A Secure Asymmetric Optical Image Encryption Based on Phase Truncation and Singular Value Decomposition in Linear Canonical Transform Domain

. A new asymmetric optical double image encryption algorithm is proposed, which combines phase truncation and singular value decomposition. The plain text is encrypted with two-stage phase keys to obtain a uniformly distributed cipher text and two new decryption keys. These keys are generated during the encryption process and are diﬀerent from encryption keys. It realizes asymmetric encryption and improves the security of the system. The unscrambling keys in the encryption operation are mainly related to plain text. At the same time, the system is more resistant to selective plain text attacks; it also improves the sensitivity of decryption keys. With the application of phase truncation, the key space expanded and the security of the cryptographic system is enhanced. The eﬃcacy of the system is calculated by evaluating the estimated error between the input and retrieved images. The proposed technique provides innumerable security keys and is robust against various potential attacks. Numerical simulations verify the eﬀectiveness and security of the proposed technique.


Introduction
With the rapid development of modern online transactions, protecting information security has become increasingly difficult. Unauthorized users may access the data, so information hiding techniques are required to conceal the multimedia data from unintended users. To overcome this problem, many encoding methods have been developed in the field of optical security, biometrics, and holographic storage. Parameters such as phase, amplitude, wavelength, frequency, and polarization have multiple degrees of freedom, thus increasing the key space. erefore, optical techniques are the prime requirement, where a given data will be transmitted secretly on it, and any attacker in the middle cannot obtain the data. In the previous years, many encoding techniques were developed [1][2][3][4][5][6]. e double random phase encoding (DRPE) method [1] suggested by Refregier and Javidi in 1995 is the most effective image coding scheme. DRPE is an effective solution because the information is encrypted into an unrecognizable format. In DRPE, the original images are multiplied by randomly generated phase keys by using the input domain and the Fourier domain and a random phase mask (RPM) used as a security key. Use the conjugate of the encrypted image or the conjugate of the RPM to decrypt and return to tracing the optical path. In addition, DRPE -based coding methods are prolonged from Fourier transform (FT) to many other domains, such as fractional Fourier transform [7][8][9][10][11][12], Fresnel transform [13,14], Fresnel wavelet transform [15], fractional Mellin transform [16][17][18][19], gyrator transform (GT) [20][21][22][23][24][25], gyrator wavelet transform (GWT) [26,27], ghost Holography [28], etc.
In all these techniques, the indistinguishable RPM acts as a key during the decryption process. Similarly, due to the inherent nature of attacks, symmetrical schemes are used to deal with attacks, such as chosen cipher attack (CCA), chosen plain attack (CPA), and known plain attack (KPA) [29][30][31] because of an immanent stretch; it faces the problem of precondition administering and conducts. To address aforesaid matter, some dissymmetric optical cryptosystems have been proposed. Qin and Peng [32] put forward one of the pioneering work about asymmetric phase reservation (PR) and amplitude-truncation (AT) techniques to make the linearity of symmetric routines better. Since the decryption keys differ from the encryption keys, the author [33] claims that the PTFTbased cryptosystem is nonlinear. In 2013 [34], a speech restoration based on the AM-FM model in the linear canonical transform (LCT) domain was proposed. One relies on linear canonical transform domain filtering; the other relies on restoring the speech signal in the LCT domain. Kumar et al. [35] proposed an asymmetric method that uses two-dimensional nonseparable linear canonical transform (2D-NSLCT) and an iterative phase retrieval algorithm for duplex image encryption. First, PRA generates an encryption security key. Here, two intensity images are combined to form a complex image. Rakheja et al. [36] proposed a duplex image encoding based on the 3D Lorenz chaotic system and QR decomposition in the two-dimensional nonseparable linear canonical transform domain. In this communication, the unconventional framework of the 2D-NSLCT extends the key-size of the initiate scheme and enhances the robustness against brute-force attacks. e phase truncation part will continue for further processing, whereas the phase reserve part is used as the decryption key. After the intermediate cipher text is multiplied by a random phase mask, the inverse two-dimensional inseparable canonical transform will be performed. e output obtained is QR decomposition to get the final cipher text and another private key. Rajput and Matoba [37] proposed optical voice encryption in the other optical domains such as fractional Fourier, Fresnel and gyrator transforms, which convert input information into different mixed spacefrequency domains. ey also analyzed the experimental recording conditions of the human voice and some security aspects of the scheme. eir results show that the original voice cannot be retrieved unless the correct keys and correct domain orders are used. Number of papers published in the linear canonical transform have been studied [38][39][40][41][42][43][44][45][46][47][48][49]. Wang et al. [50][51][52][53][54][55][56][57][58][59][60][61] proposed the highdimension Lorenz chaotic system and perceptron model, a chaotic image encryption system. Image encryption and various analysis have also been performed by authors [62,63]. ey describe the algorithm flow in detail and analyze the cryptographic security. Some of the papers on image encryption in different context have been noted [64,65].
In this communication, we have introduced an unpredictable method for narrating duplex picture encryption using two-dimensional LCT and DPM besides esteem deterioration.
e proposed LCT has comparable properties, such as numerous well-known scientific changes. We know that the classical DRPE experiences issue of key space and optical hub arrangement. To overcome these issues and to extend the key space, we favor utilizing a deterministic phase mask (DPM) [56,62] rather than conventional RPM. e use of LCT has advantages such as computational ease and convenience in their optical implementation. e variations of LCT orders are achieved by rotation of the lens system because there is no need to change the distance like the optical implementation of fractional Fourier transform. e proposed scheme provides enhanced security by increasing the key space through the use of a deterministic phase mask. Such phase masks are easier to position in the decoding and provide their own security parameters.
In this article, the security of the cryptosystem depends on the linear canonical transform domain. e rest of the manuscript is organized as follows: Section 2 reflects the conceptual framework of the suggested scheme, Section 3 gives the proposed encryption and decryption methods, Section 4 indicates the various simulation results and robustness of DPM, and the concluding remarks are given in Section 5.

