROPOSED CRYPTOSYSTEM

The encryption and decryption algorithms are implemented using MATLAB R2016b, and the computer has a 3.4 GHz Intel(R) Core (TM) i7-4770 CPU with 8 GB memory and Microsoft Windows 7 64-bit operating system. The numerical simulations are performed on 3D point cloud models of a teapot, as shown in Fig. 6(a). The 3D models comprise approximately 2082 points and 167 depth layers. Herein, each point distributed in the sub-layers can be considered a pixel point in a 2D image. The wavelength used in our simulation is 633 nm, the distance of the teapot from the hologram plane is 3.31 cm, and the pixel size of the hologram is 6.4 µm. The Fresnel-type hologram of the entire teapot is then generated by superposing the sub-holograms of each depth layer. The amplitude and phase distributions are presented in Figs. 6(b) and 6(c), respectively. The phase distribution of the hologram is then divided into two encryption keys using matrix superposition and decomposition methods. For encryption, the fractional orders $ \alpha $ and $ \beta $ are set to 0.4845 and 0.8591, respectively. Figure 6(d) shows the generated encryption keys and Fig. 6(e) shows the ciphertext image with a stationary, white noise distribution.

Fig. 6. (a) Original image, (b) amplitude distribution, and (c) phase distribution of the complex amplitude $ H(u,v) $, (d) encryption keys, and (e) ciphertext image.

Download Full Size | PDF

Fig. 7. Decryption keys and recovered results: (a) decryption keys, (b) decrypted image with all the correct keys in the depth plane, and (c) recovered images with all the correct keys in the out-of-depth plane.

Download Full Size | PDF

The obtained decryption keys and recovered results are shown in Fig. 7. Figure 7(a) shows the obtained decryption keys in the encryption process. Figure 7(b) shows the decrypted 3D object after the use of all the correct decryption keys and Fresnel parameters, i.e., the wavelength and free-space propagation distance. This figure indicates that the object is recovered in the focal plane with all the correct keys. Figure 7(c) shows the recovered original 3D object images at intervals of 0.02 cm along the depth direction by using all the correct decryption keys except the Fresnel propagation distance. It can be observed that, when $ z $ is greater than the original propagation distance of 3.31 cm, the recovered images are slightly inferior to those shown in Fig. 7(b). Consequently, the sensitivity to the propagation distance, which is one of the encryption keys, is not high because the silhouette of the original image will be visible.

Fig. 8. Decrypted results obtained after the use of incorrect keys: (a) incorrect fractional orders $ \alpha $ and $ \beta $, (b) incorrect phase function of decryption keys $ {\psi _\alpha }({\xi _1},{\eta _1}) $ and $ {\psi _\beta }({\xi _2},{\eta _2}) $, and (c) incorrect optical wavelength and Fresnel diffraction distance.

Download Full Size | PDF

The decryption was also performed with incorrect decryption keys to verify the effectiveness of the scheme, as shown in Fig. 8. Figure 8(a) shows the decrypted image obtained with incorrect fractional orders $ \alpha = - 0.{5} $ and $ \beta = - 0.9 $. Figure 8(b) shows the decrypted image obtained with two random phase functions instead of the correct phase function of the decryption keys $ {\psi _\alpha }({\xi _1},{\eta _1}) $ and $ {\psi _\beta }({\xi _2},{\eta _2}) $. Figure 8(c) shows the decrypted image obtained with the incorrect wavelength $ \lambda = 532\,\,{\rm nm} $ instead of the correct wavelength of 633 nm, and with an incorrect propagation distance of $ z = 3\,\,{\rm cm} $ instead of the correct propagation distance of 3.31 cm. When one of the decryption keys is replaced by incorrect data for image decryption, the decryption process unavoidably fails.

4. SECURITY ANALYSIS

To measure the quality of the decrypted image, multidepth images, which consist of two gray-scale images with sizes equal to ${256} \times {256}$ pixels separated by 1 cm along the depth of the object [Fig. 9(a)], were used as the secret images. The distances between the two gray-scale images and the hologram plane were set to 8 cm and 9 cm. The wavelength used was 633 nm, as in the previous case. The fractional orders $ \alpha $ and $ \beta $ were set to 0.4845 and 0.8591, respectively. The ciphertext image encrypted using the two generated POMs as the encryption keys is shown in Fig. 9(b), which appears like white noise. Figure 9(c) shows the decrypted layer images for different distances with all the correct decryption keys. When the decrypted image plane was focused on the planes at the distances of 8 cm and 9 cm, the corresponding gray-scale images were clear, whereas the remaining images were defocused and blurred.

