1 Introduction

Information security using optical technology has been of growing interest over the past decades owing to its particular advantages such as high speed, parallel processing, and multidimensional capabilities [1,2,3]. Significant work has been conducted in the field of optical encryption. For example, the classical double random-phase encoding (DRPE) technique was proposed by Refregier and Javidi [4] for the encryption of a primary image into a stationary white noise in the Fourier domain. To further enhance the key space and security, the DRPE scheme was extended into the fractional Fourier [5,6,7], gyrator transform [8, 9], Fresnel transform [10, 11], and spatial domains [12]. However, each of the above-mentioned DRPE schemes can be classified into the category of linear symmetric cryptosystems, in which all encryption keys are used for the decryption keys. Many studies have shown that these schemes are vulnerable to specific attacks such as chosen-cyphertext, chosen-plaintext, and known-plaintext attacks [13,14,15,16,17,18] owning to the inherently linear property of a mathematical or optical transformation. To resist a potential attack, an optical asymmetric cryptosystem with high security was proposed by Qin and Peng using a phase-truncated Fourier transform (PTFT) [19], in which a nonlinear operation of the phase and amplitude truncations is applied to remove the linearity of the DRPE scheme. In this nonlinear cryptosystem, decryption keys differing from encryption keys are generated during encryption. However, it was found that the cryptosystems are also vulnerable to such specific attacks owning to the use of a two-step iterative amplitude-phase retrieval algorithm [20, 21]. An optical PTFT-based cryptosystem is, therefore, not sufficiently secure when the encryption keys are compromised. Therefore, some variant cryptosystems have been proposed to enhance the security [22,23,24,25], such as encryption based on spherical wave illumination [22] and polarized light encoding [23]. The PTFT-based encryption technique has also been extended to the fractional Fourier transform (FRFT) domain for increased safety [26,27,28,29]. In this paper, a different asymmetric image encryption method using phase-truncated DMPFRFT (PTDMPFRFT) is adopted to realize the amplitude modulation of the output image. Compared to traditional cryptosystems in the FT [19] and FRFT [26,27,28,29] domains, the proposed PTDMPFRFT-based cryptosystem has more parameters characteristic of a larger key space, a signal representation of multiple degrees, and real-time optical processing capability, but without enhancing the complexity of the optical hardware. Compared to linear cryptosystems [30,31,32,33], our cryptosystem is asymmetric, in which the decryption keys differ with the encryption keys. To a certain extent, our approach yields high-resistance against various attacks such as a chosen-plaintext attack, and significantly improves the encryption performance and security.

The remaining sections of this paper are organized as follows: Sect. 2 introduces the proposed encryption method, Sect. 3 presents the numerical simulation results showing the performance of the proposed method, and Sect. 4 provides some concluding remarks.

2 Principle of PTDMPFRFT-based cryptosystem

As a generalization of FRFT with multiple parameters, DMPFRFT demonstrates more choices to represent signals with extra degrees of freedom through the vector parameters. For a 2D signal X = (xn,m)NL × NR, the DMPFRFT with order (αL, αR), periodicity (ML, MR), and vector parameter (nL, nR) can be represented using two 1D-DMPFRFTs in the row and column, respectively, as shown below:

$$\begin{aligned} \mathbf{X}_{{\left( {{M_{\text{L}}},{M_{\text{R}}}} \right)}}^{{\left( {{\alpha _{\text{L}}},{\alpha _{\text{R}}}} \right)}}({\mathbf{m}_{\text{L}}},{\mathbf{n}_{\text{L}}};{\mathbf{m}_{\text{R}}},{\mathbf{n}_{\text{R}}})= \, & F_{{\left( {{M_{\text{L}}},{M_{\text{R}}}} \right)}}^{{\left( {{\alpha _{\text{L}}},{\alpha _{\text{R}}}} \right)}}\left( {\mathbf{n}_{{\text{L}}}^{\prime },\mathbf{n}_{{\text{R}}}^{\prime }} \right)\mathbf{X} \\ = \, & F_{{\left( {{M_{\text{L}}}} \right)}}^{{\left( {{\alpha _{\text{L}}}} \right)}}\left( {\mathbf{n}_{{\text{L}}}^{{^{\prime }}}} \right) \cdot \mathbf{X} \cdot F_{{\left( {{M_{\text{R}}}} \right)}}^{{\left( {{\alpha _{\text{R}}}} \right)}}\left( {\mathbf{n}_{{\text{R}}}^{\prime }} \right), & \\ \end{aligned}$$
(1)

