A Multi-Image Encryption with Super-Lager-Capacity Based on Spherical Diffraction and Filtering Diffusion

Abstract

A multi-image encryption with super-large-capacity is proposed by using spherical diffraction and filtering diffusion. In the proposed method, initial images are processed sequentially by filtering diffusion and chaos scrambling. The images are combined into one image using XOR operation. The combined image is encrypted by improved equal modulus decomposition after spherical diffraction. There are three main contributions of the proposed method—(1) resisting phase-retrieval attack due to the asymmetry of spherical diffraction; (2) high flexibility of decrypting images individually; and (3) super-large encryption capacity of the product of image resolution and grayscale level, which is the most significant advantage. The feasibility and effectiveness of the proposed encryption are verified by numerical simulation results.

1. Introduction

With the development of information technology, how to ensure the security of image information becomes an essential point. In image encryption research, optical information processing technology and digital technology have been widely used in image encryption [1,2,3,4,5,6,7]. Refregier and Javidi proposed double random phase encoding (DRPE) in 1995, which pioneered the field of optical encryption [8]. However, because of the linear symmetry of DRPE technology [9], it is proved to be vulnerable to the known-plaintext attack [10] and chosen-plaintext attack [11]. To improve security, several nonlinear cryptosystems are proposed to improve the weaknesses of traditional symmetric cryptosystems, such as Fresnel domain [12], cylindrical diffraction transform [13,14,15], gyrator transform domain [16], and fractional Mellin transform [17]. However, these image encryption methods are usually applied to encrypt one image, which has made it challenging to meet the growing information needs. Recently, more and more scholars have begun to study multi-image encryption [18,19,20,21,22,23].

Multi-image encryption can be divided into two categories according to the encryption process. One of the multi-image encryption technologies is based on cascading [24,25,26]. Sui et al. [27] used cascaded fractional Fourier transform to encrypt multiple images. As the number of images increases, the quality of decryption decreases rapidly. Li et al. [28] proposed a multiple-image encryption method using the cascaded fractional Fourier transform, which cannot get a decrypted image individually from the ciphertext. Hence, the decryption flexibility is poor, and the number of encryption images is severely limited. The other multi-image encryption technology is based on multiplexing, such as space multiplexing [29], region multiplexing [30], wavelength multiplexing [31,32], and position multiplexing [33]. For instance, Deepan et al. [34] proposed a multi-image cryptosystem based on compressive sensing and the DPRE technique. By this method, the space multiplexing method is also used to integrate multiple-image data. Zhao et al. [35] came up with a multi-image encryption by using the position multiplexing. Besides, Hu et al. [36] proposed an asymmetric multi-image encryption using the convolution multiplexing. Due to crosstalk issues, this method can only encrypt up to 12 images. Moreover, Liu et al. [37] present a double image encryption using fractional order multiplexing to combine two initial images. Because of the characteristics of multiplexing technology, it can decrypt images individually, which has high decryption flexibility. In the process of information multiplexing, the information of different images occupies the same channel. However, the traditional multiplexing method will lead to data crosstalk and the limited encryption capacity with the number of images increasing.

In order to solve the problem, a multi-image encryption using spherical diffraction and filtering diffusion is proposed. Owing to the asymmetric characteristics of spherical diffraction, the proposed encryption can effectively resist the phase retrieval attack. Moreover, each image can be decrypted individually with its private key, which has high decryption flexibility. The most significant advantage of this algorithm is the super-large encryption capacity. The encryption capacity is the product of image resolution and grayscale level, which is super-large of 2⁸ × m × n in case of m × n points of an image with 2⁸ grayscale level. Numerical simulation results verify the feasibility and effectiveness of the proposed encryption.

The rest of this paper is organized as follows. Section 2 introduces the spherical diffraction and filtering diffusion technology. Section 3 presents principle of encryption and decryption. Section 4 shows simulation results. Section 5 draws a conclusion.

