G-0K8J8ZR168
검색
검색 팝업 닫기

Ex) Article Title, Author, Keywords

## Research Paper

Curr. Opt. Photon. 2021; 5(2): 155-163

Published online April 25, 2021 https://doi.org/10.3807/COPP.2021.5.2.155

## Optical Encryption Scheme for Cipher Feedback Block Mode Using Two-step Phase-shifting Interferometry

Seok Hee Jeon1, Sang Keun Gil2

1Department of Electronic Engineering, Incheon National University, Incheon 22012, Korea
2Department of Electronic Engineering, The University of Suwon, Hwaseong, Suwon 18323, Korea

Corresponding author: skgil@suwon.ac.kr, ORCID 0000-0002-3828-0939

Received: December 31, 2020; Revised: March 2, 2021; Accepted: March 6, 2021

This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/4.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.

We propose a novel optical encryption scheme for cipher-feedback-block (CFB) mode, capable of encrypting two-dimensional (2D) page data with the use of two-step phase-shifting digital interferometry utilizing orthogonal polarization, in which the CFB algorithm is modified into an optical method to enhance security. The encryption is performed in the Fourier domain to record interferograms on charge-coupled devices (CCD)s with 256 quantized gray levels. A page of plaintext is encrypted into digital interferograms of ciphertexts, which are transmitted over a digital information network and then can be decrypted by digital computation according to the given CFB algorithm. The encryption key used in the decryption procedure and the plaintext are reconstructed by dual phase-shifting interferometry, providing high security in the cryptosystem. Also, each plaintext is sequentially encrypted using different encryption keys. The random-phase mask attached to the plaintext provides resistance against possible attacks. The feasibility and reliability of the proposed CFB method are verified and analyzed with numerical simulations.

Keywords: CFB mode, Digital holography, Optical encryption, Phase-shifting interferometry, Symmetric block encryption

OCIS codes: (060.4785) Optical security and encryption; (070.1170) Analog optical signal processing; (070.4560) Data processing by optical means; (090.1995) Digital holography; (090.2880) Holographic interferometry

Information security has increasingly become an important issue in many information societies. Compared to conventional electronic data-security methods, optical data security provides much freedom to encrypt data using the amplitude, phase, polarization, or wavelength of light. Since Refregier and Javidi firstly reported the optical encryption method of double random-phase encoding (DRPE) [1], lots of researchers have investigated optical encryption methods in information-security applications, because of their high-speed and parallel processing potential. In 2009, Matoba et al. reviewed various optical techniques in information security, encryption, and authentication [2], and Alfalou and Brosseau reviewed much work about optical image compression and encryption methods [3]. In 2014, Chen et al. presented a review of optical technologies for information-security systems, and analyzed the advantages and disadvantages of each optical security system [4]. Also, Javidi et al. presented an article about a roadmap for optical security, as an overview of the recent advances and challenges of optical encryption techniques using free-space optics [5]. Among these optical encryption methods, digital holography is a useful technique in which fully complex data may be recorded and reconstructed digitally to realize optical encryption [6]. A method for more efficient direct recording of holographic information is phase-shifting interferometry, which uses a charge-coupled device (CCD) to record the fully complex information. Some methods to use phase-shifting interferometry in an optical encryption system have been proposed [79]. Generally, as the number of phase-shift steps increases in phase-shifting interferometry, the reconstruction error in the acquisition of the fully complex information decreases. However, the multistep phase shift increases the amount of data being encrypted, so that much time might be required to transmit the secure information, and then the limitation of system errors is dominated by the resolution of the commercially available CCD. Especially, some researchers have proposed optical encryption systems using two-step phase-shifting interferometry [1014]. On the other hand, several optical encryption methods based on polarization have been considered for security [1520]. As to the DRPE method, Naughton et al. introduced the concept of secure modes for conventional block-encryption systems and applied these concepts to DRPE optical encryption [21]. Recently, we proposed the optical encryption method of cipher-block-chaining (CBC) mode, using phase-shifting digital interferometry based on orthogonal polarization [22].

In this paper, we propose an optical encryption scheme for cipher-feedback-block (CFB) mode by means of two-step phase-shifting interferometry and orthogonal polarization. Fourier-domain optical encryption is obtained by the interference of two waves in a phase-shifting interferometer of the Mach-Zehnder architecture. The interferometer consists of binary input data attached to a random-phase mask in the object beam, and a randomly distributed phase pattern with an encryption key in the reference beam, with the resulting interferograms being recorded on CCDs. The encryption key used in the decryption process is also achieved by phase-shifting interferometry. Ciphertexts of the digital interferograms are transmitted over an information network and can easily be decrypted by digital computation. In Section II the CFB mode is briefly reviewed and the proposed optical encryption method for the CFB algorithm is explained, and in Section III the feasibility of the proposed method is verified by the results of numerical simulations and security analysis. Conclusions are summarized in Section IV.

### II. CFB ENCRYPTION MODE AND THE PROPOSED METHOD

In the conventional cryptographic encryption of digital data, called a block, there are four standard modes: Electronic Codebook (ECB), CBC, CFB and Output Feedback (OFB) in the data-encryption standard (DES) protocol. Among these block-encryption modes, CFB mode introduces a feedback operation into the cryptographic process. In this mode, the previous ciphertext block is fed back and used to encrypt the subsequent plaintext block. Figure 1(a) shows the algorithm for CFB mode encryption, and the encryption procedure is described as follows:

Figure 1.Block diagrams for encryption. (a) Conventional CFB mode, (b) proposed CFB method.
IV=C0, Qi=E(Ci-1) for 1in, Ci=PiOi for 1in, Pi=CiD(Ci-1)=CiOi for 1in,

where IV denotes an initialization vector, Ci-1 denotes the previous ciphertext, Oi denotes the ith corresponding cipher by an encryption key K, Pi denotes the ith plaintext, Ci denotes the corresponding ith ciphertext, and n is the total number of plaintext blocks being encrypted. E(∙) represents an encryption operation and D(∙) represents the corresponding decryption operation. An initialization vector IV is used as the first ciphertext block C0, which need not be secret and should be sent to the receiver for decryption. However, this method is insufficient to maintain security strength because of the short length of the key, and is vulnerable to cryptoanalysis attacks.

Recently, electronic digital cryptographic algorithms have been analyzed by applying optical encryption techniques in which the ciphertext is no longer in digital information, but rather is in an analog random pattern, such as white noise. Inherently, an optical system carries out fast parallel processing with 2D array data, so it can have a very large key space, thereby enhancing security strength. In this paper, the concept of the CFB-mode algorithm is modified to propose an optical encryption scheme using phase-shifting interferometry. Figure 1(b) shows the proposed CFB method, and the encryption procedure is described as follows:

IV=C0, Qi=E(Ci-1) for 1in, Ci=E(Pi,Ci-1) for 1in, Pi=D(Ci,D(Oi)) for 1in,

where IV denotes an initialization p × q matrix, Ci–1 denotes the previous ciphertext, Oi denotes the corresponding interferograms by the ith encryption key Ki, Ci denotes the corresponding ith ciphertext of the interferogram, and n is the total number of plaintext pages being encrypted. E(∙) represents a digital holographic encryption operation, and D(∙) represents the corresponding holographic decryption operation. A page of plaintext is encrypted to ciphertexts by performing orthogonal-polarization-based two-step phase-shifting interferometry with the previous ciphertext. Interferograms Oi and Ci are transmitted to the receiver and used to reconstruct the plaintext Pi by the corresponding decryption process.

