Nonlinear Encryption for Multiple Images Based on a Joint Transform Correlator and the Gyrator Transform

A novel nonlinear encryption–decryption system based on a joint transform correlator (JTC) and the Gyrator transform (GT) for the simultaneous encryption and decryption of multiple images in grayscale is proposed. This security system features a high level of security for the single real-valued encrypted image and a high image quality for the multiple decrypted images. The multispectral or color images are considered as a special case, taking each color component as a grayscale image. All multiple grayscale images (original images) to encrypt are encoded in phase and placed in the input plane of the JTC at the same time without overlapping. We introduce two random-phase masks (RPMs) keys for each image to encrypt at the input plane of the JTC-based encryption system. The total number of the RPM keys is given by the double of the total number of the grayscale images to be encrypted. The use of several RPMs as keys improves the security of the encrypted image. The joint Gyrator power distribution (JGPD) is the intensity of the GT of the input plane of the JTC. We obtain only a single real-valued encrypted image with a high level of security for all the multiple grayscale images to encrypt by introducing two new suitable nonlinear modifications on the JGPD. The security keys are given by the RPMs and the rotation angle of the GT. The decryption system is implemented by two successive GTs applied to the encrypted image and the security keys given by the RPMs and considering the rotation angle of the GT. We can simultaneously retrieve the various information of the original images at the output plane of the decryption system when all the security keys are correct. Another result due to the appropriate definition of the two nonlinear operations applied on the JGPD is the retrieval of the multiple decrypted images with a high image quality. The numerical simulations are computed with the purpose of demonstrating the validity and performance of the novel encryption–decryption system.


Introduction
The research field of optical image encryption has shown an intense development due to the advantages provided by the optical processing systems, such as a high parallel processing capacity, an ultrafast computing speed and the wide variety of controllable physical parameters of these optical systems, and also because of the several applications in optical security published in the last years [1][2][3][4][5][6][7]. The most known optical technique for image encryption is the double random-phase encoding (DRPE) proposed by Réfrégier and Javidi [8]. The DRPE can be optically implemented using a classical 4f -processor [9] or a joint transform correlator (JTC) [10]. The image to encrypt by the optical DRPE is converted into a stationary white noise image (encrypted image) by using two random-phase masks (RPMs). Initially, the DRPE was proposed in the Fourier domain using the 4f -processor. system in the GD can be considered more secure with respect to other encryption systems that use other optical processing domains.
The optical DRPE was originally designed to encrypt either a single binary or grayscale image [8]. Later, the DRPE based on the 4f -processor was used to perform color image encryption [36,37]. Some implementations to encrypt color images by using the DRPE on a JTC were presented in [21,38]. The multiple-image encryption (for instance, various frames of a video sequence) by using an optical JTC architecture was also presented in some contributions [39,40]. These optical color image and multiple-image encryption systems use different input illumination wavelengths and several key codes or RPMs that can be utilized as new security keys to improve the security level of the encryption system. Optical encryption methods recently included the ability to cipher multiple images [41][42][43][44][45][46][47]. In general, this approach achieves a higher level of security because two or more pieces of information are encoded in the encryption procedure, and their decryption allows for the validation of more than one signal, unlike the first systems that dealt with a unique primary image. Different techniques were explored to achieve a successful multiple-image optical encryption and decryption. For instance, reference [41] presents a multiple-image encryption system based on a linear JTC in the Fourier domain. In [42], a modified iterative phase retrieval algorithm with a structured phase mask was used in the Fresnel domain to encrypt multiple images. Reference [43] implements a multiple-image encryption method by using phase jump gradient factors based on orbital angular momentum and multiplexing holography. Recently, a multiple-image compression, encryption and reconstruction scheme based on deep learning-assisted single-pixel imaging and orthogonal coding was presented in [44]. A sequential multiple-image encryption based on quick response (QR) codes and a modified DRPE in the FrFD was developed in [45], where each image to encrypt was converted into a QR and then this converted image was encrypted. The multiple-image encryption system