OSA's Digital Library

Optics Express

Optics Express

  • Editor: C. Martijn de Sterke
  • Vol. 17, Iss. 5 — Mar. 2, 2009
  • pp: 3270–3284
« Show journal navigation

Information hiding based on double random-phase encoding and public-key cryptography

Yuan Sheng, Zhou Xin, Mohammad S. Alam, Lu Xi, and Li Xiao-feng  »View Author Affiliations


Optics Express, Vol. 17, Issue 5, pp. 3270-3284 (2009)
http://dx.doi.org/10.1364/OE.17.003270


View Full Text Article

Acrobat PDF (4164 KB)





Browse Journals / Lookup Meetings

Browse by Journal and Year


   


Lookup Conference Papers

Close Browse Journals / Lookup Meetings

Article Tools

Share
Citations

Abstract

A novel information hiding method based on double random-phase encoding (DRPE) and Rivest-Shamir-Adleman (RSA) public-key cryptosystem is proposed. In the proposed technique, the inherent diffusion property of DRPE is cleverly utilized to make up the diffusion insufficiency of RSA public-key cryptography, while the RSA cryptosystem is utilized for simultaneous transmission of the cipher text and the two phase-masks, which is not possible under the DRPE technique. This technique combines the complementary advantages of the DPRE and RSA encryption techniques and brings security and convenience for efficient information transmission. Extensive numerical simulation results are presented to verify the performance of the proposed technique.

© 2009 Optical Society of America

1. Introduction

As an important branch of information security, information hiding technique has been widely investigated. In information hiding technique, a secret image is embedded into a host image after it is encrypted to ensure the imperceptibility of the secret image in the transmission process and prevent the information from being read by unauthorized person. Recently, Zhou et al. [12

12. X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. 53, 1777–1783 (2006). [CrossRef]

] proposed an information hiding method based on the DRPE technique where the encrypted complex image is hidden in an enlarged host image. However, the quality of the recovered image is deteriorated because of the direct information superposition. To solve this problem, Zhang et al. [13

13. H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. 278, 257–263 (2007). [CrossRef]

] proposed an information hiding technique where a mask of the DRPE system is hidden in an enlarged host image after it is modulated by sine and cosine functions. This method eliminates the detrimental effect of the direct information superposition on the decrypted image. However, this technique hides only one mask of the DRPE system into a host image before transmitting it to the receiver. The other mask needs to be delivered as a secret key through a secure channel, which adds additional burden on the network. In addition, attackers can easily recover the secret information if they intercept the secret key and the transmitted image where the other mask is hidden.

To alleviate the problems associated in the above mentioned methods, in this paper, we propose a novel information hiding technique by smartly utilizing the complementary features of the DRPE technique and RSA public-key cryptography system. In the proposed technique, the two phase-masks used in the DRPE system are utilized to diffuse and confuse information and make it more robust to resist occlusion. The private key of the RSA public-key cryptography system is used as the key in the proposed method to ensure security. The proposed system ensures simultaneous transmission of the ciphertext and the two phase-masks. Thus there is no need to transmit keys separately for secret information transmission and the receivers can recover the secret image without any ambiguity.

2. RSA public-key cryptography

  1. Select two large prime numbers p and q randomly;
  2. Calculate n = p × q, φ(n) = (p-1)(q-1), where φ(n) is the Euler function of n;
  3. Select an integer e, such that 1 < e < φ(n) and gcd(φ(n),e) = 1, where gcd(·) implies that φ(n) and e are prime to each other;
  4. The decryption key d is calculated by d · e ≠ 1 mod φ(n), where mod denotes modular arithmetic operation;
  5. {e, n} denotes the public key, and {d, n} denotes the private key.

In the encryption process, at first, divide the bit string of plaintext into many groups, and set the decimal number corresponding to each group be less than n. Then perform the encryption operation on each plaintext group m such that

cmemodn.
(1)

The decryption operation on each ciphertext group may be expressed as

mcdmodn.
(2)

3. The secret image hiding and extraction methods

3.1 Phase retrieval algorithm based on DRPE system

Figure 1 shows realization of the DRPE technique using a standard 4f system, where f(x, y) represents the input image, g(x, y) represents the gray image to be hidden on the output plane. Once the system is illuminated by a collimated light beam, f(x, y) is modulated by the phase mask 1 (PM1), defined as

θ(x,y)=exp[i2πθ0(x,y)],
(3)

The modulated image based light beam is Fourier transformed by lens (L1), which is then multiplied by phase mask 2 (PM2), expressed as,

φ(u,v)=exp[i2πφ0(u,v)],
(4)

where θ 0 (x, y) and φ 0 (u, v) are the two phase-functions inserted in the input plane and Fourier plane respectively, and their values are randomly distributed over the interval [0,1]. The transform process from the input image f(x, y) to the output image g(x, y) can be expressed as [1

1. P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20, 767–769 (1995). [CrossRef] [PubMed]

]

g(x,y)=FT1{FT{f(x,y)·θ(x,y)}·φ(u,v)},
(5)

where FT and FT -1 denote the Fourier transform and the inverse Fourier transform operations, respectively.

