Asymmetric cryptosystem based on optical scanning cryptography and elliptic curve algorithm

Article

Abstract

We propose an asymmetric cryptosystem based on optical scanning cryptography (OSC) and elliptic curve cryptography (ECC) algorithm. In the encryption stage of OSC, an object is encrypted to cosine and sine holograms by two pupil functions calculated via ECC algorithm from sender’s biometric image, which is sender’s private key. With the ECC algorithm, these holograms are encrypted to ciphertext, which is sent to the receiver. In the stage of decryption, the encrypted holograms can be decrypted by receiver’s biometric private key which is different from the sender’s private key. The approach is an asymmetric cryptosystem which solves the problem of the management and dispatch of keys in OSC and has more security strength than the conventional OSC. The feasibility of the proposed method has been convincingly verified by numerical and experiment results.

Introduction

Optical image encryption has attracted much attention in recent years because of its inherent capability of high parallelism and multidimensional freedoms (amplitude, phase and polarization). Since Refrégiér and Javidi first proposed the double random phase encoding (DRPE) technique1, researchers have introduced many extended optical encryption methods such as a series of optical transforms2,3,4,5, digital holography6,7,8, joint transform correlator9,10,11 and ghost imaging12,13,14, etc. Furthermore, optical scanning cryptography (OSC)15,16,17,18,19 envisioned by Poon has become a prospective technology. Different from that of other CCD-based hologram acquisition systems, it can capture the hologram of a physical object with a fast scanning mechanism along with single-pixel recording. Indeed, some encryption systems have been proposed based on OSC. Yan et al. obtained experimental results of encryption using fingerprint keys18. Furthermore, they first demonstrated optical cryptography of 3-D object images in an incoherent optical system with biometric keys19. However, like most of optical encryption systems, OSC is a symmetric cryptosystem whose encryption key and decryption key are generally identical or mutually conjugate. The key must be transmitted through another secured channel when the encrypted image is delivered. So, it is hard to make sure the security of keys management and dispatch. Qin and Peng have proposed a novel and inspirational asymmetric cryptography based on phase-truncated Fourier transform (PTFT) and DRPE20, but it cannot solve the problem of management and dispatch of keys. To solve these problems, the public key cryptosystem has been introduced into optical encryption.

In a public key cryptosystem, each user has a pair of keys: one published publicly (known as the public key) and another stored in a secure location (known as the private key)21,22,23. Yuan et al. have proposed an asymmetric system based on DRPE and Rivest-Shamir-Adelman (RSA)24, which has simultaneous transmission for an encrypted image and a double random-phase encryption key. Meng et al. have reported an asymmetric cryptosystem combining two-step phase-shifting interferometry with RSA public-key cryptography25. In addition to the RSA, elliptic curve cryptography (ECC) is another popular digital encryption algorithm, which was introduced by Miller26 and Koblitz27. Compared with RSA algorithm, ECC has smaller parameters with equivalent levels of security22,23. Specifically, ECC based on 600-bit keys has the same security level as a 21,000-bit RSA system23. It will take an enormous time to solve the elliptic curves discrete logarithm problem, even if the attacker uses the fastest known algorithm. Hence, ECC is more attractive for mobile communication because of the smaller key sizes and hence the more on bandwidth saving. Indeed, ECC has been introduced to optical systems. Fan et al. proposed an asymmetric cryptosystem based on two-step phase-shifting interferometry (PSI) and ECC28. Abd El-Latif and Niu presented a hybrid image encryption scheme29, which generates a key stream using cyclic elliptic curve point and chaotic system which in turn is used for encryption of data stream from the image. Liu et al. have given a cryptanalysis of Abd El-Latif’s scheme30, which is based on cyclic elliptic curve and chaotic system. In addition, there are many other extended ECC methods31,32,33. However, most of those methods applied ECC algorithm by complicated encoding on the image. And some methods may be invalid by only encrypting parameters of optical cryptosystems with ECC algorithm because the optical system itself is vulnerable to ciphertext-only attack (COA). In other words, attackers can recover the plaintexts from the ciphertexts without encrypting parameters. For example, OSC is a linear encryption system which can be vulnerable to COA by using phase retrieval algorithm34,35. In this regard, it is necessary to develop asymmetric cryptosystems to enhance the security of the symmetric cryptosystems.

