1 Introduction

Optical encryption techniques [1,2,3,4,5,6,7,8,9,10,11] have attracted increasing attention recently for image security due to the excellent characteristics in terms of parallel processing and multiple parameters. The most attractive technique of double-random phase encoding (DRPE) was firstly realized in the Fourier transform domain [12]. Afterwards, many techniques have been attempted to develop DRPE to other different transform domains [13,14,15,16,17], involving the gyrator transform domain, Fresnel transform domain, fractional Fourier transform domain, and so on. In the meantime, other optical encryption techniques [18,19,20,21,22,23,24,25,26,27,28,29,30], which make use of digital holography, compressive sensing, iterative phase retrieval, photon counting, polarized light, and optical interference, have also been devised to strengthen the information security.

The phase-truncated Fourier transform (PTFT) technique initiated by Qin and Peng [31] has opened a new encryption way. Subsequently, other encryption techniques based on phase truncation were also emerged in the Fresnel transform domain or the fractional Fourier transform domain [32,33,34,35]. Wang et al. [36] studied the risk of information disclosure in the PTFT-based cryptosystem. This study revealed that most original information could be divulged when one of two private keys is released. It is highly probable that a risk of unintended information leakage exists in the above-mentioned cryptosystems [32,33,34,35]. To prevent the information leakage, new encryption techniques based on phase truncation were reported. For instance, Wang et al. [37] employed a cascading manner to realize color image encryption. Wu et al. [38] constructed a scalable asymmetric image encryption method based on phase-truncation in cylindrical diffraction domain. In addition, the traditional PTFT technique is an asymmetric cryptosystem and destroys the linearity characteristics of DRPE. However, it can be cracked by using a specific attack [39], which is founded on an amplitude-phase retrieval method. Recently, other new techniques are developed for the increased security of optical image cryptosystems. For instance, Cai et al. [40] utilized coherent superposition and equal modulus decomposition (EMD) to eliminate the silhouette problem. However, the disadvantage of EMD concentrates on the same modulus of two masks. Random modulus decomposition (RMD) [41] can be regarded as unequal modulus decomposition [42], which means two masks with random moduli. Chaotic pixel scrambling (CPS) [9] stems from a pixel exchange mechanism. An asymmetric encryption and authentication technique [11] via EMD and sparse sampling was reported in the Fresnel domain. However, its output masks were complex valued causing inconvenient for display, storage, and transmission. Therefore, despite the significant progress, attaining high security continues to be a major challenge for optical image encryption using phase truncation.

To simultaneously eliminate the issues of linearity system, complex-valued output, and information leakage, we propose a novel crosstalk-free method in the Fresnel domain via phase truncation into optical double-image cryptosystem. The proposed method has one ciphertext and three private keys and can dismiss the vulnerability against the special attack. In addition, the illuminating wavelength, the two diffraction distances, and the three parameters of CPS provide additional keys to realize security enhancement. The numerical simulation results demonstrate the reliability and validity of the proposed method.

2 Principle of the method

In the proposed cryptosystem, assume the two original images \(I_{1} (x,y)\) and \(I_{2} (x,y)\) to be encrypted, the following steps are implemented for double-image encryption:

  1. (1)

    A complex value function \(f(x,y)\) is constructed by \(I_{1} (x,y)\) and \(I_{2} (x,y)\) given by Eq. (1):

    $$f\left( {x,y} \right){ = }I_{1} (x,y){ + }iI_{2} (x,y)$$
    (1)
  2. (2)

    An operation of chaotic pixel scrambling (CPS) is utilized to the function \(f(x,y)\) for enhancing the security of the system:

    $$fSC\left( {x,y} \right) = CPS_{{\left\{ {a_{0} ,k,p} \right\}}} \left[ {f\left( {x,y} \right)} \right]$$
    (2)

where \(a_{0}\) denotes the initial value in the interval [0, 1], k represents the map coefficient in the interval [3.57,4], p is the truncated position. The CPS parameters \(a_{0}\), k, and p are regarded as the additional keys (Fig. 1).

