1 Introduction

With the advancement of the internet and technology, multimedia communication has gradually become ubiquitous in people’s lives. It has become an important part of people’s daily life for sharing data in terms of text, images, and videos over social media. An unauthorised leakage of data can be harmful to individuals, businesses, and sometimes even to the entire nation. Therefore, the security of data is utmost important and it cannot be ignored. Encryption technique play a vital role in protection of data from illegal users. However, traditional digital encryption algorithms such as advanced encryption standard (AES) and data encryption standard (DES) are not appropriate for image encryption. Although they have complex computation, unpredictability, and non-repeatability traits but digital image encryption techniques are slow with advancement in computations, and they are vulnerable. In 1995, an optical encryption scheme was proposed by Refregier and Javidi famously referred as double random phase encoding (DRPE) in Refregier and Javidi (1995) in the literature. The DRPE attains a lot of attention of the researchers because of its optical characteristics such as high speed, parallelism, multi-dimensional key space. In DRPE scheme, two random phase masks are used, one of them in spatial domain and other in frequency domain. Many optical encryption techniques based on DRPE scheme were proposed in various transform domain like gyrator transform (Abuturab 2012; Kumar et al. 2019), fractional Fourier transform (Unnikrishnan et al. 2000), Fresnel transform (Situ and Zhang 2004; Huang 2012), fractional Hartley transform (Singh et al. 2017, 2019) and so on (Zhou et al. 2013; Vashisth et al. 2014; Abuturab 2015; Liu et al. 2013; He et al. 2012). The DRPE scheme has same encryption and decryption keys that leads to its symmetric architecture and therefore there are issues of key distribution. Due to its linearity and symmetry nature DRPE found vulnerable to basic attacks such as known-plaintext attacks (KPA), ciphertext only attack (COA), chosen-plaintext attack (CPA), and chosen-ciphertext attack (CCA) (Frauel et al. 2007; Gopinathan et al. 2006; Liu et al. 2015; Carnicer et al. 2005; Peng et al. 2006). Researchers are wondering for those cryptosystems that are immune to these basic attacks.

This necessity of security enables researchers to look beyond symmetric cryptosystem and to develop asymmetric cryptosystems. First asymmetric cryptosystem in optical sense is reported by Qin and Peng based on phase truncation Fourier transform (PTFT) in 2010 (Qin and Peng 2010). The PTFT cryptosystem involves two random phase masks which act as public key, whereas private key obtained from phase reservation operation. The encrypted image is real valued that obtained from phase truncation operation. Later, it is found that PTFT cryptosystem unable to resist the specific attack based on phase retrieval algorithms (Wang and Zhao 2012; Wang et al. 2014a, 2014b; Wang et al. 2015), and attacker gets the plaintext without using decryption keys. Moreover, several decompositions techniques are also used to develop asymmetric cryptosystem, like equal modulus decomposition (EMD) (Cai et al. 2015; Deng 2015), random modulus decomposition (RMD) (Xu et al. 2018; Rakheja et al. 2019; Chen et al. 2020), unequal modulus decomposition (UMD) (Chen et al. 2016; Archana 2021a, 2021b), singular value decomposition (SVD) (Kumar et al. 2019; Singh 2018), polar decomposition (Kumar and Quan 2019), lower–upper decomposition (LUD) (Su et al. 2018; Xiong and Quan 2019) and so on. Recently, Shen et al. proposed an encryption scheme based on QZ synthesis method, which is able to resist basic attack as KPA and CPA (Shen et al. 2022; Gaur et al. 2022).

In recent years, phase retrieval algorithms also attain a lot of attention in security purposes for its nonlinear architecture. The profoundly used phase retrieval algorithm (PRA) was proposed by Gerchberg and Saxton in 1972, and famous as Gerchberg-Saxton (GS) algorithm (Gerchberg and Saxton 1972). The GS algorithm exhibits a rapid decrease in error initially, but eventually, error stagnate for several iterations. In addition, GS algorithm gives inconsistency in output because the algorithm is initialized with random phases. Thereafter, a modified version of GS algorithm was proposed, termed as modified Gerchberg-Saxton (MGS) algorithm (Deng and Zhao 2011; Mehra and Nishchal 2023) which take care of stagnation issue. Fienup proposed a class of input–output algorithm, to get rid of stagnation problem in GS algorithm (Fienup 1982, 2013; Fienup Jul. 1978; Nishchal 2019). Many cryptosystems based on phase retrieval algorithm were proposed by researchers (Wei and Wang 2021; Rajput and Nishchal 2017). Recently, security enhanced cryptosystem was proposed by Liu et al. based on Yang-Gu mixture amplitude-phase retrieval (Yang-Gu) algorithm in a more complicated way. The encryption process of Yang-Gu algorithm needs two iterative loop and generate private keys using binary phase modulation (Liu et al. 2013a, 2013b; He et al. 2013). Afterwards, several encryption schemes are proposed by researchers based on Yang-Gu algorithm (Sui et al. 2015a, 2015b; Abuturab 2019; Rakheja et al. 2022). An improved amplitude phase retrieval algorithm (improved APR algorithm) was proposed by Wang et al. (Wang et al. 2016), which require less time consumption and number of iterations as compared to Yang-Gu algorithm.

Motivated from above, in this paper we proposed a cryptosystem based on QZ synthesis method and phase retrieval algorithms. The QZ synthesis prevents the algorithm from basic attacks such as KPA, CPA whereas phase retrieval algorithm improves the security against specific phase retrieval attack. Further, we review above discussed phase retrieval algorithms with QZ synthesis method for double images. The texture of the rest paper is organized as follows. The working of QZ synthesis method and various types of phase retrieval algorithms such as GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm, improved APR algorithm and encryption, decryption process of proposed cryptosystem are described in Sect. 2. The numerical simulations and security analysis presented in Sect. 3. The final remarks of the paper are concluded in Sect. 4.

