Cite this Article
Wang Shi-Qing, Meng Xiang-Feng, Wang Yu-Rong, Yin Yong-Kai, Yang Xiu-Lun. Phase retrieval algorithm for optical information security. Chinese Physics B, 2019, 28(8): 084203  
Permissions
Phase retrieval algorithm for optical information security
Wang Shi-Qing, Meng Xiang-Feng, Wang Yu-Rong, Yin Yong-Kai, Yang Xiu-Lun
Department of Optics, School of Information Science and Engineering, and Shandong Provincial Key Laboratory of Laser Technology and Application, Shandong University, Qingdao 266237, China

 

† Corresponding author. E-mail: xlyang@sdu.edu.cn

Abstract

As a typical technology for optical encryption, phase retrieval algorithms have been widely used in optical information encryption and authentication systems. This paper presents three applications of two-dimensional (2D) phase retrieval for optical encryption and authentication: first, a hierarchical image encryption system, by which multiple images can be hidden into cascaded multiple phase masks; second, a multilevel image authentication system, which combines (t, n) threshold secret sharing (both t and n are positive integers, and ) and phase retrieval, and provides both high-level and low-level authentication; and finally, a hierarchical multilevel authentication system that combines the secret sharing scheme based on basic vector operations and the phase retrieval, by which more certification images can be encoded into multiple cascaded phase masks of different hierarchical levels. These three phase retrieval algorithms can effectively illustrate phase-retrieval-based optical information security. The principles and features of each phase-retrieval-based optical security method are analyzed and discussed. It is hoped that this review will illustrate the current development of phase retrieval algorithms for optical information security and will also shed light on the future development of phase retrieval algorithms for optical information security.

PACS: 42.30.Rx;42.30.Va;42.30.Wb;42.30.Kq
Keyword:phase retrieval algorithm;authentication system;image encryption
1. Introduction

The security issues of information, especially image information have received increasing attention. Besides traditional image information security,[1,2] optical information security also has a lot of room to develop. Different kinds of optical information processing technologies have been put into application to realize more efficient security systems, such as phase retrieval algorithms, double random phase encoding (DRPE) technique,[36] digital holography,[79] phase-shifting interferometry,[1012] ghost imaging,[1319] aperture movement,[20] and sparse-phase multiplexing.[21]

Phase retrieval is a typical technology for optical encryption and authentication, which usually encodes the information of the secret image into one or several pseudo-random phase masks. This technique was first proposed by Wang et al. in 1996.[22] The encryption scheme was based on a 4f system, in which the secret image in the output plane was encoded into a phase mask in the Fourier plane by using a modified projection-onto-constraint-sets (POCS) algorithm, while the other phase mask in the input plane was fixed. Situ and Zhang designed a two-phase-encoding-mask security scheme in 2004. In each iteration of their scheme, the phase distributions of both masks would be adjusted simultaneously,[23] which have improved the speed of iteration. Later, they also extended the iterative algorithm from the 4f system to the Fresnel domain.[24] From then on, many researches on optical encryption based on the phase retrieval algorithm have been carried out in the Fresnel domain. In 2012, a lensless multiple-image optical encryption scheme based on the cascading modified Gerchberg–Saxton (GS) algorithm in the Fresnel domain was proposed by Huang et al.,[25] which increased the encryption capacity while avoiding the crosstalk noise. Chen et al. proposed an information authentication scheme based on cascaded iterative phase retrieval algorithm and sparse representation in 2013, in which the concept of nonlinear correlation was used to identify the decoded image when it cannot be identified through directly visual detection.[26] We have also done some work in this field. We first designed a hierarchical image encryption system based on cascaded iterative phase retrieval algorithm in 2007.[27] During 2013 ∼2017, several multilevel authentication systems were designed in succession, in which the phase retrieval algorithm was combined with the phase multiplexing or secret sharing algorithms, which made the authentication systems have good information encryption characteristic and security.[2832] We proposed a secret shared multiple image encryption method based on row scanning compressive ghost imaging and phase retrieval in 2017, which increased data encryption efficiency and realized secret key data sharing.[33]

In this paper, we review the phase retrieval algorithms for optical information security. As a typical technology for optical encryption, the excavation of its application prospect has always been a direction of our efforts. To give readers a sense of our meaningful work in this field, three phase retrieval algorithms for optical encryption and authentication are reviewed here: first, a hierarchical image encryption system, by which multiple images can be hidden into cascaded multiple phase masks; second, a multilevel image authentication system which combines (t, n) threshold secret sharing and phase retrieval, and provides both high-level and low-level authentication; and finally, a hierarchical multilevel authentication system combining secret sharing scheme based on basic vector operations and phase retrieval, by which more certification images could be encoded into multiple cascaded phase masks of different hierarchical levels. These three phase retrieval algorithms can effectively show a picture about phase-retrieval-based optical information security. The principles and features of each phase-retrieval-based optical security method are analyzed and discussed. New ideas, such as single-channel color image encryption, have also revitalized these systems.

