1. Introduction

With the rapid popularity of computer networks, issues about illegal image data access on internet being more and more serious and image encryption technique has attracted a growing attention. Due to their capability to ensure the security of data transmission and communication, optical image encryption techniques have become an important research field. Various optical encryption and encoding techniques in different domains such as the Fourier transform (FT), Fresnel transform (FrT), fractional Fourier transform (FrFT), gyrator transform (GT) and fractional Mellin transform domain have been proposed in the past two decades [1–15]. Moreover, Alfalou and Brosseau [16] analyzed the performance on different methods and pointed out many schemes can be used for compression simultaneously. Though these optical methods have excellent properties such as parallel and multidimensional capability of signal processing, most schemes mainly discuss the single image encryption, which reduce the efficiency when encrypting, storing and transmitting double or multiple images. Additionally, these schemes belong to the category of symmetric cryptosystems, in which the encryption keys are identical to decryption ones. Because of the inherently linear property of mathematical or optical transformation, these schemes are vulnerable to various attacks such as chosen plaintext attack.

In order to ensure security and improve efficiency of image transmission and communication on network, the multiple-image encryption has attracted lots of attentions. Situ and Zhang [17, 18] proposed the multiple-image encryption schemes based on wavelength multiplexing and position multiplexing. Alfalou and Mansour [19] multiplexed target images by using FT based on double random phase encoding. Subsequently, Alfalou et al. [20] suggested a multiple-image encryption scheme by using the discrete cosine transform (DCT) and the specific spectral filtering technique, which implemented simultaneous fusion, compression and encryption of multiple images. Liu et al. [21] proposed an optical multi-image encryption based on frequency shift technique, where the lower frequency parts of the plain images are selected, shifted and encrypted by using double phase encoding in FrFT domain. Wang and Zhao [22] designed a multiple-image encryption based on the nonlinear phase truncation operations in FT domain, which is vulnerable to various attacks such as chosen plaintext attack. Additionally, Wang and Zhao [23] proposed a fully phase multiple-image encryption based on superposition principle and digital holographic technique. Hwang et al. [24] proposed a multiple images encryption in FrT domain based on modified Gerchberg-Saxton algorithm (MGSA), which reduces the cross-talks of the decrypted images significantly. Based on MGSA, Chang et al. [25, 26] suggested the position multiplexing encryption schemes by using cascaded phase-only masks and Huang et al. [27] designed the scheme with architecture of two adjacent phase-only functions to increase capacity of the cryptosystem. Deng and Zhao [28] proposed a multiple-image encryption algorithm using phase retrieve algorithm and intermodulation in Fourier domain, which can avoid the cross-talk noise completely. Sui et al. [29] encrypted multiple images based on phase mask multiplexing technique in FrFT domain, in which the capacity is considerable enhanced.

As a special case, double-image encryption techniques also have attracted more attention than ever before. Li and Wang [30, 31] proposed the double-image encryption schemes in the GT and FrFT domains, where the iterative process between two plain images has high convergent speed. Liu et al. [32, 33] suggested the double-image encryption schemes in the GT domain not only by using iterative random binary encoding but also by using random phase encoding and pixel exchanging. Additionally, Liu et al. [34] encrypted two plain images into the amplitude and phase of a complex function, in which the discrete fractional angular transform is used. Zhang and Xiao [35] designed a double optical image encryption by using the discrete Chirikov standard map which is utilized to scramble the pixel positions and intensity values, respectively. Li and Wang [36] proposed a double-image encryption based on discrete fractional random transform and chaotic maps, which can raise the efficiency when encrypting, storing or transmitting. Sui et al. [37] proposed a double-image encryption based on discrete fractional random transform, where a chaotic confusion-diffusion process is used to break the correlations between adjacent bit planes efficiently. Wang and Zhao [38] suggested an algorithm to encrypt two covert images into an overt image based on phase retrieval and phase-truncated Fourier transform, which is asymmetric and the encryption keys are different from those in decryption process. Furthermore, Wang and Zhao [39] suggested an asymmetric double-image encryption which has a high level of robustness against the specific attack. Sui et al. [40] designed the asymmetric encryption between two plain images based on convolution operation in FrFT domain, which make the optical implementation of the decryption process convenient and efficient.