The optical architecture for two-step phase-shifting digital holography using orthogonal polarization [20] can also be used for the proposed CFB encryption method. Figure 2 schematically shows the proposed optical encryption architecture, which contains dual Mach-Zehnder interferometers. The collimated laser beam passes through a linear polarizer P1, the polarization direction of which is 45° with respect to the horizontal axis, and is divided by beam splitters into two linear-polarized plane waves traveling in different paths. When shutters S1 and S2 are open and S3 is closed, the inner interferometer is operated to encrypt a previous ciphertext Ci-1 by a holographic encryption key Ki, which is intended to be made from the same previous ciphertext Ci-1. A previous ciphertext to be encrypted is displayed on an amplitude-type spatial light modulator SLM1 multiplied by a random-phase mask RPM1 in the object-beam path, while a phase-type SLM2 displays the holographic encryption key in the reference-beam path. The object and reference wave functions in the inner interferometer are expressed as si(x,y) = Ci–1(x,y)ejθ1(x,y) and ti(x,y) = ejKi(x,y), where exp[jθ1(x, y)] is a random-phase-mask function. Note that an initialization-matrix value IV = C0(x, y) is used in the first-stage encryption procedure, where C0 is assumed to be a randomly generated 2D matrix pattern. The complex distributions of the object and reference waves in the spatial-frequency plane, expressed as Si(α, β) = FT{si(x, y)} and Ti(α, β) = FT{ti(x, y)}, where FT represents the Fourier transform, are interfered onto two CCD1 and CCD2 by use of the Fourier-transform lenses L1 and L2. If the fast axis of a λ/4 plate is set along the vertical axis, then no phase shift occurs on CCD1 where the polarization direction of output analyzer P2 is aligned along the s-polarization axis, and a phase shift of π/2 radians occurs on CCD2 where the polarization direction of output analyzer P3 is aligned along the p-polarization axis. This two-step phase-shifting interferometry gives two interference intensities as

Figure 2.Proposed optical architecture for CFB encryption: SF, spatial filter; CL, collimating lens; P, linear polarizer; BS, beam splitter; S, shutter; A, attenuator; M, mirror; L, lens; SLM, spatial light modulator; RPM, random-phase mask; CCD, charge-coupled device; PC, personal computer.
Ii,IN1α,β:0=Ti α,β2+Si α,β2+2Tiα,βSiα,β cosΔϕTS, Ii,IN2α,β:π2=Tiα,β2+Siα,β2+2Tiα,βSiα,β cosΔϕTSπ2,

where ΔϕTS = ϕTϕS denotes the phase difference between reference and object waves. Controlling the shutters S1, S2, and S3, we can separately obtain the intensity distributions of the reference and object waves, IT = |Ti(α, β)|2 and IS = |Si(α, β)|2. These four intensity distributions (Ii,IN1, Ii,IN2, IT, and IS) implying the encryption key information are transmitted to the receiver as ciphertexts Oi of Eq. (6), to decrypt the previous ciphertext Ci-1.

The outer interferometer, with shutters S1 and S3 open and S2 closed, is operated to encrypt a plaintext by another holographic encryption key, which is also the same previous ciphertext. The object-beam path has an amplitude-type SLM3 multiplied by another random-phase mask RPM2, which displays a plaintext Pi to be encrypted. The object wave function in the outer interferometer is expressed as mi(x, y) = Pi(x, y)ejθ2(x,y), where exp[jθ2(x, y)] is another random-phase-mask function. Schematically, in the outer interferometer the reference-beam path is the same path as the object-beam path in the inner interferometer. Therefore, the object wave function si(x, y) = Ci–1(x, y)ejθ1(x,y) in the inner interferometer is now used as the reference wave function in the outer interferometer. The complex distributions of the object and reference waves are Fourier transformed onto CCD1 and CCD3 by lenses L1 and L3, expressed as Mi(α, β) = FT{mi(x, y)} and Si(α, β), respectively. Similarly, the two-step phase-shifting interferometry using orthogonal polarization gives two interference intensities as

Ii,OUT1α,β:0=Mi α,β2+Si α,β2+2Miα,βSiα,β cosΔϕMS, Ii,OUT2α,β:π2=Miα,β2+Siα,β2+2Miα,βSiα,β cosΔϕMSπ2,

where ΔϕMS = ϕMϕS denotes the phase difference between object and reference waves. Likewise, the intensity distributions of the object and reference waves, IM = |Mi(α, β)|2 and IS = |Si(α, β)|2, can be obtained by controlling the shutters S1, S2, and S3. These four intensity distributions (Ii,OUT1, Ii,OUT2, IM and IS) are transmitted to the receiver as ciphertexts Ci of Eq. (7), to decrypt the plaintext Pi.

In the proposed method, a plaintext is encrypted by phase-shifting interferometry such that we should know the complex hologram function generated from interferometry to decrypt the plaintext. If the complex hologram function in the outer interferometer is assumed to be Hi,OUT(α, β) = AMS ejϕMS, the phase ∆ϕMS and amplitude AMS can be calculated from the transmitted ciphertexts of Ci as

ΔϕMS=ϕMϕS=tan1 Ii,OUT 2α,β:π2IM+IS Ii,OUT 1α,β:0IM+IS, AMS=MiSi=12 Ii,OUT 2α,β:π2 IM +IS 2+ Ii,OUT 1α,β:0 IM +IS 2.

To reconstruct the complex distribution Mi of the object wave from Hi,OUT = AMS ejϕMS, the complex distribution Si of the reference wave should be known. Note that it is possible to retrieve the complex distribution Si by applying the phase-shifting interferometry technique to the transmitted ciphertexts Oi only with knowledge of the complex distribution Ti(α, β) = FT{ejKi(x,y)}. Assuming the complex hologram function in the inner interferometer to be Hi,IN(α, β) = ATS ejϕTS the phase ∆ϕTS and amplitude ATS can be calculated as

ΔϕTS=ϕTϕS=tan1 Ii,IN 2α,β:π2IT+IS Ii,IN 1α,β:0IT+IS, ATS=TiSi=12 Ii,IN 2α,β:π2 IT +IS 2+ Ii,IN 1α,β:0 IT +IS 2.

The complex distribution Mi can be reconstructed by processing these two complex holograms Hi,IN and Hi,OUT, by combining Eqs. (13) and (14) with Eqs. (15) and (16) in the following way, and consequently the original plaintext Pi(x, y) of Eq. (8) is decrypted by an inverse Fourier transformation:

Di,INα,β=Hi,IN*α,βTiα,βIT=TiSiej ϕS ϕT   TiejϕT Ti 2=SiejϕS, Di,OUTα,β=Hi,OUTα,βDi,INα,βIS=Mi Si ej ϕM ϕS   Si ejϕS Si 2=MiejϕM=Miα,β, dix,y=IFTDi,OUT α,β=mix,y=Pix,y,

where * denotes the complex conjugate and IFT{∙} denotes inverse Fourier transformation. Di,IN of Eq. (17) shows the reconstructed information of the previous ciphertext Ci–1, which is used as a decryption key to produce the plaintext Pi via Eqs. (18) and (19).

To obtain the feedback ciphertext Ci–1 for the next plaintext-encryption process, a threshold function for the ciphertext is utilized in the proposed method. A simple technique is to use only one ciphertext of Ci (Ii,OUT1, Ii,OUT2, IM and IS), such as Ci–1(x, y) = TH{Ii,OUT1} or TH{Ii,OUT2} or TH{IM} or TH{IS}, where TH{∙} is a threshold function, to generate binary data by taking a proper threshold value. The second considered method to make the feedback ciphertext is to use four ciphertexts of Ci for XOR logic operation. A more complicated way is to use the combination of all eight produced ciphertexts Oi and Ci, including the previous ciphertext Ci–1, for XOR logic operation such as Ci–1(x, y) = Ci–1TH{Oi}⊕TH{Ci}. The specific XOR combination algorithm of ciphertexts, adapted to the designed encryption system, could be determined only by the transmitter, which is kept secret from attackers. In this paper, each feedback ciphertext for the next ith encryption procedure is assumed to be determined by Eq. (20), to resist attacks, the details of which will be described in the following section to discuss cryptanalysis:

Ci1x,y=THIi,OUT1THIi,OUT2THIMTHIT.

Flowcharts of the encryption and decryption procedures are shown in Fig. 3, where EXP denotes an exponential function to generate the phase distribution, FT and IFT represent the Fourier transform and inverse Fourier transform, Σ denotes a function to perform phase-shifting interferometry, TH denotes a threshold function to generate binary data using a proper threshold value, DH denotes a function to calculate a complex hologram, and ABS denotes the absolute-value function.

