Asymmetric Optical Scanning Holography Encryption with Elgamal Algorithm

Abstract

This paper proposes an asymmetric scanning holography cryptosystem based on the Elgamal algorithm. The method encodes images with sine and cosine holograms. Subsequently, each hologram is divided into a signed bit matrix and an unsigned hologram matrix, both encrypted using the sender’s private key and the receiver’s public key. The resulting ciphertext matrices are then transmitted to the receiver. Upon receipt, the receiver decrypts the ciphertext matrices using their private key and the sender’s public key. We employ an asymmetric single-image encryption method for key management and dispatch for securing imaging and transmission. Furthermore, we conducted a sensitivity analysis of the encryption system. The image encryption metrics, including histograms of holograms, adjacent pixel correlation, image correlation, the peak signal-to-noise ratio, and the structural similarity index, were also examined. The results demonstrate the security and stability of the proposed method.

1. Introduction

Information security is important and ubiquitous. Specifically, optical imaging encryption technology is an integral part of information security [1,2]. The history of optical imaging encryption dates back to Refregier and Javidi, who built the first optical encryption system [3]. An optical encryption system first produces an image with a first random phase mask in the input plane. The Fourier transform of the product is subsequently encoded by a second random phase mask. This idea is known as double-random phase encoding (DRPE). Additional studies have been conducted using the same methodology [4,5,6,7,8]. However, most of these methods are vulnerable to security attacks, including chosen-ciphertext attacks (CCAs), known-plaintext attacks (KPAs), and ciphertext-only attacks (COAs). To augment security, research has investigated the management of security keys and the nonlinear configurations of optical systems. Examples of the efforts include the combination of DRPE with other methods, such as fractional Fourier transform, linear canonical transform, Hartley transform, gyrator transform, Fresnel transform, quantum technology, ghost imaging, photon computing, and laser detection [9,10,11,12,13,14,15]. Most of these methods, however, encrypt and decrypt in one- or two-dimensional phase or amplitude using a pure optical technology.

To exploit higher-dimensional information encryption, holographic technology has been used to encode more complex objects and multidimensional images. The idea of holography was first proposed by Dennis Gabor in 1948 [16]. Holography comprises two main categories: optical and digital holography. Digital holography is a combination of digital processing technology and an optical system that usually uses charge-coupled detectors (CCDs) instead of traditional holographic recording materials to record holograms. Digital holography is highly reliant on computers to collect, process, and analyze the collected holograms for digital reconstruction of the objects of interest, thus performing 3D information processing.

Optical scanning holography (OSH) is a type of digital holography. It is based on the concept of scanning a 3D object using 2D optical scanning to obtain 3D information of the object. Poon demonstrated the usefulness of this technology and named the technology OSH [17]. OSH finds diverse applications, one of which is optical cryptography. Optical encryption has excellent features, such as high-speed parallel processing, large key space, high security levels, and the capability to encode the spatial and frequency contents of images simultaneously. Recently, Lee et al. [18] enhanced OSH technology by developing a rapid and automated method for holographic image reconstruction. In the face of the emerging and increasingly mature technology of holography, other studies on holographic encryption techniques have been conducted; for instance, heterogeneous image encryption algorithms, integration of Arnold transform and chaos mapping image encryption methods, and techniques using neural networks to compress and encrypt holograms have also been used [19].

Previous research has demonstrated that when optical encryption is symmetrical, i.e., the same key is used in encryption and decryption, it is vulnerable to different attacks, such as KPAs, CCAs, and COAs. In addition, the overheads of key management and distribution are considerable. Some researchers have used a combination of optical and digital encryption technologies attempting to address vulnerability. Various digital encryption technologies have also been proposed, such as the symmetric cryptographic algorithms DES, 3DES, Blowfish, IDEA, TEA, CAST, Rijndael, RC6, Serpent, Twofish, MARS, and AES, which differ only in key length, security level, and encryption speed [20,21,22]. However, the management of symmetric keys is difficult for the users, and the cost of storing the keys increases with the expansion of key length. Compared with symmetric encryption, asymmetric encryption algorithms, such as RSA, ECC, and Elgamal, do not involve key delivery and thus are more suitable for practical applications [23,24]. Tsang et al. proposed the encryption of an image by combining the asymmetric algorithm RSA and optical scanning holography [19]. But the keys of RSA already exceeded 1024 bits, leading to an increase in computational time. Elgamal offers superior reliability and security compared to RSA, making it advantageous for generating different ciphertexts from the same plaintext. This characteristic further inspired the study [25,26,27,28].

We use two variations of the Elgamal algorithm to encrypt optical scanned holograms. Notably, Elgamal encryption and decryption require fewer key bits than RSA, resulting in fewer key agreements and higher security. The method is less computationally extensive than that of the RSA method and thus affordable in computing for practical real-world applications. The captured optical scanned holograms are complex-valued, comprising a real component and an imaginary component, which are referred to as the “cosine” and the “sine” holograms, respectively. The value of each hologram pixel is represented by a decimal number. Similar to encryption methods in general, the Elgamal algorithm is only applicable to integers, not decimal values. In this paper, we resolve the encryption challenge of decimals through Elgamal encryption and expand the application scope by converting decimals into fractions. These fractions are then utilized in the encryption process. Our research demonstrates a new scheme for high-security asymmetric image encryption, which can find rich engineering applications, such as space optical communication, remote sensing, and three-dimensional information encryption. The proposed method could also be applied to other wavelengths, including the infrared band.

The organization of this paper is given as follows. In Section 2, the principles of optical scanning holography and its applications in acquiring and encrypting holograms of physical objects are described. In Section 3, we outline two different Elgamal encryption methods, a simplified and a three-round handshake version, both of which will be adopted in our encryption scheme. Encrypting OSH holographic data with the two Elgamal encryption methods is presented in Section 4. Experimental results and a security analysis of the proposed encryption system are described in Section 4 and Section 5, respectively, followed by a conclusion summarizing the key findings.

2. Optical Scanning Holography: Digital Hologram Acquisition and Encryption

Poon and Korpel [17] pioneered the single-pixel optical scanning holographic technique. In contrast to the typical CCD camera-based digital holographic technique, the significant advantage of the technique is that the resolution of the imaging is not limited by the resolution of the CCD sensor. The optical scanning holographic setup is shown in Figure 1.

