1 Introduction

With the rapid advancement in science and technology, communication has become very easy and fast. Now-a-days lots of data/information are generated over Internet, multimedia, and other social media platforms. Different types of documents and identity cards such as credit card, debit card, driving license, etc. are in heavy demand. Due to the rapid increase in such types of data, information fraud is also increasing in every sector. In modern technology, cryptography is used as a countermeasure to protect any confidential information. In case of large amounts of data, digital cryptography requires high computational cost and takes longer time due to intrinsic one-dimensional and serial processing characteristics. Optical cryptosystems are being used for image security due to their ultra-fast speed and parallel processing [1,2,3]. Also, optical systems have inherent characteristics which provide extra degrees of freedom such as amplitude, phase, polarization, spatial frequency, wavelength, orbital angular momentum. In optical information processing, various approaches have been reported in past decades [3].

The double random phase encoding (DRPE) technique was reported by Refregier and Javidi, which opened new aspects in optical cryptography [1, 2]. The DRPE framework has been extended in various transform domains such as Fourier transform (FT), fractional Fourier transform (FRT), Fresnel transform, Gyrator transform, wavelet transform, etc. [3]. These transforms are used in image/data security because they provide extra parameters which enlarge the key space and hence enhance the level of security [2,3,4]. Therefore, under the basic DRPE framework, various encryption techniques have been developed such as optical image encryption using phase-shifting interferometry, chaotic phase mask, chaotic structured phase mask, polarized light, DNA encoding, fingerprint phase masks, Arnold transform etc. [3,4,5,6,7,8,9,10,11,12]. Since the DRPE technique requires conjugate phase mask of encryption key during decryption process and physically it is difficult to record the conjugate phase, therefore, joint transform correlator (JTC) based encryption schemes have been developed [13].

The DRPE schemes fall under the category of symmetric key cryptosystems which suffer from key distribution and management. Due to linearity in such cryptosystems, they have been proved vulnerable to attacks such as chosen-ciphertext attack and chosen-plaintext attack [3]. In 2010, optical asymmetric encryption based on phase-truncated FT was reported by Qin and Peng, which breaks the linearity in DRPE scheme [14, 15]. However, this technique is vulnerable to specific attacks [16]. They have been extended in combination with other schemes such as optical asymmetric encryption using gyrator wavelet transform, photon counting, and Fresnel domain encoding [3, 17]. Besides phase truncation approach, other asymmetric cryptosystems [18, 19] have been reported in literature such as equal modulus decomposition (EMD) based image encryption, RSA and elliptic curve cryptography-based image encryption, digital holography-based encryption, interference based encryption etc. [20,21,22,23,24,25,26,27,28,29,30].The EMD-based scheme was proposed to resist the specific attack. Authentication has been combined with image encryption, which does not require visual verification of retrieved image [31, 32]. Further, partially coherent sources have been used in image encryption to minimize the noise arising due to coherent sources and misalignment [33]. Several encryption schemes employing partially coherent illumination have been reported in literature such as, enhanced exclusive-OR and quick response (QR) code-based, multi key channel encryption etc. [34, 35].

In recent years, vector beams have gained much attention of researchers because of their inherent properties. Vector beam is a type of beam which shows different polarization state at different local position of detector plane. Optical fields with spatially inhomogeneous polarization distributions are referred to as arbitrary vector light. They can be realized through the superposition of two homogeneously polarized lights with orthogonal circular basis. Different types of approach have been applied to generate the vector beam, which include interferometry and non-interferometry methods [36, 37]. Kumar et al. proposed the idea of image encryption using vector light fields and arbitrary vector beam encoding [38, 39]. The use of vector light field in the encryption provides high level of security and requires comparatively less complicated optical set-up. Besides the vector beam, optical vortices have also gained much attention of researchers. These are created because of helical wavefront of light, which show phase singularity at the center and contain orbital angular momentum (OAM). Therefore, these are also called as OAM beams [40]. The light beams associated with OAM have more orthogonal modes than polarization. Because of this property, OAM beams are used for high-dimensional data encoding and processing such as controllable optical vortex array for image encoding, structured phase encoding for image encryption, etc. [41, 42].

In the proposed scheme, we present an idea of multi-image encryption in optical asymmetric cryptosystem architecture that uses arbitrary vector light field with compact optical set-up. The use of arbitrary vector light field for image encryption provides intensity-based measurement which can be done by recording the Stokes parameters. Use of FRT domain encoding introduces additional keys.