2 Overview

2.1 QZ algorithm

In QZ algorithm, two square matrices \(A\) and \(B\) (\(A, B\in {R}^{n\times n}\)) are considered as input and it produces four matrices as output: \(AA\), \(BB\) and two unitary matrices \(Q\) and \(Z\). The mathematically it can be expressed as:

$$\left[AA, BB, Q, Z\right]=QZ(A, B)$$

where \(QZ(.)\) denotes the QZ algorithm. \(AA=Q.A.Z\) and \(BB=Q.B.Z\). From here, \(A\) and \(B\) can be obtained as \(A={Q}^{-1}.AA.{Z}^{-1}\) and \(B={Q}^{-1}.BB.{Z}^{-1}\) respectively, where \(\left( \cdot \right)^{ - 1}\) denotes inverse of a square matrix.

In QZ synthesis (QZS) method, initially take two matrices \({I}_{1}\) and \({I}_{2}\) in QZ algorithm.

$$\left[{I}_{11},{I}_{22}, Q, Z\right]=QZ\left({I}_{1}, {I}_{2}\right)$$
(1)

The upper triangular matrix \({I}_{22}\) convert into lower triangular matrix by taking its transpose \({I}^{\prime}_{22}\) and diagonal elements of matrix \({I}^{\prime}_{22}\), can be extracted as \(Dig\).

$$Dig=diag\left({I}^{\prime}_{22}\right)$$
(2)

where ‘diag’ is an operator which extract the diagonal elements of a matrix.

The upper triangular matrix \({I}_{11}\) added to the lower triangular matrix \({I}^{\prime}_{22}\) without its diagonal elements to achieve the synthesized matrix \({I}_{12}\).

$${I}_{12}={I}_{11}+\left({I}^{\prime}_{22}-Dig\right)$$
(3)

The Eqs. (13), summarized the whole process of QZS as \(\left( {I_{12} , P} \right) = QZS(I_{1} ,I_{2} )\), where \(P(Q,Z, Dig)\) denotes the private keys containing unitary matrices and diagonal elements. A schematic flowchart of QZS process shown in Fig. 1.

Fig. 1
figure 1

A schematic flowchart of QZS process

Full size image

The reverse process of QZS is termed as QZ decomposition (QZD). Take the upper triangular matrix of \({I}_{12}\) and save it as \({D}_{11}\).

$${D}_{11}=triu\left({I}_{12}\right)$$
(4)

where operator ‘triu’ extract the upper triangular matrix from matrix \({I}_{12}\).

The matrix \({D}_{22}\) can be obtained through the synthesized matrix \({I}_{12}\) without \({D}_{11}\) and \(Dig\) added to it. Mathematically, it is given as Eq. (5)

$${D}_{22}={({I}_{12}-{D}^{\prime}_{11})}+Dig$$
(5)

The matrix \({I}_{1}\) and \({I}_{2}\) can be obtained through \({D}_{11}\), \({D}_{22}\) and the inverse of unitary matrices \(Q\) and \(Z\), as mentioned below

$${I}_{1}={Q}^{-1}\cdot {D}_{11}\cdot {Z}^{-1}$$
(6)
$${I}_{2}={Q}^{-1}\cdot {D}_{22}\cdot {Z}^{-1}$$
(7)

The whole process of QZD is presented through eqs. (47) and schematic flowchart in Fig. 2. In QZS and QZD process, ‘flip’ operator reflects transposing a matrix. It uses two grayscale images of Peppers and Cameraman of size \(256\times 256\) pixels. A noisy image \({I}_{12}\) is obtained as a result of QZS.

Fig. 2
figure 2

A schematic flowchart of QZD process

Full size image

2.2 Gyrator transform

Gyrator transform (GT) is a type of linear canonical transform (Rodrigo et al. Mar. 2007; Liu et al. 2011). Mathematically, definition of GT for two-dimensional image \(f(x,y)\) with angle of rotation \(\alpha\) can be given as

$$F\left(u,v\right)={G}^{\alpha }\left[f\left(x,y\right)\right]\left(u,v\right)$$
$$=\frac{1}{|sin\alpha |}\iint f\left(x,y\right)\mathrm{exp}\left[2\pi i\frac{\left(xy+uv\right)cos\alpha -(xv+yu)}{sin\alpha }\right]dxdy$$
(8)

where \(\alpha\) lies in the interval \([\mathrm{0,2}\pi ]\), which provides the extra key for encryption techniques. Also, GT has properties of additive and periodic with respect to angle of rotation \(\alpha\). The effect of GT is shown in Fig. 3b and c with the angle of rotation \(\alpha =2.14\) and \(\alpha =0.5\pi\) on an input image of a girl of \(256\times 256\) pixels is displayed in Fig. 3a. The corresponding recovered image shown in Fig. 3d.

Fig. 3
figure 3

Effect of gyrator transform on a grayscale image of girl (a), with angle \(\alpha =2.14\) (b) and \(\alpha =0.5\pi\) (c). The recovered image corresponding to (b) and (c) is shown in (d)

Full size image

2.3 Yang-Gu mixture amplitude-phase retrieval algorithm

In 2013, Liu et al. (2013a) proposed a cryptosystem based on Yang-Gu mixture amplitude-phase retrieval algorithm (Yang-Gu algorithm). Let \(r(x,y)\) and \(R(u,v)\) be input image and public key respectively. The iterative process involves computing the unknown function \({e}_{k1}(u,v)\) and phase function \(\varnothing (x,y)\) using the convergent criteria. The complete process of Yang-Gu algorithm is shown in Fig. 4.

