Asymmetric cryptosystem using random binary ... - OSA Publishing

May 15, 2013 / Vol. 38, No. 10 / OPTICS LETTERS

1651

Asymmetric cryptosystem using random binary phase modulation based on mixture retrieval type of Yang–Gu algorithm Wei Liu,1 Zhengjun Liu,2 and Shutian Liu1,* 1 2

Department of Physics, Harbin Institute of Technology, Harbin 150001, China

Department of Automation Measurement and Control, Harbin Institute of Technology, Harbin 150001, China *Corresponding author: [email protected] Received February 20, 2013; revised April 4, 2013; accepted April 16, 2013; posted April 16, 2013 (Doc. ID 185549); published May 9, 2013

We propose an asymmetric optical image encryption scheme that uses an amplitude and phase mixture retrieval of the Yang–Gu algorithm. The encryption process is realized by employing a cascaded Yang–Gu algorithm together with two random phase masks that serve as the public encryption keys. The two private keys are generated in the encryption process and are randomly distributed binary matrices to be used for performing one-way binary phase modulations. Without the private keys, illegal users cannot retrieve the secret image. Numerical simulations are carried out to demonstrate the validity and security of the proposed scheme. © 2013 Optical Society of America OCIS codes: (060.4785) Optical security and encryption; (070.0070) Fourier optics and signal processing. http://dx.doi.org/10.1364/OL.38.001651

Optical image encryption has attracted much attention since Refrégiér and Javidi proposed the double random phase encoding technique [1]. Many other methods based on modern optical information processing means, e.g., optical transform [2], holography [3], diffraction [4], and polarization [5], have been proposed for optical image encryption. However, as most of the existing methods belong to the symmetric cryptosystem, distribution and management of secret keys would be a problem when increasing the number of legal users because the encryption and decryption keys are the same. Recently, asymmetric cryptosystems (ACSs) based on phase and/ or amplitude truncation have be proposed [6–8]. However, it has been demonstrated that an iterative retrieval algorithm can decipher the phase-truncation-based ACS [9], due to the vulnerability of the private key pairs. In this Letter we propose a security-enhanced ACS that cooperates with the Yang–Gu mixture amplitude–phase retrieval algorithm [10]. Our motivation is to redesign the public and private key structures so that the ciphertext can depend on both the public and private keys in a more complicated pattern. The encryption process can be regarded as a cascaded iterative amplitude and phase retrieval, as illustrated in Fig. 1. The two private keys γ 1 and γ 2 , leading to the asymmetry key spaces, are generated in the encryption process. Our scheme begins with a connection of two complex amplitudes, which can describe the input and output of an optical system, by a mixture-type amplitude–phase retrieval described as ˆ g
u; vP 1
u; v  UfI
x; y expiϕ1
x; yg:

(1)

Here, I
x; y represents the amplitude of the secret image, P 1
u; v represents the public random phase key, and Uˆ represents an integral operator for an optical system. g
u; v and ϕ1
x; y are the unknown amplitude and phase, which need to be retrieved to satisfy the above equation. For simplicity, the operation Uˆ is chosen as an optical Fourier transform (FT). We design an iterative 0146-9592/13/101651-03$15.00/0

process to determinate the distributions of g
u; v and ϕ1
x; y, as shown in Fig. 2. In the initialization, g0
u; v is generated randomly in the interval [0,1]. The constraints in the transform planes are used for updating the amplitude and phase, respectively. f
x; y denotes the amplitude transformed from the retrieved gk
u; v. After kth iteration, the new g
u; v is updated by gk1
u; v  RefF k
u; vP 1
u; vg;

(2)

of which F k
u; v denotes the FT result. The convergence criteria is decided by the normalized mean square error (NMSE) between f
x; y and I
x; y, defined as NMSE 

X

X I
m; n − f
m; n2∕ I 2
m; n;

m;n

(3)

m;n

where
m; n denotes the pixel position. When NMSE or the iterative number reaches the preset threshold value, the iteration stops. The final retrieved amplitude g
u; v in Eq. (2) is not a “true amplitude” that contains both positive and negative elements. Hence a one-way binary phase modulation expiπγ 1
u; v is introduced for realizing optical detection by a CCD camera, of which the private modulation region γ 1
u; v is generated by
γ 1
u; v 

1 0

g
u; v < 0 : g
u; v > 0

(4)

Thus the detectable “true amplitude” obtained by the one-way binary phase modulation is given as P2 x ', y '

P1 u , v

I x, y

Amplitude -phase retrieval algorithm

g ' u, v

1

Fig. 1.

u, v

Amplitude -phase retrieval algorithm

C ' x ', y '

2

x ', y '

Flowchart of the proposed encryption process.