Figure 3.Flowcharts for the proposed scheme. (a) Encryption and (b) decryption.

### III. NUMERICAL SIMULATIONS AND SECURITY ANALYSIS

To verify the feasibility of the proposed optical encryption scheme for CFB mode shown in Figs. 1(b) and 2, numerical simulations are carried out using Mathlab. 256 × 256-pixel binary images are used for simulation; the size of the data depends on the display capability of the SLM. For visual convenience, binary images are used as input plaintexts. Figures 4(a)4(c) show the consecutive plaintexts of binary images to be encrypted in CFB mode. Figure 5 shows intensity distributions of ciphertexts for encrypting the 1st plaintext P1, shown in Fig. 4(a), which are assumed to be recorded on CCDs with 256 gray levels. Figure 5(a) includes intensity distributions of O1 that consist of two interferograms and two DC-term intensities. Two interferograms I1,IN1 and I1,IN2 are obtained by performing two-step phase-shifting interferometry in the inner interferometer, where the phase shift is 0 or π/2 respectively. In addition, the two DC-term intensities IT and IS are Fourier-transform patterns of only the reference wave or the object wave respectively. These four intensities of O1 are transmitted to the receiver for retrieval of the previous ciphertext C0. Similarly, Fig. 5(b) depicts intensity distributions of C1. Two interferograms I1,OUT1 and I1,OUT2 are obtained by performing two-step phase-shifting interferometry in the outer interferometer. The two DC-term intensities IM and IS are Fourier-transform patterns of only the object wave or the reference wave respectively. As shown in Figs. 5(a) and 5(b), the intensity distribution of IS in the inner interferometer is the same as that for the outer interferometer, because the object wave in the inner interferometer is used as the reference wave in the outer interferometer. These four intensities C1 are transmitted to the receiver for decryption of the plaintext P1. From the point view of cryptography, the transmitted ciphertexts have a noiselike random intensity pattern, so that an attacker cannot acquire the original image easily.

Figure 4.Binary images to be encrypted. (a) The 1st plaintext P1, (b) the 2nd plaintext P2, and (c) the 3rd plaintext P3.
Figure 5.Intensity distributions of the ciphertexts derived from the 1st plaintext P1: (a) O1 (I1,IN1, I1,IN2, IT, IS) acquired from the inner interferometer, and (b) C1 (I1,OUT1, I1,OUT2, IM, IS) is acquired from the outer interferometer.

Figure 6 shows the results of reconstruction and decryption of the consecutive plaintexts Pi (i = 1, 2, 3 ). Figure 6(a) shows a randomly generated binary matrix as the initialization value C0, which is used to encrypt the first-stage encryption key K1. In this paper, K1 is designed to have the same initialization value of C0, for convenience. Figure 6(b) shows the reconstructed intensity obtained from the reconstructed information D1,OUT of Eq. (18) when K1 = C0, resulting in the correctly decrypted plaintext P1 according to the proper threshold value, as shown in Fig. 6(c). Figures 6(d) and 6(e) show the incorrectly reconstructed intensity obtained from the reconstructed D1,OUT and the incorrectly decrypted plaintext P1 by the same threshold value when K1C0. Consecutively, the second and third plaintext-encryption procedures are accomplished by using the feedback of the first and second ciphertexts. Each feedback ciphertext for the next encryption procedure is designed to compute XOR logic operation of the four ciphertexts of Ci, expressed as Eq. (20). Figure 6(f) is the first feedback ciphertext of binary pattern C1, which is used in the second-stage plaintext encryption of P2. Figure 6(g) shows the correctly reconstructed intensity obtained from the reconstructed D2,OUT when K2 = C1, resulting in the correctly decrypted plaintext P2, as shown in Fig. 6(h). Figures 6(i) and 6(j) show the incorrectly reconstructed intensity obtained from D2,OUT and the incorrectly decrypted plaintext P2 when K2 = C0 (instead of the correct C1). Likewise, Fig. 6(k) is the second feedback ciphertext of binary pattern C2, which is used to encrypt the third-stage plaintext encryption of P3. Figures 6(l) and 6(m) show the correctly reconstructed intensity and the decrypted plaintext P3 obtained from D3,OUT when K3 = C2, and Figs 6(n) and 6(o) show the incorrectly reconstructed intensity and the incorrectly decrypted plaintext P3 obtained from D3,OUT when K3 = C1 (instead of the correct C2).

Figure 6.Results of reconstruction and decryption of the consecutive plaintexts Pi (I = 1, 2, 3 ): (a) initialization matrix value C0, (b) and (c) the correctly decrypted plaintext P1 when K1 = C0, (d) and (e) the incorrectly decrypted plaintext P1 when K1C0, (f) the 1st feedback ciphertext C1, (g) and (h) the correctly decrypted plaintext P2 when K2 = C1, (i) and (j) the incorrectly decrypted plaintext P2 when K2 = C0, (k) the 2nd feedback ciphertext C2, (l) and (m) the correctly decrypted plaintext P3 when K3 = C2, (n) and (o) the incorrectly decrypted plaintext P3 when K3 = C1.

To examine the reliability and sensitivity of the proposed method, the decryption error is analyzed. The mean squared error (MSE) between the decrypted plaintext and the original plaintext is calculated as

MSE= x,yP x,yd x,y2p×q×100%,

where P(x, y) denotes the original binary image, d(x, y) denotes the decrypted binary image, and p × q is the image size. At first, an encryption key K is used as the reference wave in the inner interferometer to generate ciphertext Oi. The more the encryption key deviates from the correct key, the more the decrypted image deviates from the original image. The dependence of MSE on the deviation from the correct encryption key K is shown in Fig. 7, where the encryption key is assumed to be a binary random distribution and statistical iteration is carried out 100 times for evaluation. Figure 7(a) shows the MSE for the decrypted image when the deviation is changed from 1 bit to 256 × 256 bits. From Fig. 7(a), the MSE for the encryption key deviation approaches about 40% when more than 14,400 bits (about 22% of the key data) deviate from the correct key. Figures 7(b)7(d) show the decrypted images with MSE = 1.1% in the case of 1% deviation error, MSE = 24.4% in the case of 10% deviation error, and MSE = 50.3% in the case of 100% deviation error respectively. Next, the previous ciphertext Ci-1 is used as the reference wave in the outer interferometer to generate ciphertext Ci. The change of bits in the previous ciphertext can cause incorrect decryption. 100 times iterations are also carried out for this MSE evaluation. Figure 8(a) shows that the MSE for the decrypted image increases more slowly than in case of the encryption-key deviation. Figures 8(b)8(d) show the decrypted images with MSE = 0.4% in the case of 1% deviation error, MSE = 10.1% in the case of 10% deviation error, and MSE = 47.7% in the case of 100% deviation error, respectively. From Figs. 7(a) and 8(a), the encryption key in the inner interferometry is more sensitive than the previous ciphertext in the outer interferometry for decryption. When the deviation error is 10% of the correct data, the MSE for the encryption key is about 2.5 times as great as that of the previous ciphertext. This high sensitivity means that it is difficult to attack the decryption system.

Figure 7.MSE depending on deviation from the correct encryption key K: (a) MSE graph when deviation is changed from 1 bit to 256 × 256 bits, (b) the decrypted image with MSE = 1.1% in the case of 1% deviation error, (c) the decrypted image with MSE = 24.4% in the case of 10% deviation error, and (d) the decrypted image with MSE = 50.3% in the case of 100% deviation error.
Figure 8.MSE depending on deviation from the correct previous ciphertext Ci-1: (a) MSE graph when deviation is changed from 1 bit to 256 × 256 bits, (b) the decrypted image with MSE = 0.4% in the case of 1% deviation error, (c) the decrypted image with MSE = 10.1% in the case of 10% deviation error, and (d) the decrypted image with MSE = 47.7% in the case of 100% deviation error.