where n′ can be defined as

$$n_{{\text{k}}}^{'}=\left( {k{m_{\text{k}}}+M{m_{\text{k}}}{n_{\text{k}}}+{n_{\text{k}}}} \right)\,\,\,\,\,k=0,1,2, \cdots ,(M - 1),$$
(2)

and \({\mathbf{m}}=\left( {{m_0},{m_1}, \cdots {m_{\left( {M-1} \right)}}} \right) \in {Z^M}\), \({\mathbf{n}}=\left( {{n_0},{n_1}, \cdots {n_{\left( {M-1} \right)}}} \right) \in {Z^M}\), and the eigen-decomposition structure of DMPFRFT is

$$F_{M}^{\alpha }\left( {{{\mathbf{n}}^{^{\prime }}}} \right)=V{D^\alpha }{V^T}=\left\{ {\begin{array}{*{20}{c}} {\sum\limits_{{k=0}}^{{N - 1}} {\exp \left\{ {\left( {{{ - 2\pi \operatorname{i} } \mathord{\left/ {\vphantom {{ - 2\pi \operatorname{i} } M}} \right. \kern-0pt} M}} \right)\left[ {\alpha \left( {\bmod \left( {k,M} \right)+n_{{\bmod (k,M)}}^{{^{\prime }}}M} \right)} \right]} \right\}{v_k}v_{k}^{T}} }&{{\text{for }}N{\text{ odd}}} \\ {\sum\limits_{{k=0}}^{{N - 2}} {\exp \left\{ {\left( {{{ - 2\pi \operatorname{i} } \mathord{\left/ {\vphantom {{ - 2\pi \operatorname{i} } M}} \right. \kern-0pt} M}} \right)\left[ {\alpha \left( {\bmod \left( {k,M} \right)+n_{{\bmod (k,M)}}^{{^{\prime }}}M} \right)} \right]} \right\}{v_k}v_{k}^{T}} }&{} \\ {+\exp \left\{ {\left( {{{ - 2\pi \operatorname{i} } \mathord{\left/ {\vphantom {{ - 2\pi \operatorname{i} } M}} \right. \kern-0pt} M}} \right)\left[ {\alpha \left( {\bmod \left( {N,M} \right)+n_{{\bmod (N,M)}}^{{^{\prime }}}M} \right)} \right]} \right\}{v_{N - 1}}v_{{N - 1}}^{T}}&{{\text{for }}N{\text{ even}}} \end{array}} \right..$$
(3)

In addition, NL and NR are arbitrary integers; T denotes the matrix transpose; V denotes a matrix with eigenvectors as the column vectors, i.e., V = [v0|v1|…|vN−2|vN−1] for odd N and V = [v0|v1|…|vN−2|vN] for even N; and D denotes a diagonal matrix with its diagonal entries corresponding to the eigenvalues for each column eigenvector vk in V [30,31,32,33].

