Optical binary image encryption using aperture-key and dual wavelengths

Xiaogang Wang; Wen Chen; Xudong Chen

doi:10.1364/OE.22.028077

1. Introduction

In recent years, phase retrieval algorithms (PRAs) such as the Gerchberg-Saxton (GS) [1], Fienup method [2] and their valuable derivatives [3, 4] have attracted more and more attentions due to its advantages compared to holography. For instance, the optical setups are simple and a reference beam is no longer needed. Based on the generalized-projections algorithm with two intensity constraints, i.e., a unit amplitude in the input plane and the target image in the output plane, Johnson and Brasher encrypted a biometric image in two phase arrays in 1996 [5], neither of which gives any hints as to what is in the image. To some extent, it may be regarded as a reverse-engineering of the double random phase encoding (DRPE) technique that was proposed by Refregier and Javidi in 1995 [6], where two phase masks are used to optically encode an image into a random-noise-like diffraction pattern in the 4-f system. The DRPE has been extended into Fresnel domain [7, 8], and in turn image can be digitally encoded into two phase-only masks by using the modified GS-based PRA with Fresnel propagation operators [9]. Image hiding method based on PRA under the framework of nonlinear DRPE in fractional Fourier domain has also been proposed [10]. One of the main advantages of these digital PRA-based encryption methods is that they don't need the digital holographic technique which is required for most of the previous proposed optical encryption methods. However, the secret images were usually encoded in pure digital manner.

Nevertheless, the PRAs provide us an effective way to realize image recovery from intensity measurements since an aperture can be used as a support constraint which helps to achieve a rapid convergence rate in iterative process [11–13]. Primary image can be recovered from multiple coded amplitude patterns by using movable apertures in the object plane during optical encryption [11], which has a higher flexibility compared with ptychography-based optical image coding [12]. The method is designed for controlling information assignment by using different diffraction intensity patterns. A series of diffraction intensity patterns, i.e., ciphertexts need to be recorded and transmitted. Aperture with redundant data digitally combined with the object can be used as a constraint for iterative process to retrieve the plaintext from single diffraction pattern [13]. When a binary image is bonded with a large aperture outside, however, the stagnation problem may not be solved, but gets more serious. At the other hand, the security of optical encryption methods based on DRPE faces more and more challenges [14–17]. It is necessary for the encryption schemes to continually improve the levels of security.

In this paper, we propose a simple image encryption method based on lensless DRPE with aperture-key and dual illumination wavelengths. By increasing the key space and disarranging the direct corresponding relation between the primary image and the output image, the encryption method offers a higher level of security. In order to avoid the brute force search of the phase keys and the chosen plaintext attacks [15] and further reduce the amount of data to be transferred, different chaotic random phase masks (CRPMs) generated from logistic maps are used as single-use phase keys in encryption.

2. Principle

The optical setup for the proposed lensless DRPE-based encryption system is schematically shown in Fig. 1, where two CRPMs are placed at different planes in the Fresnel domain and a CCD camera is placed at the output plane. The original binary data $f (x, y)$ are illuminated by a tunable coherent light source with a specified wavelength $λ_{1}$ and are then encrypted with two pseudorandom phase codes, $p_{1} (x, y)$ and $p_{2} (x^{'}, y^{'})$ , where $(x, y)$ , $(x^{'}, y^{'})$ are coordinates of the input image and the second CRPM, respectively. In our method, we first produce two-dimensional CRPMs based on a logistic map, which can be given in the iterative form by $x_{m + 1} = μ \cdot x_{m} \cdot (1 - x_{m})$ , where $μ \in [0, 4]$ is the bifurcation parameter and $x_{m} \in [0, 1]$ is the sequence value. Slight variations in the initial value yield dramatically different results over time when $3.5699456 \leq μ \leq 4$ [18]. By taking column-wise from a non-converging sequence generated from the logistic map above with $μ$ and the initial value $x_{0}$ , we can obtain a matrix $S (x, y)$ . A CRPM denoted by $p (x, y) = \exp [i 2 π S (x, y)]$ is produced at the end [10]. Thus, the two parameters, i.e., $(μ, x_{0})$ , are fully responsible for the reconstruction of a CRPM.

Fig. 1 Proposed schematic optical setup for binary images encryption without need of holographic recording.