in [46] was based on the optical interference by wavelength multiplexing in the Fresnel domain in order to generate two encrypted images. A nonlinear multiple-image encryption method was described in [47] by using optical scanning holography with a random-phase mask (RPM) and orthogonal compressive sensing. This paper aims to propose a novel approach to multiple-image encryption with several differences with respect to the previously reported works. We propose a nonlinear JTC-based encryption system in the GD to encrypt multiple images in grayscale. The color or multispectral images are considered as a special case, taking each color or spectral component as a grayscale image. We present a modification of the nonlinear JTC-based encryption system proposed in [26] with the purpose of achieving the simultaneous encryption of multiple grayscale images. All the multiple grayscale images to encrypt are encoded in phase and placed in the input plane of the JTC without overlapping. We introduce a new RPM key for each image to encrypt. The total number of the RPM keys is given by the double of the total number of the grayscale images to be encrypted. The use of several RPMs as keys improves the security of the encrypted image. The joint Gyrator power distribution (JGPD) is the intensity of the Gyrator transform (GT) of the input plane of the JTC. The single real-valued encrypted image is computed by using two new nonlinear terms applied to the JGPD. The proposed multiple-image encryption system based on a nonlinear JTC in the GD retains the following advantages of the security system proposed in [26]: the improved quality of the decrypted images; shift-invariance property with respect to the lateral displacements of the RPM key in the decryption process and the retrieval of the primary images; an additional key given by the value of the rotation angle of the GT; the use of a simplified JTC in the GD that avoids the beam splitting required by other optical JTC implementations; and there is not a significant increase in the amount of information to be transmitted because the resulting encrypted function has the same size as its original version.
The proposed encryption technique allows a fast encryption time in comparison to previous proposals that sequentially encrypt multiple grayscale images [39,40]. This is because we simultaneously encrypt all the primary images, and the optical schematic of the encryption system is performed thrice in order to obtain only a single encrypted image with the hidden information of the whole set of images to encrypt (in the following example, it is up to eight signals). The multiple grayscale images encryption system of this work shows an improved security over the encrypted distribution because the nonlinear modifications of the JTC architecture in the GD depend on the number and the values of the RPM keys utilized for the encryption process. Finally, the proposed security system allows a simultaneous encryption and decryption of multiple images with a high level of security for the single real-valued encrypted image and a retrieval with a high image quality for the multiple decrypted images, due to the phase encoding of the multiple images to encrypt and the two new nonlinear operations applied on the JGPD. We point out that these two nonlinear terms are specially designed for a satisfactory multiple-image encryption and decryption, and they differ from the nonlinear modifications presented in [26].

Encryption Scheme
In this section, we describe the encryption scheme using the equations of a nonlinear JTC architecture in the GD [26], with the purpose of encrypting p grayscale images. Each grayscale image to be encrypted is denoted by a real-valued function f j (x, y) with values in the interval [0, 1] and j = 1, 2, 3, . . . , p; each grayscale image is encoded in phase We use two different RPMs, r j (x, y) and h j (x, y), for each grayscale image to encrypt. These two RPMs are defined by where s j (x, y) and n j (x, y) are normalized positive functions randomly generated, statistically independent and uniformly distributed in the interval [0, 1]. The functions f j (x, y), s j (x, y) and n j (x, y) are grayscale images with M × N pixel size. We define the new function g j (x, y) = f j,Ph (x, y)r j (x, y) given by a grayscale image encoded in phase f j,Ph (x, y) bonded to an RPM r j (x, y), with the purpose of simplifying the following equations. The input plane of the JTC is composed of two non-overlapping data distributions for each grayscale image to be encrypted. These two data distributions are the new function g j (x, y) and the RPM h j (x, y) placed anti-symmetrically side by side at the input plane of the JTC by means of the generalized shift operators GS a j ,b j ;α and GS −a j ,−b j ;α , respectively, where a j and b j are real values and α is the rotation angle of the GT operator. The operators of GT and generalized shift are described in Appendixes A and B, respectively. The values of a j and b j are the central points of each data distribution g j (x, y) and we define a j and b j proportionally to N/2 and M/2 depending on the location of each function g j (x, y). The distributions contained