Asymmetric MultipleImage Encryption Based on Octonion Fresnel Transform and Sine Logistic Modulation Map
 Author: Li Jianzhong
 Publish: Journal of the Optical Society of Korea Volume 20, Issue3, p341~357, 25 June 2016

ABSTRACT
A novel asymmetric multipleimage encryption method using an octonion Fresnel transform (OFST) and a twodimensional Sine Logistic modulation map (2DSLMM) is presented. First, a new multipleimage information processing tool termed the octonion Fresneltransform is proposed, and then an efficient method to calculate the OFST of an octonion matrix is developed. Subsequently this tool is applied to process multiple plaintext images, which are represented by octonion algebra, holistically in a vector manner. The complex amplitude, formed from the components of the OFSTtransformed original images and modulated by a random phase mask (RPM), is used to derive the ciphertext image by employing an amplitude and phasetruncation approach in the Fresnel domain. To avoid sending whole RPMs to the receiver side for decryption, a random phase mask generation method based on SLMM, in which only the initial parameters of the chaotic function are needed to generate the RPMs, is designed. To enhance security, the ciphertext and two decryption keys produced in the encryption procedure are permuted by the proposed SLMMbased scrambling method. Numerical simulations have been carried out to demonstrate the proposed scheme's validity, high security, and high resistance to various attacks.

KEYWORD
Octonion Fresnel transform , Sine logistic modulation map , Asymmetric cryptosystem , Multipleimage encryption

