A Multi-Image Encryption with Super-Lager-Capacity Based on Spherical Di ﬀ raction and Filtering Di ﬀ usion

: A multi-image encryption with super-large-capacity is proposed by using spherical di ﬀ raction and ﬁltering di ﬀ usion. In the proposed method, initial images are processed sequentially by ﬁltering di ﬀ usion and chaos scrambling. The images are combined into one image using XOR operation. The combined image is encrypted by improved equal modulus decomposition after spherical di ﬀ raction. There are three main contributions of the proposed method—(1) resisting phase-retrieval attack due to the asymmetry of spherical di ﬀ raction; (2) high ﬂexibility of decrypting images individually; and (3) super-large encryption capacity of the product of image resolution and grayscale level, which is the most signiﬁcant advantage. The feasibility and e ﬀ ectiveness of the proposed encryption are veriﬁed by numerical simulation results.


Introduction
With the development of information technology, how to ensure the security of image information becomes an essential point. In image encryption research, optical information processing technology and digital technology have been widely used in image encryption [1][2][3][4][5][6][7]. Refregier and Javidi proposed double random phase encoding (DRPE) in 1995, which pioneered the field of optical encryption [8]. However, because of the linear symmetry of DRPE technology [9], it is proved to be vulnerable to the known-plaintext attack [10] and chosen-plaintext attack [11]. To improve security, several nonlinear cryptosystems are proposed to improve the weaknesses of traditional symmetric cryptosystems, such as Fresnel domain [12], cylindrical diffraction transform [13][14][15], gyrator transform domain [16], and fractional Mellin transform [17]. However, these image encryption methods are usually applied to encrypt one image, which has made it challenging to meet the growing information needs. Recently, more and more scholars have begun to study multi-image encryption [18][19][20][21][22][23].
Multi-image encryption can be divided into two categories according to the encryption process. One of the multi-image encryption technologies is based on cascading [24][25][26]. Sui et al. [27] used cascaded fractional Fourier transform to encrypt multiple images. As the number of images increases, the quality of decryption decreases rapidly. Li et al. [28] proposed a multiple-image encryption method using the cascaded fractional Fourier transform, which cannot get a decrypted image individually from the ciphertext. Hence, the decryption flexibility is poor, and the number of encryption images is severely limited. The other multi-image encryption technology is based on multiplexing, such as space multiplexing [29], region multiplexing [30], wavelength multiplexing [31,32], and position multiplexing [33]. For instance, Deepan et al. [34] proposed a multi-image cryptosystem based on compressive sensing and the DPRE technique. By this method, the space multiplexing method is also used to integrate multiple-image data. Zhao et al. [35] came up with a multi-image encryption [31,32], and position multiplexing [33]. For instance, Deepan et al. [34] proposed a multi-image cryptosystem based on compressive sensing and the DPRE technique. By this method, the space multiplexing method is also used to integrate multiple-image data. Zhao et al. [35] came up with a multi-image encryption by using the position multiplexing. Besides, Hu et al. [36] proposed an asymmetric multi-image encryption using the convolution multiplexing. Due to crosstalk issues, this method can only encrypt up to 12 images. Moreover, Liu et al. [37] present a double image encryption using fractional order multiplexing to combine two initial images. Because of the characteristics of multiplexing technology, it can decrypt images individually, which has high decryption flexibility. In the process of information multiplexing, the information of different images occupies the same channel. However, the traditional multiplexing method will lead to data crosstalk and the limited encryption capacity with the number of images increasing.
In order to solve the problem, a multi-image encryption using spherical diffraction and filtering diffusion is proposed. Owing to the asymmetric characteristics of spherical diffraction, the proposed encryption can effectively resist the phase retrieval attack. Moreover, each image can be decrypted individually with its private key, which has high decryption flexibility. The most significant advantage of this algorithm is the super-large encryption capacity. The encryption capacity is the product of image resolution and grayscale level, which is super-large of 2 8 × m × n in case of m × n points of an image with 2 8 grayscale level. Numerical simulation results verify the feasibility and effectiveness of the proposed encryption.
The rest of this paper is organized as follows. Section 2 introduces the spherical diffraction and filtering diffusion technology. Section 3 presents principle of encryption and decryption. Section 4 shows simulation results. Section 5 draws a conclusion.