Sometimes we need to find a way to obtain the two phase-masks (PM1 and PM2), when f(x, y) and g(x, y) have been determined. That is, we choose an image as the input image f(x, y), and let it be transformed into a designated image to be hidden g(x, y) by DRPE system, so f(x, y) and g(x, y) are both known by us. The critical problem is to find the two phase-masks used in Fig. 1. It is somewhat similar to the image reconstruction and phase retrieval, which can be solved by phase retrieval algorithm. At present, there are many phase retrieval algorithms [17–20

17. R. W. Gerchberg and W. O. Saxton, “A practical algorithm for the determination of phase from image and diffraction plane pictures,” Optik. 35, 237–246 (1972).

], and in this paper we use the cascaded iterative Fourier transform (CIFT) algorithm [19

19. G. H. Situ and J. J. Zhang, “A cascaded iterative Fourier transform algorithm for optical security applications,” Optik. 114, 473–477 (2003). [CrossRef]

,20

20. G. H. Situ, J. J. Zhang, Y. Zhang, and Z. S. Zhao, “A cascaded-phase retrieval algorithm for optical image encryption,” J. Optoelectron. Laser. 15, 341–343 (2004) (in Chinese).

], which is an improvement on the Gerchberg-Saxton algorithm [17

17. R. W. Gerchberg and W. O. Saxton, “A practical algorithm for the determination of phase from image and diffraction plane pictures,” Optik. 35, 237–246 (1972).

]. In this method, iterative Fourier transform is used back and forth among the input, Fourier, and output planes according to Eq. (5) until the desired criterion [19

19. G. H. Situ and J. J. Zhang, “A cascaded iterative Fourier transform algorithm for optical security applications,” Optik. 114, 473–477 (2003). [CrossRef]

,20

20. G. H. Situ, J. J. Zhang, Y. Zhang, and Z. S. Zhao, “A cascaded-phase retrieval algorithm for optical image encryption,” J. Optoelectron. Laser. 15, 341–343 (2004) (in Chinese).

] is met. In general, the criterion can be the mean square error (MSE) or the correlation coefficient between the iterated and the target image, defined as

MSE(k)=1M×Nm=1Mn=1N[g(m,n)gk(m,n)]2
(6)

and

R(k)=m=1Mn=1N{g(m,n)E[g]}{gk(m,n)E[gk]}{{m=1Mn=1N[g(m,n)E[g]]2}{m=1Mn=1N[gk(m,n)E[gk]]2}}½,
(7)

respectively. In Eqs. (6) and (7), M × N is the size of the image, E[·] denotes the mean of the image, g denotes the original image to be hidden, and gk represents the image obtained after kth iteration of the CIFT algorithm. This algorithm has fast convergence speed, and ensures good quality of the recovered image [19

19. G. H. Situ and J. J. Zhang, “A cascaded iterative Fourier transform algorithm for optical security applications,” Optik. 114, 473–477 (2003). [CrossRef]

,20

20. G. H. Situ, J. J. Zhang, Y. Zhang, and Z. S. Zhao, “A cascaded-phase retrieval algorithm for optical image encryption,” J. Optoelectron. Laser. 15, 341–343 (2004) (in Chinese).

].

Fig. 1. The double random-phase encoding system

3.2 Specific method for information hiding

In this paper, we used a random 8 gray-scales image as the input image, whose gray values are uniformly distributed from 0 to 7. Reasons for such a selection will be explained in the appendix. From the above description in Section 3.1, we know that the input image f(x, y) can be transformed into the secret image g(x, y) by the modulation of the two phase-masks θ(x, y) and φ(u,v). Thus, hiding the secret image g(x,y) can be substituted by hiding the input image f(x,y) and the two phase-masks θ(x, y) and φ(u,v) (i.e. the two phase-functions θ 0(x,y) and θ 0(u,v)). The process of the information hiding is shown in Fig. 2, and the specific steps are described below:

1) The input image f(x, y) with only eight gray levels is divided into three bit-planes f 1(x, y), f 2(x, y), and f 3(x, y), respectively. Then the three bit-planes are encrypted by RSA public-key cryptography according to Eq. (1). Thus the three encrypted binary images f'1(x,y), f'2(x,y), and f'3(x,y) are obtained;

