An Adaptive and Secure Holographic Image Watermarking Scheme

A novel adaptive secure holographic image watermarking method in the sharp frequency localized contourlet transform (SFLCT) domain is presented. Based upon the sine logistic modulation map and the logistic map, we develop an encrypted binary computer-generated hologram technique to fabricate a hologram of a watermark first. Owing to the enormous key space of the encrypted hologram, the security of the image watermarking system is increased. Then the hologram watermark is embedded into the SFLCT coefficients with Schur decomposition. To obtain better imperceptibility and robustness, the entropy and the edge entropy are utilized to select the suitable watermark embedding positions adaptively. Compared with other watermarking schemes, the suggested method provides a better performance with respect to both imperceptibility and robustness. Experiments show that our watermarking scheme for images is not only is secure and invisible, but also has a stronger robustness against different kinds of attack.


Introduction
Owing to the rapid growth of internet and multimedia technologies, the acquisition, transmission and exchange of digital multimedia data including images, audio and videos has become a simple task. On the other hand, digital images can be manipulated or reproduced easily by the use of powerful image processing tools. How to effectively protect the copyright of the digital products has become a significant topic. A great many techniques have been proposed for protecting the digital rights of image content recently. Among these methods, digital watermarking is viewed as the most promising solution for digital copyright protection. Digital watermarking is a process that hides a piece of secret information (watermark) in the original digital multimedia data for the purpose of copyright protection and its verification [1]. For the requirements of actual application, a watermarking system has some an essential characteristic, more specifically for its imperceptibility, robustness, security, and so on [2].
In recent years, a large number of image watermarking methods have been reported [2][3][4][5][6], which can be categorized into two groups: transform-domain and spatial-domain. In spatial domain schemes, the watermark is embedded directly into the original image by manipulating the pixel intensity values [3]. In contrast, the transform domain method inserts the watermark by changing the frequency coefficients of the original image in a transform domain. There are numerous transform domain watermarking techniques such as discrete wavelet transform (DWT) [4], discrete cosine transform (DCT) [2], fractional Fourier transform [5], gyrator transform [6] and singular value decomposition (SVD) [2], etc. As a powerful matrix decomposition technique, SVD has been widely applied in image watermarking [2]. To improve robustness, some hybrid SVD-based watermarking methods have been designed [2,4,7,8]. In comparison to spatial domain methods, these techniques are more robust against different image attacks.
In general, robustness and imperceptibility, which are the most two important properties, are adopted to evaluate the performance of a watermarking system [9]. But these two characteristics oppose each other [9]. To achieve a tradeoff between transparency and robustness, adaptive watermarking algorithms [7,9] have been studied extensively recently. In recent years, entropy has been used to select adaptively the embedding positions which determine the performance of the watermarking scheme [2,4,10]. In [10], an image watermarking approach is proposed to insert the watermark into the DWT sub-band with the highest entropy. The major drawback of this method is that the quality of the watermarked image is seriously degraded. Since the above method is non-blind, the original image is needed in the watermark extraction process. Based on SVD and DCT, Lai designed a watermarking method where the watermark is superimposed on the blocks selected by entropy and edge entropy [2]. But this method cannot resist filtering, JPEG compression, blurring and rescaling attacks. To achieve a level of higher imperceptibility and robustness, Makbol et al. developed a block-based watermarking scheme based on SVD and DWT [4]. However, it is weak with respect to filtering, JPEG compression and blurring attacks too.
Because of the encryption characteristic and the strong anti-interference property of a hologram, a new technique wherein digital holograms are employed as watermarks has been explored to increase the watermarking system's performance [11][12][13] in recent years. In [11], based on the improved fuzzy c-means clustering and the iterative algorithm for embedding processes, an adaptive watermarking scheme that inserts the mark hologram into the DWT-transformed original image is proposed. The drawback of this method is high computation cost. Reference [12] reported that a hologram watermark was performed in the DWT domain by using an encrypted kinoform as watermark. The encrypted kinoform was generated by a non-cascade phase retrieval algorithm. The main shortcomings of this method are that the quality of the reconstruction of the mark kinoform is decreased and the phase retrieval algorithm has a high complexity. In previous work [13], the phase-shifting interferometry-based CGH was inserted into the contourlet-transformed host image, and the embedding parameter is optimized by the use of particle swarm optimization. However, the computational complexity of this optimal scheme is high. In the above-mentioned methods, the watermarks are gray-level holograms. Due the advantage of being stored, transferred and replicated [14], the binary hologram is superimposed on the low-frequency wavelet coefficients of the original image using quantization index modulation [15]. But the parameter of this watermarking method is determined experimentally. Additionally, the watermarking method with an adaptive texturized algorithm is also developed to protect digital hologram recently [16].
Though DWT has been applied widely in watermarking and image processing [8] due to its good properties such as multiscale and time frequency localization, it cannot capture the directional information of images effectively. This weakness is overcome by contourlet transform (CT) [17]. However, the efficiency of contourlets in representing smooth contours of an image is decreased because of some waste components [7,8]. This drawback is settled by use of sharp frequency localized contourlet transform (SFLCT) [18]. In addition, SVD alone is not preferred owing to the large computation cost [4]. Compared with SVD, Schur decomposition has the advantage of lower computational complexity because it is a major intermediate step in SVD [19,20]. Therefore, in this study, the advantages of SFLCT and Schur decomposition are considered to enhance the performance of image watermarking. Moreover, to gain both imperceptibility and robustness in terms of the watermarking requirements, the entropy and edge entropy are utilized to choose the suitable positions to embed the watermark. Furthermore, the security risks of the traditional holographic watermarking methods are increased because of the small key space of hologram watermark. Hence, to enhance the security of watermarking system, the chaotic maps that are extreme sensitive to initial conditions are adopted to develop a new encrypted computer-generated hologram algorithm in this work. The hologram fabricated by this algorithm has a huge key space.
In this paper, a secure adaptive holographic watermarking scheme is presented. To enhance the security of the watermarking system, a novel encrypted binary CGH method based on sine logistic modulation map (SLMM) and logistic map is designed to fabricate a hologram watermark. The mark CGH is superposed on the original image which is transformed by SFLCT and Schur decomposition. The entropy and the edge entropy are employed to choose the positions which are suitable for embedding to achieve a high imperceptibility without losing the robustness in the embedding procedure. The watermark can be extracted without the host image during the watermark extraction process. Compared with other published schemes, the proposed method offers better performance better performance in both imperceptibility and robustness. Experiments exhibit that the proposed watermarking method, in addition to high security and transparency, has good robustness against different kinds of attack.