Fig. 4
figure 4

The schematic flowchart of Yang-Gu algorithm

Full size image

Initially, iterative process starts with random function \({e}_{1}(u,v)\) which assumes the values between interval \([0, 1]\). During the k1th iteration of algorithm, \({e}_{k1}(u,v)\) is bonded with public key \(R(u,v)\) is subjected inverse gyrator transform with angle of rotation as shown in below expression \({F}_{k1}(x,y)\):

$${F}_{k1}\left(x,y\right)={GT}^{-\alpha }\left({e}_{k1}\left(u,v\right).R\left(u,v\right)\right)$$
(9)

The amplitude and phase part of \({F}_{k1}(x,y)\) are given as \({h}_{k1}\left(x,y\right)=abs({F}_{k1}(x,y))\) and \({\varnothing }_{k1}(x,y)=\mathrm{arg}({F}_{k1}(x,y))\), respectively.

For the next iteration, update the \({e}_{k1}^{\prime}\left(u,v\right)\) using the following relation:

$${E}_{k1}(u,v)={GT}^{\alpha }\left(r\left(x,y\right).\mathrm{exp}\left({i\varnothing }_{k1}\left(x,y\right)\right)\right)$$
(10)
$$e_{{k1}}^{\prime } \left( {u,v} \right) = Re\left| {E_{{k1}} \left( {u,v} \right).R^{{\text{*}}} \left( {u,v} \right)} \right|$$
(11)

where ‘Re’ represents the real part operation and ‘*’ denotes the conjugate operator.

The convergence criteria to decide the termination of the iterative process is the value of normalised mean squared error (NMSE). The iteration process will stop when value of NMSE reached to its threshold value. The value of NMSE between input image \(r(x,y)\) and iterated image \({h}_{k1}(x,y)\) is computed by using the following relation:

$$NMSE=\frac{\sum_{x,y}{(r\left(x,y\right)-{h}_{k1}(x,y))}^{2}}{\sum_{x,y}{r}^{2}(x,y)}$$
(12)

The resulting image may contain both positive and negative elements. Therefore, a one-way binary phase modulation function \(\mathrm{exp}(i\pi b(u,v))\) is introduced, so that the elements become positive. The function \(b(u,v)\) act as a private key. The relation of \(b(u,v)\) is given as:

$$b\left( {u,v} \right) = \left\{ {\begin{array}{*{20}c} {1,~~e_{{k1}}^{\prime } < 0} \\ {0,~~e_{{k1}}^{\prime } > 0} \\ \end{array} } \right.$$
(13)

Thus, the encrypted image is obtained by relation:

$$e_{{k1 + 1}} \left( {u,v} \right) = e_{{k1}}^{\prime } \left( {u,v} \right).\exp \left( {i\pi b\left( {u,v} \right)} \right)$$
(14)

The key \(R(u,v)\) is bonded with phase modulation \(exp(i\pi b(u,v))\), to obtain the decryption key \(D(u, v)\):

$$D\left(u,v\right)=R\left(u,v\right).\mathrm{exp}\left(i\pi b\left(u,v\right)\right)$$
(15)

2.4 Improved amplitude-phase retrieval algorithm

In 2015, Wang et al. (Wang et al. 2016) proposed an improved amplitude-phase retrieval algorithm (improved APR algorithm), which contains only one iteration loop. The flowchart of the improved amplitude-phase retrieval algorithm is shown in Fig. 5. During iteration process, an input image \(r(x,y)\) and two public keys \(RPM1=\mathrm{exp}(2i\pi \psi (u,v))\) and \(RPM2=\mathrm{exp}(2i\pi \psi (x,y))\) are used as inputs.

Fig. 5
figure 5

Schematic flowchart of improved APR algorithm

Full size image

The iterative process starts with an arbitrary function \({e}_{1}(x,y)\) for an unknown amplitude. On the k2th iteration, amplitude \({e}_{k2}(x,y)\) is bonded with public key RPM2 and resulting image undergo gyrator transform with angle \(\alpha\), and stored its amplitude and phase part:

$${f}_{k2}\left(u,v\right)={GT}^{\alpha }\left({e}_{k2}\left(x,y\right).RPM2\left(x,y\right)\right)$$
(16)
$${f}_{k2}^{\mathrm{^{\prime}}}\left(u,v\right)=PT\left({f}_{k2}\left(u,v\right)\right)$$
(17)
$$\emptyset _{{k2}}^{\prime } \left( {u,v} \right) = PR\left( {f_{{k2}} \left( {u,v} \right)} \right)$$
(18)

where \(PR\) and \(PT\) represents the phase reserved and phase truncation part, respectively. The phase truncated part \({f}_{k2}^{\prime}(u,v)\) is multiplied with another public key \(RPM1(u,v)\) and phase modulator \(\mathrm{exp}(i\pi {\gamma }_{1,k2-1})\). The resulting image is again subjected to gyrator transform with angle \(\beta\); Mathematically

$$g_{{k2}} \left( {x,y} \right) = GT^{\beta } \left[ {f_{{k2}}^{\prime } \left( {u,v} \right).RPM1\left( {u,v} \right).\exp \left( {i\pi \gamma _{{1,k2 - 1}} } \right)} \right]$$
(19)
$$g_{{k2}}^{\prime } \left( {x,y} \right) = PT\left( {g_{{k2}} \left( {x,y} \right)} \right)$$
(20)
$${\varnothing }_{k2}(x,y)=PR\left({g}_{k2}\left(x,y\right)\right)$$
(21)

The image \(r\left(x,y\right)\) which is an input image is bonded with phase \({\varnothing }_{k2}(x,y)\) and undergoes inverse gyrator transform with angle \(-\beta\):

$${G}_{k2}\left(u,v\right)={GT}^{-\beta }(r\left(x,y\right).\mathrm{exp}(i{\varnothing }_{k2}(x,y)))$$
(22)

