#### Abstract

A new asymmetric optical double image encryption algorithm is proposed, which combines phase truncation and singular value decomposition. The plain text is encrypted with two-stage phase keys to obtain a uniformly distributed cipher text and two new decryption keys. These keys are generated during the encryption process and are different from encryption keys. It realizes asymmetric encryption and improves the security of the system. The unscrambling keys in the encryption operation are mainly related to plain text. At the same time, the system is more resistant to selective plain text attacks; it also improves the sensitivity of decryption keys. With the application of phase truncation, the key space expanded and the security of the cryptographic system is enhanced. The efficacy of the system is calculated by evaluating the estimated error between the input and retrieved images. The proposed technique provides innumerable security keys and is robust against various potential attacks. Numerical simulations verify the effectiveness and security of the proposed technique.

#### 1. Introduction

With the rapid development of modern online transactions, protecting information security has become increasingly difficult. Unauthorized users may access the data, so information hiding techniques are required to conceal the multimedia data from unintended users. To overcome this problem, many encoding methods have been developed in the field of optical security, biometrics, and holographic storage. Parameters such as phase, amplitude, wavelength, frequency, and polarization have multiple degrees of freedom, thus increasing the key space. Therefore, optical techniques are the prime requirement, where a given data will be transmitted secretly on it, and any attacker in the middle cannot obtain the data. In the previous years, many encoding techniques were developed [1–6]. The double random phase encoding (DRPE) method [1] suggested by Refregier and Javidi in 1995 is the most effective image coding scheme. DRPE is an effective solution because the information is encrypted into an unrecognizable format. In DRPE, the original images are multiplied by randomly generated phase keys by using the input domain and the Fourier domain and a random phase mask (RPM) used as a security key. Use the conjugate of the encrypted image or the conjugate of the RPM to decrypt and return to tracing the optical path. In addition, DRPE - based coding methods are prolonged from Fourier transform (FT) to many other domains, such as fractional Fourier transform [7–12], Fresnel transform [13, 14], Fresnel wavelet transform [15], fractional Mellin transform [16–19], gyrator transform (GT) [20–25], gyrator wavelet transform (GWT) [26, 27], ghost Holography [28], etc.

In all these techniques, the indistinguishable RPM acts as a key during the decryption process. Similarly, due to the inherent nature of attacks, symmetrical schemes are used to deal with attacks, such as chosen cipher attack (CCA), chosen plain attack (CPA), and known plain attack (KPA) [29–31] because of an immanent stretch; it faces the problem of precondition administering and conducts. To address aforesaid matter, some dissymmetric optical cryptosystems have been proposed. Qin and Peng [32] put forward one of the pioneering work about asymmetric phase reservation (PR) and amplitude-truncation (AT) techniques to make the linearity of symmetric routines better. Since the decryption keys differ from the encryption keys, the author [33] claims that the PTFT-based cryptosystem is nonlinear. In 2013 [34], a speech restoration based on the AM-FM model in the linear canonical transform (LCT) domain was proposed. One relies on linear canonical transform domain filtering; the other relies on restoring the speech signal in the LCT domain. Kumar et al. [35] proposed an asymmetric method that uses two-dimensional nonseparable linear canonical transform (2D-NSLCT) and an iterative phase retrieval algorithm for duplex image encryption. First, PRA generates an encryption security key. Here, two intensity images are combined to form a complex image. Rakheja et al. [36] proposed a duplex image encoding based on the 3D Lorenz chaotic system and QR decomposition in the two-dimensional nonseparable linear canonical transform domain. In this communication, the unconventional framework of the 2D–NSLCT extends the key-size of the initiate scheme and enhances the robustness against brute-force attacks. The phase truncation part will continue for further processing, whereas the phase reserve part is used as the decryption key. After the intermediate cipher text is multiplied by a random phase mask, the inverse two-dimensional inseparable canonical transform will be performed. The output obtained is QR decomposition to get the final cipher text and another private key. Rajput and Matoba [37] proposed optical voice encryption in the other optical domains such as fractional Fourier, Fresnel and gyrator transforms, which convert input information into different mixed space-frequency domains. They also analyzed the experimental recording conditions of the human voice and some security aspects of the scheme. Their results show that the original voice cannot be retrieved unless the correct keys and correct domain orders are used. Number of papers published in the linear canonical transform have been studied [38–49]. Wang et al. [50–61] proposed the high-dimension Lorenz chaotic system and perceptron model, a chaotic image encryption system. Image encryption and various analysis have also been performed by authors [62, 63]. They describe the algorithm flow in detail and analyze the cryptographic security. Some of the papers on image encryption in different context have been noted [64, 65].