Fig. 9. Simulation results for a multidepth gray-scale image. (a) Multidepth image used for encryption, (b) the ciphertext image, and (c) multidepth image decrypted using the proposed scheme.

Download Full Size | PDF

The mean square error (MSE) of the multidepth images was calculated to evaluate the quality of the decrypted image $ G(x,y) $ compared with its original image $ O(x,y) $. It is defined as

(10)$${\rm MSE} = \frac{1}{{N \times M}}\sum\limits_{x = 1}^N {\sum\limits_{y = 1}^M {{{| {O(x,y) - G(x,y)}|}^2}} } ,$$

where $ N \times M $ is the size of the input image. The MSE values can be calculated in the case of the two decrypted images at different depth planes. In the following calculations, the values of the MSE are evaluated only for the focused halves owing to the large amount of speckle noise that originated from the out-of-focus halves. This is because, if the entire speckle pattern is shifted by a single pixel in any direction, or if $ z $ is chosen to have a slightly different value, the MSE will be very large, even for minor hologram changes. The calculated MSE values for Fig. 9(c) are 248 and 256 for the planes at the distances of 8 cm and 9 cm, respectively. This demonstrates the effectiveness of the decryption method, which avoids loss of image information and restores the original image.

As demonstrated in the previous test, the encrypted data can be well decrypted if they are perfectly aligned with the decrypting key. In fact, there is always a minor or major misalignment between them in a practical system. Therefore, we investigate the sensitivity of the reconstructed image to the misalignment between the encrypted data and the decrypting key in a numerical simulation. First, we consider the alignment of the encrypted data and the key so that the image of the data through the decryption setup exactly matches the key. Then, suppose the key is shifted by one pixel in the x-direction. The length of one pixel is equivalent to the correlation length of the key. The MSE of the decrypted image corresponding to 10 different displacements in our encryption scheme is plotted in Fig. 10. It can be observed that the value of MSE is significantly improved when the shift varies from 2 pixels to 3 pixels. Therefore, the original data cannot be recovered if the displacement is larger than the correlation length.

Fig. 10. Relation between MSE of the decrypted image and dislocation.

Download Full Size | PDF

A. Sensitivity to Fractional Order Variations

To analyze the sensitivity to the fractional orders, the decryption was performed by fixing one fractional order and changing the other. The relation curves between the normalized MSE and the fractional order deviation are shown in Fig. 11, in which the deviation ranges from $ - {0.2}$ to 0.2 with a step of 0.01. The normalized MSE value is approximately equal to zero when $ \alpha $ or $ \beta $ is correct, whereas the value increases abruptly when $ \alpha $ or $ \beta $ deviates slightly from the corresponding correct value. This indicates that minor changes in $ \alpha $ or $ \beta $ will result in false decryptions. Thus, the sensitivity to the fractional order variations demonstrates the increased reliability of the proposed encryption scheme.

Fig. 11. Normalized MSE versus (a) deviation in the fractional order $ \alpha $ and (b) deviation in the fractional order $ \beta $.

Download Full Size | PDF

B. Robustness of the Proposed Cryptosystem

To demonstrate the robustness of the proposed encryption system further, we provide simulation results to illustrate the anti-attack performance of the scheme. Suppose an illegal user who has intercepted the ciphertext attempts to retrieve the original plaintext with the knowledge of the decryption keys. The attacker may attempt to decrypt the plaintext with (1) no keys (brute-force attack), (2) fake plaintext encryption (known as public key attack) applied in an arbitrary manner, (3) a selected pair of random phase keys (known as plaintext–ciphertext pair and the encryption method attack), and (4) an arbitrarily selected random phase key (known as ciphertext-only key attack). Based on these assumptions, we confirmed the increased robustness of the proposed method against BFA, CPA, NPA, and COA [28–31]. The encoded ciphertext is obtained using a phase-truncated fractional Fourier transform (PTFrFT) strategy, which provides a useful reference for comparative analyses.