The complex conjugate of \(RPM1\) (\({RPM1}^{*}\)) is multiplied with spectrum \({G}_{k2}(u,v)\):

$${H}_{{k2}_{1}}\left(u,v\right)=Re\left({G}_{k2}\left(u,v\right){.RPM1}^{*}\left(u,v\right)\right)$$
(23)

where ‘Re’ represents the real part operation. The image \({H}_{{k2}_{1}}\left(u,v\right)\) contains positive as well as negative elements. Thus, to obtain the positive elements, \({H}_{{k2}_{1}}(u,v)\) is combined with one-way binary phase modulator \(\mathrm{exp}(i\pi {\gamma }_{1,k2}(u,v))\). The binary phase modulator \({\gamma }_{1,k2}(u,v)\), is generated by using the Eq. (24)

$${\gamma }_{1,k2}(u,v)=\left\{\begin{array}{c}1, {H}_{{k2}_{1}}(u,v)<0\\ 0, {H}_{{k2}_{1}}(u,v)>0\end{array}\right.$$
(24)

The phase \({\varnothing }_{k2}^{\prime}(u,v)\) obtained from Eq. (18) is bonded with \({H}_{k2}^{\prime}(u,v)\) and undergoes inverse gyrator transform with angle \(-\alpha\):

$$I_{{k2}} \left( {x,y} \right) = GT^{{ - \alpha }} \left( {H_{{k2}}^{'} \left( {u,v} \right).{\text{exp}}\left( {i\emptyset _{{k2}}^{\prime } \left( {u,v} \right)} \right)} \right)$$
(25)

where \({H}_{k2}^{\prime}\left(u,v\right)={H}_{{k2}_{1}}(u,v)\mathrm{exp}(i\pi {\gamma }_{1,k2}(u,v))\).

In the next step, \({I}_{k2}(x,y)\) is multiplied by complex conjugate of \(RPM2\) \(({RPM2}^{*})\) and stored the real part of obtained result as \({H}_{{k2}_{2}}(x,y)\):

$${H}_{{k2}_{2}}\left(x,y\right)=Re\left({I}_{k2}\left(x,y\right).{RPM2}^{*}\left(x,y\right)\right)$$
(26)

The image \({H}_{{k2}_{2}}(x,y)\) is also contain negative points. Therefore, it is bonded with another binary phase modulator \({\gamma }_{2}(x,y)\). The encrypted image \({e}_{k2}(x,y)\) is given by Eq. (27)

$${e}_{k2}\left(x,y\right)={H}_{{k2}_{2}}\left(x,y\right).\mathrm{exp}\left[i\pi {\gamma }_{2}\left(x,y\right)\right]$$
(27)

where \({\gamma }_{2}(x,y)\) is given as:

$${\gamma }_{2}\left(x,y\right)=\left\{\begin{array}{c}1, \quad {H}_{{k2}_{2}}(x,y)<0\\ 0, \quad {H}_{{k2}_{2}}(x,y)>0\end{array}\right.$$
(28)

The iterative loop from Eq. (1628) may be terminated if correlation coefficients \((CC)\) between \({g}_{k2}^{\prime}(x,y)\) and \(r(x,y)\) greater than a prescribed threshold value. The \(CC\) value can be calculated by the Eq. (29)

$$CC=\frac{{\sum }_{x=1}^{M}{\sum }_{y=1}^{N}({g}_{k2}^{\prime}\left(x,y\right)-\overline{{g }_{k2}^{\prime}\left(x,y\right)})(r\left(x,y\right)-\overline{r(x,y)})}{\sqrt{\sum_{x=1}^{M}{\sum }_{y=1}^{N}{({g}_{k2}^{\prime}\left(x,y\right)-\overline{{g }_{k2}^{\prime}(x,y)})}^{2}}\sqrt{\sum_{x=1}^{M}\sum_{y=1}^{N}{(r\left(x,y\right)-\overline{r(x,y)})}^{2}}}$$
(29)

here \(M\), \(N\) are dimension of input image, \('||'\) is modulus operator and \('-'\) is average operator.

Here, two binary phase modulators \({\gamma }_{1}(u,v)\) and \({\gamma }_{2}(x,y)\) form two private keys \({P}_{1}(u,v)\) and \({P}_{2}(x,y)\) respectively as

$$P_{1} \left( {u,v} \right) = \exp \left[ { - \emptyset _{{k2}}^{\prime } \left( {u,v} \right)} \right].\exp \left[ {i\pi \gamma _{1} \left( {u,v} \right)} \right]$$
(30)
$${P}_{2}\left(x,y\right)=\mathrm{exp}\left[i\pi {\gamma }_{2}\left(x,y\right)\right]$$
(31)

During decryption process, here two decryption keys \({D}_{1}\) and \({D}_{2}\) are used, which are obtained using the public (\(RPM1\) and \(RPM2\)) and private keys (\({P}_{1}\) and \({P}_{2}\)). Mathematically, decryption keys are

$${D}_{1}\left(u,v\right)={P}_{1}\left(u,v\right).RPM1\left(u,v\right)$$
(32)
$${D}_{2}\left(x,y\right)={P}_{2}\left(x,y\right).RPM2\left(x,y\right)$$
(33)

2.5 Proposed cryptosystem

In this subsection, the encryption and decryption process of the proposed cryptosystem is discussed in detail. The schematic flowchart of encryption process is shown in Fig. 6.

Fig. 6
figure 6

Block diagram of proposed cryptosystem of encryption process

Full size image

Step 1 Initially, take two grayscale images of Peppers and Cameraman say \({I}_{1}\) and \({I}_{2}\), respectively.

Step 2 These two images are synthesised by QZS as described in SubSect. 2.1 by using Eqs. (13) to get the fused image \({I}_{12}\). Mathematically, it can be expressed as

$$\left({I}_{12},{P}_{3}\right)=QZS\left({I}_{1}, {I}_{2}\right)$$
(34)

where \({P}_{3}({Q}_{1}, {Z}_{1}, {Dig}_{1})\) act as private key.