Encryption in Spherical Diffraction Domain
Since spherical diffraction (SpD) is an asymmetry diffraction propagation model [38], the SpDbased encryption should overcome the shortage of symmetry cryptosystem, which is based on traditional diffraction. According to the spherical diffraction theory [38][39][40][41][42], the object and the observation surfaces are concentric spheres. r and R represent the radii of the inner and outer surfaces of the concentric sphere, respectively. In this diffraction model, there are two models of propagation, namely the inside-out propagation (IOP) model and the outside-in propagation (OIP) model, as shown in Figure 1a and Figure 1b, respectively. We use QR (θR, φR) and Pr (θr, φr) in the spherical coordinates to denote the object and the observation points for the OIP model, respectively. The spherical coordinate of Qr (θr, φr) and PR (θR, φR) denote the object and the observation points for the IOP model, respectively. θr and θR are in the We use Q R (θ R , ϕ R ) and P r (θ r , ϕ r ) in the spherical coordinates to denote the object and the observation points for the OIP model, respectively. The spherical coordinate of Q r (θ r , ϕ r ) and P R (θ R , ϕ R ) denote the object and the observation points for the IOP model, respectively. θ r and θ R are in the range of −π to π, ϕ r and ϕ R are in the range of −π/2 to π/2. If we represent the diffraction Appl. Sci. 2020, 10, 5691 3 of 14 distributions on the inner and outer surfaces by u r (θ r , ϕ r ) and u R (θ R , ϕ R ), the diffraction integral formulas based on the Rayleigh-Sommerfeld integral equation of the two models can be written as where C denotes a constant and k denotes the wavenumber of the incident light. d denotes the distance between two points of P and Q on the object and observation surfaces. s represents the object surface.

Filtering Diffusion Technology
Image filtering is a digital image processing technology, which is mainly used to eliminate image noise or extract image features. The method performs convolution operation on a 2D image block and a 2D matrix, named kernel. To be specific, the additions of all the multiplications of the kernel pixels and image pixels are used as the value of the current pixel. The current pixel value corresponds to the center element of kernel, and the other elements correspond to adjacent pixels. R is the selected image block, the central pixel R x,y is the pixel to be processed, and M is the kernel. Assuming the kernel size is (2n + 1) × (2n + 1), the calculation of image filtering can be defined as Selecting a suitable kernel to filter can emphasize some features or remove unwanted parts in the image. However, we can also use a randomly generated kernel to diffuse the image for encryption. Since the slight change of the current pixel would affect the value of each subsequent pixel, it has a good diffusion effect.
To make the filtering invertible, we set the center pixel of the kernel as one and set other pixels as integers. To get a better diffusion effect, the lower-right corner of the kernel is set to correspond to the current pixel, namely M 2n+1,2n+1 = 1. The current pixel R x,y is processed by the upper and left adjacent pixels. Figure 2 shows the filtering diffusion process.
Appl. Sci. 2020, 10, x FOR PEER REVIEW 3 of 14 range of −π to π, φr and φR are in the range of −π/2 to π/2. If we represent the diffraction distributions on the inner and outer surfaces by ur (θr, φr) and uR (θR, φR), the diffraction integral formulas based on the Rayleigh-Sommerfeld integral equation of the two models can be written as where C denotes a constant and k denotes the wavenumber of the incident light. d denotes the distance between two points of P and Q on the object and observation surfaces. s represents the object surface.