The system consists of two pupils ($p_1\left(x,y\right)$ and $p_2\left(x,y\right)$) and two beam splitters (${\mathrm{BS}}_1$ and ${\mathrm{BS}}_2$). A laser beam with temporal frequency ${\mathsf{\omega }}_0$ is separated into two beams through ${\mathrm{BS}}_1$, and the laser frequency is changed from ${\mathsf{\omega }}_{0 }$ to ${\mathsf{\omega }}_0+\mathsf{\Omega }$ by an acousto-optic modulator (AOM). The two beams are collimated using beam expanders ${\mathrm{BE}}_1$ and ${\mathrm{BE}}_2.$ The two pupils are located at the front focal planes of lenses $L_1$ and $L_2$. The beam splitter ${\mathrm{BS}}_2$ is used to combine the two optical beams from the two arms of the interferometer, and the combined beam is projected onto the object through the x–y scanner for a raster scan. $T\left(x,y\right)$ is the object’s intensity distribution to be scanned, which is located at a distance $\mathrm{z}$ from the back focal plane of lens $L_1$. Lenses $L_3$ and $L_3$ collect the light energy onto the photo-detectors (PD and PD1). The two beams with frequency ${\mathsf{\omega }}_{0 }$ and ${\mathsf{\omega }}_0+\mathsf{\Omega }$ through pupils $p_1\left(x,y\right)$ and $p_2\left(x,y\right)$ at the focal planes of lenses $L_1$ and $L_2$ are

$$ℱ{\left\{p_2\left(x,y\right)\right\}}_{{\mathrm{k}}_{\mathrm{x}}={\mathrm{k}}_{0}x/\mathrm{f},{\mathrm{k}}_{\mathrm{y}}={\mathrm{k}}_{0}y/\mathrm{f}}\times \exp \left[\mathrm{j}\left({\mathsf{\omega }}_0+\mathsf{\Omega }\right)\mathrm{t}\right]={\mathrm{P}}_2\left({\displaystyle \frac{{\mathrm{k}}_{0}x}{\mathrm{f}}},{\displaystyle \frac{{\mathrm{k}}_{0}y}{\mathrm{f}}}\right)\times \exp \left[\mathrm{j}\left({\mathsf{\omega }}_0+\mathsf{\Omega }\right)\mathrm{t}\right],$$

(1)

$$ℱ{\left\{p_1\left(x,y\right)\right\}}_{{\mathrm{k}}_{\mathrm{x}}={\mathrm{k}}_{0}x/\mathrm{f},{\mathrm{k}}_{\mathrm{y}}={\mathrm{k}}_{0}y/\mathrm{f}}\times \exp \left[{\mathrm{j}\mathsf{\omega }}_0\mathrm{t}\right]={\mathrm{P}}_1\left({\displaystyle \frac{{\mathrm{k}}_{0}x}{\mathrm{f}}},{\displaystyle \frac{{\mathrm{k}}_{0}y}{\mathrm{f}}}\right)\times \exp \left[{\mathrm{j}\mathsf{\omega }}_0\mathrm{t}\right],$$

(2)

where $ℱ$ denotes the Fourier transform, ${\mathrm{P}}_{\mathrm{i}}{\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}}\right)}_{\left(\mathrm{i}=1,2\right)}$ is the Fourier transform of $p_{\mathrm{i}}{\left(x,y\right)}_{\left(\mathrm{i}=1,2\right)}$, $\mathrm{j}$ is the imaginary unit, ${\mathrm{k}}_0$ is the wave number of the laser, and $\mathrm{f}$ is the focal length of lenses $L_1$ and $L_2$. After propagating a distance z toward $T\left(x,y\right)$, they are expressed as

$${\mathrm{P}}_2\left({\displaystyle \frac{{\mathrm{k}}_{0}x}{\mathrm{f}}},{\displaystyle \frac{{\mathrm{k}}_{0}y}{\mathrm{f}}}\right)\times \exp \left[\mathrm{j}\left({\mathsf{\omega }}_0+\mathsf{\Omega }\right)\mathrm{t}\right]*\mathrm{h}\left(x,y;\mathrm{z}\right),$$

(3)

$${\mathrm{P}}_1\left({\displaystyle \frac{{\mathrm{k}}_{0}x}{\mathrm{f}}},{\displaystyle \frac{{\mathrm{k}}_{0}y}{\mathrm{f}}}\right)\times \exp \left[{\mathrm{j}\mathsf{\omega }}_0\mathrm{t}\right]*\mathrm{h}\left(x,y;\mathrm{z}\right),$$

(4)

where $“*”$ denotes the two-dimensional convolution involving coordinates $\mathrm{x}$ and y and $\mathrm{h}\left(x,y;\mathrm{z}\right)=({\mathrm{jk}}_0/2\mathsf{\pi }\mathrm{z})\exp \left(-{\mathrm{jk}}_0\mathrm{z}\right)\exp \left[-{\mathrm{jk}}_0\left(x^2+y^2\right)/2\mathrm{z}\right]$ is the spatial impulse response in Fourier optics [29], and the combined scanning field $\mathrm{S}\left(x,y;\mathrm{z}\right)$ on the object slide $T\left(x,y\right)$ is

$$\mathrm{S}\left(x,y;z\right)=\left[{\mathrm{P}}_1\left({\displaystyle \frac{{\mathrm{k}}_{0}x}{\mathrm{f}}},{\displaystyle \frac{{\mathrm{k}}_{0}y}{\mathrm{f}}}\right)*\mathrm{h}\left(x,y;\mathrm{z}\right)\right]\exp \left[{\mathrm{j}\mathsf{\omega }}_0\mathrm{t}\right]+\left[{\mathrm{P}}_2\left({\displaystyle \frac{{\mathrm{k}}_{0}x}{\mathrm{f}}},{\displaystyle \frac{{\mathrm{k}}_{0}y}{\mathrm{f}}}\right)*\mathrm{h}\left(x,y;\mathrm{z}\right)\right]\exp \left[\mathrm{j}\left({\mathsf{\omega }}_0+\mathsf{\Omega }\right)\mathrm{t}\right].$$

(5)

