Advances in Optical Visual Information Security: A Comprehensive Review

: In the modern era, the secure transmission and storage of information are among the utmost priorities. Optical security protocols have demonstrated significant advantages over digital counterparts, i.e., a high speed, a complex degree of freedom, physical parameters as keys (i.e., phase, wavelength, polarization, quantum properties of photons, multiplexing, etc.) and multi-dimension processing capabilities. This paper provides a comprehensive overview of optical cryptosystems developed over the years. We have also analyzed the trend in the growth of optical image encryption methods since their inception in 1995 based on the data collected from various literature libraries such as Google Scholar, IEEE Library and Science Direct Database. The security algorithms developed in the literature are focused on two major aspects, i


Introduction
Due to the advancement in information technology, images and videos are widely used in various applications such as video conferencing, medical imaging, remote sensing, compressive sensing, social media, bank details and various government/corporate documents.These images and videos may be carrying confidential information.The transmission of data takes place over secure/unsecure public networks.The access of sensitive information to unauthorized people may raise national and military security concerns.Thus, the security of the data from unauthorized uses is very crucial.From the literature, it is evident that various data security algorithms have been in play for a long time since World War II, such as the data encryption standard (DES) and advance encryption standard (AES) [1,2].Digital image encryption algorithms have limitations such as a slow processing speed, complex computation and low efficiency.With time, optical encryption algorithms are developed, which have a high computation power and high efficiency owing to their capability of parallel processing.The optical encryption algorithms have gained a lot of interest recently.The growth in optical image encryption algorithms occurred exponentially.The chart in Figure 1 represents the growth of the number of publications related to optical image encryption algorithms.These data are taken from three major scholarly sources, i.e., Google Scholar, IEEE Library, and Science Direct Database, with the key word "optical major scholarly sources, i.e., Google Scholar, IEEE Library, and Science Direct Database with the key word "optical image encryption", and a total 5205 articles were found in th databases.A trend line is drawn, and we found that the optical image encryption algo rithm developed exponentially.Image encryption is a method that converts meaningfu images into a noisy image which is known as ciphertext.Decryption is a process that con verts a ciphertext into an original image with the help of decryption keys.These keys ar the backbone of any encryption algorithm.The general block diagram for an image en cryption/decryption algorithm is represented in Figure 2.

Basic Terminology 
Plaintext: In the field of cryptography, plaintext is data that have not undergone an encryption process and can be easily understood by anyone who has access to it-fo example, a target image or sensitive text that is being transmitted over the interne and needs to be encrypted.


Ciphertext or encrypted image: Ciphertext is the encrypted and unreadable outpu that results from applying an encryption algorithm to plaintext.In the context o cryptography, ciphertext is produced to secure information during transmission o storage.The process of encryption involves converting plaintext (the original, hu man-readable data) into ciphertext using an algorithm and encryption key.


Security key: The effectiveness of an encryption algorithm relies on the security of it keys.Encryption and decryption operations rely on the strength and management o these keys.The key length of an encryption algorithm is very important, with longe keys providing enhanced security against evolving computational capabilities.Se cure key generation, storage, distribution and exchange are essential components o a robust encryption system.Regular key change and management practices furthe contribute to maintaining the overall security of encrypted data.major scholarly sources, i.e., Google Scholar, IEEE Library, and Science Direct Database, with the key word "optical image encryption", and a total 5205 articles were found in the databases.A trend line is drawn, and we found that the optical image encryption algorithm developed exponentially.Image encryption is a method that converts meaningful images into a noisy image which is known as ciphertext.Decryption is a process that converts a ciphertext into an original image with the help of decryption keys.These keys are the backbone of any encryption algorithm.The general block diagram for an image encryption/decryption algorithm is represented in Figure 2.  1.1.Basic Terminology  Plaintext: In the field of cryptography, plaintext is data that have not undergone any encryption process and can be easily understood by anyone who has access to it-for example, a target image or sensitive text that is being transmitted over the internet and needs to be encrypted.


Ciphertext or encrypted image: Ciphertext is the encrypted and unreadable output that results from applying an encryption algorithm to plaintext.In the context of cryptography, ciphertext is produced to secure information during transmission or storage.The process of encryption involves converting plaintext (the original, human-readable data) into ciphertext using an algorithm and encryption key.


Security key: The effectiveness of an encryption algorithm relies on the security of its keys.Encryption and decryption operations rely on the strength and management of these keys.The key length of an encryption algorithm is very important, with longer keys providing enhanced security against evolving computational capabilities.Secure key generation, storage, distribution and exchange are essential components of a robust encryption system.Regular key change and management practices further contribute to maintaining the overall security of encrypted data.

Basic Terminology
• Plaintext: In the field of cryptography, plaintext is data that have not undergone any encryption process and can be easily understood by anyone who has access to it-for example, a target image or sensitive text that is being transmitted over the internet and needs to be encrypted.

•
Ciphertext or encrypted image: Ciphertext is the encrypted and unreadable output that results from applying an encryption algorithm to plaintext.In the context of cryptography, ciphertext is produced to secure information during transmission or storage.The process of encryption involves converting plaintext (the original, humanreadable data) into ciphertext using an algorithm and encryption key.

•
Security key: The effectiveness of an encryption algorithm relies on the security of its keys.Encryption and decryption operations rely on the strength and management of these keys.The key length of an encryption algorithm is very important, with longer keys providing enhanced security against evolving computational capabilities.
Secure key generation, storage, distribution and exchange are essential components of a robust encryption system.Regular key change and management practices further contribute to maintaining the overall security of encrypted data.