2. Phase retrieval algorithms for optical encryption
2.1. Encryption of grayscale images

A schematic diagram of an optical information security system based on the iterative double phase retrieval algorithm in the Fresnel domain is shown in Fig. 1. The encryption process is to find two desired phase distributions by iterative algorithm under the given input and output constraints, and the commonly used phase retrieval algorithms are the modified GS algorithm[34] and POCS algorithm.[35]

Fig. 1. Schematic diagram of optical information security system based on iterative double phase retrieval algorithm in Fresnel domain.

The two phase masks ψ1 and ψ2 whose initial phase values are randomly distributed between 0 and 2π are, respectively, placed in the transform plane (x1, y1) and input plane (x2, y2), and the secret image g(x, y) is placed in the output plane (x, y). The distance between the transform and the output plane is z1, and that between the input and the transform plane is z2. We could place a binary or grayscale image f(x, y) in the input plane clinging to the random phase mask ψ2 as input amplitude constraint. When illuminating the input plane with an on-axis plane wave of unit amplitude and wavelength λ, after the kth iteration (k = 1, 2, 3, …) the complex amplitude in the output plane under the Fresnel approximation can be described as[24,36]

where FrT denotes the Fresnel transform.

Suppose that the distributions of the two phase masks after the k-th iteration are and respectively, then in the (k + 1)-th iteration process they can be described as follows:[27]

in the above expressions, IFrTz denotes the inverse Fresnel transform and arg(·) is the phase extraction operator. Or we could also take out the input image f(x, y) and just illuminate the system by the on-axis plane wave, then the f in Eqs. (1)–(3) would be substituted by 1.

To evaluate the similarity between the output real amplitude image after the k-th iteration and the original secret image g, the mean square error (MSE) and correlation coefficient (CC) are usually used as a convergence criterion, the iterations are repeated until the MSE is no longer larger than a predefined threshold or the CC is large enough. The MSE and CC are defined as follows:[3638]

where N is the number of pixels of the image,
where E{} denotes the expected value operator, and σ is the standard deviation of the corresponding image.

When the iteration cycle stops, two final phase distributions ψ1 and ψ2, located, respectively, in the transform and input plane, are generated, which can be stored as keys of decryption.

In the process of decryption, suppose that the original input image (if any) and the phase masks after iteration are placed at the correct position. Once the system is illuminated by a plane wave of the correct wavelength, the decrypted image will be available on the output plane.[36]

2.2. Encryption of color images

In recent years, the research of efficient color image encryption is in the ascendant.[39] Phase retrieval algorithms can also realize the encryption of color images. Unlike the traditional RGB three-channel encryption, our suggested single-channel encryption scheme for color images uses color filter array (CFA) in the traditional color-imaging scheme.

Color filter array was invented by Bryce Bayer. As can be seen from Fig. 2, the whole Bayer CFA is a series of interval single-color filters placed on each pixel, or in other words, it consists of a series of four lattices of 2 × 2: one R, one B and two Gʼs. In this way, each channel can obtain a picture with partial value vacancies. Although this leads to the loss of two-thirds of the pixel values, it greatly reduces the amount of information, and the values of these vacancies can be filled by interpolation algorithms.[39] In 2017, Chen et al. applied this filter to a diffractive-imaging-based encryption scheme.[40]

Fig. 2. Bayer color filter array pattern.

Here, we introduce the Bayer CFA into our optical encryption scheme based on phase retrieval algorithm. Comparing with gray image, we need to do pre-processing before putting the color image in the output plane (x, y); i.e., to sample the three-channel color image into the single-channel gray mosaic image by the Bayer CFA, and figure 3(a) depicts this step. After the process of decryption, we need to do post-processing so that the color image can be reconstructed from the gray mosaic image by interpolation algorithm, and figure 3(c) depicts this step.

Fig. 3. (a) Pre-processing, (b) schematic diagram of optical information security system based on iterative double phase retrieval algorithm, (c) post-processing.
3. Hierarchical image encryption by using cascaded iterative phase retrieval algorithm[27]

A hierarchical image encryption system based on the cascaded iterative phase retrieval algorithm is presented in this section, which can encrypt the information of different levels into different cascaded phase masks. The use of multiple phase masks makes the convergence rate fast and the construction of hierarchical encryption avoid crosstalk noise. Thus, it can be widely used in hierarchical security authentication.

3.1. Theoretical analysis and description

A schematic diagram of an N-level encryption system by cascaded iterative phase retrieval algorithm is shown in Fig. 4. This system is extended from the optical information security system based on the iterative double phase retrieval algorithm. As shown in Fig. 4, 2N cascaded phase masks are used to encrypt and decrypt N secret images. In the k-th iteration, phase masks and are adjusted simultaneously to encrypt the N-th secret image, while the distributions of other phase masks retain the iteration results of the lower encryption levels.

Fig. 4. Schematic diagram of N-level encryption system by cascaded iterative phase retrieval algorithm.

Suppose that an on-axis plane wave of unit amplitude and wavelength λ illuminates the encryption system, under the premise of section 2, we can derive that after the k-th iteration (k = 1, 2, 3, …), the complex amplitude of N-level output image can be described as[27]

then in the (k+1)-th iteration process, the distribution of phase masks and would be adjusted to

When the iteration cycle stops, the resulting phase distribution and together with other phase masks ψ1 , can be utilized to retrieve the N-level secret image.