Recently, due to the excellent properties such as ergodicity, pseudo-randomness, sensitivity to initial conditions and control parameters, the chaotic maps are used to encrypt image in different transform domains, which can strengthen the nonlinearity of plain image in spatial and transform domains. Singh and Sinha [41, 42] proposed an optical image encryption schemes based on chaos not only in FrFT domain but also in GT domain. Additionally, Singh and Sinha [43] encrypted multiple images based on chaos and multiple canonical transforms, where three linear canonical transforms such as FrFT, extended FrFT and FrT are utilized. Li et al. [44] designed a double-image encryption based on the chaos-based local pixel scrambling technique in GT domain, Arnold transform is used to scramble pixels at the local area. Wu et al. [45] proposed a four-image encryption method based on spectrum truncation, chaos and the multiple-order discrete fractional Fourier transform (MODFrFT), where the spectrum truncation is employed in discrete FT domain and the resultant performance is better than similar algorithm.

In this paper, an asymmetric double-image encryption algorithm based on the cascaded chaotic discrete fractional random transforms and logistic maps is proposed. First, two original images are combined into an enlarged one which is scrambled in a confusion process. The confusion process consists of a number of rounds, and the pixel positions of the enlarged image are relocated by using the cat maps in each round. Next, the enlarged image is divided into two new components. With this confusion process, the statistical information of original images can be destroyed thoroughly. Second, one component is directly separated into two phase masks and used as for encryption keys. By multiplying one phase mask, another component is transformed to a complex interim by using the discrete fractional random transform and its phase is extracted as one decryption key. By multiplying another phase mask, the amplitude of the interim is transformed to a complex image, in which the amplitude is the final ciphertext with stationary white noise distribution and the phase is used as another decryption key. The private keys include the encryption keys such as the initial values of the logistic maps and the fractional orders of the discrete fractional random transform. Simultaneously, two decryption keys produced in the encryption process also used as the private keys, which makes the encryption scheme is asymmetric and high resistance against to the various attacks such as chosen plaintext attack. Simulation results and security analysis verify the feasibility and effectiveness of the proposed method.

The rest of this article is organized as follows. In Section 2, the basic principles and the processed of encryption and decryption are introduced in detail. In Section 3, numerical simulation results and security analysis are given. Finally, the conclusion is given in Section 4.

2. Encryption and decryption process

2.1 Two phase masks generated from an image

An image can be separated into two phase masks by using the algorithm proposed in [38], in which two phase masks can be considered as two unit vectors in a two-dimensional Cartesian coordinate system mathematically. For the sake of simplicity, the separation process is explained by using one-dimensional notations. Supposing$f(x)$denotes a normalized image with maxima as 1, the main steps are described as follows

2.2 Logistic map and chaos-based discrete fractional random transform

Chaos theory is a distinguished theory, which describes that the nonlinear dynamical systems convert from ordered state to disordered state. The dynamical systems are established based on various chaos functions such as logistic map, which are very sensitive to the initial parameters. With a chaotic map, a large number of random iterative values with the desirable properties of non-correlation, pseudo-randomness, ergodicity is generated. The chaotic maps have demonstrated great potential for information security, especially for image encryption.

The logistic map is a one-dimensional nonlinear chaos function and defined as

Similar to the fractional Fourier transform, the discrete fractional random transform (DFrRT) has mathematical properties such as linearity, multiplicity, index additivity and Parseval energy conservation and so on, which has widely been used in the implementation of image encryption cryptosystem. According to a one-dimensional signal$x$which size is$N$, the discrete fractional random transform [46] with order$\alpha$ can be expressed as follows

In this paper, the chaos-based DFrRT is used in the encryption process, in which the real random matrix$Q$in Eq. (10) is generated based on the logistic map. Firstly, a random sequence $X=\left\{x_1,x_2,\dots ,x_{N\times N+K}\right\},x_i\in (0,1)$is generated based on Eq. (6) with an initial values $x_0$and any integer$K$. Discarding the previous $K$values, the new sequence $X=\left\{x_1,x_2,\dots ,x_{N\times N}\right\},x_i\in (0,1)$is obtained. Secondly, the matrix$Q$is obtained by converting this sequence to a two-dimensional matrix.

2.3 Double-image encryption and decryption processes

The proposed double-image encryption and decryption is based on the cascaded DFrRT and logistic maps. The encryption process is shown in Fig. 1. Let $f_i\left(i=1,2\right)$ denote two plaintext images with size of $N\times N$pixels, the detailed procedures are described as follows

 

Fig. 1 Flowchart of encryption process.

Download Full Size | PDF

In this module, the two initial values of above logistic maps can be used as encryption keys in the encryption and decryption processes. Figure 2(a) shows the two grayscale images “Lena” and “Baboon” with$256\times 256$pixels and 256 Gy levels. The original images used in this paper are selected from USC-SIPI image database [47]. The two new components are shown in Fig. 2(b).

 

Fig. 2 (a) Plaintext images “Lena” and “Baboon” and (b) two new components.