I. INTRODUCTION
Over the past two decades, optical image encryption techniques have played an important role in the information security field. Since development of the double random phase encryption (DRPE) technique [1], in which the image is encoded to be a white noise pattern with two statistically independent random phase masks (RPM), a number of improved DPREbased image encryption methods have been proposed, to achieve higher security [27]. Most of the optical encryption methods can be viewed as symmetric cryptosystems, in which the keys for encryption and decryption are identical [8]. However, earlier studies indicated that these cryptosystems are lacking in security strength, because of the inherently linear property of mathematical or optical transformation, and are vulnerable to various attacks such as chosen plaintext attack [811]. In addition, most schemes mainly focused on singleimage encryption, which leads to deficiency in multipleimage encryption and transmission [8].
To avoid the problems that arise from the linearity and symmetry of DRPE, an asymmetric encryption scheme based on phase truncated Fourier transforms has also been proposed [12], in which the encryption keys (public keys) are different from the decryption keys (private keys). However, when RPMs are used as public keys to encrypt different plaintexts, this method is still vulnerable to specific attacks such as known public key attack [13, 14]. To enhance security, it has been further extended from the Fourier transform (FT) domain to the Fresnel transform (FST) domain [15], the fractional Fourier transform (FrFT) domain [8], the Gyrator transform (GT) domain [11, 16], etc. To improve the efficiency of image transmission and communication over a network, more and more multipleimage encryption methods have been proposed [1721]. Situ and Zhang reported the wavelength multiplexingbased multipleimage encryption scheme [16]. Using DRPE and an orthogonal encoding technique, Lee and Cho presented a multipleimage encryption method [18]. Based on the nonlinear amplitudetruncation (AT) and phasetruncation (PT) operations in the FT domain, Wang and Zhao developed an asymmetric multipleimage encryption scheme [19]. Based on coupled logistic maps and an iterative phaseretrieval process, Sui
et al . introduced an asymmetric multipleimage encryption technique in the FrFT domain [20], but it has a high computational cost due to its iterative phaseretrieval process. Abuturab designed a multiplecolorimage security system based on a generalized Arnold map in the GT domain [21]. However, the plaintexts in most multipleimage encryption methods are manipulated independently, resulting in complicated systems. Additionally, the increase in keys, such as the whole RPMs that have to be sent to the receiver side for decryption, in the aforementioned DRPEbased encryption schemes make it difficult to save and distribute the keys expediently and safely [2223].In this paper, based on the octonion Fresnel transform (OFST) and twodimensional Sine Logistic modulation map (2DSLMM), a novel asymmetric multipleimage encryption method is presented. In the proposed approach, first the OFST is defined and its calculation for an octonion matrix is developed. Then multiple images are processed holistically in a vectorial manner using OFST. Subsequently, the components of the OFSTtransformed images are combined to construct the input complex amplitude. To improve robustness against attacks, the input information is modulated by a phase mask, which is generated based on 2DSLMM. The initial values of the SLMM, which is computed using the components of the OFSTtransformed images, are used as decryption keys. With AT, PT, and RPMs, the complex amplitude is encrypted in the Fresnel domain, and two decryption keys are produced in the encryption process. To enhance security, the encrypted result and two decryption keys are permuted by the proposed SLMMbased scrambling method. During decryption, the eight original grayscale images can be recovered with the correct encryption and decryption keys. Numerical simulations are presented to demonstrate the feasibility and performance of this encryption.
II. RELATED BACKGROUND
In this section, we discuss some related theories before extending the traditional FST to the octonion domain, showing how to calculate the OFST of an octonion matrix, and designing the 2DSLMMbased scrambling technique, etc.
2.1. Octonion Number
Octonions can be viewed as octets (or 8tuples) of real numbers [24] and have been applied in image processing, such as image saliency detection [25]. An octonion can be represented as follows [24, 25]:
where ζ_{0},
ζ _{1},ζ _{2},ζ _{3},ζ _{4},ζ _{5},ζ _{6}, andζ _{7} are real numbers, andi ,j ,k ,l ,m ,n ando are seven imaginary units which satisfy the following rules [24]The addition and subtraction of octonions are performed by adding and subtracting corresponding terms [25]. However, the multiplication of octonions is neither commutative nor associative [24, 25]. The multiplication rules, which describe the result of multiplying the element in the
p ^{th} (p = 1, 2, ⋯, 7) row by the element in theq ^{th} (q = 1, 2,⋯, 7) column, are given in Table 1 [25].The conjugate and modulus of an octonion are respectively defined by [25]
When
ζ _{0} = 0,ON is a pure octonion.2.2. The Fresnel Transform
The Fresnel transform of a function
f (x ,y ) is given by [26]where
FST_{D} [•] denotes the Fresnel transform with respect toD . In Eq. (4),D is the diffraction distance,λ is the wavelength, and (x ,y ) and (u ,v ) are the coordinates of the input and the transform planes respectively.Since the FST of
f (x ,y ) is a complex function,F (u ,v ) can also be expressed as followswhere Re(
x ) and Im(x ) represent respectively the real and imaginary parts of the complex numberx .For simplicity, let
P =π [2D ^{2}+(u x )^{2}+(v y )^{2}]/(λD ). According to Euler’s formula exp(jx )=cosx +j sinx , Eq. (4) can be rewritten asComparing Eqs. (5) and (6), the real and imaginary parts of
f (x ,y ) after FST are as followsThe inverse Fresnel transform (IFST) means an FST of a Fresnel diffraction pattern with the distance parameter –
D [27].2.3. The Asymmetric Encryption Technique in The Fresnel Domain
Based on the amplitudetruncated and phasetruncated strategy, an asymmetric cryptosystem in the Fresnel domain was reported in [15]. Figure 1 shows the schematic optical encryption setup for this asymmetric cryptography [15]. In Fig. 1, three planes are defined as the input plane, the transform plane, and the output plane. The corresponding coordinates of the three planes are denoted respectively by (