© 2013 Optical Society of America

1652

OPTICS LETTERS / Vol. 38, No. 10 / May 15, 2013 Initialization g u , v 0

g k u , v P1 u , v

g u, v

Output

gk

1

u, v

IFT

f x, y exp i

1k

x, y

Re Fk u, v P1*

Phase Constraint

Amplitude Constraint

FT

Fk u , v

I x, y exp i

1k

x, y

Fig. 2. Flowchart of the kth loop of the iterative process for the first step of encryption. FT and IFT indicate Fourier transform and inverse Fourier transform.

g0
u; v  g
u; v expiπγ 1
u; v:

D1
u; v  P 1
u; v expiπγ 1
u; v;

(6)

D2
x0 ; y0   P 2
x0 ; y0  expiπγ 2
x0 ; y0 :

(7)

A simple optical setup for decryption is shown in Fig. 4. Two computer-controlled spatial modulators, SLM1 and SLM2 , are closely assembled, and display the amplitudes (C 0
x0 ; y0  and g0
u; v) and the phase decryption keys (D2
x0 ; y0  and D1
u; v), respectively. The decryption is implemented by two-step FTs by the lens with focal length f . The system is illuminated by a parallel laser beam. The CCD camera detects the intensities of jg0
u; vj2 in the first step and then feeds g0
u; v back to SLM1 . In the second step it receives the intensity of the retrieved image jI
x; yj2 . D2 x ', y '

Fig. 3.

D1 u , v

AR g ' u , v

C 0  jFTfjFTfIP 1 gjP 2 gj;

(8)

C 0  jFTfjFTfI exp
iϕ1 gj exp
iϕ2 gj;

(9)

(5)

As shown in Fig. 1, the amplitude g0
u; v is then employed as the input of the next iterative process in another FT system with the second random phase key P 2
x0 ; y0 , and the private key γ 2
x0 ; y0  is generated simultaneously to obtain the final positive encryption result C 0
x0 ; y0 . The corresponding decryption process is illustrated in Fig. 3, which can be implemented digitally or optically. Here the operator “AR” means amplitude reservation, “⊗” is the symbol of multiplication, and the phases for decryption, D1 and D2 , which are generated by performing private binary modulations to the public keys, can be written as

C ' x ', y '

Like most famous asymmetric algorithms such as the RSA algorithm [11], the trapdoor one-way function ideology is also considered here to achieve our ACS. The trapdoors in the phase-truncation-based ACS [6, 7] are the truncated phases at the transform planes that serve as the private keys. In our scheme, the private random modulation serves as the trapdoor one-way function that makes the decryption impotent for the illegal users. If we write out the relationship between the ciphertext and the plaintext for these two schemes as

AR I x, y

where the coordinates are omitted for simplicity, we can see the difference between these two schemes. The ciphertext of the phase-truncation-based ACS [Eq. (8)] is explicitly relative to the public keys and irrelevant to the private keys, which hints at a vulnerability to the attacks. However, in our scheme [Eq. (9)], the ciphertext depends on two random phases exp
iϕ1  and exp
iϕ2 , which are controlled by both the public and the private key pairs [see Eqs. (1) and (5)]. Without knowing the private keys, one cannot retrieve the secret image only with the public phase keys. The attackers can not even guess the private keys using iterative phase retrieval algorithms, because they do not have enough constraints to establish the retrieval. Computer simulations are carried out to demonstrate the validity and security of the proposed system; the grayscale image “Cameraman,” which has a size of 256 × 256 pixels, is chosen as an example, and the encryption results are shown in Fig. 5. The original image is shown in Fig. 5(a), and the corresponding encryption image in the form of stationary white noise is presented in Fig. 5(b). The private keys γ 1
u; v and γ 2
x0 ; y0  generated in the encryption process are illustrated in Figs. 5(c) and 5(d), respectively, and are random distributions of 0 and 1. The iteration times are chosen as 5000 to obtain a high-quality decrypted image. The necessary numerical simulations are also performed to analyze the modulation security performance, as shown in Fig. 6. The test is taken without modulations for decryption, while the encryption process is introduced a binary modulation as the test in [12]. As a (a)

(b)

Flowchart of the decryption process.

SLM1

L

SLM2

I(x,y)

CCD

f

(c)

C‘(x‘,y‘) (d)

f PC

Fig. 4. Schematic diagram of the optical implementation for decryption. SLM, spatial light modulator; L, lens; CCD, CCD camera; PC, personal computer.

γ (u,v) 1

γ (x‘,y‘) 2

Fig. 5. (a) Tested image, (b) encrypted image, (c), and (d) generated private keys.