Download Full Size | PDF

Obviously, a cascaded DFrRTs are employed to encrypt two original images, in which the related DFrRTs are chaos-based and the corresponding kernel transform matrices are produced by using Eqs. (8)-(10). In order to reduce the complexity of the cryptosystem, the related kernel transform matrices are identical, which are generated based on the logistic map with the same initial value$x_{03}$. So, the difference of cascaded DFrRTs lies in the different fractional orders.

The decryption process is depicted in Fig. 3, which is similar to the encryption process but in the reversed order. It should be paid attention to the following main steps

 

Fig. 3 Flowchart of decryption process.

Download Full Size | PDF

From the description of the encryption process, it is obvious that the initial values$x_{01}$, $x_{02}$and$x_{03}$of three logistic maps and the fractional orders$\alpha$and$\beta$of the DFrRT can be used as the encryption keys. The other parameters of the logistic maps such as$p$and$K$are fixed usually. In the computer simulation, the parameter$p$is set to 3.56995 and$K$set to 2000. Actually, these control parameters can be used as the encryption keys increase security of the cryptosystem due to the sensitivity of the logistic map to these parameters. In the process of decryption, the original images can be decrypted not only by using the encryption keys but also by using the decryption keys${\xi }_1$and${\xi }_2$, which are derived in the encryption process and directly related to the plaintext images. So, with the encryption keys$x_{01}$,$x_{02}$,$x_{03}$,$\alpha$,$\beta$ and the decryption keys${\xi }_1$,${\xi }_2$, the cryptosystem enlarge the key space greatly. Moreover, the proposed double-image encryption scheme belongs to the category of asymmetric technique as proposed in [38, 39], which can break the linearity of the DFrRT and has high resistance against to the potential attacks such as chosen-plaintext attack.

As pointed out in Ref [48], though the exact optical implementation of DFrRT remains an open problem, the encryption scheme based on DFrRT can be approximately implemented optically in the Fourier domain with the help of a typical $4f$system as shown in Fig. 4. Additionally, two gray scale images can be encrypted into one with same image size, which means the compression ratio of the proposed encryption scheme can achieve to 1:2.

 

Fig. 4 Optical implementation of DFrRT.

Download Full Size | PDF

3. Numerical simulation and security analysis

To verify the feasibility and effectiveness of the proposed encryption scheme, numerical simulations are performed on two original images “Lena” and “Baboon” shown in Fig. 2(a). The initial values$x_{01}$, $x_{02}$and$x_{03}$ of three logistic maps are set to 0.19, 0.73 and 0.56, respectively. The fractional orders$\alpha$and$\beta$are set to 0.23 and 0.85, respectively. The encryption and decryption results are given in Fig. 5. Figure 5(a) shows the ciphertext image with stationary white noise distribution. Figure 5(b) and 5(c) display the decrypted images with all correct keys.

 

Fig. 5 (a) Ciphertext image, (b) decrypted “Lena” and (c) decrypted “Baboon”.

Download Full Size | PDF

Figure 6(a)-6(c) display the decrypted image “Lena” with$x_{01}=0.19+1.0\times {10}^{-15}$, $x_{02}=0.73+1.0\times {10}^{-13}$and$x_{03}=0.56+1.0\times {10}^{-15}$, respectively. Similar results are obtained for the decrypted image “Baboon”.

 

Fig. 6 Decrypted “Lena” with (a) incorrect$x_{01}$, (b) incorrect $x_{02}$and (c) incorrect$x_{03}$.

Download Full Size | PDF

Figure 7(a) and 7(b) show the decrypted images with incorrect$\alpha =0.231$. Figure 7(c) and 7(d) show the decrypted images with incorrect$\beta =0.8505$. Figure 8(a) and 8(b) show the decrypted images with incorrect ${\xi }_1$which is generated randomly. Figure 8(c) and 8(d) show the decrypted images with incorrect${\xi }_2$.

 

Fig. 7 (a) Decrypted “Lena” with incorrect $\alpha$, (b) decrypted “Baboon” with incorrect $\alpha$, (c) decrypted “Lena” with incorrect $\beta$, (d) decrypted “Baboon” with incorrect $\beta$.

Download Full Size | PDF

 

Fig. 8 (a) Decrypted “Lena” with incorrect ${\xi }_1$, (b) decrypted “Baboon” with incorrect ${\xi }_1$, (c) decrypted “Lena” with incorrect ${\xi }_2$, (d) decrypted “Baboon” with incorrect ${\xi }_2$.

