Advancement of the DPRE Encryption Algorithm for Phase CGHs by Random Pixel Shuffling

1. Introduction

Considering that the visual sense has the highest bandwidth among all human senses, an image is one of the most natural ways to receive large amounts of information. For this reason, science and technology have always shown a particular interest in understanding and modeling all aspects related to image formation, modification, storage, and transmission. Optics is the discipline that embodies this knowledge, accumulated over centuries, and provides a model for the propagation of information and energy through electromagnetic waves (in the visible spectrum) [1].

However, it is in recent decades that photonic and optical techniques have emerged as powerful tools for processing the information contained in an image, especially as previously developed models have been implemented into computer-executable algorithms. In parallel, it has been necessary to develop systems and algorithms to protect this information from unauthorized access or data tampering [2,3,4].

Among all these technologies, Computer-Generated Holograms (CGH) have proven to be a viable option for massive information storage, typically associated with text images or 2D and 3D scenes. This process requires a significant amount of computational resources, which, in some cases, exceed the capabilities of current computers if synthesis is to be performed within acceptable time frames.

Similarly, the information stored in the CGH must also be securely stored and transmitted. Consequently, specialized encryption techniques have been developed in parallel to safeguard the integrity of CGHs and prevent unauthorized access [5,6].

A widely used optical encryption method for image applications is Double Random Phase Encoding (DRPE) [7]. In DRPE, the input image is represented by the amplitude of light, which is modulated by a random phase before being transformed by a Fourier transform. A second random phase mask is then applied in the Fourier domain as an encryption key. The resulting complex amplitude, either in the Fourier domain or in the spatial domain, is considered the encrypted information. An evolution of this approach is optical encryption using digital holography [8]. This technique can also be modeled using algebraic procedures, such as vector-matrix multiplications [9].

The double-phase encryption technique has been successfully tested using both static and dynamic keys. However, this method presents certain vulnerabilities to attacks, as recognized in the literature. If the process is purely linear, there is a possibility of breaking the encryption key [10]. To enhance DRPE, various improvements have been proposed. One approach involves modifying pixels using chaotic functions [11], while another leverages deep learning techniques [12].

Traditionally, the phase masks proposed for Double Random Phase Encoding (DRPE) have aimed to ensure uniformity in both the amplitude of the hologram and the phase distribution of the encrypted Computer-Generated Hologram (CGH) to make unauthorized decryption more challenging. Various photosensitive materials (e.g., photorefractive media) have been used for their implementation [13]. Currently, with advancements in spatial light modulator (SLM) technology, diffractive elements computed digitally (such as CGHs and phase masks) can be directly applied to a light beam in the laboratory. This enables both the encrypted data and the encryption keys to be dynamic.

In this article, we present an evolution of this technique by incorporating random pixel permutation. In Section 2, we describe the complete workflow, starting from the generation of a 3D scene using Computer Graphics, its storage in a Computer-Generated Hologram (CGH), followed by the encryption and decryption processes, and concluding with its final visualization.

This work places particular emphasis on proposals related to the encryption phase. The novelty of this approach lies in the fact that it allows, if desired, the use of a single key for both the pixel permutation process and the phase modification, generating the encrypted CGH, which serves as the ciphertext. In Section 3, we evaluate the obtained results using Pearson?s correlation coefficient as a metric to assess the similarity between the recovered images at different encryption levels of the same scene. Finally, Section 4 highlights the main conclusions of this work.

2. From the Synthesis of a 3D Scene to Its Safe Reception: Process Description

The flowchart for the proposed process is shown in Figure 1. It illustrates the different stages required to securely transmit a scene that has been previously modeled using Computer Graphics techniques (Figure 1.(a)), stored in a CGH (Figure 1.(b)), encrypted (Figure 1.(c)), decrypted (Figure 1.(d)), and visualized (Figure 1.(e)). Algorithms and procedures are shown in blue, results that can be visualized on an SLM or simulated via computer are in orange, vectors used to manipulate information during the encryption process are in green, and the key used for encryption or decryption is in red.

2.1. Scene and CGH Sysnthesis

To illustrate the encryption algorithm used, a 3D scene has been designed with well-known objects in the field of Computer Graphics: a dragon and a teapot contained within a Cornell Box (Figure 1(a)).

Using the ray tracing technique "path tracing" [14], a CGH is computed and stored in a matrix of $N\times M=1920\times 1080$ elements (Figure 1(b)). The phase information can be converted into a PNG-format image, which can then be displayed on an SLM?in our case, the Pluto Holoeye [15], with a pixel size of $8\mu m$.