x _{0},y _{0}), (s ,t ) and (x _{1},y _{1}). The distances between adjacent planes areD 1 andD 2. Two random phase masksRPM 1 andRPM 2 are located in the input plane and the transform plane, respectively.In the asymmetric encryption method in the Fresnel domain, when the system is illuminated by a collimated plane wave of wavelength
λ , the input imagef (x _{0},y _{0}) modulated byRPM 1 is transformed by FST with respect toD 1, and a complex distribution can be obtained. The real amplitude and phase maps of the complex distribution just beforeRPM 2 can be extracted by employing the angular spectrum algorithm, to describe the freespace propagation process [15]. Then the achieved real amplitude multiplied byRPM 2 is Fresnel transformed with respect toD 2. Similarly, the real amplitude and phase maps of the Fresnel spectrum in the chargecoupled device (CCD) plane can be extracted. This last amplitude is the final ciphertext and the two phase maps are use as decryption keys. Since amplitude and phase maps can be displayed by a spatial light modulator (SLM), the asymmetric cryptosystem in the Fresnel domain can be implemented by an optical or digital approach [15].2.4. 2D Sine Logistic Modulation Map
Due to their excellent properties, such as sensitivity to initial conditions and control parameters, chaotic maps are employed to encrypt the image, which can strengthen the nonlinearity of the image [8]. Since 2DSLMM offers a wider chaotic range and better ergodicity and hyperchaotic properties than existing chaotic maps [28], it has been chosen to design the scrambling method and generate the RPMs in this study. 2DSLMM is defined as [28]
where 0 ≤
α ≤ 1 and 0 ≤β ≤3 are control parameters. Whenβ is close to 3, 2DSLMM exhibits good chaotic performance [28].III. OCTONION FRESNEL TRANSFORM
3.1. Definition
Similar to Eq. (4), the rightside OFST with respect to
D andλ is defined by Eq. (10), due to the noncommutative and nonassociative multiplication properties of octonions:where
f_{oc} (x ,y ) is a twodimensional octonion function andμ is a pure unit octonion meeting the constraint thatμ ^{2} = 1 [29, 30].OFST () denotes the OFST operation.Corresponding to OFST, the inverse rightside OFST (IOFST) is defined as
Here,
IOFST () is the IOFST operation. OFST and IOFST are transformation pairs of each other. They ensure that an octonion functionf_{oc} (x ,y ) that is transformed into the OFST domain can be reconstructed completely by the inverse process, without losing any information.3.2. OFST Calculation
The method that utilizes the existing FST algorithm to calculate the OFST of an octonion matrix is developed in this subsection. Using the FST algorithm, the OFST can be implemented efficiently.
Let
P =π [2D ^{2}+(u x )^{2}+(v y )^{2}]/(λD ). Using Euler’s Formula for Octonions, exp(μ x )=cosx +μ sinx [29], Eq. (10) can be rewritten asSince
f_{oc} (x ,y ) is an octonion function, it can be represented aswhere
f _{0}(x ,y ),f _{1}(x ,y ),f _{2}(x ,y ),f _{3}(x ,y ),f _{4}(x ,y ),f _{5}(x ,y ),f _{6}(x ,y ), andf _{7}(x ,y ) are realvalue functions. For simplicity, letf _{oc} ,f _{0},f _{1},f _{2},f _{3},f _{4},f _{5},f _{6}, andf _{7} denotef_{oc} (x ,y ),f _{0}(x ,y ),f _{1}(x ,y ),f _{2}(x ,y ),f _{3}(x ,y ),f _{4}(x ,y ),f _{5}(x ,y ),f _{6}(x ,y ), andf _{7}(x ,y ) respectively in the following equations.Considering the general unit pure octonion μ=
γ _{1}i +γ _{2}j +γ _{3}k +γ _{4}l +γ _{5}m +γ _{6}n +γ _{7}o (whereγ _{1},γ _{2},γ _{3},γ _{4},γ _{5},γ _{6}, andγ _{7} are real numbers), substitutingf_{oc} andμ into (12), we haveUsing Eq. (7), Eq. (15) can be obtained after calculating Eq. (14):
From Table 1, we have
Substituting Eqs. (2) and (16) into Eq. (15), we have
where
It can be seen from Eq. (18) that each coefficient in
F _{0},F _{1},F _{2},F _{3},F _{4},F _{5},F _{6}, andF _{7} contains the information off _{0},f _{1},f _{2},f _{3},f _{4},f _{5},f _{6}, andf _{7}. Similarly, applying the rightside IOFST to Eq. (17), the reconstructedf’_{oc} (x ,y ) can be obtained:where
In Eq. (20),
F _{0},F _{1},F _{2},F _{3},F _{4},F _{5},F _{6}, andF _{7} denoteF _{0}(u ,v ),F _{1}(u ,v ),F _{2}(u ,v ),F _{3}(u ,v ),F _{4}(u ,v ),F _{5}(u ,v ),F _{6}(u ,v ) andF _{7}(u ,v ) respectively.As can be seen from formulas (14)(20), the rightside OFST and IOFST of an octonion matrix can be calculated effectively using the traditional FST and IFST algorithms.
IV. THE 2D SLMMBASED RANDOMPHASEMASKGENERATION METHOD AND 2D SLMMBASED SCRAMBLING METHOD
Singh
et al . [22] and Liuet al . [31] stated that the security and the amount of RPM data of an encryption technique, in which the entire RPMs have to be sent to the receiver side to decrypt the original image, can be improved and reduced by employing a chaotic function to generate the chaotic random distributions that are use to construct the RPMs. Heet al . [32] claimed that an optical security system can resist some potential attacks, such as chosen plaintext attack, by use of a scrambling technique. Since the chaotic sequences generated by 2D SLMM have the characteristics of a good random distribution, and are extremely sensitive to the initial value of the chaotic function, an SLMMbased RPM generation (SBRPMG) method and an SLMMbased scrambling (SBS) method are presented to generate the RPM and permute the positions of image pixels. Supposing the size of the input data imageI (x ,y ) isM ×N , the two methods are described as follows.4.1. The SLMMbased RandomPhaseMaskGeneration Method
The procedure for generating the RPM can be described as follows:
1) Initialize
X (1) andY (1) randomly, then iteratively generate two onedimensional (1D) chaotic sequencesX = {X (p )} andY = {Y (p )} using Eq. (9). Here the lengths ofX andY both areMN , andp = 1, 2, …,MN .2) Compute the chaotic sequences
X andY using the following equation:Here, fix(
ρ ) rounds each element ofρ to the nearest integer, down toward zero. All elements ofX andY belong to [0, 1].3) Construct a new 1D sequence
R with lengthMN using the following rule:4) Convert the sequence
R into a 2D matrixΦ with sizeM ×N , which can be considered a random distribution.5) With the random distribution
Φ , the RPM, represented by exp[j 2πΦ (x ,y )] can be obtained.4.2. The SLMMbased Scrambling Method
The scrambling method is described as follows:
1) Initialize
S (1) andT (1) randomly, then iteratively generate two 1D chaotic sequencesS = {S (q )} andT = {T (q )} using Eq. (9). Here the lengths ofS andT both areMN , andq = 1, 2, …,MN .2) With
S andT , produce a new 1D sequenceW with lengthMN according to the following rule:3) Using the quicksort algorithm [33], sort