After raster scanning T$\left(x,y\right)$ by $\mathrm{S}\left(x,y;\mathrm{z}\right)$, the photo-detector PD generates a heterodyne current passing through the lock-in amplifier to give two outputs: ${\mathrm{i}}_{\mathrm{c}}$ and ${\mathrm{i}}_{\mathrm{s}}$, namely, the in-phase hologram ${\mathrm{H}}_{\cos }\left(x,y\right)$ (cosine hologram) and the quadrature hologram ${\mathrm{H}}_{\sin }\left(x,y\right)$ (sine hologram), after digital storage in the PC. It has been shown that a complex hologram $\mathrm{H}\left(\mathrm{x},\mathrm{y}\right)$ can be constructed and given by [17]

$$\mathrm{H}\left(x,y\right)={\mathrm{H}}_{\cos }\left(x,y\right)+{\mathrm{jH}}_{\sin }\left(x,y\right)={ℱ}^{-1}\left\{ℱ\left\{T\left(x,y\right)\right\}{\mathrm{OTF}}_{\mathsf{\pi }}\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}};\mathrm{z}\right)\right\},$$

(6)

where ${ℱ}^{-1}$ denotes the inverse Fourier transform. ${\mathrm{OTF}}_{\mathsf{\pi }}\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}};\mathrm{z}\right)$ is expressed in terms of the two pupil functions as

$${\mathrm{OTF}}_{\mathsf{\pi }}\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}};\mathrm{z}\right)={\mathrm{e}}^{\mathrm{jz}\left({\mathrm{k}}_{\mathrm{x}}^2+{\mathrm{k}}_{\mathrm{y}}^2\right)/2{\mathrm{k}}_0}{\displaystyle \iint }{p}_1^{*}\left(\mathrm{x}\prime ,\mathrm{y}\prime \right) p_2\left(\mathrm{x}\prime +{\displaystyle \frac{{\mathrm{fk}}_{\mathrm{x}}}{{\mathrm{k}}_0}}, \mathrm{y}\prime +{\displaystyle \frac{{\mathrm{fk}}_{\mathrm{y}}}{{\mathrm{k}}_0}}\right){\mathrm{e}}^{\mathrm{jz}\left({ \mathrm{x} \prime \mathrm{k}}_{\mathrm{x}}+{ \mathrm{y} \prime \mathrm{k}}_{\mathrm{y}}\right)/\mathrm{f}}{\mathrm{dx}}^{\prime }{\mathrm{dy}}^{\prime } ,$$

(7)

where ${ \mathrm{k}}_{\mathrm{x}}$ and ${ \mathrm{k}}_{\mathrm{y}}$ are the spatial frequencies along the x and y directions and $p_1^{*}$ denotes the complex conjugate of $p_1$. As reflected in Equations (1)–(7), the sine and the cosine holograms can be optically encrypted using the two pupils $p_1\left(x,y\right)$ and $p_2\left(x,y\right)$, which serve as the encryption and the decryption keys.

To decrypt the image, we need to find out the complex conjugate of ${\mathrm{OTF}}_{\mathsf{\pi }}\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}};\mathrm{z}\right)$ or simply select the appropriate $p_1\left(x,y\right)$ and $p_2\left(x,y\right)$ in the decryption stage. In the decryption stage, we have, using Equation (6),

$${ℱ}^{-1}\left\{ℱ\left\{\mathrm{H}\left(x,y\right)\right\}{\mathrm{OTF}}_{\mathsf{\pi }}^{*}\left(x,y;{\mathrm{z}}^{*}\right)\right\}={ℱ}^{-1}\left\{ℱ\left\{T\left(x,y\right)\right\}{\mathrm{OTF}}_{\mathsf{\pi }}\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}};\mathrm{z}\right){\mathrm{OTF}}_{\mathsf{\pi }}^{*}\left(x,y;{\mathrm{z}}^{*}\right)\right\}=T\left(x,y\right),$$

(8)

when ${\mathrm{OTF}}_{\mathsf{\pi }}\left({\mathrm{k}}_{\mathrm{x}},{\mathrm{k}}_{\mathrm{y}};\mathrm{z}\right){\mathrm{OTF}}_{\mathsf{\pi }}^{*}\left(x,y;{\mathrm{z}}^{*}\right)=1$, which means that ${\mathrm{z}}^{*}=\mathrm{z},$ and the decryption of the object can be obtained.

3. Elgamal Encryption Algorithm

In Section 2, we described the principles of OSH and how optical encryption can be embedded into a system. It can be inferred from Equations (7) and (8) that encryption and decryption of the holographic data rely on the pair of pupil functions $p_1\left(x,y\right)$ and $p_2\left(x,y\right)$, which serve as the encryption as well as the decryption keys. A key is either provided by the sender or the receiver via the communication channel. This kind of cryptography is commonly referred to as symmetrical encryption. If the encryption key is intercepted by a man in the middle (MITM) while being sent from the transmission end to the receiving end, or vice versa, then all holographic data that are encrypted with the key can be easily recovered. In view of this, we assign a delta function to both pupil functions and do not incorporate the optical encryption in the hologram acquisition process.

Instead of employing the pupil functions for encryption, which only provides a low level of data protection, a more secure approach is through asymmetrical encryption, whereby the encryption key that is exchanged between the two parties (if any) is different from the decryption key that is privately kept by the receiver. In this way, even if the encryption key is exposed, it cannot be used to decrypt the encoded data. In this paper, we propose to adopt two types of asymmetrical encryption to enhance the protection of holographic data. The first one is a simplified version of the classical Elgamal method, while the second one is a three-round handshake Elgamal encryption scheme. Although RSA is another well-known asymmetric encryption algorithm, it is time-consuming. The computation loading of RSA encryption is intensive, and the process can be rather lengthy in encrypting large datasets [19]. Compared with RSA, the improved Elgamal encryption scheme is more secure and effective.

3.1. Simplified Elgamal Encryption

The Elgamal encryption algorithm is an asymmetric encryption algorithm proposed by Taher Elgamal in 1985 [26]. There are different variations on the method, and we have adopted a simplified version as part of our encryption scheme. Referring to Figure 2 showing the communication between a receiver, Bob, and a sender, Alice, Bob requests Alice to encrypt the number M with the Elgamal algorithm and send him the ciphertext. The encryption and decryption processes can be divided into three stages and outlined as follows. To begin with, let $x=\mathrm{mod}\left(\mathrm{A}, \mathrm{P}\right)$ denote the modulo operation, with $x$ being the remainder of $\left(\mathrm{A}÷\mathrm{P}\right)$.

