Optical information security technology has the characteristics of high dimension, high parallel processing speed, and fast realization of convolution and correlation operations [1–3]. Therefore, in the field of information security, the advantages of optical information security technology are becoming increasingly noticeable. In an optical encryption system, light wave transmission is accompanied by diffraction, which can provide parameters such as wavelength, amplitude, phase, polarization state, and spatial frequency. The system can use these parameters and diffraction distance as the encryption key of the system to achieve the purpose of information encryption by diffraction transformation [4–7].

As common methods of optical image encryption, double random phase coding, chaotic system, and computational ghost imaging have always been the research hotspots in the field of information security. One typical optical image encryption technology [8–11], double random phase coding, solves the selective plaintext attack to a certain extent and increases the security of the system. Chaotic signals are widely used in the field of information security because of their long-term unpredictability, initial value sensitivity, and randomness [12–18]. Information security technology based on the computational ghost imaging method has developed rapidly [19–21]. For example, to obtain greater security and robustness, someone proposes a computational ghost imaging encryption technology based on a QR code. In order to improve the storage and transmission efficiency of data and increase the security of the system, a computational ghost imaging encryption technology based on maze phase modulation and compressed sensing is proposed. As an important branch of optical encryption, multi-image optical encryption technology not only improves the encryption but also reduces the ciphertext transmission. Li et al. [22] proposed a multi-image encryption method based on computational ghost imaging and coordinate sampling, which combined the improved logistic mapping and coordinate sampling with computational ghost imaging to reduce the transmission of ciphertext; Meng et al. [23] proposed a multi-image encryption method based on computational ghost imaging and lifting wavelet transform combined with XOR operation, which improved the security of the encryption system; Wu et al. [24] superimposed the measured vector intensities of different diffraction distances using position multiplexing and combined with ghost imaging to improve image transmission efficiency; Zhang et al. [25] combined phase recovery with computational ghost imaging and proposed a multi-image holographic encryption technology based on a phase recovery algorithm and ghost imaging; Sui et al. [26] proposed an optical multi-image authentication method based on intensity equation transmission, and realized optical multi-image authentication by using intensity equation transmission technology. At present, these multi-image encryption methods have increased the number of encrypted images, but also increased the complexity of the system. At the same time, with the growth of encryption capacity, the time and complexity of data processing have also increased. Moreover, due to the limitations of single technology encryption methods, most of these multi-image encryption methods are based on a combination of multiple technical means [27, 28].

In this paper, a multi-image encryption method based on modified Gerchberg–Saxton algorithm (MGSA) and computational ghost imaging is proposed. In this encryption system, ciphertext transmission is reduced, and the security of the system is guaranteed. First, “one code, one key,” is realized by the distance multiplexing of Fresnel diffraction; Second, the method of phase superposition and normalization is used to reduce the transmission of ciphertext; Finally, the security of the whole encryption system is further enhanced by the computational ghost imaging algorithm. In this paper, simulation experiments are carried out to verify feasibility, security, and robustness. The experimental results show that the proposed encryption system not only has high security and encryption capacity, but can also resist attacks such as noise and cropping. More importantly, each image has a primary public key and an auxiliary private key. The potential risk of sharing a public key is eliminated.

2.1. Gerchberg-Saxton Algorithm

The Gerchberg-Saxton algorithm (G-S algorithm) is a method to recover image phase information by using known light field intensity. The core idea of G-S algorithm encryption is that through repeated iterations and Fourier transformation of the image in the frequency and space domains, the phase distribution of an image to be recovered in the spatial domain can be maximized after a certain number of iterations [29]. A classical flow chart is shown in Fig. 1.

Figure 1. Gerchberg-Saxton algorithm flow.

In Fig. 1, |f (x, y)| is the spatial domain amplitude, |F(u, v)| is the frequency domain amplitude, exp[iφ(x, y)] and exp[iφ(u, v)] are the phase information in the spatial domain and frequency domain, respectively, and their initial values are uniformly distributed random values generated by random functions. Where (x, y) is the space domain coordinate, and (u, v) is the Fourier transform coordinate domain. The main purpose of the G-S algorithm is to recover the phase information of the image by using the obtained amplitude in the spatial domain and frequency domain to obtain the whole complex amplitude distribution. The main process is as follows:

(1) Select a random phase φ(x, y) value distributed in the space [0, 2π] domain, modulate the amplitude in the space domain by the phase, and then obtain the product by Fourier transform.