The rest of the paper is organized as follows; In Sect. 2 and its subsections theoretical analysis of encryption and decryption process of proposed scheme has been described. Experimental arrangement, experimental results and simulation results have been described in Sect. 3. Section 4 describes the attack analysis. Conclusion has been given in Sect. 5.

2 Theoretical analysis

In this scheme, grayscale intensity images are used as plaintexts. Let I1(x,y), I2(x,y), I3(x,y),……,In(x,y) denote the plaintexts, where x and y are the coordinates in the transverse plane. Each image is transformed into log-polar coordinate to make it rotation and scale invariant. Image In(x,y) can be transformed from Cartesian coordinates to log-polar coordinate g(ρ,θ) as,

$$g_{n} \left( {\rho ,\theta } \right) = LPT\left\{ {I_{n} \left( {x,y} \right)} \right\}$$
(1)

where LPT stands for log-polar transform. It is defined as [43, 44],

$$\rho = \log \sqrt {\left( {x - x_{0} } \right)^{2} + \left( {y - y_{0} } \right)^{2} }$$
$$\theta = \tan^{ - 1} \left( {\frac{{y - y_{0} }}{{x - x_{0} }}} \right)$$
(2)

Here, (x0,y0) and (x,y) denote the central and sampling pixels of image In(x,y).

2.1 Encryption

Pair of two-two images are made such as (I1,I2), (I3,I4),…, and each pair is converted into complex form z = re. Here, r and ϕ are calculated as,

$$r_{i} (i = 1,2,3,...n) = \sqrt {I_{n}^{2} + I_{n + 1}^{2} }$$
(3)
$$\varphi_{i} (i = 1,2,3,...,n) = \tan^{ - 1} \left( {\frac{{I_{n + 1} }}{{I_{n} }}} \right)$$
(4)

Here, ϕi is phase encoded and stored as first decryption key k1. Now, two unclonable phase masks \(pm_{1} = \exp \left[ {i2\pi \arg \left\{ {\Im \left( {SP_{1} } \right)} \right\}} \right]\) and \(pm_{2} = \exp \left[ {i2\pi \arg \left\{ {\Im \left( {SP_{2} } \right)} \right\}} \right]\) are numerically generated using an array of structured phases, which are nothing but hybrid form of structured phase.\(\Im\) and arg represent the Fourier transform operation and its phase, respectively. SP1 and SP2 are the two arrays of structured phases, defined as,

$$SP_{i} (i = 1,2) = \left[ {\begin{array}{*{20}c} {\Omega_{{l_{11} }} } & {\Omega_{{l_{12} }} } & {\Omega_{{l_{13} }} } & {..} & {\Omega_{{l_{1n} }} } \\ {\Omega_{{l_{21} }} } & {\Omega_{{l_{22} }} } & {\Omega_{{l_{23} }} } & {..} & {\Omega_{{l_{2n} }} } \\ {\Omega_{{l_{31} }} } & {\Omega_{{l_{32} }} } & {\Omega_{{l_{33} }} } & {..} & {\Omega_{{l_{3n} }} } \\ : & : & : & : & : \\ {\Omega_{{l_{m1} }} } & {\Omega_{{l_{m2} }} } & {\Omega_{{l_{m3} }} } & {..} & {\Omega_{{l_{mn} }} } \\ \end{array} } \right]$$
(5)

where SPi (i = 1,2) represent the array of structure phase mask, which has been generated by phase Ω of Laguerre-Gaussian (LG) beam with different topological charges l. Now each ri is multiplied by first phase mask pm1. FRT of order α is carried out of this product function. The phase truncation (PT) and amplitude truncation (AT) operations are applied on the transformed image, which can be expressed as,

$$R_{i} \left( {u,v} \right) = \Im^{\alpha } \left\{ {r_{i} \, \times \,pm_{1} } \right\}\, = \,\left| {R_{i} \left( {u,v} \right)} \right|\,\exp \,\left\{ {i\phi } \right\}$$
(6)
$${\text{PT part}},P_{i} = \, \left| {R_{i} \left( {u,v} \right)} \right|$$
(7)
$${\text{AT part}},A_{{\text{i}}} = exp\left\{ {i.\varphi } \right\}$$
(8)

Ai is stored as second decryption key k2, while Pi is multiplied by second phase mask pm2 and inverse FRT of order β is carried out. PT and AT operations are again applied to the transformed image. They are expressed as,

$$E_{i} \left( {\rho ,\theta } \right)\, = \,\Im^{ - \beta } \left\{ {P_{i} \times pm_{2} } \right\}\, = \,\left| {E_{i} \left( {\rho ,\theta } \right)} \right|{\text{exp}}\left\{ {i\delta } \right\}$$
(9)
$${\text{PT part}},F_{i} = \, \left| {E_{i} \left( {\rho ,\theta } \right)} \right|$$
(10)
$${\text{AT part}},B_{{\text{i}}} = exp\left\{ {i.\delta } \right\}$$
(11)