Stage 1: Key Generation Algorithm.

At the receiving end, Bob first establishes his public and private keys.

(1) Randomly select a large prime number $\mathrm{P}$. Here, we can use the Fermat prime test or the Miller–Rabin prime test to determine whether the randomly generated number $\mathrm{P}$ is prime. A cyclic group G of large prime order $\mathrm{P}$ with a generator $\mathsf{\alpha }$ is generated.

(2) Randomly choose an integer ${\mathrm{K}}_{\mathrm{b}}\in \left\{2, 3, \dots , \mathrm{P}-2\right\}$ as the private key and compute the public key as

$${\mathrm{K}}_{\mathrm{B}}={\mathsf{\alpha }}^{{\mathrm{K}}_{\mathrm{b}}} \mathrm{mod} \mathrm{P}.$$

(9)

The set of public key parameters $\left(\mathrm{G},\mathrm{P},\mathsf{\alpha },{\mathrm{K}}_{\mathrm{B}}\right)$, is sent to the sender for encrypting the plaintext.

Stage 2: Encryption Algorithm.

At the sending side, Alice receives the public key parameters from Bob and uses them to encrypt a plaintext M which is in the form of a positive integer, as given by

$$\mathrm{c}=\mathrm{mod}\left({\mathrm{M}*\mathrm{K}}_{\mathrm{B}},\mathrm{P}\right).$$

(10)

Stage 3: Decryption Algorithm.

The ciphertext is sent to Bob and decrypted using Bob’s private key ${\mathrm{K}}_{\mathrm{b}}$, and the original text $\mathrm{M}$ is obtained after decryption as

$$\mathrm{M}=\mathrm{mod}\left(\mathrm{c}\times {\mathsf{\alpha }}^{\left(\mathrm{P}-{\mathrm{K}}_{\mathrm{b}}-1\right)},\mathrm{P}\right).$$

(11)

It can be inferred from Equations (10) and (11) that Elgamal encryption is vulnerable to chosen-plaintext attack. If the plaintext M and the ciphertext $\mathrm{c}$ are known, a set of plausible private keys that satisfies Equation (10) can be deduced with the brute force method. With more pairs of plaintexts and their ciphertexts, the plausible private keys can be narrowed down to a few possibilities or unambiguously identified. The cracked key(s) can be used to decrypt future encrypted messages. Having said that, deducing a private key with brute force is a difficult task. First, the attacker has to know the correspondence between the plaintext and its ciphertext. Second, the process is computationally intensive for large values of P.

Nevertheless, to prevent the chosen-plaintext attack, we also incorporated a three-round handshake Elgamal encryption method which cannot be compromised by plaintext attack.

3.2. Three-Round Handshake Elgamal Encryption Algorithm

Referring back to the communication between the receiver, Bob, and the sender, Alice, where Bob requests Alice to encrypt a number M with the Elgamal algorithm and send him the ciphertexts [26], different from the simplified Elgamal algorithm depicted in Figure 2 that involves the distribution of a public key, we adopted an enhanced version comprising a three-round handshake operation. The encryption and decryption processes can be divided into three stages outlined in Figure 3, including key generation, three-round handshake encryption, and decryption. The following terminology is adopted. Let $\mathrm{x}=\mathrm{mod}\left(\mathrm{A}, \mathrm{P}\right)$ denote the modulo operation, with x being the remainder of $\left(\mathrm{A}÷\mathrm{P}\right)$, and let $\mathrm{y}=\mathrm{imod}\left(\mathrm{x}, \mathrm{P}\right)$ denote the inverse modulo operation, where $\mathrm{mod}\left(\left(\mathrm{x}\times \mathrm{y}\right),\mathrm{P}\right)=1$.

Stage 1: Generating shared parameters for both parties.

At the receiving end, Bob randomly selects a large prime number $\mathrm{P}$ and generator $\mathsf{\alpha }$. The prime number P and the generator $\mathsf{\alpha }$ are sent to Alice. Both parties will use these two parameters in encryption and/or decryption.

Stage 2: Three-Round Handshake Encryption Algorithm.

At the sending side, Alice encrypts a plaintext M which is in the form of a positive integer. The process comprises three rounds of encryption, whereby the outcome of each process is exchanged between the two parties via a sequential handshaking arrangement. The entire operation can be divided into three steps, as shown below.

Step 1: Alice randomly selects an integer ${\mathrm{K}}_{\mathrm{a}}\in \left\{2, 3, \dots , \mathrm{P}-2\right\}$ as her private key. The ciphertext $\mathrm{c}$ is computed and sent to Bob as given by

$$\mathrm{c}=\mathrm{mod}\left({\mathrm{M}*\mathrm{K}}_{\mathrm{A}},\mathrm{P}\right),$$

(12)

where ${\mathrm{K}}_{\mathrm{A}}={\mathsf{\alpha }}^{{\mathrm{K}}_{\mathrm{a}}}$.

Step 2: Upon receiving the ciphertext $\mathrm{c}$ from Alice, Bob calculates the ciphertext $\mathrm{c} \prime$ and sends it to Alice, with

$$\mathrm{c} \prime =\mathrm{mod}\left({\mathrm{c}*\mathrm{K}}_{\mathrm{B}},\mathrm{P}\right),$$

(13)

where ${\mathrm{K}}_{\mathrm{B}}={\mathsf{\alpha }}^{{\mathrm{K}}_{\mathrm{b}}}$.

Step 3: Alice receives the ciphertext $\mathrm{c} \prime$ and uses ${\mathrm{K}}_{\mathrm{a}}$ to calculate $\mathrm{c} ″,$ then sends it to Bob.

$$\mathrm{c} ″=\mathrm{mod}\left( \mathrm{c} \prime \times \mathrm{imod}\left({\mathrm{K}}_{\mathrm{A}}, \mathrm{P}\right),\mathrm{P}\right).$$

(14)

Stage 3: Decryption Algorithm.