The proposed encryption and decryption process is shown in Fig. 1. Let f(x,y) represent the original image with N × N pixels. For encryption, as shown in Fig. 1a, the original image f(x,y) is first scrambled by J[·], and then multiplied by the RPM function exp[ip(x,y)]. After applying a further DMPFRFT operation with parameters of (ML, MR; αL, αR; mL, nL; and mR, nR), the final encrypted image E(x,y) can be expressed as

Fig. 1
figure 1

Schematic of a encryption and b decryption

Full size image
$$E(x,y)={\text{PT}}\left\{ {F_{{\left( {{M_L},{M_R}} \right)}}^{{\left( {{\alpha _L},{\alpha _R}} \right)}}\left( {{\mathbf{n}}_{L}^{'},{\mathbf{n}}_{{\text{R}}}^{'}} \right)\left\{ {{\text{J}}\left[ {f\left( {x,y} \right)} \right]\exp \left[ {ip\left( {x,y} \right)} \right]} \right\}} \right\}.$$
(4)

In addition, the phase key P(x,y) for decryption generated during the encryption can be expressed as

$$P(x,y)={\text{PR}}\left\{ {F_{{\left( {{M_L},{M_R}} \right)}}^{{\left( {{\alpha _L},{\alpha _R}} \right)}}\left( {{\mathbf{n}}_{L}^{'},{\mathbf{n}}_{{\text{R}}}^{'}} \right)\left\{ {{\text{J}}\left[ {f\left( {x,y} \right)} \right]\exp \left[ {ip\left( {x,y} \right)} \right]} \right\}} \right\},$$
(5)

where p(x,y) is a statistically white sequence uniformly distributed in (0, 2π), the operator PT denotes the phase truncation, and PR denotes the amplitude truncation.

For decryption, as shown in Fig. 1b, the decrypted process can be carried out as follows:

$$f(x,y)=PT\left\{ {{{\text{J}}^{-1}}\left\{ {F_{{\left( {{M_L},{M_R}} \right)}}^{{\left( { - {\alpha _L}, - {\alpha _R}} \right)}}\left( {{{\mathbf{n}}_L}',{{\mathbf{n}}_R}'} \right)\left[ {E(x,y)\cdot P} \right]} \right\}} \right\},$$
(6)

where J− 1[•] is the inverse pixel-scrambling operation.

Note that our algorithm extends the PT-based cryptosystem from the FT [19] or FRFT [26,27,28,29] domain to the DMPFRFT domain. Obviously, a pixel-scrambling operation, RPM, and the parameters of DMPFRFT including the periodicities (ML, MR), transform orders (αL, αR), and vector parameters (mL, nL; mR, nR) serve as the public keys. They take a critical role during the encryption, and particularly increase the public key space fivefold relative to [19] employing two RPMs, and 2.5-fold relative to [26] employing two FRFT orders and two RPMs, which then lead to a superior encryption security standard. As many others have pointed out [19, 26,27,28,29], the phase P generated from the phase-truncated encryption process is a private decryption key, but differs from the encryption keys. Compared to [19, 26], the parameters of both a pixel-scrambling operation and DMPFRFT can be regarded as additional decryption keys, which further break the linearity of a cryptosystem [30,31,32,33]. Our approach can then efficiently increase the resistance against specific attacks, including known-plaintext and chosen public key attacks.

To quantitatively evaluate the performance of the proposed method, the normalized mean square error (NMSE) between the original image and the decrypted image is defined as

$${\text{NMSE=}}{{{{\sum\limits_{{j=1}}^{A} {\sum\limits_{{j=1}}^{B} {[{I_{\text{D}}}(i,j) - {I_{\text{E}}}(i,j)]^2}}}}} \mathord{\left/ {\vphantom {{{{\sum\limits_{{j=1}}^{A} {\sum\limits_{{j=1}}^{B} {[{I_{\text{D}}}(i,j) - {I_{\text{E}}}(i,j)]^2} } }}} {{{\sum\limits_{{j=1}}^{A} {\sum\limits_{{j=1}}^{B} {[{I_{\text{E}}}(i,j)]} } }^2}}}} \right. \kern-0pt} {{{\sum\limits_{{j=1}}^{A} {\sum\limits_{{j=1}}^{B} {[{I_{\text{E}}}(i,j)]^2} } }}}},$$
(7)

where A × B is the size of the image, and ID(i,j) and IE(i,j) are the values of the decrypted image and the original image at the pixel (i, j), respectively. In a practical sense, when the NMSE is larger than 0.31, the decrypted image can barely be recognized.