The CGH calculation already inherently includes the first phase mask described in the DRPE algorithm, and the presented procedure allows encoding both 2D and 3D scenes. This phase corresponds to Figure 1 (b).

Figure 2(a) shows the proposed scene, and Figure 2(b) displays the phase of the computed CGH in PNG format. The scene window matches that of the SLM ($8mm\times 15mm$). The detailed process of scene synthesis and CGH generation can be found in [16].

2.2. Encryption of the CGH

Figure 3(a) shows the flowchart for key generation and CGH encryption. The proposed method involves applying the DRPE algorithm for phase modification and pixel shuffling of the CGH. We will see that pixel shuffling creates a combinatorial explosion that is difficult to attack by brute force. Additionally, phase modification adds an extra layer of encryption to the information stored in the CGH. This stage corresponds to Figure 1(c).

To select a truly random key, a cryptographically secure pseudorandom number generator (CSPRNG) must be used. In this work, the random function from MATLAB’s System.Security.Cryptography library has been used.

These numbers are used to feed the Fisher-Yates algorithm [17], which is a classic algorithm for randomly and securely shuffling a set of elements. It works by traversing the elements of a vector in reverse order and generating a random index j for each element i, such that $0\le j\le i$, with i being the index of the element being modified at each step. Finally, the elements i and j are swapped in position.

This information is stored in the Random Sorting Vector (RSV) of size $Z=M\times N$ (Figure 3(a)). The encryption process uses the phase matrix of the CGH, stored in a PNG file, to convert it into a CGH-PV vector of size $Z=M\times N$. Using the RSV shuffling vector, the positions of the CGH-PV are changed, resulting in the Shuffled Phase Vector (SPV).

From the RSV vector, a phase mask vector can be obtained through a truncation operation.

$$PRV\left[i\right]=RSV\left[i\right]\%256\forall i\in \{1,\cdots ,Z\}$$

(1)

It is necessary to ensure that the values are within range through a modulo operation.

Depending on the required security level, the phase mask can be generated from the shuffling vector through a modulo operation on this vector, both in the encryption phase and in the decryption phase, or with a separate procedure.

This vector is added to the SPV to modify the phase pattern, resulting in the Shuffled and Phase Changed Vector (SPCV).

$$SPCV\left[i\right]=\left(SPV\right[i]+PRV[i\left]\right)\%256\forall i\in \{1,\cdots ,Z\}$$

(2)

The SPCV vector is reordered to recover a matrix of size $M\times N$, which will be the ciphertext to be sent to a receiver.

The result of the encrypted CGH obtained (the ciphertext) is shown in Figure 4(a), and the image obtained with an incorrect key is shown in Figure 4(b). As we will see in Section 3, the histogram of Figure 4(b) is nearly uniform.

2.3. Decryption and Visualization of the Scene Stored in the CGH.

Decryption (Figure 1(d) and Figure 3(b)) involves undoing the steps from the previous section. In the decryption process, this random phase contribution is subtracted from the SPVC to recover the SPV:

$$SPV\left[i\right]=SPVC\left[i\right]-PRV\left[i\right]\forall i\in \{1,\cdots ,Z\}$$

(3)

The original order is then restored to obtain the CGH-PV using the indices stored in the RSV vector (Figure 3(b)). Negative values resulting from this subtraction are adjusted by adding the modulo to ensure they remain within the allowed range of phase values.

From this vector, the phase matrix of the CGH is obtained to recover an image file (png format). With the correctly decrypted CGH, the original scene can be recovered. This step corresponds to Figure 1(e). Figure 5 shows the results for phase holograms encoded with integer values $[0-255]$ corresponding to images in PNG format. In our case, since the phase information is encoded with integer numbers, no information is lost.

The original scene can be recovered either by simulation (using convolution algorithms such as the angular spectrum [1]) (see Figure 5(a)) or in the laboratory (Figure 5(b)). In both cases, the behavior of a plane wavefront disturbed by the phase information of the CGH at each pixel is visualized in a specific plane (which coincides with the position of the dragon’s head in the 3D scene). To obtain the image in Figure 5(b), a CCD from a lensless camera is placed in this plane.