Hierarchical image encryption can classify the information according to the security level, thus it can be opened to users of different privilege levels. The 1-level encryption system is suitable for encrypting low level information, which requires only two keys (ψ1 and ψ2). The 2-level encryption system is suitable for encrypting higher level information, which requires four keys ( ), and so on. So in the hierarchical image encryption system, users with the highest level of privilege will obtain all the phase masks after each iteration, the cascade order of the phase masks, and the correct geometric parameters, such as wavelength and distance. At the same time, they can decrypt all the secret images. But users with low levels of authority cannot obtain secret images of higher levels.

3.2. Computer simulations and discussion

Taking the 4-level image encryption system for example, the feasibility of the system is verified by computer simulation. Four greyscale images ‘Goldhill’, ‘Peppers’, ‘Lena’, and ‘Couple’ represent 1st–4th level secret images, and they are shown in Figs. 5(a)5 (d), respectively. For simplicity, all images used in the simulations have 256 × 256 pixels, and the resolution of all digital images is on each plane. The distance between all adjacent planes is 108.3 mm. And the wavelength λ is . Unless otherwise specified, the same settings will be used in the simulations below.

Fig. 5. Four greyscale images: (a) ‘Goldhill’, (b) ‘Peppers’, (c) ‘Lena’, and (d) ‘Couple’.

Figure 6 depicts the convergence curves of each level, which show that the iterative algorithm has a good convergence effect. After 200 iterations, the eight phase keys are shown in Fig. 7, and the decrypted images with their corresponding CCs are shown in Table 1. Obviously, the quality of all the decrypted images is very high, and the CCs of them are almost equal to 1. If one tries to use the incorrect keys or the correct keys in wrong order to decrypt the secret images, then they will get nothing useful.

Fig. 6. Convergence curves of (a) 1st level, (b) 2nd level, (c) 3rd level, and (d) 4th level.
Fig. 7. Resulting eight phase keys after 200 iterations.
Table 1

Decrypted images with their corresponding CCs.

.

To verify the feasibility of color image encryption, we replace the 2nd and 3rd level grayscale secret images ‘Peppers’ and ‘Lena’ with RGB images and repeat the simulation. The pre-processing and post-processing steps are added as shown in Section 2. The interpolation algorithm in the post-processing adopts a color demosaicking algorithm using direction similarity in color difference spaces,[39] and the steps of color correction and smoothing are added to obtain more realistic results. The original images and their decrypted images are shown in Fig. 8. The CCs of the two decrypted images are as high as 0.97722 and 0.96035, respectively, which shows that this color image encryption scheme is feasible and effective.

Fig. 8. Original RGB images ((a) and (c)), and their corresponding decrypted images ((b) and (d)).

This color image encryption scheme can also be applied to the authentication systems introduced in Sections 4 and 5, because, except for the two steps of pre-processing and post-processing, other processes are exactly the same as grayscale images. To avoid excessive duplication, in the following sections only grayscale images will be used for simulation.

However, it should be noted that the phase retrieval based on the iteration algorithms will theoretically cause slightly information loss. The single-channel encryption scheme for color images we introduced in this paper also sacrifices the amount of information for less computation and storage cost. So this system is not suitable for image encryption scene which pursues the perfect decryption. However, it is very appropriate to apply it to ID card, certificate and other actual authentication systems, which only need a similarity between the decrypted and the original image as a criterion for passing through the systems or not.

4. Multilevel image authentication using shared secret threshold and phase retrieval[29]

Encryption and authentication are two important aspects of modern information security. The role of encryption system is to protect information from illegal intruders, while the role of authentication system is to verify messages.

Widely used in the information security, the (t, n) threshold secret sharing was first proposed by Shamir,[41] by which n participants will share the secret information but no valid information will be available unless at least t ( ) participants are gathered. Combining this technique with the phase retrieval algorithm, a splendid multilevel authentication system is presented that can verify the accessibility of the original certification image with different privilege levels in the same system. The security of authentication system is improved to some extent by the addition of low-level authentication and secret sharing algorithm.

4.1. Theoretical analysis and description
4.1.1. Iterative phase retrieval algorithm

The fundamental structure of iterative phases generation is the same as that in Section 2, only without the input constraint.

Putting standard certification image g(x, y) in the output plane, when illuminating the input plane with an on-axis plane wave of unit amplitude and wavelength λ, after the k-th iteration (k = 1, 2, 3, …) the complex amplitude in the output plane is[24,36]

Suppose that the distributions of the two phase masks after k-th iteration are and , respectively, then in the (k + 1)-th iteration process they can be described as[27]

4.1.2. (t, n) threshold secret sharing algorithm based on Lagrange interpolating polynomial

The Lagrange interpolating polynomial is the basis of (t, n) threshold secret sharing algorithm. A polynomial f about x of degree t −1 is usually written as follows:[4246]

where y is a constant and m1, m2, …, are random numbers.