Filtering Diffusion Technology
Image filtering is a digital image processing technology, which is mainly used to eliminate image noise or extract image features. The method performs convolution operation on a 2D image block and a 2D matrix, named kernel. To be specific, the additions of all the multiplications of the kernel pixels and image pixels are used as the value of the current pixel. The current pixel value corresponds to the center element of kernel, and the other elements correspond to adjacent pixels. R is the selected image block, the central pixel Rx,y is the pixel to be processed, and M is the kernel. Assuming the kernel size is (2n + 1) × (2n + 1), the calculation of image filtering can be defined as Selecting a suitable kernel to filter can emphasize some features or remove unwanted parts in the image. However, we can also use a randomly generated kernel to diffuse the image for encryption. Since the slight change of the current pixel would affect the value of each subsequent pixel, it has a good diffusion effect.
To make the filtering invertible, we set the center pixel of the kernel as one and set other pixels as integers. To get a better diffusion effect, the lower-right corner of the kernel is set to correspond to the current pixel, namely M2n+1,2n+1 = 1. The current pixel Rx,y is processed by the upper and left adjacent pixels. Figure 2 shows the filtering diffusion process. According to filtering diffusion theory [43,44], the calculation of filtering diffusion can be expressed as According to filtering diffusion theory [43,44], the calculation of filtering diffusion can be expressed as Before filtering the current pixel, the upper and left pixels should be processed. When doing inverse filtering, it is also required that the upper and left adjacent pixels have not been restored. Therefore, the processing order of inverse filtering should be reversed from that of the forward operation.

Principle of Encryption and Decryption
In the process of encryption, filtering diffusion and chaotic scrambling are first used to diffuse and scramble encrypted images, respectively. Second, multiple images are superimposed together using the XOR operation. Then, the superimposed image is transformed into the spherical diffraction domain. Finally, the improved equal modulus decomposition (EMD) is employed to obtain ciphertext and private key. The process of decryption is the inverse operation of encryption.

Process of Encryption
The multi-image encryption based on filtering diffusion and spherical diffraction is shown in Figure 3. Suppose the original gray images are represented by I N (x, y), the proposed method can be described as follows: Appl. Sci. 2020, 10, x FOR PEER REVIEW 4 of 14 Before filtering the current pixel, the upper and left pixels should be processed. When doing inverse filtering, it is also required that the upper and left adjacent pixels have not been restored. Therefore, the processing order of inverse filtering should be reversed from that of the forward operation.

Principle of Encryption and Decryption
In the process of encryption, filtering diffusion and chaotic scrambling are first used to diffuse and scramble encrypted images, respectively. Second, multiple images are superimposed together using the XOR operation. Then, the superimposed image is transformed into the spherical diffraction domain. Finally, the improved equal modulus decomposition (EMD) is employed to obtain ciphertext and private key. The process of decryption is the inverse operation of encryption.

Process of Encryption
The multi-image encryption based on filtering diffusion and spherical diffraction is shown in Figure 3. Suppose the original gray images are represented by IN (x, y), the proposed method can be described as follows: Step 1: First, the images are processed by filtering diffusion using the 2D kernel of size 2 × 2 individually. We set M2,2 as one, and the other three numbers are randomly generated integers from 0 to 255. In the filtering diffusion process, the leftmost column and the topmost row of the image do not have enough pixels for calculation. Hence, the rightmost and bottommost pixels can be used for expansion [43]. Starting from the upper left corner of the image, each pixel is processed in turn. The processed pixel value can be expressed as where F denotes the grayscale level.
Step 2: To get a better encryption effect, the images are scrambled by the chaotic sequence individually. The chaotic sequence is obtained by The range of xn is (0, 1) and the range of μ is (0, 4). Step 1: First, the images are processed by filtering diffusion using the 2D kernel of size 2 × 2 individually. We set M 2,2 as one, and the other three numbers are randomly generated integers from 0 to 255. In the filtering diffusion process, the leftmost column and the topmost row of the image do not have enough pixels for calculation. Hence, the rightmost and bottommost pixels can be used for expansion [43]. Starting from the upper left corner of the image, each pixel is processed in turn. The processed pixel value can be expressed as where F denotes the grayscale level.