W in a certain (ascending or descending) order to obtain a new sequenceW’ and its corresponding permutation indicesIW . There areMN elements inIW . The relation betweenW andW’ isW’ =W (IW ). For instance, theq ^{th} element inW’ corresponds to theIW (q )^{th} element inW .4) With
IW , use the following loop procedure (described as pseudocode) to permute the input dataI , and the scrambled dataEI can be obtained.for (
row =1;row ≤M ;row =row +1) { for (col =1;col ≤N ;col =col +1) {Pid =IW ((row 1)×N +col );r = ceil(Pid /N );c =Pid N ×(r 1);EI (row ,col ) =I (r ,c ); } }Here, ceil(
ρ ) rounds each element ofρ to the nearest integer greater than or equal toρ . In the permutation process the values of the elements in the original imageI are not changed, but their corresponding positions are varied.The inverse imagescrambling (decryption) process is similar to the imagescrambling process. In decryption, first find the permutation indices
IW as described in steps (1)(3) with the same parameters. Then permuteEI back to their original positions using the following loop procedure.for (
row =1;row ≤M ;row =row +1) { for (col =1;col ≤N ;col =col +1) {Pid =IW ((row 1)×N +col );r = ceil(Pid /N );c =Pid N ×(r 1);DI (r ,c ) =EI (row ,col ); } }In the above loop procedure,
DI is the decrypted image.V. THE PROPOSED ASYMMETRIC MULTIPLEIMAGE ENCRYPTION AND DECRYPTION
Since an octonion contains a real part and seven imaginary parts, eight images can be represented by an octonion, as shown in Eq. (13). Using this representation, eight images can be processed holistically in a vectorial manner using OFST. Therefore, based on the OFST and 2DSLMM, an asymmetric multipleimage encryption scheme in the Fresnel domain is presented. In the proposed method, at most eight images can be encrypted simultaneously. Since amplitude and phase can be modulated simultaneously by an SLM [35], the proposed method can be implemented using an optical or digital approach. Figure 2 shows the optoelectronic setup of the proposed encryption process. In Fig. 2, BS is a beam splitter, M1, M2, and M3 are mirrors, and RB1 and RB2 are two reference beams that are split from the light source. SLM1, CCD1, and CCD2, which are computercontrolled, are located respectively in the input plane, the transform plane, and the output plane. Supposing
f _{0},f _{1},f _{2},f _{3},f _{4},f _{5},f _{6}, andf _{7} denote eight grayscale images of sizeM ×N respectively, the steps of the encryption procedure are described as follows.1) To treat the eight images in a holistic manner,
f _{0},f _{1},f _{2},f _{3},f _{4},f _{5},f _{6}, andf _{7} are represented by an octonion:f_{oc} =f _{0} +f _{1}i +f _{2}j +f _{3}k +f _{4}l +f _{5}m +f _{6}n +f _{7}o .2) With the distance
D 0 and the wavelength λ_{0},f_{oc} is transformed by OFST:F_{oc} =OFST_{D} _{0}(f_{oc} ) =F _{0} +F _{1}i +F _{2}j +F _{3}k +F _{4}l +F _{5}m +F _{6}n +F _{7}o . Here,F _{0},F _{1},F _{2},F _{3},F _{4},F _{5},F _{6}, andF _{7} are computed using Eq. (18).3) Using
F _{0},F _{1},F _{2},F _{3},F _{4},F _{5},F _{6}, andF _{7}, construct two new matrixes of size 2M ×2N using the following formula.4) Let
EF =FR +jFI .EF can be regarded as the complex amplitude that will be encrypted in the Fresnel domain. The size ofEF is 2M ×2N .5) To enhance robustness against attacks such as the known public key attack, the complex amplitude
EF is modulated by a phase maskRPM 0, mathematically represented by the functionEF_{M} (x _{0},y _{0}) =EF (x _{0},y _{0})exp [j 2πΦ (x _{0},y _{0})]. Here,RPM 0 = exp[j 2πΦ (x _{0},y _{0})] is generated using the SBRPMG with initial parametersPR_{x} _{1} andPR_{y} _{1}. That is,RPM 0 =SBRPMG (PR_{x} _{1},PR_{y} _{1}, 2M , 2N ), where SBRPMG() is the SLMMbased RPM generation operation. The parametersPR_{x} _{1} andPR_{y} _{1} correspond toX (1) andY (1) described in step 1 of subsection 4.1, and are obtained using the following formula:where mean(
x ) returns the mean value ofx . x  returns the absolute value or the complex magnitude ofx .6) The complex amplitude
EF_{M} is then multiplied by a random phase maskRPM 1=SBRPMG (PK 1_{x1},PK 1_{y1}, 2M , 2N )=exp[j 2πΦ (x _{0},y _{0})]. Here the initial parametersPK 1_{x1} andPK 1_{y1} are two random numbers in the range (0, 1). So the complex amplitude can be written asU (x _{0},y _{0})=EF_{M} (x _{0},y _{0})exp[j 2πΦ (x _{0},y _{0})].7) Import
U (x _{0},y _{0}) into SLM1, which is located in the input plane and under computer control. When the system is perpendicularly illuminated by a plane wave of wavelengthλ _{1},U (x _{0},y _{0}) is then transformed by FST with respect toD 1. The complex distributionU _{1}(s ,t ) can be represented bywhere FST() is the Fresnel transform operation. Then the amplitude
Am 1(s ,t ) and phase functionPh 1(s ,t ) of the complex distribution can be extracted with the PT and AT operationswhere PT() denotes tphase truncation, the operation of truncating the phase part while retaining the amplitude part [19], and AT() stands for amplitude truncation, the operation of truncating the amplitude part while retaining the phase function distributed on the interval [0,2π ] [8, 19].
8) Subsequently, the real amplitude
Am 1(p ,s ) multiplied by another random phase maskRPM 2 =S BRPMG (PK 2_{x1},PK 2_{y1}, 2M , 2N ) = exp[j 2πψ (s ,t )]. is fed into SLM2, and then transformed to another complex distribution using FST withD 2 andλ _{1}. Here the initial parametersPK 2_{x1} andPK 2_{y1} are also two random numbers in the range (0, 1). The resultant distribution can be written asThe amplitude of the resultant distribution, which is the encrypted signal, and the corresponding phase function are obtained by the PT and AT operations as follows:
9) To enhance security,
Am 2,Ph 1, andPh 2 are permuted by the proposed SBS method mentioned in subsection 4.2, as follows:where SBS() is the SLMMbased scrambling operation.
SAm 2 is the final ciphertext of the proposed encryption scheme. The parametersSK _{s1} andSK _{t1} correspond toS (1) andT (1) in step 1 of subsection 4.2, and are obtained using the following formula:where rdp(
x ,dn ) is the operation that retains thedn ^{th} decimal place ofx ,dn being an integer. That is,x is accurate to thedn ^{th} decimal place.In the encryption process mentioned above, steps (1)(6) and (9) will be performed digitally. As shown in Fig. 2, the complex function
