Optical Hyperspectral Image Cryptosystem Based on Afﬁne Transform and Fractional Fourier Transform

: An encryption algorithm for hyperspectral data in fractional Fourier domain is designed. Firstly, the original hyperspectral image is separated into single bands and then each pair of bands are regarded as the real and imaginary part of a complex function by using an afﬁne transform. Subsequently, the complex functions are encoded and transformed in fractional Fourier domain (FrFT). The parameters in afﬁne transform and FrFT serve as the key of the encryption system. The proposed encryption scheme can not only protect the image information in spatial domains but also the spectrum information in spectral domains. Various experiments are given to demonstrate the validity and capability of the proposed encryption scheme.


Introduction
With the rapid development of modern communication technology, information security has attracted more and more attention from researchers around the world.Since Refregier and Javidi proposed double random phase encoding (DRPE) in 1995 [1], a great number of concerns have been raised for this novel optical security technique.In the past decade, many encryption schemes based on different optical systems have been reported [2][3][4][5][6][7][8].In particular, multiple-image encryption raises the attention of many researchers in the optical encryption area and many algorithms have been proposed [9][10][11][12][13].Referring to [13], the cascaded interference structure and vector stochastic decomposition algorithm are introduced into a multiple-image encryption cryptosystem, in which the silhouette problem in the traditional two-beam interference cryptosystem can be removed successfully.Moreover, the cryptosystem for multispectral and hyperspectral image has also been studied in recent years [14][15][16].In [15], by using the 3D Arnold transform, the hyperspectral image is extended from the spatial domain into the spectrum domain in an optical gyrator domain.The robustness of this cryptosystem is improved since secret data in the spectrum domain is impossible to retrieve from the spatial domain.Recently, an optical encryption algorithm for multiple spectral image was presented [17].To enhance the security, the hyperspectral image was converted into binary data and improved Chirikov mapping was designed to scramble the intermediate data.The feasibility and robustness of the encryption algorithm was verified.However, the large calculation limited the encryption speed in practical implementation.
Hyperspectral data contains rich information in both the spatial and spectral domains.With the help of spectral information, researchers are able to identify and distinguish the material of the object in the data.This special characteristic is useful in many military and civilian applications involved in the detection of the target or activity, like military vehicles or vehicle tracks [18].Besides, the ability of differentiating materials in recycling waste has made spectral information become a research focus in the field of laboratory measurements in medical diagnosis and chemical imaging [19].In this paper, we propose an optical cryptosystem for hyperspectral data in fractional Fourier transform (FrFT) domain.Firstly, the original hyperspectral cube is divided into various independent bands before the encryption.Then, an affine transform is designed to scramble each pair of bands in the original data and then these two images become the real and imaginary part of a complex mask.Subsequently, the converted data are encoded and transformed into the optical FrFT transform.The parameters used in FrFT serve as the extra keys of the encryption.Finally, the discrete cosine transform (DCT) is considered to improve the security of the keys.One of the novelties of the proposed scheme is that we expand the ordinary image into hyperspectral image cryptosystem, which encrypts both the spatial and spectrum information synchronously.Moreover, compared to the encryption schemed presented in [17], the proposed method reduces the calculation and storage space of the encrypted data.Besides, the optical setup of FrFT is more simple and feasible compared to the gyrator transform.
The rest of the paper is summarized as follows.In Section 2, the intact cryptosystem is introduced in detail.Various numerical experiment results are given to test the validity of the scheme in Section 3. In the final section, the discussion and conclusions are given.

Fractional Fourier Transform
Firstly, the FrFT will be introduced briefly.In the signal processing field, the FrFT can be regarded as time-frequency joint representation and it has been widely utilized in signal and image processing [20,21].The mathematical definition of FrFT can be written as where F(u, v) and g(x, y) represent the output and input function of FrFT, respectively.In the proposed algorithm, g(x, y) denotes a single band of the hyperspectral data.The symbol α denotes the order in this transform and the definition of Equation ( 1) is effective when α = 0. Besides, the function A α is a constant phase factor decided by α.