(2) The amplitude part of F(u, v) is updated by amplitude |F(u, v)| constraint in the frequency domain, and a new complex function distribution F′(u, v) is obtained.

(3) Inverse Fourier transform is performed on the calculation results F′(u, v).

(4) The amplitude of the results calculated in the previous step is updated with the spatial amplitude |f (x, y)| constraint to obtain a new complex distribution, and Fourier transform is carried out to start the next iteration process. In the iterative process, a certain threshold of the correlation coefficient between the input functions and output functions is usually used as the convergence criterion of iteration.

Using the G-S algorithm to encrypt the image is also very simple. Let the amplitude value in the spatial domain be 1 and the distribution function F(x, y) of the image to be encrypted be the amplitude constraint in the frequency domain. By performing the reciprocating iterative calculation process of the G-S algorithm in this condition, the image F(x, y) can be encoded into a ciphertext image φ(x, y) with pure phase distribution. The decryption of the algorithm only needs to do the inverse Fourier transform of the ciphertext image φ(x, y) and intercept its amplitude.

2.2. Principle of Computational Ghost Imaging

The principle of computational ghost imaging encryption is shown in Fig. 2. In the first place in the spatial light modulator input N random distribution in the space phase mask δ_i(x, y), the phase mask modulates the incident light, and Fresnel diffraction with distance Z occurs from the plane where the spatial light modulator is located to the plane where the target is located, and then the light intensity distribution on the object plane is calculated using Fresnel diffraction [30, 31]. Its expression is shown in Eq. (1):

Figure 2. Schematic diagram of computational ghost image encryption system.

(1)$$I_i(x,y)={\left|FrTz\left\{\exp \left[j2\pi {\delta }_i(x,y)\right]\right\}\right|}^2$$

where FrT{•}, δ_i(x, y), i, z represents Fresnel diffraction transformation, pixel distribution of each phase mask, and its value is randomly distributed in [0, 2π], the i-th measurement using the i-th phase mask, the diffraction distance, and the amplitude of the plane wave is defined as unit 1.

In the imaging process, only one bucket detector (BD) is required to obtain ciphertext B_i, as shown in Eq. (2):

(2)$$B_i={\displaystyle \iint T(x,y)I_i(x,y)dxdy}$$

where T(x, y) is the image to be encrypted. In the encryption process, a two-dimensional image T(x, y) with the size n × n is transformed into a one-dimensional column vector (n² × 1). From Eq. 1, it can be obtained that the light intensity distribution function of the m-th order is I_m(x_p, y_q), where m = 1, 2, ..., N; p, q = 1, 2, ..., n. The matrix expression of the light intensity distribution function is shown in Eq. (3):

(3)$$I_m=\left[\begin{array}{l}{I}_{1,1}^m\cdots I_{1,1}^m\\ ⋮\ddots ⋮\\ I_{n,1}^m\cdots I_{n,n}^m\end{array}\right]$$

where $I_{nn}^m$ is the nth row, the nth column of the m-th measurement matrix. The size of the light intensity distribution matrix is n × n, and the matrix is stretched into a one-dimensional row vector, whose size is (1 × n²), as shown in Eq. (4):

(4)$$I_m=[I_{1,1}^m{I}_{1,2}^m\cdots I_{1,n}^m{I}_{2,1}^m{I}_{2,2}^m\cdots I_{n,n-1}^m{I}_{n,n}^m]$$

After n measurements, a measurement matrix of size N × n² is obtained. The image information is encrypted into an N-dimensional vector {B_i}. The specific encryption process is shown in Eq. (5):

(5)$$\left[\begin{array}{c}{B}_1\\ \begin{array}{c}{B}_2\\ \begin{array}{c}⋮\\ B_n\end{array}\end{array}\end{array}\right]=\left[\begin{array}{cccc}\begin{array}{cc}\begin{array}{c}{I}_{1,1}^1\\ I_{1,1}^2\\ ⋮\\ I_{1,1}^N\end{array}& \begin{array}{c}\cdots \\ \cdots \\ \ddots \\ \cdots \end{array}\end{array}& \begin{array}{c}{I}_{1,n}^1\\ I_{1,n}^2\\ ⋮\\ I_{1,n}^N\end{array}& \begin{array}{c}\cdots \\ \cdots \\ \ddots \\ \cdots \end{array}& \begin{array}{c}{I}_{n,n}^1\\ I_{n,n}^2\\ ⋮\\ I_{n,n}^N\end{array}\end{array}\right]\left[\begin{array}{c}\begin{array}{c}{T}_{1,1}\\ ⋮\end{array}\\ T_{1,n}\\ ⋮\\ T_{n,n}\end{array}\right]$$