2. Principles of the Method

2.1. Encryption in Spherical Diffraction Domain

Since spherical diffraction (SpD) is an asymmetry diffraction propagation model [38], the SpD-based encryption should overcome the shortage of symmetry cryptosystem, which is based on traditional diffraction. According to the spherical diffraction theory [38,39,40,41,42], the object and the observation surfaces are concentric spheres. r and R represent the radii of the inner and outer surfaces of the concentric sphere, respectively. In this diffraction model, there are two models of propagation, namely the inside-out propagation (IOP) model and the outside-in propagation (OIP) model, as shown in Figure 1a,b, respectively.

We use Q_R (θ_R, φ_R) and P_r (θ_r, φ_r) in the spherical coordinates to denote the object and the observation points for the OIP model, respectively. The spherical coordinate of Q_r (θ_r, φ_r) and P_R (θ_R, φ_R) denote the object and the observation points for the IOP model, respectively. θ_r and θ_R are in the range of −π to π, φ_r and φ_R are in the range of −π/2 to π/2. If we represent the diffraction distributions on the inner and outer surfaces by u_r (θ_r, φ_r) and u_R (θ_R, φ_R), the diffraction integral formulas based on the Rayleigh–Sommerfeld integral equation of the two models can be written as

$$u_r\left({\theta }_r,{\phi }_r\right)=C{\displaystyle {\iint }_s{u}_R\left({\theta }_R,{\phi }_R\right)}\cos \alpha \frac{\exp (ik{d}_{O_R{P}_r})}{d_{O_R{P}_r}}d{\theta }_{R}d{\phi }_R=Sp{D}_r\left(u_r\left({\theta }_r,{\phi }_r\right)\right)\dots \dots \mathrm{OIP},$$

(1)

$$\cos \alpha =\frac{r-R\cos ({\theta }_R-{\theta }_r)\cos ({\phi }_R-{\phi }_r)}{d_{O_R{P}_r}},$$

(2)

$$d=d_{O_R{P}_r}=d_{O_r{P}_R}=\sqrt{r^2+R^2-2Rr\cos ({\theta }_R-{\theta }_r)\cos ({\phi }_R-{\phi }_r)},$$

(3)

$$u_R({\theta }_R,{\phi }_R)=C{\displaystyle {\iint }_s{u}_r({\theta }_r},{\phi }_r)\frac{\exp (ik{d}_{O_r{P}_R})}{d_{O_r{P}_R}}d{\theta }_{r}d{\phi }_r=Sp{D}_R\left(u_R({\theta }_R,{\phi }_R)\right)\dots \dots \mathrm{IOP},$$

(4)

where C denotes a constant and k denotes the wavenumber of the incident light. d denotes the distance between two points of P and Q on the object and observation surfaces. s represents the object surface.

2.2. Filtering Diffusion Technology

Image filtering is a digital image processing technology, which is mainly used to eliminate image noise or extract image features. The method performs convolution operation on a 2D image block and a 2D matrix, named kernel. To be specific, the additions of all the multiplications of the kernel pixels and image pixels are used as the value of the current pixel. The current pixel value corresponds to the center element of kernel, and the other elements correspond to adjacent pixels. R is the selected image block, the central pixel R_x,y is the pixel to be processed, and M is the kernel. Assuming the kernel size is (2n + 1) × (2n + 1), the calculation of image filtering can be defined as

$$R_{x,y}^{\prime }={\displaystyle \sum _{i=-n}^n{\displaystyle \sum _{j=-n}^n{M}_{i+n+1,j+n+1}}}{R}_{x+i,y+j}.$$

(5)

Selecting a suitable kernel to filter can emphasize some features or remove unwanted parts in the image. However, we can also use a randomly generated kernel to diffuse the image for encryption. Since the slight change of the current pixel would affect the value of each subsequent pixel, it has a good diffusion effect.