Bi is stored as third decryption key k3 and phase value distribution (PVD) ωi for each Fi is calculated using modified Gerchberg-Saxton algorithm (MGSA). Their sum (ψ = ω1 + ω2 + ω3 + …) is phase-encoded as exp{i.ψ} and simultaneously decryption keys for each images are calculated as,

$$K_{di} = \psi_{{\text{i}}} - \omega_{{\text{i}}}$$
(12)

Here, Kdi is stored as fourth decryption key.

2.2 Encoding in vector light field

Phase-encoded information is displayed onto the liquid crystal spatial light modulator (SLM) and modulated into orthogonal polarization component of light using a quarter wave plate whose fast axis is at 450 with respect to the laboratory horizontal. This can be understood using Jones calculus as,

$$\left[ {\begin{array}{*{20}c} {E_{x} } \\ {E_{y} } \\ \end{array} } \right] = \frac{{e^{ - i\pi /4} }}{2}\left[ {\begin{array}{*{20}c} {1 + i} & {1 - i} \\ {1 - i} & {1 + i} \\ \end{array} } \right]\left[ {\begin{array}{*{20}c} {e^{i\psi } } \\ 1 \\ \end{array} } \right]$$
(13)

Intensity is recorded using linear polarizer whose transmission axis is at θ1 degree with laboratory horizontal. Recorded intensity can be expressed mathematically as,

$$I\left( {\theta_{1} } \right) = \left\langle {E_{x} E_{x}^{*} } \right\rangle \cos^{2} \theta_{1} + \left\langle {E_{y} E_{y}^{*} } \right\rangle \sin^{2} \theta_{1} + \left\{ {\left\langle {E_{x} E_{y}^{*} } \right\rangle + \left\langle {E_{x}^{*} E_{y} } \right\rangle } \right\}\sin \theta_{1} \cos \theta_{1}$$
(14)

Here,\(\left\langle {...} \right\rangle\) represents the time average of electric field. Stokes parameters S1 and S2 are calculated using the recorded intensities I(00), I(450), I(900), and I(1350), respectively, which are expressed as [38],

$$S_{{1}} = I\left( {0^{0} } \right) - I\left( {{9}0^{0} } \right)$$
(15)
$$S_{{2}} = I\left( {{45}^{0} } \right) - I\left( {{135}^{0} } \right)$$
(16)

Stokes parameter S1holds encrypted data while parameter S2 is stored as fifth decryption key. Stokes parameters S0 and S3, remain 1 and 0, respectively.

2.3 Decryption

To retrieve the original image, reverse process of encryption is followed with correct decryption keys. The process is described mathematically as,

$$\left[ {\begin{array}{*{20}c} {E_{1} } \\ {E_{2} } \\ \end{array} } \right] = \frac{{e^{ - i\pi /4} }}{2}\left[ {\begin{array}{*{20}c} {1 + i} & { - 1 + i} \\ { - 1 + i} & {1 + i} \\ \end{array} } \right]\left[ {\begin{array}{*{20}c} {S_{1} } \\ {S_{2} } \\ \end{array} } \right]$$
(17)
$$\left[ {\begin{array}{*{20}c} {E_{xx} } \\ {E_{yy} } \\ \end{array} } \right] = \left[ {\begin{array}{*{20}c} 1 & 0 \\ 0 & 0 \\ \end{array} } \right]\left[ {\begin{array}{*{20}c} {E_{1} } \\ {E_{2} } \\ \end{array} } \right]$$
(18)

Using above Eq. (18), PVD is calculated and written as,

$$\chi = {\text{Im}} \{ \log (E_{xx} )\} - {\text{Im}} \{ \log (E_{yy} )\}$$
(19)

To retrieve the final images, the following process is followed.

$$D_{i} \left( {\rho ,\theta } \right) = \Im^{ - 1} \left[ {\exp \left\{ {i\left( {\chi - K_{{{\text{d}}i}} } \right)} \right\}} \right]^{2}$$
(20)
$$D_{j} (\rho ,\theta ) = \left| {\Im^{ - \alpha } \left[ {\left| {\Im^{\beta } \left\{ {D_{i} (\rho ,\theta ) \times k_{3} } \right\}} \right| \times k_{2} } \right]} \right|$$
(21)
$$I_{f} (x,y) = ILPT\left[ {D_{j} (\rho ,\theta ) \times \exp (i.k_{1} )} \right]$$
(22)
$$I_{{{\text{n}} - {1}}} \left( {x,y} \right) = {\text{Re}}\left\{ {I_{{\text{f}}} \left( {x,y} \right)} \right\}{\text{ and}}I_{{\text{n}}} \left( {x,y} \right) = {\text{Im}}\left\{ {I_{{\text{f}}} \left( {x,y} \right)} \right\}$$
(23)