Download Full Size | PDF

In order to evaluate the quality of the decrypted image, the mean square error (MSE) between the original plaintext image and decrypted one is calculated as follows

Apparently, the security of the proposed encryption scheme is mainly determined by the initial values of three related logistic maps and the fractional orders of the DFrRT. As is illustrated in Fig. 6(a)-6(c), any valid information from the decrypted images cannot be reconstructed visually when the deviation of the initial value$x_{01}$,$x_{03}$ is up to ${10}^{-15}$as well as the deviation of the initial value$x_{02}$is up to${10}^{-13}$. So, the initial values of the logistic maps are sensitive to the proposed encryption scheme.

In order to test the sensitivity of the fractional orders, the decryption processes are performed by fixing one fractional order and varying the other. The relationship curves between the average MSE and the deviation of the fractional order are shown in Fig. 9, in which the deviation ranges from −0.1 to 0.1 and the step is 0.005. The average MSE is computed as

 

Fig. 9 Average MSE versus (a) the deviation of fractional order$\alpha$and (b) the deviation of fractional order$\beta$.

Download Full Size | PDF

According to an ideal cryptosystem, the size of key space should be large to resist the brute-force attack, namely the total number of different keys used in the decryption process should be large enough. As pointed in [35], the size of key space should at least be larger than$2^{100}$in order to obtain a high level of security. From the description of the proposed double-image encryption scheme, it is obvious that the chaotic permutation process in the combination and decomposition module is independent from the DFrRT. In the chaotic permutation process, the key spaces of the initial values$x_{01}$and$x_{02}$should be analyzed, which are denoted by$S_1$and$S_2$, respectively. In the DFrRT process, the key spaces of the initial value$x_{03}$and the fractional orders$\alpha$and$\beta$should be analyzed, which are denoted by$S_3$, $S_4$and$S_5$respectively. The entire key space of the cryptosystem is$S_1\times S_2\times S_3\times S_4\times S_5$. From Fig. 6(a)-6(c), the initial value$x_{01}$, $x_{02}$and$x_{03}$maintain 15, 13 and 15 digits after decimal point respectively, so$S_1\times S_2\times S_3={10}^{43}$. Figure 7(a)-7(d), the fractional orders$\alpha$and$\beta$maintain 3 digits after decimal point, which means$S_4\times S_5={10}^6$. Finally, the entire key space of the cryptosystem almost equals$2^{162}$, which is enormous enough to resist brute-force attack.

As a double-image encryption scheme based on asymmetric technique, the decryption keys play an important role in the decryption process. In order to evaluate the affection of the decryption keys, the case having a part of known data of the decryption keys${\xi }_1$and${\xi }_2$is considered and calculated. In Fig. 10(a), the top one-third of ${\xi }_1$is unknown and the corresponding data is replaced with$-\pi$. The decrypted images “Lena” and “Baboon” are shown in Fig. 10(b) and 10(c), respectively. Similarly, the top half of ${\xi }_2$is replaced with$-\pi$as shown in Fig. 10(d). The decrypted images “Lena” and “Baboon” are shown in Fig. 10(e) and 10(f), respectively. From Fig. 10, it is obvious that the decrypted results are close to noise-like images if the part of the decryption keys is lost.

 

Fig. 10 (a) Top one-third of ${\xi }_1$is unknown, (b) decrypted “Lena” with ${\xi }_1$, (c) decrypted “Baboon” with ${\xi }_1$, (d) top half of ${\xi }_2$is unknown, (e) decrypted “Lena” with ${\xi }_2$, (f) decrypted “Baboon” with ${\xi }_2$.

Download Full Size | PDF

Two aspects of statistical analysis are performed, one is testing on the histograms of the ciphertext and the decryption keys according to two groups of original images and the other is testing on the self-correlation values of adjacent pixels in the plaintext images, the ciphertext and the decryption keys. Figures 11(a)-12(c) display the histograms of the ciphertext image and the decryption keys of “Lena” and “Baboon” shown in Fig. 2(a). Figures 12(a) and12 (b) display another two original images “Aerial” and “Peppers”, which histograms of the ciphertext and the decryption keys are displayed in Fig. 13(a)-13(c). In Fig. 11 and Fig. 13, the histograms not only of the ciphertext images but also of the decryption keys have similar distribution, which mean that an illegal user cannot obtain any useful information from this statistical property.

 

Fig. 11 (a) Histograms of the ciphertext of “Lena” and “Baboon”, (b) histograms of the decryption key${\xi }_1$and (c) histogram of the decryption key${\xi }_2$.

Download Full Size | PDF

 

Fig. 12 (a) Plaintext image “Aerial” and (b) plaintext image “Peppers”.