In this paper, we propose an asymmetric cryptosystem based on ECC algorithm and OSC system with biometric keys. Owing to the asymmetric operation of OSC system, high security could be achieved. And the proposed method also solves the problem of the management and dispatch of keys in the optical system. In addition, it is a simple system and does not need to encode image into numbers. The feasibility of the proposed method has been convincingly verified by numerical and experiment results. Our approach can provide an extra dimension for secure encryption, one which can leverage emerging technologies for multi-wavelength transmission and imaging.

Optical scanning cryptography (OSC)

Optical scanning holography (OSH) is a method developed by Poon and Korpel16 for capturing holograms of physical objects with a single pixel sensor. Being different from other hologram acquisition methods that utilize digital cameras as the hologram recording devices, OSH is not restricted in the field of vision and the size of the hologram. Apart from hologram capturing, OSH can also be applied in optical encryption. In this section, we will give a brief introduction about optical scanning cryptography (OSC), an integration of OSH and encryption, as detailed description has been given in Ref.16. A 2-D array of data or function (e.g., a hologram) is denoted by a symbol in bold. For example, a 2-D array is represented by symbol AA, and an entry at the yth row and the xth column is denoted as A(x,y).

As shown in Fig. 1, both of the encryption and decryption systems are based on the architecture of Mach–Zehnder interferometer. After beam splitter (BS1), the laser beam with temporal frequency ω0

has been divided into two beams, and the frequency of one of the beams becomes ω0+Ω

by using an acousto-optic modulator (AOM) operating with frequency Ω

. The two beams are collimated by beam expanders, BE1 and BE2, and illuminate two pupil functions pp1 and pp2, respectively. It should be noted that these two pupil functions can be utilized to perform processing on the hologram that is acquired by the OSC system. The pair of beams emerging through the two pupils pass through Fourier lens L1 and L2, and are recombined into a scanning beam by a beam splitter (BS2). Subsequently, the combined beam is steered in a zigzag manner with a mirror that is driven by an x–y scanner. The combined field SS, located at a distance zc away from the back focal plane of lens L1, can be given as

where FT denotes the Fourier transform, j is the imaginary unit and symbol “∗

” is the 2-D convolution operation. h(x,y;zc) denotes the free impulse response in Fourier optics16. The specimen is a translucent object with intensity distribution gg, and located at an axial distance zc away from the focal plane of lens L1. The scanning beam is impinged on the specimen, and at each scan point photo-detector (PD) is employed to receive all the light scattered from the object, giving an electrical signal current as output. After bandpass filtering (BPF) of the signal current, heterodyne current at frequency Ω is obtained. The heterodyne current is then processed by a lock-in amplifier to give a couple of signal currents ic and is, which represent the in-phase hologram HHccooss, which is also called as cosine hologram, and the quadrature hologram HHssiinn, which is also called as sine hologram, respectively. Mathematically, a complex hologram acquired with the OSC system is given by

where FT−1 denotes the inverse Fourier transforms and OTFΩ is the optical transfer function (OTF) of the optical scanning system and expressed by

where symbol “†” denotes the complex conjugation. k0 is the wave number and f is the efficient focal length of lens L1 and L2. kx and ky denote the spatial frequencies along the x and y directions, respectively. From Eq. (2), we can see that the object can be encrypted by OTFΩ determined by pupil functions pp1 and pp2.

For decryption, we replace the object with a pinhole, δ(x,y), located zd away from the back focal plane of lens L1. After the similar processing as in the encryption stage, we can obtain the pinhole hologram HHppiinn expressed as

If the two pupils are correct in the encryption and decryption stages, the decryption image

is easy deduced by using the following calculation:

subject to condition

If the pupil functions pp1

and pp2 are derived from biometric signatures, such as fingerprints, the OSC and the captured hologram are referred as biometric encrypted optical scanning cryptography (BE-OSC), and biometric encrypted optical scanning hologram (BE-OSH), respectively.