To determine the t unknowns (that is, to find the unique solution), no less than t equations about x are needed. Thinking of each xk and the corresponding value satisfying Eq. (9) as a single point (xk, , here k is a random integer within the interval of [1, n], the n points (x1, , (x2, , …, (xn, make up a point group G. In other words, t or more points in G are needed to obtain the value of y and m1, m2, …, in a Lagrange interpolating polynomial of degree .

For a secret sharing scheme, y could be viewed as the secret information, and the n points as n participants who hold their information. To retrieve the secret information, using t points from the n points in G we can solve the equation group and obtain the value of y:

4.2. System designing process

A flow chart of the system designing is depicted in Fig. 9(a), and the specific implementation steps are as follows.

Fig. 9. (a) Flow chart of designing system, (b) schematic diagram of iterative phase retrieval algorithm, and (c) schematic diagram of (t, n) threshold secret sharing algorithm.

(i) Encode the standard certification image g(x,y) into two phase masks ψ1 and ψ2 by the Fresnel domain iterative phase retrieval algorithm. This step is depicted in Fig. 9(b).

(ii) Store and upload the certification image g(x, y), the geometrical parameters’ keys (distances z1 and z2, wavelength λ), and the phase ψ1 to the authentication center when the iterative cycle stops.

(iii) Select n plaintext images as camouflage images.

(iv) Decompose the phase mask ψ2 in the input plane based on the (t, n) threshold secret sharing algorithm. This step is depicted in Fig. 9(c).

For this multilevel authentication system, each individual pixel value of ψ2 can be viewed as a separate secret value y in a Lagrange interpolating polynomial f, which is to be divided into n parts. Treating the pixel values at the corresponding positions of the n camouflage images as the unknown variables x1xn, the n corresponding values f(x1) ∼f(xn) can be calculated from Eq. (10). It can be considered that this pixel value of ψ2 is encrypted and divided into n parts. When all the pixel values of ψ2 are encrypted by this method, n matrices can be obtained, and they are called secret-key-carrier (SKC) images.

(v) Distribute the n SKC images to n different participants of the authentication system to realize secret sharing, with the corresponding camouflage images used as auxiliary tools.

4.3. Authentication process

In an authentication system, the level of authentication generally corresponds to the level of privilege. In this image authentication system, the matching degree between decrypted image and the standard certification image determines the the level of authentication. The CC and NCC are the main criteria for determining the privilege level of authenticators. The flow chart of the authentication process is depicted in Fig. 10(a).

Fig. 10. Flow chart of (a) authentication process, (b) high-level authentication process, and (c) low-level authentication process.
4.3.1. High-level authentication

The principle of (t, n) threshold secret-sharing algorithm described in Subsection 4.1.2 shows that only by gathering at least t ( ) authenticators with their SKC images can the phase key be retrieved, and passed by the authentication system. The process of high-level authentication is shown in Fig. 10(b), and the specific implementation steps are as follows.

i) Any t authenticators input their SKC images into the authentication system.

ii) The system recovers phase according to the (t, n) threshold secret sharing algorithm.

iii) With the geometrical keys, the original phase ψ1 and recovered , the authentication center reconstructs the optical path and obtains the reconstructed image , which is described mathematically as

where ‘abs’ denotes the operator for obtaining the real amplitude.

iv) The authentication center calculates the CC between the reconstructed image g’ and the standard certification image g. Serving as a criterion for determining the success of high-level authentication, if it is higher than a preset threshold, the authentication is successful, otherwise it means a failure.

4.3.2. Low-level authentication

We have known that it is impossible to pass the high-level authentication without gathering t ( ) participants, while this system provides additional low-level authentication for the correct single authenticator. Nonlinear correlation coefficient (NCC) is introduced as an auxiliary criterion for determining the success of low-level authentication. The NCC is defined as follows:[26,46]

where FT and IFT respectively represent the Fourier and inverse Fourier transform, and (ξ, η) is the coordinate of the spectrum transverse plane. The parameter ω defines the strength of the applied nonlinearity whose range is [0.2, 0.4].

The process of low-level authentication is depicted in Fig. 10(c), and the specific implementation steps are as follows.

(I) An authenticator inputs his SKC image into the authentication system.

(II) With the geometrical keys, the original phase ψ1 and the SKC image treated as , the authentication center reconstructs the optical path and obtains the reconstructed image .

(III) Calculate and display the three-dimensional (3D) NCC distribution between g and . If there is a peak at the center, the system determines that the low-level authentication is successful. If the NCC distribution is of noise-like pulses, the low-level authentication process fails.

4.4. Computer simulations and discussion

Taking (3, 5) threshold secret sharing algorithm for example, the feasibility and performance of the system are verified by computer simulation. The original certification image and the phase distribution (ψ1 and ψ2) generated by phase retrieval algorithm after 200 iterations are, respectively, depicted in Figs. 11(a)11(c). Five pre-selected grayscale camouflage images ‘Goldhill’, ‘Peppers’, ‘Airplane’, ‘Baboon’, and ‘Cameraman’ are depicted in Fig. 12(a), the corresponding SKC images of which are calculated by the method mentioned in Subsection 4.1.2 and shown in Fig. 12(b).

