Research on Improving Data Efficiency in Double Random Phase Encryption

Abstract

A notable drawback of Double Random Phase Encryption (DRPE), a prominent optical cryptography technique, is its low data efficiency. This is because both the encrypted image and the decryption key are represented as complex numbers. To address this issue, a conventional method was proposed that encrypts two images simultaneously by treating the first image as amplitude and the second image as phase. Nevertheless, processes such as integral imaging, which extract 3D object information from images, utilize vast amounts of imagery, necessitating further enhancements in data efficiency. The objective of this research is to enhance DRPE and improve data efficiency by increasing the number of images that can be processed simultaneously. This paper incorporates the information from a third image into the random phase mask used in conventional methods, enabling the simultaneous processing of three images. It also proposes a method to synthesize two images by extracting their high-order bits and combining them. The combination of this image composition method as a preprocessing step with the proposed DRPE method enables the simultaneous processing of six images. As a result, the proposed method achieves a data efficiency approximately six times that of the basic DRPE and approximately three times that of conventional methods. The quality of the decrypted images was evaluated using PSNR and SSIM, while the encryption strength was assessed in terms of key space, key sensitivity, entropy, and correlation coefficients.

1. Introduction

Optical encryption, which exploits the properties of light and optical components, has attracted significant attention across various industries for protecting personal information. Among various optical cryptographic schemes, Double Random Phase Encryption (DRPE) has been a foundational technology since its inception [1]. Subsequent research has significantly expanded its capabilities by exploring various functional directions. Specifically, multiple studies have focused on enhancing cryptographic strength against advanced attacks [2,3,4,5]. In parallel, significant progress has been made in the area of optical authentication systems [6,7]. However, a logical evaluation of these developments reveals a persistent challenge. While security and application-specific robustness have been extensively studied, the issue of data efficiency is less frequently addressed. Research addressing the practical constraints of data volume, such as [8], remains relatively limited. Standard DRPE encrypts an image using two random phase masks through a $4f$ optical system. In the encryption process, the original image is first multiplied by a random phase mask in the spatial domain, introducing phase modulation and spreading the image information. A Fourier transform is then applied, followed by multiplication with a second random phase mask in the frequency domain. Finally, an inverse Fourier transform completes the encryption. In contrast, decryption is performed using the complex conjugate of the second random phase mask as key information. Specifically, the encrypted image undergoes a Fourier transformation, followed by multiplication with the complex conjugate mask. This process serves to eliminate the phase modulation that was introduced during the encryption process. Subsequently, an inverse Fourier transformation is performed on the result. The subsequent calculation of the absolute value of the resulting data effectively eliminates the residual phase component, thereby yielding the decrypted image. However, both the encrypted image and the decryption key are represented as complex valued data. This representation necessitates the transmission of both real and imaginary parts, which results in reduced data efficiency. This limitation becomes especially critical for optical three-dimensional (3D) imaging techniques such as integral imaging [9,10,11], which reconstructs 3D scenes from a large number of element images captured from multiple viewpoints. Assuming 100 element images are used and each element image has a 4K resolution with 8-bit RGB depth, the total data size can be calculated as

$$\begin{array}{cc}\hfill & 3840\left(\mathrm{H}\right)\times 2160\left(\mathrm{V}\right)\times 3\left(\mathrm{RGB}\right)\times 100\left(\mathrm{number}\mathrm{of}\mathrm{element}\mathrm{images}\right)\hfill \\ \hfill & \times 2\left(\mathrm{real}\mathrm{and}\mathrm{imaginary}\mathrm{parts}\right)\times 2\left(\mathrm{encrypted}\mathrm{image}\mathrm{and}\mathrm{decryption}\mathrm{key}\right)\approx 10\mathrm{GB}\hfill \end{array}$$

(1)

This result clearly indicates that the data efficiency of basic DRPE is extremely low. A data volume of $10\mathrm{GB}$ per transmission exceeds the practical capacity of many standard network infrastructures. Such an excessive data requirement imposes a significant burden on the communication environment, making it difficult to deploy the system in general-purpose network applications.

To mitigate this problem, a DRPE scheme capable of simultaneously encrypting two images has been proposed [12]. In this scheme, one image is encrypted in the amplitude, while the other is encrypted in the phase. Under the same conditions, the total data size required by this scheme can be calculated as

$$\begin{array}{c}\hfill 3840\times 2160\times 3\times 100\times 2\times 2÷2\left(\mathrm{number}\mathrm{of}\mathrm{images}\mathrm{processed}\mathrm{simultaneously}\right)\approx 5\mathrm{GB}\end{array}$$

(2)

This result indicates that the required data size is reduced to approximately $5\mathrm{GB}$, corresponding to a twofold improvement in data efficiency. However, this volume still presents substantial challenges for data management and storage. Specifically, handling 5 GB of complex-valued encrypted data is often prohibitive for various computing devices with limited RAM capacity. Therefore, further enhancing the data efficiency of DRPE is essential for its practical implementation, ensuring compatibility with the hardware resource constraints of high-volume data systems.

In this paper, we propose a DRPE scheme capable of encrypting three images simultaneously by embedding the third image into the random phase mask used in conventional DRPE. In addition, we introduce an image composition technique that combines two images by extracting and merging their high-order bits. By integrating these methods, we further develop a DRPE scheme that can simultaneously process six images, thereby achieving a significant improvement in data efficiency.

2. Principle

This section describes the basic principle of DRPE, the conventional DRPE for the simultaneous processing of two images, and the RSA cryptography and bit-plane representation used in the proposed method.

2.1. Double Random Phase Encryption

DRPE is an optical encryption scheme that employs two independent random phase masks through a $4f$ optical system. This subsection summarizes the fundamental principle of DRPE and describes the corresponding optical configurations for encryption and decryption.

2.1.1. Encryption

The DRPE encryption process can be realized with a $4f$ optical configuration, as shown in Figure 1. The system performs phase modulation in both the spatial and frequency domains using two different random phase masks. First, the input image $I\left(x\right)$ is multiplied by the first random phase mask $e^{i2\pi n_s\left(x\right)}$ in the spatial domain, introducing phase modulation. The beam is then propagated through lens 1, where its Fourier spectrum is formed at the focal plane. The second random phase mask $e^{i2\pi n_f\left(\mu \right)}$ placed at this plane modulates the spectral components. Finally, propagation through lens 2 yields the encrypted image $I_e\left(x\right)$ in the spatial domain.

Propagation through lens 1 corresponds to a Fourier transform, phase modulation by two phase masks corresponds to multiplication, and propagation through lens 2 corresponds to an inverse Fourier transform [13]. Thus, the encryption process can be expressed as [1]

$$I_e\left(x\right)={\mathcal{F}}^{-1}\left[\mathcal{F}\left\{I\left(x\right)e^{i2\pi n_s\left(x\right)}\right\}{e}^{i2\pi n_f\left(\mu \right)}\right]$$

(3)

The functions $n_s\left(x\right)$ and $n_f\left(\mu \right)$ represent random numbers generated from a uniform distribution over $[0,1]$.