1. Brute-Force Attack Analysis

In an asymmetric image encryption cryptosystem, the decryption keys generated in the encryption process play an important role. The robustness against a BFA was tested to evaluate the effectiveness of the generated decryption keys. Suppose an invalid user attempts to recover the true images in three possible ways—decryption with private phase functions identical to zero, with two arbitrarily selected phase functions as private keys, and with two erroneous phase keys, which add small random contributions to the correct private keys. The two erroneous phase keys can be expressed as

(11)$${\psi _\alpha }^{\prime}({\xi _1},{\eta _1}) = {\psi _\alpha }({\xi _1},{\eta _1}) + d \cdot \Delta \psi ,$$

(12)$${\psi _\beta }^{\prime}({\xi _2},{\eta _2}) = {\psi _\beta }({\xi _2},{\eta _2}) + d \cdot \Delta \psi ,$$

where $ \Delta \psi $ is a random function within the range of $[ - {1}$, 1], and $ d $ is a coefficient that can be used to control the interference intensity. Figures 12(a) and 12(b) show the decrypted results with private phase functions identical to zero and the arbitrarily selected private phase functions, respectively. In the first two cases, an illegal user cannot recover any valid information. Figure 13 shows the MSE curves of the decrypted image when $ {\psi _\alpha }^{\prime}({\xi _1},{\eta _1}) $ and $ {\psi _\beta }^{\prime}({\xi _2},{\eta _2}) $ are separately used to decrypt different parameters $ d $. It can be observed that, even though there is a slight deviation from the correct key, the value of the MSE is still very large. Therefore, it can be concluded that the proposed scheme is highly sensitive to the private keys and makes it difficult for unauthorized users to obtain the correct keys.

Fig. 12. Decrypted multidepth images with (a) private phase functions identical to zero and (b) two arbitrarily selected private phase functions.

Download Full Size | PDF

Fig. 13. MSE variation associated with the decryption image when using an erroneous key (a) $ {\psi _\alpha }^{\prime}({\xi _1},{\eta _1}) $ and (b) $ {\psi _\beta }^{\prime}({\xi _2},{\eta _2}) $ with different parameters $ d $.

Download Full Size | PDF

2. Chosen-Plaintext Attack Analysis

The CPA asymmetric cryptosystems based on PTFrFT were investigated to analyze the robustness of the proposed multidepth encryption scheme against a CPA. Similar to the DRPE, the cryptosystems based on PTFrFT also employed a pair of independent random phase masks (RPMs), $ {R_\alpha }(u,v) $ and $ {R_\beta }(\xi ,\eta ) $, and the fractional orders $ \alpha $ and $ \beta $ as the encryption keys. Let $ {H_A}(u,v) $ denote the plaintext to be encrypted and $ {\rm PT}[ \cdot ] $ be the operator of phase truncation. Thus, the ciphertext can be obtained based on the following two steps:

(13)$${G_\alpha }({\xi _1},{\eta _1}) = {\rm PT}[{{\rm FrFT}^\alpha }\{ {H_A}(u,v) \times {R_\alpha }(u,v)\} ],$$

(14)$${G_\beta }({\xi _2},{\eta _2}) = {\rm PT}[{{\rm FrFT}^\beta }\{ {G_\alpha }({\xi _1},{\eta _1}) \times {R_\beta }(\xi ,\eta )\} ].$$

A pair of decryption keys, $ {K_\alpha }({\xi _1},{\eta _1}) $ and $ {K_\beta }({\xi _2},{\eta _2}) $, is generated using the following two steps:

(15)$${K_\alpha }({\xi _1},{\eta _1}) = {\rm PR}[{{\rm FrFT}^\alpha }\{ {H_A}(u,v) \times {R_\alpha }(u,v)\} ],$$

(16)$${K_\beta }({\xi _2},{\eta _2}) = {\rm PR}[{{\rm FrFT}^\beta }\{ {G_\alpha }({\xi _1},{\eta _1}) \times {R_\beta }(\xi ,\eta )\} ],$$

where the operator $ {\rm PR}[ \cdot ] $ denotes the phase reservation operation. Suppose that an unauthorized user has the knowledge of RPMs, the fractional orders $ \alpha $ and $ \beta $, and the parameters of Fresnel diffraction. To encrypt the fake multidepth binary images and generate the decryption keys $ {C_\alpha }({\xi _1},{\eta _1}) $ and $ {C_\beta }({\xi _2},{\eta _2}) $, the attacker may attempt to decrypt the original plaintext of the multidepth gray-scale images by using the generated decryption keys $ {C_\alpha }({\xi _1},{\eta _1}) $ and $ {C_\beta }({\xi _2},{\eta _2}) $.