of 14
Step 2: To get a better encryption effect, the images are scrambled by the chaotic sequence individually. The chaotic sequence is obtained by The range of x n is (0, 1) and the range of µ is (0, 4).
Step 3: Combining the images into one image using the XOR operation. The superimposed result can be written as At the same time, P N can be obtained by where P N is reserved as the private key of each image for decryption.
Step 4: The combined image f (x, y) is mapped on the spherical surface with a radius of R after it is modulated by the random phase mask RPM (x, y) = exp [iR 1 (x, y)]. R 1 is a random array uniformly distributed between 0 and 2π. According to the OIP model, the modulated image is transformed into a spherical coordinate. If we use U (x, y) to represent the complex amplitude after spherical diffraction, the expression can be written as Step 5: To improve the anti-attack ability, we use the improved EMD [45] to decompose complex amplitude. The distribution of complex amplitude can be written as where A is the amplitude and β represents the phase of U, rand() denotes a random function. The ciphertext C and the private key PK can be expressed as follows: where the ciphertext C and the private key PK are both real-valued, so that they are convenient for recording and transmission. Figure 4 shows process of decryption. The detailed steps are as follows:

Process of Decryption
Step 1: According to the Equation (13), we can get the complex amplitude U. The U is modulated by RPM* after spherical diffraction. The combined image f (x, y) can be obtained by where ISpD [•] resents the inverse process of the spherical diffraction calculation. Then f (x, y) is rounded to unify the data types.
Step 2: Based on the Equation (11), image I N (x, y) can be obtained by Step 3: According to the Equation (8), the decrypted images can be obtained by the inverse chaotic scrambling and the inverse filtering diffusion in this scheme.
[ ] where the ciphertext C and the private key PK are both real-valued, so that they are convenient for recording and transmission. Figure 4 shows process of decryption. The detailed steps are as follows: Step 1: According to the Equation (13), we can get the complex amplitude U. The U is modulated by RPM* after spherical diffraction. The combined image f (x, y) can be obtained by

Encryption and Decryption Results
The numerical simulation for the proposed encryption has been carried out on a PC with Intel (R) Core(TM) i5-7200U CPU 2.50 GHz and 8 GB memory capacity. Python 3.7 is used for this numerical simulation. The outer spherical R, inner spherical r and the wavelength λ are set as 500 × 10 −3 m, 50 × 10 −3 m and 250 × 10 −6 m, respectively, as shown in Table 1. According to the sampling theorem in the spherical diffraction calculation [41], the pixel numbers in the azimuthal and vertical directions are at least 2514 and 1257, respectively. If we take 1/5 of the surface for spherical diffraction, the minimum number of pixels required in the azimuthal and vertical directions are 503 and 252, respectively. Therefore, the size of the original image is selected as 512 × 512 pixels. Figure 5a-d show the original images with 512 × 512 pixels for the proposed method. Figure 5e,f shows the private key of the first image P 1 and the combined image f, respectively. Figure 5g,h shows the ciphertext C and the private key PK, respectively. Figure 5a1-d1 shows decrypted images with correct keys. To evaluate the decryption quality, the peak signal-to-noise (PSNR) and the correlation coefficient (CC) between the decrypted and original images are calculated. The formula of PSNR and CC can be given by where M × N is the size of image and E{•} denotes the expected value of the function, I o and I d represent the original and decrypted images, respectively. The PSNR and the CC values between the original images and corresponding decrypted images are infinity and 1, respectively, which shows the decrypted images are lossless. where M × N is the size of image and E{•} denotes the expected value of the function, Io and Id represent the original and decrypted images, respectively. The PSNR and the CC values between the original images and corresponding decrypted images are infinity and 1, respectively, which shows the decrypted images are lossless.

Key Sensitivity and Key Space Analysis
The key sensitivity is usually used to test whether the proposed method is stable. For brevity, only the decryption image "cameraman" is shown. The dependences of CC on the change of r, R, and λ are shown in Figure 6. When r, R, and λ value changes 2 × 10 −6 , 4 × 10 −6 , 4 × 10 −9 respectively, CC value would change dramatically. It shows that this method is extremely sensitive to the keys. From the above analysis, the key space of this method is (10 6 ) 3 = 10 18 .