Bob receives the ciphertext and decrypts it using Bob’s private key ${\mathrm{K}}_{\mathrm{b}}$, and the original text $\mathrm{M}$ is obtained after decryption given by

$$\mathrm{M}=\mathrm{mod}\left( \mathrm{c} ″\times \mathrm{imod}\left({\mathrm{K}}_{\mathrm{B}}, \mathrm{P}\right),\mathrm{P}\right)$$

(15)

From Equations (12)–(14), it is evident that the sender’s and the receiver’s private keys (${\mathrm{K}}_{\mathrm{a}}$ and ${\mathrm{K}}_{\mathrm{b}}$) can be randomly changed to generate different ciphertexts ($\mathrm{c}$, $\mathrm{c} \prime$, and $\mathrm{c} ″$) for the same plaintext. The encrypted message can only be decrypted with the private key of Bob, as given in Equation (15). This prevents known or chosen-plaintext attacks, whereby known pairs of plaintexts and ciphertexts are used as look-up tables to decrypt ciphertexts in the future.

As an example, suppose P = 113, $\mathsf{\alpha }$ = 2, ${\mathrm{K}}_{\mathrm{b}}$ = 50, and ${\mathrm{K}}_{\mathrm{a}}=3$. The plaintext M is an integer having the value 100.

First, from the private keys of Alice and Bob, we compute the corresponding parameters ${\mathrm{K}}_{\mathrm{A}}$ and ${\mathrm{K}}_{\mathrm{B}}$ as

$${\mathrm{K}}_{\mathrm{A}}=\left({\mathsf{\alpha }}^{{\mathrm{K}}_{\mathrm{a}}} \mathrm{mod} \mathrm{P}\right)=\left(2^3 \mathrm{mod} 113\right)=8, \mathrm{and} {\mathrm{K}}_{\mathrm{B}}=\left({\mathsf{\alpha }}^{{\mathrm{K}}_{\mathrm{b}}} \mathrm{mod} \mathrm{P}\right)=\left(2^{50} \mathrm{mod} 113\right)=83.$$

Next, the ciphertexts that are exchanged between Bob and Alice are given by

$$\mathrm{c}=\mathrm{mod}\left({\mathrm{M}*\mathrm{K}}_{\mathrm{A}},\mathrm{P}\right)=\mathrm{mod}\left(100*8, 113\right)=9,$$

$$\mathrm{c} \prime =\mathrm{mod}\left({\mathrm{c}}_1{*\mathrm{K}}_{\mathrm{B}},\mathrm{P}\right)=\mathrm{mod}\left(9*83, 113\right)=69, \mathrm{and}$$

$$\mathrm{c}″=\mathrm{mod}\left({\mathrm{c}}_1^{\prime }\times \mathrm{imod}\left({\mathrm{K}}_{\mathrm{A}}, \mathrm{P}\right),\mathrm{P}\right)=\mathrm{mod}\left(69\times 99,113\right)=51.$$

The receiver decrypts with Equation (15), recovering the plaintext as

$$\mathrm{M}=\mathrm{mod}\left( \mathrm{c} ″\times \mathrm{imod}\left({\mathrm{K}}_{\mathrm{B}}, \mathrm{P}\right),\mathrm{P}\right)=\mathrm{mod}\left(51\times 64,113\right)=100.$$

4. Proposed Optical Scanning Holographic System with Elgamal Encryption

The proposed OSH system is composed of two parts, as shown in Figure 4. The first part is the classical OSH, which has been described in Section 2. As mentioned previously, the pupil functions $p_1\left(x,y\right)$ and $p_2\left(x,y\right)$ are set to be a delta function, which does not lead to optical encryption. The second part is a process referred to as fractional decomposition, converting the cosine hologram ${\mathrm{H}}_{\mathrm{Cos}}$ into two arrays, ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}{ \mathrm{and} \mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}$, and the sine hologram ${\mathrm{H}}_{\mathrm{Sin}}$ into arrays ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$. All four decomposed arrays (${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1},{ \mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}$, ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$, and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$) are identical in size to the cosine and the sine hologram. The final part is our proposed Elgamal encryption scheme, described in Section 3. The simplified Elgamal encryption is applied to ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$, while the three-round encryption algorithm is applied to ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$. Details of the fractional decomposition and the encryption process are described as follows.

4.1. Fractional Decomposition

The captured optical scanning hologram comprises the real hologram ${\mathrm{H}}_{\mathrm{Cos}}$ and the imaginary hologram ${\mathrm{H}}_{\mathrm{Sin}}$, which are real numbers. Thus, each pixel in the holograms has to be converted into an integer representation prior to encryption with the Elgamal algorithm. In our approach, a real number is converted into an ordered pair of integers $\left({\mathrm{a}}_1,{\mathrm{a}}_2\right)$, which is referred to as the fractional decomposed pair. The process can be summarized into three steps and described as follows. To begin with, consider a real number a representing the value of an arbitrary pixel in either a cosine or a sine hologram.

Step 1:

The number a is converted into a fractional representation comprising a numerator and a denominator, both being an integer.

$$\mathrm{a}={\displaystyle \frac{{\mathrm{a}}_{\mathrm{n}}}{{\mathrm{a}}_{\mathrm{d}}}},$$

(16)

where ${\mathrm{a}}_{\mathrm{n}},{ \mathrm{a}}_{\mathrm{d}} \in \mathrm{Z}$.

Step 2:

To obtain the first member of the fractional decomposed pair, the exclusive or (XOR) operation is conducted on the absolute values of the numerator and denominator. Denoting the XOR operation as $\otimes$ and the absolute value of $\mathrm{z}$ as $\mathrm{abs}\left(\mathrm{z}\right)$, we have

$${\mathrm{a}}_1=\mathrm{abs}\left({\mathrm{a}}_{\mathrm{n}}\right)\otimes \mathrm{abs}\left({\mathrm{a}}_{\mathrm{d}}\right).$$

(17)

Step 3:

First, the sign bit s of the real number $\mathrm{a}$ is determined as

$$\mathrm{s}=0 \mathrm{if} \mathrm{a}<0, \mathrm{and} 1 \mathrm{otherwise}.$$

(18)

The second element of the ordered pair is obtained by replacing the least significant bit (LSB) of the denominator with the sign bit of a, as given by

$${\mathrm{a}}_2=\left(\mathrm{abs}\left({\mathrm{a}}_{\mathrm{d}}\right)\left|\right|\mathrm{s}\right),$$

(19)

where $\left|\right|$ denotes the LSB replacement operator.