Download Full Size | PDF

As indicated by Fig. 1, the intensity distribution recorded in the output plane can be written as follows

I_{0} (x^{″}, y^{″}) = {| {FrT}_{z_{2}, λ_{1}} {{FrT}_{z_{1}, λ_{1}} {f (x, y) p_{1} (x, y)} p_{2} (x^{'}, y^{'})} |}^{2}

where

| |

denotes a modulus operation and

FrT {}

represents free-space wave propagation described by Fresnel diffraction principle. The two-dimensional Fresnel transform of a function

u (x, y)

is defined by

{FrT}_{z, λ} {u (x, y)} = \frac{\exp (j k z)}{j λ z} \int \int_{- \infty}^{\infty} u (x, y) \exp {j \frac{π}{λ z} [{(x^{'} - x)}^{2} + {(y^{'} - y)}^{2}]} d x d y

where

k

,

λ

and

z

are the wave number, wavelength and propagation distance, respectively. In the following, a predesigned aperture-key denoted by

a (x, y)

will be then encrypted in the same way as the secret image does, but with a different illumination wavelength

λ_{2}

, propagation distances

z_{3}

and

z_{4}

and two different CRPMs,

p_{3} (x, y)

and

p_{4} (x^{'}, y^{'})

. Likewise, another intensity distribution can be obtained in the output plane in the lensless DRPE scheme. By adding up the two output images, we obtain a coded diffraction pattern, i.e., the cyphertext,

\begin{array}{l} C (x^{″}, y^{″}) = {| {FrT}_{z_{2}, λ_{1}} {{FrT}_{z_{1}, λ_{1}} {f (x, y) p_{1} (x, y)} p_{2} (x^{'}, y^{'})} |}^{2} \\ + α {| {FrT}_{z_{4}, λ_{2}} {{FrT}_{z_{3}, λ_{2}} {a (x, y) p_{3} (x, y)} p_{4} (x^{'}, y^{'})} |}^{2} \end{array}

where

α

is a scaling factor used to increase the distortion of the intensity pattern of the secret image. Typically, a larger scaling factor results in a more serious distortion in intensity. Here it should be mentioned that the decryption keys include the scaling factor, eight parameters used to reconstruct the four phase keys, four diffraction distances, two wavelength-keys and a binary aperture-key.

The decryption process is based on the PRAs [3, 4] and proceeds as follows.

Retrieve the four CRPMs, $p_{1}$ , $p_{2}$ , $p_{3}$ and $p_{4}$ .
Fresnel transform to obtain the diffraction pattern of the aperture, $I_{a} (x^{″}, y^{″}) = {| {FrT}_{z_{4}, λ_{2}} {{FrT}_{z_{3}, λ_{2}} {a (x, y) p_{3} (x, y)} p_{4} (x^{'}, y^{'})} |}^{2}$
Start the iterative process with a guess at the object function $f_{n} (x, y)$ , where the subscript $n$ represents a guessed function at the $n th$ iteration of the algorithm. The guessed diffraction space wave function is given by $u_{n} (x^{″}, y^{″}) = {FrT}_{z_{2}, λ_{1}} {{FrT}_{z_{1}, λ_{1}} {f_{n} (x, y) {p^{'}}_{1} (x, y)} p_{2} (x^{'}, y^{'})}$
where ${p^{'}}_{1} (x, y) = p_{1} (x, y) a (x, y)$ and $f_{1} (x, y)$ is an array of all ones in the initial stage.
Correct the amplitude part of the guessed diffraction space wave function above to the known values, ${u^{'}}_{n} (x^{″}, y^{″}) = \sqrt{| C (x^{″}, y^{″}) - α I_{a} (x^{″}, y^{″}) |} \cdot PR {u_{n} (x^{″}, y^{″})}$
where the operator $PR {}$ denotes phase reservation, retaining the phase of the complex function $u_{n} (x^{″}, y^{″})$ but truncating its amplitude part.
Inverse transform back to the input plane to obtain a new space wave function ${u^{″}}_{n} (x, y) = p_{1}^{*} (x, y) \cdot {FrT}_{- z_{1}, λ_{1}} {p_{2}^{*} (x^{'}, y^{'}) \cdot {FrT}_{- z_{2}, λ_{1}} {{u^{'}}_{n} (x^{″}, y^{″})}}$
where the superscript $*$ denotes complex conjugate.
Updated the guessed object wave function in the input plane $f_{n + 1} (x, y) = f_{n} (x, y) + T (x, y) \cdot [{u^{″}}_{n} (x, y) - a (x, y) f_{n} (x, y)]$
where $T (x, y) = \frac{β a (x, y)}{{| a (x, y) |}^{2} + γ}$ , the parameters $β$ and $γ$ are appropriately chosen.
Repeat (3)-(6) until the number of iterations reaches the preset threshold value.