Step 3 Fused image \({I}_{12}\) is bonded with random phase mask \(RPM3=\mathrm{exp}(2\pi i{\varphi }_{1}(x,y))\) and subjected to gyrator transform of an angle \(\alpha\) as:

$$C={GT}^{\alpha }\left({I}_{12}.RPM3\right)$$
(35)

Step 4 Apply the phase truncation (PT) and phase reservation (PR) operation on Eq. (35). The phase reserved part is stored as \(key1=PR(C)\).

Step 5 The phase truncated part obtained in Step 4 is considered as an input image of phase retrieval algorithms (PRA’s) such as GS, MGS, input-output, Yang-Gu and improved APR algorithms. A ciphertext and private keys are obtained after applying PRA.

The schematic flowchart of decryption process for the proposed scheme is shown in Fig. 7. The decryption process consists the following steps as:

Fig. 7
figure 7

Flowchart of decryption process of proposed scheme

Full size image

Step 1 The ciphertext is bonded with private key of PRA according to the phase retrieval algorithm and obtained result stored as:

$${D}_{11}=(cipher\;text.\;private\;key\;of\;PRA)$$
(36)

Step 2 The image \({D}_{11}\) is multiplied with \(key1\) and subjected with inverse of gyrator transform with \(-\alpha\) angle as:

$${D}^{\prime}_{11}={GT}^{-\alpha }\left({D}_{11}.\mathrm{exp}\left(i.key1\right)\right)$$
(37)

Step 3 Bond complex conjugate of \(RPM3\) i.e., \({RPM3}^{*}\) with \({D}^{\prime}_{11}\), to get \({D}_{22}\)

$${D}_{22}={(D}^{\prime}_{11}{.RPM3}^{*})$$
(38)

Step 4 \({D}_{22}\) is decomposed through QZD with private key \({P}_{3}\), and the retrieved images \({D}_{1}\) and \({D}_{2}\) as

$$\left({D}_{1},{D}_{2}\right)=QZD\left({D}_{22},{P}_{3}\right)$$
(39)

In the proposed cryptosystem QZ synthesis method is used with phase retrieval algorithms. The QZ synthesis process contains two steps named as QZS and QZD. The key \({P}_{3}\) act as private key. In the flowchart PRA stand for the phase retrieval algorithm. For demonstration GS algorithm is used as PRA in Figs. 6 and 7.

The QZS method can also be used to encrypt the multiple images or color images. Figure 6 also shows the flowchart of encryption process of multiple images. In Fig. 6, \({I}_{1}\), \({I}_{2}\), and \({I}_{3}\) represent the input images that are encrypted using QZS method. First two input images \({I}_{1}\) and \({I}_{2}\) can also be encrypted using QZS method, to obtain the fused image \({I}_{12}\). Further, fused image \({I}_{12}\) and input image \({I}_{3}\) can be encrypted by QZS, to get the fused image \({I}_{123}\) as shown in Fig. 6.

3 Results and discussion

In this section, the performance of various phase retrieval algorithms (GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm) in the proposed cryptosystem has been investigated. Simulations of the cryptosystem has been carried on different grayscale images. However, results corresponding to two grayscale images Peppers (\({I}_{1}\)) and Cameraman (\({I}_{2}\)) shown in Fig. 8a–b of size \(256\times 256\) pixels are presented in this paper. The threshold value of \(CC\) when GS, MGS are used is taken as \(0.99\), whereas for input–output algorithm is \(0.88\). The threshold value of \(NMSE\) for Yang-Gu algorithm is taken as \(0.0003\), whereas threshold value of \(CC\) for improved APR algorithm is \(0.98\). The angle of gyrator transform is taken as \(0.5\pi\). The time taken by GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm are \(33.70s\), \(23.72s\), \(20.94s\), 45.17 s, and 47.81 s, respectively.

Fig. 8
figure 8

Input grayscale images of a peppers, and b cameraman, respectively

Full size image

The cryptosystem’s validation results are shown in Fig. 9. The encrypted images for the GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm are displayed in Fig. 9a–e, respectively. The corresponding recovered images of Peppers are shown in Fig. 9f–j whereas retrieved image of Cameraman for each phase retrieval algorithms are presented in Fig. 9k–o. It is observed from Fig. 9 that all PRA’s in proposed scheme account for successful retrieval of input images. However, quality may matter as noisy images are recovered through them. For the sake of brevity, results of Yang-Gu algorithm are shown in Fig. 10 for color image Peppers. The red, green and blue components of the color image Peppers Fig. 10a are taken as the input images for the proposed scheme. The encrypted image is for Yang-Gu algorithm shown in Fig. 10b, whereas corresponding combined recovered image shown in Fig. 10c

Fig. 9
figure 9

Validation results of the proposed cryptosystem, ae encrypted images, f–j recovered images \({I}_{1}\), and ko recovered images \({I}_{2}\) when GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm, and improved APR algorithm are used, respectively

Full size image
Fig. 10
figure 10

Validation results of the proposed cryptosystem for color image, (a) input image, (b) encrypted image, and recovered image shown in (c) corresponding to Yang-Gu algorithm, respectively

Full size image

The quality of input and recovered images are measured through statistical metrics such as correlation coefficient \((CC)\) and peak signal-to-noise ratio (\((PSNR)\)Wang et al. 2004).

The expression for evaluating the \(PSNR\) is given by

$$PNSR=10\times {\mathrm{log}}_{10}\left(\frac{{255}^{2}}{MSE}\right)$$
(40)

where \('MSE'\) denotes mean squared error.

The values of \(CC\) and \(PSNR\) for the proposed cryptosystem shown in Table 1. The value of correlation coefficient between input image Peppers and its corresponding recovered image is given by \(CC1\), whereas \(CC2\) represent the value of correlation coefficients for grayscale image Cameraman and its corresponding recovered image. Similarly, notations are used for peak signal-to-noise ratio.