Fig. 11. (a) Original certification image, ((b) and (c)) two phase distributions (ψ1 and ψ2) iteratively generated by phase retrieval algorithm after 200 iterations.
Fig. 12. (a) Five meaningful camouflage images pre-selected. (b) Corresponding SKC images.

We first test the high-level authentication. As the criterion of the high-level authentication, the threshold of the CC between the recovered image and the standard certification image g is set to be 0.90. Three correct SKC images are randomly selected in order to retrieve the phase key . The simulation result is shown in Fig. 13(a), and the CC is as high as 0.99452, which means that the high-level authentication is successful.

Fig. 13. (a) Simulated result in high-level authentication, and (b) NCC distribution of retrieved image in low-level authentication and corresponding standard certification image.

We further test the low-level authentication. The parameter ω in NCC is set to be 0.4. A correct SKC image is randomly selected as retrieved phase key , and the CC between the final recovered image and the standard certification is 0.30885, which cannot pass the high-level authentications. However, the NCC distribution is shown in Fig. 13(b), in which the remarkable peak can be observed. This means that the low-level authentication is successful.

If any SKC images involved in the authentication process are incorrect, then neither the high-level nor low-level authentications will pass, no clear certification will be recovered in the output plane and no remarkable peak will be generated in the NCC distribution either.[29]

But this system is not perfect. Besides the limitations mentioned in Subsection 3.2, the main shortcoming is the large space cost. Every participant in the authentication system needs a camouflage image as an auxiliary tool besides the SKC image held as the key, which means that the authentication center needs a large space to store camouflage image database.

5. Hierarchical multilevel authentication system for multiple-image based on phase retrieval and basic vector operations[32]

Basic vector operations were first applied to optical encryption by Deng et al. in 2015.[47] The authors designed a (2, n) threshold secret sharing scheme based on basic vector operations and coherence superposition, but only binary images are suitable for their scheme. The system introduced in this section improves Dengʼs method and combines basic vector operations with phase retrieval algorithm, and present a kind of hierarchical multilevel authentication system, so that both binary and grayscale images are suitable for this authentication system (color images are also applicable to the system by using the single-channel encryption scheme introduced in Subsection 2.2), and the same system can provide multiple privileges, each privilege can also provide multiple levels.

5.1. Theoretical analysis and description
5.1.1. Iterative phase retrieval algorithm

The fundamental structure of hierarchical image encryption based on phase retrieval is similar to that in Section 3. But only one phase mask is updated for each level of encryption, except for the 1-level encryption.

As shown in Fig. 14, for the N-level ( ) encryption, a total of N + 1 cascaded phase masks are involved in encrypting it. In the encryption process, phase masks retain the iteration results of the preceding authentication levels, while a new phase mask at plane (xN, yN) is added to encode the N-level certification image located in the output plane, and the phase distribution of which will be adjusted in each iteration. After the k-th iteration (k = 1, 2, 3, …), the complex amplitude in the output plane is[27]

Fig. 14. Schematic diagram of iterative phase retrieval encoding in designing N-level authentication system.

Then, in the (k + 1)-th iteration process, the distribution of phase mask will be adjusted to

As for the 1-level encryption, phase masks and ψ1 are adjusted simultaneously in each iteration, so in the k-th step (k = 1, 2, 3, …) iteration, the output image can be mathematically expressed as[27]

Then, in the (k + 1)-th iteration process, the distribution of phase masks and ψ1 would be adjusted respectively to[27]

5.1.2. Secret sharing algorithm based on basic vector operations[4750]

Vector which can be viewed as a position vector in a 2D Cartesian coordinate system, is shown in Fig. 15. Assuming the modulus of is G and the argument , then can be written as ). is a unit vector, whose argument can be selected randomly. Based on the rule of basic vector decomposition, the subtraction vector of and , can be expressed as[32]

Rotate around the origin in the coordinate system, a new vector can be generated, whose modulus is the same as and argument is , which can be denoted as ). The can also be seen as the sum vector of and as shown in Fig. 15, which can be described as
repeating a similar process for n (n = 1, 2, 3, …) iterations, a series of vectors
can be generated, where (i = 1, 2, …, n) are the corresponding arguments, (i = 1, 2, …, n) are the corresponding subtraction vectors of (i = 1, 2, …, n) and .

Fig. 15. Schematic diagram of basic vector operation.

For a secret sharing scheme, the modulus G could be viewed as the secret information. With preselected and , it is easy to calculate corresponding and divide them into two parts: amplitude and phase. These information constitutes n pairs of keys, which could be distributed to n different participants to realize the secret sharing.

When reconstructing the secret information G, at least two pairs of keys are needed. For example, the recovery procedure with and (j, k = 1, 2, …, n, ) can be mathematically expressed as[32]

Deduced from Eq. (19), the result can be expressed as

The coefficient is a constant which has little effect on the result, especially in image encryption, which might be negligible as the resulted pixel numbers are usually normalized in the end.

5.2. System designing process

The flow chart of the integrated system designing process is depicted in Fig. 16. The specific implementation steps are as follows.