Without loss of generality, we assume that the dynamic range of the hologram pixel is bounded within the range $\pm 1.0$. As an example, let $\mathrm{a}=0.17$, which can be converted into the fraction $\mathrm{a}={\displaystyle \frac{170}{1000}}$. The sign bit $\mathrm{s}=$1 as $\mathrm{a}$ is positive.

The numerator and the denominator can be expressed in binary form as given by

$$\mathrm{a}={\displaystyle \frac{170}{1000}}={\displaystyle \frac{0010101010}{1111101000}}, \mathrm{with} {\mathrm{a}}_{\mathrm{n}}=0010101010 \mathrm{and} {\mathrm{a}}_{\mathrm{d}}=1111101000.$$

Applying Equations (17) and (19) to ${\mathrm{a}}_{\mathrm{n}}$ and ${\mathrm{a}}_{\mathrm{d}}$, we obtain

$${\mathrm{a}}_1=\mathrm{abs}\left({\mathrm{a}}_{\mathrm{n}}\right)\otimes \mathrm{abs}\left({\mathrm{a}}_{\mathrm{d}}\right) = \left(0010101010\otimes 1111101000.\right)=1101000010, \mathrm{and}$$

$${\mathrm{a}}_2=\left(\mathrm{abs}\left({\mathrm{a}}_{\mathrm{d}}\right)\left|\right|\mathrm{s}\right)=\left(1111101000\left|\right|1\right)=1111101001.$$

Hence, the fractional decomposed pair $\left({\mathrm{a}}_1,{\mathrm{a}}_2\right)$ is $\left(1101000010, 1111101001\right)$ or $\left(834, 1001\right)$ in base-10 representation.

4.2. Recovering Values from Fractional Decomposed Pairs

From the fractional decomposed pair obtained with Equations (17) and (19), the original decimal value can be recovered as follows.

The absolute value of the numerator can be found by performing an exclusive or operation on ${\mathrm{a}}_1$ and ${\mathrm{a}}_2$, i.e.,

$$\mathrm{abs}\left({\mathrm{a}}_{\mathrm{n}}\right)={\mathrm{a}}_1\otimes {\mathrm{a}}_2$$

(20)

By comparison with Equations (17) and (19), it can be seen that the LSB of the numerator may not retain its original value, as ${\mathrm{a}}_2$ is derived from replacing the LSB of ${\mathrm{a}}_{\mathrm{d}}$ by the sign bits. However, the change is negligible, as the numerator and the denominator are usually represented with 16 bits or more. The original decimal value is obtained as

$$\mathrm{a}={\displaystyle \frac{{\mathrm{a}}_{\mathrm{n}}}{{\mathrm{a}}_{\mathrm{d}}}}\approx \mathrm{t}\times {\displaystyle \frac{\mathrm{abs}\left({\mathrm{a}}_{\mathrm{n}}\right)}{{\mathrm{a}}_2}}=\mathrm{t}\times {\displaystyle \frac{\left({\mathrm{a}}_1\otimes {\mathrm{a}}_2\right)}{{\mathrm{a}}_2}},$$

(21)

where $\mathrm{t}=-1$ if the LSB of ${\mathrm{a}}_2$ is 0 and 1 otherwise.

Referring to the previous example in Section 4.2, we have

$$\mathrm{r}=\mathrm{t}\times {\displaystyle \frac{\left({\mathrm{a}}_1\otimes {\mathrm{a}}_2\right)}{{\mathrm{a}}_2}}=1\times {\displaystyle \frac{\left(1101000010\otimes 1111101001\right)}{1111101001}}={\displaystyle \frac{0010101011}{1111101001}}={\displaystyle \frac{171}{1001}}=0.1708\approx 0.17.$$

It can be seen that the original value of a cannot be fully recovered, but the error is negligible.

4.3. Elgamal Encryption and Decryption of Holographic Data

4.3.1. Encrypting the Holographic Data

Referring to Figure 4, fractional decomposition, based on Equations (16)–(19), is applied to each pixel of the cosine hologram to give a fractional decomposed pair. The first and the second elements of the fractional decomposed pairs are grouped into arrays, ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1} \mathrm{and}$ ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}$, respectively. In the same way, the sine hologram is fractionally decomposed into arrays ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$.

Each element in ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}$ is encrypted with the three-round Elgamal encryption algorithm, based on Equations (12)–(14). The result is an encrypted array: ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}}″$. Likewise, ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$ is encrypted in the same way to give an encrypted array: ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}}″$.

The elements corresponding to ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$ are encrypted with the simplified Elgamal algorithm based on Equation (10), resulting in a pair of encoded arrays: ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}}$ and ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}}$.

The four encrypted arrays: ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}}″$, ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}}″$, ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}}$, and ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}}$ are the ciphertexts of the cosine and the sine holograms, which are sent to the receiver.

4.3.2. Decrypting the Holographic Ciphertexts

Equation (11) is applied to each element in the arrays ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}}$ and ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}}$ to reconstruct the arrays ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$. Subsequently, Equation (15) is applied to decrypt ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}}″$ and ${\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}}″$ into ${\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}$ and ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$. Subsequently, Equations (20) and (21) are applied to compute the numerator and the denominator of each pixel of the cosine and the sine holograms. The value of each hologram pixel is computed by dividing the numerator by the denominator of the corresponding pixel.

5. Experimental Results

We demonstrate the feasibility and effectiveness of the proposed scheme with experimental results. The optical scanned hologram of an object can be obtained from the OSH system shown in Figure 1. The coherent light source was a 12 mW He–Ne laser with $\mathsf{\lambda }=632.8 \mathrm{nm}$. The heterodyne frequency Ω was set to 25 KHz, $\mathrm{f}$ = 300 mm, the coding distance ${\mathrm{z}}^{*}$ = 30 cm, and the two pupil functions $p_1\left(x,y\right)=1$ and $p_2\left(x,y\right)=\mathsf{\delta }\left(x,y\right)$. The original image was composed of four sheep sub-images, as shown in Figure 5a. The physical size of the original image was around 15 mm × 18 mm. It was encoded into the cosine hologram ${\mathrm{H}}_{\cos }$ and the sine hologram ${\mathrm{H}}_{\sin }$ using the OSH system, as shown in Figure 5b,c. The Elgamal encryption parameter was $\mathrm{p}=9973$, $\mathsf{\alpha }=2$. The sender (Alice) chose the random number ${\mathrm{K}}_{\mathrm{a}}=5$ and computed her own private key ${\mathrm{K}}_{\mathrm{A}}=2^5.$ The receiver (Bob) chose a random number ${\mathrm{K}}_{\mathrm{b}}=7$ and computed his public key ${\mathrm{K}}_{\mathrm{B}}=2^7$ and sent ${\mathrm{K}}_{\mathrm{B}}$ to Alice.