in the input plane of the JTC for all the grayscale images to be encrypted are depicted in Figure 1. The GT at parameter α of the distributions g j (x, y) and Therefore, the input plane of the JTC-based encryption scheme for all the p grayscale images to be encrypted is Equation (3) is mathematically compact due to the chosen location of each data distribution in the input plane of the JTC (Figure 1). Other ways of placing the data distributions at the input plane of the JTC would be possible, but the resulting mathematical expression of Equation (3) would be longer and more complicated. The JGPD at parameter α for Equation (3) is the intensity of the GT of the input plane of the JTC given by [26] where the variables u and v are the output coordinates in the GD, csc α and the superscript * denotes the complex conjugation operation. The JGPD is a positive real-valued distribution and it has 4p 2 , being p the total number of original images to encrypt. The four general terms of the double summation in Equation (4) are composed of the multiplication of different pure linear phase terms and the products between the data distributions g j,α (u, v) and , respectively. We define the intensities I 1 (u, v) and I 2 (u, v) as The specific location of each data distribution depicted in Figure 1 for the input plane of the JTC allows an easy computation of the intensities I 1 (u, v) and I 2 (u, v) defined in Equation (5) by using a GT implemented optically or numerically. The next step in the encryption scheme is to subtract the intensities I 1 (u, v) and I 2 (u, v) from the JGPD. Then, the previous modification of the JGPD is divided by the intensity I 2 (u, v) with the purpose of obtaining the encrypted image The encrypted image e α (u, v) is a real-valued distribution that has 2p 2 terms and it is computed from the following three intensities: JGPD α (u, v), I 1 (u, v) and I 2 (u, v). The two general terms of the double summation in Equation (6) are noisy data distributions that represent the DRPE in the GD for all the original images to encrypt along with the 2p RPMs, r j (x, y) and h j (x, y). Figure 2 shows the optical encryption scheme (part I) based on a fully phase nonzero-order JTC architecture in the GD and the optical decryption scheme (part II) based on two successive GTs. The security keys of the encryption scheme are the 2p RPMs r j (x, y) and h j (x, y) and the rotation angle of the GT operator. The RPM r j (x, y) is used to spread the information content of each grayscale image f j (x, y) encoded in phase onto the encrypted distribution e α (u, v).

Decryption Scheme
In the decryption scheme ( Figure 2, part II), the p RPMs h l (x, y) are placed at the input plane of the decryption scheme by using the generalized shift operators GS −a l ,−b l ;α . Then, the encrypted image e α (u, v) located in the GD is multiplied by the GT of the input plane of the decryption scheme and the result is where T l = i2π(b l u + a l v) csc α and this equation has 2p 3 terms. The two general terms of the triple summation in Equation (7) are composed of the multiplication of different pure linear phase terms and the products between the data distributions g * k,α (u, v), h j,α (u, v) and h l,α (u, v), and g j,α (u, v), h * k,α (u, v) and h l,α (u, v), respectively. Each general term of this triple summation is divided by the nonlinear term I 2 (u, v). The first general term of Equation (7) corresponds to different noisy data distributions at the output plane of the decryption system, and the second general term of Equation (7) allows the separation of the data distribution g j,α (u, v) from the product given by the multiplication of the data distributions g j,α (u, v), h * k,α (u, v) and h l,α (u, v), when l = j. The output plane of the decryption scheme is given by the GT at parameter −α of Equation (7). The resulting output plane has several distributions spatially separated. The second term of the triple sum on the right side of Equation (7) retains the most relevant information in order to retrieve the p grayscale images that were encrypted. The p decrypted grayscale images are centered at coordinates (a j , b j ) and the other distributions in the output plane of the decryption scheme are spatially separated distributions from these p decrypted grayscale images. Therefore, the GT at parameter −α of the second term of the triple sum on the right side of Equation (7) is the result of this equation is obtained when −a l = −a j , −b l = −b j and l = j. Each term of the Equation (8) is multiplied by a linear phase term and the complex conjugate of r j (x − a j , y − b j ) in order to obtain a version of the decrypted grayscale imagef j (x, y) at coordinate (a j , b j ) given by where arg is the phase of a complex-valued function. If the p keys RPMs h j (x, y) and the key RPM r j (x, y) applied in the decryption scheme are the same keys used in the encryption system, the decrypted grayscale imagef j (x, y) is a replica of the grayscale image f j (x, y) that was encrypted. The nonlinear modifications of the JGPD at the output plane of the encryption scheme allow obtaining a correct retrieval of the original grayscale image in the decryption scheme.