•
Symmetric cryptosystem: A symmetric key cryptosystem is a type of algorithm for encryption where a single secret key is shared between communicating parties to encrypt and decrypt data.The efficiency of symmetric key cryptography lies in its simplicity and speed, as the computational processes for encryption and decryption are relatively fast.However, secure key distribution becomes a critical challenge; if the secret key is leaked, the entire communication could be breached.Symmetric key algorithms, such as Advanced Encryption Standard (AES), have been widely used for their robust security and computational efficiency in various applications, including secure data transmission and storage.• Asymmetric cryptosystem: An asymmetric cryptosystem, which is also known as public-key cryptography, uses a pair of distinct but related keys: a public key and a private key.The public key is openly shared in the public domain and used for encryption, allowing anyone to send encrypted messages to the owner of the paired private key.The private key, kept confidential, is used for decrypting messages received with the corresponding public key.The strength of asymmetric cryptography lies in its ability to facilitate secure communication without requiring a pre-shared secret key.This makes key distribution more straightforward compared to symmetric systems.However, asymmetric encryption tends to be more computationally intensive than symmetric encryption.Common uses of asymmetric cryptography include secure communication over networks, digital signatures for authentication and the establishment of secure communication channels in protocols like SSL/TLS.The combination of symmetric and asymmetric cryptography often provides a robust solution for achieving both efficiency and security in various cryptographic applications.• Active attack: The purpose of an active attack is to interfere with communication and gain unauthorized access by tampering with or intercepting data.In the context of intercepting general communication, attackers aim to compromise the confidentiality and integrity of the information being transmitted.By gaining access and modifying the text, they can potentially insert malicious content, alter messages or impersonate legitimate users, posing significant security risks.Implementing robust encryption, secure key management and monitoring mechanisms are crucial to thwarting active attacks and safeguarding the confidentiality and integrity of communication channels.

•
Passive attack: In passive cryptography attacks, the primary goal is to intercept or eavesdrop on communication without altering the data or communication itself.The attacker seeks to obtain unauthorized access to sensitive information by secretly monitoring and capturing the transmitted data.Unlike active attacks, passive attacks do not involve direct manipulation of the communication content; instead, the focus is on unauthorized information retrieval.Protecting against passive attacks typically involves implementing encryption to secure the confidentiality of the transmitted data, making it more challenging for unauthorized parties to extract meaningful information even if they manage to intercept the communication.

•
Known plaintext attack (KPA): A Known Plaintext Attack (KPA) is a type of cryptographic attack where the attacker has knowledge of both the plaintext and its corresponding ciphertext.The attacker's objective is to deduce the encryption key used in the cryptosystem.By analyzing the known pairs of plaintexts and ciphertext, the attacker aims to uncover patterns or relationships that can lead to the discovery of the encryption key.Once the key is determined, the attacker can then decrypt other ciphertexts encrypted with the same key, compromising the security of the entire system.The key distinction is that the attacker does not necessarily need to implement the key on another ciphertext; the primary goal is to reveal the key for decryption purposes.

•
Chosen plaintext attack (CPA): In a Chosen Plaintext Attack (CPA), the attacker could choose arbitrary plaintexts and obtain their corresponding ciphertexts by using the target cryptosystem.The attacker's goal is to analyze these pairs of chosen plaintext and ciphertext to deduce or estimate the decryption key.Once the attacker successfully estimates the key, they can use it to decrypt other ciphertexts encrypted with the same key.The critical point is that the attacker has the freedom to choose the plaintexts they want to encrypt, allowing for a more flexible and targeted approach to revealing information about the cryptographic key.

•
Ciphertext only attack: It is an attacking algorithm in which the attacker has access to the cryptosystem so as to encrypt the data and obtain the corresponding ciphertext.In this method, the attacker has no information regarding the plaintext or keys of the cryptosystem.In this attack process, the intruder tries to recover the input message as much as possible or, preferably, to estimate the encryption key.All encrypted messages that have been encrypted with this key can be recovered once the encryption key has been guessed.

•
Chosen ciphertext attack: In this attacking algorithm, the attacks have only information regarding the ciphertexts and try to guess the secret keys of the cryptosystem.In the chosen ciphertext attack, the attacker might have some information regarding the cryptosystem.

•
Brute-force attack: A brute-force attack is a hit-and-trial method which is used to estimate encryption keys and find a hidden web page or login info.To estimate correctly, hackers try every possible combination.In the case of long and complex passwords, cracking them can take up to a couple of years.The effectiveness of a brute-force attack also depends on the hardware used by the attacker.This is the old attacking method but is still popular with attackers.

•
Specific attack: The same attacks do not work on all cryptosystems, so some specific attacks are designed to test the security of cryptosystems.Specific attacks are designed to test the security of an encryption algorithm based on phase truncation and phase reservation in the Fourier domain (PTFT), equal modulus decomposition (EMD), random modulus decomposition (RMD) and unequal modulus decomposition (UMD)based cryptosystems, as the decryption keys depend on the plaintext.These attacks are very specific to a particular type of cryptosystem.

•
Occlusion attack: A network failure or other reasons may cause some information about the ciphertext to be lost during transmission [3].Data loss in a ciphertext image is known as an occlusion attack.

•
Noise attack: During the transmission of ciphertext over the internet, some unwanted data are to be mixed, which is known as noise [4].These unwanted data create a problem in the faithful recovery of plaintext.There are some standard noises which are commonly used for contamination, such as Gaussian noise, salt and pepper, speckle, Poisson noise, etc.

Statistical Measures for Validating Cryptosystems
The quality of an image can be ensured with various statistical measures such as the peak-signal-to-noise ratio (PSNR), correlation coefficient (CC), information entropy, mean squared error (MSE) and visual measures such as histograms and mesh plots.Brief explanations of these parameters are as follows:

•
Correlation coefficient: The correlation coefficient (CC) is calculated to evaluate the statistical relationships between pixels in two images.The correlation coefficient is a metric that determines how closely two images are related [5,6].The correlation coefficient has a value in the range of −1.0 to 1.0.The value of CC = −1 indicates that both images are not related to each other, but a value of CC = 1.0 indicates that both images are completely related to each other.For a robust cryptosystem, the ideal value of CC between the plaintext and recovered image is closer to 1, while the CC between the plaintext and ciphertext should be far from 1.The CC between Image 1 and Image 2 is given by the expression given in Equation (1).
• Mean squared error (MSE): MSE is a statistical indicator that measures the resistance of a cryptosystem against various attacks.The mean square error between two images is calculated by using the expression given in Equation (2).
Here, I 1 (x, y) and I 2 (x, y) are two images of size m × n pixels.A robust cryptosystem has a high value of MSE between the plaintext and encrypted image and a low value of MSE between the plaintext and recovered image [7].