2) Choose a host image h(x, y) with same size as the input image. Then replace the lowest three bit-planes of the host image with the three binary images obtained in step 1). As a result, the image h'(x, y) is gotten;

3) Enlarge the image h'(x,y) with M×N pixels into the image H(x,y) with 2M × 2N pixels. The enlargement rules are as follows [12

12. X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. 53, 1777–1783 (2006). [CrossRef]

,13

13. H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. 278, 257–263 (2007). [CrossRef]

]:

H(2m1,2n1)=h'(m,n),H(2m1,2n)=h'(m,n),
H(2m,2n1)=h'(m,n),H(2m,2n)=h'(m,n).
m=1,2,3,,Mn=1,2,3,,N
(8)

From Eq. (8), it is evident that one pixel is extended to four pixels in neighboring rows and columns;

4) Superimpose phase-functions θ 0(x,y) and φ 0(u,v) into the enlarged image H(x, y) according to the following equations:

H'(2m1,2n1)=H(2m1,2n1)+αcos(2πθ0(m,n)),
H'(2m1,2n)=H(2m1,2n)+αsin(2πθ0(m,n)),
H'(2m,2n1)=H(2m,2n1)+αφ0(m,n),
H'(2m,2n)=H(2m,2n),
(9)

where H'(.,.) represents the combined image, and α represents a constant superposition parameter.

Fig. 2. Illustration of the information hiding and extraction processes

3.3 Extraction and decryption of the hidden information

The extraction and decryption of the hidden information involves the inverse process of the hiding and encrypting the original information as shown in Fig. 2. At first, the two phase-functions θ 0(x,y) and φ 0(u,v) are extracted from the combined image H'(x, y). From Eqs. (8) and (9), we get

αcos(2πθ0(m,n))=H'(2m1,2n1)H'(2m,2n),
(10)
αsin(2πθ0(m,n))=H'(2m,2n1)H'(2m,2n),
(11)
αφ0(m,n))=H'(2m,2n1)H'(2m,2n).
(12)

The real and imaginary parts obtained from Eqs. (10) and (11) are then used to compose a complex number A, given by

A(m,n)=[H'(2m1,2n1)H'(2m,2n)]+i[H'(2m,2n1)H'(2m,2n)]
=αcos(2πθ0(m,n))+sin(2πθ0(m,n))
=αexp(i2πθ0(m,n)).
(13)

Using Eq. (13), we can obtain the input plane phase mask θ 0(x, y) and the superposition parameter α as

θ0(m,n)=angle(A(m,n))2π,
(14)

and

α=abs(A),
(15)

where angle(·) represents the angle of the argument, and abs(·) represents the modulus of the argument. Using Eqs. (12) and (15), we can obtain the Fourier plane phase-function, expressed as

φ0(m,n)=H'(2m,2n1)H'(2m,2n)abs(A).
(16)

From Eqs. (14) and (16), it is obvious that one can accurately extract the phase-functions while eliminating the influence of the superposition parameter in the extraction process. The non-enlarged image h'(x, y) can also be obtained from the combined image as

h'(m,n)=H'(2m,2n).
(17)

Subsequently, the lowest three bit-planes of the image h', i.e., the three encrypted binary images f' can be extracted by using the RSA algorithm. After these binary images are decrypted by using the private RSA key according to Eq. (2), the input image f(x, y) can be retrieved by assembling the three decrypted bit-planes in order. The input image f(x, y) and the phase-functions θ 0(x,y) and φ 0(u,v) are then introduced in the DRPE system as shown in Fig. 1, in order to generate the secret image g(x, y).

The two phase-functions θ 0(x,y) and θ 0(u,v) needs to be treated in a slightly different way because our information hiding technique uses a subtraction algorithm. From Eq. (9), we observe that three of the four pixel positions are embedded with cos(2πθ 0(m, n)), sin(2πθ 0(m,n)) and φ 0(m,n), respectively, while the remaining pixel keeps its original value. Therefore, the embedded information can be successfully extracted by the subtraction algorithm using Eqs. (10), (11) and (12). If the phase-functions θ 0(x,y) and φ 0(u,v) are embedded in the four pixel positions after modulation by the sine and cosine functions, then all four pixels will contain embedded information. Thus the subtraction algorithm cannot be operated for extracting hidden information.