Fig. 1
figure 1

Principle of RMD

Full size image
  1. (3)

    The function \(fSC(x,y)\) is separated into two complex-valued masks \(P_{1} (x,y)\) and \(P_{2} (x,y)\) with unequal moduli, as shown in. With the geometrical relationship and the random distributions of \(\theta (x,y)\) and \(\beta (x,y)\), \(P_{1} (x,y)\) and \(P_{2} (x,y)\) can be mathematically illustrated as

    $$\arg \left[ {P_{1} (x,y)} \right] = \theta (x,y) = 2\pi R_{1} (x,y)$$
    (3)
    $$\beta (x,y) = 2\pi R_{2} (x,y)$$
    (4)
    $$P_{1} (x,y) = \frac{A(x,y)\sin \beta (x,y)}{{\sin \left( {\varphi (x,y) - \theta (x,y) + \beta (x,y)} \right)}}\exp \left[ {i\theta (x,y)} \right]$$
    (5)
    $$P_{2} (x,y) = \frac{{A(x,y)\sin \left( {\varphi (x,y) - \theta (x,y)} \right)}}{{\sin \left( {\varphi (x,y) - \theta (x,y) + \beta (x,y)} \right)}}\exp \left[ {i(\varphi (x,y) + \beta (x,y))} \right]$$
    (6)

    where \(R_{1} (x,y)\) and \(R_{2} (x,y)\) are both the random functions with uniform distribution in a range of [0, 1], \(A(x,y)\) is the amplitude part of \(fSC(x,y)\) and equal to \(\left| {fSC(x,y)} \right|\), “\(\left| \cdot \right|\)” is the modulus operator, \(\varphi (x,y)\) is the phase part of \(fSC(x,y)\) and equal to \(\arg \left[ {fSC(x,y)} \right]\), “\(\arg \left[ \cdot \right]\)” is the argument operator. \(\theta (x,y)\) and \(\beta (x,y)\) act as the public keys. \(P_{2} (x,y)\) is regarded as the private key.

  2. (4)

    The complex-valued mask \(P_{1} (x,y)\) is Fresnel transformed, and then the phase truncation and the phase reservation are performed to generate \(g(u_{1} ,v_{1} )\) and \(P_{3} (u_{1} ,v_{1} )\), respectively:

    $$g(u_{1} ,v_{1} ) = PT\left\{ {F{\text{rT}}_{{\left( { - d{}_{1},\lambda } \right)}} \left[ {P_{1} (x,y)} \right]} \right\}$$
    (7)
    $$P_{3} (u_{1} ,v_{1} ) = PR\left\{ {F{\text{rT}}_{{\left( { - d_{1} ,\lambda } \right)}} \left[ {P_{1} (x,y)} \right]} \right\}$$
    (8)

    where \(PT\left\{ \cdot \right\}\) is the phase truncation operator, \(PR\left\{ \cdot \right\}\) is the phase reservation operator, \(FrT_{{( - d_{1} ,\lambda )}} \left\{ \cdot \right\}\) is the operator of Fresnel transform with the diffraction distance –d1 and the wavelength λ. \(P_{3} (u_{1} ,v_{1} )\) is regarded as the private key.

  3. (5)

    The operation of Fresnel transform with the diffraction distance –d2 and the wavelength λ is carried out for the function \(g(u_{1} ,v_{1} )\) boned with the random distribution \(R_{3} (u_{1} ,v_{1} )\). Finally the ciphertext \(C(u_{2} ,v_{2} )\) and the private key \(P_{4} (u_{2} ,v_{2} )\) can be generated by conducting the \(PT\left\{ \cdot \right\}\) and \(PR\left\{ \cdot \right\}\):

    $$C(u_{2} ,v_{2} ) = PT\left\{ {F{\text{rT}}_{{\left( { - d_{2} ,\lambda } \right)}} \left[ {g(u_{1} ,v_{1} ) \cdot \exp \left[ {i2\pi R_{3} (u_{1} ,v_{1} )} \right]} \right]} \right\}$$
    (9)
    $$P_{4} (u_{2} ,v_{2} ) = PR\left\{ {F{\text{rT}}_{{\left( { - d_{2} ,\lambda } \right)}} \left[ {g(u_{1} ,v_{1} ) \cdot \exp \left[ {i2\pi R_{3} (u_{1} ,v_{1} )} \right]} \right]} \right\}$$
    (10)

    where \(R_{3} (u_{1} ,v_{1} )\) is a random distribution in the range of [0, 1]. A flowchart for illustrating the proposed nonlinear cryptosystem is depicted in Fig. 2. Figure 2a shows the encryption process and Fig. 2b illustrates the decryption process.