Therefore, the phase mask key and distance parameter Z are used to successfully encode the image T to be encrypted into a series of optical intensity ciphertext data B_i. In the process of decryption, the secret image information can be solved by joint calculation of the light intensity distribution function I(x, y) and the detected light intensity distribution data B_i, which can be expressed as Eq. (6):

(6)$$G(x,y)=\langle B_i{I}_i(x,y)\rangle -\langle B_i\rangle \langle I_i(x,y)\rangle$$

where <•> is the average operation.

In the process of multi-image encryption based on MGSA and computational ghost imaging, the computational ghost imaging algorithm is combined with the MGSA algorithm. First, the image is transformed into pure phase information through MGSA to realize one code, one key; Second, different phase functions are superimposed and normalized to reduce ciphertext transmission. Finally, the ciphertext is encrypted twice, which improves the security of the whole encryption system and solves the problem of the large amount of data in the process of multi-image encryption.

3.1. Encryption Process

In this system with a clear image for the amplitude of Fresnel transform to generate the function |F′(u, v)| as an objective function distribution of iterative approximation, and to encrypt the original image as the initial value of iterative calculation, phase exp[iφ(x, y)] is generated in the process of iterative encryption as the decryption private key, and the algorithm is based on the Fresnel transform domain G-S algorithm. Therefore, the Fresnel transform parameter z₁, z₂, ..., z_N can be used as the additional key of the encryption scheme. At the same time, a random illumination speckle is used as the last key when the combined phase function is encrypted. A principle diagram of a multi-image encryption system based on MGSA and computational ghost imaging is shown in Fig. 3, and the specific encryption process is as follows (using four images as an example):

Figure 3. Multi-image encryption process.

The multi-image encryption process based on MGSA and the computational ghost imaging algorithm is shown in Fig. 3. The main steps are as follows:

Step 1: For each secret image, arbitrarily given an initial random phase function exp[iφ(x, y)], where φ ∈ [0, 2π], the known amplitude function |f (x, y)| (let the amplitude value in the spatial domain be 1) is constituted into a new function as input, and the expression is as follows: f (x, y) = |f (x, y)|exp[iφ(x, y)]. Then, perform the Fresnel transformation of the input function with a distance of z1 to obtain F(u, v), where (u, v) is the frequency domain coordinate and (x, y) are the spatial coordinates, and the distance of Fresnel transformation here is set by the user and can be used as a key. The phase of F(u, v) is combined with the expected amplitude |F′(u, v)| on the output plane to form a new complex function, which is expressed as F′(x, y) = |F′(x, y)|exp(iφ). Then, take the inverse Fresnel transform of F′(u, v) and get the wave function f ′(u, v) = |f ′(u, v)|exp(iφ). The phase of f ′(u, v) is multiplied by the preset output amplitude to form a new complex amplitude function again, thus forming the input function required for the next iteration. Repeat the above steps of iteration. With the accumulation of iteration times, the output image gradually converges to the desired image, and the stop of iteration is controlled by setting a threshold in advance.

Step 2: Perform the MGSA operation mentioned above on N images (Fresnel transform distance is z1, z2, ..., zN respectively), and then sum and normalize the phase functions of N images to obtain the combined phase functions.

Step 3: Use the normalized ciphertext ${\psi }_{gn}^z$(x₁, y₁) as the plaintext image encrypted by computational ghost imaging and perform correlation calculation to obtain a series of bucket detector values as the final ciphertext {D_k} to complete the second encryption. The encryptor transmits the ciphertext and the key to the receiver through the public channel and the private channel, respectively, which completes the whole process of encryption.

3.2. Decryption Process

The specific decryption process is as follows in Fig. 4:

Figure 4. Multi-image decryption process.