The proposed biometric and asymmetric cryptosystem

The block diagram of our proposed method is shown in Fig. 2 and outlined as follows. To begin with, the parts on the left hand and the right hand sides of the vertical dotted line are the encryption side (operated by Alice), and the decryption side (operated by Bob), respectively. There are two shaded-shadow blocks showing different purposes. The gray blocks show the generation of secret and public keys and the blue blocks show the flow of encryption method. On the top blocks, Alice’s and Bob’s public key KKAA and KKBB are generated from their corresponding private keys kkaa and kkbb by ECC algorithm, respectively. Both sides share public keys, KKAA and KKBB.

We shall describe how the pair of keys are generated later. On the bottom blocks, the object is scanned by the OSC system in Fig. 1, and encrypted with the pupil functions which are derived from public key KKBB and private key kkaa.

kkaa is a biometric image of Alice, resulting in biometric encrypted optical scanning hologram (BE-OSH) HHBB.

Subsequently, the hologram HHBB

is embedded in HHBBMM , which is represented as elliptic curve coordinates by Koblitz encoding technique27. And HHBBMM is encrypted to ciphertext cc by ECC using the same keys, KKBB and kkaa.

On the decryption side, hologram HHBBMM is obtained from the ciphertext with public key KKAA and secret key kkbb that is only known to Bob. The biometric hologram, HHBB , is obtained from HHBBMM through using Koblitz decoding technique. Finally, the decryption image HHddee of the object is then obtained by decrypting HHBB with public key KKAA and secret key kkbb.

In Koblitz encoding and decoding technique, plaintexts are assumed as an integer m.

Then it is mapped to a curve point by multiplying a constant k and testing all the integers mk≤x<(m+1)k.

Obviously, m can be decoded by dividing the constant k.

In the following subsections, we shall explain the biometric encrypted OSC and the ECC in details.

Biometric encrypted OSC

In “Optical scanning cryptography (OSC)”, we have an overview of optical scanning cryptography. As for biometric encrypted OSC system, the pair of pupils are each replaced with a phase mask which is calculated from the user’s biometric image, such as fingerprint, iris and so on. In Fig. 2, the pair of phase masks are represented by public key KKBB

and private key kkaa.

kkaa is Alice’s biometric image. The result of the scanning is biometric encrypted hologram HHBB and the hologram is given by

As such, the process will be equivalent to encrypting the holographic information with the pupil functions being the encryption keys, and hologram HHBB can be taken as the ciphertext of the source image gg. From Eq. (3), we can infer that if functions pp1 and pp2 are not available to the public, the optical transfer function OTFΩ(kx,ky;zc)

is unknown. Hence it is not possible to deduce the image of the specimen from biometric encrypted hologram HHBB through an inverse relation.

However, OSC system is vulnerable to ciphertext-only attack because it is an inherent drawback in linear optical encryption systems34,35. Assume that attackers only get the ciphertext, the modulus of the Fourier transform of the ciphertext can be easily obtained as follows:

Then the problem of recovering plaintext can be transformed into phase retrieval with a single intensity measurement. And it can be solved by using a phase retrieval algorithm, such as Gerchberg-Saxton (GS) algorithm, hybrid input–output algorithm (HIO) and so on35. In view of this, we have incorporated a second stage in elliptic curve cryptography (ECC) to encrypt hologram HHBB, so as to enhance the security level of the holographic data.

Elliptic curve cryptography

Elliptic curve cryptography (ECC) is an asymmetric encryption method that is resistant to COA, even known-plaintext attack (KPA) which knows more assumed information than COA. As ECC has been reported in numerous literature, only a brief outline is provided for the sake of completion. Ep

is an elliptic curve equation over a finite field and expressed by

O is the identity element, a point at infinity. If a point P(x,y) on addition with infinity point O , the result is the point itself.

where “⊕” is point addition which is the basic operation in ECC. There are three cases in the point addition between two points, P(x1,y1) and Q(x2,y2), which add up to generate a third point R(x3,y3):

When parameters of elliptic curve a,b,p and base point P(x,y) are known, the following steps of ECC is given below.