Fig. 14. (a) Fake plaintext multidepth binary images, (b) plaintext recovered using the CPA scheme with the proposed cryptosystem, and (c) plaintext recovered by using the CPA with the cryptosystem based on PTFrFT.

Download Full Size | PDF

In the proposed asymmetric cryptosystems, we suppose that an unauthorized user knows the encryption keys, $ \phi (u,v) $ and $ \varphi (\xi ,\eta ) $, the fractional orders $ \alpha $ and $ \beta $, and the parameters of Fresnel diffraction. Similarly, the decryption keys are obtained in the encryption process and are used to recover the original ciphertext of the multidepth gray-scale images. The multidepth binary images shown in Fig. 14(a) contain fake plaintext. The decryption keys were obtained during the encryption process. In addition, we attempted to decrypt the original ciphertext of the multidepth gray-scale images in two different cryptosystems. Figure 14(b) shows the recovered multidepth gray-scale images after the application of the CPA in the proposed asymmetric cryptosystems. No useful information was recovered from the original gray-scale images, and the content of the fake multidepth binary images could be observed faintly. Figure 14(c) shows the plaintext recovered using the PTFrFT-based cryptosystems. Here, the fake images are slightly clearer compared with those in the first case. This demonstrates that the proposed scheme and PTFrFT-based cryptosystems can both resist the CPA. The values of the MSE for the results shown in Fig. 14(b) are 3678 and 3669, respectively, and for the results shown in Fig. 14(c) are 292 and 286, respectively. The calculated values of the MSE for the proposed cryptosystems are much higher than those for the cryptosystem based on PTFrFT. This indicates that the proposed scheme, which combines the concept of CGH and matrix superposition and decomposition methods, is sufficiently robust to resist the CPA.

Fig. 15. (a) Retrieved outcomes with the NPA in the proposed scheme, (b) retrieved outcomes with NPA in the PTFrFT-based scheme, and (c) MSEs of phase key retrieval versus the number of iterations for both encryption schemes.

Download Full Size | PDF

3. Known-Plaintext Attack Analysis

In NPA cryptanalysis, the unauthorized user has a priori knowledge of the encryption algorithm as well as a plaintext–ciphertext pair. If the attacker is able to find the key used for a given plaintext–ciphertext pair, the security of all the past and future ciphertexts using the same key is compromised [32]. With a priori information, we employed the phase-retrieval algorithm [33], which involved iterative application of FrFT between the object and the FrFTs, to retrieve the keys that decrypt the ciphertext with a sufficiently low MSE error threshold so that the entire information in the input image can be recovered. We attempted to recover the multidepth plaintext by using the retrieved phase functions $ {\psi _\beta }({\xi _2},{\eta _2}) $ and $ {\psi _\alpha }({\xi _1},{\eta _1}) $ in the FrFT plane and the output plane.

The decryption results with the NPA in the proposed scheme are shown in Fig. 15(a). The simulation results show that no valuable information can be obtained from the recovered results about the original plaintext. However, the ciphertext generated by the PTFrFT-based asymmetric cryptosystem can be approximately recovered with the NPA. The decryption results are shown in Fig. 15(b). Herein, the proposed asymmetric scheme is different from the PTFrFT-based cryptosystem in which an additional encryption key $ \vartheta (u,v) $ is involved in the composition and decomposition methods and leads to the retrieved decryption key, which has no relation to these encryption keys. Therefore, the encryption keys cannot provide any information to recover the decryption keys and original images. The variation of the MSE between the recovered images in each iteration loop and the original plaintext is shown in Fig. 15(c). The MSE converges and the value of the MSE after 50 iterations drops from 500 to 255. By contrast, the MSE with the NPA in the proposed scheme does not converge and remains very high. Consequently, the recovery of the plaintext fails, as shown in Fig. 15(a).