Step 1: According to Eq. 6, the decoder needs to perform an associative calculation on ciphertext {D_k} to reconstruct the combined phase function ${\psi }_{gn}^z$(x1, y1) after phase superposition, as shown in Eq. (7):

(7)$${\psi }_{{\widehat{g}}_n}^z=\langle D_k{I}_k\left(x,y\right)\rangle -\langle D_k\rangle \langle I_k\left(x,y\right)\rangle$$

Step 2: Take the inverse Fresnel transform of the reconstructed combined phase function, whose distance is z1, z2, ..., zN respectively, and intercept its amplitude part to obtain a single secret image.

3.3. Quality Evaluation Indicators

3.3.1. Correlation Coefficient

The correlation coefficient, often abbreviated as CC, is a standard used to quantitatively measure the similarity between two images. CC is calculated by randomly selecting 10,000 pairs of adjacent pixels (horizontal, vertical, or diagonal) from the input image and the encrypted image. Then, calculate the CC of each pair of relationships using Eq. (8):

(8)$$CC=\frac{\mathrm{cov}\left(x,y\right)}{\sigma \left(x\right)\sigma \left(y\right)}$$

where σ(x) ≠ 0, σ(y) ≠ 0, and represent the standard deviation of the reconstructed image of the original image x and y, respectively, ρ_x and ρ_y are the gray values of two pixels; n is the number of (x_i, y_j), and ^ρx, ^ρy are the average values of x_i and y_i, respectively. x and y represent pixel values of the original image and reconstructed image, respectively; cov(x, y) is the covariance of two corresponding pixels in the original image and the reconstructed image; And D(x) is the variance. CC is used as the evaluation standard for distribution on [0,1]. The closer the coefficient is to 1, the better the reconstruction is.

3.3.2. Peak Signal-to-noise Ratio

Peak signal-to-noise ratio (PSNR) is the most common and widely used objective measure of image quality. It is used to measure the level of distortion or noise in an image. The higher the value, the better the image quality.

(9)$$\left\{\begin{array}{l}\text{MSE}=\frac{{\displaystyle \sum _{i=1}^M{\displaystyle \sum _{j=1}^N{\left(O_{i,j}-O_{i,j}^{\text{'}}\right)}^2}}}{M\times N}\\ \text{PSNR}=10\mathrm{l}g\frac{O_{\text{MAX}}^2}{\text{MSE}}\end{array}\right.$$

In Eq. (9), M, N represent the number of pixels in the row and column, respectively. i, j represent the ith and jth pixel in the row and column, respectively, where i = 1, 2, ..., M and j = 1, 2, ..., N. O_i,j, O’_i,j represent the initial image and the decrypted image, respectively, O²_MAX is the maximum pixel value of the image, and MSE is the root mean square error between the decrypted image and the original image.

3.3.3. Structural Similarity Index

The structural similarity (SSIM) index is an index used to quantify the structural similarity between two images. SSIM is modeled on the human visual system (HVS) to realize the theory of structural similarity and is sensitive to the perception of local structural changes of images. SSIM quantifies image attributes from brightness, contrast and structure, uses mean values to estimate brightness, variance to estimate contrast, and covariance to estimate structural similarity. The SSIM value ranges from 0 to 1. The larger the SSIM value is, the more similar the images are. If two pictures are exactly the same, the SSIM value is 1.

For image x and image y, the calculation is shown in Eq. (10).

(10)$$S$$

To verify the effectiveness of the encryption system, a numerical experiment was mainly implemented using MATLAB2016B software. We chose three aspects for verification and analysis: Feasibility, safety and robustness. In this paper, the Set12 image dataset [29] is used as an example, and 4 images are randomly selected as plaintext images with a size of 64 × 64. In the simulation of multiplexing of positions, wavelength λ = 632.8 nm and diffraction distance z_n = 100 + 10 nm (n = 1, 2, ..., N) are used.

4.1. Feasibility Analysis

The MGSA algorithm is used to superimpose and normalize the information of the four pure phase functions, and the results are shown in Fig. 5. Figures 5(a)–5(d) shows the original pictures of the four secret images; Figures 5(e)–5(h) shows the decryption result under the condition that the key is completely correct; Figure 5(i) shows the combined phase function obtained after MGSA and superposition normalization.