•
Peak-signal-to-noise ratio: The peak-signal-to-noise ratio (PSNR) is the ratio of the maximum power of the signal to the maximum power of the corrupting noise that impacts its fidelity.The PSNR and MSE are related to each other [8].The PSNR is calculated using the expression given in Equation (3).
Here, MSE is the mean squared error, which can be estimated using Equation (2).A high value of the PSNR between the plaintext and recovered image indicates the good quality of the decrypted image.

•
Information entropy: The information entropy measures the randomness inherent in an image, which describes the quality of encryption quality.Information entropy for a grayscale image lies in the range of [0, 8].If the value of information entropy approaches 8, it indicates that the image is highly random, and no information about the image is revealed [9,10].Mathematically, information entropy is expressed in Equation ( 4).For source m, where m i represent the pixel value, and P(m i ) is the probability of the pixel value m i .

Optical Image Encryption Techniques
There are various methods available in the literature to secure data, such as encryption, watermarking and steganography.In this review, we have studied the security of images using an optical encryption algorithm.The detailed classification of various encryption algorithms is given in Figure 3.

Double Random Phase Encoding-Based Cryptosystems
The seminal work in the field of optical image encryption was proposed by Refregier and Javidi in 1995, which is well known as double random phase encoding (DRPE) [11].It was the first attempt to encode the information using optical methods in which a 4-f setup was employed, as shown in Figure 4.In this, a plaintext image is converted into a white stationary noisy image using two random phase masks: one random phase mask in the spatial domain and a second in the Fourier domain.The encryption and decryption process of the DRPE algorithm is described in Equations ( 5) and ( 6).Here,  ,  and q ,  are the plaintext and ciphertext, respectively, and  ,  and  ,  are random matrices of the size of the input image.

𝑞 𝑥, 𝑦
,   2 ,   2 , ,  . 2 ,  After the inception of DRPE, there was a huge increase in demand for optical cryptosystems, and various algorithms have been developed using the framework of DRPE.In 1996, Javadi et al. proposed the practical demonstration of the DRPE method for image security and authentication [12].Thereafter, researchers have developed various algorithms to secure the images through different optical aspects [13][14][15] and to encrypt optical memory, binary images and biometrics [13,16,17].For the numerical simulation of the DRPE method, a MATLAB code is provided in the Supplementary Material.

Double Random Phase Encoding-Based Cryptosystems
The seminal work in the field of optical image encryption was proposed by Refregier and Javidi in 1995, which is well known as double random phase encoding (DRPE) [11].It was the first attempt to encode the information using optical methods in which a 4-f setup was employed, as shown in Figure 4.In this, a plaintext image is converted into a white stationary noisy image using two random phase masks: one random phase mask in the spatial domain and a second in the Fourier domain.The encryption and decryption process of the DRPE algorithm is described in Equations ( 5) and ( 6).Here, f (x, y) and q(x, y) are the plaintext and ciphertext, respectively, and ϕ(x, y) and ψ(ρ, η) are random matrices of the size of the input image.q(x, y) = IFT{FT[ f (x, y)exp(2πiϕ(x, y))]exp(2πiψ(ρ, η))} (5)

Double Random Phase Encoding-Based Cryptosystems
The seminal work in the field of optical image encryption was proposed by Refregier and Javidi in 1995, which is well known as double random phase encoding (DRPE) [11].It was the first attempt to encode the information using optical methods in which a 4-f setup was employed, as shown in Figure 4.In this, a plaintext image is converted into a white stationary noisy image using two random phase masks: one random phase mask in the spatial domain and a second in the Fourier domain.The encryption and decryption process of the DRPE algorithm is described in Equations ( 5) and ( 6).Here,  ,  and q ,  are the plaintext and ciphertext, respectively, and  ,  and  ,  are random matrices of the size of the input image.

𝑞 𝑥, 𝑦
,   2 ,   2 , ,  . 2 ,  After the inception of DRPE, there was a huge increase in demand for optical cryptosystems, and various algorithms have been developed using the framework of DRPE.In 1996, Javadi et al. proposed the practical demonstration of the DRPE method for image security and authentication [12].Thereafter, researchers have developed various algorithms to secure the images through different optical aspects [13][14][15] and to encrypt optical memory, binary images and biometrics [13,16,17].For the numerical simulation of the DRPE method, a MATLAB code is provided in the Supplementary Material.After the inception of DRPE, there was a huge increase in demand for optical cryptosystems, and various algorithms have been developed using the framework of DRPE.In 1996, Javadi et al. proposed the practical demonstration of the DRPE method for image security and authentication [12].Thereafter, researchers have developed various algorithms to secure the images through different optical aspects [13][14][15] and to encrypt optical memory, binary images and biometrics [13,16,17].For the numerical simulation of the DRPE method, a MATLAB code is provided in the Supplementary Material.

Symmetric Cryptosystems
As we have discussed in the previous sections, in symmetric cryptosystems, encryption and decryption keys are the same and do not depend on the plaintext [16, [18][19][20][21][22].An illustration of this can be seen in the flowchart given in Figure 5.The DRPE architecture falls in the category of symmetrical algorithms.Besides that, various other symmetric methods have also been reported in the literature, which are discussed in the following sections.

Symmetric Cryptosystems
As we have discussed in the previous sections, in symmetric cryptosystems, encryption and decryption keys are the same and do not depend on the plaintext [16, [18][19][20][21][22].An illustration of this can be seen in the flowchart given in Figure 5.The DRPE architecture falls in the category of symmetrical algorithms.Besides that, various other symmetric methods have also been reported in the literature, which are discussed in the following sections.

Transform-Based Encryption Algorithm
After the demonstration of DRPE, the optical encryption algorithms have attracted the attention of researchers due to various advantages they have shown over digital counterparts.The DRPE architecture was studied extensively and has been extended in various other transform domains, such as Fractional Fourier, Hartley, Fraction Hartley, Mellin, Fractional Mellin, Gyrator and Fresnel [23][24][25][26][27].Some optical image encryption algorithms using the wavelet approach, such as discrete wavelet transform, Haar wavelet transform and wavelet fusion [28][29][30][31][32][33], have also been introduced.