In DRPE, the complex conjugate of the second phase mask serves as the decryption key. Both the encrypted image and the key are represented as complex-valued data, consisting of amplitude and phase components.

2.1.2. Decryption

The DRPE decryption process can be realized with a $4f$ optical system, as shown in Figure 2. The encrypted image is first transformed by lens 1 to produce its Fourier spectrum at focal plane f. The spectrum is then processed with the complex conjugate of the second random phase mask, removing the phase modulation introduced during encryption. After propagation through lens 2, the reconstructed field is detected by the image sensor, yielding the decrypted image ${\tilde{I}}_d\left(x\right)$.

Propagation through lens 1 corresponds to a Fourier transform, the cancellation of phase modulation by the complex conjugate of the second random phase mask corresponds to multiplication, propagation through lens 2 corresponds to an inverse Fourier transform, and recording by the image sensor corresponds to the absolute value. Thus, the decryption process can be expressed as [1]

$${\tilde{I}}_d\left(x\right)=\left|{\mathcal{F}}^{-1}\left[\mathcal{F}\left\{I_e\left(x\right)\right\}{e}^{-i2\pi n_f\left(\mu \right)}\right]\right|$$

(4)

Figure 3 presents examples of encrypted and decrypted images obtained using Equations (3) and (4).

Because both encrypted images and decryption keys are represented as complex-valued data, transmission requires sending their real and imaginary components separately. Thus, encrypting a single image requires transmitting four images, resulting in low data efficiency. To address this issue, a DRPE scheme capable of processing two images simultaneously has been proposed [12], as described in the next subsection.

2.2. DRPE for Simultaneous Encryption of Two Images

This enhanced DRPE method allows for two images to be encrypted and decrypted simultaneously. Hereafter, this method is referred to as two-image DRPE. Its key feature is that the first random phase mask is generated from one image, rather than from random values.

2.2.1. Encryption

Figure 4 illustrates the encryption process of the two-image DRPE. The first image $I_1\left(x\right)$ is multiplied by a phase mask $e^{i2\pi I_2\left(x\right)}$ derived from the second image. The result is Fourier-transformed and multiplied by a random phase mask $e^{i2\pi n_f\left(\mu \right)}$, and the final encrypted image $I_e\left(x\right)$ is obtained using an inverse Fourier transform. Here, the decryption key is the complex conjugate of the second phase mask.

The encryption process is expressed by [12]

$$I_e\left(x\right)={\mathcal{F}}^{-1}\left[\mathcal{F}\left\{I_1\left(x\right)e^{i2\pi I_2\left(x\right)}\right\}{e}^{i2\pi n_f\left(\mu \right)}\right]$$

(5)

Figure 5 shows the encryption result of the two-image DRPE using Equation (5), in which the original images remain visually recognizable.

2.2.2. Decryption

Figure 6 illustrates the decryption process of the two-image DRPE. The decryption flow is similar to that of the basic DRPE decryption. The encrypted image is first Fourier-transformed by lens 1. Multiplying the spectrum by the complex conjugate of the random phase mask cancels the spectral modulation applied during encryption. The beam is then inverse Fourier-transformed by lens 2 to yield the decrypted data $D\left(x\right)$. The amplitude of the decrypted data corresponds to image 1 ${\tilde{I}}_1\left(x\right)$, and the phase corresponds to image 2 ${\tilde{I}}_2\left(x\right)$.

The decryption process is expressed as [12]

$$D\left(x\right)={\mathcal{F}}^{-1}\left[\mathcal{F}\left\{I_e\left(x\right)\right\}{e}^{-i2\pi n_f\left(\mu \right)}\right]$$

(6)

$${\tilde{I}}_1\left(x\right)=\left|D\left(x\right)\right|=\left|I_1\left(x\right)e^{i2\pi I_2\left(x\right)}\right|=I_1\left(x\right)$$

(7)

$${\tilde{I}}_2\left(x\right)={\displaystyle \frac{arg\left\{D\right(x\left)\right\}}{2\pi }}={\displaystyle \frac{2\pi I_2\left(x\right)}{2\pi }}=I_2\left(x\right)$$

(8)

The process for reconstructing decrypted image 1 from the amplitude is expressed by Equation (7), and the process for reconstructing decrypted image 2 from the phase is expressed by Equation (8).

Figure 7 shows the result of decrypting the encrypted image (Figure 5c) using Equations (6)–(8). Comparing the decrypted images (Figure 7b,c) with the original images (Figure 5a,b) confirms that the decryption is successful.

The two-image DRPE improves data efficiency by processing two images simultaneously.

However, further improvements are essential for application to technologies requiring a large number of images. Therefore, this paper aims to enhance data efficiency by increasing the number of images that can be processed concurrently.

2.3. RSA Cryptography

RSA cryptography is a representative public-key cryptography algorithm published in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman [14,15,16]. In RSA encryption, the plaintext M is encrypted using the public key E and decrypted using the private key D. The public key is disclosed to others, while the private key is kept secret and not shared with anyone. Even if one knows key E, they cannot know key D, and the ciphertext C can only be decrypted with the corresponding key. Therefore, only the intended recipient can read the plaintext. This technology solves the key distribution problem that occurs in symmetric-key cryptosystems, which use a common key for both encryption and decryption. In RSA cryptography, plaintext is treated as an integer in the range $[0,n-1]$, with the public key being $(e,n)$ and the private key being $(d,n)$. The encryption process can be expressed by Equation (9), and the decryption process by Equation (10).

$$C\equiv M^e(modn)$$

(9)

$$M\equiv C^d(modn)$$

(10)

In Equations (9) and (10), $mod$ denotes the modulo operator, and e and d are chosen such that $e·d\equiv 1(mod(p-1\left)\right(q-1\left)\right)$. The primes p and q in this congruence are distinct large primes. Through this congruence and Euler’s theorem, $D\left(E\left(M\right)\right)={\left(M^e\right)}^d\equiv M^{e·d}(modn)\equiv M$. Here, D represents the decryption process and E represents the encryption process, thereby guaranteeing correct decryption. The key generation procedure for each key is described below. First, two very large prime numbers, p and q, are randomly selected, and their product $n=p·q$ is computed. Next, $\mathsf{\Phi }\left(n\right)=(p-1)(q-1)$ is computed. Then, any integer e coprime to $\mathsf{\Phi }\left(n\right)$ is selected. Then, e and n become the public key. Finally, using the Euclidean algorithm, an integer d is computed such that $e·d\equiv 1(mod\mathsf{\Phi }(n\left)\right)$. Therefore, d and n become the private key. Figure 8 illustrates encrypted communication using RSA cryptography.