Histogram
The histogram shows the effectiveness and security of the encryption. The ideal histogram should be almost different from the original image. The histograms of original images are shown in Figure 7a-d, respectively. Figure 7e shows the histogram of the encrypted image, which is very

Key Sensitivity and Key Space Analysis
The key sensitivity is usually used to test whether the proposed method is stable. For brevity, only the decryption image "cameraman" is shown. The dependences of CC on the change of r, R, and λ are shown in Figure 6. When r, R, and λ value changes 2 × 10 −6 , 4 × 10 −6 , 4 × 10 −9 respectively, CC value would change dramatically. It shows that this method is extremely sensitive to the keys. From the above analysis, the key space of this method is (10 6 ) 3 = 10 18 .

Key Sensitivity and Key Space Analysis
The key sensitivity is usually used to test whether the proposed method is stable. For brevity, only the decryption image "cameraman" is shown. The dependences of CC on the change of r, R, and λ are shown in Figure 6. When r, R, and λ value changes 2 × 10 −6 , 4 × 10 −6 , 4 × 10 −9 respectively, CC value would change dramatically. It shows that this method is extremely sensitive to the keys. From the above analysis, the key space of this method is (10 6 ) 3 = 10 18 .

Histogram
The histogram shows the effectiveness and security of the encryption. The ideal histogram should be almost different from the original image. The histograms of original images are shown in Figure 7a-d, respectively. Figure 7e shows the histogram of the encrypted image, which is very

Histogram
The histogram shows the effectiveness and security of the encryption. The ideal histogram should be almost different from the original image. The histograms of original images are shown in Figure 7a-d, respectively. Figure 7e shows the histogram of the encrypted image, which is very different from the original image. Figure 7f shows the other encrypted image using different original images, which is similar to Figure 7e.  Table 2 shows the adjacent pixels correlation of the four original images, the encrypted image and the encrypted image in other multi-image encryption method. An efficient encryption should significantly reduce the adjacent pixel correlation of the original images. It can be defined as

Adjacent Pixel Correlation
where X and Y are two different pixel sequences, in which each pixel is the adjacent pixel of X. μ and σ denote the mean value and the standard derivation, respectively. E [•] represents the mathematical expectation. Table 2 shows that the correlation between adjacent pixels of the ciphertext is much lower than that of the original images, and it's also lower than the results of other methods.  [36] 0.002800 0.034100 −0.054700 Ref. [22] −0.026800 0.013500 0.010300 Ref. [23] 0.025300 0.019700 0.026900

Noise and Occlusion Attacks
Images are susceptible to noise pollution during transmission. It is necessary to ensure that the encryption has a certain anti-noise attack capability. In this section, the multiplicative noise is added to the encrypted image to test the effects of noise. The multiplicative noise model is given by  Table 2 shows the adjacent pixels correlation of the four original images, the encrypted image and the encrypted image in other multi-image encryption method. An efficient encryption should significantly reduce the adjacent pixel correlation of the original images. It can be defined as

Adjacent Pixel Correlation
where X and Y are two different pixel sequences, in which each pixel is the adjacent pixel of X. µ and σ denote the mean value and the standard derivation, respectively. E [•] represents the mathematical expectation.  [36] 0.002800 0.034100 −0.054700 Ref. [22] −0.026800 0.013500 0.010300 Ref. [23] 0.025300 0.019700 0.026900 Table 2 shows that the correlation between adjacent pixels of the ciphertext is much lower than that of the original images, and it's also lower than the results of other methods.