    Fig. 2
    figure 2

    Schematic diagram of the proposed a encryption process, b decryption process

    Full size image

In the decryption process, the retrieved complex value function \(f{\prime} (x,y)\) by the legal users is deduced as

$$f{\prime} (x,y) = ICPS_{{\left\{ {a_{0} ,k,p} \right\}}} \left[ {FrT_{{\left( {d_{1} ,\lambda } \right)}} \left[ {PT\left[ {FrT_{{\left( {d_{2} ,\lambda } \right)}} \left[ {C(u_{2} ,v_{2} ) \cdot \exp \left[ {iP_{4} (u_{2} ,v_{2} )} \right]} \right]} \right] \cdot \exp \left[ {iP_{3} (u_{1} ,v_{1} )} \right]} \right] + P_{2} (x,y)} \right]$$
(11)

where \(ICPS_{{\left\{ {a_{0} ,k,p} \right\}}} \left[ \cdot \right]\) is the operator of inverse chaotic pixel scrambling (ICPS). After separating the real and the imaginary components of \(f{\prime} (x,y)\), two original images can be visualized. Obviously, the recovered results of the proposed scheme are free from crosstalk noise. The schematic optical system for the decryption procedure is shown in Fig. 3. Spatial light modulators (SLM1 and SLM2) placed at designated places are employed for modulating phase information. The operation of ICPS can be digitally carried out in the computer. It should be noted that the impact of optical parameters need be considered while doing the optical experimental validation.

Fig. 3
figure 3

Schematic optical setup for decryption process

Full size image

3 Numerical results and performance analysis

To verify the feasibility and the advantages of the proposed method, numerical simulations are carried out. In the simulations, the laser wavelength λ is 633 nm, the two axial distances d1 and d2 are 50 mm and 90 mm respectively, and the three CPS parameters \(a_{0}\), k, p are set as \(a_{0} = 0.241\), \(k = 3.97\), and \(p = 11096\), respectively. To evaluate the similarity between the original image \(I_{k} (x,y)\) (k = 1, 2) and the decrypted image \(I_{k}{\prime} (x,y)\), the correlation coefficient (CC) is expressed as

$$CC = \frac{{E\left\{ {\left[ {I_{k} (x,y) - E\left[ {I_{k} (x,y)} \right]} \right]} \right\}\left\{ {\left[ {I_{k}{\prime} (x,y) - E\left[ {I_{k}{\prime} (x,y)} \right]} \right]} \right\}}}{{E\sqrt {\left\{ {\left[ {I_{k} (x,y) - E\left[ {I_{k} (x,y)} \right]} \right]^{2} } \right\}} \sqrt {\left\{ {\left[ {I_{k}{\prime} (x,y) - E\left[ {I_{k}{\prime} (x,y)} \right]} \right]^{2} } \right\}} }}$$
(12)

Two original images with a size of 256 × 256 pixels as shown in Fig. 4a,b are utilized as the two plaintexts. After the CPS operation, two public keys \(\theta (x,y)\) (Fig. 4c) and \(\beta (x,y)\) (Fig. 4d) are utilized in the RMD to generate two complex-valued matrices \(P_{1} (x,y)\) (Fig. 4e) and \(P_{2} (x,y)\) (Fig. 4f). Then \(P_{1} (x,y)\) and \(R_{3} (u_{1} ,v_{1} )\) (Fig. 4h) are utilized to perform phase truncation in the Fresnel domain for producing the two phase masks \(P_{3} (u_{1} ,v_{1} )\) (Fig. 4g) and \(P_{4} (u_{2} ,v_{2} )\) (Fig. 4i), and the amplitude mask \(C(u_{2} ,v_{2} )\) (Fig. 4j). The recovered images as shown in Fig. 4k, l are attained for all the correct security keys and ciphertexts for decryption. The CC values between Fig. 4a, k are 1.0000. The CC values between Fig. 4b, l are 1.0000. These results illustrate that each of the two decrypted images \(I_{1}{\prime} (x,y)\) and \(I_{2}{\prime} (x,y)\) is exactly equal to its corresponding original image. It is shown that all information of the two original images has been retrieved without crosstalk noise.