To make the filtering invertible, we set the center pixel of the kernel as one and set other pixels as integers. To get a better diffusion effect, the lower-right corner of the kernel is set to correspond to the current pixel, namely M_2n+1,2n+1 = 1. The current pixel R_x,y is processed by the upper and left adjacent pixels. Figure 2 shows the filtering diffusion process.

According to filtering diffusion theory [43,44], the calculation of filtering diffusion can be expressed as

$$R_{x,y}^{\prime }=\left({\displaystyle \sum _{i=-n}^n{\displaystyle \sum _{j=-n}^n{M}_{i+n+1,j+n+1}{R}_{x+i,y+j}}}\right)\mathrm{mod}F,$$

(6)

$$R_{x,y}=\left(R_{x,y}^{\prime }-{\displaystyle \sum _{i,j\in \left\{-n,\dots ,n\right\}\cap (i,j)\ne (0,0)}}{M}_{i+n+1,j+n+1}{R}_{x+i,y+j}\right)\mathrm{mod}F.$$

(7)

Before filtering the current pixel, the upper and left pixels should be processed. When doing inverse filtering, it is also required that the upper and left adjacent pixels have not been restored. Therefore, the processing order of inverse filtering should be reversed from that of the forward operation.

3. Principle of Encryption and Decryption

In the process of encryption, filtering diffusion and chaotic scrambling are first used to diffuse and scramble encrypted images, respectively. Second, multiple images are superimposed together using the XOR operation. Then, the superimposed image is transformed into the spherical diffraction domain. Finally, the improved equal modulus decomposition (EMD) is employed to obtain ciphertext and private key. The process of decryption is the inverse operation of encryption.

3.1. Process of Encryption

The multi-image encryption based on filtering diffusion and spherical diffraction is shown in Figure 3. Suppose the original gray images are represented by I_N (x, y), the proposed method can be described as follows:

Step 1: First, the images are processed by filtering diffusion using the 2D kernel of size 2 × 2 individually. We set M_2,2 as one, and the other three numbers are randomly generated integers from 0 to 255. In the filtering diffusion process, the leftmost column and the topmost row of the image do not have enough pixels for calculation. Hence, the rightmost and bottommost pixels can be used for expansion [43]. Starting from the upper left corner of the image, each pixel is processed in turn. The processed pixel value can be expressed as

$$I_N^{\prime }(x,y)=\left({\displaystyle \sum _{i,j\in \{1,2\}}}M(i,j)I_N(i,j)\right)\mathrm{mod}F,$$

(8)

where F denotes the grayscale level.

Step 2: To get a better encryption effect, the images are scrambled by the chaotic sequence individually. The chaotic sequence is obtained by

$$x_{n+1}=\mu x_n(1-x_n).$$

(9)

The range of x_n is (0, 1) and the range of μ is (0, 4).

Step 3: Combining the images into one image using the XOR operation. The superimposed result can be written as

$$f(x,y)=I_1^{\prime }(x,y)\oplus I_2^{\prime }(x,y)\dots \oplus I_N^{\prime }(x,y).$$

(10)

At the same time, P_N can be obtained by

$$P_N(x,y)=f(x,y)\oplus I_N^{\prime }(x,y),$$

(11)

where P_N is reserved as the private key of each image for decryption.

Step 4: The combined image f (x, y) is mapped on the spherical surface with a radius of R after it is modulated by the random phase mask RPM (x, y) = exp [iR₁ (x, y)]. R₁ is a random array uniformly distributed between 0 and 2π. According to the OIP model, the modulated image is transformed into a spherical coordinate. If we use U (x, y) to represent the complex amplitude after spherical diffraction, the expression can be written as

$$U(x,y)=Sp{D}_R\left[f(x,y)RPM(x,y)\right].$$

(12)

Step 5: To improve the anti-attack ability, we use the improved EMD [45] to decompose complex amplitude. The distribution of complex amplitude can be written as

$$U=A\times \exp (i\beta )=C\times \left[\exp (i{R}_2)+\exp (iPK)\right],$$

(13)

$$R_2=2\pi \times \mathrm{rand}(),$$

(14)

where A is the amplitude and β represents the phase of U, rand() denotes a random function. The ciphertext C and the private key PK can be expressed as follows:

$$C=0.5A\times {\left[\cos (\beta -R_2)\right]}^{-1},$$

(15)

$$PK=2\beta -R_2,$$

(16)

where the ciphertext C and the private key PK are both real-valued, so that they are convenient for recording and transmission.