To discuss the resistance against attacks in the aspect of security, it is assumed that the attacker has a priori knowledge of the proposed encryption process, even if it is impossible in practice. In this paper we observe that the proposed cryptosystem shows excellent resistance against possible attacks such as known-plaintext attack (KPA), chosen-plaintext attack (CPA), and chosen-ciphertext attack (CCA). According to plaintext and ciphertext attacks, the attacker can get many plaintexts (Pi) and ciphertexts (Oi and Ci) in the proposed CFB encryption scheme. Although the attacker can calculate the correct complex holograms Hi,IN and Hi,OUT by calculating Eqs. (13), from the intercepted ciphertexts Oi and Ci due to the known cryptography process, Di,IN of Eq. (17) should be known and successively the Fourier transform function Ti should be known to decrypt the plaintext information Mi of Eq. (18). Anyhow, Ti can be inferred from Eq. (17) calculating Ti = (Si IT)/H*i,IN. To find out Si = FT{si}, the attacker must know the function si(x,y) = Ci–1(x, y) ejθ1(x,y), which is represented by multiplication of the previous ciphertext Ci–1 and the random-phase mask exp[jθ1(x, y)]. This means that the attacker can discover Si only if the random-phase-mask function is known, even though the previous ciphertext Ci–1 is known. However, the attacker cannot deduce the random-phase-mask function, because only the transmitter can determine it. Furthermore, the feedback ciphertext for the next plaintext-encryption procedure is determined by XOR logic operation on the ciphertexts, as in Eq.(20) in the proposed CFB method. Even if all ciphertexts Ci are revealed to the attacker, it is difficult for the attacker to deduce the exact feedback ciphertext if they do not know the combination algorithm of the ciphertexts in the cryptosystem.

We propose a novel optical encryption scheme for CFB mode, capable of encrypting large two-dimensional (2D) page data compared to the conventional one-dimensional block data, which is carried out by two-step phase-shifting digital interferometry based on orthogonal polarization, using a quarter-wave plate in the reference beam. The encryption is performed in the Fourier domain to record interferograms on CCDs with 256 gray levels, which generates a noiselike random distribution in the ciphertext. In the proposed optical CFB scheme, a page of plaintext is encrypted into 2D ciphertexts by applying the dual interferometry to the previous ciphertext, while the conventional CFB method encrypts bits of block plaintext. Ciphertexts are transmitted over a digital information network and then decrypted by digital computation according to the given CFB algorithm. Sequential page encryption is possible in the cryptosystem with a different encryption key. The use of a random-phase mask in the encryption system protects against several types of attack, such as KPA, CPA and CCA, and then the proposed method provides higher security with many more degrees of freedom than the conventional method. Furthermore, the proposed method has an additional security advantage because the feedback ciphertext is determined by a specific XOR combination algorithm of ciphertexts known only by the transmitter, which is kept secret from attackers. Numerical simulations verify that the proposed optical CFB encryption scheme shows the feasibility of the highly secure CFB mode, due to its reliability against attacks.

This work was supported by Incheon National University (International Cooperative) Research Grant in 2018.

1. P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20, 767-769 (1995).
2. O. Matoba, T. Nomura, E. Pe'rez-Cabre', M. S. Milla'n and B. Javidi, “Optical techniques for information security,” Proc. IEEE 97, 1128-1148 (2009).
3. A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photonics 1, 589-636 (2009).
4. W. Chen, B. Javidi and X. Chen, “Advances in optical security systems,” Adv. Opt. Photonics 6, 120-155 (2014).
5. B. Javidi, A. Carnicer, M. Yamaguchi, T. Nomura, E. Pérez-Cabré, M. S. Millán, N. K. Nishchal, R. Torroba, J. F. Barrera, W. He, X. Peng, A. Stern, Y. Rivenson, A. Alfalou, C. Brosseau, C. Guo, J. T Sheridan, G. Situ, M. Naruse, T. Matsumoto, I. Juvells, E. Tajahuerce, J. Lancis, W. Chen, X. Chen, P. W. H. Pinkse, A. P. Mosk and A. Markman, “Roadmap on optical security,” J. Opt. 18, 083001 (2016).
6. B. Javidi and T. Nomura, “Securing information by use of digital holography,” Opt. Lett. 25, 28-30 (2000).
7. E. Tajahuerce, O. Matoba, S. C. Verrall and B. Javidi, “Optoelectronic information encryption with phase-shifting interferometry,” Appl. Opt. 39, 2313-2320 (2000).
8. L.-Z Cai, M.-Z He, Q. Liu and X.-L Yang, “Digital image encryption and watermarking by phase-shifting interferometry,” Appl. Opt. 43, 3078-3084 (2004).
9. C. Mela and C. Iemmi, “Optical encryption using phase-shifting interferometry in a joint transform correlator,” Opt. Lett. 31, 2562-2564 (2006).
10. X. F. Meng, L. Z. Cai, X. L. Yang, X. X. Shen, G. Y. Dong and Y. R. Wang, “Two-step phase-shifting interferometry and its application in image encryption,” Opt. Lett. 31, 1414-1416 (2006).
11. H. Li, “Image encryption based on gyrator transform and two-step phase-shifting interferometry,” Opt. Lasers Eng. 47, 45-50 (2009).
12. X. F. Meng, X. Peng, L. Z. Cai, A. M. Li, Z. Gao and Y. R. Wang, “Cryptosystem based on two-step phase-shifting interferometry and the RSA public-key encryption algorithm,” J. Opt. A: Pure Appl. Opt. 11, 085402 (2009).
13. S.-H. Jeon and S.-K. Gil, “2-step phase-shifting digital holographic optical encryption and error analysis,” J. Opt. Soc. Korea 15, 244-251 (2011).
14. D. Fan, X. Meng, Y. Wang, X. Yang, X. Peng, W. He, G. Dong and H. Chen, “Asymmetric cryptosystem and software design based on two-step phase-shifting interferometry and elliptic curve algorithm,” Opt. Commun. 309, 50-56 (2013).
15. B. Javidi and T. Nomura, “Polarization encoding for optical security systems,” Opt. Eng. 39, 2439-2443 (2000).
16. J. F. Barrera, R. Henao, M. Tebaldi, R. Torroba and N. Bolognini, “Multiplexing encrypted data by using polarized light,” Opt. Commun. 260, 109-112 (2006).
17. U. Gopinathan, T. J. Naughton and J. T. Sheridan, “Polarization encoding and multiplexing of two-dimensional signals: application to image encryption,” Appl. Opt. 45, 5693-5700 (2006).
18. N. Zhu, Y. Wang, J. Liu, J. Xie and H. Zhang, “Optical image encryption based on interference of polarized light,” Opt. Express 17, 13418-13424 (2009).
19. A. Alfalou1 and C. Brosseau, “Dual encryption scheme of images using polarized light,” Opt. Lett. 35, 2185-2187 (2010).
20. S. K. Gil, “2-step quadrature phase-shifting digital holographic optical encryption using orthogonal polarization and error analysis,” J. Opt. Soc. Korea 16, 354-364 (2012).
21. T. J. Naughton, B. M. Hennelly and T. Dowling, “Introducing secure modes of operation for optical encryption,” J. Opt. Soc. Am. A 25, 2608-2617 (2008).
22. S.-H. Jeon and S.-K. Gil, “Optical implementation of cipher block chaining mode algorithm using phase-shifting digital holography,” Opt. Eng. 55, 123112 (2016).

### Article

#### Research Paper

Curr. Opt. Photon. 2021; 5(2): 155-163

Published online April 25, 2021 https://doi.org/10.3807/COPP.2021.5.2.155

## Optical Encryption Scheme for Cipher Feedback Block Mode Using Two-step Phase-shifting Interferometry

Seok Hee Jeon1, Sang Keun Gil2

1Department of Electronic Engineering, Incheon National University, Incheon 22012, Korea
2Department of Electronic Engineering, The University of Suwon, Hwaseong, Suwon 18323, Korea

Correspondence to:skgil@suwon.ac.kr, ORCID 0000-0002-3828-0939

Received: December 31, 2020; Revised: March 2, 2021; Accepted: March 6, 2021

This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/4.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.