Encryption:

a)Receiver (Bob) selects a random integer kbfrom the interval [1,n−1]as the privatekey, where n is the cyclic order. The corresponding public key KB=kb⊗P is publicized.

b) The value of plaintext m=(m1,m2) is included in elliptic curve coordinates. And it is encrypted with a point which is obtained by scalar multiplication between Bob’s public key KB and Alice’s private key ka , a random integer from the interval [1,n−1].

Ciphertext c=(cx,cy) is encrypted according to

Finally, the ciphertext and sender’s public key KA=ka⊗P are sent to the receiver using the form of {KA,c}.

Decryption:

c)Receiver decrypts the ciphertext with the private key kb

according to:

Encrypting the BE-OSC with the ECC

Next, we describe how the ECC is applied to encrypt the biometric encrypted hologram HHBB.

Without loss of generality, we assume that BE-OSC generates a square hologram of size M×M.

For clarity of explanation, the following terminology is defined. The sender is Alice and the receiver is Bob. Ep(a,b) denotes an elliptic curve that is characterized with Eq. (8). P(x,y) is the base point and PP=P×II where II represents a M×M unit matrix.

These parameters are known to Alice and Bob. kkaa and kkbb are two M×M arrays of integers within the range [1,n−1].

The value of kkaa and kkbb is biometric image or randomly generated and taken to be the secret key of the user on the encryption side (i.e. Alice) and decryption side (i.e. Bob), respectively.

Referring to Fig. 3, a pair of public keys, KKAA and KKBB are generated by Alice with secret key kkaa, and Bob with secret key kkbb, respectively, as given by

As explain previously, the scalar multiplication in Eq. (19) is an operation to move base point P(x,y) to a new position that is determined with its corresponding term in kkaa or kkbb.

Hence each member of KKAA and KKBB is also a point on Ep(a,b), and its value is an ordered pair corresponding to the horizontal and vertical coordinates of the point.

After generation of the public keys, Bob’s public key KKBB is published and sent to Alice. And the pair of phase masks of the pupils that are used in the encryption stage of OSC which can be derived from KKBB and kkaa as

After optical encryption, source image g is encrypted to hologram

As mentioned at last subsection, the source data of plaintext must belong to the elliptic curve so that ECC operators can be applied. To encrypt hologram HHBB obtained from BE-OSC, each pixel of the hologram is mapped to a point on the curve based on Koblitz encoding te

chnique, resulting in hologram

Subsequently, HHBBMM is encrypted into a ciphertext as

When Bob receives {KKAA,cc} sent from Alice, the mapped hologram can be recovered from the ciphertext with Bob’s private key kkbb.

After decryption, hologram HHBB can be obtained from HHBBMM through Koblitz decoding technique. Simultaneously, two pupils are deduced by Bob’s private key kkbb

and Alice’s public key KKAA.

Then pinhole hologram HHppiinn is obtained from Eq. (4). Finally, the decrypted image of the specimen HHddee is decrypted from the pinhole hologram by Eq. (5).

Experimental results

We have employed experiment to demonstrate the feasibility and effectiveness of the proposed method. The schematic of the experimental setup is shown in Fig. 1. We have adopted a 15mW He–Ne laser with λ = 632.8 nm as the coherent light source, and the heterodyne frequency (Ω/2π) is set to 25 kHz. The focal length of Lens L1 and L2 is 300 mm, and the coding distance zc is 30 cm. In our experiment, we have two settings: (1) Alice’s and Bob’s private keys are their fingerprints. In reality, private keys can be any integer random matrices from interval [1,n−1].

(2) To obtain high-quality encrypted holograms in optical encryption system, one pupil function pp1 can consist of a fingerprint image FP(x,y) and a positive lens with focal length f0, i.e. p1=FP(x,y)exp[jk0(x2+y2)/2f0].