The quality of the final image is usually affected by several factors: Working with only the phase and encoding it with integer numbers within the allowed range impacts the final scene quality. The dynamic range or the pixel size of the SLM (real or simulated) also directly affects the final quality. Additionally, speckle phenomena always appear, which are not attributable to the encryption technique. To improve the final image, the process can be iterated by generating multiple CGHs and applying statistical filtering techniques [18,19].

3. Results Discussion

The proposed procedure is robust to different types of attacks, as it:

• CGH Storage: The 3D scene is stored within a CGH. Vulnerability to Statistical Analysis is avoided since methods such as intensity histograms cannot reveal patterns or facilitate partial image reconstruction. It is also resistant to partial transformations, as modifying a subset of pixels in the CGH does not compromise the integrity of the stored information.
• Pixel Shuffling: As will be shown next, pixel shuffling can be robust against brute force attacks when the number of possible pixel permutations is sufficiently large.
• Random Phase Modification: This adds an additional layer of complexity to the encryption, as it modifies the phase disturbance that each pixel of the CGH presents to the reconstruction wavefront. It also alters the phase histogram of the ciphertext, further complicating attacks using statistical tools.

3.1. Remarks on Pixel Shuffling

The data size to be managed in this work is a matrix of $Z=N\times M$ integer values, which can range between $[0-255]$; that is, 256 different values.

Let us assume that each pixel value appears a certain number of times, denoted as $R_i$; that is, $(R_1,R_2,R_3,...,R_{256})$, where $R_i$ can take a value within the interval $[1-Z]$, with the restriction that the sum of all values $R_i$ will equal Z.

Let us assume that we start with the Z pixels placed in a bag, and we extract them one by one without replacement to place them into a matrix of size $N\times M$ pixels. Therefore, Z extractions must be performed. The extractions are assumed to be statistically independent.

• Probability that the first selected pixel matches the first pixel of the image: Suppose the first pixel has the value j within the range [0-255], and it appears $R_j$ times, then

  $$P_1={\displaystyle \frac{R_j}{N\times M}}$$

  (4)
• Probability that the second extraction matches the second pixel of the image: Suppose the second pixel has the value k within the range $[0-255]$, and it appears $R_k$ times, then

  $$P_2={\displaystyle \frac{R_k}{(N\times M)-1}}$$

  (5)

  however, it is also possible that it has the value j, in which case the probability would be

  $$P_2={\displaystyle \frac{R_j-1}{(N\times M)-1}}$$

  (6)
• Following this reasoning, the probability that the L-th extraction matches the L-th pixel of the image: Suppose the L-th pixel has the value m within the range $[0-255]$, and it appears $R_m$ times but has already appeared n times previously, then

  $$P_L={\displaystyle \frac{R_m-n}{(N\times M)-(L-1)}}$$

  (7)

Iterating this process, the final probability of successfully reconstructing the image by extraction would be given by the probability of matching all the pixels of the CGH; that is:

$$P=P_1\times P_2\times P_3...\times P_Z={\displaystyle \frac{R_1!\times R_2!\times R_3!...\times R_Z!}{Z!}}$$

(8)

The combinatorial explosion depends on the range of values that can be taken and the size of the matrix. In our case, the range is $[0-255]$ and the size is $1920\times 1080$. To make an estimation, we know that the histograms of the phases encoded in a png file are practically uniform; that is, the frequency values in these histograms tend to satisfy the following equality: $R_1=R_2=...=R_{256}=Z/256$. In this case, we can make the following estimation:

$$P={\displaystyle \frac{256\times (Z/256)}{Z!}}={\displaystyle \frac{1}{(Z-1)!}}={\displaystyle \frac{1}{2,073,599!}}$$

(9)

The factorial is an extraordinarily large number. Using Stirling’s approximation [20], an estimation can be made:

$$n!\approx \sqrt{2\pi n}{\left({\displaystyle \frac{n}{e}}\right)}^n$$

(10)

To determine the size of this number, we can calculate the number of digits it has.

$${log}_{10}(n!)\approx n{log}_{10}\left(n\right)-n$$

(11)

That is, around 11 million digits. Therefore, the probability of reconstructing the $N\times M$ matrix is effectively zero. If a processing machine were used that took ${10}^{-12}s$ per possibility, it would take ${10}^{11,000,000}\times {10}^{-12}s$, which is an incomprehensibly long time compared to any human or even geological timescale.

This pixel shuffling method of a scene, in which a mathematical transformation operation has been previously applied (the synthesis of a CGH can be likened to this operator), already provides a fairly robust encryption against statistical analysis (the phase distribution in a histogram is practically flat) or brute force attacks.