In this communication, we have introduced an unpredictable method for narrating duplex picture encryption using two-dimensional LCT and DPM besides esteem deterioration. The proposed LCT has comparable properties, such as numerous well-known scientific changes. We know that the classical DRPE experiences issue of key space and optical hub arrangement. To overcome these issues and to extend the key space, we favor utilizing a deterministic phase mask (DPM) [56, 62] rather than conventional RPM. The use of LCT has advantages such as computational ease and convenience in their optical implementation. The variations of LCT orders are achieved by rotation of the lens system because there is no need to change the distance like the optical implementation of fractional Fourier transform. The proposed scheme provides enhanced security by increasing the key space through the use of a deterministic phase mask. Such phase masks are easier to position in the decoding and provide their own security parameters.

In this article, the security of the cryptosystem depends on the linear canonical transform domain. The rest of the manuscript is organized as follows: Section 2 reflects the conceptual framework of the suggested scheme, Section 3 gives the proposed encryption and decryption methods, Section 4 indicates the various simulation results and robustness of DPM, and the concluding remarks are given in Section 5.

#### 2. Principle

##### 2.1. Generation of Deterministic Phase Mask (DPM)

The deterministic phase mask (DPM) is produced by characterizing the arrangement , which is given by the number of subkeys (NSK) in a single stage cover, where NSK = . As described in [19, 66, 67], the upcoming DPM can consist of a combination of the 16 submasks represented. DPM for the specific esteem of *m* = 4 is displayed in Figure 1where is defined as follows:where *k* = 1, 2, ……….. NSK (number of subkeys) and and are randomly generated in the interval [1, *d*], where is defined into the interval.

For simplicity, we display the example when the order of encryption and . If deterministic masks are considered with 16 of size . Each or is combined with 16 submasks , as interval is from 1 to 4, and are randomly generated in the interval from 1 to 64. If deterministic masks are constructed with 8 of size . Each or is combined with 64 submasks , interval is from 1 to 8; and are randomly generated in interval from 1 to 32.

##### 2.2. Theoretical Background of LCT

LCT is generated by ABCD transform, generalized Fresnel transform, and amplified fractional Fourier transform. LCT may be directly changing course, with three parameters characterized as follows [38, 42]:where kernel

LCT_{(α, β, γ)} [] indicate that the LCT administrator has three genuine change parameters. These three parameters are independent of (*x*, *y*) and (*u*, ) domains. Inverse two-dimensional LCT is written as follows:where LCT_{(−α, −β, −γ)} [] denotes the inverse LCT. If the 2D LCT is simplified to the FT with a multiplier factor , where and are constants and are related by unit determinant matrix. The elements convey three parameters as the order of LCT. These orders are considered as the key parameters for image encryption purposes. LCT is a unitary transform, a special case, including FT, FrFT, FrT, and operations including scaling and chirp multiplication. The optical LCT system can be implemented using an arbitrary number of thin lenses and propagate through free space. The implementation belongs to the quadratic phase system (QPS) category [68].

The optical implementation of an LCT using a single lens is shown in Figure (2).