Table 1 Value of \(CC\) and \(PSNR\) between the input images and its corresponding recovered images
Full size table

3.1 Statistical attack analysis

In this section, the performance of PRA’s in the proposed scheme is analysed and investigated for statistical attack such as histogram plots, 3-D plots, correlation distribution plots and information entropy.

3.1.1 The histogram analysis

Histogram of an image shows the frequency of each gray level. Through the frequency level we can gather the information about an image. For a good cryptosystem, the histogram of input and encrypted image should be completely different for preventing any attack by unauthorized person. Therefore, the histograms are evaluated for the proposed cryptosystem. Figure 11 displays the histogram plots for the proposed cryptosystem. Figure 11a–b display the histogram plots of input images of Peppers and Cameraman, whereas the histogram plots of encrypted images shown in Fig. 11c–g for GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm, respectively. It is clear form Fig. 11c–g that the histograms of encrypted images are completely different from histogram of the original images. Also, the histogram of encrypted images corresponding to different PRA’s are different. Histogram corresponding to Fig. 11c is gaussian, (d) is skew-gaussian, (e) is uniform, (f) is decreases, and (g) is non-uniform. Therefore, role of PRA’s need to be investigated for better understanding.

Fig. 11
figure 11

Histogram plots of ab input images (\({I}_{1}\) and \({I}_{2}\)), cg encrypted images of GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm, respectively

Full size image

3.1.2 3-D plot analysis

Another statistical attack in terms of 3-D plots is also analysed for the proposed scheme. For a good encryption scheme, 3-D plot of input and ciphertext image should be completely different and 3-D plot of ciphertext should be uniformly distributed. Figure 12 displays the 3-D plots of proposed cryptosystem. The 3-D plots of input image Peppers and Cameraman displayed in Fig. 12a–b display, whereas Fig. 12c–g show the 3-D plots of encrypted images corresponding to GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm, respectively. It is clearly visible form Fig. 12 that the pixels of encrypted images are uniformly distributed which demonstrate the efficacy and strength of the proposed scheme. It should be noted that histogram shows the pixels frequency whereas 3-D plots show their value as well as the position.

Fig. 12
figure 12

3-D plots of ab input image peppers and cameraman, cg encrypted images of GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm, respectively

Full size image

3.1.3 Correlation distribution plots

The efficacy of the proposed scheme is also analysed in terms of correlation distribution plots of adjacent pixels in input images and their ciphertext. Here, we randomly selected \(5000\) pixels from the input image in diagonal direction. Figure 13 illustrates the correlation distribution plots for the proposed scheme ciphertext and input images in diagonal direction. Figure 13a–b shows the correlation distribution plot for the input images Peppers and Cameraman whereas Fig. 13c–g displays the correlation distribution plots of encrypted images when GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm are used, respectively. It is clearly visible form Fig. 13 that the correlation of input images is highly correlated whereas no correlation is noticed from the encrypted image plots in diagonal direction. Similar results are obtained with horizontal and vertical direction. This also establish the efficacy of the proposed scheme.

Fig. 13
figure 13

Correlation distribution plots of ab input images, cg encrypted images of GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm, in diagonal direction respectively

Full size image

3.1.4 Entropy analysis

The uncertainty and degree of randomness present in an image can be measured through entropy. Thus, the value of entropy is calculated for input images and ciphertext in the proposed scheme. For \(8\)-bit image, the value of entropy lies between \(0\) and \(8\). The value of entropy approaching \(8\) signifies that the pixels distribution is highly random. In the proposed cryptosystem, value of entropy for input images: Peppers and Cameraman are \(7.7517\) and \(7.0097\), respectively. The values of entropy for encrypted images corresponding to GS algorithm, MGS algorithm, input–output algorithm, Yang-Gu algorithm and improved APR algorithm are \(7.8450\), \(7.9903\), \(7.9932\), \(7.9301\), and \(7.1069\), respectively. The value of entropies for the encrypted images for some PRA’s are high (close to \(8\)), however for GS algorithm and improved APR it is relatively low.

3.2 Occlusion attack

The performance of the proposed scheme is analysed against the occlusion attack. During transit scenarios, information of an image may be lost partially due to network congestions. The proposed scheme is also analysed for such scenarios. Figure 14 display results of the occlusion attack when encrypted images have \(12.5\%\) and \(25\%\) data lost in the proposed scheme corresponding to GS algorithm. The encrypted image with occlusion \(12.5\%\) illustrated in Fig. 14a whereas corresponding retrieved image Peppers and Cameraman are shown in Fig. 14b, c with \(CC\) values, respectively. The ciphertext with occlusion 25% is shown in Fig. 14d and its corresponding retrieved images with \(CC\) values shown in Fig. 14e, f respectively. Similarly, results of occlusion attack of other PRA’s are displayed in Figs. 15, 16, 17 and 18, respectively. It is observed from Figs. 14, 15, 16, 17 and 18 that Yang-Gu algorithm perform better against occlusion attack as compared to other phase retrieval algorithms. We have also plotted \(CC\) curve against the percentage of occlusion. In Fig. 19 x-axis represents occluded area in percentage whereas \(CC\) value given on y-axis. It should be noted from Fig. 19 that for GS, MGS, input–output algorithm, the \(CC\) values depend on the image used whereas the Yang-Gu and improved APR is same for the both images.