### Abstract

We propose a novel optical encryption scheme for cipher-feedback-block (CFB) mode, capable of encrypting two-dimensional (2D) page data with the use of two-step phase-shifting digital interferometry utilizing orthogonal polarization, in which the CFB algorithm is modified into an optical method to enhance security. The encryption is performed in the Fourier domain to record interferograms on charge-coupled devices (CCD)s with 256 quantized gray levels. A page of plaintext is encrypted into digital interferograms of ciphertexts, which are transmitted over a digital information network and then can be decrypted by digital computation according to the given CFB algorithm. The encryption key used in the decryption procedure and the plaintext are reconstructed by dual phase-shifting interferometry, providing high security in the cryptosystem. Also, each plaintext is sequentially encrypted using different encryption keys. The random-phase mask attached to the plaintext provides resistance against possible attacks. The feasibility and reliability of the proposed CFB method are verified and analyzed with numerical simulations.

Keywords: CFB mode, Digital holography, Optical encryption, Phase-shifting interferometry, Symmetric block encryption

### I. INTRODUCTION

Information security has increasingly become an important issue in many information societies. Compared to conventional electronic data-security methods, optical data security provides much freedom to encrypt data using the amplitude, phase, polarization, or wavelength of light. Since Refregier and Javidi firstly reported the optical encryption method of double random-phase encoding (DRPE) [1], lots of researchers have investigated optical encryption methods in information-security applications, because of their high-speed and parallel processing potential. In 2009, Matoba et al. reviewed various optical techniques in information security, encryption, and authentication [2], and Alfalou and Brosseau reviewed much work about optical image compression and encryption methods [3]. In 2014, Chen et al. presented a review of optical technologies for information-security systems, and analyzed the advantages and disadvantages of each optical security system [4]. Also, Javidi et al. presented an article about a roadmap for optical security, as an overview of the recent advances and challenges of optical encryption techniques using free-space optics [5]. Among these optical encryption methods, digital holography is a useful technique in which fully complex data may be recorded and reconstructed digitally to realize optical encryption [6]. A method for more efficient direct recording of holographic information is phase-shifting interferometry, which uses a charge-coupled device (CCD) to record the fully complex information. Some methods to use phase-shifting interferometry in an optical encryption system have been proposed [79]. Generally, as the number of phase-shift steps increases in phase-shifting interferometry, the reconstruction error in the acquisition of the fully complex information decreases. However, the multistep phase shift increases the amount of data being encrypted, so that much time might be required to transmit the secure information, and then the limitation of system errors is dominated by the resolution of the commercially available CCD. Especially, some researchers have proposed optical encryption systems using two-step phase-shifting interferometry [1014]. On the other hand, several optical encryption methods based on polarization have been considered for security [1520]. As to the DRPE method, Naughton et al. introduced the concept of secure modes for conventional block-encryption systems and applied these concepts to DRPE optical encryption [21]. Recently, we proposed the optical encryption method of cipher-block-chaining (CBC) mode, using phase-shifting digital interferometry based on orthogonal polarization [22].

In this paper, we propose an optical encryption scheme for cipher-feedback-block (CFB) mode by means of two-step phase-shifting interferometry and orthogonal polarization. Fourier-domain optical encryption is obtained by the interference of two waves in a phase-shifting interferometer of the Mach-Zehnder architecture. The interferometer consists of binary input data attached to a random-phase mask in the object beam, and a randomly distributed phase pattern with an encryption key in the reference beam, with the resulting interferograms being recorded on CCDs. The encryption key used in the decryption process is also achieved by phase-shifting interferometry. Ciphertexts of the digital interferograms are transmitted over an information network and can easily be decrypted by digital computation. In Section II the CFB mode is briefly reviewed and the proposed optical encryption method for the CFB algorithm is explained, and in Section III the feasibility of the proposed method is verified by the results of numerical simulations and security analysis. Conclusions are summarized in Section IV.

### II. CFB ENCRYPTION MODE AND THE PROPOSED METHOD

In the conventional cryptographic encryption of digital data, called a block, there are four standard modes: Electronic Codebook (ECB), CBC, CFB and Output Feedback (OFB) in the data-encryption standard (DES) protocol. Among these block-encryption modes, CFB mode introduces a feedback operation into the cryptographic process. In this mode, the previous ciphertext block is fed back and used to encrypt the subsequent plaintext block. Figure 1(a) shows the algorithm for CFB mode encryption, and the encryption procedure is described as follows:

Figure 1. Block diagrams for encryption. (a) Conventional CFB mode, (b) proposed CFB method.
$IV=C0,$

where IV denotes an initialization vector, Ci-1 denotes the previous ciphertext, Oi denotes the ith corresponding cipher by an encryption key K, Pi denotes the ith plaintext, Ci denotes the corresponding ith ciphertext, and n is the total number of plaintext blocks being encrypted. E(∙) represents an encryption operation and D(∙) represents the corresponding decryption operation. An initialization vector IV is used as the first ciphertext block C0, which need not be secret and should be sent to the receiver for decryption. However, this method is insufficient to maintain security strength because of the short length of the key, and is vulnerable to cryptoanalysis attacks.

Recently, electronic digital cryptographic algorithms have been analyzed by applying optical encryption techniques in which the ciphertext is no longer in digital information, but rather is in an analog random pattern, such as white noise. Inherently, an optical system carries out fast parallel processing with 2D array data, so it can have a very large key space, thereby enhancing security strength. In this paper, the concept of the CFB-mode algorithm is modified to propose an optical encryption scheme using phase-shifting interferometry. Figure 1(b) shows the proposed CFB method, and the encryption procedure is described as follows:

$IV=C0,$

where IV denotes an initialization p × q matrix, Ci–1 denotes the previous ciphertext, Oi denotes the corresponding interferograms by the ith encryption key Ki, Ci denotes the corresponding ith ciphertext of the interferogram, and n is the total number of plaintext pages being encrypted. E(∙) represents a digital holographic encryption operation, and D(∙) represents the corresponding holographic decryption operation. A page of plaintext is encrypted to ciphertexts by performing orthogonal-polarization-based two-step phase-shifting interferometry with the previous ciphertext. Interferograms Oi and Ci are transmitted to the receiver and used to reconstruct the plaintext Pi by the corresponding decryption process.

The optical architecture for two-step phase-shifting digital holography using orthogonal polarization [20] can also be used for the proposed CFB encryption method. Figure 2 schematically shows the proposed optical encryption architecture, which contains dual Mach-Zehnder interferometers. The collimated laser beam passes through a linear polarizer P1, the polarization direction of which is 45° with respect to the horizontal axis, and is divided by beam splitters into two linear-polarized plane waves traveling in different paths. When shutters S1 and S2 are open and S3 is closed, the inner interferometer is operated to encrypt a previous ciphertext Ci-1 by a holographic encryption key Ki, which is intended to be made from the same previous ciphertext Ci-1. A previous ciphertext to be encrypted is displayed on an amplitude-type spatial light modulator SLM1 multiplied by a random-phase mask RPM1 in the object-beam path, while a phase-type SLM2 displays the holographic encryption key in the reference-beam path. The object and reference wave functions in the inner interferometer are expressed as si(x,y) = Ci–1(x,y)ejθ1(x,y) and ti(x,y) = ejKi(x,y), where exp[jθ1(x, y)] is a random-phase-mask function. Note that an initialization-matrix value IV = C0(x, y) is used in the first-stage encryption procedure, where C0 is assumed to be a randomly generated 2D matrix pattern. The complex distributions of the object and reference waves in the spatial-frequency plane, expressed as Si(α, β) = FT{si(x, y)} and Ti(α, β) = FT{ti(x, y)}, where FT represents the Fourier transform, are interfered onto two CCD1 and CCD2 by use of the Fourier-transform lenses L1 and L2. If the fast axis of a λ/4 plate is set along the vertical axis, then no phase shift occurs on CCD1 where the polarization direction of output analyzer P2 is aligned along the s-polarization axis, and a phase shift of π/2 radians occurs on CCD2 where the polarization direction of output analyzer P3 is aligned along the p-polarization axis. This two-step phase-shifting interferometry gives two interference intensities as

Figure 2. Proposed optical architecture for CFB encryption: SF, spatial filter; CL, collimating lens; P, linear polarizer; BS, beam splitter; S, shutter; A, attenuator; M, mirror; L, lens; SLM, spatial light modulator; RPM, random-phase mask; CCD, charge-coupled device; PC, personal computer.

where ΔϕTS = ϕTϕS denotes the phase difference between reference and object waves. Controlling the shutters S1, S2, and S3, we can separately obtain the intensity distributions of the reference and object waves, IT = |Ti(α, β)|2 and IS = |Si(α, β)|2. These four intensity distributions (Ii,IN1, Ii,IN2, IT, and IS) implying the encryption key information are transmitted to the receiver as ciphertexts Oi of Eq. (6), to decrypt the previous ciphertext Ci-1.