We use a lens with focal length of 75.6 mm to replace a random phase plate because it is a simple phase mask, albeit not random in phase distribution but easy to find in a laboratory. Another pupil is a delta function, i.e.p2(x,y)=δ(x,y).

In the optical decryption system, the pinhole hologram can be obtained by putting in a pin hole as an object. These preferences are convenient and enough to demonstrate our proposed method. Based on the use of MATLAB R2016a with a personal computer, it is easy to verify the feasibility of the proposed asymmetric system.

To reduce the computation time, we set a=1,b=1

in Eq. (8) with prime number p=29989 and base point P(29142,23400).

Alice and Bob use their fingerprint as their private keys shown in Fig. 4a,b, respectively. Bob uses the ECC algorithm to generate Bob’s public key KKBB and publicizes it and KKBB has two parts, KKBBxx and KKBByy, as shown in Fig. 4e,f. When Alice wants to send the image ‘goat’ gg, as shown in Fig. 5a, Alice needs to obtain two pupils (pp1,pp2), as shown in Fig. 4g,h, by calculating kkaa⊗KKBB.

Then, the digital holograms of plaintext are recorded by the OSC system shown in Fig. 1. The output of the OSC system is a cosine hologram HHBBcc and a sine hologram HHBBss , as shown in Fig. 5c,d, respectively. Next, Alice encrypts the digital holograms into the ciphertext cc mby applying the proposed asymmetric method, which has two parts, ccxx and ccyy , as shown in Fig. 5e,f, respectively. Finally, Alice sends Bob {KKAA,cc} where KKAA is Alice’s public key whose two parts are shown in Fig. 4c,d. In the decryption stage, Bob uses kkbb and KKAA to calculate the two pupils (pp1,pp2) , as shown in Fig. 4i,j. Then Bob decrypts cc=(ccxx,ccyy) and obtains the recovered cosine and sine holograms, HHBBcc and HHBBss , as shown in Fig. 5g,h. Simultaneously, Bob can obtain the pinhole hologram HHppiinn , as shown in Fig. 5i,j. Finally, the decryption image HHddee is successful decrypted, as shown in Fig. 5b. The proposed cryptosystem has a simple structure and requires no encoding image into numbers. And it has strong secure strength because it encrypts holograms, not parameters, in ECC stage. On the other hand, if attacker uses the wrong fingerprint shown in Fig. 6a to decrypt the system, they will get wrong results. Figure 6b,c are the two pupils (pp1,pp2) generated by ww_kkbb⊗KKAA in decryption. And Fig. 6d,e show the recovered cosine hologram ww_HHBBcc

and sine hologram ww_HHBBsswith wrong key. The corresponding decrypted image is shown in Fig. 6e. We observe that the decrypted image is completely different the original image, and the contents are completely unrecognizable

Ethical approval

The authors confirmed that all experiments (taking fingerprints of an individual) were performed in accordance with relevant guidelines and regulations. The individual explicitly allowed the authors to use the data in the present publication.

Informed consent

In this study, we only used fingerprints, not involving other human participants. The fingerprint used in this study is taken from Aimin Yan. Aimin Yan performed the optical experiments in optical laboratory and provided informed consent for the same.

Further analysis and discussion

Next, we include a further analysis of the proposed method. First, the histogram of an image plots the pixel values against its frequency of occurrence. It is an important trait for ciphertext to distribute pixel values uniformly. Histogram of plaintext and its corresponding ciphertext using the proposed method are given in Fig. 7. Most of the pixel values of the “goat” are less than 0.1 in the histogram of Fig. 7a. After optical encryption, pixel values of the cosine and sine holograms distribute around 0.3 and 0.7, as shown in Fig. 7b,c, respectively. So, it may leak out information about plaintext. However, as shown in Fig. 7d,e, histograms of ciphertext are distributed equally and hence it is hard to obtain useful information from the ciphertext. These results demonstrate the proposed method works well.