Chaos-Based Symmetric Encryption
In encryption algorithms, decryption keys are the backbone of the cryptosystem.So, the key space should be large enough such that it cannot be breached in real time with existing computation methods and software.To improve the security of symmetric encryption algorithms, chaotic maps seem like good candidates due to their overall stability and local instability and their sensitivity to initial values and parameters.These properties of chaotic maps help to increase the key space and provide an additional layer of security.To apply a chaotic map, an image is divided into multiple blocks of equal lengths and then each block is shuffled according to the sequence generated by the chaotic map.Parameters and initial values act as decryption keys in the cryptosystem.Chaotic maps are highly sensitive to the initial values and parameters, which makes them difficult to predict without knowledge of the correct value of the initial value and parameter.Researchers have proposed optical image encryption algorithms using Logistic, Cosine, Rational, 2-D Lorenz, Baker, Arnold cat, Chen chaotic, Exponential, Umbrella, Tinkerbell, Gauss, Henon map, 3-cell CNN system, Mixed memristive chaotic circuit, Edge map and other chaotic maps [34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49].For example, to generate the Tinkerbell map, the following equations can be used:

Transform-Based Encryption Algorithm
After the demonstration of DRPE, the optical encryption algorithms have attracted the attention of researchers due to various advantages they have shown over digital counterparts.The DRPE architecture was studied extensively and has been extended in various other transform domains, such as Fractional Fourier, Hartley, Fraction Hartley, Mellin, Fractional Mellin, Gyrator and Fresnel [23][24][25][26][27].Some optical image encryption algorithms using the wavelet approach, such as discrete wavelet transform, Haar wavelet transform and wavelet fusion [28][29][30][31][32][33], have also been introduced.

Chaos-Based Symmetric Encryption
In encryption algorithms, decryption keys are the backbone of the cryptosystem.So, the key space should be large enough such that it cannot be breached in real time with existing computation methods and software.To improve the security of symmetric encryption algorithms, chaotic maps seem like good candidates due to their overall stability and local instability and their sensitivity to initial values and parameters.These properties of chaotic maps help to increase the key space and provide an additional layer of security.To apply a chaotic map, an image is divided into multiple blocks of equal lengths and then each block is shuffled according to the sequence generated by the chaotic map.Parameters and initial values act as decryption keys in the cryptosystem.Chaotic maps are highly sensitive to the initial values and parameters, which makes them difficult to predict without knowledge of the correct value of the initial value and parameter.Researchers have proposed optical image encryption algorithms using Logistic, Cosine, Rational, 2-D Lorenz, Baker, Arnold cat, Chen chaotic, Exponential, Umbrella, Tinkerbell, Gauss, Henon map, 3-cell CNN system, Mixed memristive chaotic circuit, Edge map and other chaotic maps [34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49].For example, to generate the Tinkerbell map, the following equations can be used: Here, X and Y are the two chaotic Tinkerbell sequences, whereas the constants a, b, c and d are the control parameters which serve as the keys.The initial values (X 0 , Y 0 , a, b, c, d) affect the generation of two chaotic sequences [50].The attractor of the Tinker bell map is shown in Figure 6.
Photonics 2024, 11, x FOR PEER REVIEW 8 of 23 Here, X and Y are the two chaotic Tinkerbell sequences, whereas the constants , ,  and  are the control parameters which serve as the keys.The initial values (X0, Y0, a, b, c, d) affect the generation of two chaotic sequences [50].The attractor of the Tinker bell map is shown in Figure 6.

Pixel Diffusion-Based Symmetric Image Encryption
To further improve the security of symmetric cryptosystems, researchers implementeda pixel diffusion process in the DRPE-based algorithms.Various algorithms are used to diffuse the pixels such as the bit XOR operator, block-level diffusion, bit-level diffusion using Brownian motion, S-box-based diffusion, Cellular automata, chaotic maps, cyclic modulo operators, pixel adaptive and DNA-based diffusion process [29,[50][51][52][53][54][55][56].However, with time, it was found that the linear nature of DRPE architecture makes it vulnerable to cryptographic attacks such as known plaintext and chosen plaintext attacks.This has further prompted the researchers to find an alternative and design more sophisticated optical cryptosystems, i.e., asymmetric cryptosystems.

Asymmetric Encryption Algorithm
The vulnerability of symmetric cryptosystems to various cryptographic attacks led to the development of optical asymmetric techniques in which encryption and decryption are different.In these algorithms, decryption keys are generated during the encryption process and depend on the input plaintext.Phase truncation and phase reservation in Fourier transform (PTFT) was the seminal work in this direction [57].However, the relationship between the ciphertext and private key leads the PTFT-based encryption algorithm to be vulnerable to special iterative attacks [58].To improve the security of this method, hybrid opto-digital optical cryptosystems have been developed based on mathematical decompositions, such as equal modulus decomposition, random modulus decomposition, unequal modulus decomposition, polar decomposition, QZ decomposition, elliptic curves and many other operators [59][60][61][62][63][64][65][66][67].This integration of mathematical decomposition with optical techniques is very effective in designing the sophisticated optical cryptosystems which are robust to various attacks.Some of these are discussed in detail in the following sub-sections.A general flowchart of an asymmetric cryptosystem is shown in Figure 7.

Pixel Diffusion-Based Symmetric Image Encryption
To further improve the security of symmetric cryptosystems, researchers implementeda pixel diffusion process in the DRPE-based algorithms.Various algorithms are used to diffuse the pixels such as the bit XOR operator, block-level diffusion, bit-level diffusion using Brownian motion, S-box-based diffusion, Cellular automata, chaotic maps, cyclic modulo operators, pixel adaptive and DNA-based diffusion process [29,[50][51][52][53][54][55][56].However, with time, it was found that the linear nature of DRPE architecture makes it vulnerable to cryptographic attacks such as known plaintext and chosen plaintext attacks.This has further prompted the researchers to find an alternative and design more sophisticated optical cryptosystems, i.e., asymmetric cryptosystems.