In addition to being implemented digitally, the scheme can also be implemented using an electro-optical hybrid setup [20]. For encryption, the original image is set to the input plane, as shown in Fig. 2a. An optical pixel-scrambling device (OPSD) is used to realize the pixel-scrambling operation. First, a spatial light modulator SLM1 is used to generate RPM, and SLM2 and a lens L are used to implement the DMPFRFT. A CCD detector can be applied in a straightforward manner to conduct a phase truncation to record the reservation intensity; however, to record the reservation phase after an amplitude truncation, a reference beam, as shown by the arrow with a dashed line, should be split from the light source to accomplish interferometry [19]. A computer is used to control all SLMs and the CCD. For decryption, as shown in Fig. 2b, the encrypted image E(x,y) is set to the input plane, and the phase key P is displayed on SLM1, whereas the OPSD is tightly located in the input plane of the CCD. As shown in Eq. (6), because the decrypted image results from a phase-truncation operation, a reference beam is again not required, and only the CCD can be used to record the decrypted image during the decryption process. Therefore, it is clear that the decryption process is more convenient and efficient.

Fig. 2
figure 2

Optoelectronic hybrid setup of the a encryption and b decryption system

Full size image

3 Simulation results and performance analysis

Numerical simulation experiments have been conducted to verify the proposed encryption method. In our experiment, a “Lena” image of 512 pixels × 512 pixels in size and having 256 Gy levels is taken as the original image, as shown in Fig. 3a. The image is broken up into 65,536 subsections of 2 pixels × 2 pixels using a pixel-scrambling operation, as suggested in [34], in which the gray values of the different pixels are interchanged. The DMPFRFT system parameters are (ML, MR; αL, αR) = (15, 20; 0.34, 0.73). The vector parameters (mL, nL) and (mR, nR) with independent integer values are 1 × 15 and 1 × 20 random vectors. The encrypted image with stationary white noise can then be obtained, as shown Fig. 3b. After applying the correct keys to the encrypted image, the decrypted image can be obtained, as shown in Fig. 3c, which is the same as the original image without any noise or distortion. After applying only the correct public keys without private key P to the encrypted image, the decrypted image can barely be recognized, as shown in Fig. 3d. The NMSE value between the decrypted and encrypted images is 4.02 × 10− 29 when all of the correct keys are used, but 0.618 when only the correct public keys are used. It can be seen that the proposed method retrieves the original image exactly, and creates an effective trap for the illegal deciphers.

Fig. 3
figure 3

a Original image, b encrypted image, and decrypted image with c all of the correct keys and d only public keys

Full size image

In the following analysis, the effect of the deviation of different keys on the decrypted image is considered. Figure 4a shows the decrypted image obtained using the incorrect phase P, and Fig. 4b shows the decrypted image obtained using an incorrect decryption of the inverse pixel-scrambling operation [34]. Figure 5 shows the decrypted image obtained using the incorrect DMPFRFT keys of {(14,19), (− 0.34, − 0.73), (mL, nL), (mR, nR)}, {(15,20), (− 0.34 + 10− 7, − 0.73 + 10− 7), (mL, nL), (mR, nR)}, {(15,20), (− 0.34,− 0.73), (mL + 2, nL + 1), (mR, nR)}, and {(15,20); (− 0.34,− 0.73); (mL,nL); (mR + 1,nR + 1)}. The corresponding NMSEs are 0.5522, 0.4422, 0.4355, 0.4276, 0.4169, and 0.4183. It can be seen that any errors in the phase key, inverse pixel-scrambling operation, and/or DMPFRFT parameters can make the image difficult to retrieve, thereby achieving a high security hierarchy in the applications.