4. Ciphertext-Only Attack Analysis

Finally, we employed the phase-retrieval algorithm for a COA on the proposed asymmetric multidepth image encryption scheme as a test. If the unauthorized user knows the phase function $ {\psi _\beta }({\xi _2},{\eta _2}) $, the attacker can recover the function $ {\psi _\alpha }({\xi _1},{\eta _1}) $ using iterative FrFT. Thus, the original plaintext $ {O_n}(x,y,{z_i}) $ can be decrypted as follows:

(17)$${H_A}(u,v) = {{\rm FrFT}^{ - \alpha }}\!\left\{ {\left| {{{{\rm FrFT}}^{ - \beta }}\!\left\{\!\! \begin{split} \left| {{E_\beta }({\xi _2},{\eta _2})} \right|\\ \times {\psi _\beta }({\xi _2},{\eta _2})\end{split} \right\}} \right|\psi ({\xi _1},{\eta _1})} \right\}\!,$$

(18)$${O_n}(x,y,z) = {\rm FrT}_{ - {z_i}}^\lambda \{ {{H_P}(u,v){H_P}(u,v)} \}.$$

Initially, the phase function $ {\psi _\alpha }({\xi _1},{\eta _1}) $ was randomly generated. The process of phase retrieval was simulated with 50 iterations. The decryption results are shown in Fig. 16. Figure 16(a) shows the plaintext (noise-like) images recovered by using the COA in the proposed scheme. Figure 16(b) shows the multidepth plaintext recovered by using the COA in the PTFrFT-based scheme. To compare the effectiveness of the proposed approaches further, we calculated the MSE as a function of the number of iterations when the phase-retrieval algorithm was employed to retrieve the decryption key $ {\psi _\alpha }({\xi _1},{\eta _1}) $. The result is depicted in Fig. 16(c). This is a reasonable result, given that the recovered multidepth plaintexts in the proposed scheme have much stronger noise immunity compared with the recovered multidepth plaintexts in the PTFrFT-based scheme. Figure 16(c) also shows that, as the number of iterations increases, no convergence occurs in the proposed scheme, thus indicating that the retrieved decryption key $ {\psi _\alpha }({\xi _1},{\eta _1}) $ is inaccurate. The results show that the proposed encryption scheme has increased security in the case of a COA.

Fig. 16. (a) Retrieved outcomes with a COA using the proposed scheme, (b) retrieved outcomes with a COA in the PTFrFT-based scheme, and (c) MSEs of phase key retrieval versus the number of iterations for both encryption schemes.

Download Full Size | PDF

C. Speed Analysis and Comparisons

To test the encryption speed of the proposed robust scheme, two depth images with different sizes have been used for the encryption. Under the same computing environment, the encryption times taken by the PTFrFT-based scheme and our robust algorithm for processing images of different sizes, i.e., ${256} \times {256}$, ${512} \times {512}$, and ${1024} \times {1024}$, are shown in Table 1. From Table 1, it can be observed that the running time increases with the increase in the size of the image. In addition, the average encryption time taken by our robust scheme is 31.04 s, whereas the PTFrFT-based scheme takes 31.12 s. It can be observed that our improved scheme has a slightly faster encryption speed that the scheme based on PTFrFT. Hence, our robust scheme also offers good computation efficiency, which can be suitable for encrypting images in practice.

Table 1. Encryption Times Taken (s)

View Table

5. CONCLUSIONS

In this paper, a cryptosystem was proposed for a multidepth 3D object based on CGH in the FrFT domain. The encryption keys of the 3D object were created by applying the generated hologram in combination with the matrix composition and decomposition methods. The encryption was then performed in the FrFT domain. The private keys generated in the encryption process were not identical to the encryption keys in this cryptosystem. The original 3D object images were not recovered unless all the correct keys, including the encryption keys and private keys, were known. Simulation results confirmed that the proposed encryption scheme can be applied in the field of 3D information security. Additionally, this scheme has the advantage of increased robustness against potential BFA, CPA, NPA, and COA attacks. Nevertheless, it is necessary to realize full optical cryptosystems by using the proposed asymmetric scheme for the integrity of optical cryptography. This is the subject of our current research endeavors.

Funding

National Natural Science Foundation of China (61631009, 61705076); Department of Science and Technology of Jilin Province (20180520196JH); “13th five-year” Science and Technology Project of the Education Department of Jilin Province (JJKH20180143KJ); Fundamental Research Funds for the Central Universities.