Fig. 16. Flow chart of integrated system designing process.

I) Encode the certification images into phase masks by the N-level iterative phase retrieval algorithm. This step is depicted in Fig. 14.

II) Store and upload the certification images , the geometrical parameters keys (distances , wavelength λ), and phase information in the authentication center database.

III) Randomly select and .

IV) Split phase masks according to the secret sharing algorithm based on the basic vector operations.

The strategy of secret sharing in the system is similar to that described in Section 4, each individual pixel value of can be viewed as modulus G. Therefore, any one of the phase masks can be encrypted into n pairs of shadow images keys (SIKs), and each pair of SIKs consists of an amplitude-type SIK and a phase-type SIK. This step is depicted in Fig. 17.

Fig. 17. Schematic diagram of secret sharing in designing N-level authentication system.

V) Distribute the n pairs of SIKs at each level of the system to n different participants to realize secret sharing.

It is worth noting that in this system the distribution of privileges is in order of security level from low to high, This means that authenticators at higher levels of the authentication system will possess all phase keys at lower levels, they can access the information from lower levels if they want, but they cannot pass the high-level authentication at their own level of the system.

5.3. Authentication process

The authentication process of this hierarchical multilevel authentication system is similar in principle to that of the system introduced in Section 4. The CC and NCC are also used as the main criteria for determining the privilege level of authenticators. We take the t-level (t = 1, 2, , N) system for example to illustrate the authentication process, and the flow chart is depicted in Fig. 18.

Fig. 18. Flow chart of authentication process.
5.3.1. High-level authentication

The principle of the secret sharing algorithm based on basic vector operations mentioned in Subsection 5.1.2 shows that for any level of the system, only by gathering at least two participants with their SIKs will the high-level authentication be passed. The process of high-level authentication is shown in Fig. 19, and the specific implementation steps of authenticating the t-level (t = 1, 2, , N) system are as follows.

Fig. 19. High-level authentication process.

1) Any two authenticators input their SIKs into the authentication system.

2) The system recovers phase according to the secret sharing algorithm based on basic vector operations.

3) With the geometrical keys, the original phase , phase (if ) and recovered , the authentication center reconstructs the optical path and obtains the reconstructed image .

As described above, to recover all the N certification images, the higher level authenticators should possess phase keys of all lower levels of the authentication system. The higher the level of authentication system is, the more keys are required.

4) The authentication center calculate the CC between the reconstructed image and the standard certification image gt. If it is higher than a preset threshold, the authentication is successful, otherwise it means a failure.

5.3.2. Low-level authentication

The process of low-level authentication is depicted in Fig. 20, and the specific implementation steps of authenticating the t-level (t = 1, 2, …, N) system are as follows.

Fig. 20. Low-level authentication process.

a) An authenticator inputs his pair of SIK into the authentication system.

b) With the geometrical keys, the original phase , phase (if ), and which is recovered from only one pair of SIK, the authentication center reconstructs the optical path and obtains the reconstructed image .

c) Calculate and display the 3D NCC distribution between gt and . If there is a peak in the center, the system determines that the low-level authentication is successful. If not, the low-level authentication process fails.

5.4. Computer simulations and discussion

Taking the 4-level image encryption system for example, the feasibility and performance of the system are verified by computer simulation. We use the four greyscale images ‘Goldhill’, ‘Peppers’, ‘Lena’ and ‘Couple’ as standard certification images, and they are respectively depicted in Figs. 5(a)5(d). To realize the secret sharing algorithm by basic vector operations, one random phase mask arg( and four initial random phase masks for designing the 1st ∼4th level authentication systems have also been selected beforehand. After 500 iterations, phase distributions ψ1 iteratively generated are shown in Fig. 21. Then each iteratively generated phase key is encrypted into 4 pairs of SIKs and distributed to four different participants based on the secret sharing algorithm by the basic vector operations mentioned in Subsection 5.1.2. Because all the SIKs split from are similar, here we just take 1-level authentication system for example to show the four pairs of SIKs split from phase key ψ1, and they are illustrated in Fig. 22.

Fig. 21. Phase distributions (ψ1ψ4) iteratively generated by the phase retrieval algorithm after 500 iterations.
Fig. 22. Four pairs of SIKs split from phase information ψ1.

We first test the high-level authentication. The threshold of the CC between the recovered image and the standard certification image is set to 0.90. We randomly select two pairs of SIKs at each level to retrieve the phase key . Based on the process mentioned in Subsection 5.3.1, the simulation results of high-level authentication and their corresponding CCs are shown in Table 2. It is obvious that the high-level authentication of all the 4 security levels of the system are successful.

Table 2

Four simulated results of high-level authentication and their corresponding CCs.

.

We further test the low-level authentication. The parameter ω in NCC is set to be 0.4. Only one pair of SIKs is randomly selected at each level of the authentication systems to retrieve the phase key . The CCs between the final recovered images and the standard certification images are 0.11136, 0.10358, 0.08863, and 0.11368, respectively, none of which can pass the high-level authentications. However, the NCC distributions of them are shown in Figs. 23(a)23(d), in which the remarkable peaks can be observed. This means that the low-level authentication is successful.