Noise and Occlusion Attacks
Images are susceptible to noise pollution during transmission. It is necessary to ensure that the encryption has a certain anti-noise attack capability. In this section, the multiplicative noise is added to the encrypted image to test the effects of noise. The multiplicative noise model is given by where P and P denotes the encrypted image and the encrypted image with noise, respectively. G represents the white Gaussian noise with zero-mean and 0.01 standard deviation, k represents the noise strength. Figure 8 shows the decrypted results of the encrypted image with different strength noise. where P and P ′ denotes the encrypted image and the encrypted image with noise, respectively. G represents the white Gaussian noise with zero-mean and 0.01 standard deviation, k represents the noise strength. Figure 8 shows the decrypted results of the encrypted image with different strength noise.

Potential Attack Analysis
Usually, if the encryption can resist the chosen-plaintext attack, it can resist other common attacks. Based on the proposed method, the illegal user uses the encryption to encrypt arbitrary images to obtain fake private keys, which would be used to decrypt the original image. At the same time, the encryption key such as R, r, λ, and the 2D kernel is known by the illegal user. Figure 10a-d shows the decrypted image, which doesn't have any information about the original image. It shows that the proposed method can resist the chosen-plaintext attack.  where P and P ′ denotes the encrypted image and the encrypted image with noise, respectively. G represents the white Gaussian noise with zero-mean and 0.01 standard deviation, k represents the noise strength. Figure 8 shows the decrypted results of the encrypted image with different strength noise.

Potential Attack Analysis
Usually, if the encryption can resist the chosen-plaintext attack, it can resist other common attacks. Based on the proposed method, the illegal user uses the encryption to encrypt arbitrary images to obtain fake private keys, which would be used to decrypt the original image. At the same time, the encryption key such as R, r, λ, and the 2D kernel is known by the illegal user. Figure 10a-d shows the decrypted image, which doesn't have any information about the original image. It shows that the proposed method can resist the chosen-plaintext attack.

Potential Attack Analysis
Usually, if the encryption can resist the chosen-plaintext attack, it can resist other common attacks. Based on the proposed method, the illegal user uses the encryption to encrypt arbitrary images to obtain fake private keys, which would be used to decrypt the original image. At the same time, the encryption key such as R, r, λ, and the 2D kernel is known by the illegal user. Figure 10a-d shows the decrypted image, which doesn't have any information about the original image. It shows that the proposed method can resist the chosen-plaintext attack.
Usually, if the encryption can resist the chosen-plaintext attack, it can resist other common attacks. Based on the proposed method, the illegal user uses the encryption to encrypt arbitrary images to obtain fake private keys, which would be used to decrypt the original image. At the same time, the encryption key such as R, r, λ, and the 2D kernel is known by the illegal user. Figure 10a-d shows the decrypted image, which doesn't have any information about the original image. It shows that the proposed method can resist the chosen-plaintext attack.  Phase retrieval attack is usually used to test the security of the encryption method. Figure 11 shows the relation between the CC value of the combined image and iteration numbers. It shows that the CC value quickly converges to around 0 with the increase of iteration numbers, which indicates that the proposed method can resist phase retrieval attack effectively.
Appl. Sci. 2020, 10, x FOR PEER REVIEW 10 of 14 Phase retrieval attack is usually used to test the security of the encryption method. Figure 11 shows the relation between the CC value of the combined image and iteration numbers. It shows that the CC value quickly converges to around 0 with the increase of iteration numbers, which indicates that the proposed method can resist phase retrieval attack effectively. Figure 11. CC values change along with the iteration number.
An encryption system with good encryption effect should be able to resist differential attack. Generally, the number of pixel change rate (NPCR) and unified average changing intensity (UACI) are used to evaluate the ability to resist the differential attack, which are defined as follows: where E and E ′ are two ciphertexts, generated from two original images that have only one different pixel, and M × N is the size of image. To obtain NPCR and UACI, we choose one of the images to change a random pixel, and encrypt them with the same key. The results of NPCR and UACI are shown in Table 3. It shows that the proposed encryption can resist differential attack very well.  An encryption system with good encryption effect should be able to resist differential attack. Generally, the number of pixel change rate (NPCR) and unified average changing intensity (UACI) are used to evaluate the ability to resist the differential attack, which are defined as follows: where E and E are two ciphertexts, generated from two original images that have only one different pixel, and M × N is the size of image. To obtain NPCR and UACI, we choose one of the images to change a random pixel, and encrypt them with the same key. The results of NPCR and UACI are shown in Table 3. It shows that the proposed encryption can resist differential attack very well.