3.4 Numerical simulation and discussion

An extensive computer simulation software was developed to test the performance of the proposed information hiding and extraction technique, and the results are shown in Fig. 3. For simplicity, in the RSA based encryption process, we used n = p×q = 91593 × 77041 = 5515596313 (Actually, p and q are often chosen as big primes which are more than a decimal number 10100 in practical application), e = 1757316971, and d = 2674607171. The phase-masks PM1 and PM2 were obtained by performing 100 iterations of the CIFT algorithm. Here, the value of the parameter α in Eq. (9) was selected as 20. To measure the performance of the proposed technique, the peak signal-to-noise ratio (PSNR) metric [7

7. S. Kishk and B. Javidi, “Information hiding technique with double phase encoding,” Appl. Opt. 41, 5462–5470 (2002). [CrossRef] [PubMed]

] was used, which is defined as

PSNR=10*lg{1(2k1)2M×Nm=1Mn=1N[g'(m,n)g(m,n)]2}
(18)

where M×N is the size of image, k represents the gray level number, g and g' represent the original image and the obtained image, respectively. The PSNR is an indicator of image quality. It is based on the sum of the squared differences between corresponding pixels of two images, and decreases as the difference between g and g' increases. The PSNR of the combined image has been found to be 27.2 dB, and of the decrypted image is 31.2 dB.

Fig. 3. The computer simulation result for the method in this paper: (a) is the image to be hidden, (b) the enlarged host image, (c) the combined image, and (d) the decrypted image.
Fig. 4. PSNR for the combined image (circles) and for the decrypted image (points) for different α

Figure 4 illustrates how the value of α affects the PSNR for both the combined and decrypted images in Fig. 3. There is no optimum value for α, but the choice of α depends on following conditions. Firstly, perceptible deterioration cannot be induced to the host image by the superposed phase-masks. Secondly, the secret image can be decrypted by the DRPE system as an acceptable image, because the values of the phase functions must be rounded to the nearest integers before they are added into the digital host image, and their error values aroused by rounding are determined by the value of α. Thirdly, the proposed method should be robust enough to resist some kinds of attacks, such as adding noise, compression, filtering and so on. In this paper, the gray values of the host image are distributed in the interval [0,255], while the values of cos(2πθ 0(m,n)), sin(2πθ 0(m,n)) and φ 0(m,n) in Eq.(9) are distributed in the interval [0,1]. From Fig. 4, a comparably good result will be achieved if the value of α is set to 20.

Compared to alternative techniques [12

12. X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. 53, 1777–1783 (2006). [CrossRef]

,13

13. H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. 278, 257–263 (2007). [CrossRef]

], the proposed method provides two distinct advantages:

(i) It realizes simultaneous transmission for the ciphertext and the two phase-masks, and uses RSA public-key cryptography to ensure secure information transmission. In fact, the input image f(x,y) can be regarded as the ciphertext of the secret image g(x,y), thus avoiding the separate delivery of keys in the information transmission process.

(ii) It is quite imperceptible. The purpose of information hiding is to realize the imperceptibility of the secret image in the transmission process. The information hiding method is based on enlargement of the host image, i.e. every pixel is extended to four pixels with the same gray value in the neighboring rows and columns, as shown in Eq. (8). In alternate techniques [12

12. X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. 53, 1777–1783 (2006). [CrossRef]

,13

13. H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. 278, 257–263 (2007). [CrossRef]

], the secret data is superposed only on two out of every four pixels, so the other two pixels have no superposed information and contain the same gray value. Therefore, two pixels with the same gray value exist in every other row or column in the combined image. This characteristic may attract the attention of attackers to suspect that some secret information has been embedded in the combined image. However, in our technique, the secret data is superposed on three out of every four pixels as shown in Eq. (9). Thus, there is no regularity remaining in the combined image to attract attackers’ attention, and the secret data is more difficult to be perceived compared to alternate methods [12

12. X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. 53, 1777–1783 (2006). [CrossRef]

,13

13. H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. 278, 257–263 (2007). [CrossRef]

].

4. Security analysis

4.1. Complementary Advantages of DRPE and RSA public-key cryptography

From Eq. (1), we observe that the diffusion quality of RSA public-key cryptography is determined by the length of plaintext group. The diffusion insufficiency of RSA is illustrated in the image encryption process as shown in Figs. 5 and 6, respectively. For example, consider the binary image encryption process shown in Fig. 5. There are many plaintext groups with the same value in the binary image as shown in Fig. 5(a). These plaintext groups are encrypted into the same ciphertext groups by Eq. (1), so that the profile of the original image can still be seen after it is encrypted by the RSA as shown in Fig. 5(b). When a gray image is encrypted by RSA, the ciphertext cannot prevent the occlusion attack. From Figs. 6(a) and 6(b), we observe that the original image cannot be completely recovered by 75% of the encrypted image pixels leading to partial information loss. In this paper, the diffusion insufficiency of RSA public-key cryptography has been effectively tackled by using the DRPE technique as shown in Figs. 6(c) and 6(d), respectively. The decrypted image is fuzzy (PSNR=13.2 dB), but it displays the entire information of the secret image. The utilization of RSA also ensures simultaneous transmission of the two phase-masks, which is not possible DPRE technique. Thus the proposed technique yields better results by utilizing the complementary advantages of RSA and DPRE.