We used MATLAB R2020a on a personal computer to verify the feasibility of the proposed asymmetric system.${\mathrm{H}}_{\mathrm{Cos}}$ and ${\mathrm{H}}_{\mathrm{Sin}}$ performed sign bit extraction and fractional conversion. Next, $“\left|\right|”$ was performed, leading to $({\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1},{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2})$ and $({\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}$, ${\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}$). Alice used ${\mathrm{K}}_{\mathrm{A}}$ to encrypt $({\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1},{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1})$ and ${\mathrm{K}}_{\mathrm{B}}$ to encrypt $\left({\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2},{ \mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}\right).$ Through three-round transmission and encryption with Bob, finally, he received the ciphertexts $\left({\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}}″,{ \mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}}\right)$ and $\left({\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}}″,{ \mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}}\right)$, as shown in Figure 6a–d. Bob used ${{\mathrm{K}}_{\mathrm{B}}}^{\left(\mathrm{p}-{\mathrm{K}}_{\mathrm{b}}-1\right)}$ to decrypt $\left({\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_1}}″,{ \mathrm{C}}_{{\mathrm{H}}_{\mathrm{Cos}\_{\mathrm{M}}_2}}\right)$ and $\left({\mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_1}}″,{ \mathrm{C}}_{{\mathrm{H}}_{\mathrm{Sin}\_{\mathrm{M}}_2}}\right).$ Then, the ${\mathrm{H}}_{\mathrm{Cos}}$ and ${\mathrm{H}}_{\mathrm{Sin}}$ holograms were recovered, as shown in Figure 7a,b. Figure 7c shows the decrypted image from the complex hologram H, as described in Section 4.3.2. It can be seen that the plaintext information was well encrypted.

6. Security Analysis and Discussion

It is important to analyze the security of the encryption system. We calculated the histogram of the hologram because it shows the pixel intensity distribution of the entire hologram. The distribution of the histogram is crucial for security, where a more evenly distributed hologram image can improve security. Histograms of the hologram and its corresponding ciphertext obtained using the Elgamal algorithm are shown in Figure 8. Figure 8a–c are the histograms of the cosine hologram, the unsigned cosine fractional XOR ciphertext, and the cosine sign ciphertext, respectively. Figure 8d–f are the histograms of the sine hologram, the unsigned sine fractional XOR ciphertext, and the sine sign ciphertext, respectively. The pixel distribution of the ciphertexts shown in Figure 8b,c,e,f is more dispersed and uniform than that of the cosine hologram and sine hologram shown in Figure 8a,d. The pixel value of the cosine hologram and the sine hologram is less than 0.2. Therefore, illegal attackers cannot obtain useful information from the ciphertext.

To quantitatively analyze the ciphertext and the decrypted images, the mean-square error (MSE) and the peak signal-to-noise ratio (PSNR) were adopted. The MSE and PSNR can be calculated using the following equations:

$$\mathrm{MSE}={\displaystyle \frac{1}{\mathrm{M}*\mathrm{N}}} {\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{M}}{\displaystyle \sum }_{\mathrm{j}=1}^{\mathrm{N}}{\left(\mathrm{X}\left(\mathrm{i},\mathrm{j}\right)-\mathrm{Y}\left(\mathrm{i},\mathrm{j}\right)\right)}^2,$$

(22)

$$\mathrm{PSNR}=10\log 10{\displaystyle \frac{{255}^2}{\mathrm{MSE}}},$$

(23)

where $\mathrm{M}$ and $\mathrm{N}$ represent the length and width of the image, where X(i, j) is the pixel value of the original image at position (i, j) and Y(i, j) denotes either a ciphertext or a decrypted image. The MSE values between the original image (Figure 5a) and the ciphertext images (Figure 6a,c) were 7531.42 and 6952.31, respectively. The higher the MSE value, the greater the difference between the original and the ciphertext images. Correspondingly, the PSNR value between the original image (Figure 5a) and the decrypted image (Figure 7c) was 117.91. The larger the PSNR, the smaller the distortion and difference between two images, showing the successful reconstruction of the holograms. There were no noteworthy differences between the original image and the decrypted image; thus, the proposed asymmetric encryption scheme has acceptable encryption and decryption performance.

Pixel correlation analysis is an analysis of the high correlation between adjacent pixels of an image. If the correlation is large, one pixel tends to leak information about the other pixels around it, and an attacker can use this characteristic to infer the grayscale value of the next pixel, thus possibly recovering the plaintext. The adjacent pixels in a digital image have similar intensities and therefore a strong correlation. The purpose of encryption is to reduce the correlation of adjacent pixels in an image to prevent the image from being cracked by an attack. For this, we randomly selected 10000 pairs of adjacent pixels in the horizontal, vertical, and diagonal directions and then performed correlation analyses on adjacent pixels of the cosine and sine holograms, which included the plaintext information, as shown in Figure 9. From Figure 9a–f, the correlation between the adjacent pixels of the cosine hologram and the sine hologram is high. The points in these pictures are all basically concentrated on a straight line. Figure 10 shows the adjacent pixel distributions in the horizontal, vertical, and diagonal directions of the cosine sign ciphertext and the sine sign ciphertext. However, as shown in Figure 10a–f, the points in these pictures are more random, indicating that the adjacent pixels of the ciphertext have a weak correlation. Figure 9 and Figure 10 prove that the plaintext information was well encrypted.