RSA cryptography relies on the difficulty of factoring large composite numbers. When this method was proposed in 1978, it was demonstrated that factoring a 100-digit natural number n would require decades, leading to a recommended key length of 200 digits. Due to improvements in computer performance and advances in prime factorization algorithms, the recommended key length has increased. Currently, 2048 bits (approximately 617 digits) or more is recommended.

2.4. Bit-Plane Representation

In a bit-plane representation, each pixel value in an image is decomposed into individual bits, forming binary images corresponding to each bit position [17,18,19]. For an 8-bit grayscale image, pixel values range from 0 to 255 and are represented as $b_7,b_6,b_5,b_4,b_3,b_2,b_1,b_0$, where $b_7$ is the most significant bit (MSB) and $b_0$ is the least significant bit (LSB). Higher-order bit-planes contain coarse structural and tonal information, having a significant influence on pixel values. Low-order bit-planes contain fine details and noise, having a minor influence on pixel values. This hierarchical structure makes bit-plane analysis useful for image compression and processing. Figure 9 shows an example of bit-plane decomposition.

3. Proposed Method

This section presents a DRPE method capable of encrypting three images simultaneously by extending conventional two-image DRPE. In addition, an image composition method based on bit-plane extraction is introduced, which enables the composition of two images into a single 8-bit image. By integrating these two techniques, we further develop a DRPE scheme capable of encrypting six images simultaneously, thereby achieving higher data efficiency.

3.1. DRPE Capable of Simultaneously Encrypting Three Images

We first propose an enhanced DRPE method that enables the simultaneous processing of three images, hereafter referred to as the three-image DRPE. In this method, the random phase mask used in the conventional two-image DRPE is replaced with mask data that embed a third image. The overall encryption and decryption flows are described below.

3.1.1. Encryption

Figure 10 and Figure 11 illustrate the encryption process. First, mask data $e^{i2\pi \{I_3\left(x\right)+n_s\left(x\right)\}}$ is generated by multiplying the third image $I_3\left(x\right)$ with a random phase mask. A seed value is specified when generating this random phase mask, allowing the same mask to be reproduced during decryption [20]. Next, as shown in Figure 11, the first image $I_1\left(x\right)$ is multiplied by the phase mask $e^{i2\pi I_2\left(x\right)}$ generated from the second image. A Fourier transform is then applied, followed by multiplication with the mask data. Finally, an inverse Fourier transform yields the encrypted image $I_e\left(x\right)$. This image contains information from both $I_1\left(x\right)$ and $I_2\left(x\right)$. The decryption keys consist of the seed value used for mask-data generation and the complex conjugate of the mask data, which contains the information of $I_3\left(x\right)$. The seed value functions as a symmetric key. However, since it is generated dynamically during the encryption process, pre-sharing it is impractical. Transmitting this key over an open channel introduces the classical key distribution problem. To address this issue, the proposed method employs the RSA public-key cryptosystem to securely encrypt and transmit the seed value. Although asymmetric cryptography is generally more computationally demanding than symmetric methods such as AES, the overhead is negligible in this system because the RSA operation is applied only to the 128-bit seed value. This hybrid approach enables secure key exchange without degrading the overall system performance.

The mask data generation and the encryption can be expressed by Equation (11) and Equation (12), respectively.

$$e^{i2\pi I_3\left(x\right)}\times e^{i2\pi n_s\left(x\right)}=e^{i2\pi \{I_3\left(x\right)+n_s\left(x\right)\}}$$

(11)

$$I_e\left(x\right)={\mathcal{F}}^{-1}\left[\mathcal{F}\left\{I_1\left(x\right)e^{i2\pi I_2\left(x\right)}\right\}{e}^{i2\pi \{I_3\left(x\right)+n_s\left(x\right)\}}\right]$$

(12)

3.1.2. Decryption

Figure 12 presents the decryption process for images 1 and 2, while Figure 13 describes the decryption process for image 3. The decryption flow for images 1 and 2 is similar to that of the conventional two-image DRPE decryption method. The encrypted image is first Fourier-transformed by lens 1. Multiplying the spectrum by the complex conjugate of the mask data cancels the spectral modulation applied during encryption. The beam is then inverse Fourier-transformed by lens 2 to yield the decrypted data 1 $D_1\left(x\right)$. Decrypted image 1 ${\tilde{I}}_1\left(x\right)$ can be obtained from the amplitude, and decrypted image 2 ${\tilde{I}}_2\left(x\right)$ can be obtained from the phase. As shown in Figure 13, the decryption process for image 3 first decrypts the seed value, which is the key, using RSA cryptography. A random phase mask is regenerated from the decrypted seed value. Its complex conjugate is multiplied by the mask data to yield decrypted data 2 $D_2\left(x\right)$. By normalizing the phase information, decrypted image 3 ${\tilde{I}}_3\left(x\right)$ can be obtained.

The decryption processes for decrypted data 1, image 1, and image 2 are expressed by Equations (13), (14), and (15), respectively.

$$D_1\left(x\right)={\mathcal{F}}^{-1}\left[\mathcal{F}\left\{I_e\left(x\right)\right\}{e}^{-i2\pi \{I_3\left(x\right)+n_s\left(x\right)\}}\right]$$

(13)

$${\tilde{I}}_1\left(x\right)=\left|D_1\left(x\right)\right|=\left|I_1\left(x\right)e^{i2\pi I_2\left(x\right)}\right|=I_1\left(x\right)$$

(14)

$${\tilde{I}}_2\left(x\right)={\displaystyle \frac{arg\left\{D_1\left(x\right)\right\}}{2\pi }}={\displaystyle \frac{2\pi I_2\left(x\right)}{2\pi }}=I_2\left(x\right)$$

(15)

The decryption processes for decrypted data 2, and image 3 are expressed by Equations (16) and (17), respectively.

$$D_2\left(x\right)=e^{i2\pi \{I_3\left(x\right)+n_s\left(x\right)\}}\times e^{-i2\pi n_s\left(x\right)}=e^{i2\pi I_3\left(x\right)}$$

(16)

$${\tilde{I}}_3\left(x\right)={\displaystyle \frac{arg\left\{D_2\left(x\right)\right\}}{2\pi }}={\displaystyle \frac{arg\left\{e^{i2\pi I_3\left(x\right)}\right\}}{2\pi }}={\displaystyle \frac{2\pi I_3\left(x\right)}{2\pi }}=I_3\left(x\right)$$

(17)

3.2. Image Composition Based on High-Order Bit Extraction

To further increase the number of images that can be processed simultaneously, we propose an image composition method based on extracting high-order bits from two images. This method exploits the fact that high-order bits contain the majority of image information.