U obtained in step (6) is fed into the SLM1 and illuminated by a monochromatic light, then recorded by CCD1. The phasetruncated partAm 1 of the Fresnel spectrum may be generated by CCD1 [11]. The corresponding amplitudetruncated partPh 1 may be generated by interferometry with the reference beam RB1, which is split from the light source [19]. Subsequently, the obtained real amplitudeAm 1 multiplied byRPM 2 is imported into SLM2, and then Fresnel transformed. Similarly, the amplitude and phase of the resultant distribution can be measured by interferometry with reference beam RB2 and CCD2. RB2 is also split from the light source. The extracted amplitude and phase are stored in a computer. After scrambling the last amplitude, the final ciphertext can be obtained. The two obtained phase functions are reserved as decryption keys. Figure 3 is the flowchart of the encryption process. In Fig. 3, the symbol denotes multiplication.In the proposed encryption method, the parameters
D 0,D 1,D 2,λ _{0},λ _{1},PK 1_{x1},PK 1_{y1},PK 2_{x1}, andPK 2_{y1} are used as the encryption keys, whilePR _{x1},PR _{y1},SPh 1, andSPh 2, which are derived in the encryption procedure and directly related to the plaintext images, are used as decryption keys. Additionally, the decryption keys are totally different from the encryption keys. The encrypted data can be decrypted correctly by using not only the encryption keys but also the decryption keys. With the aforementioned encryption and decryption keys, this cryptosystem enlarges the key space markedly. Since the initial values of the 2D SLMM function are used to generate the RPMs in decryption, there is no need to send the whole RPMs to the receiver for decryption, which drastically reduces the amount of key data. It is worth noting that the scrambling parametersSK _{s1} andSK _{t1} in step (9) do not need to be saved as secret keys, because they can be calculated from the private keysSPh 1 andSPh 2 during decryption.In addition, eight grayscale images all of size
M ×N can be encrypted into one of size 2M ×2N , which means the compression ratio of the proposed encryption method can be 1:2.The steps of the decryption process are given as follows.
1) The ciphertext
SAm 2 and decryption keysSPh 1 andSPh 2 are permuted by the proposed inverse scrambling procedure as follows:where ISBS() is the inverse SLMMbased scrambling operation. The parameters
ISK _{s1} andISK _{t1} are obtained using the following formula:2)
ISAm 2 and exp(jISPh 2) are multiplied and then transformed by IFST with respect toD 2 andλ _{1}:where IFST() is the inverse Fresnel transform operation.
3)
DU (s ,t ) is multiplied by the conjugate ofRPM 2, which is generated using the SBRPMG method with encryption keysPK 2_{x1} andPK 2_{y1}, to obtainAm 1’(s ,t ):4)
Am 1’(s ,t ) and exp(jISPh 1) are multiplied and then transformed by IFST with respect toD 1 andλ _{1}:5)
DU _{1}(x _{0},y _{0}) is multiplied by the conjugate ofRPM 1, which is generated using the SBRPMG method with encryption keysPK 1_{x1} andPK 1_{y1}, to obtainEF ’_{M} (x _{0},y _{0}):6)
EF ’_{M} (x _{0},y _{0}) is multiplied by the conjugate ofRPM _{0}, which is produced using the SBRPMG method with decryption keysPR _{x1} andPR _{y1}, to obtainEF ’ (x _{0},y _{0}):7) Take the real part
FR ’ and imaginary partFI ’ ofEF ’ (x _{0},y _{0}):where real(
x ) and imag(x ) are the operations that return respectively the real and imaginary parts of the elements ofx .8) First, let
F ’_{0} =FR ’[1:M , 1:N ],F ’_{1} =FR ’[1:M ,N +1:2N ],F ’_{2} =FR ’[M +1:2M , 1:N ],F ’_{3} =FR ’[M +1:2M ,N +1:2N ],F ’_{4} =FI ’[1:M , 1:N ],F ’_{5} =FI ’[1:M ,N +1:2N ],F ’_{6} =FI ’[M +1:2M ,1:N ], andF ’_{7} =FI ’[M +1:2M ,N +1:2N ]. ThenletF ’_{oc} =F ’_{0}+F ’_{1}i +F ’_{2}j +F ’_{3}k +F ’_{4}l +F ’_{5}m +F ’_{6}n +F ’_{7}o .9) Apply IOFST to
F ’_{oc} to findf ’_{oc}:Thus,
f ’_{0},f ’_{1},f ’_{2},f ’_{3},f ’_{4},f ’_{5},f ’_{6}, andf ’_{7} are the decrypted images.As can be seen from Eqs. (31) and Eq. (33), the mean values of
Ph 1,Ph 2,SPh 1, andSPh 2, denoted bym _{Ph1},m _{Ph2},m _{SPh1}, andm _{SPh2} respectively, are used to calculateSK _{s1},SK _{t1},ISK _{s1}, andISK _{t1}, which are the initial parameters of the scrambling and inversescrambling methods respectively. In theory,m _{Ph1} andm _{Ph2} are identical tom _{SPh1} andm _{SPh2}, since the values of the elements inPh 1 andPh 2 are not changed, though their corresponding positions are varied in the permutation process. However, because of the limited number of significant digits (e.g. the number of significant digits for doublefloatingpoint numbers in C programming languages is 15) [34], the different computation order between the elements ofPh 1 and those ofSPh 1 in calculating the mean, the different computation order between the elements ofPh 2 and those ofSPh 2 in calculating the mean, and rounding,m _{Ph1} andm _{Ph2} are slightly different fromm _{SPh1} andm _{SPh2} respectively. Hence the rdp(x ,dn ) operation is used to eliminate the slight differences betweenm _{Ph1} andm _{SPh1}, and betweenm _{Ph2} andm _{SPh2} in Eqs. (31) and Eq. (33). In the experiments,dn is 12.Figure 4 depicts the decryption process. In Fig. 4, conj (
RPM 2), conj(RPM 1), and conj(RPM 0) are respectively the conjugates ofRPM 2,RPM 1, andRPM 0.VI. NUMERICAL SIMULATION RESULTS
To verify the feasibility of the proposed encryption technique, numerical simulations are performed on the eight grayscale images “Girl”, “Couple”, “Butterfly”, “Crowd”, “Truck”, “Lake”, “Goldhill” and “Boat”, all of size 256×256, shown in Fig. 5. The tests are carried out on a notebook computer with Intel(R) Core(TM) i74700HQ CPU @ 2.40 GHz and 8 GB of DDRL3 RAM, and with MATLAB R2013a. In the experiments, the system parameters are
μ = (i +j +k +l +m +n +o )/7^{1/2} [29],α = 0.998,β = 3,D 0 = 50 mm,D 1 = 20 mm,D 2 = 30 mm,λ _{0} = 537.8 nm,λ _{1} = 632.8 nm,PK 1_{x1} = 0.41,PK 1_{y1} = 0.52,PK 2_{x1} = 0.36,PK 2_{y1} = 0.75, anddn = 12, and a pixel size of 6.72 μm is used in the input plane. To evaluate the quality of the decrypted image, the mean square error (MSE) between the original plaintext image and the decrypted image is calculated as follows:where
f (m ,n ) denotes the original plaintext image andf ’(m ,n ) is the corresponding decrypted one.6.1. Performance of the Encryption System
Using the proposed encryption scheme, the eight plaintext images are encrypted, and the ciphertext shown in Fig. 6(a) is obtained. To investigate the performance of the proposed scheme, the ciphertext is decrypted using both correct and incorrect keys. The MSEs between original and decrypted images are listed in Table 2. Figs. 6(b)(i) display the eight images retrieved with the correct keys respectively. They are perfect, without any noise or distortion. As shown in Table 1, all the corresponding MSEs are approximately zero.
As a multipleimage encryption scheme based on an asymmetric technique, the decryption keys play an important role. To evaluate the influence of the decryption keys, cases in which