Fig. 4
figure 4

Decrypted image with incorrect a phase key P, and b inverse pixel-scrambling operation

Full size image
Fig. 5
figure 5

Decrypted image with different incorrect keys: a {(14, 19), (− 0.34, − 0.73), (mL, nL), (mR, nR)}, b {(15, 20), (− 0.34 + 10− 7, − 0.73 + 10− 7), (mL, nL), (mR, nR)}, c {(15, 20), (− 0.34, − 0.73), (mL + 2, nL + 1), (mR, nR)}, d {(15, 20), (− 0.34, − 0.73), (mL, nL), (mR + 1, nR + 1)}

Full size image

Now, the effects of the derivation of the transform orders on the NMSE are considered when the other parameters are correct. As shown in Fig. 6, the NMSEs approach zero when the transform orders are close to the correct key values. However, high NMSEs of > 0.31 are yielded when a deviation of ≥ 10− 7 is from any of the correct transform orders. Thus, the transform orders result in high sensitivity and security. The effect of the derivation of the periodicities on the NMSE is then considered, whereas the other parameters are correct. As shown in Fig. 7, the NMSEs approach zero when the periodicities are close to the correct key values. However, high NMSEs of > 0.31 are also yielded when a deviation of ≥ 1 occurs from any of the correct periodicities. Thus, the periodicities can be employed to improve the security. Finally, the effects of the derivation of the vector parameters on the NMSEs are considered, whereas the other parameters are correct. The results when using incorrect vector parameters are shown in Fig. 8, in which an incorrect number denotes the number of incorrect elements in the matrixes generated for different vector parameters. As shown in Fig. 8, although the vector parameters are not as sensitive as the transform orders and periodicities, the NMSEs also increase quickly with a derivation of the vector parameters. When a derivation of a vector parameter makes NMSE higher than 0.31, the decrypted image is also difficult to recognize, as shown in Fig. 5c–d, even with other correct keys. In this case, the vector parameters can also be regarded as additional keys to promote a high level of security.

Fig. 6
figure 6

NMSEs with different deviation of transform order parameters

Full size image
Fig. 7
figure 7

NMSEs with different deviation of periodicity parameters

Full size image
Fig. 8
figure 8

NMSEs versus deviation of vector parameters

Full size image

The robustness against occlusions is usually applied to assess how one encryption method operates with a loss of data in the ciphertext image. An encrypted image reduced by 50% is shown in Fig. 9a, and its decrypted image using all of the correct keys is shown in Fig. 9b. The NMSE is 0.2541. Clearly, the retrieved image can be clearly recognized, which means that our approach has sufficient robustness against an occlusion attack. The robustness of our approach is also tested against a noise attack. The encrypted image is distorted with zero-mean white additive Gaussian noise with a standard deviation of 0.10, which is twice that used in [30]–[33]. A noise-encrypted image is shown in Fig. 10a, and its decrypted image with all of the correct keys is shown in Fig. 10b. The NMSE is 0.0233. The decrypted result can also be easily identified. This is because our approach can transform added noise into a wide stationary white additive noise for a decrypted image [35], which can be suppressed to decrease the effects of the noise degradation. All of the above prove that our approach has certain robustness against various attacks.

Fig. 9
figure 9

Robustness against occlusion attack: a encrypted image with 50% occlusion, and b decrypted image

Full size image
Fig. 10
figure 10

Robustness against noise attack: a encrypted image with Gaussian noise of standard deviation of 0.10 and b decrypted image

Full size image

Finally, to further confirm the validity of our approach, a binary image of a QR code containing the URL of our university is also utilized as the original image. It can be seen from Fig. 11 that the encrypted image looks like stationary white noise, and the decrypted image is identical to the original image without any noises or distortions.

Fig. 11
figure 11

a Original binary image of QR code, b encrypted image, and b decrypted image

Full size image

4 Conclusion

A method using PTDMPFRFT is proposed for asymmetric image encryption. The decryption keys used in the system can be generated during the encryption process, but differ from the encryption keys. The decryption keys include the phase key P, pixel-scrambling operation, and a set of DMPFRFT parameters. The security of the asymmetric cryptosystem can be enhanced using DMPFRFT to enlarge the key space. Electro-optical implementation setups for encryption and decryption have also been suggested. Numerical simulations have also been conducted to demonstrate the recovered quality and validity of the proposed method.