Asymmetric Encryption Algorithm
The vulnerability of symmetric cryptosystems to various cryptographic attacks led to the development of optical asymmetric techniques in which encryption and decryption are different.In these algorithms, decryption keys are generated during the encryption process and depend on the input plaintext.Phase truncation and phase reservation in Fourier transform (PTFT) was the seminal work in this direction [57].However, the relationship between the ciphertext and private key leads the PTFT-based encryption algorithm to be vulnerable to special iterative attacks [58].To improve the security of this method, hybrid opto-digital optical cryptosystems have been developed based on mathematical decompositions, such as equal modulus decomposition, random modulus decomposition, unequal modulus decomposition, polar decomposition, QZ decomposition, elliptic curves and many other operators [59][60][61][62][63][64][65][66][67].This integration of mathematical decomposition with optical techniques is very effective in designing the sophisticated optical cryptosystems which are robust to various attacks.Some of these are discussed in detail in the following sub-sections.A general flowchart of an asymmetric cryptosystem is shown in Figure 7.

Phase Truncation and Phase Reservation in Fourier Transform
The phase truncated Fourier transform (PTFT) algorithm was proposed by Qin and Peng [57].In PTFT, two random phase masks like DRPE are used in the spatial domain and Fourier domain of a 4-f setup.The two decryption keys that are dependent on the plaintext and are different from the public keys are generated using the phase truncation approach.PTFT is further extended in other transform domains as well [60].The complete PTFT operation can be performed as follows: (a) Encryption process Step 1: The plaintext image  ,  is modulated with a random phase mask (RPM) and Fourier transformed (FT).Mathematically, it can be represented as: Step 2: The output of Step 1 is subjected to the phase truncation and phase reservation process.The phase truncated part acts as the ciphertext of the cryptosystem, whereas the phase reserved part acts as the private key of the cryptosystem.Mathematically, Step 2 is discussed in Equations ( 10) and (11).The schematic flowchart of the encryption process of the PTFT-based cryptosystem is depicted in Figure 8.

𝐶 𝑃𝑇 𝐸
(10) (b) Decryption process The decryption process of the PTFT-based cryptosystem is discussed as: Step 1: The private key and ciphertext are combined and propagated through the Fourier transform.Mathematically, the decryption process is discussed in Equation (12). Figure 9 depicts the schematic flowchart of the decryption process of the PTFT-based cryptosystem.

𝐷 𝐹𝑇 𝑃𝑟𝑖𝑣𝑎𝑡𝑒 𝑘𝑒𝑦 𝐶
For a computational demonstration of the PTFT-based encryption, a sample MATLAB code is given in the Supplementary Material.

Phase Truncation and Phase Reservation in Fourier Transform
The phase truncated Fourier transform (PTFT) algorithm was proposed by Qin and Peng [57].In PTFT, two random phase masks like DRPE are used in the spatial domain and Fourier domain of a 4-f setup.The two decryption keys that are dependent on the plaintext and are different from the public keys are generated using the phase truncation approach.PTFT is further extended in other transform domains as well [60].The complete PTFT operation can be performed as follows: (a) Encryption process Step 1: The plaintext image I(x, y) is modulated with a random phase mask (RPM) and Fourier transformed (FT).Mathematically, it can be represented as: Step 2: The output of Step 1 is subjected to the phase truncation and phase reservation process.The phase truncated part acts as the ciphertext of the cryptosystem, whereas the phase reserved part acts as the private key of the cryptosystem.Mathematically, Step 2 is discussed in Equations ( 10) and (11).The schematic flowchart of the encryption process of the PTFT-based cryptosystem is depicted in Figure 8.
(b) Decryption process The decryption process of the PTFT-based cryptosystem is discussed as: Step 1: The private key and ciphertext are combined and propagated through the Fourier transform.Mathematically, the decryption process is discussed in Equation (12). Figure 9 depicts the schematic flowchart of the decryption process of the PTFTbased cryptosystem.

Equal Modulus Decomposition
In 2015, Cai et al. proposed equal modulus decomposition (EMD) to solve the si ette problem [68].When EMD is applied on an image, it decomposes the signal int complex masks of equal moduli, i.e.,  and  ; one acts as a private key of the cryp tem and the other is either further processed in the cryptosystem or acts as a privat [69][70][71].To discuss the basic principle of equal modulus decomposition, an input i  ,  of the Cameraman is bonded with a random phase mask (RPM) and transfo through the Fourier transform.The output obtained after the Fourier transform is de posed using EMD.The principle of EMD is depicted in Figure 10.The flowchart of a tosystem based on EMD is demonstrated in Figure 11 and can be mathematically r sented by Equations ( 13)- (15) 14) and (15 inverse of the equal modulus decomposition is given by Equation ( 16).

Equal Modulus Decomposition
In 2015, Cai et al. proposed equal modulus decomposition (EMD) to solve the silhouette problem [68].When EMD is applied on an image, it decomposes the signal into two complex masks of equal moduli, i.e.,  and  ; one acts as a private key of the cryptosystem and the other is either further processed in the cryptosystem or acts as a private key [69][70][71].To discuss the basic principle of equal modulus decomposition, an input image  ,  of the Cameraman is bonded with a random phase mask (RPM) and transformed through the Fourier transform.The output obtained after the Fourier transform is decomposed using EMD.The principle of EMD is depicted in Figure 10.The flowchart of a cryptosystem based on EMD is demonstrated in Figure 11 and can be mathematically represented by Equations ( 13)- (15) Here,  represents the Fourier transform,  ,  arg ′ ,  , and  ,  | ,  |.Choose  ,  , a random function which is distributed between 0, 2 , to decompose  ,  into the equal moduli  and  given in Equations ( 14) and (15).The inverse of the equal modulus decomposition is given by Equation ( 16).For a computational demonstration of the PTFT-based encryption, a sample MATLAB code is given in the Supplementary Material.