Figure 5. Feasibility result diagram. (a)–(d) 4 plaintext images; (e)–(h) 4 decrypted images; (i) ciphertext image (the size of the ciphertext image is still 64 × 64).

By comparing the CCs and SSIM of the proposed method with the original image and decrypted image of the method [30, 31], in Fig. 6, it can be concluded that: (1) The CC and SSIM of images reconstructed by each algorithm gradually decrease with the increase in the number of encrypted images. The decrease rate of the algorithm used in this paper is relatively low compared with that in the literature [31], and CC and SSIM both decrease to varying degrees compared with that in the literature, but it also improves the security of the algorithm [30]. (2) With the same number of iterations, the improved MGSA algorithm proposed in this paper is superior to the method [28]. And with the increase in the number of iterations, the advantages of the proposed algorithm become more and more significant. (3) When the number of iterative frames in this method reaches four, the CC value is around 0.82 and SSIM value is around 0.85, indicating that the proposed method has a large amount of ciphertext transmission and is suitable for multi-image encryption.

Figure 6. Statistics of correlation coefficient (CC) and structural similarity (SSIM) values between decrypted image and the original image along with the number of encrypted images.

To further prove the feasibility of the encryption system in this paper, we collect statistics on the CC value and SSIM value between the decrypted image and the original image with the change of sampling rate, and draw a broken line graph as shown in Fig. 7. For the sake of statistical analysis, no matter how many pictures are super-imposed in the stacking process, the image Lena must exist. In the line graph drawing, the image Lena is fixed as a statistical sample among different superimposed samples. The results in Fig. 7 are as follows: (1) With the increase in the number of superimposed images, the overall decryption quality of the image will drop. (2) With the increase in the sampling rate, the quality of the decrypted image continuously improves. (3) At the same time, under the condition of full image sampling, the CC values of decrypted images are all above 0.6 and the SSIM values are all above 0.65, indicating that the system has excellent multi-image encryption performance and good feasibility.

Figure 7. Correlation coefficient (CC) and structural similarity (SSIM) values between the decrypted image and the original image with the sampling rate.

4.2. Security Analysis

4.2.1. Key Security

In the multi-image encryption system based on MGSA and computational ghost imaging, it is necessary to encrypt the image MGSA first, and then superimpose and normalize the obtained phase function to get the combined phase function. Coherent light passes through the spatial light modulator, and the modulated beam illuminates the phase function for secondary encryption. Finally, the beam information is collected by the bucket detector to obtain the final ciphertext. In this process, each image corresponds to two keys, of which the primary key is the phase generated by the phase iterative system in the iterative encryption process exp[iφ(x, y)] and is used as the private key during decryption. At the same time, the algorithm is based on the G-S algorithm in the Fresnel transform domain, so the Fresnel transform parameters z₁, z₂, ..., z_N can be used as the additional key of the encryption scheme. The secondary key is when the combined phase function is used for correlation imaging encryption, and the illumination speckle is used as the last key. The decryptor can reconstruct the encrypted image only when the correct key is used. To verify the security of the encryption system, four images are used as examples. Four different grayscale images are selected, and the correct key, primary key, and secondary key are used to reconstruct the information of the original image. The results are shown in Fig. 8.

Figure 8. Key security analysis. (a) The original image; (b) Images reconstructed with the correct key; (c) Images reconstructed with primary keys; (d) Images reconstructed with the use of secondary keys.

Results analysis: (1) The decryption quality of the image is good by combining the MGSA algorithm with the computational ghost imaging algorithm. Figure 8(b) shows the reconstructed image with the correct ciphertext and key. It can be seen that the information of the encrypted image can be reconstructed only when the decryptor has the correct key and ciphertext. (2) It can be seen in Fig. 8(c) that when the decryptor only contains the primary key, the obtained information is wrong even if the decryption algorithm is known. (3) Figure 8(d) shows that when the decryptor only uses the secondary key to decrypt the encryption system, no information of the encrypted image can be obtained. The encryption algorithm in this paper first realizes “one code, one key,” with distance multiplexing, then reduces the amount of transmitted data with phase function superposition and normalization, and finally carries out secondary encryption with image combination, which improves the security of the whole system.