PR _{x1},PR _{y1},SPh 1, andSPh 2 have been slightly changed are explored. Figures 7 and 8 show the images decrypted with the wrong keysPR _{x1} =PR _{x1}+10^{15} andPR _{y1} =PR _{y1}+10^{15}. The private keysSPh 1 andSPh 2, in which every element is changed by 10^{13} and also represented asSPh 1 =SPh 1+10^{13} andSPh 2 =SPh 2+10^{13}, have been use to decode the ciphertext; Figs. 9 and 10 are the corresponding decoded images. From Table 2, all the MSE values of the decrypted images in Figs. 710 are greater than 2×10^{4}. Experiments indicate that the decrypted results are noiselike images and cannot afford any valid information when the absolute values of the deviations ofPR _{x1} andPR _{y1} are up to 10^{15}, and those ofSPh 1 andSPh 2 are up to 512×512×10^{13}. Therefore, the decryption keys are highly sensitive to the proposed method.Now we investigate the sensitivity of retrieved images to a small change in the parameters of the 2D SLMMbased RPM generation technique. Figs. 1114 show the images decrypted with the wrong keys
PK 1_{x1} =PK 1_{x1}+10^{15},PK 1_{y1} =PK 1_{y1}+10^{15},PK 2_{x1} =PK 2_{x1}+10^{15}, andPK 2_{y1} =PK 2_{y1}+10^{15} respectively. The corresponding MSEs are listed in Table 2. As illustrated in Figs. 1114, we cannot obtain any information visually from the decrypted images when the absolute values of the deviations of the encryption keysPK 1_{x1},PK 1_{y1},PK 2_{x1}, andPK 2_{y1} are up to 10^{15}. It can be seen from Table 2 that all of the MSEs of the decoded images in Figs. 1114 are greater than 2×10^{4}. Thus it can be concluded that the decrypted images cannot be recognized if the keys of the RPM generation system are changed even slightly. Experimental results convincingly demonstrate that illegal users cannot access the security system without the correct RPMs.The performance of security parameters
D 0,D 1,D 2,λ _{0}, andλ _{1} is further examined during decryption. Figure 15 displays the decrypted images, which are seriously degraded and almost unrecognizable, when an error of 3 nm exists for the wavelengthλ _{0}. Figure 16 shows the decrypted images that cannot be recognized when errors of 2 nm exist for the wavelengthλ _{1}. Figure 17 exhibits the retrieved images, which are almost unrecognizable, when an error of 1 mm exists for the distanceD 0. The behavior of the proposed security system is also sensitive to the distancesD 1 andD 2: Figs. 18 and 19 show the recovered images which are decoded with deviations of 0.02 mm and 0.1 mm inD 1 andD 2 respectively. As can be seen from Figs. 1819, the retrieval images cannot be recognized correctly whenD 1 orD 2 departs even slightly from the correct value. Almost all of the MSE values of the decrypted images shown in Figs. 1519 are greater than 10^{4}. Therefore, from the simulation results we can see that the five encryption keys above can increase the security of the proposed system.Please note that in the aforementioned experiments, the other keys remain correct while a key is changed (except for the experiment carried out with all correct keys).
Next, we evaluate the key space of the proposed asymmetric encryption method. In term of the description of the proposed scheme, we know that the key space of the cryptosystem consists of the encryption keys
D 0,D 1,D 2,λ _{0},λ _{1},PK 1_{x1},PK 1_{y1},PK 2_{x1}, andPK 2_{y1}, and the decryption keysPR _{x1},PR _{y1},SPh 1, andSPh 2. The key spaces of the security keysD 0,D 1,D 2,λ _{0},λ _{1},PK 1_{x1},PK 1_{y1},PK 2_{x1}, andPK 2_{y1}, which are denoted byZ _{1},Z _{2},Z _{3},Z _{4},Z _{5},Z _{6},Z _{7},Z _{8}, andZ _{9} respectively, are analyzed as follows: Since different wavelengths and diffraction distances can be used to encode and decode the plaintexts, we suppose that the distances are in the range of 10 to 110 mm, and the wavelengths from 400 to 750 nm, in the experiments. Considering that the sensitivities toD 0,D 1,D 2, λ_{0}, andλ _{1} are 1 mm, 0.02 mm, 0.1 mm, 3 nm, and 2 nm respectively, the three distances can be varied with steps of 1 mm, 0.01 mm and 0.1 mm in the range from 10 to 110 mm, and the two wavelengths can be varied with steps of 1 nm in the range from 400 to 750 nm; soZ _{1}×Z _{2}×Z _{3}×Z _{4}×Z _{5} = (100/1) ×(100/0.01) ×(100/0.1) ×(350/1) ×(350/1) ≈ 1.2×10^{14}. From Figs. 1114, the parametersPK 1_{x1},PK 1_{y1},PK 2_{x1}, andPK 2_{y1} maintain 15, 15, 15, and 15 digits after the decimal point respectively; thusZ _{6}×Z _{7}×Z _{8} ×Z _{9} = 10^{60}. For the decryption keys, the key spaces ofPR _{x1},PR _{y1},SPh 1 andSPh 2, denoted byZ _{10},Z _{11},Z _{12}, andZ _{13} respectively, should also be analyzed. From Figs. 7 and 8, the parametersPR _{x1} andPR _{y1} maintain 15 and 15 digits after the decimal point respectively; thusZ _{10}×Z _{11} = 10^{30}. Considering that the sensitivities toSPh 1 andSPh 2 both are 512×512×10^{13} ≈ 2.6×10^{8}, these two decryption keys can be varied with steps of 10^{8} in the range [0, 512×512×2π ], which results inZ _{12}×Z _{13}=(512×512×2π /10^{8})^{2} ≈ 2.7×10^{28}. Hence, the entire key space of the cryptosystem isZ _{1}×Z _{2}×Z _{3}×Z _{4}×Z _{5}×Z _{6}×Z _{7}×Z _{8}×Z _{9}×Z _{10}×Z _{11}×Z _{12}×Z _{13} = 1.2×10^{14} ×10^{60}×10^{30}×2.7×10^{28} ≈ 3×10^{132} ≈ 2^{440}. As reported in [36], to obtain a high level of security, key space should at least be larger than 2^{100}. It is obvious that the key space of the proposed cryptosystem is far greater than 2^{100}, and huge enough to resist a bruteforce attack.6.2. Robustness of the Proposed Cryptosystem Against Attacks
Information loss or noise contamination may occur during data transmission. Now, the robustness of this method against occlusion attack, which is viewed as data loss, is tested. Figure 20(a) shows the ciphertext occluded by 25%. The retrieved images acquired by employing all correct keys are illustrated in Figs. 20 (b)(i). All of the decrypted images can be distinguished, and their corresponding MSEs are 2.95×10^{3}, 1.98×10^{3}, 1.93×10^{3}, 1.76×10^{3}, 1.74×10^{3}, 1.7×10^{3}, 1.82×10^{3}, and 2.13×10^{3}. It is well known that Gaussian noise [37] and saltandpepper noise [37] appear frequently during transmission. The robustness of the cryptosystem against noise attacks is further probed. Figure 21(a) is the ciphertext polluted by Gaussian noise with mean value 0 and standard deviation 25. Figures 21(b)(i) are the recovered images, and their corresponding MSEs are 3.77×10^{4}, 1.38×10^{4}, 1.27×10^{4}, 8.19×10^{3}, 7.65×10^{3}, 6.35×10^{3}, 10^{4}, and 1.81×10^{4}. Figure 22(a) shows the ciphertext damaged by saltandpepper noise with density 0.05. Figures 22(b)(i) depict the retrieved images with corresponding MSEs of 3.74×10^{4}, 1.36×10^{4}, 1.26×10^{4}, 8.12×10^{3}, 7.59×10^{3}, 6.27×10