Affine Transform
To complete the encryption, an affine transform is considered and utilized.The definition of the affine transform can be expressed as where the symbol ψ and θ represent two random real number function satisfying uniform distribution.
In fact, to enhance the security of the encryption system, the form of ψ can be defined by many nonlinear types.By simple deduction, the inverse matrix of F(θ) can be expressed as where the function θ(x, y) and ψ(x, y) are two random real number matrices having the same size as the image, and satisfying uniform distribution.The affine transform described in Equations ( 2) and (3) will be employed in the encryption and decryption approaches to complete the cryptosystem.

Discrete Cosine Transform
DCT was first proposed by Nurzaman Ahmed in 1974 and soon expanded to the area of digital processing, especially in pattern recognition and encryption [22].DCT is utilized to change the spatial distribution of the pixel value of an image in many cryptosystems.The mathematical definition of DCT with input sequence x 0 , x 1 , . . ., x n−1 or matrix having n × n pixels can be expressed as where the function f m is the output sequence or matrix having the same size with input function, but the spatial distribution of pixel value is changed.The symbol "m" represents the serial number of the output function.To complete the cryptosystem, the DCT is considered and utilized in scrambling the parameters in FrFT generated in the encryption scheme.

The Encryption Scheme
The flowchart of the intact encryption algorithm is displayed in Figure 1.As shown in the Figure 1, the original hyperspectral image was separated into single bands and then each possible pair of bands was combined by employing the affine transform.Subsequently, the scrambled data were converted in FrFT domain.Finally, the parameters α in FrFT generated in the encryption scheme were calculated by DCT.The output result of DCT serves as the key of the cryptosystem.In the encryption approach, two bands are combined into one complex function and then transformed in the FrFT domains.Therefore, the final encrypted data obtained in the output plane has only 50% bands of the original hyperspectral image.For instance, the original hyperspectral image having 100 bands is encrypted, and the corresponding encrypted data has 50 bands.Accordingly, the storage space of the encrypted data is reduced.

Numerical Simulations
In this section, various numerical simulations are given to validate the performance of the proposed hyperspectral image encryption scheme.As shown in Figure 2, one hyperspectral image named "Sandiego", having 189 bands, which was captured by AVIRIS (Jet Propulsion Laboratory, The encryption system can be carried out by an electro-optical hybrid setup depicted in Figure 1.The FrFT is achieved in an optical system and the affine transform and DCT are calculated in computer.Furthermore, the spatial light module (SLM) and charge-coupled device (CCD) are considered and utilized to accomplish data communication between the computer and optical system.

Numerical Simulations
In this section, various numerical simulations are given to validate the performance of the proposed hyperspectral image encryption scheme.As shown in Figure 2, one hyperspectral image named "Sandiego", having 189 bands, which was captured by AVIRIS (Jet Propulsion Laboratory, USA), was used in the following experiment.In fact, any other hyperspectral image or multiband data can be used to process the presented cryptosystem.To simplify the calculation, we selected the first 100 bands from the 189 bands in the original hyperspectral image.Therefore, the dataset was used in the following experiments having the size 256 × 256 × 100.The random function ψ and θ in affine transform are the random functions having 256 × 256 pixels in the range of [0, 1] and [0, 2π], respectively.To simplify the encryption process, the parameter of FrFT was set to 0.5 in our encryption scheme.In fact, the parameters can be different for each band to enhance the security.The hardware parameters of the computer used in the simulation experiment are Core 2, CPU 2.1GHz, and 2048 Mb memory (T430, Thinkpad Lenove, Beijing, China).By using the conditions described above, the encryption results are displayed in Figure 3.As shown in Figure 3, the encrypted result is a noise-like image.

Numerical Simulations
In this section, various numerical simulations are given to validate the performance of the proposed hyperspectral image encryption scheme.As shown in Figure 2, one hyperspectral image named "Sandiego", having 189 bands, which was captured by AVIRIS (Jet Propulsion Laboratory, USA), was used in the following experiment.In fact, any other hyperspectral image or multiband data can be used to process the presented cryptosystem.To simplify the calculation, we selected the first 100 bands from the 189 bands in the original hyperspectral image.Therefore, the dataset was used in the following experiments having the size 256 × 256 × 100.The random function ψ and θ in affine transform are the random functions having 256 × 256 pixels in the range of [0,1] and [0, 2 ] π , respectively.To simplify the encryption process, the parameter of FrFT was set to 0.5 in our encryption scheme.In fact, the parameters can be different for each band to enhance the security.The hardware parameters of the computer used in the simulation experiment are Core 2, CPU 2.1GHz, and 2048 Mb memory (T430, Thinkpad Lenove, Beijing, China).By using the conditions described above, the encryption results are displayed in Figure 3.As shown in Figure 3, the encrypted result is a noise-like image.The peak signal-to-noise ratio (PSNR) is considered and introduced to weight the discrepancy between the decrypted and original data.The mathematical definition of PSNR is expressed as follows: The peak signal-to-noise ratio (PSNR) is considered and introduced to weight the discrepancy between the decrypted and original data.The mathematical definition of PSNR is expressed as follows: where the symbol I d and I 0 represent the decrypted data and original data, respectively.In addition, the sizes of the data can be represented by M and N. Here, the value of M and N are fixed at 256.