Numerical Simulations
In this section, we compute the numerical simulations of the encryption and decryption schemes for multiple images presented in Section 2. The resolution of the grayscale images used in these numerical simulations is 512 × 512 pixels (M = N = 512). The images in Figure 3 show the results for the encryption scheme described in Section 2.1. We have selected eight original grayscale images to encrypt (j = 1, 2, 3, ..., 8 and p = 8). These images have different details and frequency spectra, and they could be used for different purposes. The first five grayscale images correspond to a multispectral image of peppers; each color component of this multispectral image is processed as a grayscale image. The original image related to the multispectral image of peppers in the RGB color space is shown in Figure 3a, and the five grayscale images f j (x, y) at j = 1, 2, 3, 4, 5 taken from the multispectral image are depicted in Figure 3b-f. These first five grayscale images were taken from [48]. The five color (wavelength, λ) channels captured for the multispectral image of peppers are f 1 (x, y) at λ = 440 nm, f 2 (x, y) at λ = 510 nm, f 3 (x, y) at λ = 570 nm, f 4 (x, y) at λ = 610 nm and f 5 (x, y) at λ = 670 nm. The remaining three original grayscale images to encrypt correspond to the photo of a person and two biometric signals given by the images of a fingerprint and a retina. These last three original grayscale images are displayed in Figure 3g-i. The image for the random code n 1 (x, y) of the RPM h 1 (x, y) is presented in Figure 3j. The random codes s j (x, y) of the RPMs r j (x, y) and n j (x, y) of the RPM h j (x, y) with j = 1 have different values but a similar appearance to the random code n 1 (x, y). The encrypted image e α (u, v) for the rotation angle α = 0.775π is shown in Figure 3k, which is a noisy distribution that does not reveal any information of the original images f j (x, y). The security keys of the encryption scheme are represented by the sixteen RPMs (r j (x, y) and h j (x, y)) and the rotation angle of the GT operator. Initially for the decryption computation, we use the same values of the security keys given by the sixteen RPMs (r j (x, y) and h j (x, y)) and the rotation angle of the GT operator, which were used in the encryption computation. Therefore, the right decrypted imageŝ f j (x, y), which are replicas of the original images f j (x, y), are displayed in Figure 4a-h. If a wrong security key, for instance, the RPM h 7 (x, y), and the other sixteen correct security keys (the remaining fifteen RPMs and the rotation angle of the GT operator) are used in the decryption scheme, we obtain the noisy decrypted images depicted in Figure 4i-l. For the last numerical simulation, the decrypted imagesf j (x, y) with j = 1, 2, 3, 4 are also noisy random distributions with a similar appearance to the decrypted image shown in Figure 4i. When another security key different from the RPM h 7 (x, y) is wrong for the decryption computation, we will also obtain noisy decrypted images very similar to the distributions displayed in Figure 4i-l. If the new nonlinear terms I 1 (u, v) and/or I 2 (u, v) defined in Equation (5) were not applied to compute the encrypted image of Equation (6) or the definitions of these two nonlinear terms were different from those in Equation (5), we would obtain multiple noisy decrypted images very alike to the images depicted in Figure 4i-l. Thus, the correct simultaneous retrieval of the original images at the output plane of the decryption scheme is only possible when all the security keys have the same values for the encryption and decryption computations, and the two nonlinear terms I 1 (u, v) and I 2 (u, v) of Equation (5) are applied in the definition of the encrypted image given by Equation (6).