Fig. 23. NCC distributions of final retrieved images in low-level authentication and their corresponding standard certification images.

If any SIKs involved at each level of the authentication process are incorrect, both the high-level and the low-level authentications will be not passed, that is, no clear certification images will be recovered and no remarkable peaks will be generated in the NCC distributions.[32]

The secret sharing algorithm in this system is different from that in Section 4. Because and used for secret sharing are randomly selected, and they are not needed for subsequent image restoration in high-level authentication, this saves space for storing them. Compared with Section 3, the reduction of phase masks in the phase retrieval also saves storage space. These advantages contribute to the formation of the hierarchical multilevel authentication system. However, the secret sharing algorithm based on basic vector operations is actually a kind of (2, n) threshold secret sharing algorithm. In other words, no matter how large the value of n is, only two authenticators are needed to realize the high-level authentication, which lacks flexibility to some extent.

We also test the authentication time. The time cost of the high-level authentication of the 1st–4th level system are 0.07 s, 0.08 s, 0.09 s and 0.10 s, respectively. Both theoretical description and simulation results show that with the increase of the level of authentication system, the authentication time increases. The authentication time of the 4th level system already exceeds 0.10 s. Time cost may be a future improvement of the system.

6. Conclusions

In this paper, we review the phase retrieval algorithms for optical information security, including optical encryption and authentication. Three typical phase retrieval algorithms are presented and discussed, and theoretical principles and application examples are correspondingly demonstrated for each phase-retrieval-based optical information security. The three phase retrieval algorithms reviewed here can effectively show a picture about phase-retrieval-based optical information security. Significant advantages of each phase-retrieval-based optical information security system are analyzed. It is hoped that this review will provide a picture of the current developments of phase retrieval algorithms for optical information security and will also shed light on the future developments of phase retrieval algorithms for optical information security.