The LCT parameters and can be directly related to the distances and , and the focal length is as given below:

##### 2.3. Singular Value Decomposition (SVD)

The SVD may be a numerical method utilized to diagonalizable matrices. It breaks down a *m* × *m* real matrix A into a product of three matrices as follows [69–73]:

The matrix and are orthogonal matrices (i.e., and ) having sizes and , respectively, while *S* could be an *m* × *n* diagonal matrix with nonnegative real values called singular values. Moreover, the arrangement of USV multiplication is very critical for the input image to be recouped accurately. Amid encryption, USV is made for cipher image *C* (*x*, *y*). At the time of decoding, perform reverse singular value decomposition.

If the multiplication arrangement has been changed to [UVS], [VUS], and [VSU], you cannot recompose the image. Finally, if the multiplication order is USV, the image can be restored. Because of multiplication, order plays an important role, so if the door opener gets any components from any channel, he will not be able to determine the first image.

##### 2.4. Nonlinear Phase Truncation Fourier Transform (PTFT)

PTFT can be a preparation of Fourier transform, but it has phase truncation, which means that because it only retains the amplitude (modulus part) of the Fourier spectrum, the phase part of the spectrum is truncated. Let denote the image to be encoded, LCT [ ] the operator of linear canonical transform, PT [ ] the operator of the phase truncated, and PR [ ] denote phase reservation. The phase truncation operation of the image in the two-dimensional linear canonical transform can be written as follows:

The phase truncation (PT) and the phase reservation (PR) operations can be expressed, respectively, as follows:

#### 3. Proposed Cryptosystem Technique

##### 3.1. Asymmetric Cryptosystem for Encryption

The input image is multiplied by RPM, i.e., and then linear canonical transformation is performed in the order *α*_{1}, *β*_{1}, *γ*_{1}. Here, is statistically independently and randomly distributed in [0, 1]. The PTFT separates the obtained complex spectrum into amplitude and phase. The amplitude-truncation (AT) value helps generate the first decryption key (DK_{1}) and the phase truncation (PT) value, bonded with another phase mask DPM (for the set ), and then proceed to *α*_{2}, *β*_{2}, *γ*_{2} order then further take linear canonical transformed which give the encrypted image, which is further amplitude-truncated to generate a second decryption key (DK_{2}). Also, at the conclusion, SVD is connected; steps are appearing underneath. Finally, the encrypted image is obtained. Improper selection of any of these parameters during decryption comes out with negative results. Presence of number of encryption keys helps in making the system more secure against unauthorized attacker. The steps (Figure 3) of encryption of an input image can be expressed as follows:where denotes a phase truncation operator, and represent the linear canonical transform of order and inverse linear canonical transform order , respectively. The decryption keys (DKs) are obtained during the encryption process. Within the proposed strategy, the two encryption keys are treated as open keys and are not utilized within the unscrambling handle. The two decoding keys utilized are given by equations (12) and (13).

##### 3.2. Asymmetric Cryptosystem for Decryption

The decryption process is shown in Figure 4. First, perform inverse singular value decomposition on the image, then multiply it by second decryption key (), and then LCT. Then multiply with the asymmetric key DK_{1} again perform LCT.

Steps for decryption is as follows:

##### 3.3. Optoelectronic Realization

An optoelectronic experimental setup of the proposed encryption scheme has appeared in Figure 5. In encryption, the image and RPM are first displayed on phase only spatial light-modulator (PO-SLM) associated with the machine and lit up by a He-Ne laser source (*λ* = 632.8 nm). LCT order is performed optically. The resulting spectrum and DPM are displayed on to second PO-SLM_{2}, which is additionally connected with the computer and after that performing an inverse LCT. The resultant spectrum is recorded by the charged coupled device (CCD) camera and stored in the computer system. The phase truncated part may be made by CCD. The amplitude-truncated part may be done by phase-shifting interferometry. In the decryption process, the digitally acquired image is multiplied with asymmetric key is displayed on PO-SLM_{1} irradiated with a laser source, and then subjected linear canonical transform through, then information is displayed on SLM_{2} is associated with computer and intensity of the decrypted image is recorded in the output plane.