Download Full Size | PDF

 

Fig. 13 (a) Histograms of the ciphertext of “Aerial” and “Peppers”, (b) histograms of the decryption key${\xi }_1$and (c) histogram of the decryption key${\xi }_2$.

Download Full Size | PDF

. In order to test the self-correlation values of adjacent pixels, the 2000 pairs of adjacent pixels are randomly selected in vertical, horizontal and diagonal directions from the plaintext images, the decryption keys of “Lena” and “Baboon”, respectively. Let$N$denotes the total number of pixels selected from the image, the self-correlation coefficients of two adjacent pixels is calculated as follows

Table 1. Correlation Results in the Plaintext Images, Ciphertext and Phase Distribution

View Table

As an important requirement in the decryption process, the robustness against noise such as Gaussian random noise should be analyzed. A Gaussian random noise is added to the ciphertext image of “Lena” and “Baboon”, in which the noise interferes with the ciphertext in the following way

 

Fig. 14 Decrypted images with coefficient$k$: (a) $k$ = 0.4, (b) $k$ = 0.6, (c) $k$ = 0.8 and (d) $k$ = 1.0.

Download Full Size | PDF

The robustness against occlusion is mainly carried out to evaluate the performance of the encryption scheme against loss of data in the ciphertext image. To do so, the decryption process is performed on the occluded ciphertext image of “Lena” and “Baboon” with all correct private keys, where the ciphertext image is occluded partly. Figure 15(a) shows the occluded ciphertext whose pixel values at the left-top corner are replaced with 0 in simulation, namely the ciphertext is cropped by 50% from the left side. Figure 15(b) and 15(c) displays the corresponding decrypted images “Lena” and “Baboon” from Fig. 15(a). Apparently, the main information of the original plaintext images can be recognized visually from Fig. 15(b) and 15(c). In other words, the proposed encryption scheme shows enough robustness against loss of ciphertext data. Similar results can be obtained when the ciphertext is cropped by 50% from the right side.

 

Fig. 15 (a) Ciphertext with 50% occlusion from the left side, (b) decrypted “Lena” and (c) decrypted “Baboon”.

Download Full Size | PDF

Usually, there are four potential attacks including cipher only attack, known plaintext attack, chosen plaintext attack and chosen ciphertext attack, in which chosen plaintext attack is the most powerful attack. As pointed out in [35], the cryptosystem should resist other attacks if it can resist chosen plaintext attack. For the proposed double-image encryption scheme, supposing an illegal user has known the encryption keys such as the initial values$x_{01}$, $x_{02}$,$x_{03}$and the fractional orders$\alpha$,$\beta$, he can encrypt two fake plaintext images and produce the decryption keys${\xi }_1$and${\xi }_2$. Then, he can use obtained decryption keys to decrypt the original ciphertext. The images “Aerial” and “Peppers” shown in Fig. 12(a) and 12(b) are chosen as fake plaintext images, the decryption keys${\xi }_1$and${\xi }_2$are obtained after encryption and used to decrypt the ciphertext of “Lena” and “Baboon”. Figure 16(a) and 16(b) display the decrypted images of “Lena” and “Baboon”, from which any valuable information cannot be obtained though the content of the fake images “Aerial” and “Peppers” can be seen faintly. As pointed out in [49–51], the encryption algorithms based on double random phase encryption has been demonstrated vulnerable to chosen plaintext attacks due to the linearity of the cryptosystem. However, the chaotic DFrRT of the proposed encryption scheme not only makes the encryption process more complex but also strengthens the nonlinearity both in spatial domain and DFrRT domain. Thus, the proposed encryption scheme can resist the potential types of attacks.

 

Fig. 16 (a) Decrypted “Lena” and (b) decrypted “Baboon”.

Download Full Size | PDF

4. Conclusion

In summary, an asymmetric double-image encryption scheme is proposed based on logistic maps and DFrRT. Two original images are combined into an enlarged one, which is scrambled by using the cat map based on two logistic maps and then decomposed into two new components. One of the two components is directly separated into two phase masks used in the encryption process and the other is used to derive the ciphertext by using the cascaded DFrRT. The cryptosystem is asymmetric, in which two decryption keys related to original images are generated and the chaotic DFrRT strengthens the nonlinearity both in spatial domain and DFrRT domain. The original images fail to be recovered unless all of the correct keys including the encryption keys and decryption keys are known. Simulation analyses verify that the proposed encryption scheme has the special advantages: the size of key space is large enough to resist brute force attack; the initial values of related logistic maps possess high sensitivity; the scheme has high capability of resisting statistical analysis; the scheme can resist high strength Gaussian random noise; the scheme has high robustness against the potential attacks such as chosen plaintext attack.