3.2.1. Configuration Using Four High-Order Bits

The high-order 4 bits are extracted from each image and combined into a single 8-bit composite image to equally preserve information. Figure 14 illustrates the composition process performed by this method on an image where pixel values are represented in binary.

In the decomposition process, the composite image is split back into the high-order 4 bits of each original image, while the low-order 4 bits of both reconstructed images are zero-padded. Figure 15 shows the flow of the decomposition process using this method.

Since this method requires no additional information for decomposition, it can be combined with the three-image DRPE to increase the number of images that can be processed simultaneously without increasing the amount of transmitted data. Consequently, this approach is effective in improving data efficiency, defined in terms of the number of images processed per transmitted data size. However, since the low-order 4 bits are lost, image quality degradation is unavoidable. This is particularly noticeable in low-luminance images where important information is concentrated in the low-order bits. To address this problem, we propose a method that increases the number of bits extracted, as described below.

3.2.2. Configuration Using Five High-Order Bits

To preserve more information, we extend the extraction to 5 bits. Extracting 5 bits from each of the two images results in 10 bits, which exceeds the capacity of an 8-bit composite image. Therefore, 8 bits are stored in the composite image, and the remaining 2 bits are transmitted as an additional decryption key. Figure 16 illustrates the composition process. The high-order 5 bits from image 1 and the high-order 3 bits from image 2 are extracted and combined to generate an 8-bit composite image. The 4th and 5th most significant bit-planes of image 2 are used as additional decryption keys.

In the decomposition process, as illustrated in Figure 17, image 1 is reconstructed by extracting the high-order 5 bits of the composite image and padding the low-order 3 bits with zeros. Image 2 is reconstructed by extracting the high-order 5 bits using the low-order 3 bits of the composite image and the 2-bit decryption key, then padding the low-order 3 bits with zeros.

This method preserves more information and improves reconstruction quality, especially for low-luminance images, although the additional key slightly reduces data efficiency.

3.3. DRPE Capable of Simultaneously Encrypting Six Images

By combining the proposed three-image DRPE with a bit-plane–based image composition method, we develop a DRPE scheme that can simultaneously process six images. This scheme is referred to as the six-image DRPE. In this method, three original images used in the three-image DRPE are replaced by three composite images generated from six original images using the bit-plane–based image composition method. The detailed procedures are described as follows.

3.3.1. Encryption

Figure 18, Figure 19 and Figure 20 illustrate the encryption process. First, a bit-plane-based image composition method is applied to the six original images. Next, the mask data is generated $e^{i2\pi \{I_{c3}\left(x\right)+n_s\left(x\right)\}}$ by multiplying composite image 3 with a random phase mask generated using a seed-specified random number. Subsequently, composite image 1 $I_{c1}\left(x\right)$ is multiplied by the phase mask generated from composite image 2 $e^{\left\{i2\pi I_{c2}\left(x\right)\right\}}$, followed by a Fourier transform. The resulting spectrum is multiplied by the mask data, and an inverse Fourier transform is performed to obtain the final encrypted image. The decryption keys include the complex conjugate of the mask data and the seed value encrypted with RSA.

3.3.2. Decryption

Figure 21, Figure 22 and Figure 23 illustrate the decryption process. The decryption process of composite images 1 and 2 follows the same procedure as the three-image DRPE. The encrypted image is first Fourier-transformed by lens 1. Multiplying the spectrum by the complex conjugate of the mask data cancels the spectral modulation applied during encryption. The beam is then inverse Fourier-transformed by lens 2 to yield the decrypted data 1 $D_1\left(x\right)$. Decrypted composite image 1 ${\tilde{I}}_{c1}\left(x\right)$ is obtained from the amplitude, and decrypted composite image 2 ${\tilde{I}}_{c2}\left(x\right)$ is obtained from the phase. The decryption process for composite image 3 first decrypts the seed value, which is the key, using RSA cryptography. A random phase mask is regenerated from the decrypted seed value. Its complex conjugate is multiplied by the mask data to yield decrypted data 2 $D_2\left(x\right)$. By normalizing the phase information of the decrypted data 2, decrypted composite image 3 ${\tilde{I}}_{c3}\left(x\right)$ can be obtained. Finally, the three composite images are decomposed using the bit-extraction rules corresponding to the composition method, yielding six fully reconstructed images.

4. Experimental Procedure

This section describes the experimental procedures used to verify the proposed method. All simulations were performed using MATLAB (R2023a) on a desktop PC equipped with an Intel Core i5-12400 (2.50 GHz) CPU and 16.0 GB of RAM. Regarding the RSA cryptosystem, the key length was set to 1024 bits for the encryption and decryption simulations to maintain computational efficiency. To validate the proposed algorithm, six color images with a resolution of $495\times 640$ pixels were selected from the 2017 validation set of the COCO dataset [21]. The six color images used in the experiment were selected to represent diverse visual characteristics including high-frequency textures and low-frequency backgrounds. These images also cover various luminance levels and dynamic ranges to verify the robustness of the proposed method under different conditions. This is because the performance of the six-image DRPE can be sensitive to the distribution of pixel values across bit planes. The inclusion of low-luminance images with varying contrast levels verified the robustness of the proposed synthesis and extraction process. The encryption process itself is numerical and independent of spatial patterns so adjusting its dimensionality enables adaptation to grayscale images. Furthermore, since the phase mask is dynamically generated based on the input image, adaptation to different resolutions is also possible. These images, used as the original data in the experiments, are displayed in Figure 24. For the three-image DRPE, encryption was performed using the image sets {Figure 24a–c} and {Figure 24d–f}. For the high-order-bit-based image composition method, composition was carried out using the pairs {Figure 24a,b}, {Figure 24c,d}, and {Figure 24e,f}. The six-image DRPE encrypted all six images in a single operation.

To quantitatively evaluate degradation in the decrypted images, Peak Signal-to-Noise Ratio (PSNR) and Structural Similarity Index Measure (SSIM) [22,23,24] were employed. PSNR objectively evaluates image fidelity based on the mean squared error between the original and decrypted images, while SSIM assesses perceptual similarity by considering luminance, contrast, and structural information. PSNR ranges from 0 to ∞, whereas SSIM ranges from 0 to 1. For both metrics, higher values indicate greater similarity. Generally, images with a PSNR of $40\mathrm{dB}$ or higher are considered indistinguishable from the original, while degradation becomes noticeable below $30\mathrm{dB}$. Similarly, an SSIM value of $0.98$ or higher implies the image is indistinguishable from the original, with degradation becoming noticeable below $0.9$.

Additionally, data efficiency was evaluated by calculating the amount of data required to transmit encrypted images and decryption keys. For this evaluation, we assumed that 144 color images with $1000\times 1000$ pixels are transmitted. This image count corresponds to the number of elemental images captured by a $12\times 12$ camera array in integral imaging. To ensure a rigorous assessment, a comprehensive transmission model was adopted, incorporating the recommended 2048-bit RSA key length and system metadata totaling less than 1 KB.