#### 4. Simulation Results and Discussion

##### 4.1. Encryption and Decryption Results

A series of computer simulations were performed using MATLAB (version R2020a) software to verify the efficiency of the proposed approach. The size of all the plain text images and target images selected were 256 × 256. In this scheme, two grayscale images tree and baboon Figures 6(a) and 6(b) of size 256 × 256 pixels have been considered. The LCT parameters are considered in the present scheme are and For simplicity, you can use these values and other integer values. Figures 6(c) and 6(d) show the grayscale encrypted image of the grayscale used in the scheme. Using the correct LCT sequence and keys, the original images are, respectively, reflected in Figures 6(e) and 6(f).

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

##### 4.2. Performance Analysis

In this section, mean squared error (MSE) and a peak signal-noise ratio (PSNR) are used as the convergence criterion in the iterative process. If and denotes input and the decrypted image, then MSE is calculated as follows:

In equation (16), is the sum of pixels and denotes the size of the image. The suggested strategy is very safe because all the values of DPM must be reasonably when arranging for accurate image conversion. In case any of the esteem is inaccurately chosen automatically, there is an error in MSE; hence, decrypted image is not getting. The MSE for the tree and baboon pictures is as follows: 7.7485 × 10^{−25} and 2.5223 × 10^{−25}. The minimum value of MSE demonstrates a superior likeness to the tried image.

PSNR measures the modification between the input image and is decoded image and its equation can be written as follows:

The numerical esteem of PSNR obtained for our suggested algorithm for the tree and baboon image is 92.42 dB and 91.48 dB, respectively.

##### 4.3. Relative Error (RE)

The relative error is computed between plain image and decoding image using mathematical expression represented in the following equation:

Among them, and , respectively, represented the input, decrypted picture. The RE values of the algorithm used for tree and baboon images are 0.0054 and 0.0049, respectively. It can be seen from these data that it reflects that the image is obtained faithfully.

##### 4.4. Key Sensitivity Analysis

Image encryption technique is sensitive to the initial values of the secret key. To obtain a sensitivity analysis of the image encryption technique, take incorrect parameters. The correct parameters are and as the orders of LCT. The responsiveness of the architecture has also been substantiated against each individual parameter. The retrieved images for erroneous values are shown in Figure 7 for the various variable of and phase masks. Figures 7(a)–7(f) correspond to an image of a tree decrypted with incorrect values. Figures 7(a) and 7(b) are decrypted image tree and baboon by using incorrect two LCT orders; Figure 7(c) and 7(d) are decrypted image using another two-wrong parameter of LCT, and Figures 7(e) and 7(f) with wrong values of DPM and RPM. Figure 8(a) is an MSE plot with the first LCT order , while Figure 8(b) is another graph of MSE with iteration number for the second LCT. Figure 8(c) is another plot MSE with LCT order The graphs clearly reflect that the scheme is highly sensitive to the LCT order.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(a)**

**(b)**

**(c)**

##### 4.5. Correlation Coefficient (CC) Analysis

In this section, the correlation coefficient (CC) of two adjacent pixels in the original image and its encrypted image is examined. The CC is calculated by the following relations:where and . An illegitimate user cannot obtain any valid information from this statistical data. Plots of correlation distribution for randomly chosen 15,000-pixel pairs Figures 9(a), 9(d), 9(g), 9(j), and 9(m) show the input images; Figures 9(b), 9(e), 9(h), 9(k), and 9(n) show correlation distribution of input images; Figures 9(c), 9(f), 9(i), 9(l), and 9(o) correlation distribution of encrypted images, respectively. The correlation graphics of input images are different, but the correlation plots of encrypted images are similar, so based on the encryption images, it is difficult for the hacker to identify the correct image. Table 1 shows the values of horizontal, diagonal, and vertical pixels of input and encrypted images (Figure 9).

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

**(h)**

**(i)**

**(j)**

**(k)**

**(l)**

**(m)**

**(n)**

**(o)**

##### 4.6. Statistical Analysis

To demonstrate the ability to resist statistical attacks of the proposed image encryption algorithm, different kinds of statistical analysis methods are being utilized.