Fig. 5. (a) The original binary image, and (b) the encrypted image by RSA
Fig. 6. Effect of occluding 25% image pixels on the encrypted image by RSA and the combined image: (a) 25% of the image pixels are occluded after it is directly encrypted by the RSA, (b) the decrypted image from (a), (c) 25% of the combined image pixels are occluded, (d) the recovered image from (c), (e) the recovered image when only a single phase-mask φ is used and 25% of the combined image pixels are occluded.

As the secret image and the input image are real-valued distributions in this paper, only one phase-mask is needed for decryption according to DRPE method. But the 4f system with two phase-masks has better diffusion quality than that with one phase-mask. It makes the combined image robust to resist occlusion attack. The decrypted image is shown in Fig. 6(e) (using a single phase-mask, φ) when 25% of the combined images’ pixels are occluded. Comparing Figs. 6(d) with 6(e), we can see that the decrypted image using two phase-masks is clearer than that using one. Therefore, we employ two phase-masks to diffuse and confuse information in our method.

4.2 Robustness of the Proposed Technique

We conducted extensive computer simulations to illustrate the robustness of the proposed method. The superposition parameter α is set to 20 for all simulations tests conducted.

Fig. 7. Effect of adding Gaussian white noise to the combined image: (a) combined image with added Gaussian white noise, and (b) the recovered image.

In the first experiment, we tested the effect of adding additive white noise to the combined image and the simulation result is shown in Fig. 7. Figure 7(a) shows the combined image with added Gaussian white noise (mean 0 and variance 0.5), and Fig. 7(b) shows the corresponding recovered image with a PSNR of 16.3 dB.

Fig. 8. Combined and recovered images when JPEG compression is applied to the combined image: (a) 90% quality JPEG compressed combined image, (b) recovered image corresponding to image (a), (c) 85% quality JPEG compressed transmitted image, (d) recovered image corresponding to image (c).

In the following experiment, we tested the effect of applying JPEG compression to the combined image. We used discrete cosine transform (DCT) based coding to perform the JPEG compression. The experiments were performed for JPEG compression when 90% and 85% of the combined image quality are preserved and the experimental results are shown in Fig. 8. The PSNR when 90% and 85% of the combined image quality is reserved has been found to be 21.8dB and 15.7dB, respectively.

In the last experiment, we tested the effect of filtering the combined image with the Gaussian low-pass filter. The simulation results are shown in Fig. 9. Here, we used a 3×3 symmetric Gaussian low-pass filter with standard deviation of 256 pixels which is equal to half of the size of the combined image. From Fig. 9(b), we observe that the desired image has been recovered with a PSNR of 12.9 dB.

Fig. 9. The effect of filtering the combined image in the frequency domain: (a) filtered combined image via Gaussian low-pass filter, (b) the recovered image from (a) with PSNR of 12.9 dB.

5. Conclusion

We also conducted computer simulations to test the robustness of the proposed method. Simulation results show that the proposed technique is capable of recovering the secret image, even under severe distortions. For example, this technique can recover the secret image even when (i) 25% of the pixels are occluded, (ii) Gaussian white noise is added to the combined image, (iii) the combined image is compressed by JPEG compression, and/or (iv) filtered by Gaussian low-pass filters.

Appendix

In this appendix, we will explain the reasons why a gray-scales image instead of a binary image should be selected as the input image.

Firstly, we perform several numerical simulations to verify the property of DRPE technique that the secret image can be recovered by part of the ciphertext [4

4. B. Javidi, A. Sergent, G. Zhang, and L. Guibert, “Fault tolerance properties of a double phase encoding encryption technique,” Opt. Eng. 36, 992–998 (1997). [CrossRef]

,7

7. S. Kishk and B. Javidi, “Information hiding technique with double phase encoding,” Appl. Opt. 41, 5462–5470 (2002). [CrossRef] [PubMed]

] (in this paper, the ciphertext is represented by input image f(x, y)). We occlude 1/2, 3/4, and 7/8 of the input image pixels, and the occluded images are displayed in Figs. A1(a), A1(b), and A1(c), respectively. When the occluded input images and the two phase masks are introduced into the DRPE system as shown in Fig. 1, the corresponding decrypted images are obtained, and shown in Figs. A1(d), A1(e), and A1(f), respectively.

Fig. A1. The decrypted secret images recovered from part of the input image pixels: (a), (b), and (c) 1/2, 3/4, and 7/8 of the input image pixels are occluded; (d), (e), and (f) are the decrypted images corresponding to (a), (b), and (c), respectively.