Fig. 4
figure 4

Encryption and decryption results of the proposed cryptosystem: a and b two images to be encrypted, c the public key θ(x, y), d the public key β(x, y), e the mask P1(x, y), f the private key P2(x, y), g the private key P3(u1, v1), h the public key R3(u1, v1), i the private key P4(u2, v2), j the ciphertext C(u2, v2), k and l the two decrypted images with all correct private keys

Full size image

To demonstrate the information-leakage-free of the proposed method, Fig. 5a–h illustrate the decrypted images when one of P2, P3, P4, and C is released. The CC values are 0.0066, 0.0011, − 0.0024, − 0.0075, 0.0053, − 0.0012, − 0.0026, − 0.0011, respectively. Figure 6a–l show the decrypted images retrieved by two of these masks. The CC values are 0.0017, − 0.0013, 0.0071, 0.0062, 0.0015, 0.0076, 0.0064, − 0.0022, 0.0039, 0.0025, − 0.0024, 0.0029, respectively. Figure 7a–h show the decrypted images produced when utilizing three of these masks. The CC values are 0.0048, 0.0061, 0.0042, 0.0068, 0.0042, 0.0029, 0.0076, 0.0021, respectively. It can be seen from Figs. 5, 6, 7 that none of all the decrypted images has information concerning the two plaintexts and their silhouettes. Hence, it is revealed that information leakage issues have been eliminated thoroughly in the proposed method.

Fig. 5
figure 5

The decrypted images with a and b P2, c and d P3, e and f P4, g and h C (the ciphertext)

Full size image
Fig. 6
figure 6

The decrypted images with a and b P2 and P3, c and d P2 and P4, e and f P2 and C (the ciphertext), g and h P3 and P4, i and j P3 and C (the ciphertext), k and l P4 and C (the ciphertext)

Full size image
Fig. 7
figure 7

The decrypted images with a and b P2, P3, and P4, c and d P2, P3, and C (the ciphertext), e and f P3, P4, and C (the ciphertext), g and h P2, P4 and C (the ciphertext)

Full size image

We have further evaluated whether the proposed method is sensitive to the additional keys, i.e., the illuminating wavelength λ, the two diffraction distances d1 and d2, the three CPS parameters \(a_{0}\), k, p. Figures 8, 9, 10, 11, 12, 13 show the sensitive results of those keys. These results invariably reveal that information discrimination for the two plaintexts is prohibited in the case that any one of the above-mentioned keys has a minor error. Therefore, the proposed method has six sensitive additional keys, which can strengthen the security of the proposed method.

Fig. 8
figure 8

a and b The decrypted two images with λ = 632 nm (i.e. Δλ = 1 nm), c relation curves between the CC value and the illuminating wavelength λ

Full size image
Fig. 9
figure 9

a and b The decrypted two images with d1 = 49 mm (i.e. Δd1 = 1 mm), c relation curves between the CC value and the diffraction distance d1

Full size image
Fig. 10
figure 10

a and b The decrypted two images with d2 = 89 mm (i.e. Δd2 = 1 mm), c relation curves between the CC value and the diffraction distance d2

Full size image
Fig. 11
figure 11

a and b The decrypted two images with a0 = 0.24 (i.e. Δa0 = 0.001), c relation curves between the CC value and the initial value a0 of CPS

Full size image
Fig. 12
figure 12

a and b The decrypted two images with k = 3.96 (i.e. Δk = 0.01), c relation curves between the CC value and the map coefficient k of CPS

Full size image
Fig. 13
figure 13

a and b The decrypted two images with p = 11,095 (i.e. Δp = 1), c relation curves between the CC value and the truncated position p of CPS

Full size image

To further assess the robustness of the proposed method against noise attacks, Fig. 14 demonstrates the decrypted images with white additive Gaussian noise, which has a mean of 0 and \(\sigma = 0.1\) (Fig. 14a, b), \(\sigma = 0.2\) (Fig. 14c, d), \(\sigma = 0.3\) (Fig. 14e, f), \(\sigma = 0.4\) (Fig. 14g, h). In addition, the CC values are 0.9532, 0.9659, 0.8453, 0.8819, 0.7235, 0.7767, 0.6210, 0.6835, respectively. From these results, it is shown that the proposed method has the resistance capability for noise attacks.