###### 4.6.1. Histogram Analysis

In order to obtain an effective and safe optical image encryption scheme, it should be able to encrypt different input images into an encryption form with similar histograms. The histograms of the tree, baboon, and their corresponding encrypted images are shown in Figures 10(a)–10(d). We can see from the histograms point of view input images are completely different, but the histograms of the encrypted images are indistinguishable, so it is difficult for an attacker to identify the correct picture.

**(a)**

**(b)**

**(c)**

**(d)**

###### 4.6.2. Entropy Analysis

Entropy (*H*) can be represented as follows:

The chi-square value is calculated by the following equation [74–76]:

where represents the probability. The ideal entropy is 8. The entropies obtained from the cipher image of the baboon, tree, optical image processing, OPT, and Lena images using the proposed algorithm are nearly standard entropy, respectively. These values are near the ideal value, then the loss is insignificant, and the suggested algorithm is strongly against the entropy attack. Table 2 shows entropies of input, encrypted and decrypted, respectively.

Variance is the quantitative measure of histogram analysis. In addition, histogram variances are mainly used to quantitatively examine the uniformity of an image. Lower variance means higher uniformity of an image, alternatively the better security of the particular algorithm. The mathematical expression for calculating the variance is as follows [74–76]:where is the number of grayscale values, and are the number of pixels for a particular grayscale values *i* and, *j*, respectively, and is the vector of all and . Variance results are tabulated in Table 3.

The result shows our encryption scheme is better and more efficient, giving better results than others.

The chi-square test is the degree of deviation between the actual observation value and the theoretical inference value of the statistical sample. The larger the chi-square value, the less conformable and on the contrary, the more it is consistent. If the two values are completely equal, the chi-square value is 0, indicating that the theoretical value is completely consistent.where is the observed frequency of *i*, and is the expected frequency of *i.* The expected frequency is as follows:where is the size of images.

Table 4 lists the test results for encrypted images. According to the chi-square distribution, and **;** from this, we can see that for the 1% and 5% significant level, accept the hypothesis, so we can confirm that the pixel distribution is uniform.

##### 4.7. Attack Analysis

###### 4.7.1. Robustness Method Against Pixels Cropped

In an occlusion attack, some parts of the encrypted image are blocked, which will cause the encrypted image to be blurred. This leads to blurred decrypted images depending on the size of the blocked parts. Different cases have been evaluated by taking the different sizes of the filter in the encrypted image. When the encrypted image is occluded or blocked, it impacts the quality of the recovered images. The occlusion is considered by changing the encrypted image by 10%, 25%, 50%, and 75%. As the occlusion percentage increases, the quality of the restored image gradually decreases. But still, the recovered images are visible till 25%. Figure 11(a) is 10% encrypted image; Figure 11(b) is occluded 25%. Similarly, 50% is occluded in Figure 11(c), 75% in Figure 11(d), and their corresponding effect is reflected in Figures 11(e) and 11(f); the MSE and CC plot with the occluded area. A larger value of MSE states a larger loss of information and degraded condition of recovered images.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

###### 4.7.2. Noise Attack Analysis

The encrypted image on the stage of image processing and image transmission is susceptible to different kinds of noise. These noises have a great influence on the quality of the decryption images. In this work, we have added Gaussian noise to the encoded image. The noise interferes with the ciphered images by relation [80–82].where is encrypted picture and is the noised image, k is a constant factor and G is Gaussian noise with 0 and 1 standard deviation. Figures 12(a)–12(h) show the recovered images from the encrypted data distorted by Gaussian noise with standard deviations of 0.02. Figure 13 shows the plot of MSE with noise factor (*k*).