3.1.1. Key Size Issues.

The proposed key is a vector of $N\times M$ integer values and whose size increases as a function of the CGH resolution, which may result in keys of considerable size. One should consider the option of compressing this information using arithmetic encoding techniques [21] that guarantee to avoid loss of information in order to have a lighter key.

3.2. Remarks on DRPE Phase Mask

Let us recall that we have the key, which is a vector containing the permutations of the pixels, and a vector in which the permuted phases are stored. Now we will modify these values as follows: another vector will be constructed to store the modifications of the phase values, based on the vector containing the pixel permutations. Since Z is a number greater than the phase range encoded in the CGH $[0-255]$, the proposed procedure is to truncate (modulo 256) each component of the pixel shuffling vector (the key) and add it to the phase in the same position in the phase vector. In this way, for each pixel in the CGH, a new phase value is obtained, which can range between $[0-255]$. A brute-force attack would involve modifying the positions and values of the pixels.

The phase hologram obtained after these operations and its reconstruction using well-known convolution methods in the literature [1] are shown in Figure 4(a) and Figure 4(b), respectively.

Following a similar approach to the previous subsection, we assume that we have Z elements of a matrix with values in the range $[0-255]$. Adding a random phase implies that each of these Z elements can have any value within the mentioned range. The probability of recovering the original phase of pixel i in the CGH is:

$$P_{phas{e}_i}={\displaystyle \frac{1}{256}}$$

(12)

Since each pixel is an independent case, the probability of correctly recovering all the phases would be:

$$P_{phas{e}_{SLM}}=P_{phas{e}_1}\times P_{phas{e}_2}\times P_{phas{e}_3}\times ...P_{phas{e}_Z}\times ={\displaystyle \frac{1}{{256}^Z}}={\displaystyle \frac{1}{{256}^{(1920\times 1080)}}}$$

(13)

The probability of finding the correct phase match is also very small (the denominator has nearly 5 million digits) and adds another layer of security to the CGH encryption, breaking any pattern that could have existed in the phase histogram.

3.3. Partial Encryption of the CGH

Given the large number of possible permutations, the question arises: Is it possible to reduce the number of permutations (that is, reduce the computational costs) while maintaining a secure level of encryption?

The answer is conditioned by the very nature of the CGH creation process. All points in the scene contribute to all pixels of the CGH, so a practically complete shuffling is necessary to fully conceal the recorded information. The same applies to an encryption process in which only the phase mask is used to hide the information.

A method to quantify this statement is by using the Pearson Correlation Coefficient to measure the similarity between images. In Figure 6(a), this coefficient is shown as a function of the percentage of shuffled pixels, pixels with modified phase, and pixels where both phase and position are modified, between the original reconstructed image (Figure 5(a)) and those obtained with different percentages. Only when all pixels are shuffled is the absence of correlation guaranteed. For the calculation of the Correlation Coefficient (CC) shown in Figure 6(a), the reference image is Figure 5(a). In the case of $0\%$ shuffled pixels, it is compared with itself ($CC=1$). This value decreases, reaching ($CC=0$) when $100\%$ of the pixels are modified (Figure 4(b)).

The Figure 6(b) shows the histogram of the encrypted CGH, where it is observed that the phase value distribution is nearly flat, which helps to hinder statistical analysis-based hacking attempts.

These graphs can aid in managing the trade-off between encryption computation time and the required level of security. Additionally, other factors complicate the process of unauthorized decryption, such as the wavelength used for CGH synthesis or the geometry of the recording process (the distance between the scene and the CGH plane). In a trial-and-error process, the computation time should also account for the cost of calculating the convolution integral to reconstruct the scene from the CGH.

4. Conclusions

Encoding information using CGH and random phases (DPRE) has proven to be a robust technique for information encryption in the past. However, brute force attacks reduce the success time as the available computational power increases to find the decryption key.

We present an evolution of DRPE that adds the random permutation of pixels. This proposal allows the use of a single key to generate the CGH that serves as ciphertext or the use of two independent keys: one for the permutation and another for the synthesis of the random phase mask.

The entire process can be simulated on a computer or demonstrated in a laboratory. The permutation possibilities add a new layer of complexity against attacks.

Encoding the information in a CGH makes the generated ciphertext robust to localized modifications, the random phase modification makes the phase histogram distribution more resilient to statistical attacks, and the shuffling of already-encrypted pixels significantly increases the combinatorial possibilities to explore, rendering a brute-force attack unfeasible.