Validation of the Encryption Scheme
As mentioned above, the encryption data of this encryption has 50 single bands.Therefore, it is difficult to estimate the difference between two different size hyperspectral images.To show the results convincingly, a random band extracted from the original hyperspectral image is used to calculate the PSNR with each band of the ciphertext.In this experiment, the 27th band of the original image is chosen, and the PSNR values are listed in Table 1.As we can see from Table 1, the PSNR values between the decrypted data and original date range from 1.4699 to 2.4062, which indicate that the images are very different.In other words, the proposed cryptosystem can protect the original information successfully.In addition, to examine the PSNR values between the original band and correct decrypted band, another experiment is done.In the decryption approach, all the keys are given and the 27th band is decrypted completely.The PSNR value between the 27th image and the retrieved 27th image is 295.7293, which indicates that the proposed algorithm recovered the original image completely.The original 27th band and decrypted 27th are displaced in Figure 4.
proposed cryptosystem can protect the original information successfully.In addition, to examine the PSNR values between the original band and correct decrypted band, another experiment is done.In the decryption approach, all the keys are given and the 27th band is decrypted completely.The PSNR value between the 27th image and the retrieved 27th image is 295.7293, which indicates that the proposed algorithm recovered the original image completely.The original 27th band and decrypted 27th are displaced in Figure 4.

The Sensitivity Test of the Extra key α
The parameter α in FrFT can be severed as an extra key for this cryptosystem.To test the sensitivity of the parameter α , an experiment was designed as follows.In the encryption approach, α is set as 0.5.In the decryption process, suppose that the main key is known, the additional key α is changed around 0.5, and the corresponding PSNR curve is illustrated in Figure 5.In calculation, the sampling step length of α is 0.01 between 0.25 and 0.75.As we can see from Figure 5, the 24th band and 26th band of the decrypted image are the noise pattern; even the values of α are so close to the correct value 0.5.In the decryption result, only the 25th band image is decrypted successful.The experimental result indicates that the parameter α is sensitive and can protect the secret hyperspectral image well.

The Sensitivity Test of the Extra key α
The parameter α in FrFT can be severed as an extra key for this cryptosystem.To test the sensitivity of the parameter α, an experiment was designed as follows.In the encryption approach, α is set as 0.5.In the decryption process, suppose that the main key is known, the additional key α is changed around 0.5, and the corresponding PSNR curve is illustrated in Figure 5.In calculation, the sampling step length of α is 0.01 between 0.25 and 0.75.As we can see from Figure 5, the 24th band and 26th band of the decrypted image are the noise pattern; even the values of α are so close to the correct value 0.5.In the decryption result, only the 25th band image is decrypted successful.The experimental result indicates that the parameter α is sensitive and can protect the secret hyperspectral image well.

Occlusion Attack and Noise Attack Experiments
The occlusion attack and noise attack are considered and utilized for the robustness analysis of the proposed cryptosystem.To simplify the calculation, the 27th encrypted band is considered and utilized in occlusion and noise attack, analysis.In fact, the other encrypted band can also obtain the same result.In the occlusion attack experiment, the decryption approach is employed by using the correct key from the partly occluded 27th band image, which is displayed in Figure 6a.Note that the occluded pixels are substituted with 0 in the experiment, and the corresponding recovered result is presented in Figure 6b.Apparently, the outline information of the secret image is recognizable.

Occlusion Attack and Noise Attack Experiments
The occlusion attack and noise attack are considered and utilized for the robustness analysis of the proposed cryptosystem.To simplify the calculation, the 27th encrypted band is considered and utilized in occlusion and noise attack, analysis.In fact, the other encrypted band can also obtain the same result.In the occlusion attack experiment, the decryption approach is employed by using the correct key from the partly occluded 27th band image, which is displayed in Figure 6a.Note that the occluded pixels are substituted with 0 in the experiment, and the corresponding recovered result is presented in Figure 6b.Apparently, the outline information of the secret image is recognizable.