On this basis, the sensitivity of diffraction distance of the primary key is analyzed. According to the decryption results, when the diffraction distance deviation is 0.1 m, 0.01 m, 0.001 m, 0.0001 m, 0.00001 m, 0.000001 m, and 0.0000001 m, the sensitivity of the key is analyzed and then the security of the key is analyzed. It can be seen from the decryption results that the decrypted image is very sensitive to the diffraction distance, which has different degrees of deviation. The amplitude of the Fresnel field is randomly disturbed due to the addition of an amplitude modulation template, and the decryption result is very sensitive to the deviation of diffraction distance, which enhances the security of the system. The influence of the diffraction distance Z deviation on the decrypted image is numerically simulated, as shown in Table 1. Meanwhile, the diffraction distance error-image CC value and the diffraction distance error-image SSIM value are drawn, as shown in Fig. 9. Figures 9(a) and 9(b) shows the variation curve of the CC of starfish, pepper, house, and Lena with the deviation of diffraction distance; and Figs. 9(c) and 9(d) shows the variation curve of correlation coefficient SSIM of starfish, pepper, house, and Lena with the deviation of diffraction distance.

TABLE 1. Diffraction distance error, CC value and SSIM value table.

Diffraction Distance Error (m)		0	0.0000001	0.000001	0.00001	0.0001	0.001	0.01	0.1
CC	House	0.8487	0.8287	0.8288	0.8269	0.7559	0.5383	0.3575	0.0328
	Starfish	0.9563	0.9564	0.9562	0.9562	0.8980	0.3975	0.3074	0.1068
	Pepper	0.8858	0.8358	0.8357	0.8345	0.7909	0.4648	0.3681	0.0523
	Lena	0.9410	0.9410	0.9311	0.9217	0.9123	0.4065	0.1646	0.0364
SSIM	House	0.8341	0.8341	0.8344	0.8331	0.6254	0.1838	0.0206	0.0055
	Pepper	0.6640	0.6640	0.6636	0.6616	0.5650	0.1830	0.1693	0.0136
	Starfish	0.8502	0.8502	0.8501	0.8496	0.6898	0.1622	0.0591	0.0343
	Lena	0.7069	0.7069	0.7072	0.7072	0.5733	0.3107	0.1160	0.0157

Figure 9. Sensitivity analysis of diffraction distance error. (a) Line chart of the relationship between distance error and correlation coefficient (CC); (b) Partial enlargement of figure (a); (c) Line chart of the relationship between distance error and structural similarity (SSIM); (d) Partial enlargement of figure (c).

Figure 9 shows that (1) as the diffraction distance error grows, CC and SSIM values between the reconstructed image and the original image gradually increase. The lower the definition of the reconstructed image is, the more difficult it is to distinguish the information of the original image. (2) When the diffraction distance error reaches ±0.001 m, the CC value of the reconstructed image and the original image is less than 0.5, and the SSIM value is less than 0.32. The reconstructed image only contains very little useful information, and the original image cannot be clearly distinguished, resulting in a poor reconstruction effect. (3) When the diffraction distance error is within ±0.0001 m, the CC value of the reconstructed image and the original image is above 0.75, and the SSIM value is above 0.55. Most information of the original image can be distinguished, but some details are lost to a certain extent. The above results indicate that the decryption results are very sensitive to the diffraction distance deviation, and the security of the system is guaranteed.

4.2.2. Ciphertext-only Attacks

Ciphertext-only attacks (COA) assume that a cipher analyst possesses the password algorithm and plaintext statistics feature, intercepts one or more ciphertexts encrypted with the same key, and obtains the plaintext or key by analyzing these ciphertexts. Only COA have the least known conditions. Passwords that cannot withstand COA are considered insecure. We use statistical analysis to verify the security of the encryption system to demonstrate the security of the method. The larger the CC is, the stronger the correlation between adjacent pixels of the image is; Otherwise, the correlation is lower. After an image is encrypted, the smaller the correlation of the ciphertext image is, the more destructive the encryption algorithm is to the gray correlation of the image, and it is difficult for an attacker to analyze the plaintext information based on the ciphertext or key obtained. In this sense, the encryption system has a certain degree of security.

In order to directly reveal the correlation between the adjacent pixels of the original image and the encrypted image, Fig. 10 analyzes the three-dimensional gray distribution of the four plaintext images and ciphertext images, as shown in Table 2. The table shows the three-dimensional gray distribution of house, pepper, starfish, Lena and ciphertext respectively. The gray values of adjacent pixels of the four original images all show highly correlated rows. However, the randomness of gray values between adjacent pixels is very noticeable in the 3D gray distribution of ciphertext images. The statistical feature of ciphertext makes it difficult for an attacker to obtain information about the encryption system with COA.