Disclosures

The authors declare no conflicts of interest.

REFERENCES

1. E. Tajahuerce and B. Javidi, “Encryption three-dimensional information with digital holography,” Appl. Opt. 39, 6595–6601 (2000). [CrossRef]

2. W. N. Li, C. X. Shi, M. L. Piao, and N. Kim, “Multiple-3D-object secure information system based on phase shifting method and single interference,” Appl. Opt. 55, 4052–4059 (2016). [CrossRef]

3. I. Muniraj, C. L. Guo, M. Ra’ed, J. P. Ryle, J. J. Healy, B. G. Lee, and J. T. Sheridan, “Low photon count based digital holography for quadratic phase cryptography,” Opt. Lett. 42, 2774–2777 (2017). [CrossRef]

4. I. Muniraj, C. L. Guo, B. G. Lee, and J. T. Sheridan, “Interferometry based multispectral photon-limited 2D and 3D integral image encryption employing the Hartley transform,” Opt. Express 23, 15907–15920 (2015). [CrossRef]

5. M. Cho and B. Javidi, “Three-dimensional photon counting double random-phase encryption,” Opt. Lett. 38, 3198–3201 (2013). [CrossRef]

6. P. W. M. Tsang, T.-C. Poon, and K. W. K. Cheung, “Fast numerical generation and encryption of computer-generated Fresnel holograms,” Appl. Opt. 50, B46–B52 (2011). [CrossRef]

7. D. Kong, X. Shen, L. Cao, H. Zhang, S. Zong, and G. Jin, “Three-dimensional information hierarchical encryption based on computer-generated holograms,” Opt. Commun. 380, 387–393 (2016). [CrossRef]

8. T. Shimobaba, N. Masuda, and T. lto, “Simple and fast calculation algorithm for computer-generated hologram with wavefront recording plane,” Opt. Lett. 34, 3133–3135 (2009). [CrossRef]

9. Y. Zhao, C.-X. Shi, K.-C. Kwon, Y.-L. Piao, M.-L. Piao, and N. Kim, “Fast calculation method of computer-generated hologram using a depth camera with point cloud gridding,” Opt. Commun. 411, 166–169 (2017). [CrossRef]

10. G. Sito and J. Zhang, “A lensless optical security system based on computer-generated phase only mask,” Opt. Commun. 232, 115–122 (2004). [CrossRef]

11. A. Carnicer, M. Montes-Usategui, S. Arcos, and I. Juvells, “Vulnerability to chosen-cyphertext attacks of optical encryption schemes based on double random phase keys,” Opt. Lett. 30, 1644–1646 (2005). [CrossRef]

12. W. Qin and X. Peng, “Asymmetric cryptosystem based on phase-truncated Fourier transforms,” Opt. Lett. 35, 118–120 (2010). [CrossRef]

13. A. Fatima and N. K. Nishchal, “Discussion on comparative analysis and a new attack on optical asymmetric cryptosystem,” J. Opt. Soc. Am. A 33, 2034–2040 (2016). [CrossRef]

14. X. Wang, Y. Chen, C. Dai, and D. Zhao, “Discussion and a new attack of the optical asymmetric cryptosystem based on phase-truncated Fourier transform,” Appl. Opt. 53, 208–213 (2014). [CrossRef]

15. X. Wang, C. Dai, and J. Chen, “Optical image encryption via reverse engineering of a modified amplitude-phase retrieval-based attack,” Opt. Commun. 328, 67–72 (2014). [CrossRef]

16. S. K. Rajput and N. K. Nishchal, “Known-plaintext attack-based optical cryptosystem using phase-truncated Fresnel transform,” Appl. Opt. 52, 871–878 (2013). [CrossRef]

17. Y.-Y. Wang, Y.-R. Wang, Y. Wang, H.-J. Li, and W.-J. Sun, “Optical image encryption based on binary Fourier transform computer-generated hologram and pixel scrambling technology,” Opt. Lasers Eng. 45, 761–765 (2007). [CrossRef]

18. S. Xi, X. Wang, L. Song, Z. Zhu, B. Zhu, S. Huang, N. Yu, and H. Wang, “Experimental study on optical image encryption with asymmetric double random phase and computer-generated hologram,” Opt. Express 25, 8212–8222 (2017). [CrossRef]