The outer interferometer, with shutters S1 and S3 open and S2 closed, is operated to encrypt a plaintext by another holographic encryption key, which is also the same previous ciphertext. The object-beam path has an amplitude-type SLM3 multiplied by another random-phase mask RPM2, which displays a plaintext Pi to be encrypted. The object wave function in the outer interferometer is expressed as mi(x, y) = Pi(x, y)ejθ2(x,y), where exp[jθ2(x, y)] is another random-phase-mask function. Schematically, in the outer interferometer the reference-beam path is the same path as the object-beam path in the inner interferometer. Therefore, the object wave function si(x, y) = Ci–1(x, y)ejθ1(x,y) in the inner interferometer is now used as the reference wave function in the outer interferometer. The complex distributions of the object and reference waves are Fourier transformed onto CCD1 and CCD3 by lenses L1 and L3, expressed as Mi(α, β) = FT{mi(x, y)} and Si(α, β), respectively. Similarly, the two-step phase-shifting interferometry using orthogonal polarization gives two interference intensities as

where ΔϕMS = ϕMϕS denotes the phase difference between object and reference waves. Likewise, the intensity distributions of the object and reference waves, IM = |Mi(α, β)|2 and IS = |Si(α, β)|2, can be obtained by controlling the shutters S1, S2, and S3. These four intensity distributions (Ii,OUT1, Ii,OUT2, IM and IS) are transmitted to the receiver as ciphertexts Ci of Eq. (7), to decrypt the plaintext Pi.

In the proposed method, a plaintext is encrypted by phase-shifting interferometry such that we should know the complex hologram function generated from interferometry to decrypt the plaintext. If the complex hologram function in the outer interferometer is assumed to be Hi,OUT(α, β) = AMS ejϕMS, the phase ∆ϕMS and amplitude AMS can be calculated from the transmitted ciphertexts of Ci as

$ΔϕMS=ϕM−ϕS=tan−1 Ii,OUT 2α,β:π2−IM+IS Ii,OUT 1α,β:0−IM+IS,$ $AMS=MiSi=12 Ii,OUT 2α,β:π2 − IM +IS 2+ Ii,OUT 1α,β:0− IM +IS 2.$

To reconstruct the complex distribution Mi of the object wave from Hi,OUT = AMS ejϕMS, the complex distribution Si of the reference wave should be known. Note that it is possible to retrieve the complex distribution Si by applying the phase-shifting interferometry technique to the transmitted ciphertexts Oi only with knowledge of the complex distribution Ti(α, β) = FT{ejKi(x,y)}. Assuming the complex hologram function in the inner interferometer to be Hi,IN(α, β) = ATS ejϕTS the phase ∆ϕTS and amplitude ATS can be calculated as

$ΔϕTS=ϕT−ϕS=tan−1 Ii,IN 2α,β:π2−IT+IS Ii,IN 1α,β:0−IT+IS,$ $ATS=TiSi=12 Ii,IN 2α,β:π2 − IT +IS 2+ Ii,IN 1α,β:0− IT +IS 2.$

The complex distribution Mi can be reconstructed by processing these two complex holograms Hi,IN and Hi,OUT, by combining Eqs. (13) and (14) with Eqs. (15) and (16) in the following way, and consequently the original plaintext Pi(x, y) of Eq. (8) is decrypted by an inverse Fourier transformation:

$dix,y=IFTDi,OUT α,β=mix,y=Pix,y,$

where * denotes the complex conjugate and IFT{∙} denotes inverse Fourier transformation. Di,IN of Eq. (17) shows the reconstructed information of the previous ciphertext Ci–1, which is used as a decryption key to produce the plaintext Pi via Eqs. (18) and (19).

To obtain the feedback ciphertext Ci–1 for the next plaintext-encryption process, a threshold function for the ciphertext is utilized in the proposed method. A simple technique is to use only one ciphertext of Ci (Ii,OUT1, Ii,OUT2, IM and IS), such as Ci–1(x, y) = TH{Ii,OUT1} or TH{Ii,OUT2} or TH{IM} or TH{IS}, where TH{∙} is a threshold function, to generate binary data by taking a proper threshold value. The second considered method to make the feedback ciphertext is to use four ciphertexts of Ci for XOR logic operation. A more complicated way is to use the combination of all eight produced ciphertexts Oi and Ci, including the previous ciphertext Ci–1, for XOR logic operation such as Ci–1(x, y) = Ci–1TH{Oi}⊕TH{Ci}. The specific XOR combination algorithm of ciphertexts, adapted to the designed encryption system, could be determined only by the transmitter, which is kept secret from attackers. In this paper, each feedback ciphertext for the next ith encryption procedure is assumed to be determined by Eq. (20), to resist attacks, the details of which will be described in the following section to discuss cryptanalysis:

$Ci−1x,y=THIi,OUT1⊕THIi,OUT2⊕THIM⊕THIT.$

Flowcharts of the encryption and decryption procedures are shown in Fig. 3, where EXP denotes an exponential function to generate the phase distribution, FT and IFT represent the Fourier transform and inverse Fourier transform, Σ denotes a function to perform phase-shifting interferometry, TH denotes a threshold function to generate binary data using a proper threshold value, DH denotes a function to calculate a complex hologram, and ABS denotes the absolute-value function.

Figure 3. Flowcharts for the proposed scheme. (a) Encryption and (b) decryption.

### III. NUMERICAL SIMULATIONS AND SECURITY ANALYSIS

To verify the feasibility of the proposed optical encryption scheme for CFB mode shown in Figs. 1(b) and 2, numerical simulations are carried out using Mathlab. 256 × 256-pixel binary images are used for simulation; the size of the data depends on the display capability of the SLM. For visual convenience, binary images are used as input plaintexts. Figures 4(a)4(c) show the consecutive plaintexts of binary images to be encrypted in CFB mode. Figure 5 shows intensity distributions of ciphertexts for encrypting the 1st plaintext P1, shown in Fig. 4(a), which are assumed to be recorded on CCDs with 256 gray levels. Figure 5(a) includes intensity distributions of O1 that consist of two interferograms and two DC-term intensities. Two interferograms I1,IN1 and I1,IN2 are obtained by performing two-step phase-shifting interferometry in the inner interferometer, where the phase shift is 0 or π/2 respectively. In addition, the two DC-term intensities IT and IS are Fourier-transform patterns of only the reference wave or the object wave respectively. These four intensities of O1 are transmitted to the receiver for retrieval of the previous ciphertext C0. Similarly, Fig. 5(b) depicts intensity distributions of C1. Two interferograms I1,OUT1 and I1,OUT2 are obtained by performing two-step phase-shifting interferometry in the outer interferometer. The two DC-term intensities IM and IS are Fourier-transform patterns of only the object wave or the reference wave respectively. As shown in Figs. 5(a) and 5(b), the intensity distribution of IS in the inner interferometer is the same as that for the outer interferometer, because the object wave in the inner interferometer is used as the reference wave in the outer interferometer. These four intensities C1 are transmitted to the receiver for decryption of the plaintext P1. From the point view of cryptography, the transmitted ciphertexts have a noiselike random intensity pattern, so that an attacker cannot acquire the original image easily.