5. Results

This section presents the encryption and decryption results using three-image DRPE, image composition using high-order 4-bit and high-order 5-bit extraction, and six-image DRPE. It also presents quantitative evaluations of the decrypted images and an analysis of data efficiency based on the amount of data required for transmission.

5.1. Results of DRPE Capable of Simultaneously Encrypting Three Images

Figure 25 shows the encrypted images and corresponding decryption keys obtained by applying the proposed the three-image DRPE to two groups of source images.

In Figure 25, the key seed value specified during mask data generation was set to 31594FDAAA4194D3F433ADD23E43B381, which was randomly selected for this experiment. The result of encrypting this seed value using RSA encryption is 8352E9BBC5E3F784F883DB B9D4020CEFB72DF10728CAC92A8A15597126854A57613084CA33F97B9CFE2D901788A5CC3F6 9686F4058568D0B93D5DFE4C5BEA011231863882501F993B5BF30A5E2A7DF0A6061FE87C5FA C9DB87A9F762845375CFEB936208C93662518CC2B74519EC686EE1389D356434F1170A89FD4 ED389F4DC. This encrypted seed, together with the encrypted image and the complex conjugate of the mask data, is transmitted for decryption.

Figure 26 shows the corresponding decryption results.

The result of decrypting the encrypted seed value using RSA encryption is 31594FDAAA 4194D3F433ADD23E43B381, indicating that it was decrypted successfully. Furthermore, the results in Figure 26 confirm that all images encrypted using the three-image DRPE are correctly decrypted, demonstrating the simultaneous successful encryption and decryption of three images.

Table 1. Quantitative evaluation results of decryption using three-image DRPE.

Decrypted Images	PSNR [dB]	SSIM
Image 1 (Figure 26a)	311.317	1.0000
Image 2 (Figure 26b)	317.396	1.0000
Image 3 (Figure 26c)	327.607	1.0000
Image 4 (Figure 26d)	311.897	1.0000
Image 5 (Figure 26e)	311.700	1.0000
Image 6 (Figure 26f)	326.013	1.0000

summarizes the quantitative evaluation results using PSNR and SSIM for the decrypted images obtained by the proposed three-image DRPE.

All decrypted images exhibited very high PSNR values, with SSIM values reaching $1.0$, indicating that the decrypted images are numerically identical to the original images within numerical precision. This result can be theoretically explained by the properties of DRPE. Since DRPE consists of linear operations based on Fourier transforms and phase modulations, the amplitude and phase components can independently convey information without loss under ideal conditions. In the three-image DRPE, independent reconstruction is achieved by embedding image 1 in the amplitude, image 2 in the phase, and image 3 in the random phase mask. Because the Fourier transform is invertible and the phase modulation is canceled during decryption, each image can be reconstructed without mutual interference. The simulations in this research were conducted in an ideal noise-free digital environment, so the process was not affected by external factors such as noise, resulting in a maximum SSIM value of $1.0$. In practical optical implementations, however, physical factors such as phase modulation errors in the spatial light modulator (SLM) and quantization noise in the detector may degrade reconstruction quality, potentially reducing the SSIM below $1.0$.

To evaluate data efficiency, the required data size for transmitting 144 color images with $1000\times 1000$ pixels was calculated for basic DRPE, the conventional two-image DRPE, and the proposed three-image DRPE. In basic DRPE, both the encrypted image and the decryption key are complex-valued, requiring the transmission of their real and imaginary components. This can be calculated as shown in Equation (18):

$$\begin{array}{c}\hfill 1000\left(\mathrm{H}\right)\times 1000\left(\mathrm{V}\right)\times 3\left(\mathrm{RGB}\right)\times 2(\mathrm{encrypted}\mathrm{image}\mathrm{and}\mathrm{decryption}\mathrm{key})\\ \hfill \times 2(\mathrm{real}\mathrm{and}\mathrm{imaginary}\mathrm{parts})\times 144(\mathrm{number}\mathrm{of}\mathrm{images})=1.728\mathrm{GB}\end{array}$$

(18)

Conventional two-image DRPE can encrypt two images simultaneously, resulting in half the data size compared to basic DRPE. This can be calculated as shown in Equation (19):

$$1000\times 1000\times 3\times 2\times 2\times 144÷2(\mathrm{number}\mathrm{of}\mathrm{images}\mathrm{processed}\mathrm{simultaneously})=864\mathrm{MB}$$

(19)

The proposed three-image DRPE can encrypt three images simultaneously, resulting in one-third the data size compared to basic DRPE. This can be calculated as shown in Equation (20):

$$1000\times 1000\times 3\times 2\times 2\times 144÷3=576\mathrm{MB}$$

(20)

According to the comprehensive transmission model, the total size of the RSA-encrypted seed and system metadata is less than 2 KB. This overhead represents less than 0.001% of 576 MB total data size and is therefore considered negligible. Consequently, improvements of approximately 66% compared to basic DRPE and 33% compared to conventional two-image DRPE were confirmed.

5.2. Results of Image Composition Using Four High-Order Bits

Figure 27 shows the composite images obtained by applying the proposed image composition method using high-order 4-bit extraction to three image pairs.

In each composite image, information from one image is embedded in the high-order bits, while information from the other image is embedded in the low-order bits. As a result, the visual appearance of each composite image closely resembles the image stored in the high-order bits. This is because the most significant bits have a stronger influence on pixel intensity values.

The results of image decomposition are shown in Figure 28.

Although some degradation is observable, all images are successfully decomposed. This degradation is unavoidable in this composition scheme because the low-order 4 bits of the original images are discarded during the composition process.

Table 2. Quantitative evaluation results of high-order 4-bit extraction.

Decomposition Images	PSNR [dB]	SSIM
Image 1 (Figure 28a)	29.150	0.9750
Image 2 (Figure 28b)	29.160	0.9714
Image 3 (Figure 28c)	28.627	0.8750
Image 4 (Figure 28d)	29.284	0.9585
Image 5 (Figure 28e)	29.232	0.9660
Image 6 (Figure 28f)	29.126	0.9630

presents evaluations of the decomposed images using PSNR and SSIM.

All PSNR values are below $30\mathrm{dB}$, reflecting that the loss of the low-order 4 bits of information significantly impacts the mean squared error. While most SSIM values exceed $0.9$, the SSIM value for image 3 is lower than the others. This image contains relatively large low-luminance areas, and since the pixel information is concentrated in the low-order bits, retaining only the high-order 4 bits is likely to cause degradation.

To further examine this effect, Figure 29 shows the results of applying the same composition and decomposition process to low-luminance images.

Severe visual degradation is observed in the decomposed images. The corresponding quantitative results are summarized in

Table 3. Quantitative evaluation results of low-luminance images using high-order 4-bit extraction.