Fig. 14
figure 14

Occlusion attack results when GS algorithm is used as PRA. a, d Occluded encrypted images with \(12.5\%\) and \(25\%\) occlusion (b, e and c, f) corresponding retrieved images of Peppers and Cameraman, respectively

Full size image
Fig. 15
figure 15

Occlusion results when MGS algorithm is used as PRA. a, d Occluded encrypted images with \(12.5\%\) and \(25\%\) occlusion (b, e and c, f) corresponding retrieved images Peppers and Cameraman, respectively

Full size image
Fig. 16
figure 16

Occlusion results when input–output algorithm is used as PRA. a, d Occluded encrypted images with \(12.5\%\) and \(25\%\) occlusion (b, e and c, f) corresponding retrieved images Peppers and Cameraman, respectively

Full size image
Fig. 17
figure 17

Occlusion attack results for Yang-Gu algorithm is used as PRA. a, d Occluded encrypted images with \(12.5\%\) and \(25\%\) occlusion (b, e and c, f) corresponding retrieved image Peppers and Cameraman, respectively

Full size image
Fig. 18
figure 18

Occlusion attack results for improved APR algorithm is used as PRA. a, d Occluded encrypted images with \(12.5\%\) and \(25\%\) occlusion (b, e and c, f) corresponding recovered images Peppers and Cameraman, respectively

Full size image
Fig. 19
figure 19

\(CC\) plots against percentage of occlusion when ae GS, MGS, input–output, Yang-Gu algorithm and improved APR algorithm used as PRA in the encryption process, respectively

Full size image

3.3 Nosie attack

During transmission, an image may be corrupted with noise present in the channel and as a result, recovered image may not recognizable. Therefore, the proposed scheme is also tested for such kind of attack. The proposed scheme is explored to additive noise attack wherein normal random noise (\(N\)) with zero mean and unity standard deviation is added to ciphertext. The mathematical relation between ciphertext \((C)\) and noise affected ciphertext \(({C}^{\prime})\) is shown as

$${C^{\prime}}=C+kN$$
(41)

where \(k\) represents the noise strength. The recovered image Peppers when ciphertext is polluted with noise strength \(k=0.2, 0.4, 0.6\) is presented in Fig. 20a, c, e, whereas recovered image of Cameraman is shown in Fig. 20b, d, f with noise strength \(k=0.2, 0.4, 0.6\) respectively, when GS algorithm is taken as PRA in the encryption process. It is observed from Fig. 20 that images are recognizable even when images are polluted with noise. The value of \(CC\) of recovered images Peppers and Cameraman for noise strength \(k=0.6\) is \(0.6922\) and \(0.6701\) respectively. Similar results were obtained for other PRA’s. Figure 21, 22, 23, and 24 illustrates the decrypted images when MGS algorithm, input–output algorithm, Yang-Gu algorithm, and improved APR algorithm, with \(CC\) value, respectively. It can be notified form Fig. 20, 21, 22, 23, and 24 that the recovered images are recognizable even in the presence of noise. Further, for the proposed cryptosystem Yang-Gu algorithm gives better results against noise attack as compared to other PRA’s.

Fig. 20
figure 20

Recovered images Peppers and Cameraman when GS algorithm is used in the encryption process. Ciphertext is polluted with noise strength ab \(k=0.2\), cd \(k=0.4\), and e–f \(k=0.6\), respectively

Full size image
Fig. 21
figure 21

Decrypted images \({I}_{1}\) and \({I}_{2}\) when MGS algorithm is used in the encryption process. The ciphertext is polluted with noise strength ab \(k=0.2\), cd \(k=0.4\), and (e–f) \(k=0.6\), respectively

Full size image
Fig. 22
figure 22

Results of decrypted images of Peppers and Cameraman when input–output algorithm is used as PRA in the encryption process. Ciphertext with noise strength ab \(k=0.2\), cd \(k=0.4\), and e–f \(k=0.6\), respectively

Full size image
Fig. 23
figure 23

Results of recovered images of Peppers and Cameraman when Yang-Gu algorithm is used in encryption process. Ciphertext is polluted with noise strength ab \(k=0.2\), cd \(k=0.4\), and e–f \(k=0.6\), respectively

Full size image
Fig. 24
figure 24

Recovered images Peppers and Cameraman when improved APR algorithm is used in encryption process. Ciphertext is polluted with noise strength ab \(k=0.2\), cd \(k=0.4\), and e–f \(k=0.6\), respectively

Full size image

3.4 Key sensitivity analysis

Security of any cryptosystem is based on strength of keys and parameters that are used in the cryptosystem. The performance of the proposed cryptosystem against key sensitivity is also analysed. Figure 25 display the key sensitivity plots for the gyrator parameter \(\alpha\) versus \(CC\) values. The \(CC\) plot when GS algorithm is used as PRA in encryption process is shown in Fig. 25a whereas corresponding result for MGS algorithm is shown in Fig. 25b. For input–output and Yang-Gu algorithm phase retrieval algorithm \(CC\) plots have been shown in Fig. 25c–d respectively whereas corresponding plots for improved APR algorithm shown in Fig. 25e. It is observed from Fig. 25 that the value of \(CC\) approaches to one only at correct position of angle \(\alpha\). The proposed scheme is highly sensitive to slight change in value of \(\alpha\) irrespective of PRA used in the encryption process. During the encryption process, key \({P}_{3}\) act as private key. Figure 26 illustrate the recovered images for the proposed cryptosystem when \({P}_{3}\) is taken as random matrix. In Fig. 26, images (a-e) display the recovered image of Peppers for the proposed cryptosystem whereas recovered image of Cameraman shown in Fig. 26f–j for each of the phase retrieval algorithm, respectively. It is demonstrated from, Figs. 25 and 26 that the proposed scheme is highly sensitive to the gyrator parameter and private keys.

Fig. 25
figure 25

Key sensitivity plots for gyrator transform angle \(\alpha\) versus \(CC\)

Full size image
Fig. 26
figure 26

Recovered images when wrong private key is taken; ae is recovered Peppers image and fj are recovered Cameraman images when GS, MGS, input–output, Yang-Gu, and improved APR algorithms are used as PRA

Full size image

3.5 TOPSIS analysis

To determine which PRA is best fit in the proposed scheme, an analytical tool TOPSIS (technique for order preference by similarity to an ideal solution) is used (Chen and Hwang 1992; Jahanshahloo et al. 2006; Tzeng and Huang 2011). The TOPSIS method is used to find the rank of phase retrieval algorithms in the proposed cryptosystem. The TOPSIS analysis consist the following steps.