From Fig. A1, we can observe that part of the input image is enough to decrypt the secret image. But when less than 1/4 of the input image pixels are used, the decrypted secret image is too fuzzy to be seen clearly.

If the attacker knows the steps of our information hiding method, the two phase-masks in the DRPE system can be easily extracted from the combined image (according to Eqs. (10) to (17)). Further, the secret image can be decrypted, provided the attacker obtains the input image or even more than 1/4 of the input image pixels.

If a binary image is taken as the input image f(x,y), the attacker even need not to decode the RSA-encoded input image f'(x, y). Because a binary image only has two kinds gray values (0 and 1), a random binary image, which is arbitrarily chosen, will have about 1/2 of its pixels which have the same gray value as the corresponding pixels of the input random binary image (as shown in Fig. A2(a) for example). Especially, an image, with 0 or 1 gray value for all pixels, has about 1/2 of its pixels which have the same gray value as the corresponding pixels of the input random binary image. For example, Fig. A2(b) is an image with 1 gray value for all pixels. Those pixels with 1 gray value in Fig. A2(a) are the same as the corresponding pixels of Fig. A2(b). The number of pixels with 1 gray value in Fig. A2(a) is about 1/2 of its total pixels, so Fig. A2(b) have about 1/2 of its pixels which are the same as the corresponding pixels of Fig. A2(a). Therefore, when the binary image (Fig. A2(a) for example) is taken as the input image, even he does not know how to decode the RSA-encoded input image, the attacker can decrypt the secret image by arbitrarily choosing a random binary image, or more simply, by choosing an image with 0 or 1 gray value for all pixels as the input image. Fig. A2(c) shows the decrypted image when Fig. A2(b) is used as the input image. So a binary image cannot be used as the input image in this method.

Fig. A2. (a) The random binary image; (b) The image with 1 gray value for all pixels; (c) Decrypted image.

Similarly, if an image with 4 gray-scales is taken as the input image, a random gray image with 4 gray-scales, or an image with 0, 1, 2, or 3 gray value for all pixels has about 1/4 of its pixels which have the same gray value as the corresponding pixels of the input image. When the attacker takes any one of them as the input image, the secret image can be decrypted with the same quality as Fig. A1(e). Though it is fuzzy, the secret image can be identified. For security, the image with 4 gray-scales cannot be used in this method, either.

Generally, a gray image has 2n gray-scales, n =1,2,3⋯. From Fig. A1(f), we can see that 1/8 of the input image pixels can not recover the secret image, so 8 gray levels should be the minimum number for this method. That is to say, in this condition, the secret information will remain safe if the attacker cannot decode the RSA-encoded input image. Therefore, we take an image with only 8 gray levels in this paper as the input image, whose gray values are uniformly distributed from 0 to 7, shown in Fig. A3(a).

A random gray image with 8 gray levels, which is arbitrarily chosen, only has about 1/8 of the image pixels which have the same gray value as the corresponding pixels of the input image, so does an image with 0, 1, 2, 3, 4, 5, 6, or 7 gray value for all pixels. If the attacker only uses the same 1/8 of the image pixels to decrypt the secret image, the decrypted secret images (shown in Figs. A3(b)–(j)) are too fuzzy to be seen clearly. When a random 8 gray-levels image is arbitrarily selected as the input image, the decrypted image is shown in Fig. A3(b). Figures A3(c)–(j) are the decrypted images obtained by using the images with 0, 1, 2, 3, 4, 5, 6, or 7 gray value for all pixels as the input image, respectively.

Fig. A3. (a) Input image whose gray values are uniformly distributed from 0 to 7; (b) Decrypted image obtained by a random 8 gray scales image which is selected arbitrarily; (c)–(j) Decrypted images respectively obtained by the images with 0, 1, 2, 3, 4, 5, 6, or 7 gray value for all pixels.

From the above description, we can know that a fuzzy but acceptable secret image could be recovered just using more than 1/4 of the input image pixels. Under the condition that a random 8 gray-levels image is taken as the input image, the probability, of which an arbitrarily selected 8 gray-scales image has more than 1/4 of its pixels with the same gray value as the corresponding pixels of the input image, can be expressed as:

P=n=034M×M7nCM×Mn8M×M.
(A1)

M × M is the size of image. CM×Mn=(M×M)!n!(M×Mn)!, this is the number of combinations of M × M things taken n at a time.