Entropy and the Edge Entropy
To acquire the satisfactory level imperceptibility and robustness, different techniques are utilized to find optimal watermarking parameters [9]. Entropy has also been used extensively to support data-hiding algorithms. For an image, disturbances are much less visible in highly textured regions than in uniform areas, and the entropy can be used to describing the texture of it. The edge is regarded as another important image characteristic. But the edge points are not the suitable site for watermark embedding. Therefore, the edge entropy is an important factor that determines an image block to be selected for embedding whether or not. The entropy and the edge entropy were utilized to determine the embedding positions in the cover data so as to cause minimal perceptual distortion.
The entropy of an n-state system can be represented as follows [21]: where p i indicates the probability of occurrence of the event "i" with 0 ≤ pi ≤ 1 and The edge entropy can be described as follows [21].
where µ i = 1− p i is the ignorance or uncertainty of the pixel value.

Schur Decomposition
Suppose the size of an image matrix A is N × N, the Schur decomposition of A is defined as [19] where S is the block upper triangular matrix and U is a unitary matrix. U T denotes the conjugate transpose of U.

Encrypted Binary Computer-Generated Hologram Based on Chaos
In this section, the chaotic maps are used to enhance the security level of a CGH. First, based on SLMM and logistic map, a scrambling algorithm is designed. Then the encrypted CGH method is developed by using Burch's coding method and this proposed scrambling algorithm.