The most used metric to evaluate the quality of the decrypted images is the root mean square error (RMSE), which is defined by [15] On the one hand, the RMSE values close or equal to 0 correspond to decrypted images very similar to the original ones, thus indicating a good image quality for the retrieved signal. On the other hand, the RMSE values close to 1 usually correspond to noisy decrypted signals that do not resemble the original images. The RMSEs between the original images f j (x, y) of Figure 3b (i) Undisclosedf 5 (x, y) (j) Undisclosedf 6 (x, y) (k) Undisclosedf 7 (x, y) (l) Undisclosedf 8 (x, y) Figure 4. (a-h) Correct decrypted imagesf j (x, y) at j = 1, 2, 3, ..., 8, when the correct seventeen security keys RPMs, given by the sixteen RPMs (r j (x, y) and h j (x, y)) and the rotation angle of the GT operator, are used. (i-l) Wrong decrypted imagesf 5 (x, y),f 6 (x, y),f 7 (x, y) andf 8 (x, y), respectively, when the incorrect security key RPM h 7 (x, y) and the other correct sixteen security keys (the remaining fifteen RPMs and the rotation angle of the GT operator) are used in the decryption scheme.
Several possible drawbacks of the proposed multiple-image encryption-decryption scheme could arise when the total number p of images to encrypt is quite large, assuming that the resolution of each image remains unchanged. For example, in its optoelectronic implementation, the possibility to place a large number of images for encryption in the input plane of the JTC may be limited by the resolution of the display used in the input plane (e.g., a phase-only spatial light modulator). The computation time for the numerical simulations of the proposed encryption system will increase as the total number p of the original images to be encrypted increases, because the digital images needed to compute the three intensities (JGPD α (u, v), I 1 (u, v) and I 2 (u, v)) of the encrypted image will have a bigger resolution. Finally, the management and distribution of the security keys of the proposed encryption-decryption scheme can be a bit more complicated due to the large number of security keys given by the 2p RPMs.
We consider the key space of the proposed encryption and decryption schemes as all possible combinations of the seventeen security keys given by the sixteen RPMs (r j (x, y) and h j (x, y)) and the rotation angle of the GT operator. In reference [26], it was found that the sensitivity on the values of the rotation of the GT operator in order to retrieve a good quality decrypted image was of the order of 4 × 10 7 . All the sixteen RPMs are images with a resolution of 512 × 512 pixels and the possible values of these pixels are 256 different values. Therefore, the number of possible combinations of the sixteen RPMs is of the order of 256 (16)(512)(512) = 256 4194304 [29]. Finally, the total key space of the proposed encryption and decryption schemes is given by the product of the sensitivity on the values of the rotation of the GT operator and the number of possible combinations of the sixteen RPMs: (4 × 10 7 )(256 4194304 ). This total key space is very large, and a brute force attack for the encryption and decryption schemes of this work would be impractical. An improvement in the security of the proposed encryption scheme against CPA, KPA and COA is obtained due to the nonlinear modifications applied in this work; such nonlinear modifications are the phase encoding of the original images and the operations performed on the JGPD in order to obtain the encrypted image. This fact was shown in references [15][16][17][18][19]22,23,26,27].