To a 8 gray-levels image with 256×256 pixels,

P=n=0491527nC65536n865536.
(A2)

Let a(n) = 7n Cn 65536, so a(n -1) = 7n-1 C 65536 n-1. Thus, from

a(n)a(n1)=7nC65536n7n1C65536n1=7(65536n+1)n>1,
(A3)

n < 57345 can be obtained. That is, when n < 57345,

a(n)>a(n1).
(A4)

So the Eq. (A2) can be estimated as follows:

P=n=0491527nC65536n865536<49153*a(49152)865536=49153*(7¾8)65536C6553649152=5.5×101640

That is P<5.5×10-1640.

From the result, we can know that the probability is very small. Which means, it is quite difficult to find an image, which have more than 1/4 of its pixels with the same gray value as the corresponding pixels of the input image. So only 8 gray levels, contained in a random gray image, which is taken as the input image, are enough to ensure the security for our proposed method. Therefore, unless the attacker has found a way to decode the RSA-encoded input image, he cannot obtain the secret image.

Obviously, the larger number of gray-scales the input image has, the safer the RSA-encoded image is. But the more gray levels the input image has, the more bit-planes of the host image are substituted, and the more deterioration to the quality of the host image is induced. Generally, 4 bit-planes of the host image, which can be replaced without noticing changes, is the maximum permissible number; beyond it, severe deterioration to the host image may be aroused. Therefore, in order to ensure the imperceptibility transmission for the hidden image and the security of the RSA-encoded input image, we take a random 8 gray-scales image as the input image f(x,y) in this paper.

References and links

1.

P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20, 767–769 (1995). [CrossRef] [PubMed]

2.

G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25, 887–889 (2000). [CrossRef]

3.

O. Matoba and B. Javidi, “Encrypted optical memory system using three-dimensional keys in the Fresnel domain,” Opt. Lett. 24, 762–764 (1999). [CrossRef]

4.

B. Javidi, A. Sergent, G. Zhang, and L. Guibert, “Fault tolerance properties of a double phase encoding encryption technique,” Opt. Eng. 36, 992–998 (1997). [CrossRef]

5.

B. Javidi and T. Nomura, “Securing information by use of digital holography,” Opt. Lett. 25, 28–30 (2000). [CrossRef]

6.

X. Zhou, S. Yuan, S. W. Wang, and J. Xie, “Affine cryptosystem of double-random-phase encryption based on the fractional Fourier transform,” Appl. Opt. 45, 8434–8439 (2006). [CrossRef]

7.

S. Kishk and B. Javidi, “Information hiding technique with double phase encoding,” Appl. Opt. 41, 5462–5470 (2002). [CrossRef] [PubMed]

8.

J. Rosen and B. Javidi, “Hidden images in halftone pictures,” Appl. Opt. 40, 3346–3353 (2001). [CrossRef]

9.

Y. S. Shi, G. H. Situ, and J. J. Zhang, “Multiple-image hiding in the Fresnel domain,” Opt. Lett. 32, 1914–1916 (2007). [CrossRef] [PubMed]

10.

K. T. Kim, J. H. Kim, and E. S. Kim, “Multiple information hiding technique using random sequence and Hadamard matrix,” Opt. Eng. 40, 2489–2494, (2001). [CrossRef]

11.

J. J. Kim, J. H. Choi, and E. S. Kim, “Optodigital implementation of multiple information hiding and extraction system,” Opt. Eng. 43, 113–125 (2004). [CrossRef]

12.

X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. 53, 1777–1783 (2006). [CrossRef]

13.

H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. 278, 257–263 (2007). [CrossRef]

14.

D. R. Stinson, Cryptography: Theory and Practice (CRC Press2002).

15.

B. Yang, Modern Cryptography (Tsinghua University Press2007) (in Chinese).

16.

S. Yuan, X. Zhou, D. H. Li, and D. F. Zhou, “Simultaneous transmission for an encrypted image and a double random-phase encryption key,” Appl. Opt. 46, 3747–3753 (2007). [CrossRef] [PubMed]

17.

R. W. Gerchberg and W. O. Saxton, “A practical algorithm for the determination of phase from image and diffraction plane pictures,” Optik. 35, 237–246 (1972).

18.

J. R. Fienup, “Phase retrieval algorithms: a comparison,” Appl. Opt. 21, 2758–2769 (1982). [CrossRef] [PubMed]

19.

G. H. Situ and J. J. Zhang, “A cascaded iterative Fourier transform algorithm for optical security applications,” Optik. 114, 473–477 (2003). [CrossRef]

20.

G. H. Situ, J. J. Zhang, Y. Zhang, and Z. S. Zhao, “A cascaded-phase retrieval algorithm for optical image encryption,” J. Optoelectron. Laser. 15, 341–343 (2004) (in Chinese).