**(a)**

**(b)**

**(c)**

**(d)**

###### 4.7.3. Classical Attack Analysis

The security of a cryptographic system depends on its resistance to four basic attacks. These basic attacks are cipher text only attack, known plain text attack, chosen plain text attack, and chosen cipher text attack. Among them, chosen plain text attack is the most powerful attack. If a cryptosystem is secure against this attack, it is secure against the other three attacks. The proposed scheme has eight keys; one from a deterministic phase mask, one from RPM, and six from linear canonical transform parameters, and the scheme is highly sensitive to all these parameters. If a small change is made in these parameters, the results would be completely different. So, the proposed scheme is secure enough against chosen plain text attacks and hence against other classical attacks too. The analysis proves that the presented system is resistant to several attacks which threaten the authenticity of any cryptosystem. Hence it is a much more secure and powerful yet simple cryptosystem.

In CPA, the attacker has the plain image and scheme. With respect to these, he will try the cipher image. Normally, DRPE is highly vulnerable to CPA. If an attacker chooses the Dirac delta function, which is shown in the below equation:

Dirac delta function is to be considered a single nonzero pixel at the centre of the image and all the other values are zero. In order to perform chosen plaintext analysis, created Dirac delta function is considered as plain image and cipher image calculation is given in the equation.

From the above equation, the second secret key is easily obtained by . Figure 14 shows the CPA analysis of the DRPE system.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

###### 4.7.4. Speed Performance Analysis

The speed of the scheme measures the performance and the time taken by the scheme for the execution. It is important that the encryption and decryption schemes are fast enough to meet real time requirements. The scheme needs to be faster to reach the level of real time applications. The scheme has been tested against the speed by executing the scheme on a personal computer with configuration Intel (R) Core (TM) i3-2328 CPU @ 2.20 GHz–2.71 GHz, 2 GB RAM running Windows 10 on MATLAB R2020a 5 (9.6..0.1174912) 64 bit (win64), LM: 40664749. The total time taken for both encryption and decryption is 0.66 s. This time is due to the introduction of DPM. After introducing the DPM, the time taken is still very small and proves the scheme to be fast and efficient.

###### 4.7.5. Quantitative Comparison Analysis

The proposed scheme is quantitatively compared with various recent schemes in terms of entropy, execution time, and key space. Table 4 gives the key space, time execution, and entropy of cipher text of various schemes. As can be seen from Table 4, the proposed scheme has the least execution time of 1.515843 seconds with a key space of RPM, DPM, and 6 keys. The cipher-text entropy value is 7.261, which indicates the randomness in the encrypted image. All these parameters demonstrate the strength and quality of the proposed encryption scheme. Table 5 reflected the quantitative comparative analysis of the proposed scheme and earlier reported schemes.

#### 5. Differential Attack Analysis

The Number of Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI): Let encrypted images before and after one pixel change in the image be or . The NPCR and UACI are given as follows [76]:where is a two-dimensional array having the same size as images or and M and N are the width and height of the image. The matrix is defined by and ; if , then ; otherwise . The ideal values of NPCR and UACI are 99.61% and 33.46%, respectively. The NPCR and UACI between and are computed as 97.49% and 31.20%. The calculated values of NPCR and UACI are close to the ideal values. It means that the algorithm can resist differential cryptanalysis.

#### 6. Conclusion

In this contribution, it demonstrates that the simulation LCT encrypting system is capable of information security with noise-free recovery. The experimental results show that the linear canonical transform order can be considered as an extra security key. It is found that a small variation in order will lead to a large change in CC, MSE, and PSNR values. The use of DPM increases the key space also as extra security of the scheme. The proposed scheme is asymmetric and also uses the SVD operation that increases the security of the algorithm. The scheme is tested for various attacks such as occlusion and noise and it was found the scheme is not vulnerable. Numerical simulations are performed to demonstrate the feasibility and validity of this method. Key sensitivity has been analyzed by MSE curves under different decryption keys. Several possible attacks such as KPA and CPA have been considered and results demonstrate that the proposed encryption system has higher security.

#### Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

#### Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

#### Acknowledgments

The authors wish to thank the management of The NorthCap University, Gurugram, India, for their encouragement in supporting various research facilities.