Decomposition Images	PSNR [dB]	SSIM
Image 7 (Figure 29d)	31.798	0.6275
Image 8 (Figure 29e)	30.905	0.4434

.

Although PSNR values exceed $30\mathrm{dB}$, because of the limited intensity range of the original images, SSIM values drop well below $0.9$, indicating a substantial loss of structural similarity. These results indicate that the composite method using the top 4 bits is not suitable for low-luminance images. To compensate for this weakness, the number of extracted bits was increased in the following method.

5.3. Results of Image Composition Using Five High-Order Bits

To mitigate the degradation observed with the high-order 4-bit extraction method, image composition using high-order 5-bit extraction was investigated. Figure 30 shows the composite image generated by high-order 5-bit extraction and its corresponding decomposition key. This decomposition key corresponds to the 4th and 5th most significant bits of one image and is required for accurate decomposition.

The decomposed images obtained using this method are shown in Figure 31.

Compared with the method using high-order 4-bit extraction, visual artifacts are significantly reduced. Quantitative evaluation results are listed in

Table 4. Quantitative evaluation results of high-order 5-bit extraction.

Decomposition Images	PSNR [dB]	SSIM
Image 1 (Figure 31a)	35.668	0.9935
Image 2 (Figure 31b)	35.685	0.9915
Image 3 (Figure 31c)	35.344	0.9653
Image 4 (Figure 31d)	35.701	0.9889
Image 5 (Figure 31e)	35.703	0.9879
Image 6 (Figure 31f)	35.641	0.9906

.

All PSNR values exceed $35\mathrm{dB}$, and SSIM values are higher than $0.96$ for all images, indicating that degradation is largely suppressed. In particular, a significant improvement is observed in image 3, which exhibited low SSIM values under the method using high-order 4-bit extraction. This improvement is attributed to the increased number of bits extracted during composition, which allows more information to be preserved.

Figure 32 presents the results for low-luminance images.

Compared to methods using high-order 4-bit extraction, perceived degradation is reduced.

Table 5. Quantitative evaluation results of low-luminance images using high-order 5-bit extraction.

Decomposition Images	PSNR [dB]	SSIM
Image 7 (Figure 32d)	36.857	0.7538
Image 8 (Figure 32e)	36.065	0.6962

summarizes the numerical evaluation results.

While PSNR values remain high, SSIM values are still below $0.9$, indicating that challenges remain in preserving structural similarity for low-luminance images. However, the method using the extraction of high-order 5 bits significantly improves image quality compared to the method using the extraction of high-order 4 bits.

5.4. Results of DRPE Capable of Simultaneously Encrypting Six Images

By combining the proposed three-image DRPE with the image composition method based on high-order bit extraction, the simultaneous processing of six images becomes possible. Prior to encryption, image composition using high-order 4-bit extraction or high-order 5-bit extraction is applied to six original images. The composition results are shown in Figure 27 and Figure 30. Figure 33 shows the encryption results of the composite images generated by each method using the three-image DRPE.

In Figure 33a,c, the key seed value for decrypting composite image 3 (Figure 27c and Figure 30c) from the mask data is set to B9CEF2D1CEC8FBE9FCC437F621DA7111, which is randomly selected for this experiment. The result of encrypting this seed value using RSA encryption is 5BC6FEC0FDD7E1F98851DBF2D06D5D92C6CD24D3F495F38FBE10373050346781F21C6F05E 402E373AB688F3FC380B6EA93391D9685A61E5E75A62BB12D0F32F09E3BDE1C8156699EC79B A1CAB58CFDF1ED65DBA4AE71AA25BEF19C6015E4F1857795C9DFBD7A1E9B7FC8E8930656C03 3B3AD4C5CEBAFBEEE0DFC219E784AC476. This encrypted seed, together with the encrypted image and the complex conjugate of the mask data, is transmitted for decryption.

Figure 34 shows the decrypted composite images.

All composite images are successfully recovered. Furthermore, decrypting the seed value encrypted using RSA cryptography yielded B9CEF2D1CEC8FBE9FCC437F621DA7111. The seed value has been correctly restored, and the validity of the encryption and key transmission process is confirmed.

Figure 35 and Figure 36 show the final decomposition results obtained using the composite image decomposition process with high-order 4-bit extraction and high-order 5-bit extraction, respectively.

In both cases, six original images were successfully decomposed. Quantitative evaluation results are summarized in

Table 6. Quantitative evaluation results of images decrypted using the six-image DRPE.

Decomposition Images	PSNR [dB] (4 bit)	PSNR [dB] (5 bit)	SSIM (4 bit)	SSIM (5 bit)
Image 1 (Figure 35a and Figure 36a)	29.150	35.668	0.9750	0.9935
Image 2 (Figure 35b and Figure 36b)	29.160	35.685	0.9714	0.9915
Image 3 (Figure 35c and Figure 36c)	28.627	35.344	0.8750	0.9653
Image 4 (Figure 35d and Figure 36d)	29.284	35.701	0.9585	0.9889
Image 5 (Figure 35e and Figure 36e)	29.232	35.703	0.9660	0.9879
Image 6 (Figure 35f and Figure 36f)	29.126	35.641	0.9630	0.9906

.

Comparing Table 2, Table 4 and Table 6, it is confirmed that the decryption results of the six-image DRPE match the decomposition results of each composition method. This demonstrates that the proposed three-image DRPE and the composition method using high-order-bit extraction can be combined without additional degradation. This can be theoretically explained by the fact that the high-order-bit extraction preserves the most significant information of the images, while the DRPE process is mathematically invertible and does not introduce distortion under ideal conditions. Therefore, combining these processes maintains reconstruction fidelity without mutual interference.

To evaluate data efficiency, the data size required to encrypt and transmit 144 color images of size $1000\left(\mathrm{H}\right)\times 1000\left(\mathrm{V}\right)$ pixels was calculated. The required data sizes are $1.728\mathrm{GB}$ for basic DRPE, $864\mathrm{MB}$ for the conventional two-image DRPE, and $576\mathrm{MB}$ for the proposed three-image DRPE. For the six-image DRPE using high-order 4-bit extraction, transmission of the encrypted image and decryption key is performed, along with transmission of the encryption seed value. Since the encryption seed value is negligible in size, it can be calculated by Equation (21):

$$1000\times 1000\times 3\times 2\times 2\times 144÷6=288\mathrm{MB}$$

(21)

The six-image DRPE using high-order 4-bit extraction requires no additional keys, and the overhead from the RSA encryption seed and metadata is negligible at approximately 0.0007% of the total capacity of 288 MB. As a result, improvements of approximately 83% compared to the basic DRPE and approximately 67% compared to the two-image DRPE were confirmed.