As can be seen from above, the aperture is not only used to disturb the intensity distribution of the diffraction pattern of the secret image, but also to act as a support constraint in the PRA. Thus, it is better to design the aperture with the edges that are as close to the zero-free regions of the original binary image as possible. At the same time, all the nonzero values of the secret image should be kept inside the aperture.

3. Numerical simulations and discussion

Some numerical simulations are performed to check the validity of the proposed method. Figure 2(a) shows the test data with the size of $512 \times 512$ for a demonstration of the new method. The parameters corresponding to the CRPMs, $p_{1}$ , $p_{2}$ , $p_{3}$ and $p_{4}$ are $(3.97, 0.12)$ , $(3.94, 0.22)$ , $(3.96, 0.25)$ and $(3.90, 0.15)$ , respectively. One of the CRPMs is presented in Fig. 2(b) for illustration. In the simulations, the CCD camera has $512 \times 512$ pixels and $4.6 μ m$ pixel size. The two illumination wavelengths and four propagation distances are set as $λ_{1} = 600 n m$ , $λ_{2} = 650 n m$ , $z_{1} = 50 c m$ , $z_{2} = 40 c m$ , $z_{3} = 70 c m$ and $z_{4} = 60 c m$ , respectively. Figure 2(c) shows the predesigned aperture-key containing all the non-zero regions of the binary image with the smallest possible area. The coded diffraction pattern, i.e., cyphertext is shown in Fig. 2(d), where the scaling factor has been set as $α = 3$ .

Fig. 2 (a) Plaintext, (b) one of the four CRPMs ( $p_{1}$ ), (c) aperture-key and (d) cyphertext.

Download Full Size | PDF

We first analyze and test the impact of the scaling factor on the system performance. As can be seen from Eq. (3), different scaling factors result in different cypertexts. When a scaling factor that satisfies $α I_{a} (x^{″}, y^{″}) ≪ C (x^{″}, y^{″})$ is chosen, Eq. (6) could be rewritten as ${u^{'}}_{n} (x^{″}, y^{″}) \approx \sqrt{C (x^{″}, y^{″})} \cdot PR {u_{n} (x^{″}, y^{″})}$ . In this case, the scaling factor could not play its role and it may be possible for us to retrieve the primary image without using the scaling factor. In the following experiment, we first generate a series of cyphertexts by using different scaling factors and then proceed the proposed phase retrieve processes where all the scaling factors are set as $α = 0$ during decrypting. The mean square error (MSE) and the correlation coefficient (CC) [10] are used to evaluate the closeness between the primary image and the recovered results by using PRA with $β = 0.7$ and $γ = 0.00001$ , where small deviations in $β$ and $γ$ have no obvious effect on the recovered results [2–4]. The dependence of MSE on the change of the scaling factor is illustrated in Fig. 3 where the sampling interval is chosen as $Δ α = 0.2$ .

Fig. 3 The MSE curve of recovered images with the change of the scaling factor used for encryption. The attached three images arranged from left to right correspond to the scaling factors, 0.2, 1.0 and 2.0 respectively.

Download Full Size | PDF

It can be found that the MSE value increases as the scaling factor rises. The decrypted images arranged from left to right in Fig. 3 correspond to the three scaling factors used for encrypting, i.e., $α = 0.2$ , $α = 1.0$ and $α = 2.0$ , respectively. Obviously, the recovered images are unrecognizable when the scaling factors are larger than 1. Thus, to ensure the effectiveness of the scaling factors, it is better for us to use large numbers as the scaling factors in encryption.

Now we use all the correct keys to recover the primary image from Fig. 2(d) with the proposed algorithm. The MSE and CC curves obtained after 50 iterations are respectively presented in Figs. 4(a) and 4(b). The CC value reaches its maximum 1 after the number of iterations 31. The MSE value with respect to the iteration number above is about $6 .99 \times 10^{-4}$ . The final retrieved image after 50 iterations is depicted by Fig. 5(a). Figures 4(c) and 4(d) show the MSE and CC curves obtained by the conventional GS-based PRA with three constrains, i.e., $p_{1}$ , $p_{2}$ and the correctly extracted intensity $I_{0} (x^{″}, y^{″})$ . It can be found that, with the absence of the aperture key, the convergence speed of the PRA is very slow. The MSE and CC values corresponding to the number of iterations 1000 are 0.1641 and 0.4777 respectively. The final recovered image after 1000 iterations is shown in Fig. 5(b). Note that the basic flow of the PRA is the same with that described in [13]. The difference is that redundant data and four constrains are involved in the latter.