The Image Permutation Method Using SLMM and Logistic Map
Assuming that the size of the input image I(x,y) is M × N, the scrambling method is described as the following steps: (1) Initialize SX(1), SY (1) and SZ which are between 0 and 1 randomly and choose an arbitrary natural number T first. Then with SX(1) and SY(1), iteratively generate two chaotic sequences SX(i) and SY(i) using Equation (3). The lengths of SX(i) and SY(i) both are MN + T. Here, i = 1, 2, . . . , MN + T.
(2) Generate two random integers t1 and t2 between 1 and MN + T. Then calculate the initial value XL(1) of logistic map according to the following Equation (6) XL(1) = [SX(t1) + SY(t2)]/2 −SZ /10, where SX(t1) and SY(t2) are the t1 th element in SX and the t2 th element in SY, respectively. (3) Using XL(1) and Equation (4), generate the chaotic sequences XL(i) whose length is MN + T iteratively. Here, i = 1, 2, . . . , MN + T. (4) Generate a random integer t3 between 1 and T. Truncate NM elements of XL(i) from the t3 th element to obtain a chaotic sequence SE = {XL(i), i = t3, t3 + 1, . . . , t3 + MN − 1}. (5) Subsequently, a new sequence SP and its corresponding permutation indices ISP can be obtained by sorting the sequences SE in ascending order. There are MN elements in ISP. The relations between SE and SP is SP=SE(ISP). For example, the m th element in SP corresponds to the ISP(m) th element in SE. (6) Map I(x,y) into a 1D array IZ by use of the zigzag algorithm [24]. The length of I1 is MN. (7) Then the permutation indices ISP is utilized to permute IZ and the scrambled vector IV can be achieved as follows IV = IZ(ISP).
(8) Finally, the permuted image SEI can be achieved by applying the inverse zigzag scan process [24] to IV.
The inverse image permutation process is similar to the image permutation process. In inverse scrambling process, as described in steps (1)-(5), the permutation indices ISP is achieved first using the same initial values and control parameters of the chaotic functions. Then the permuted image SEI is Finally, apply the inverse zigzag algorithm to DSI to retrieve the decrypted image DI. The parameters SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3 are employed as private (secret) keys.

Encrypted Binary CGH
The encrypted CGH is generated as follows: (1) In order to decrease the dynamic range of the hologram, a random phase ψ(x 0 ,y 0 ) which is uniformly in the interval [0,1] is multiplied to the image f (x 0 ,y 0 ) first.
(2) Apply the Fourier transform to f 1 (x 0 ,y 0 ) to get the object wave OW(x,y).
where FT() is the Fourier transform operator. The amplitude and phase of OW(x,y) are A(x,y) and ϕ (x,y), respectively.
(3) Assume that the parallel reference wave is mathematically represented by function Here, ρ is the carrier frequency. The amplitude and phase of RW(x,y) are A r (x,y) and ϕ r (x,y), respectively. Sequentially, permute OW(x,y) and RW(x,y) to obtain the scrambled O s (x,y) and R s (x,y) by use of the proposed chaos-based permutation method shown in Section 3.1 with the parameters SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3.
(4) The shuffled hologram transmittance h(x,y) can be achieved according to the following formula.
In Equation (11), let |A s (x,y)| 2 + A sr 2 be a constant C. ϕ s (x,y) and A s (x,y) are the phase and amplitude of O s (x,y), ϕ sr (x,y) and A sr (x,y) are the phase and amplitude of R s (x,y), respectively. (5) In the light of Burch's coding method, let |A s (x,y)| max = 1 and A sr = 1, then h(x,y) becomes (6) Finally, fabricate the encrypted binary CGH EBH (x,y) by quantizing h(x,y), which is achieved by use of Equation (12), in 1-bit using OTSU algorithm [25].
The security of this encryption system is enhanced greatly because of the huge key space which is formed by the private keys including SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3.
(2) With the conjugate reference wave, the binarized reconstruction RH of the hologram can be achieved via utilizing inverse Fourier transform and OTSU algorithm. To improve the quality of reconstruction, the high-pass filter approach is employed to attenuate the DC item in the reconstructed image.

Selection of Embedding Positions
As described in Section 2.1, to maintain imperceptibility and robustness to attacks, the entropy and the edge entropy are employed to select the embedding positions adaptively in our method. In addition, to strengthen the robustness, the watermark signal will be superimposed on the low frequency sub-band of the SFLCT-transformed original image in this work. The detailed steps that select the suitable blocks for watermark embedding are shown as follows.
(1) Divide the low frequency sub-bands of the SFLCT-transformed original image into non-overlapping blocks with z × z pixels first. Then compute the entropy and the edge entropy of each block by use of Equations (1) and (2), respectively.
(2) Sum up the two measure of entropy of each block according to the following equation.
where ETP i and ETPE i are the entropy and the edge entropy of the i th block.
(3) Sort the values ETPS i in an ascending order. Literatures state that the block with low ETPS value is suitable for embedding [2,21]. Thus, the block with smallest ETPS value is chosen for embedding the watermark signal until the number of selected blocks is equal to the number of watermark bits.