We then considered the structural similarity (SSIM). While PSNR is the most common and widely used objective image evaluation index, it is based on the error between the corresponding pixel points and does not consider the visual characteristics of the visual appearance. Therefore, the evaluation results are often inconsistent with the subjective perception of human vision. SSIM is a full-reference image-quality evaluation index that measures image similarity in terms of luminance, contrast, and structure, and it has been widely used in image encryption security analysis. $\mathrm{SSIM}$ was calculated using Equations (24)–(29).

$$\mathrm{SSIM}\left(\mathrm{X};\mathrm{Y}\right)=\mathrm{f}\left(\mathrm{X};\mathrm{Y}\right)*\mathrm{g}\left(\mathrm{X};\mathrm{Y}\right)*\mathrm{h}\left(\mathrm{X};\mathrm{Y}\right),$$

(24)

$$\mathrm{f}\left(x,y\right)={\displaystyle \raisebox{1ex}{$\left(2{\mathsf{\mu }}_{\mathrm{x}}{\mathsf{\mu }}_{\mathrm{y}}+{\mathrm{C}}_1\right)$}\!\left/ \!\raisebox{-1ex}{$\left({\mathsf{\mu }}_{\mathrm{x}}^2+{\mathsf{\mu }}_{\mathrm{y}}^2+{\mathrm{C}}_1\right)$}\right.},$$

(25)

$$\mathrm{g}\left(x,y\right)={\displaystyle \raisebox{1ex}{$\left(2{\mathsf{\sigma }}_{\mathrm{x}}{\mathsf{\sigma }}_{\mathrm{y}}+{\mathrm{C}}_2\right)$}\!\left/ \!\raisebox{-1ex}{$\left({\mathsf{\sigma }}_{\mathrm{x}}^2+{\mathsf{\sigma }}_{\mathrm{y}}^2+{\mathrm{C}}_2\right)$}\right.},$$

(26)

$$\mathrm{h}\left(x,y\right)={\displaystyle \raisebox{1ex}{$\left({\mathsf{\sigma }}_{\mathrm{xy}}+{\mathrm{C}}_3\right)$}\!\left/ \!\raisebox{-1ex}{$\left({\mathsf{\sigma }}_{\mathrm{x}}+{\mathsf{\sigma }}_{\mathrm{y}}+{\mathrm{C}}_3\right)$}\right.},$$

(27)

$${\mathsf{\mu }}_{\mathrm{x}}={\displaystyle \frac{1}{\mathrm{H}*\mathrm{N}}} {{\displaystyle \sum }}_{\mathrm{i}=1}^{\mathrm{H}}{{\displaystyle \sum }}_{\mathrm{j}=1}^{\mathrm{N}}\mathrm{X}\left(\mathrm{i},\mathrm{j}\right),$$

(28)

$${\mathsf{\sigma }}_{\mathrm{x}}^2={\displaystyle \frac{1}{\mathrm{M}*\mathrm{N}-1}} {\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{H}}{\displaystyle \sum }_{\mathrm{j}=1}^{\mathrm{N}}{\left(\mathrm{X}\left(\mathrm{i},\mathrm{j}\right)-{\mathsf{\mu }}_{\mathrm{x}}\right)}^2,$$

$${\mathsf{\sigma }}_{\mathrm{XY}}={\displaystyle \frac{1}{\mathrm{M}*\mathrm{N}-1}} {\displaystyle \sum }_{\mathrm{i}=1}^{\mathrm{H}}{\displaystyle \sum }_{\mathrm{j}=1}^{\mathrm{N}}\left(\mathrm{X}\left(\mathrm{i},\mathrm{j}\right)-{\mathsf{\mu }}_{\mathrm{x}}\right) \left(\mathrm{Y}\left(\mathrm{i},\mathrm{j}\right)-{\mathsf{\mu }}_{\mathrm{y}}\right) ,$$

(29)

where ${\mathsf{\mu }}_{\mathrm{x}}$ and ${\mathsf{\mu }}_{\mathrm{y}}$ denote the mean values of images $\mathrm{X}$ and $\mathrm{Y}$, respectively; ${\mathsf{\sigma }}_{\mathrm{x}}$ and ${\mathsf{\sigma }}_{\mathrm{y}}$ denote the variances of images $\mathrm{X}$ and $\mathrm{Y}$; and ${\mathsf{\sigma }}_{\mathrm{xy}}$ denotes the covariance of images $\mathrm{X}$ and $\mathrm{Y}$. ${ \mathrm{C}}_1$, ${\mathrm{C}}_2$, and ${\mathrm{C}}_3$ are constants. To avoid a denominator with a value of 0, they are usually defined as ${\mathrm{C}}_1={\left({\mathrm{K}}_1*\mathrm{L}\right)}^2$, ${\mathrm{C}}_2={\left({\mathrm{K}}_2*\mathrm{L}\right)}^2$, and ${\mathrm{C}}_3={\left({\mathrm{K}}_3*\mathrm{L}\right)}^2$, and, generally, ${\mathrm{K}}_1$ = 0.01, ${\mathrm{K}}_2$ = 0.03, and $\mathrm{L}$ = 255. $\mathrm{SSIM}$ takes the value range [0, 1]. The larger the value of $\mathrm{SSIM}$, the smaller the image distortion. When two images are identical, the value of $\mathrm{SSIM}$ is equal to 1. The $\mathrm{SSIM}$ value between the original image in Figure 5a and Figure 7c is 0.9834. It can be seen that the quality of the decrypted image is good; therefore, the proposed encryption system has high security.

We also analyzed the salt-and-pepper noise pollution of the encrypted hologram. Figure 11a is the decrypted image when the salt-and-pepper noise intensity with variance in Figure 6a,c is 0.01. Figure 11b is the decrypted image when the salt-and-pepper noise intensity variance increases to 0.05. The values of PSNR between the original image and the decrypted images in Figure 11a,b are 63.24 and 18.25, respectively. It can be seen that when the encrypted hologram is subjected to a small amount of salt-and-pepper noise pollution, the decrypted image still has a certain correlation with the original image. It is proved that the proposed encryption system has a certain anti-salt-and-pepper noise attack capability.

7. Conclusions

In this study, an optical scanning hologram was encrypted using the Elgamal algorithm, asymmetrically encrypting both the cosine and sine holograms simultaneously. This approach eliminates the need for key distribution or the risk of plaintext leakage. Our proposed scheme offers a higher security level compared to conventional symmetric optical scanning cryptography systems, as confirmed by simulations and experiments demonstrating its feasibility. The method promises diverse practical real-world applications in the information security field.