Reference
[1] Zhang X P Guo R Chen H W Zhao Z M Wang J Y 2018 Chin. Phys. B 27 080701 https://doi.org/10.1088/1674-1056/27/8/080701
[2] Wang X Y Wang Y Wang S W Zhang Y Q Wu X J 2018 Chin. Phys. B 27 110502 https://doi.org/10.1088/1674-1056/27/11/110502
[3] Javidi B Carnicer A Yamaguchi M et al 2016 J. Opt. 18 083001 https://doi.org/10.1088/2040-8978/18/8/083001
[4] Chen W 2016 IEEE Photon. J. 8 1 https://doi.org/10.1109/JPHOT.2016.2523245
[5] Wang X G Chen W Chen X D 2015 Opt. Express 23 6239 https://doi.org/10.1364/OE.23.006239
[6] Li T Shi Y S 2016 Chin. Phys. Lett. 33 014206 https://doi.org/10.1088/0256-307X/33/1/014206
[7] Chen W 2018 Appl. Opt. 57 1196 https://doi.org/10.1364/AO.57.001196
[8] Chen W 2017 Appl. Opt. 56 9126 https://doi.org/10.1364/AO.56.009126
[9] Chen W Chen X D 2016 Appl. Opt. 55 6740 https://doi.org/10.1364/AO.55.006740
[10] Meng X F Cai L Z Xu X F Yang X L Shen X X Dong G Y Wang Y R 2006 Opt. Lett. 31 1414 https://doi.org/10.1364/OL.31.001414
[11] Meng X F Cai L Z Wang Y R Yang X L Xu X F Dong G Y Shen X X 2009 Opt. Laser Eng. 47 96 https://doi.org/10.1016/j.optlaseng.2008.07.012
[12] Zhang X Meng X F Wang Y R Yang X L Yin Y K 2018 Chin. Phys. B 27 074205 https://doi.org/10.1088/1674-1056/27/7/074205
[13] Chen W 2017 Opt. Express 25 16509 https://doi.org/10.1364/OE.25.016509
[14] Chen W 2016 IEEE Photon. Technol. Lett. 28 1932 https://doi.org/10.1109/LPT.2016.2577596
[15] Chen W 2016 IEEE Photon. Technol. Lett. 28 540 https://doi.org/10.1109/LPT.2015.2502986
[16] Chen W Chen X D 2015 Europhys. Lett. 110 44002 https://doi.org/10.1209/0295-5075/110/44002
[17] Chen W Chen X D 2014 Appl. Phys. Lett. 104 251109 https://doi.org/10.1063/1.4879843
[18] Chen W Chen X D 2013 Opt. Lett. 38 546 https://doi.org/10.1364/OL.38.000546
[19] Chen W Chen X D 2013 Appl. Phys. Lett. 103 221106 https://doi.org/10.1063/1.4836995
[20] Chen W Situ G H Chen X D 2013 Opt. Express 21 24680 https://doi.org/10.1364/OE.21.024680
[21] Chen W 2015 Appl. Opt. 54 10711 https://doi.org/10.1364/AO.54.010711
[22] Wang R K Watson I A Chatwin C R 1996 Opt. Eng. 35 2464 https://doi.org/10.1117/1.600849
[23] Situ G H Zhang J J Zhang Y Zhao Z S 2004 J. Optoelectron. Laser 15 341 (in Chinese) https://en.cnki.com.cn/Article_en/CJFDTOTAL-GDZJ200403021.htm
[24] Situ G H Zhang J J 2004 Opt. Commun. 232 115 https://doi.org/10.1016/j.optcom.2004.01.002
[25] Huang J J Hwang H E Chen C Y Chen C M 2012 Appl. Opt. 51 2388 https://doi.org/10.1364/AO.51.002388
[26] Chen W Chen X D Stern A Javidi B 2013 IEEE. Photon. J. 5 6900113 https://doi.org/10.1109/JPHOT.2013.2258144
[27] Meng X F Cai L Z Wang Y R Yang X L Xu X F Dong G Y Shen X X Zhang H Cheng X C 2007 J. Opt. A-Pure Appl. Opt. 9 1070 https://doi.org/10.1088/1464-4258/9/11/017
[28] Fan D S Meng X F Wang Y R Yang X L Peng X He W Q Dong G Y Chen H Y 2013 Appl. Opt. 52 5645 https://doi.org/10.1364/AO.52.005645
[29] Pan X M Meng X F Wang Y R Yang X L Peng X He W Q Dong G Y Chen H Y 2014 J. Mod. Opt. 61 1470 https://doi.org/10.1080/09500340.2014.941430
[30] Fan D S Meng X F Wang Y R Yang X L Pan X M Peng X He W Q Dong G Y Chen H Y 2015 Appl. Opt. 54 3204 https://doi.org/10.1364/AO.54.003204
[31] Pan X M Meng X F Wang Y R Yang X L Peng X He W Q Dong G Y Chen H Y 2016 J. Mod. Opt. 63 632 https://doi.org/10.1080/09500340.2015.1088585
[32] Li X Y Meng X F Yin Y K Yang X L Wang Y R Peng X He W Q Pan X M Dong G Y Chen H Y 2017 Opt. Laser Eng. 89 59 https://doi.org/10.1016/j.optlaseng.2016.04.021
[33] Li X Y Meng X F Wang Y R Yang X L Yin Y K Peng X He W Q Dong G Y Chen H Y 2017 Opt. Laser Eng. 96 7 https://doi.org/10.1016/j.optlaseng.2017.04.005
[34] Fienup J R 1982 Appl. Opt. 21 2758 https://doi.org/10.1364/AO.21.002758
[35] Rosen J 1993 Opt. Lett. 18 1183 https://doi.org/10.1364/OL.18.001183
[36] Meng X F Cai L Z Yang X L Shen X X Dong G Y 2006 Appl. Opt. 45 3289 https://doi.org/10.1364/AO.45.003289
[37] He M Z Cai L Z Liu Q Wang X C Meng X F 2005 Opt. Commun. 247 29 https://doi.org/10.1016/j.optcom.2004.11.034
[38] Chang H T Lu W C Kuo C J 2002 Appl. Opt. 41 4825 https://doi.org/10.1364/AO.41.004825
[39] Liu Z Y Xia T C Wang J B 2018 Chin. Phys. B 27 030502 https://doi.org/10.1088/1674-1056/27/3/030502
[40] Yuk C K M Au O C Li R Y M Lam S Y 2007 IEEE International Symposium on Circuits & Systems May 27–30, 2007 New Orleans, LA, USA 4 https://doi.org/10.1109/ISCAS.2007.378405
[41] Chen Y Liu Q Wang J Wang Q H 2017 Opt. Eng. 56 123106 https://doi.org/10.1117/1.OE.56.12.123106
[42] Shamir A 1979 Commun. ACM 22 612 https://apps.webofknowledge.com/full_record.do?product=UA&search_mode=GeneralSearch&qid=2&SID=6DpKjIwevF8AbbiHL8e&page=1&doc=1
[43] Lin C C Tsai W H 2004 J. Syst. Software 73 405 https://doi.org/10.1016/S0164-1212(03)00239-5
[44] Liu Z J Ahmad M A Liu S T 2008 Opt. Commun. 281 5322 https://doi.org/10.1016/j.optcom.2008.07.048
[45] Islam N Puech W Hayat K Brouzet R 2011 Opt. Commun. 284 4412 https://doi.org/10.1016/j.optcom.2011.05.079
[46] Chen W Javidi B Chen X 2014 Adv. Opt. Photon. 6 120 https://doi.org/10.1364/AOP.6.000120
[47] Deng X P Wen W Mi X W Long X W 2015 Opt. Commun. 341 22 https://doi.org/10.1016/j.optcom.2014.11.098
[48] Wang X G Zhao D M 2011 Opt. Commun. 284 945 https://doi.org/10.1016/j.optcom.2010.10.058
[49] Chen L F Liu J Y Wen J S Mao H D Ge F Zhao D M 2015 Opt. Commun. 338 110 https://doi.org/10.1016/j.optcom.2014.10.036
[50] Chen L F Liu J Y Wen J S Gao X Mao H D Shi X Y Qu Q L 2015 Opt. Laser Technol. 69 80 https://doi.org/10.1016/j.optlastec.2014.12.007