Watermark Embedding Algorithm
Suppose that H and W are the host image and the original binary watermark image, respectively. And their sizes are M × N and P × Q. Steps of embedding watermark into the original image are described as follows: (1) Using the method described in Section 3, generate the encrypted binary hologram CW of the original watermark W first. Then map CW into a 1-D array WM by use of the zigzag scan process.
(2) Decompose H with 1-level SFLCT to achieve the low frequency sub-band SL.
(3) SL is divided into non-overlapping blocks of z × z pixels.
(4) In term of the Section 4.1, select PQ blocks which are suitable for embedding watermark signal. (5) Apply Schur decomposition to all selected blocks. (6) During the embedding process, an element of WM is superposed on one block. The (1,1) th element in S matrix of the chosen block is altered to insert the watermark. To embed WM, the first element of WM is inserted into the first selected block, and then the embedding procedure is repeated until the rest elements of WM are inserted into the other chosen blocks in sequence. Let S i be the S matrix of the i th selected block after Schur decomposition, WM i be the i th element of WM. Here, i = 1, 2, . . . , PQ. The watermark is embedded via Equation (14).
where ∆ = mod(S i (1,1),q), S i (1,1) is the (1,1) th element in S i matrix, q is the quantization step. mod() is the modulo operation. Experiments show that the proposed method has high imperceptibility and good robustness against attacks when q ∈ [40, 60].
(7) Apply inverse Schur decomposition to every embedded block. Then the watermarked image can be obtained by use of inverse SFLCT. The x-coordinates and the y-coordinates of the first pixels of the selected blocks are saved in a 2 × PQ matrix. They will be used for watermark extraction.

Watermark Extraction
(1) First, the watermarked image is decomposed by 1-level SFLCT to achieve the low frequency sub-band SL'. Then SL' is splitted into non-overlapping blocks of z × z pixels.
(2) Using the stored the x-coordinates and the y-coordinates, all the embedded blocks can be obtained.
(3) Apply Schur decomposition to all obtained blocks.
(4) The watermark signal WM i ' can be extracted by use of the following formula.
where S i ' be the S matrix of the i th obtained block after Schur decomposition, (5) By utilizing the inverse zigzag algorithm, the hologram watermark CW' can be achieved. (6) With the private keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3, the extracted hologram CW' is reconstructed in term of reconstruction process in Section 3.2. Figure 1 delineates the flowchart of the proposed method. In Figure 1a,b are the diagrams of the watermark embedding process and the watermark extraction process, respectively.

Experiments and Results
A set of experiments were performed to validate the proposed watermarking method using MATLAB.

Experiments and Results
A set of experiments were performed to validate the proposed watermarking method using MATLAB.

Fabrication of the Encrypted Hologram
In the experiment, the encrypted binary CGH was fabricated by using the approach described in Section 3. Figure 2 depicts the original watermark and its corresponding reconstruction. The image, whose size is 64 × 64, in Figure 2a Figure 2b is the encrypted binary CGH. Figure 2c shows the reconstruction of Figure 2b with the all correct keys.

Test for the Effectiveness of Our Watermarking Scheme
A series of experiments were carried out to evaluate the imperceptibility and the robustness, which are two main requirements of the watermarking system according to the proposed method. The peak signal to noise ratio (PSNR) [26] was employed to measure the quality of the watermarked images. The watermarked image is within the acceptable degradation level if PSNR is larger than 30dB. Another metric normalized correlation (NC) [26], which is used to estimate the similarity between the original watermark and the extracted watermark, is utilized to evaluate the correctness of the extracted watermark. NC[0, 1]. Usually, it can be considered acceptable if NC is greater than 0.7. Higher NC value indicates good quality of extracted watermark. Bit error rate (BER) [27] is employed to calculate the difference between the reconstructed images of the embedded and extracted holograms. BER[0, 1]. The smaller the BER is, the better reconstructed