19. L. Ma and W. Jin, “Symmetric and asymmetric hybrid cryptosystem based on compressive sensing and computer generated holography,” Opt. Commun. 407, 51–56 (2018). [CrossRef]

20. M.-L. Piao, Z.-X. Liu, Y.-L. Piao, H.-Y. Wu, Y. Zhao, and N. Kim, “Multi-depth three-dimensional image encryption based on the phase retrieval algorithm in the Fresnel and fractional Fourier transform domains,” Appl. Opt. 57, 7609–7617 (2018). [CrossRef]

21. P. Tsang, K. W. K. Cheung, and T.-C. Poon, “Fast numerical generation and hybrid encryption of a computer-generated Fresnel holographic video sequence,” Chinese Opt. Lett. 11, 020901 (2013). [CrossRef]

22. D. Kong, L. Cao, G. Jin, and B. Javidi, “Three-dimensional scene encryption and display based on computer-generated holograms,” Appl. Opt. 55, 8296–8300 (2016). [CrossRef]

23. H. Zhang, L. Cao, and G. Jin, “Computer-generated hologram with occlusion effect using layer-based processing,” Appl. Opt. 56, F138–F143 (2017). [CrossRef]

24. Z. Liu, H. Chen, W. Blondel, Z. Shen, and S. Liu, “Image security based on iterative random phase encoding in expanded fractional Fourier domains,” Opt. Lasers Eng. 105, 1–5 (2018). [CrossRef]

25. G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25, 887–889 (2000). [CrossRef]

26. S. Coëtmellec, D. Lebrun, and C. Özkul, “Characterization of diffraction patterns directly from in-line holograms with the fractional Fourier transform,” Appl. Opt. 41, 312–319 (2002). [CrossRef]

27. S. Liu, J. Wu, and C. Li, “Cascading the multiple stages of the optical fractional Fourier transforms under different variable scale,” Opt. Lett. 20, 1415–1417 (1995). [CrossRef]

28. X. Peng, H. Wei, and P. Zhang, “Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain,” Opt. Lett. 31, 3261–3263 (2006). [CrossRef]

29. Y. Frauel, A. Castro, T. J. Naughton, and B. Javidi, “Resistance of the double random phase encryption against various attacks,” Opt. Express 15, 10253–10265 (2007). [CrossRef]

30. A. Sinha, “Nonlinear optical cryptosystem resistant to standard and hybrid attacks,” Opt. Lasers Eng. 81, 79–86 (2016). [CrossRef]

31. N. Rawat, I. C. Hwang, Y. Shi, and B. G. Lee, “Optical image encryption via photon-counting imaging and compressive sensing based ptychography,” J. Opt. 17, 065704 (2015). [CrossRef]

32. U. Gopinathan, D. S. Monaghan, T. J. Naughton, and J. T. Sheridan, “A known-plaintext heuristic attack on the Fourier plane encryption algorithm,” Opt. Express 14, 3181–3186 (2006). [CrossRef]

33. W. Chen, “Optical cryptosystem based on single-pixel encoding using the modified Gerchberg-Saxton algorithm with a cascaded structure,” J. Opt. Soc. Am. A. 33, 2305–2311 (2016). [CrossRef]

Algorithm	Image Size	Encryption Time	Average Time
Proposed scheme	$256 \times 256$	4.60	31.04
	$512 \times 512$	18.76
	$1024 \times 1024$	69.77
PTFrFT-based scheme	$256 \times 256$	4.73	31.12
	$512 \times 512$	18.83
	$1024 \times 1024$	69.79

Robust multidepth object encryption based on a computer-generated hologram with a cascaded structure

Abstract

1. INTRODUCTION

2. ENCRYPTION AND DECRYPTION

3. SIMULATION RESULTS OF THE PROPOSED CRYPTOSYSTEM

4. SECURITY ANALYSIS

A. Sensitivity to Fractional Order Variations

B. Robustness of the Proposed Cryptosystem

1. Brute-Force Attack Analysis

2. Chosen-Plaintext Attack Analysis

3. Known-Plaintext Attack Analysis

4. Ciphertext-Only Attack Analysis

C. Speed Analysis and Comparisons

5. CONCLUSIONS

Funding

Disclosures

REFERENCES

Cited By

Figures (16)

Tables (1)

Equations (18)

Applied Optics