Equal Modulus Decomposition
In 2015, Cai et al. proposed equal modulus decomposition (EMD) to solve the silhouette problem [68].When EMD is applied on an image, it decomposes the signal into two complex masks of equal moduli, i.e., P 1 and P 2 ; one acts as a private key of the cryptosystem and the other is either further processed in the cryptosystem or acts as a private key [69][70][71].To discuss the basic principle of equal modulus decomposition, an input image I(x, y) of the Cameraman is bonded with a random phase mask (RPM) and transformed through the Fourier transform.The output obtained after the Fourier transform is decomposed using EMD.The principle of EMD is depicted in Figure 10.The flowchart of a cryptosystem based on EMD is demonstrated in Figure 11 and can be mathematically represented by Equations ( 13)- (15).
,    , We have provided a MATLAB implementation of equal modulus decomposition in the Supplementary Material.

Random Modulus Decomposition
In random modulus decomposition (RMD), unlike in the EMD, the input signal is decomposed into two unequal random moduli.Suppose  ,  is the input image scrambled with a random phase mask (RPM) and propagated through the Fourier lens.The output obtained in the Fourier transformed signal is decomposed into two parts,  and  , by virtue of random modulus decomposition, as illustrated in Figure 12.The flowchart of the basic cryptosystem based on RMD is depicted in Figure 13 [72].

Re
,    , We have provided a MATLAB implementation of equal modulus decomposition in the Supplementary Material.

Random Modulus Decomposition
In random modulus decomposition (RMD), unlike in the EMD, the input signal is decomposed into two unequal random moduli.Suppose  ,  is the input image scrambled with a random phase mask (RPM) and propagated through the Fourier lens.The output obtained in the Fourier transformed signal is decomposed into two parts,  and  , by virtue of random modulus decomposition, as illustrated in Figure 12.The flowchart of the basic cryptosystem based on RMD is depicted in Figure 13 [72].Here, FT represents the Fourier transform, φ(u, v) = arg(I′(u, v)), and A(u, v) =|I ′ (u, v)|.Choose θ(u, v), a random function which is distributed between [0, 2π], to decompose I ′ (u, v) into the equal moduli P 1 and P 2 given in Equations ( 14) and (15).The inverse of the equal modulus decomposition is given by Equation ( 16).

Re
We have provided a MATLAB implementation of equal modulus decomposition in the Supplementary Material.

Random Modulus Decomposition
In random modulus decomposition (RMD), unlike in the EMD, the input signal is decomposed into two unequal random moduli.Suppose I(x, y) is the input image scrambled with a random phase mask (RPM) and propagated through the Fourier lens.The output obtained in the Fourier transformed signal is decomposed into two parts, P 1 and P 2 , by virtue of random modulus decomposition, as illustrated in Figure 12.The flowchart of the basic cryptosystem based on RMD is depicted in Figure 13 [72].
The input image can be decomposed into two random complex parts,  and  .Mathematically, the random modulus decomposition is described in Equations ( 19)- (21).

𝑃 , 𝑃
, ′ , Here,   |′ ,  | and    ′ ,  are the amplitude and argument of the input image.Let  and  be random phase masks having values in the interval 0,2 .The inverse of random modulus decomposition is given by Equation (22).

𝐼 𝑢, 𝑣
,   , ,    , A simple demonstration of the above-discussed part for random modulation decomposition using MATLAB is given in the Supplementary Material.
The input image can be decomposed into two random complex parts,  and  .Mathematically, the random modulus decomposition is described in Equations ( 19)- (21).

𝑃 , 𝑃
, ′ , Here,   |′ ,  | and    ′ ,  are the amplitude and argument of the input image.Let  and  be random phase masks having values in the interval 0,2 .The inverse of random modulus decomposition is given by Equation (22).

𝐼 𝑢, 𝑣
,   , ,    , A simple demonstration of the above-discussed part for random modulation decomposition using MATLAB is given in the Supplementary Material.
The input image can be decomposed into two random complex parts, P 1 and P 2 .Mathematically, the random modulus decomposition is described in Equations ( 19)-( 21).
A simple demonstration of the above-discussed part for random modulation decomposition using MATLAB is given in the Supplementary Material.

Unequal Modulus Decomposition
This is a decomposition technique that divides a one-or two-dimensional signal into two signals having unequal phases and amplitudes.The unequal modulus decomposition is unlike that of the EMD or RMD and decomposes the input signal into two unequal moduli.Suppose F(x, y) is the input image that is diffused with a random phase mask Photonics 2024, 11, 99 13 of 22 (RPM) and propagated through the Fourier lens.The output obtained in the Fourier transformed signal is divided into two parts, F 1 and F 2 , by virtue of unequal modulus decomposition, as discussed in Figure 14.The flowchart of a basic cryptosystem based on UMD is depicted in Figure 15 [62,[73][74][75].Mathematically, sin The notational representation of unequal modulus decomposition is discussed in Equation (27).
,  ,  ,  ≡  ,  , where  , describes the unequal modulus decomposition function with the randomly generated functions  ,  and  ,  in interval 0,2 .The inverse of unequal modulus decomposition is given by Equation (28).

Polar Decomposition
The polar decomposition (PD) [76][77][78][79] is a process of decomposing a system i early independent factors.The PD of an image,  ,  , of the size  , is g Equation (30).Mathematically, the decomposition of the signal is given in Equations ( 25) and (26).
The notational representation of unequal modulus decomposition is discussed in Equation (27). [ where U MD α,β describes the unequal modulus decomposition function with the randomly generated functions α(u, v) and β(u, v) in interval [0, 2π].The inverse of unequal modulus decomposition is given by Equation (28).

Polar Decomposition
The polar decomposition (PD) [76][77][78][79] is a process of decomposing a system into linearly independent factors.The PD of an image, A(x, y), of the size M × N, is given in Equation (30).
where U and V are symmetric, positive definite matrices of the size M × N and are known as stretching matrices.R is a rotational matrix of the size M × N. A symmetric, positive definite matrix (UorV) and the rotational matrix (R) can be used to reconstruct the input matrix A(x, y).