OCIS Codes
(100.2960) Image processing : Image analysis
(100.3010) Image processing : Image reconstruction techniques
(100.5070) Image processing : Phase retrieval

ToC Category:
Image Processing

History
Original Manuscript: November 12, 2008
Revised Manuscript: December 28, 2008
Manuscript Accepted: January 19, 2009
Published: February 17, 2009

Citation
Yuan Sheng, Zhou Xin, Mohammed S. Alam, Lu Xi, and Li Xiao-feng, "Information hiding based on double random-phase encoding and public-key cryptography," Opt. Express 17, 3270-3284 (2009)
http://www.opticsinfobase.org/oe/abstract.cfm?URI=oe-17-5-3270


Sort:  Author  |  Year  |  Journal  |  Reset  

References

  1. P. Refregier and B. Javidi, "Optical image encryption based on input plane and Fourier plane random encoding," Opt. Lett. 20, 767-769 (1995). [CrossRef] [PubMed]
  2. G. Unnikrishnan, J. Joseph, and K. Singh, "Optical encryption by double-random phase encoding in the fractional Fourier domain," Opt. Lett. 25, 887-889 (2000). [CrossRef]
  3. O. Matoba and B. Javidi, "Encrypted optical memory system using three-dimensional keys in the Fresnel domain," Opt. Lett. 24, 762-764 (1999). [CrossRef]
  4. B. Javidi, A. Sergent, G. Zhang, and L. Guibert, "Fault tolerance properties of a double phase encoding encryption technique," Opt. Eng. 36, 992-998 (1997). [CrossRef]
  5. B. Javidi and T. Nomura, "Securing information by use of digital holography," Opt. Lett. 25, 28-30 (2000). [CrossRef]
  6. X. Zhou, S. Yuan, S. W. Wang, and J. Xie, "Affine cryptosystem of double-random-phase encryption based on the fractional Fourier transform," Appl. Opt. 45, 8434-8439 (2006). [CrossRef]
  7. S. Kishk and B. Javidi, "Information hiding technique with double phase encoding," Appl. Opt. 41, 5462-5470 (2002). [CrossRef] [PubMed]
  8. J. Rosen and B. Javidi, "Hidden images in halftone pictures," Appl. Opt. 40, 3346-3353 (2001). [CrossRef]
  9. Y. S. Shi, G. H. Situ, and J. J. Zhang, "Multiple-image hiding in the Fresnel domain," Opt. Lett. 32, 1914-1916 (2007). [CrossRef] [PubMed]
  10. K. T. Kim and J. H. Kim, and E. S. Kim, "Multiple information hiding technique using random sequence and Hadamard matrix," Opt. Eng. 40, 2489-2494, (2001). [CrossRef]
  11. J. J. Kim, J. H. Choi, and E. S. Kim, "Optodigital implementation of multiple information hiding and extraction system," Opt. Eng. 43, 113-125 (2004). [CrossRef]
  12. X. Zhou and J. G. Chen, "Information hiding based on double random phase encoding technology," J. Mod. Optics. 53, 1777-1783 (2006). [CrossRef]
  13. H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, "Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain," Opt. Commun. 278, 257-263 (2007). [CrossRef]
  14. D. R. Stinson, Cryptography: Theory and Practice (CRC Press 2002).
  15. B. Yang, Modern Cryptography (Tsinghua University Press 2007) (in Chinese).
  16. S. Yuan, X. Zhou, D. H. Li, and D. F. Zhou, "Simultaneous transmission for an encrypted image and a double random-phase encryption key," Appl. Opt. 46, 3747-3753 (2007). [CrossRef] [PubMed]
  17. Q1. R. W. Gerchberg and W. O. Saxton, "A practical algorithm for the determination of phase from image and diffraction plane pictures," Optik. 35, 237-246 (1972).
  18. J. R. Fienup, "Phase retrieval algorithms: a comparison," Appl. Opt. 21, 2758-2769 (1982). [CrossRef] [PubMed]
  19. Q2. G. H. Situ and J. J. Zhang, "A cascaded iterative Fourier transform algorithm for optical security applications," Optik. 114, 473-477 (2003). [CrossRef]
  20. Q3. G. H. Situ, J. J. Zhang, Y. Zhang, and Z. S. Zhao, "A cascaded-phase retrieval algorithm for optical image encryption," J. Optoelectron. Laser. 15, 341-343 (2004) (in Chinese).

Cited By

Alert me when this paper is cited

OSA is able to provide readers links to articles that cite this paper by participating in CrossRef's Cited-By Linking service. CrossRef includes content from more than 3000 publishers and societies. In addition to listing OSA journal articles that cite this paper, citing articles from other participating publishers will also be listed.


« Previous Article  |  Next Article »

OSA is a member of CrossRef.

CrossCheck Deposited