TABLE 2. Three-dimensional gray distribution of secret image and ciphertext image.

Grayscale Image	Three-dimensional Grayscale Distribution	Grayscale Image	Three-dimensional Grayscale Distribution

Figure 10. Scatter diagram of a correlation between adjacent pixels. (a)–(c) Scatter diagram of original image; (d)–(f) Corresponding ciphertext scatter diagram.

At the same time, to directly demonstrate the correlation between the adjacent pixels of the original image and the encrypted image, the grayscale image starfish is used as an example, and MATLAB is used to draw a correlation distribution map of adjacent pixels (horizontal, vertical and diagonal directions) of the original image and the ciphertext image. As shown in Fig. 10, (1) there is a correlation between adjacent pixels of the original image, and whether there is a certain regularity in the horizontal, vertical or diagonal directions; And (2) there is no obvious regularity between adjacent pixels of ciphertext images. It also shows that the proposed encryption system is very destructive to the adjacent pixels of the original image, and it is difficult for attackers to obtain plaintext information based on the ciphertext. The encryption system has outstanding security. The autocorrelation coefficient of each original image and that of the encrypted image is one of the indicators used to evaluate statistical information. Generally speaking, for a good image encryption scheme, the distribution of image pixel autocorrelation features will be damaged to a considerable extent. Therefore, the system has remarkable security.

Thus, the CCs of different secret images in each direction are further calculated, as shown in Table 3. As can be seen in Table 3, the horizontal, vertical and diagonal CCs of the four original images are all more than 0.79, and the CCs of ciphertext images in all directions are less than 0.1. This indicates that the correlation between adjacent pixels of the original image is high, while the correlation between adjacent pixels of the ciphertext image is low. The encryption system is very destructive to the original image and it is difficult for the decryptor to analyze the plaintext information based on the ciphertext information obtained, indicating that the encryption system is secure.

TABLE 3. Correlation coefficients between adjacent pixels of the image to be encrypted and ciphertext.

Direction	Starfish	Pepper	House	Lena	Ciphertext
Horizontal	0.8679	0.8792	0.8524	0.8739	0.0123
Vertical	0.8991	0.9026	0.8962	0.8970	−0.0159
Diagonal	0.7926	0.8127	0.8050	0.8100	0.0203

4.3. Robustness Analysis

4.3.1. Clipping Attack

Assuming that the key is lost to different degrees in the process of transmission and the key is clipped to different degrees in different positions, we choose the similarity normalized correlation (NC) as an evaluation index to verify the anti-clipping attack performance of the encryption system.

As shown in Table 4, (1) as the key clipping area expands, the NC value between the reconstructed image and the original image gradually decreases. The lower the definition of the reconstructed image, the more difficult it is to distinguish the information of the original image. (2) When the clipping ratio is 30%, the CC values of the reconstructed image and the original image are both above 0.85, and the SSIM value is above 0.65, which can clearly distinguish the information of the original image, and the reconstruction result is good. (3) When the clipping ratio of the key is 50%, the CC values of the reconstructed image and the original image are both more than 0.65, the SSIM value is above 0.55, and part of the information of the encrypted image can still be distinguished, indicating that the method can resist clipping attacks well. To sum up, the encryption system proposed in this paper not only shows good robustness against noise attacks, but also can resist clipping attacks, indicating that the encryption system has superb robustness.

TABLE 4. Normalized correlation (NC) of different cropping proportions.

Cropping Proportions	Reconstructed Images
	Starfish	House	Pepper	Lena
	10%
CC	0.8210	0.8405	0.8304	0.8510
SSIM	0.8502	0.8341	0.6641	0.7069
20%
CC	0.8089	0.8014	0.7803	0.8289
SSIM	0.8501	0.8338	0.6636	0.7072
30%
CC	0.7624	0.7755	0.7510	0.7624
SSIM	0.8496	0.7938	0.6616	0.7073
40%
CC	0.7433	0.7060	0.7198	0.7433
SSIM	0.7361	0.7127	0.6238	0.6536
50%
CC	0.7024	0.6902	0.6706	0.7024
SSIM	0.6898	0.6095	0.5650	0.5733