Conclusions
A new encryption-decryption scheme was proposed for multiple images based on a nonlinear fully phase JTC architecture in the GD. The proposed security system can encrypt multispectral or color images considering each color channel as a grayscale image. The encryption system can also protect binary and biometric images. The proposal incorporates two nonlinear modifications: the phase encoding of the original grayscale images to encrypt and the nonlinear operations introduced in the JGPD. The retrieval of multiple images due to the nonlinear modifications provides a highly secure encryption-decryption system, which achieves an excellent quality of the decrypted images. The security keys of the proposed encryption and decryption schemes are represented by the RPMs r j (x, y) and h j (x, y) and the rotation angle of the GT operator. Only the correct values of the security keys permit a proper simultaneous retrieval of the original images in the decryption scheme. The proposed simultaneous encryption scheme has a fast computation time in comparison to previous proposals that sequentially encrypt multiple grayscale images. In our proposal, the encryption of up to eight images is obtained by simultaneously displaying the whole set of signals in the input plane of the encryption stage. In addition, the final encrypted distribution is nonlinearly computed by using only three intensity distributions. The proposed encryption-decryption scheme is more secure against several plaintext attacks because of the phase encoding of the original images to encrypt, the nonlinear operations applied over the JGPD and the larger key space of the proposed encryption scheme. Funding: This research has been funded by the Universidad de La Guajira (Riohacha), the Universidad Popular del Cesar (Valledupar) and the Universitat Politècnica de Catalunya · BarcelonaTech, SGR 2021 SGR 00388 and the Agencia Estatal de Investigación, Spanish Government (PID2020-114582RB-I00/AEI/10.13039/501100011033).

Institutional Review Board Statement: Not applicable.
Informed Consent Statement: Not applicable.

Data Availability Statement:
The supporting information can be found from the corresponding author.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript:

Appendix A. The Gyrator Transform Operator
The Gyrator transform (GT) operator is a linear integral transform that maps a twodimensional function f (x, y) onto function f α (u, v), where the parameter α is the rotation angle. The GT operator at parameter α is defined by [49] K α (u, v, x, y) = C α exp{i2π[(uv + xy) cot α − (vx + uy) csc α]}, where K α is the kernel of the GT operator, the values of the rotation angles are in the interval of 0 ≤ α < 2π, the variables x and y represent the coordinates at the spatial domain and the variables u and v denote the output coordinates in the Gyrator domain (GD). When α = 0, the GT operator reduces to the identity transform. When α = π/2, the GT operator corresponds to the direct Fourier transform with rotation of the coordinate at π/2. When α = π, the reverse transform is derived from the GT operator. When α = 3π/2, the GT operator is the inverse Fourier transform with rotation of the coordinate at π/2 [49]. The inverse GT operator corresponds to the GT operator at rotation angle −α. The GT operator is additive with respect to the rotation angle, G α G β = G α+β . The kernel of the GT operator is the product of the hyperbolic and plane waves, and the kernel of the fractional Fourier transform operator is the product of the spherical and plane waves [26]. The properties of the GT operator and the fractional Fourier transform operator have some aspects in common, because these operators are special cases of the linear canonical transforms [27].
The optical GT operator was implemented in [50,51] by means of a setup that uses three generalized lenses with a fixed distance between them. Each generalized lens is composed of two thin cylinder lenses and the rotation of these cylindrical lenses control the value of the rotation angle α.

Appendix B. Generalized Shift Operator
We use the definition of the generalized shift operator proposed in [52], which is a simultaneous application of a spatial shift and a modulation by a pure linear phase term over a function f (x, y). The generalized shift operator at parameters x 0 , y 0 and α is defined by GS x 0 ,y 0 ;α f (x, y) = exp −i2π y 0 x − x 0 2 + x 0 y − y 0 2 cot α f (x − x 0 , y − y 0 ). (A3) The generalized shift operator forms a commutative group for the rotation angle α. The composition law is GS x 1 ,y 1 ;α GS x 2 ,y 2 ;α = GS x 1 +x 2 ,y 1 +y 2 ;α . The usual traslation operator is obtained from the generalized shift operator when the rotation angle is α = π/2; hence, GS x 0 ,y 0 ;π/2 f (x, y) = f (x − x 0 , y − y 0 ). The GT operator with the rotation angle α of the generalized shift operator presented in Equation (A3) is G α {GS x 0 ,y 0 ;α f (x, y)} = exp{−i2π(y 0 u + x 0 v) csc α} f α (u, v). (A4) The generalized shift operator does not introduce a shift over the result of the GT operator. This property is very useful for centered optical systems [52].