Here, In-1(x,y) and In(x,y) are the final decrypted images. ‘Re’ and ‘Im’ stand for real and imaginary parts of the function.\(\left| {..} \right|\) represents the amplitude part of the function. ILPT denotes the inverse log-polar transform of the function (see Figs. 1, 2).

Fig. 1
figure 1

Schematic diagram for encryption

Full size image
Fig. 2
figure 2

Schematic diagram for decryption

Full size image

3 Experimental procedure and analysis

In the proposed scheme, six grayscale images (alphanumeric) each of size 128 × 128 pixels have been used. To verify the proposed scheme, both simulation and experimental studies have been carried out. For simulation, MATLAB 2022b platform has been used. In the Fig. 3, row (a) shows the plaintexts and row (b) shows their log-polar transformed images. Row (c) shows the paired images and corresponding decryption keys. Figure 4 shows the results of encryption using phase and amplitude truncation approach in FRT domain. In the first and second rows of Fig. 4, first images denote the encryption keys and rest are the decryption keys. Row (c) represents the encrypted images Fi of all paired images i.e. all ri. Calculated PVDs, ωi using MGSA corresponding encrypted images Fi have been shown in row (d) of Fig. 4. Figure 5a presents the phase-encoded form of sum of all PVDs i.e. exp{i.ψ} and decryption keys corresponding all PVDs have been shown in Fig. 5b–d, respectively.

Fig. 3
figure 3

Row a plaintexts, b log-polar transform images of all plaintexts, and c amplitude and phase images of all paired images

Full size image
Fig. 4
figure 4

Row a The first image shows the first encryption key and the rest images are first decryption keys, Row b the first image shows the second encryption key and the rest images are second decryption keys, row c shows the encrypted images of all paired images using phase-truncated Fourier transform, and row d shows corresponding PVDs

Full size image
Fig. 5
figure 5

a phase-encoded function of sum of all PVDs and (bd) decryption keys corresponding to all PVDs

Full size image

To encode the information with arbitrary vector light, the schematic of the experimental arrangement has been shown in Fig. 6. In this set-up, a coherence light beam (wavelength 532 nm) is passed through the beam expander (BE), which passes through the SLM onto which the phase-encoded information is displayed. Light beam carries this information after transmitting from SLM (LC 2002 HOLOEYE, resolution 800 × 600 pixels with pixel pitch 32 μm). After SLM, a quarter wave plate is placed at 45° with respect to laboratory horizontal, which produces the two orthogonal components of circular basis of light beam. A polarizer is kept in the path of light beam to record the intensities at four different polarization angles (0°, 45°, 90°, and 135°). 4f imaging set-up is used for imaging purpose. Intensities are captured using a complimentary metal-oxide semiconductor (CMOS) camera (2,592 × 1,944 (5 MP) RGB32 @ 15 fps). Stokes parameters, S1 and S2 are calculated computationally using recorded intensities. Figure 7, row (a) shows experimentally recorded intensities and calculated Stokes parameters, respectively. The simulation results have been shown in row (b) of Fig. 7. Stokes parameter S1 holds final encrypted image while S2 is stored as decryption key. Figure 8 represents the retrieved images after using the all correct decryption keys and following the inverse of the encryption process. Figure 8, row (c) presents the case when any one of the decryption key is wrong then original information cannot be retrieved.

Fig. 6
figure 6

Schematic diagram for vectorial light field encoding, BE beam expander, SLM spatial light modulator, Q quarter wave plate, P polarizer, L lens, E Iris, C CMOS camera

Full size image
Fig. 7
figure 7

Row a first four images are recorded intensities using polarizer at different angles and last two images-Stokes parameters,S1 and S2. Row b simulation results corresponding to row (a) images

Full size image
Fig. 8
figure 8

a Retrieved images with experimentally observed data using correct decryption keys, b simulation results of retrieved images, and c retrieved images using one incorrect key

Full size image

4 Attack analysis

As we know that a strong cryptosystem should be robust to all applicable attacks. Different types of attacks are applied on the encryption system to retrieve the original information, such as known plaintext attack (KPA), chosen-plaintext attack (CPA), chosen-ciphertext attack (CCA), ciphertext-only attack (COA), brute force attack, differential attack, and specific attack.