Second, it is necessary to analyze the correlation of adjacent pixels, which reflects the correlation of pixel values in adjacent positions. If the correlation is large, it means that the difference of gray value in the larger area of the image is small, which will affect the security of the image. Therefore, we analyze the correlation between 2000 adjacent pixels randomly selected in three directions of these images. The correlation of adjacent pixels of plaintext and its corresponding ciphertext using the proposed method are given in Fig. 8. After optical encryption, the correlation between the adjacent pixels of cosine holograms and the adjacent pixels of sine holograms are still very high, as shown in Fig. 8b1–b3 and c1–c3, respectively. However, as shown in Fig. 8d1–d3 and e1–e3, the correlation of adjacent pixels of ciphertext are very low and hence the security of ciphertext are relatively high. In addition, the correlation coefficients of these images in three directions are shown in Table 1. It is proved that the proposed method is very effective.

Figure 8

(a1–a3) The adjacent pixel distributions of plaintext in the horizontal, vertical and diagonal directions; (b1–b3) the adjacent pixel distributions of cosine hologram in the horizontal, vertical and diagonal directions; (c1–c3) the adjacent pixel distributions of sine hologram in the horizontal, vertical and diagonal directions; (d1–d3) the adjacent pixel distributions of ccxx

in the horizontal, vertical and diagonal directions; (e1–e3) the adjacent pixel distributions of of ccyy

in the horizontal, vertical and diagonal directions.

Third, image information entropy expresses the average amount of information in the image, which is defined by the following equation:

where P(xi) is the probability of a gray value appearing in the image. If an image is very safe, the probability of all gray values should be equal, then according to the Eq. (28), H(x) is equal to 8. And the information entropy of these images are shown in Table 2. The information entropy of ciphertext is extremely close to 8, which shows that our method is very safe.

Fourth, let us consider that the ciphertext is transferred through a channel. It is possible that the receiver receives the cipher image with salt-and-pepper noise. When the receiver decrypts ciphertext with salt-and-pepper noise of 0.01 density which is the percentage of noise point that is in the total number of pixels. The reconstruction cosine and sine holograms are shown in Fig. 9a,b, respectively, and the corresponding recovered plaintext is shown in Fig. 9c. Figure 9d–f are shown with noise of 0.05 density. Finally, Fig. 9g–i are shown with noise of 0.1 density. In addition, we draw the curve between salt-and-pepper noise with different densities and image reconstruction rate, as shown in Fig. 10. These results demonstrate that the proposed cryptosystem has fairly good robustness.

Figure 9

Decrypted images with salt and pepper noise (a–c) are reconstruction cosine and sine holograms and recovered image with 0.01 density, respectively; (d–f) are images with 0.05 density; (g–i) are images with 0.1 density.

Fifth, we should discuss known plaintext attack to further prove the security of our cryptosystem. According to the Eq. (20),

as shown in Fig. 4e,f determine the cryptosystem's ability to resist known plaintext attack. If the public and fixed Kb is used, it will be vulnerable to known plaintext attack, but changing the value of Kb

frequently will make our cryptosystem more complicated. In order to solve this problem, Bob can randomly generate a secret key Kb′ and transmit

to Alice, as shown in the Fig. 11. Then Alice calculates the following equation:

Where

Therefore, Kb will be hidden and our cryptosystem can resist known plaintext attack.

Conclusion

We have proposed a novel asymmetric cryptosystem that combines optical scanning cryptography (OSC) with the elliptic curve public-key cryptographic algorithm. Simulation and experimental results have verified the feasibility of this method. The proposed method has the following advantages. First, the system realizes asymmetric encryption because the ways to obtain the encryption and decryption keys are different and the dispatch of keys does not need to be considered. Second, the cosine and sine holograms are nonlinearly encrypted simultaneously, so its security level is better than the conventional OSC system. Third, the overall system has good robustness and its ciphertext will not leak information of the plaintext. The proposed asymmetric cryptosystem for enhancing the security of OSC is also applicable to other acquired digital holograms from conventional digital holography for optical imaging encryption.