When using high-order 5-bit extraction, additional key information corresponding to the 4th and 5th high-order bits must be transmitted. Since the data size of this key is $2\mathrm{bits}\times \mathrm{image}\mathrm{size}\times \mathrm{number}\mathrm{of}\mathrm{composite}\mathrm{images}$, the required data size for transmission can be calculated by Equation (22):

$$\begin{array}{c}\hfill 1000\times 1000\times 3\times 2\times 2\times 144÷6+2(\mathrm{information}\mathrm{from}\mathrm{the}4\mathrm{th}\mathrm{and}5\mathrm{th}\mathrm{most}\mathrm{significant}\mathrm{bits})\\ \hfill \times 1000\left(\mathrm{H}\right)\times 1000\left(\mathrm{V}\right)\times 3\left(\mathrm{RGB}\right)\times 2(\mathrm{number}\mathrm{of}\mathrm{composite}\mathrm{images})=306\mathrm{MB}\end{array}$$

(22)

The 306 MB calculated using six-image DRPE using high-order 5-bit extraction includes 18 MB of additional keys. The additional overhead from the RSA-encrypted seed and metadata is also negligible relative to the total data volume. These results demonstrate that the proposed method achieves approximately 82% efficiency improvement compared to the baseline DRPE and approximately 64% improvement compared to the two-image DRPE under a rigorous evaluation model.

Comparing the two methods, the technique using the high-order 4 bits exhibits higher data efficiency, as it requires no additional keys. Conversely, the technique using the high-order 5 bits achieves superior image quality at the cost of increased key size. This trade-off demonstrates that increasing the number of extracted bits improves image quality but reduces data efficiency.

6. Security Analysis

This section analyzes the security strength of each proposed method through key space and key sensitivity evaluation, as well as statistical analysis using information entropy and correlation coefficients.

6.1. Key Space Analysis

Key space represents the total number of distinct key combinations available within a cryptographic algorithm. Generally, a larger key space corresponds to higher resistance against brute-force attacks. In the proposed three-image DRPE, the decryption key comprises two primary elements, which are the complex conjugate of the mask data and a 128-bit seed value used for mask-data generation. Therefore, the total key space of the system ${\left|K\right|}_{three}$ is defined as the product of these individual key spaces. The key space of the complex conjugate mask data ${\left|K\right|}_{mask}$ is calculated as $L^{M\times N\times d}$. In this formula, L represents the quantization level and $M\times N\times d$ is the total number of pixels in the phase mask. In the simulation environment in this research, phase masks are represented as complex double-precision floating-point numbers. Since each pixel contains a real part and an imaginary part that both have 64-bit precision, the total precision reaches 128 bits per pixel. Consequently, the mask key space is $2^{128\times M\times N\times d}$. Additionally, the key space for the 128-bit digital seed ${\left|K\right|}_{seed}$ is $2^{128}$. Based on these factors, the total key space of the three-image DRPE is expressed by Equation (23).

$${\left|K\right|}_{three}=2^{128}\times 2^{128MNd}=2^{128(MNd+1)}$$

(23)

The six-image DRPE using high-order 4-bit extraction has the same key space as the three-image DRPE because it does not require an additional key. This key space ${\left|K\right|}_{six\_4bit}$ is expressed by Equation (24).

$${\left|K\right|}_{six\_4bit}=2^{128(MNd+1)}$$

(24)

In the six-image DRPE using high-order 5-bit extraction, an additional 2 bits of key are required for each pixel in the three composite images. Therefore, the total amount of additional key is $6\times M\times N\times d$ bits, and the key space ${\left|K\right|}_{six\_5bit}$ is expanded, as shown in Equation (25).

$${\left|K\right|}_{six\_5bit}=2^{128(MNd+1)}\times 2^{6MNd}=2^{128+134MNd}$$

(25)

A key space exceeding $2^{100}$ is widely considered sufficient to withstand brute-force attacks. Although the key space of the proposed method depends on the image dimensions, it is significantly larger than this requirement. This result demonstrates that the method possesses exceptional robustness against brute-force attempts.

6.2. Key Sensitivity Analysis

Key sensitivity evaluates the impact of minute changes in decryption keys on the reconstructed images. This analysis serves to ensure security against key-related attacks. To verify the key sensitivity of the three-image DRPE, Figure 25a shows the decryption results obtained using slightly modified keys for the encrypted image shown in Figure 37. The modified keys were generated by adding a perturbation of ${10}^{-15}$ to all pixels of the complex–conjugate mask data and by flipping one bit of the seed value.

Figure 37c indicates that Image 3 exhibits high key sensitivity. In contrast, Figure 37a,b show that Images 1 and 2 can be correctly decrypted even with slightly modified mask data, indicating low key sensitivity. This behavior is attributed to the inherent linearity of the DRPE process and is also observed in both the basic DRPE and conventional methods. Figure 38 shows the results of decrypting the encrypted images from Figure 3b and Figure 5c using basic DRPE and conventional methods. In this evaluation, the complex conjugate of the phase mask was modified by a factor of ${10}^{-15}$.

Figure 38 confirms the challenges associated with the linearity of DRPE. Due to this characteristic, DRPE is known to be vulnerable to mathematical analyses such as known-plaintext attacks. However, Image 3, added in this method, converged to completely uncorrelated noise even when using keys differing by only one bit. This result demonstrates that the resistance of the proposed method against classical analysis techniques is enhanced by incorporating nonlinear processing through the generation of a random phase mask from a seed value. Extensive research has been conducted to enhance security against vulnerabilities similar to those of Image 1 and Image 2 by introducing nonlinear processes such as chaotic maps. However, these methods increase complexity and lead to higher computational costs. This research prioritized maximizing data efficiency and therefore refrained from adopting highly complex processes. Nevertheless, we believe that combining the data efficiency techniques of this method with linear processing could enable more advanced security enhancements in the future.

Next, Figure 33a shows the key sensitivity verification results for the six-image DRPE using high-order 4-bit extraction with the encrypted image from Figure 39.

This method utilizes the same decryption process as the three-image DRPE, except for the composition process. As a result, Figure 39e,f, decomposed from the composite image 3, exhibited high key sensitivity. On the other hand, Figure 39a–d were unaffected by key changes.

Finally, Figure 33c presents the key sensitivity verification results for the six-image DRPE with high-order 5-bit extraction using the encrypted image from Figure 40.

Similar to the 4-bit extraction method, modifying the complex conjugate mask data and seed value resulted in low sensitivity for Figure 40a–d decomposed from composite images 1 and 2, while high sensitivity was observed for Figure 40e,f decomposed from composite image 3. Regarding the additional keys unique to the 5-bit extraction method, A minor modification of ${10}^{-15}$ had no observable impact on the decrypted images, which confirms that the system remains stable against infinitesimal numerical errors. However, a larger modification of $0.5$ led to significant color degradation, as shown in Figure 41.