4.1 Occlusion attack

During the data transmission, if some information is lost, in this situation occlusion attack is studied to check the robustness of cryptosystem. In the proposed scheme, some area of the encrypted image has been cropped and then original image is retrieved using correct decryption keys and process. Obtained results prove the robustness of proposed scheme against occlusion attack. In the Fig. 9, first row represents the encrypted image with occluded area 12.5%, 25% and 50% respectively, while retrieved images are given in second row of Fig. 9 corresponding to first row’s images.

Fig. 9
figure 9

ac encrypted images with occluded area 12.5, 25, and 50% respectively. df retrieved images

Full size image

4.2 Noise attack

In the proposed scheme, the white Gaussian noise with zero mean and unit standard deviation is added with encrypted image as follows,

$$S = S_{1} \left[ {1 + c \cdot G(x,y)} \right]$$
(24)

where c represents the noise strength, G(x,y) is white Gaussian noise and S1 represents the encrypted image. Figure 8 shows the retrieved images of noised encrypted images with different noise strength (1, 2, 5, 10, 12, 17 and 20). It can be clearly seen from Fig. 10 that original information can be successfully retrieved even with noised encrypted image.

Fig. 10
figure 10

Retrieved images of Gaussian noise added encrypted images with noise strengths 1, 2, 5, 10, 12, 17 and 20 respectively

Full size image

4.3 Specific attack

Specific attack is formulated specifically for optical asymmetric cryptosystems. In the asymmetric scheme, encryption and decryption keys are different from each other. PTFT approach is a kind of asymmetric image encryption technique, which is vulnerable to specific attack. Specific attack has been applied to check the robustness of the proposed scheme and it has been found that it resists the specific attack. Figure 11 shows the retrieved image after applying the specific key. In the specific attack, an attacker tries to retrieve original information, say {I1(x,y)} with public keys and ciphertext because he knows only public keys and ciphertext.

Fig. 11
figure 11

Only public key and ciphertext known: a retrieved image, b plot n versus CC, c plot n versus MSE. Public key and one private key: d retrieved image e plot n versus CC, and f plot n versus MSE

Full size image

Figure 11a presents the retrieved image after applying the specific attack with known public keys and Fig. 11b and c denote the plots between number of iteration (n) and correlation coefficient (CC) value and plot between number of iteration (n) and mean square error (MSE), respectively. Figure 11d presents the retrieved image, when attacker knows the public keys and one of the private keys. Figures 11e and f are the plots between n and CC value, plot between n and MSE value.

4.4 Statistical analysis

Now-a-days different types of statistical analysis methods are being utilized to study the statistical attacks. Among them, histogram analysis is done in the proposed scheme. For an effective encryption, it is necessary that histograms of different encrypted images should be same. Histograms of six images (used in this study) are shown in Fig. 12a–f, which are different. Figure 12g and h represent the histogram for the final encrypted image and final decryption key, which are indistinguishable. Therefore, histogram analysis suggests that it would be difficult for an attacker to retrieve the original information.

Fig. 12
figure 12

af histogram of six different images, g histogram of final encrypted image, and h histogram of final decryption key

Full size image

4.5 Key space analysis and comparison with existing work

In the proposed scheme, five decryption keys are required to retrieve the original information. Since gray scale images have been used in the proposed scheme, so decryption keys are also gray scale images. In each decryption key, each pixel can have 0–255 Gy values. Higher the size of the image, higher the number of pixels, therefore key space will be very high. Here, the use of structure phase masks and parameter S2 help enhance the key space. In comparison to reported studies, the proposed scheme provides higher security, which can be implemented using a low cast spatial light modulator within compact optical set-up [38, 39, 41].

5 Conclusion

The proposed scheme provides a novel method of optical asymmetric multiple-image encryption using vectorial light field. Each image is transformed into log-polar coordinate to make them rotation and scale invariant. Pair of two-two images is converted into complex form, in which phase part is stored as decryption key and amplitude part is encrypted using hybrid structured phase masks in FRT domain following phase truncation approach. Encrypted images are encoded into vector light fields, which contain arbitrary polarization states at different spatial locations. Stokes parameter S1 holds final encrypted data while S2 is stored as decryption key. To retrieve the original information, correct decryption keys and inverse of encryption process are used. The use of hybrid structured phase masks as well as vector light field during encryption process, offers much difficulty to attackers to generate the duplicate decryption keys. Its experimental implementation is simple. Attack analysis shows that the proposed scheme has high resistance against specific attack.