3.2. Process of Decryption

Figure 4 shows process of decryption. The detailed steps are as follows:

Step 1: According to the Equation (13), we can get the complex amplitude U. The U is modulated by RPM* after spherical diffraction. The combined image f (x, y) can be obtained by

$$f(x,y)=ISpD[U(x,y)]RP{M}^{*},$$

(17)

where ISpD [•] resents the inverse process of the spherical diffraction calculation. Then f (x, y) is rounded to unify the data types.

Step 2: Based on the Equation (11), image $I_N^{\prime }$(x, y) can be obtained by

$$I_N^{\prime }(x,y)=f(x,y)\oplus P_N(x,y).$$

(18)

Step 3: According to the Equation (8), the decrypted images can be obtained by the inverse chaotic scrambling and the inverse filtering diffusion in this scheme.

4. Simulation Results

4.1. Encryption and Decryption Results

The numerical simulation for the proposed encryption has been carried out on a PC with Intel (R) Core(TM) i5-7200U CPU 2.50 GHz and 8 GB memory capacity. Python 3.7 is used for this numerical simulation. The outer spherical R, inner spherical r and the wavelength λ are set as 500 × 10⁻³ m, 50 × 10⁻³ m and 250 × 10⁻⁶ m, respectively, as shown in

Table 1. The algorithm’s parameters.

R	r	λ	xn	μ
500 × 10−3 m	50 × 10−3 m	250 × 10−6 m	0.50	3.70

. According to the sampling theorem in the spherical diffraction calculation [41], the pixel numbers in the azimuthal and vertical directions are at least 2514 and 1257, respectively. If we take 1/5 of the surface for spherical diffraction, the minimum number of pixels required in the azimuthal and vertical directions are 503 and 252, respectively. Therefore, the size of the original image is selected as 512 × 512 pixels. Figure 5a–d show the original images with 512 × 512 pixels for the proposed method. Figure 5e,f shows the private key of the first image P₁ and the combined image f, respectively. Figure 5g,h shows the ciphertext C and the private key PK, respectively. Figure 5a1–d1 shows decrypted images with correct keys.

To evaluate the decryption quality, the peak signal-to-noise (PSNR) and the correlation coefficient (CC) between the decrypted and original images are calculated. The formula of PSNR and CC can be given by

$$PSNR(I_o,I_d)=10{\log }_{10}\left[\frac{M\times N\times {255}^2}{{\displaystyle {\sum }_{\forall x,y}{\left[I_o(x,y)-I_d(x,y)\right]}^2}}\right],$$

(19)

$$CC=\frac{E\left\{\left[I_o-E\left[I_o\right]\right]\left[I_d-E\left[I_d\right]\right]\right\}}{\sqrt{E\left\{{\left[I_o-E\left[I_o\right]\right]}^2\right\}}\sqrt{E\left\{{\left[I_d-E\left[I_d\right]\right]}^2\right\}}},$$

(20)

where M × N is the size of image and E{•} denotes the expected value of the function, I_o and I_d represent the original and decrypted images, respectively. The PSNR and the CC values between the original images and corresponding decrypted images are infinity and 1, respectively, which shows the decrypted images are lossless.

4.2. Key Sensitivity and Key Space Analysis

The key sensitivity is usually used to test whether the proposed method is stable. For brevity, only the decryption image “cameraman” is shown. The dependences of CC on the change of r, R, and λ are shown in Figure 6. When r, R, and λ value changes 2 × 10⁻⁶, 4 × 10⁻⁶, 4 × 10⁻⁹ respectively, CC value would change dramatically. It shows that this method is extremely sensitive to the keys. From the above analysis, the key space of this method is (10⁶)³ = 10¹⁸.