0.4

(a) NMSE

NMSE

May 15, 2013 / Vol. 38, No. 10 / OPTICS LETTERS

0.2 0 0

t=π

0.3

0.5

1

0.4

1653

(b)

0.2 p=0.35 0 0

0.5

1

p

1.5

2

t/π

Fig. 6. Security test results of (a) random modulation regions and (b) modulation parameters.

Table 1. Occupied Percentage of the Modulation Regions Test Image p
γ 1 ; γ 2 

Lena

Baboon

Cameraman

(0.35, 0.44)

(0.31, 0.45)

(0.40, 0.46)

security reference standard, large NMSE means high security performance. Here we should emphasize that NMSE > 0.3 is large enough to ensure the decrypted image is unrecognizable, p denotes the occupied percentage of the random modulation region, and t represents the parameter chosen for binary modulation (in our case t  π). It can be found in Fig. 6(a) that the secure choice of p is roughly in the interval [0.22, 0.78] when t  π; meanwhile, Fig. 6(b) shows that the secure modulation parameter is between 0.64π and 1.36π when p  0.35. The optimal choices are p  0.5 and t  π, respectively, which can achieve the highest security. Several meaningful grayscale images have been tested to discuss the statistical range of p in our method (t  π), as shown in Table 1, and the safe interval [0.3, 0.5] can cover the general encoding cases. The security is also tested by using different keys for decryption, and the corresponding simulation results are presented in Fig. 7. The decrypted image using correct private keys with NMSE  0.003 is illustrated in Fig. 7(a). The decoded image obtained by performing the brute-force attack is shown in Fig. 7(b), and uses some random binary matrices generated by the computer as the private keys. Figure 7(c) shows the decryption result using the public keys. If illegal users try to use fake keys, e.g., keys generated by the fake plaintext “Lena,” to decipher the ciphertext produced by “Cameraman,” the corresponding failed decryption result is presented in Fig. 7(d). Moreover, as each ciphertext corresponds to the unique private keys, the existing attacks, e.g., the chosen ciphertext attack [13], the known plaintext attack [14], and the chosen plaintext attack [15, 16], are invalid to this system. As a result, high security against various attacks can be obtained by the proposed ACS.

Fig. 7. Decoded image using (a) correct private keys, (b) random keys, (c) public keys, and (d) fake keys.

In summary, we have proposed an ACS using random binary phase modulations based on the Yang–Gu algorithm. The secure image can be encrypted by two random phase public keys in a scheme of amplitude–phase retrieval operation, resulting in a real encrypted image output and two individual binary random private keys. Numerical simulations have successfully demonstrated the validity and high security of the proposed method. This work was supported by the National Natural Science Foundation of China under grant nos. 10974039 and 11104049 and the Program for New Century Excellent Talents in University (NCET-12-0148). References 1. P. Refrégiér and B. Javidi, Opt. Lett. 20, 767 (1995). 2. B. Zhu, S. Liu, and Q. Ran, Opt. Lett. 25, 1159 (2000). 3. S. Kishk and B. Javidi, Opt. Lett. 28, 167 (2003). 4. G. Situ and J. Zhang, Opt. Lett. 29, 1584 (2004). 5. A. Alfaloul and C. Brosseau, Opt. Lett. 35, 2185 (2010). 6. W. Qin and X. Peng, Opt. Lett. 35, 118 (2010). 7. W. Qin, X. Peng, X. Meng, and B. Gao, Opt. Eng. 50, 080501 (2011). 8. S. Rajput and N. Nishchal, Appl. Opt. 52, 871 (2013). 9. X. Wang and D. Zhao, Opt. Commun. 285, 1078 (2012). 10. G. Yang, B. Gu, and B. Dong, Proc. SPIE 1767, 457 (1992). 11. R. L. Rivest, A. Shamir, and L. Adleman, Commun. ACM 21, 120 (1978). 12. X. Cheng, L. Cai, Y. Wang, X. Meng, H. Zhang, X. Xu, X. Shen, and G. Dong, Opt. Lett. 33, 1575 (2008). 13. A. Carnicer, M. Montes-Usategui, S. Arcos, and I. Juvells, Opt. Lett. 30, 1644 (2005). 14. U. Gopinathan, D. S. Monaghan, T. J. Naughton, and J. T. Sheridan, Opt. Express 14, 3181 (2006). 15. X. Peng, H. Wei, and P. Zhang, Opt. Lett. 31, 3261 (2006). 16. P. Kumar, A. Kumar, J. Joseph, and K. Singh, Opt. Lasers Eng. 50, 1196 (2012).