Occlusion Attack and Noise Attack Experiments
The occlusion attack and noise attack are considered and utilized for the robustness analysis of the proposed cryptosystem.To simplify the calculation, the 27th encrypted band is considered and utilized in occlusion and noise attack, analysis.In fact, the other encrypted band can also obtain the same result.In the occlusion attack experiment, the decryption approach is employed by using the correct key from the partly occluded 27th band image, which is displayed in Figure 6a.Note that the occluded pixels are substituted with 0 in the experiment, and the corresponding recovered result is presented in Figure 6b.Apparently, the outline information of the secret image is recognizable.To complete the noise attack experiment, a noise model is designed as follows: where the function ( , ) I x y is the 27th band of the encrypted data and ( , )  To complete the noise attack experiment, a noise model is designed as follows: where the function I(x, y) is the 27th band of the encrypted data and I y) denotes I(x, y) with noise.The function σ 0,1 (x, y) represents the random data-satisfied uniform distribution.Besides, the parameter p is the coefficient representing the noise intensity.By using this noise model, the noise data can be added into the secret encrypted 27th band image with different intensity noise.The corresponding PSNR curve is depicted in Figure 7 by decrypting the data I (x, y) with various values of p.In addition, the two decrypted images drawn in Figure 7 are calculated with the noise intensity p = 0.4 and p = 0.9, respectively.The main information of the 27th band image can be recognized.The corresponding PSNR curve is depicted in Figure 7 by decrypting the data ( , ) I x y ′ with various values of p.In addition, the two decrypted images drawn in Figure 7 are calculated with the noise intensity p = 0.4 and p = 0.9, respectively.The main information of the 27th band image can be recognized.

Known Plaintext Attack and Chosen Plaintext Attack Experiments
Furthermore, the known plaintext attack and chosen plaintext attack [23][24] are also considered to demonstrate the robustness of the proposed algorithm.Firstly, an encryption model is designed to

Figure 2 .
Figure 2. The (a) RGB color composite and (b) 88th band data of the original hyperspectral image.Figure 2. The (a) RGB color composite and (b) 88th band data of the original hyperspectral image.

Figure 2 .Figure 3 .
Figure 2. The (a) RGB color composite and (b) 88th band data of the original hyperspectral image.Figure 2. The (a) RGB color composite and (b) 88th band data of the original hyperspectral image.Appl.Sci.2018, 8, x FOR PEER REVIEW 5 of 11

Figure 3 .
Figure 3. Experimental results: (a) the encrypted image and (b) decrypted image.

Figure 4 .
Figure 4.The (a) original 27th band and (b) the decrypted 27th band.The peak signal-to-noise ratio (PSNR) value of (a) and (b) is 295.7293.

Figure 4 .
Figure 4.The (a) original 27th band and (b) the decrypted 27th band.The peak signal-to-noise ratio (PSNR) value of (a) and (b) is 295.7293.

Figure 5 .
Figure 5.The PSNR curve calculated by different values of parameter α .

Figure 5 .
Figure 5.The PSNR curve calculated by different values of parameter α.

Figure 5 .
Figure 5.The PSNR curve calculated by different values of parameter α .

Figure 6 .
Figure 6.The experiment result of occlusion attack: (a) the occluded 27th band encrypted image and (b) decrypted image.
, ) I x y with noise.The function 0,1 ( , ) x y σ represents the random data-satisfied uniform distribution.Besides, the parameter p is the coefficient representing the noise intensity.By using this noise model, the noise data can be added into the secret encrypted 27th band image with different intensity noise.

Figure 6 .
Figure 6.The experiment result of occlusion attack: (a) the occluded 27th band encrypted image and (b) decrypted image.

Figure 7 .
Figure 7.The PSNR curve of noise attack including the decrypted 27th band with p = 0.4 and p = 0.9.

Figure 7 .
Figure 7.The PSNR curve of noise attack including the decrypted 27th band with p = 0.4 and p = 0.9.

Table 1 .
The peak signal-to-noise ratio (PSNR) values between decrypted image and original image.