Figure 4. Binary images to be encrypted. (a) The 1st plaintext P1, (b) the 2nd plaintext P2, and (c) the 3rd plaintext P3.
Figure 5. Intensity distributions of the ciphertexts derived from the 1st plaintext P1: (a) O1 (I1,IN1, I1,IN2, IT, IS) acquired from the inner interferometer, and (b) C1 (I1,OUT1, I1,OUT2, IM, IS) is acquired from the outer interferometer.

Figure 6 shows the results of reconstruction and decryption of the consecutive plaintexts Pi (i = 1, 2, 3 ). Figure 6(a) shows a randomly generated binary matrix as the initialization value C0, which is used to encrypt the first-stage encryption key K1. In this paper, K1 is designed to have the same initialization value of C0, for convenience. Figure 6(b) shows the reconstructed intensity obtained from the reconstructed information D1,OUT of Eq. (18) when K1 = C0, resulting in the correctly decrypted plaintext P1 according to the proper threshold value, as shown in Fig. 6(c). Figures 6(d) and 6(e) show the incorrectly reconstructed intensity obtained from the reconstructed D1,OUT and the incorrectly decrypted plaintext P1 by the same threshold value when K1C0. Consecutively, the second and third plaintext-encryption procedures are accomplished by using the feedback of the first and second ciphertexts. Each feedback ciphertext for the next encryption procedure is designed to compute XOR logic operation of the four ciphertexts of Ci, expressed as Eq. (20). Figure 6(f) is the first feedback ciphertext of binary pattern C1, which is used in the second-stage plaintext encryption of P2. Figure 6(g) shows the correctly reconstructed intensity obtained from the reconstructed D2,OUT when K2 = C1, resulting in the correctly decrypted plaintext P2, as shown in Fig. 6(h). Figures 6(i) and 6(j) show the incorrectly reconstructed intensity obtained from D2,OUT and the incorrectly decrypted plaintext P2 when K2 = C0 (instead of the correct C1). Likewise, Fig. 6(k) is the second feedback ciphertext of binary pattern C2, which is used to encrypt the third-stage plaintext encryption of P3. Figures 6(l) and 6(m) show the correctly reconstructed intensity and the decrypted plaintext P3 obtained from D3,OUT when K3 = C2, and Figs 6(n) and 6(o) show the incorrectly reconstructed intensity and the incorrectly decrypted plaintext P3 obtained from D3,OUT when K3 = C1 (instead of the correct C2).

Figure 6. Results of reconstruction and decryption of the consecutive plaintexts Pi (I = 1, 2, 3 ): (a) initialization matrix value C0, (b) and (c) the correctly decrypted plaintext P1 when K1 = C0, (d) and (e) the incorrectly decrypted plaintext P1 when K1C0, (f) the 1st feedback ciphertext C1, (g) and (h) the correctly decrypted plaintext P2 when K2 = C1, (i) and (j) the incorrectly decrypted plaintext P2 when K2 = C0, (k) the 2nd feedback ciphertext C2, (l) and (m) the correctly decrypted plaintext P3 when K3 = C2, (n) and (o) the incorrectly decrypted plaintext P3 when K3 = C1.

To examine the reliability and sensitivity of the proposed method, the decryption error is analyzed. The mean squared error (MSE) between the decrypted plaintext and the original plaintext is calculated as

$MSE=∑ x,yP x,y−d x,y2p×q×100%,$

where P(x, y) denotes the original binary image, d(x, y) denotes the decrypted binary image, and p × q is the image size. At first, an encryption key K is used as the reference wave in the inner interferometer to generate ciphertext Oi. The more the encryption key deviates from the correct key, the more the decrypted image deviates from the original image. The dependence of MSE on the deviation from the correct encryption key K is shown in Fig. 7, where the encryption key is assumed to be a binary random distribution and statistical iteration is carried out 100 times for evaluation. Figure 7(a) shows the MSE for the decrypted image when the deviation is changed from 1 bit to 256 × 256 bits. From Fig. 7(a), the MSE for the encryption key deviation approaches about 40% when more than 14,400 bits (about 22% of the key data) deviate from the correct key. Figures 7(b)7(d) show the decrypted images with MSE = 1.1% in the case of 1% deviation error, MSE = 24.4% in the case of 10% deviation error, and MSE = 50.3% in the case of 100% deviation error respectively. Next, the previous ciphertext Ci-1 is used as the reference wave in the outer interferometer to generate ciphertext Ci. The change of bits in the previous ciphertext can cause incorrect decryption. 100 times iterations are also carried out for this MSE evaluation. Figure 8(a) shows that the MSE for the decrypted image increases more slowly than in case of the encryption-key deviation. Figures 8(b)8(d) show the decrypted images with MSE = 0.4% in the case of 1% deviation error, MSE = 10.1% in the case of 10% deviation error, and MSE = 47.7% in the case of 100% deviation error, respectively. From Figs. 7(a) and 8(a), the encryption key in the inner interferometry is more sensitive than the previous ciphertext in the outer interferometry for decryption. When the deviation error is 10% of the correct data, the MSE for the encryption key is about 2.5 times as great as that of the previous ciphertext. This high sensitivity means that it is difficult to attack the decryption system.

Figure 7. MSE depending on deviation from the correct encryption key K: (a) MSE graph when deviation is changed from 1 bit to 256 × 256 bits, (b) the decrypted image with MSE = 1.1% in the case of 1% deviation error, (c) the decrypted image with MSE = 24.4% in the case of 10% deviation error, and (d) the decrypted image with MSE = 50.3% in the case of 100% deviation error.
Figure 8. MSE depending on deviation from the correct previous ciphertext Ci-1: (a) MSE graph when deviation is changed from 1 bit to 256 × 256 bits, (b) the decrypted image with MSE = 0.4% in the case of 1% deviation error, (c) the decrypted image with MSE = 10.1% in the case of 10% deviation error, and (d) the decrypted image with MSE = 47.7% in the case of 100% deviation error.

To discuss the resistance against attacks in the aspect of security, it is assumed that the attacker has a priori knowledge of the proposed encryption process, even if it is impossible in practice. In this paper we observe that the proposed cryptosystem shows excellent resistance against possible attacks such as known-plaintext attack (KPA), chosen-plaintext attack (CPA), and chosen-ciphertext attack (CCA). According to plaintext and ciphertext attacks, the attacker can get many plaintexts (Pi) and ciphertexts (Oi and Ci) in the proposed CFB encryption scheme. Although the attacker can calculate the correct complex holograms Hi,IN and Hi,OUT by calculating Eqs. (13), from the intercepted ciphertexts Oi and Ci due to the known cryptography process, Di,IN of Eq. (17) should be known and successively the Fourier transform function Ti should be known to decrypt the plaintext information Mi of Eq. (18). Anyhow, Ti can be inferred from Eq. (17) calculating Ti = (Si IT)/H*i,IN. To find out Si = FT{si}, the attacker must know the function si(x,y) = Ci–1(x, y) ejθ1(x,y), which is represented by multiplication of the previous ciphertext Ci–1 and the random-phase mask exp[jθ1(x, y)]. This means that the attacker can discover Si only if the random-phase-mask function is known, even though the previous ciphertext Ci–1 is known. However, the attacker cannot deduce the random-phase-mask function, because only the transmitter can determine it. Furthermore, the feedback ciphertext for the next plaintext-encryption procedure is determined by XOR logic operation on the ciphertexts, as in Eq.(20) in the proposed CFB method. Even if all ciphertexts Ci are revealed to the attacker, it is difficult for the attacker to deduce the exact feedback ciphertext if they do not know the combination algorithm of the ciphertexts in the cryptosystem.