Let there are \(m\) proportionate (here phase retrieval algorithms) and \(n\) attributes (here different \(CC\) values) corresponding to different PRA. Make a matrix of order \(m\times n\) using \(m\) proportion and \(n\) attributes and name it as decision matrix, given by \(X={a}_{ij}\) of size \(m\times n\). In the next step, normalize the column wise data of decision matrix to obtain the normalized decision matrix \({p}_{ij}\) using following equation:

$${p}_{ij}=\frac{{a}_{ij}}{\sum_{i=1}^{m}{a}_{ij}} \ \ \ \ \ \ \ i=1, 2, 3,\dots m;,\ \ \ \ \ j=1, 2, 3,\dots ,n$$
(42)

The value of information entropy is evaluated using equation as:

$${h}_{j}=-K\sum_{i=1}^{m}{p}_{ij}\times ln{(p}_{ij})$$
(43)

where \(K={(\mathrm{ln}(m))}^{-1}\) gives the value entropy constant. The degree of divergence computed as \({d}_{j}=1-{h}_{j}\), \(j=1, 2, 3,\dots ,n\), and the degree of importance can be calculated by using the equation

$${w}_{j}=\frac{{d}_{j}}{\sum_{j=1}^{n}{d}_{j}} \ \ \ \ \ \ j=1, 2, 3,\dots , n$$
(44)

The comprehensive weight is expressed as

$${w}_{j}^{\prime}=\frac{{b}_{j}\times {w}_{j}}{\sum_{j=1}^{m}{b}_{j}\times {w}_{j}}$$
(45)

where \({b}_{j}\) represents the value of weight, and for the proposed scheme value of weight is considered as unity. Now, construct the weighted normalize matrix \({V}_{ij}\) of size \(m\times n\) by using equation:

$${V}_{ij}={p}_{ij}{w}_{j}^{\prime}$$
(46)

Now, find the positive and negative ideal solution from \({V}_{ij}\) matrix.

$${V}^{+}=\left\{{V}_{1}^{+}, {V}_{2}^{+},\dots , {V}_{m}^{+}\right\}=\left(\mathrm{max}\left\{{V}_{11},{V}_{21},\dots ,{V}_{m1}\right\},\mathrm{ max}\left\{{V}_{11},{V}_{21},\dots ,{V}_{m2}\right\},\dots ,\mathrm{max}\left\{{V}_{11},{V}_{21},\dots ,{V}_{mn}\right\}\right)$$
(47)
$$V^{ - } = \left\{ {V_{1}^{ - } , V_{2}^{ - } , \ldots , V_{m}^{ - } } \right\} = \left( {\min \left\{ {V_{11} ,V_{21} , \ldots ,V_{m1} } \right\},{ }\min \left\{ {V_{11} ,V_{21} , \ldots ,V_{m2} } \right\}, \ldots ,\min \left\{ {V_{11} ,V_{21} , \ldots ,V_{mn} } \right\}} \right)$$
(48)

In the next step, find the distance between each phase retrieval schemes from positive and negative ideal solution as:

$${d}_{i}^{+}=\sqrt{\sum_{j=1}^{n}{({V}_{ij}-{V}_{i}^{+})}^{2}} ,\ \ \ \ \ \ i=1,2,3, \dots , m;$$
(49)
$${d}_{i}^{-}=\sqrt{\sum_{j=1}^{n}{({V}_{ij}-{V}_{i}^{-})}^{2}} ,\ \ \ \ i=1,2,3, \dots ,m;$$
(50)

Now, calculate the closeness coefficient \(({R}_{j})\) between phase retrieval algorithm and ideal solution. The closeness coefficients give the preference order of phase retrieval algorithm and expressed as

$${R}_{i}={d}_{i}^{-}/({d}_{i}^{+}+{d}_{i}^{-})$$
(51)

In this paper, we have five different phase retrieval algorithms used in the encryption process. The decision matrix, normalized decision matrix, weighted normalized decision matrix, positive and negative ideal solution matrix of both images for the proposed scheme are depicted in Appendix . The results of TOPSIS method of images Peppers and Cameraman for the proposed cryptosystem are displayed in Table 2. According to TOPSIS method, Yang-Gu algorithm perform better result as compared to other phase retrieval algorithms.

Table 2 Closeness coefficient and corresponding rank for the proposed cryptosystem
Full size table

4 Conclusion

In this paper, a double image encryption cryptosystem using phase retrieval algorithms in gyrator transform is proposed. The input images are modulated with QZS method, which provide the extra security to our cryptosystem as QZS able to resist basic attacks such as KPA and CPA. Simulation are performed in MATLAB (2023a), to check performance, robustness and feasibility of proposed scheme. The statistical metrics such as \(correlation-coefficients\) \(CC\) and \(PSNR\) are computed. Statistical attacks like histogram plots, 3-D plots, correlation distribution plots and information entropy are analysed for the cryptosystem. The histogram plots analysis indicate that uniform frequency is obtained when input–output algorithm is used as PRA in the encryption process. The value of information entropy is approaches to \(8\) when MSG, input–output, and Yang-Gu algorithms are used. The proposed scheme also shows robustness against occlusion attack and noise attack and Yang-Gu algorithm perform better as compared to other PRA’s for these attacks. The key sensitivity results display that only correct value of gyrator parameter and private keys successfully decrypt the input images. The TOPSIS is a tool that is used for order preferences by comparing similarity to an ideal solution. The rank of phase retrieval algorithms in terms of order preference has been calculated by using TOPSIS method. The Yang-Gu algorithm attains first preference by the TOPSIS method. The cryptosystem can be used for multiple grayscale images as well as color images.