Test for the Effectiveness of Our Watermarking Scheme
A series of experiments were carried out to evaluate the imperceptibility and the robustness, which are two main requirements of the watermarking system according to the proposed method. The peak signal to noise ratio (PSNR) [26] was employed to measure the quality of the watermarked images. The watermarked image is within the acceptable degradation level if PSNR is larger than 30dB. Another metric normalized correlation (NC) [26], which is used to estimate the similarity between the original watermark and the extracted watermark, is utilized to evaluate the correctness of the extracted watermark. NC ∈ [0, 1]. Usually, it can be considered acceptable if NC is greater than 0.7. Higher NC value indicates good quality of extracted watermark. Bit error rate (BER) [27] is employed to calculate the difference between the reconstructed images of the embedded and extracted holograms. BER ∈ [0, 1]. The smaller the BER is, the better reconstructed image quality is. Experiments demonstrate the reconstructions obtained from the extracted watermarks cannot be recognized when their BER values are larger than 0.3. Ideally, NC = 1 and BER = 0.
The encrypted CGH in Figure 2b was used as the watermark in the tests. Four 1024 × 1024 grayscale images Elaine, Goldhill, Peppers and Crane given in Figure 3 were the host images. The quantization step q is 45 and z = 8. In terms of imperceptibility and robustness, the PSNR, NC and BER of our scheme are compared those of three other adaptive methods in [2,4,7]. For a fair comparison, the encrypted binary CGH in Figure 2b was adopted as the watermark in these four algorithms. The encrypted CGH in Figure 2b was used as the watermark in the tests. Four 1024 × 1024 grayscale images Elaine, Goldhill, Peppers and Crane given in Figure 3 were the host images. The quantization step q is 45 and z = 8. In terms of imperceptibility and robustness, the PSNR, NC and BER of our scheme are compared those of three other adaptive methods in [7], [2] and [4]. For a fair comparison, the encrypted binary CGH in Figure 2b was adopted as the watermark in these four algorithms.

Test Results for Imperceptibility
The watermarked images produced by the proposed scheme are exhibited in Figure 4. The PSNRs for the watermarked images without attacks are listed in Table 1. As can be seen from Table  1, all the PSNRs of our method are greater than 50db. The high PSNRs certify the good imperceptibility of the proposed method. From Table 1, the proposed watermarking scheme outperforms the methods in [7], [2] and [4]

Test Results for Imperceptibility
The watermarked images produced by the proposed scheme are exhibited in Figure 4. The PSNRs for the watermarked images without attacks are listed in Table 1. As can be seen from Table 1, all the PSNRs of our method are greater than 50db. The high PSNRs certify the good imperceptibility of the proposed method. From Table 1, the proposed watermarking scheme outperforms the methods in [2,4,7] in the light of the imperceptibility. Additionally, all of the NCs of the watermarks which are extracted from the watermarked images shown in Figure 4 are 1, and the BERs of their corresponding reconstructed images are 0, respectively.