3 , 9.92×10^{3}, and 1.78×10^{4}. Although all the results displayed in Figs. 21(b)(i) and 22(b)(i) are interfered with seriously by noise, and the corresponding MSEs are large, the decrypted images can still be recognized among the noise.Four potential attacks, including cipher only attack, known plaintext attack, chosen plaintext attack and chosen ciphertext attack [8], are usually utilized to attack an optical security system to retrieve ciphered images. If a cryptosystem can resist chosen plaintext attack, the most powerful one, then it can resist other attacks [38]. He
et al. stated that scrambling techniques can prevent the attacker from accessing the ciphertext acquired from the cryptosystem in such attacks [32]. For the proposed multipleimage encryption scheme, assuming an attacker knows all the encryption keys, includingD 0,D 1,D 2,λ _{0},λ _{1},PK 1_{x1},PK 1_{y1},PK 2_{x1}, andPK 2_{y1}, he can encrypt eight false plaintext images and deduce the decryption keysPR _{x1},PR _{y1},SPh 1, andSPh 2 by utilizing the chosen plaintext attack depicted in [10]. Subsequently, the attacker can crack the original ciphertext with the achieved decryption keys and the encryption keys. In the experiment, the private keysPR _{x1},PR _{y1},SPh 1, andSPh 2 are generated by choosing the eight images shown in Fig. 23 as the false plaintext images, and then employed to decrypt the ciphertext shown in Fig. 6(a). Figure 24 shows the decoded images, from which no valuable information can be acquired, though the content of the eight false images can be seen faintly. The corresponding MSEs are 2.26×10^{4}, 1.31×10^{4}, 1.42×10^{4}, 1.35×10^{4}, 1.2×10^{4}, 1.05×10^{4}, 9.8×10^{3}, and 1.68×10^{4}. Due to the linearity of the system, the DRPEbased encryption technique is vulnerable to chosen plaintext attacks [8, 9]. From the experimental results, the nonlinearity of the proposed cryptosystem is strengthened. As stated in [38], the proposed encryption approach can also resist the other aforementioned attacks.Ding
et al. reported a known public key attack on an asymmetric optical image cryptosystem [13], in which an illegal user can deduce the decryption keys by encrypting a false realvalue plaintext image whose amplitudes are 1, if he knows all public (encryption) keys; then he can use the obtained decryption keys to decrypt the original ciphertext. To test the robustness of this scheme against known public key attack, eight realvalue images whose amplitudes are 1 are used as false plaintext images to obtain the decryption keys. Subsequently, the original ciphertext shown in Fig. 6(a) is decrypted using the obtained decryption keys. Figure 25 displays the images retrieved using the decryption keys obtained from the known public key attack. As illustrated in Fig. 25, no information can be gained from the noiselike decoded images. The corresponding MSEs are 1.66×10^{4}, 1.65×10^{4}, 1.66×10^{4}, 1.66×10^{4}, 1.65×10^{4}, 1.65×10^{4}, 1.66×10^{4}, and 1.66×10^{4}. Therefore, the proposed asymmetric cryptosystem can resist the known public key attack effectively.6.3. Complexity Analysis
The computational complexity of the proposed encryption method is estimated, since the encrypted results were obtained by computer from numerical simulation. The estimation depends on three main factors: First, to process eight images holistically in a vectorial manner, the OFST is computed one time. In light of the calculation method developed in subsection 3.2, the OFST can be implemented by computing the FST eight times. For an image of size
M ×N , the cost to calculate the FST isO (2MN +MN log_{2}MN ) [39]. Hence, if the computations of additions are omitted, the complexity of the OFST calculation isO (8MN log_{2}MN + 16MN ). The second factor is the complexity of the virtual optical encryption process, in which three RPMs are generated by the SBRPMG method first, then the input information is modulated three times using the RPMs, and transformed two times by employing the FST. In addition, the phase truncation and amplitude truncation are performed two times respectively. For a matrix of sizeM ×N , the complexities of RPM generation, modulation operation, FST operation, PT operation, and AT operation areO (6MN ),O (MN ),O (2MN ) +O (MN log_{2}MN ) ,O (MN ) andO (MN ) respectively. Since the size of the complex amplitude is 2M ×2N , the computational cost of this procedure isO (3(6(4MN )) + 3(4MN ) + 2(2(4MN ) + 4MN log_{2} 4MN ) + 2(4MN ) + 2(4MN )) =O (8MN log_{2}MN + 132MN ). The last factor represents the three permutations due to the proposed SLMMbased scrambling method. In each permutation, the 2D SLMM operation, 1D sequence construction, the quicksort algorithm, and the loop procedure for scrambling the elements of the matrix are performed one time each. For a matrix of sizeM ×N , the corresponding complexities of these four operations areO (2MN ),O (MN ),O (MN log_{2}MN ), andO (4MN ). Because the size of each of the three matrices to be scrambled is 2M ×2N , the complexity of the permutation procedure isO (3(2(4MN )) + 4MN + 4MN log_{2} 4MN + 4(4MN ) =O (12MN log_{2}MN + 108MN ). Thus the total computational complexity of the proposed cryptosystem isO (28MN log_{2}MN + 256MN ).VII. CONCLUSION
In this paper, first a new definition of octonion Fresnel transform and its implementation are presented. Then, a novel asymmetric multipleimage encryption method based on nonlinear amplitude truncation and phase truncation in the Fresnel domain is proposed, in which the OFST combined with the designed SLMMbased pixel scrambling technique is used to encrypt multiple images. By utilizing OFST, as many as eight images can be processed holistically in a vectorial manner, the result being that the complexity of the cryptosystem can be reduced effectively, without losing security. The original images fail to be retrieved unless all of the correct keys, ifor both encryption and decryption, are provided. Simulation results and analyses verify that the proposed cryptosystem features extreme sensitivity to the precise values of the keys, a vast key space to resist bruteforce attack, and a high robustness against occlusion, Gaussian noise, saltandpepper noise, chosen plaintext attack, and known public key attack. In addition, compared to traditional encryption methods in which entire RPMs must be sent to the receiver side for decryption, the proposed scheme has the advantage that only the seed values of the SLMM function are needed to generate the RPMs for decrypting the ciphertext. Thus there is no need to send the whole RPMs to the receiver side for decryption.