Time and Computational Complexity Analysis
In this analysis, we use the original images of size 265 × 256 and 512 × 512 to test the time to encrypt different numbers of images. The results are shown in Table 4. It shows that as the number of encryption increases, the encryption time also increases. At the same time, the computational complexity of the proposed encryption is O (n 2 ).

Capacity of Image Encryption
For a multi-image encryption, the number of encryption images is an essential indicator of measurement. In this proposed encryption, the bit-wise XOR operation for two images will maintain the pixel value range of original images. That is, the pixel value of the original images is in the range of 0-255, and the pixel value of the combined image is still in the range of 0-255 after using the XOR operation. Therefore, multi-image encryption through XOR multiplexing should have no decryption crosstalk theoretically. Since the private key of each different image generated in the encryption process must be different, the encryption capacity is limited by the maximum number of possible private keys, which is the product of the maximum grayscale level and the resolution of the private key image. Therefore, the encryption capacity EC can be expressed as where w represents the bit-depth of the encrypted image, m × n represents the size of the encrypted image. If the size of the encrypted image is m × n, and the grayscale level is 8, the encryption capacity would be 2 8 × m × n. We preprocess the images to ensure that each image is different. Figure 12 shows the decryption results of 200, 500, 1000, and 2000 different images with 64 × 64 pixels and their CC values, respectively. It can be seen that the decryption quality is still excellent when the number of encryption images reaches 2000. This indicates that the proposed encryption breaks through the number limitation of the conventional multi-image encryptions and greatly increases their encryption capacity.
We preprocess the images to ensure that each image is different. Figure 12 shows the decryption results of 200, 500, 1000, and 2000 different images with 64 × 64 pixels and their CC values, respectively. It can be seen that the decryption quality is still excellent when the number of encryption images reaches 2000. This indicates that the proposed encryption breaks through the number limitation of the conventional multi-image encryptions and greatly increases their encryption capacity.

Conclusions
In this article, we propose a large-capacity multi-image encryption using spherical diffraction and filtering diffusion. In this encryption, original images are combined into one image using the XOR operation after filtering diffusion. Then, the superimposed image is transformed into the spherical diffraction domain and encrypted by the improved EMD. Due to the remainder operation in the XOR operation, the range of the combined image is always maintained in the original image range, which would not exceed the limitation of image range or cause data crosstalk. Therefore, the encryption capacity is the product of image resolution and grayscale level, which is super-large of 2 8 × m × n in case of m × n points of an image with 2 8 grayscale level. Moreover, the proposed method is highly flexible due to individual decryption with the individual private key for each plaintext

Conclusions
In this article, we propose a large-capacity multi-image encryption using spherical diffraction and filtering diffusion. In this encryption, original images are combined into one image using the XOR operation after filtering diffusion. Then, the superimposed image is transformed into the spherical diffraction domain and encrypted by the improved EMD. Due to the remainder operation in the XOR operation, the range of the combined image is always maintained in the original image range, which would not exceed the limitation of image range or cause data crosstalk. Therefore, the encryption capacity is the product of image resolution and grayscale level, which is super-large of 2 8 × m × n in case of m × n points of an image with 2 8 grayscale level. Moreover, the proposed method is highly flexible due to individual decryption with the individual private key for each plaintext image. Besides, it can resisting phase-retrieval attack due to the asymmetry of spherical diffraction. The encryption system significantly increases the capacity of the multi-image encryption system, though it has weak anti-occlusion ability. In further work, the encryption method can be used in the color multi-image encryption system. The feasibility and effectiveness of the proposed encryption have been demonstrated by the simulation results.