Fig. 4 (a) MSE and (b) CC curves obtained by the proposed method. (c) MSE and (d) CC curves obtained by conventional GS-based PRA.

Download Full Size | PDF

Fig. 5 Retrieved image after (a) 50 iterations using the proposed method, (b) 1000 iterations using the conventional GS-based PRA.

Download Full Size | PDF

The fast convergence of the proposed PRA and high quality of image recovery are confirmed through comparisons above. Since the aperture-key speeds up the convergence rate by reducing the zero-free regions, it can be concluded that the PRA method [13], where redundant dada have been used to increase the regions of zero, would only make the stagnation problem worse in the case of binary image decryption.

We further check the effect of a small deviation from the parameters of the four CRPMs. We test the performance of every parameter and all the results show that a small change of the value of each parameter could lead to a failure decryption. Four examples are shown in Fig. 6, where the retrieved images are obtained by using an incorrect CRPM generated from a wrong parameter.

Fig. 6 Decrypted images after 200 iterations using a wrong CRPM. (a) $p_{1}$ with $μ = 3.96$ ( $Δ μ = 0.01$ ), (b) $p_{2}$ with $x_{0} = 0.23$ ( $Δ x_{0} = 0.01$ ), (c) $p_{3}$ with $μ = 3.95$ ( $Δ μ = 0.01$ ), (d) $p_{4}$ with $x_{0} = 0.16$ ( $Δ x_{0} = 0.01$ ).

Download Full Size | PDF

We also test the performance of the diffraction parameters, the wavelengths and propagation distances. Figure 7 shows the decrypted images obtained after 100 iterations by using an incorrect key. For brevity and clarity, here we also give four examples as shown in Fig. 7 for illustration. It can be concluded that even though some of these secret keys are compromised, the security of this system is unlikely to be broken.

Fig. 7 Decrypted images after 100 iterations using a wrong key (a) $λ_{1} = 610 n m$ $(Δ λ_{1} = 10 n m)$ , (b) $λ_{2} = 660 n m (Δ λ_{2} = 10 n m)$ , (c) $z_{1} = 51 c m (Δ z_{1} = 1 c m)$ , (d) $z_{3} = 71 c m (Δ z_{3} = 1 c m)$ .

Download Full Size | PDF

In the following simulation, we investigate the sensitivity of the scaling factor used for decryption. Suppose that the decrypting keys, i.e., the aperture key, illumination wavelengths and four propagation distances are all known except for the scaling factor. Figure 8 shows the MSE between original and reconstructed data, as a function of the scaling factor used for decryption. A recognizable image can be retrieved if the scaling factor $α$ is greater than 2.5 or less than 4.0. Although the two decrypted images corresponding to $α = 3.5$ and $α = 2.5$ have similar MSE values, the former looks much more clear than the latter, as can be shown in Fig. 8. Their CC values are 0.5558 and 0.7646, respectively. Since the sensitivity of the scaling factor is lower than those of the other keys, such as the parameters of CRPM, the wavelengths and propagation distances, the situation that the scaling factor is used as a unique key should be avoided. Nevertheless, the difficulty of decryption in the proposed system will be significantly increased when one has no information about the scaling factor.

Fig. 8 Relations between MSE (between original and reconstructed data) and the scaling factor used for decryption.

Download Full Size | PDF

As can be seen from Eq. (4), a wrong aperture-key must result in an incorrect intensity value of $I_{a}$ , which is an important quantity in the iterative calculations as shown in Eq. (6). In the last set of experiments we test the effect of using a wrong aperture-key in the input plane. Figure 9 shows the decrypted images with wrong aperture-keys.

Fig. 9 Decrypted image after 100 iterations using (a) a circular aperture, (b) a relatively large rectangular aperture, (c) the upper half and (d) the lower half of the correct aperture-key.

Download Full Size | PDF

As can be shown in Figs. 9(a) and 9(b), the primary image cannot be obtained with an arbitrary aperture. Even if one part of the correct aperture-key and all the other correct keys were applied for decryption, the recovered images are still unrecognizable as shown in Fig. 9(c) and Fig. 9(d). The relations between CC and the number of iterations with respect to different apertures are demonstrated in Fig. 10, where the CC value slowly decreases as the number of iterations rises. The results fully testified the reliability of the aperture-key.

Fig. 10 Relations between CC and iteration number using different apertures.