[]

[]

[TABLE 1.] Octonion multiplication table

[]

[]

[]

[]

[]

[]

[FIG. 1.] A schematic optical experimental arrangement for asymmetric cryptography in the Fresnel domain [15].

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]

[]

[FIG. 2.] Optoelectronic system for the proposed multipleimage encryption method.

[]

[]

[]

[]

[]

[]

[]

[]

[FIG. 3.] Flowchart for the multipleimage encryption process.

[]

[]

[]

[]

[]

[]

[]

[]

[]

[FIG. 4.] Flowchart for the decryption process.

[FIG. 5.] Plaintext images: (a) Girl; (b) Couple; (c) Butterfly; (d) Crowd; (e) Truck; (f) Lake; (g) Goldhill; (h) Boat.

[]

[FIG. 6.] Results of the proposed image encryption: (a) the ciphertext, (b) decrypted “Girl”, (c) decrypted “Couple”, (d) decrypted “Butterfly”, (e) decrypted “Crowd”, (f) decrypted “Truck”, (g) decrypted “Lake”, (h) decrypted “Goldhill”, and (i) decrypted “Boat”.

[TABLE 2.] MSEs of the eight images decrypted using correct and incorrect keys

[FIG. 7.] The decrypted images with PRx1 = PRx1+1015: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 8.] The decrypted images with PRy1 = PRy1+1015: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 9.] The decrypted images with SPh1 = SPh1+1013: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 10.] The decrypted images with SPh2 = SPh2+1013: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 11.] The decrypted images with PK1x1 = PK1x1+1015: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 12.] The decrypted images with PK1y1 = PK1y1+1015: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 13.] The decrypted images with PK2x1 = PK2x1+1015: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 14.] The decrypted images with PK2y1 = PK2y1+1015: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 15.] The decrypted images with λ0 = λ0+3 nm: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 16.] The decrypted images with λ1 = λ1+2 nm: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 17.] The decrypted images with D0 = D0+1 mm: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 18.] The decrypted images with D1 = D1+0.02 mm: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 19.] The decrypted images with D2 = D2+0.1 mm: (a) Girl, (b) Couple, (c) Butterfly, (d) Crowd, (e) Truck, (f) Lake, (g) Goldhill, and (h) Boat.

[FIG. 20.] Robustness against occlusion.: (a) the ciphertext with 25% occlusion, (b) decrypted “Girl”, (c) decrypted “Couple”, (d) decrypted “Butterfly”, (e) decrypted “Crowd”, (f) decrypted “Truck”, (g) decrypted “Lake”, (h) decrypted “Goldhill”, and (i) decrypted “Boat”.

[FIG. 21.] Robustness against Gaussian noise: (a) the distorted ciphertext after applying Gaussian noise with mean value 0 and standard deviation 25, (b) decrypted “Girl”, (c) decrypted “Couple”, (d) decrypted “Butterfly”, (e) decrypted “Crowd”, (f) decrypted “Truck”, (g) decrypted “Lake”, (h) decrypted “Goldhill”, and (i) decrypted “Boat”.

[FIG. 22.] Robustness against saltandpepper noise: (a) the distorted ciphertext after adding saltandpepper noise with density 0.05, (b) decrypted “Girl”, (c) decrypted “Couple”, (d) decrypted “Butterfly”, (e) decrypted “Crowd”, (f) decrypted “Truck”, (g) decrypted “Lake”, (h) decrypted “Goldhill”, and (i) decrypted “Boat”.

[FIG. 23.] Eight false images used for chosen plaintext attack: (a) “Lena”, (b) “Airport”, (c) “Fish”, (d) “Plane” (e) “Car”, (f) “Waterfall”, (g) “House”, and (h) “Portofino”.

[FIG. 24.] The images decrypted using the keys generated after chosen plaintext attack: (a) decrypted “Girl”, (b) decrypted “Couple”, (c) decrypted “Butterfly”, (d) decrypted “Crowd”, (e) decrypted “Truck”, (f) decrypted “Lake”, (g) decrypted “Goldhill”, and (h) decrypted “Boat”.

[FIG. 25.] The images decrypted using the keys generated after known public key attack: (a) decrypted “Girl”, (b) decrypted “Couple”, (c) decrypted “Butterfly”, (d) decrypted “Crowd”, (e) decrypted “Truck”, (f) decrypted “Lake”, (g) decrypted “Goldhill”, and (h) decrypted “Boat”.