Fig. 14
figure 14

Decrypted images with zero-mean white additive Gaussian noise with a and b \(\sigma = 0.1\), c and d \(\sigma = 0.2\), e and f \(\sigma = 0.3\), g and h \(\sigma = 0.4\)

Full size image

In addition, we have also evaluated the validity of the proposed method against known-plaintext attack (KPA). In KPA, assume that the attackers can access the known plaintext-ciphertext pairs as well as the encryption scheme. In the simulation, Fig. 4a, b and Fig. 4j are utilized as a pair of the two known plaintexts and their corresponding ciphertext. The proposed method is employed to encrypt two images in Fig. 4a, b, private keys in Fig. 4f, g and i are generated. Two images with size 256 × 256 retrieved are shown in Fig. 15a, b. The corresponding ciphertext produced by the proposed method is shown in Fig. 15c. Using the private keys (Fig. 4f, g and i) and all correct parameters, the two retrieved images are shown in Fig. 15d, e. From these results (Fig. 15), it is shown that no information of the two original images can be visible. Thus, the proposed method is free from the KPA.

Fig. 15
figure 15

KPA on the proposed scheme: a and b the two original images to be retrieved, c the ciphertext of a and b, d and e the two retrieved images using private keys in Fig. 4f, g, i and all correct parameters

Full size image

We have also validated the statistical property of the proposed method; histogram comparison results are illustrated in Fig. 16. It is noteworthy that there is a significant difference among Fig. 16a−c, as well as among Fig. 16d−f. Besides, the histograms (Fig. 16c, f) have similar distributions. As a result, any useful information cannot be accessed by the attackers in accordance with the statistical property.

Fig. 16
figure 16

Histogram comparison results: (a) and (b) the histograms of Fig. 4a and b, c the histogram of Fig. 4j, d and e the histograms of Fig. 15a and b, f the histogram of Fig. 15c

Full size image

Finally, to demonstrate the effectiveness of the proposed method against a potential specific attack (PSA), a simulation is carried out. In a ciphertext-only attack, assume that the attackers can access the given ciphertext as well as the encryption scheme. In the simulation, Fig. 17 illustrates a flowchart of the PSA. The three public keys \(\theta (x,y)\), \(\beta (x,y)\), \(R_{3} (u_{1} ,v_{1} )\) and the ciphertext \(C(u_{2} ,v_{2} )\) are employed as four constraints. Figure 15c is utilized as the given ciphertext in the PSA. Figure 18a−c show the results using the PSA. Figures 18d−f show the results using the specific attack [39]. From Fig. 18a, it is shown that the two curves are non-convergent and unstable. From Fig. 18b, c, we cannot see any information of the two original images (Fig. 15a, b). Thus, it is revealed that the proposed method can effectively resist the PSA.

Fig. 17
figure 17

A flowchart of a PSA

Full size image
Fig. 18
figure 18

Attack comparison results: CC value versus number of iterations using a the PSA, and d the specific attack [39], respectviely; the recovered images after 300 iterations using b and c the PSA, and e and f the specific attack [39], respectviely

Full size image

4 Concluding remarks

In summary, an optical double-image cryptosystem using phase truncation in the Fresnel domain is developed. The proposed method utilizes three public keys to generate one ciphertext and three private keys. The method is novel and attains the decrypted images free from the crosstalk noise. Comparing to the existing schemes via phase truncation, the proposed method can completely alleviate the information leakage, and efficiently resist the specific attack. Meanwhile, six parameters (λ, d1, d2, \(a_{0}\), k, p) act as additional keys for strengthening security significantly. Numerical simulations are carried out to validate the performance of the proposed method which provides a new solution for optical image cryptosystem by using phase truncation.