Download Full Size | PDF

4. Conclusion

In this paper, we have proposed a new method applicable to binary image encryption by using a predesigned aperture-key and dual wavelengths. There is no holographic technique needed in the encryption process and the encrypted image is a noise-like intensity image. The security of system is greatly improved in two ways: increasing the key space and disarranging the direct corresponding relation between the output image and the primary image. The aperture-key not only helps to mitigate stagnation problems in binary image retrieval but also enhances the level of security. All the decryption keys can be kept in digital form which are very convenient for data transmitting and digital image retrieving using PRA.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (Grant No. 61205006), the Asian Office of Aerospace Research & Development under Grant No. AOARD 144031 and the State Scholarship Fund of the China Scholarship Council (CSC) under Grant No. 201308330343.

References and links

1. R. W. Gerchberg and W. O. Saxton, “A practical algorithm for the determination of phase from image and diffraction plane pictures,” Optik (Stuttg.) 35, 237–246 (1972).

2. J. R. Fienup, “Reconstruction of an object from the modulus of its Fourier transform,” Opt. Lett. 3(1), 27–29 (1978). [CrossRef] [PubMed]

3. J. M. Rodenburg and H. M. L. Faulkner, “A phase retrieval algorithm for shifting illumination,” Appl. Phys. Lett. 85(20), 4795–4798 (2004). [CrossRef]

4. H. M. L. Faulkner and J. M. Rodenburg, “Movable aperture lensless transmission microscopy: a novel phase retrieval algorithm,” Phys. Rev. Lett. 93(2), 023903 (2004). [CrossRef] [PubMed]

5. E. G. Johnson and J. D. Brasher, “Phase encryption of biometrics in diffractive optical elements,” Opt. Lett. 21(16), 1271–1273 (1996). [CrossRef] [PubMed]

6. P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20(7), 767–769 (1995). [CrossRef] [PubMed]

7. O. Matoba and B. Javidi, “Encrypted optical memory system using three-dimensional keys in the Fresnel domain,” Opt. Lett. 24(11), 762–764 (1999). [CrossRef] [PubMed]

8. G. Situ and J. Zhang, “Double random-phase encoding in the Fresnel domain,” Opt. Lett. 29(14), 1584–1586 (2004). [CrossRef] [PubMed]

9. H. E. Hwang, H. T. Chang, and W. N. Lie, “Fast double-phase retrieval in Fresnel domain using modified Gerchberg-Saxton algorithm for lensless optical security systems,” Opt. Express 17(16), 13700–13710 (2009). [CrossRef] [PubMed]

10. X. Wang, W. Chen, and X. Chen, “Fractional Fourier domain optical image hiding using phase retrieval algorithm based on iterative nonlinear double random phase encoding,” Opt. Express 22(19), 22981–22995 (2014). [CrossRef] [PubMed]

11. W. Chen, G. Situ, and X. Chen, “High-flexibility optical encryption via aperture movement,” Opt. Express 21(21), 24680–24691 (2013). [PubMed]

12. Y. Shi, T. Li, Y. Wang, Q. Gao, S. Zhang, and H. Li, “Optical image encryption via ptychography,” Opt. Lett. 38(9), 1425–1427 (2013). [CrossRef] [PubMed]

13. Y. Qin, Z. Wang, and Q. Gong, “Diffractive-imaging-based optical image encryption with simplified decryption from single diffraction pattern,” Appl. Opt. 53(19), 4094–4099 (2014). [CrossRef] [PubMed]

14. X. Peng, H. Wei, and P. Zhang, “Chosen-plaintext attack on lensless double-random phase encoding in the Fresnel domain,” Opt. Lett. 31(22), 3261–3263 (2006). [CrossRef] [PubMed]

15. Y. Frauel, A. Castro, T. J. Naughton, and B. Javidi, “Resistance of the double random phase encryption against various attacks,” Opt. Express 15(16), 10253–10265 (2007). [CrossRef] [PubMed]

16. A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photon. 1(3), 589–636 (2009). [CrossRef]

17. W. Chen, B. Javidi, and X. Chen, “Advances in optical security systems,” Adv. Opt. Photon. 6(2), 120–155 (2014). [CrossRef]

18. K. T. Alligood, T. D. Sauer, and J. A. Yorke, Chaos: An Introduction to Dynamical Systems (Springer, 2001).

Optical binary image encryption using aperture-key and dual wavelengths

Abstract

1. Introduction

2. Principle

3. Numerical simulations and discussion

4. Conclusion

Acknowledgments

References and links

Cited By

Figures (10)

Equations (8)

Optics Express