This result demonstrates that the correct values of these additional keys are necessary to maintain the fidelity of the reconstructed color information. Consequently, these results confirm that the additional keys serve as essential security parameters that govern the fidelity of the decryption process rather than acting as simple complementary data.

6.3. Statistical Analysis

This section evaluates the statistical properties of the encrypted images by utilizing information entropy and correlation coefficients. Information entropy $H\left(x\right)$ is a metric used to assess the randomness and unpredictability of data, as defined in Equation (26).

$$H\left(x\right)=-\sum _{i=1}^{n}p\left(x_i\right){log}_{2}p\left(x_i\right)$$

(26)

The theoretical maximum entropy for an 8-bit image is 8, which corresponds to a state of complete randomness. In the context of encryption, it is ideal for the encrypted image to exhibit an entropy value nearing this maximum because it confirms that the structural features of the original image have been entirely eliminated. The correlation coefficient $r_{xy}$ evaluates the statistical dependency between adjacent pixels and is defined by Equation (27).

$$r_{xy}={\displaystyle \frac{1}{N-1}}\sum _{i=1}^N{\displaystyle \frac{(x_i-{\mu }_x)(y_i-{\mu }_y)}{{\sigma }_x{\sigma }_y}}$$

(27)

where x and y are adjacent pixels, where $\mu$ and $\sigma$ denote their respective mean and standard deviation. To defend against statistical attacks, an encryption process must eliminate the correlation between adjacent pixels, which requires the coefficient to approach 0. This analysis examines the correlation in three directions, which encompass horizontal, vertical, and diagonal adjacencies. Since the encrypted images in the proposed methods, conventional methods, and basic DRPE are composed of complex-valued data, these statistical metrics are calculated separately for the amplitude and phase components. To ensure a fair and consistent comparison, this research adopts the same six test images as those utilized in the recent study by [25]. These six images were encrypted using each method, and the average entropy and correlation coefficient values were calculated and compared.

Table 7. Statistical evaluation results of encrypted images for each method.

Evaluation Metrics	Three-Image DRPE	Six-Image DRPE (4 bit)	Six-Image DRPE (5 bit)	Two-Image DRPE	Basic DRPE	[25]
Entropy
amp	6.9169	7.1495	7.1501	7.0799	6.8887	7.9986
pha	7.9644	7.9091	7.8794	7.9323	7.9973	—
CC (amp)
H	0.7701	0.8491	0.7475	0.8869	0.0082	0.0028
V	0.6790	0.8630	0.7625	0.8486	0.0090	0.0014
D	0.6338	0.7689	0.6705	0.8016	0.0068	0.0023
CC (pha)
H	0.6250	0.6843	0.6028	0.6981	0.0097	—
V	0.5652	0.7056	0.6178	0.6605	0.0095	—
D	0.5306	0.6123	0.5554	0.6152	0.0073	—
Simultaneous count	3	6	6	2	1	1

shows the results for the proposed method, two-image DRPE, basic DRPE, and [25].

In basic DRPE, a random phase mask consisting of independent white noise is multiplied by the input image before performing the Fourier transform. This causes phase information to be sufficiently diffused, resulting in entropy values close to the maximum. However, the amplitude component is influenced by the input image’s power spectrum and the optical system, making it difficult to achieve a perfectly uniform distribution. Consequently, it tends to exhibit lower entropy compared to the phase. This tendency is also observed in the two-image DRPE, an advanced form of basic DRPE, and in each proposed method, as confirmed by Table 7. The amplitude entropy of the three proposed methods is comparable to that of the conventional two-image DRPE. For phase entropy, the proposed methods also achieve a comparable performance to that reported in [25]. Regarding correlation coefficients, the values increase compared to those of the basic DRPE and [25] when the number of simultaneously processed images is increased. This increase is attributed to the random phase mask multiplied in the spatial domain being replaced with image information, indicating a trade-off between the number of simultaneously processed images and the correlation coefficient. Nevertheless, all three proposed methods exhibit lower correlation coefficients than the conventional two-image DRPE, demonstrating that the proposed methods suppress the correlation coefficient while increasing the number of images processed simultaneously. Furthermore, whereas [25] encrypt one image at a time, the proposed method can process three or six images simultaneously. Therefore, in terms of data efficiency relative to data capacity, the proposed method provides a practical approach that outperforms both recent methods and the conventional two-image DRPE.

7. Conclusions

This paper proposed a DRPE capable of simultaneously encrypting six images. To achieve this, we first developed a DRPE for the simultaneous processing of three images and introduced an image composition technique based on extracting and combining the high-order bits from two images. By integrating these technologies, the proposed method achieves a significant improvement in data efficiency compared to the conventional two-image DRPE. Furthermore, for the six-image DRPE, we proposed two methods based on the trade-off between data efficiency and decrypted image quality. The first method prioritizes data efficiency by extracting the high-order 4 bits. The additional key required for decryption is minimal, and the resulting data-size overhead is negligible. However, this method causes significant degradation when applied to images containing large low-luminance regions. The second method extracts the high-order 5 bits, preserving more image information and effectively suppressing degradation in the decrypted image. This improved image quality is achieved by adding key information equivalent to $2\mathrm{bits}\times \mathrm{image}\mathrm{size}\times \mathrm{number}\mathrm{of}\mathrm{composite}\mathrm{images}$. The experimental results demonstrate that both schemes successfully decrypt six images simultaneously, while offering a trade-off between data efficiency and reconstructed image quality. The 4-bit extraction scheme achieved higher data efficiency, whereas the 5-bit extraction scheme provided superior visual quality and quantitative performance. Regarding encryption strength, the key space of all proposed methods significantly exceeds $2^{100}$, satisfying the security requirements for modern cryptographic systems. Although improving the vulnerability of DRPE arising from its linearity was beyond the scope of this research, the additional processes introduced in the proposed method exhibited high key sensitivity, suggesting that this weakness could be mitigated in future work by combining the method with other approaches. In terms of entropy, the amplitude component, which is typically prone to low entropy in DRPE, maintained a level comparable to that of the conventional two-image DRPE, while the phase entropy achieved values comparable to those reported in recent study [25]. Although the correlation coefficient decreased due to the processing required to increase the number of simultaneously processable images, the proposed method still achieved a lower correlation than the conventional method, indicating improved security performance. As future work, the development of an image composition method that enables the integration of a higher number of images while maintaining high reconstruction quality without requiring additional keys will be investigated. By combining such a composition method with the three-image DRPE, the number of simultaneously processable images can be further increased, leading to improved data efficiency. In addition, its implementation in a practical optical system will be examined. Since this research was conducted in an ideal noise-free digital environment, real-world conditions are expected to introduce external factors such as phase modulation errors and optical noise. Therefore, a performance evaluation under practical optical conditions is necessary.