4.3.2. Noise Attack

By adding different types of noise with the same density to the ciphertext, we simulate the process where the ciphertext or key may be affected by noise in the transmission process. We select salt-and-pepper noise, gaussian noise and multiplicative noise, and carry out a simulation for each noise by using 10 different embedding strengths (0.01, 0.02, 0.03, 0.04, 0.05, 0.06, 0.07, 0.08, 0.09, 0.10). The results are shown in Fig. 11. Gaussian noise, salt-and-pepper noise and multiplicative noise are used to attack the four secret images. In Fig. 11, only four kinds of noise intensity are shown: 0.01 (upper left), 0.02 (upper right), 0.04 (lower left) and 0.08 (lower right).

Figure 11. Reconstruction results under different noise attacks.

As can be seen in Fig. 11, (1) when ciphertext is subjected to different types of noise attacks, the information of encrypted images can be reconstructed, indicating that the encryption system proposed in this paper can resist not only salt-and-pepper noise attacks, but also Gaussian noise attacks; (2) In a noise attack with the same density, the image reconstructed by salt-and-pepper noise is clearer, followed by Gaussian noise; (3) With the increase of noise embedding intensity, the quality of a decrypted image also decreases to varying degrees. For Gaussian noise, when the attack intensity reaches 0.08, the decryption result is poor and it is difficult to identify the image information. The decryption result of the salt-and-pepper noise attack is better than that of the Gaussian noise attack, but it also has a great influence on the visual effect. It shows that the encryption system is robust against noise attacks.

To further prove the robustness of the encryption system, a line chart of decrypted image CC, SSIM and PSNR with the embedding intensity of noise is drawn after the decryption of images with different noise in-tensities of different noise types, as shown in Fig. 12.

Figure 12. Relationship between correlation coefficient (CC), structural similarity (SSIM), peak signal-to-noise ratio (PSNR) and noise intensity of the decrypted image.

As can be seen in Fig. 12, the three indicators simultaneously show that gaussian noise has the greatest influence on image quality for the same embedding intensity. When the embedding intensity of multiplicative noise and salt-and-pepper noise is 5%, the CC value, SSIM and PSNR of the image can still reach above 0.57, 0.75 and 17, respectively, showing strong resistance to noise. The decryption quality of the image decreases with the increase of the noise embedding intensity, but for the noise of general intensity, the decryption quality of the encryption system is good and has strong robustness, which further confirms the robust performance of the encryption system.

To sum up, the encryption system proposed in this paper shows good robustness to noise attacks. Although the decryption results of images are lost to a certain extent with the enhancement of noise attacks, the image decryption quality is good when resisting noise attacks of general intensity. At the same time, the encryption system can resist clipping attacks to a certain extent. When the clipping information reaches 50%, the contour information of the image can still be observed, but the detailed information is seriously damaged. This shows that the encryption system has good robustness.

In this paper, a multi-image encryption method based on MGSA and computational ghost imaging is proposed. On the basis of MGSA optical image encryption, Fresnel diffraction distance multiplexing is used to stack the phase function obtained by phase superposition of a single secret image and normalize it so as to realize diffraction distance multiplexing, which facilitates the compression of encrypted multi-image information, and solves the problem of large amounts of ciphertext transmission in multi-image encryption. Finally, the combination of computational ghost imaging and MGSA improves the security and accuracy of the encryption system. Because the MGSA of the optical image encryption is very sensitive to the distance key, the information of the encrypted image can be reconstructed only when the key is completely correct or produces minimal error. Its encryption system is simple and easy to transmit and record. It has better practicability compared with double random phase encoding, and this method can send different keys to different authorized users, which guarantees that it has a broader application prospect.

There are no conflicts of interest in the submitted manuscript, and the manuscript was approved by all authors for publication. The lead author declares on behalf of my co-authors that the work described was original research that has not been published previously, and is not under consideration for publication elsewhere, in whole or in part. All the authors listed have approved the manuscript that is enclosed.

Data underlying the results presented in this paper are not publicly available at the time of publication, but may be obtained from the authors upon reasonable request.

National Natural Science Foundation of China (No. 62275153, 62005165); Shanghai Industrial Collaborative Innovation Project (HCXBCY-2022-006).