4.3. Histogram

The histogram shows the effectiveness and security of the encryption. The ideal histogram should be almost different from the original image. The histograms of original images are shown in Figure 7a–d, respectively. Figure 7e shows the histogram of the encrypted image, which is very different from the original image. Figure 7f shows the other encrypted image using different original images, which is similar to Figure 7e.

4.4. Adjacent Pixel Correlation

Table 2. Adjacent pixel correlation.

Correlation Coefficient	Horizontal	Vertical	Diagonal
cameraman	0.966649	0.978250	0.978232
peppers	0.973320	0.976367	0.980875
baboon	0.879297	0.799324	0.799965
coco	0.989351	0.990687	0.990696
ciphertext	0.000046	0.000203	0.002142
Ref. [36]	0.002800	0.034100	−0.054700
Ref. [22]	−0.026800	0.013500	0.010300
Ref. [23]	0.025300	0.019700	0.026900

shows the adjacent pixels correlation of the four original images, the encrypted image and the encrypted image in other multi-image encryption method. An efficient encryption should significantly reduce the adjacent pixel correlation of the original images. It can be defined as

$$CC(X,Y)=\frac{E[(X-{\mu }_X)(Y-{\mu }_Y)]}{{\sigma }_X{\sigma }_Y},$$

(21)

where X and Y are two different pixel sequences, in which each pixel is the adjacent pixel of X. μ and σ denote the mean value and the standard derivation, respectively. E [•] represents the mathematical expectation.

Table 2 shows that the correlation between adjacent pixels of the ciphertext is much lower than that of the original images, and it’s also lower than the results of other methods.

4.5. Noise and Occlusion Attacks

Images are susceptible to noise pollution during transmission. It is necessary to ensure that the encryption has a certain anti-noise attack capability. In this section, the multiplicative noise is added to the encrypted image to test the effects of noise. The multiplicative noise model is given by

$$P^{\prime }=P(1+kG),$$

(22)

where P and P^′ denotes the encrypted image and the encrypted image with noise, respectively. G represents the white Gaussian noise with zero-mean and 0.01 standard deviation, k represents the noise strength.

Figure 8 shows the decrypted results of the encrypted image with different strength noise. Figure 8a–c shows the results of the intensity k = 0.05, 0.07, 0.10, respectively, and the corresponding PSNR values are 30.96, 27.07, 24.36 dB, respectively.

Figure 9a–c shows the decryption results of the ciphertext center being occluded by 4 × 4, 6 × 6, 8 × 8 pixels, respectively, and the corresponding PSNR values are 31.24, 25.51, 24.00 dB, respectively.

4.6. Potential Attack Analysis

Usually, if the encryption can resist the chosen-plaintext attack, it can resist other common attacks. Based on the proposed method, the illegal user uses the encryption to encrypt arbitrary images to obtain fake private keys, which would be used to decrypt the original image. At the same time, the encryption key such as R, r, λ, and the 2D kernel is known by the illegal user. Figure 10a–d shows the decrypted image, which doesn’t have any information about the original image. It shows that the proposed method can resist the chosen-plaintext attack.

Phase retrieval attack is usually used to test the security of the encryption method. Figure 11 shows the relation between the CC value of the combined image and iteration numbers. It shows that the CC value quickly converges to around 0 with the increase of iteration numbers, which indicates that the proposed method can resist phase retrieval attack effectively.