### IV. CONCLUSIONS

We propose a novel optical encryption scheme for CFB mode, capable of encrypting large two-dimensional (2D) page data compared to the conventional one-dimensional block data, which is carried out by two-step phase-shifting digital interferometry based on orthogonal polarization, using a quarter-wave plate in the reference beam. The encryption is performed in the Fourier domain to record interferograms on CCDs with 256 gray levels, which generates a noiselike random distribution in the ciphertext. In the proposed optical CFB scheme, a page of plaintext is encrypted into 2D ciphertexts by applying the dual interferometry to the previous ciphertext, while the conventional CFB method encrypts bits of block plaintext. Ciphertexts are transmitted over a digital information network and then decrypted by digital computation according to the given CFB algorithm. Sequential page encryption is possible in the cryptosystem with a different encryption key. The use of a random-phase mask in the encryption system protects against several types of attack, such as KPA, CPA and CCA, and then the proposed method provides higher security with many more degrees of freedom than the conventional method. Furthermore, the proposed method has an additional security advantage because the feedback ciphertext is determined by a specific XOR combination algorithm of ciphertexts known only by the transmitter, which is kept secret from attackers. Numerical simulations verify that the proposed optical CFB encryption scheme shows the feasibility of the highly secure CFB mode, due to its reliability against attacks.

### ACKNOWLEDGMENT

This work was supported by Incheon National University (International Cooperative) Research Grant in 2018.

### Fig 1.

Figure 1.Block diagrams for encryption. (a) Conventional CFB mode, (b) proposed CFB method.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 2.

Figure 2.Proposed optical architecture for CFB encryption: SF, spatial filter; CL, collimating lens; P, linear polarizer; BS, beam splitter; S, shutter; A, attenuator; M, mirror; L, lens; SLM, spatial light modulator; RPM, random-phase mask; CCD, charge-coupled device; PC, personal computer.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 3.

Figure 3.Flowcharts for the proposed scheme. (a) Encryption and (b) decryption.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 4.

Figure 4.Binary images to be encrypted. (a) The 1st plaintext P1, (b) the 2nd plaintext P2, and (c) the 3rd plaintext P3.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 5.

Figure 5.Intensity distributions of the ciphertexts derived from the 1st plaintext P1: (a) O1 (I1,IN1, I1,IN2, IT, IS) acquired from the inner interferometer, and (b) C1 (I1,OUT1, I1,OUT2, IM, IS) is acquired from the outer interferometer.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 6.

Figure 6.Results of reconstruction and decryption of the consecutive plaintexts Pi (I = 1, 2, 3 ): (a) initialization matrix value C0, (b) and (c) the correctly decrypted plaintext P1 when K1 = C0, (d) and (e) the incorrectly decrypted plaintext P1 when K1C0, (f) the 1st feedback ciphertext C1, (g) and (h) the correctly decrypted plaintext P2 when K2 = C1, (i) and (j) the incorrectly decrypted plaintext P2 when K2 = C0, (k) the 2nd feedback ciphertext C2, (l) and (m) the correctly decrypted plaintext P3 when K3 = C2, (n) and (o) the incorrectly decrypted plaintext P3 when K3 = C1.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 7.

Figure 7.MSE depending on deviation from the correct encryption key K: (a) MSE graph when deviation is changed from 1 bit to 256 × 256 bits, (b) the decrypted image with MSE = 1.1% in the case of 1% deviation error, (c) the decrypted image with MSE = 24.4% in the case of 10% deviation error, and (d) the decrypted image with MSE = 50.3% in the case of 100% deviation error.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### Fig 8.

Figure 8.MSE depending on deviation from the correct previous ciphertext Ci-1: (a) MSE graph when deviation is changed from 1 bit to 256 × 256 bits, (b) the decrypted image with MSE = 0.4% in the case of 1% deviation error, (c) the decrypted image with MSE = 10.1% in the case of 10% deviation error, and (d) the decrypted image with MSE = 47.7% in the case of 100% deviation error.
Current Optics and Photonics 2021; 5: 155-163https://doi.org/10.3807/COPP.2021.5.2.155

### References

1. P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20, 767-769 (1995).
2. O. Matoba, T. Nomura, E. Pe'rez-Cabre', M. S. Milla'n and B. Javidi, “Optical techniques for information security,” Proc. IEEE 97, 1128-1148 (2009).
3. A. Alfalou and C. Brosseau, “Optical image compression and encryption methods,” Adv. Opt. Photonics 1, 589-636 (2009).
4. W. Chen, B. Javidi and X. Chen, “Advances in optical security systems,” Adv. Opt. Photonics 6, 120-155 (2014).
5. B. Javidi, A. Carnicer, M. Yamaguchi, T. Nomura, E. Pérez-Cabré, M. S. Millán, N. K. Nishchal, R. Torroba, J. F. Barrera, W. He, X. Peng, A. Stern, Y. Rivenson, A. Alfalou, C. Brosseau, C. Guo, J. T Sheridan, G. Situ, M. Naruse, T. Matsumoto, I. Juvells, E. Tajahuerce, J. Lancis, W. Chen, X. Chen, P. W. H. Pinkse, A. P. Mosk and A. Markman, “Roadmap on optical security,” J. Opt. 18, 083001 (2016).
6. B. Javidi and T. Nomura, “Securing information by use of digital holography,” Opt. Lett. 25, 28-30 (2000).
7. E. Tajahuerce, O. Matoba, S. C. Verrall and B. Javidi, “Optoelectronic information encryption with phase-shifting interferometry,” Appl. Opt. 39, 2313-2320 (2000).
8. L.-Z Cai, M.-Z He, Q. Liu and X.-L Yang, “Digital image encryption and watermarking by phase-shifting interferometry,” Appl. Opt. 43, 3078-3084 (2004).
9. C. Mela and C. Iemmi, “Optical encryption using phase-shifting interferometry in a joint transform correlator,” Opt. Lett. 31, 2562-2564 (2006).
10. X. F. Meng, L. Z. Cai, X. L. Yang, X. X. Shen, G. Y. Dong and Y. R. Wang, “Two-step phase-shifting interferometry and its application in image encryption,” Opt. Lett. 31, 1414-1416 (2006).
11. H. Li, “Image encryption based on gyrator transform and two-step phase-shifting interferometry,” Opt. Lasers Eng. 47, 45-50 (2009).
12. X. F. Meng, X. Peng, L. Z. Cai, A. M. Li, Z. Gao and Y. R. Wang, “Cryptosystem based on two-step phase-shifting interferometry and the RSA public-key encryption algorithm,” J. Opt. A: Pure Appl. Opt. 11, 085402 (2009).
13. S.-H. Jeon and S.-K. Gil, “2-step phase-shifting digital holographic optical encryption and error analysis,” J. Opt. Soc. Korea 15, 244-251 (2011).
14. D. Fan, X. Meng, Y. Wang, X. Yang, X. Peng, W. He, G. Dong and H. Chen, “Asymmetric cryptosystem and software design based on two-step phase-shifting interferometry and elliptic curve algorithm,” Opt. Commun. 309, 50-56 (2013).
15. B. Javidi and T. Nomura, “Polarization encoding for optical security systems,” Opt. Eng. 39, 2439-2443 (2000).
16. J. F. Barrera, R. Henao, M. Tebaldi, R. Torroba and N. Bolognini, “Multiplexing encrypted data by using polarized light,” Opt. Commun. 260, 109-112 (2006).
17. U. Gopinathan, T. J. Naughton and J. T. Sheridan, “Polarization encoding and multiplexing of two-dimensional signals: application to image encryption,” Appl. Opt. 45, 5693-5700 (2006).
18. N. Zhu, Y. Wang, J. Liu, J. Xie and H. Zhang, “Optical image encryption based on interference of polarized light,” Opt. Express 17, 13418-13424 (2009).
19. A. Alfalou1 and C. Brosseau, “Dual encryption scheme of images using polarized light,” Opt. Lett. 35, 2185-2187 (2010).
20. S. K. Gil, “2-step quadrature phase-shifting digital holographic optical encryption using orthogonal polarization and error analysis,” J. Opt. Soc. Korea 16, 354-364 (2012).
21. T. J. Naughton, B. M. Hennelly and T. Dowling, “Introducing secure modes of operation for optical encryption,” J. Opt. Soc. Am. A 25, 2608-2617 (2008).
22. S.-H. Jeon and S.-K. Gil, “Optical implementation of cipher block chaining mode algorithm using phase-shifting digital holography,” Opt. Eng. 55, 123112 (2016).

Wonshik Choi,
Editor-in-chief