Polar Decomposition
The polar decomposition (PD) [76][77][78][79] is a process of decomposing a system into linearly independent factors.The PD of an image,  ,  , of the size  , is given in Equation (30). , ,       (31) where  and  are symmetric, positive definite matrices of the size   and are known as stretching matrices. is a rotational matrix of the size  .A symmetric, positive definite matrix    and the rotational matrix  can be used to reconstruct the input matrix  ,  .Figure 16 demonstrates the geometrical representation of polar decomposition.This kind of decomposition gives the freedom to design multiuser optical encryption and authentication platforms, which can have several real-time applications.
The MATLAB implementation of the polar decomposition of an image is given in the Supplementary Material.

Attacks and Cryptanalysis
The development of new security methods and the attacks on them always go hand in hand.The study of cryptanalysis involves analyzing the operations of cryptosystems to achieve the correct decryption of data without using actual keys.The aim of cryptanalysis is to improve algorithms by identifying their weaknesses.To address the security issues of a cryptosystem, it is necessary to understand Kerckhoff's principle.It states that a "cryptosystem should be secure even if the attacker has access to everything except the security key".It was formulated at the end of the nineteenth century by the Dutch cryptographer Auguste Kerckhoff.In the field of optical security, the first attack on DRPEbased architecture was proposed by Peng et al. in 2006 [139].Gopinathan et al. [87] also proposed a known plaintext attack on DRPE.After that, the inherent linearity of DRPE has been exploited by many to design various attacks for DRPE-based algorithms [140][141][142][143][144][145].Afterwards, the asymmetric algorithms based on PTFT, EMD, RMD, UMD, polar decomposition, interference and various other methods have been reported.But sooner or later, some weakness of these methods have also been found, and some iterative and special iterative attacks have been designed to break them [6,[146][147][148][149][150][151][152][153].The MATLAB code for a simple chosen plaintext attack on the DRPE method using the Dirac delta function is given in the Supplementary Material.

Future Scope
As we know, in the future, more and more data will be generated, and data breaches by unauthorized individuals are inevitable.The current security protocols are not enough to fulfill the demands of the modern world.Thus, more sophisticated secure transmission protocols need to be developed.So, there is a scope for enhancement in the security of

Attacks and Cryptanalysis
The development of new security methods and the attacks on them always go hand in hand.The study of cryptanalysis involves analyzing the operations of cryptosystems to achieve the correct decryption of data without using actual keys.The aim of cryptanalysis is to improve algorithms by identifying their weaknesses.To address the security issues of a cryptosystem, it is necessary to understand Kerckhoff's principle.It states that a "cryptosystem should be secure even if the attacker has access to everything except the security key".It was formulated at the end of the nineteenth century by the Dutch cryptographer Auguste Kerckhoff.In the field of optical security, the first attack on DRPE-based architecture was proposed by Peng et al. in 2006 [139].Gopinathan et al. [87] also proposed a known plaintext attack on DRPE.After that, the inherent linearity of DRPE has been exploited by many to design various attacks for DRPE-based algorithms [140][141][142][143][144][145].Afterwards, the asymmetric algorithms based on PTFT, EMD, RMD, UMD, polar decomposition, interference and various other methods have been reported.But sooner or later, some weakness of these methods have also been found, and some iterative and special iterative attacks have been designed to break them [6,[146][147][148][149][150][151][152][153].The MATLAB code for a simple chosen plaintext attack on the DRPE method using the Dirac delta function is given in the Supplementary Material.

Future Scope
As we know, in the future, more and more data will be generated, and data breaches by unauthorized individuals are inevitable.The current security protocols are not enough to fulfill the demands of the modern world.Thus, more sophisticated secure transmission protocols need to be developed.So, there is a scope for enhancement in the security of image encryption algorithms.Therefore, in the upcoming years, researchers could continue the research by using cutting-edge technology and countering the available challenges.The following are a few directions and potential candidates which can be integrated with optical methods and could provide the necessary solutions to the coming challenges in the field of security:

•
Machine learning and AI in encryption: The integration of artificial intelligence (AI) and machine learning (ML) algorithms into an optical encryption system represents a promising avenue for bolstering security.By leveraging these technologies, encryption algorithms can be elevated to a new level of sophistication, dynamically adapting to the characteristics of image data and thereby increasing resilience against decryption attempts.ML's prowess in pattern recognition is harnessed for anomaly detection, enabling the identification of potential threats or unauthorized access.Furthermore, AI contributes to optimal key management, continuously analyzing usage patterns and recommending adjustments to fortify the encryption system.Real-time threat adaptation and behavioral analysis enhance the system's ability to respond to evolving risks, while adversarial machine learning techniques can anticipate and counteract specific attacks targeting the security of image data.In addressing quantum computing challenges, AI and ML also play a role in developing quantum-safe encryption methods, ensuring the enduring security of image information.Careful consideration of ethical implications and robust testing accompanies the implementation of these advanced technologies to ensure the reliability and effectiveness of the encrypted systems.

•
Multi-modal fusion: Integrating optical image encryption with other modalities, such as infrared or hyper-spectral imaging, offers a promising approach to fortifying the overall security of the encryption process.The synergy of different imaging modalities through multi-modal fusion introduces additional layers of complexity, significantly heightening the challenge for unauthorized entities attempting to decipher encrypted information.By combining optical encryption with diverse imaging techniques, the resulting system becomes more resilient to decryption attempts that rely on understanding a singular mode of information.This multi-modal approach not only enhances security but also broadens the range of potential applications, catering to scenarios where different imaging modalities may provide complementary benefits.As technology evolves, leveraging multi-modal fusion in image encryption underscores a proactive strategy in adapting to emerging threats and ensuring the robustness of secure information transmission.

•
Optical communication networks: The increasing prevalence of high-speed optical communication networks is driving a growing demand for efficient and secure optical image encryption methods.This demand is particularly pronounced in critical applications such as secure data transmission within optical communication systems, medical imaging, military communications and various other domains where the confidentiality and integrity of transmitted visual information are paramount.Efficient optical image encryption not only safeguards sensitive data but also ensures the seamless flow of secure information in fast-paced communication environments.The adoption of robust encryption techniques becomes crucial as these technologies play pivotal roles in diverse sectors, ranging from healthcare to defense, underlining the broader societal implications of advancing secure optical image transmission methods.