An encryption system with good encryption effect should be able to resist differential attack. Generally, the number of pixel change rate (NPCR) and unified average changing intensity (UACI) are used to evaluate the ability to resist the differential attack, which are defined as follows:

$$NPCR=\frac{1}{M\times N}{\displaystyle \sum _{i=1}^M{\displaystyle \sum _{j=1}^{N}D(i,j)}}\times 100\%,$$

(23)

$$D(i,j)=\{\begin{array}{c}1,E(i,j)\ne E^{\prime }(i,j)\\ 0,E(i,j)=E^{\prime }(i,j)\end{array},$$

(24)

$$UACI=\frac{1}{M\times N}{\displaystyle \sum _{i=1}^M{\displaystyle \sum _{j=1}^N\frac{|E(i,j)-E^{\prime }(i,j)|}{255}}}\times 100\%,$$

(25)

where E and E^′ are two ciphertexts, generated from two original images that have only one different pixel, and M × N is the size of image. To obtain NPCR and UACI, we choose one of the images to change a random pixel, and encrypt them with the same key. The results of NPCR and UACI are shown in

Table 3. The values of the number of pixel change rate (NPCR) and unified average changing intensity (UACI).

Image	NPCR (%)	UACI (%)
cameraman	99.6046	33.1825
peppers	99.6046	33.9021
baboon	99.6046	33.3199
coco	99.6046	34.1323

. It shows that the proposed encryption can resist differential attack very well.

4.7. Time and Computational Complexity Analysis

In this analysis, we use the original images of size 265 × 256 and 512 × 512 to test the time to encrypt different numbers of images. The results are shown in

Table 4. The time of encrypting different numbers of images.

Size	One Image	Two Images	Three Images	Four Images
256 × 256	0.6393 s	1.2354 s	1.8577 s	2.4489 s
512 × 512	2.5149 s	4.9587 s	7.4733 s	9.7806 s

. It shows that as the number of encryption increases, the encryption time also increases. At the same time, the computational complexity of the proposed encryption is O (n²).

4.8. Capacity of Image Encryption

For a multi-image encryption, the number of encryption images is an essential indicator of measurement. In this proposed encryption, the bit-wise XOR operation for two images will maintain the pixel value range of original images. That is, the pixel value of the original images is in the range of 0–255, and the pixel value of the combined image is still in the range of 0–255 after using the XOR operation. Therefore, multi-image encryption through XOR multiplexing should have no decryption crosstalk theoretically. Since the private key of each different image generated in the encryption process must be different, the encryption capacity is limited by the maximum number of possible private keys, which is the product of the maximum grayscale level and the resolution of the private key image. Therefore, the encryption capacity EC can be expressed as

$${\mathrm{EC}=2}^w\times \mathrm{m}\times \mathrm{n},$$

(26)

where w represents the bit-depth of the encrypted image, m × n represents the size of the encrypted image. If the size of the encrypted image is m × n, and the grayscale level is 8, the encryption capacity would be 2⁸ × m × n.

We preprocess the images to ensure that each image is different. Figure 12 shows the decryption results of 200, 500, 1000, and 2000 different images with 64 × 64 pixels and their CC values, respectively. It can be seen that the decryption quality is still excellent when the number of encryption images reaches 2000. This indicates that the proposed encryption breaks through the number limitation of the conventional multi-image encryptions and greatly increases their encryption capacity.

5. Conclusions

In this article, we propose a large-capacity multi-image encryption using spherical diffraction and filtering diffusion. In this encryption, original images are combined into one image using the XOR operation after filtering diffusion. Then, the superimposed image is transformed into the spherical diffraction domain and encrypted by the improved EMD. Due to the remainder operation in the XOR operation, the range of the combined image is always maintained in the original image range, which would not exceed the limitation of image range or cause data crosstalk. Therefore, the encryption capacity is the product of image resolution and grayscale level, which is super-large of 2⁸ × m × n in case of m × n points of an image with 2⁸ grayscale level. Moreover, the proposed method is highly flexible due to individual decryption with the individual private key for each plaintext image. Besides, it can resisting phase-retrieval attack due to the asymmetry of spherical diffraction. The encryption system significantly increases the capacity of the multi-image encryption system, though it has weak anti-occlusion ability. In further work, the encryption method can be used in the color multi-image encryption system. The feasibility and effectiveness of the proposed encryption have been demonstrated by the simulation results.