Robustness to Attacks
Different kinds of attacks were conducted to verify the robustness of the proposed method. They are Gaussian low-pass filtering (hsize = 5, sigma = 9), Average filtering (5 × 5) Median filtering  Tables 2 and 3. In Tables 4 and 5, a comparison of BERs is made between our method and the three schemes. Figure 5 displays some distorted watermarked images of the proposed method together with PSNRs. The corresponding reconstructed images of the mark CGH, which are extracted from the attacked images in Figure 5, are exhibited in Figure 6. As can be seen from Tables 2-5 and Figure 6, our method has good robustness against various kinds of attack. It can be observed from Tables 2 and 3 and Figure 6 that most of the NCs of the proposed method are above 0.9 and the corresponding reconstructions are clear enough to be recognized. Almost of all BERs of the reconstructed images in Figure 6 are zero, or close to zero. In addition, when the watermarked images are undergone occlusion and rotation attacks, the NCs of the extracted mark hologram are less than 0.8. The reason is that part of the extracted CGH is missing. However, the reconstructed images, such as Figure 6d,m, are clear enough to be recognized because of the characteristic that part of a hologram can still display the whole image [15]. Furthermore, it can be seen from Tables 2-5 that when the NC of the extracted mark CGH is larger than 0.975, the BER of its corresponding reconstruction equals to 0. The reason is that the hologram has a strong anti-interference characteristic. Therefore, the robustness of the proposed method can be enhanced by using the hologram as a watermark. From Tables 2-5, it is apparent that our method is superior to the three algorithms in [2,4,7] under most attacks in terms of NC and BER.
It can be seen from Figure 6i that the quality of the reconstructed image is unsatisfactory when the watermarked image was suffered to the salt and pepper noise attacks. The main causation to this question is analysed as follows. For salt and pepper noise, the image pixel values are altered to 0 or 2 r −1 [28]. Here, r is the maximum number of bits that is used in the image. Therefore, after Schur decomposition, the value of the (1,1) th element in S matrix of the image block to which the salt and pepper noise is added are changed greatly. It results that the watermarking signal in this damaged block may not be extracted correctly by using Equation (15). As a result, the hologram obtained from the watermarked image under this attack is highly corrupted. Experimental results indicate that the reconstruction of the extracted CGH cannot be distinguished when the noise density of salt and pepper noise is bigger than 0.01. Table 2. The NCs of the mark CGHs which were extracted from the attacked watermarked Elaine and Goldhill comparing between our method and the schemes in [2,4,7].      Table 6. Please note that in the above experiments, the other keys remain correct while a key is varied in decryption. As illustrated in Figures 7a-f, we cannot obtain any information from the decrypted reconstructions visually when the absolute values of deviations of SX(1),SY(1), SZ and γ are up to 10 −15 and those of α and β are up to 10 −14 . In addition, we know from Figures 7g-h that if the parameters t1 and t2 are less 1 or more 1 than the right value, the decoded images are noise-like images. Similarly, the decrypted reconstructed image shown in Figure 6i cannot be recognized when the key t3 are less 2 or more 2 than the correct value. So, the keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3 are highly sensitive to the proposed method. Now we evaluate the key space of the proposed encrypted hologram. In light of the description of the proposed scheme, we know that the key space of the cryptosystem consists of the parameters SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3. Let KS1, KS2, KS3, KS4, KS5, KS6, KS7, KS8 and KS9 be the key spaces of the secret keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3, respectively. From Table 6, the parameters SX(1), SY(1), SZ, α, β and γ maintain 15,15,15,14,14 and 15 digits after the decimal point respectively. So KS1×KS2×KS3×KS4×KS5×KS6=10 88 . Since 1≤t1≤T+PQ, 1≤t2≤T+PQ and 1≤t3≤T KS7×KS8×KS9 =(T+PQ) 2 ×T. Since T and PQ are 10000 and (64×64) 2 in the experiments, S7×S8×S9≈2×10 12 . Hence, the total key space of the encryption system is KS1×KS2×KS3×KS4×KS5×KS6×KS7×KS8×KS9≈10 88 ×2×10 12 ≈2 333 . It is clear that the key space of the proposed cryptosystem is far larger than 2 100 and enormous enough to resist a brute force attack [29]. Therefore, by use of the encrypted hologram, the security level of the proposed watermarking scheme can be improved.