•
Blockchain integration: The integration of optical image encryption with blockchain technology presents a compelling solution for secure image storage and transmission.By leveraging blockchain's decentralized and tamper-resistant nature, the combination ensures the integrity and authenticity of encrypted images.Blockchain's distributed ledger technology creates an immutable record of transactions, making it extremely challenging for unauthorized entities to tamper with or alter the encrypted images.This decentralized approach enhances security by eliminating single points of failure and reducing the risk of malicious interference.Moreover, the transparent and traceable nature of blockchain adds an extra layer of trust, providing a verifiable history of image transactions.This innovative fusion of optical image encryption and blockchain technology not only strengthens data security but also aligns with the growing emphasis on decentralized and transparent solutions in various industries.

•
Biometric encryption: Integrating optical image encryption with biometric authentication methods offers a potent enhancement to security by introducing a user-specific identification layer.This approach involves incorporating biometric features such as fingerprints, iris scans, or facial recognition to control access to encrypted images.By tying encrypted image access to unique biometric data, the system ensures that only authorized individuals with verified biometric credentials can decrypt and view sensitive visual information.This not only strengthens the overall security posture by adding a personalized layer of authentication but also mitigates risks associated with unauthorized access or data breaches [154].The combination of optical image encryption and biometric authentication aligns with the trend toward multifactor authentication and provides a robust solution for safeguarding visual data in applications ranging from secure communications to access-controlled image repositories.

Figure 1 .
Figure 1.Publication trends of optical image encryption algorithms based on Google Scholar data

Figure 2 .
Figure 2. General algorithm of the image (a) encryption and (b) decryption process.

Figure 1 .
Figure 1.Publication trends of optical image encryption algorithms based on Google Scholar data.

Figure 1 .
Figure 1.Publication trends of optical image encryption algorithms based on Google Scholar data.

Figure 2 .
Figure 2. General algorithm of the image (a) encryption and (b) decryption process.

Figure 2 .
Figure 2. General algorithm of the image (a) encryption and (b) decryption process.

•
Histogram: Histograms represent the number of pixels having the intensity values in an image.The histogram shows how many pixels are present in an image at different intensities.The histogram shows pixels distributed between the 256 different grayscale values in an eight-bit grayscale image.It is also possible to make a histogram of a color image, either as an individual histogram for the red, green and blue channels or as a three-dimensional histogram where each axis represents a channel and the brightness at each point indicates the number of pixels.The histogram plots of the ciphertext and plaintext should be different for a robust cryptosystem, whereas the histogram plots of the plaintext and recovered image should be same.

Figure 3 .
Figure 3. Different approaches of image encryption algorithms.

Figure 4 .
Figure 4. Optical image encryption process of DRPE proposed by Refregier and Javidi in 1995.

Figure 4 .
Figure 4. Optical image encryption process of DRPE proposed by Refregier and Javidi in 1995.

Figure 4 .
Figure 4. Optical image encryption process of DRPE proposed by Refregier and Javidi in 1995.

Figure 6 .
Figure 6.Attractor of the Tinkerbell chaotic map.

Figure 6 .
Figure 6.Attractor of the Tinkerbell chaotic map.

Figure 8 .
Figure 8. Schematic flowchart of the encryption process of a PTFT-based cryptosystem.

Figure 9 .
Figure 9. Schematic flowchart of the decryption process of a PTFT-based cryptosystem.

Figure 8 . 23 Figure 8 .
Figure 8. Schematic flowchart of the encryption process of a PTFT-based cryptosystem.

Figure 9 .
Figure 9. Schematic flowchart of the decryption process of a PTFT-based cryptosystem.

Figure 9 .
Figure 9. Schematic flowchart of the decryption process of a PTFT-based cryptosystem.

Figure 10 .Figure 11 .
Figure 10.Graphical representation of the principle of equal modulus decomposition.

Figure 10 .
Figure 10.Graphical representation of the principle of equal modulus decomposition.

Figure 10 .Figure 11 .
Figure 10.Graphical representation of the principle of equal modulus decomposition.

Figure 11 .
Figure 11.Basic flow chart of the (a) encryption and (b) decryption process of EMD.

Figure 12 .
Figure 12.The geometrical representation of random modulus decomposition.

Figure 13 .
Figure 13.Basic flow chart of the (a) encryption and (b) decryption process of EMD.Mathematically,

Figure 13 .
Figure 13.Basic flow chart of the (a) encryption and (b) decryption process of EMD.Mathematically,

Figure 14 .Figure 15 .
Figure 14.Geometrical representation of unequal modulus decomposition (UMD).Figure 14.Geometrical representation of unequal modulus decomposition (UMD).Photonics 2024, 11, x FOR PEER REVIEW where  and  are symmetric, positive definite matrices of the size   a known as stretching matrices. is a rotational matrix of the size  .A sym positive definite matrix    and the rotational matrix  can be used to reco the input matrix  ,  .Figure16demonstrates the geometrical representation o decomposition.This kind of decomposition gives the freedom to design multiuser encryption and authentication platforms, which can have several real-time appli The MATLAB implementation of the polar decomposition of an image is given in t plementary Material.

Figure 15 .
Figure 15.Basic flow chart of the (a) encryption and (b) decryption process of UMD.The phase and amplitude of F′(u, v) are given by θ = arg[F′(u, v)] and A =|F′(u, v)| , repectively.α(u, v) and β(u, v) are two randomly generated functions in the interval [0, 2π].Mathematically, the decomposition of the signal is given in Equations (25) and(26).
Figure 16 demonstrates the geometrical representation of polar decomposition.This kind of decomposition gives the freedom to design multiuser optical encryption and authentication platforms, which can have several real-time applications.The MATLAB implementation of the polar decomposition of an image is given in the Supplementary Material.

Figure 15 .
Figure 15.Basic flow chart of the (a) encryption and (b) decryption process of UMD.

Figure 16 .
Figure 16.A geometrical illustration of polar decomposition.
Here,  represents the Fourier transform,  ,  arg ′ ,  , and   | ,  |.Choose  ,  , a random function which is distributed between 0, 2 , compose  ,  into the equal moduli  and  given in Equations ( .