Key Sensitivity
The sensitivity of the reconstructed image of the extracted CGH to slight alterations of the secret keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3, is investigated. Figure 7a Table 6. Please note that in the above experiments, the other keys remain correct while a key is varied in decryption. As illustrated in Figure 7a-f, we cannot obtain any information from the decrypted reconstructions visually when the absolute values of deviations of SX(1),SY(1), SZ and γ are up to 10 −15 and those of α and β are up to 10 −14 . In addition, we know from Figure 7g-h that if the parameters t 1 and t 2 are less 1 or more 1 than the right value, the decoded images are noise-like images. Similarly, the decrypted reconstructed image shown in Figure 6i cannot be recognized when the key t 3 are less 2 or more 2 than the correct value. So, the keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3 are highly sensitive to the proposed method. Now we evaluate the key space of the proposed encrypted hologram. In light of the description of the proposed scheme, we know that the key space of the cryptosystem consists of the parameters SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3. Let KS 1 , KS 2 , KS 3 , KS 4 , KS 5 , KS 6 , KS 7 , KS 8 and KS 9 be the key spaces of the secret keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3, respectively. From Table 6, the parameters SX(1), SY(1), SZ, α, β and γ maintain 15, 15, 15, 14, 14 and 15 digits after the decimal point respectively. So KS 1 × KS 2 × KS 3 × KS 4 × KS 5 × KS 6 = 10 88 . Since 1 ≤ t1 ≤ T + PQ, 1 ≤ t2 ≤ T + PQ and 1 ≤ t3 ≤ T KS 7 × KS 8 × KS 9 = (T + PQ) 2 × T. Since T and PQ are 10000 and (64 × 64) 2 in the experiments, S 7 × S 8 × S 9 ≈ 2 × 10 12 . Hence, the total key space of the encryption system is KS 1 × KS 2 × KS 3 × KS 4 × KS 5 × KS 6 × KS 7 × KS 8 × KS 9 ≈ 10 88 × 2 × 10 12 ≈ 2 333 . It is clear that the key space of the proposed cryptosystem is far larger than 2 100 and enormous enough to resist a brute force attack [29]. Therefore, by use of the encrypted hologram, the security level of the proposed watermarking scheme can be improved.  Table 6. Please note that in the above experiments, the other keys remain correct while a key is varied in decryption. As illustrated in Figures 7a-f, we cannot obtain any information from the decrypted reconstructions visually when the absolute values of deviations of SX(1),SY(1), SZ and γ are up to 10 −15 and those of α and β are up to 10 −14 . In addition, we know from Figures 7g-h that if the parameters t1 and t2 are less 1 or more 1 than the right value, the decoded images are noise-like images. Similarly, the decrypted reconstructed image shown in Figure 6i cannot be recognized when the key t3 are less 2 or more 2 than the correct value. So, the keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3 are highly sensitive to the proposed method. Now we evaluate the key space of the proposed encrypted hologram. In light of the description of the proposed scheme, we know that the key space of the cryptosystem consists of the parameters SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3. Let KS1, KS2, KS3, KS4, KS5, KS6, KS7, KS8 and KS9 be the key spaces of the secret keys SX(1), SY(1), SZ, α, β, γ, t1, t2 and t3, respectively. From Table 6, the parameters SX(1), SY(1), SZ, α, β and γ maintain 15, 15, 15, 14, 14 and 15 digits after the decimal point respectively. So KS1×KS2×KS3×KS4×KS5×KS6=10 88 . Since 1≤t1≤T+PQ, 1≤t2≤T+PQ and 1≤t3≤T KS7×KS8×KS9 =(T+PQ) 2 ×T. Since T and PQ are 10000 and (64×64) 2 in the experiments, S7×S8×S9≈2×10 12 . Hence, the total key space of the encryption system is KS1×KS2×KS3×KS4×KS5×KS6×KS7×KS8×KS9≈10 88 ×2×10 12 ≈2 333 . It is clear that the key space of the proposed cryptosystem is far larger than 2 100 and enormous enough to resist a brute force attack [29]. Therefore, by use of the encrypted hologram, the security level of the proposed watermarking scheme can be improved.

Conclusions
Based upon the entropy and edge entropy, an adaptive secure image watermarking method that inserts the encrypted hologram into the SFLCT domain is proposed in this paper. Without using the host image, the watermark can be extracted by using the presented method.
A novel chaos-based binary CGH encryption technique which provides a huge key space is developed to fabricate a hologram of a watermark. Compared with the encryption techniques based on conventional optical holography, the advantages of the proposed method are: (1) the parameters of chaotic maps which are used as keys make it easy to save and distribute the keys expediently and safely; (2) the proposed CGH cryptosystem has the advantage in being implemented effectively by the use of a computer. By using the initial values and the parameters of chaotic system as secret keys, the security strength of the watermarking approach is heightened.
In the presented method, the use of entropy and edge entropy helps to choose the suitable embedding positions adaptively for satisfying the invisibility and robustness requirements of the watermarked image. The encrypted hologram watermark is embedded into the SFLCT coefficients with Schur decomposition. The experimental results illustrate that our scheme is not only secure and transparent, but also robust against various kinds of attacks including filtering, JPEG compression, occlusion, unsharp, brighten, darken, blurring, rotation, rescaling and painting attacks, etc.