Generation of Deterministic Phase Mask (DPM)
. e deterministic phase mask (DPM) is produced by characterizing the arrangement (m) , which is given by the number of subkeys (NSK) in a single stage cover, where NSK � (2 m × 2 m ). As described in [19,66,67], the upcoming DPM can consist of a combination of the 16 submasks M(i, j) represented. DPM for the specific esteem of m � 4 is displayed in Figure 1 DPM where M i,j is defined as follows: where k � 1, 2, . . .. . .. . ... NSK (number of subkeys) and u k and v k are randomly generated in the interval [1, d], where k is defined into the interval.
For simplicity, we display the example when the order of encryption m � 2, 3 and 4. If m � 2, deterministic masks are considered (256 × 256) with 16 NSK of size (64 × 64). Each DPM 1 or DPM 2 is combined with 16 submasks M ij , as k interval is from 1 to 4, u k and v k are randomly generated in the interval from 1 to 64. If m � 3, deterministic masks (256 × 256) are constructed with 8 NSK of size (32 × 32). Each DPM 1 or DPM 2 is combined with 64 submasks M i,j , k interval is from 1 to 8; u k and v k are randomly generated in interval from 1 to 32.

eoretical Background of LCT.
LCT is generated by ABCD transform, generalized Fresnel transform, and amplified fractional Fourier transform. LCT may be directly changing course, with three parameters characterized as follows [38,42]: 2 International Journal of Optics where kernel r(x, u, y, v) � α( c) [] indicate that the LCT administrator has three genuine change parameters. ese three parameters are independent of (x, y) and (u, v) domains. Inverse twodimensional LCT is written as follows: where LCT (−α, −β, −c) [] denotes the inverse LCT. If (α, β, c, d) � (0, 1, −1, 0), the 2D LCT is simplified to the FT with a multiplier factor �� −i √ , where α, β and c are constants and are related by unit determinant matrix. e elements α, β, c convey three parameters as the order of LCT. ese orders are considered as the key parameters for image encryption purposes. LCT is a unitary transform, a special case, including FT, FrFT, FrT, and operations including scaling and chirp multiplication. e optical LCT system can be implemented using an arbitrary number of thin lenses and propagate through free space. e implementation belongs to the quadratic phase system (QPS) category [68]. e optical implementation of an LCT using a single lens is shown in Figure (2). e LCT parameters α, β, and c can be directly related to the distances d 1 and d 2 , and the focal length f is as given below:

Singular Value Decomposition (SVD).
e SVD may be a numerical method utilized to diagonalizable matrices. It breaks down a m × m real matrix A into a product of three matrices as follows [69][70][71][72][73]: e matrix U and V are orthogonal matrices (i.e., UU T � 1 and VV T � 1) having sizes m × n and n × n, respectively, while S could be an m × n diagonal matrix with nonnegative real values called singular values. Moreover, the arrangement of USV multiplication is very critical for the input image to be recouped accurately. Amid encryption, USV is made for cipher image C (x, y). At the time of decoding, perform reverse singular value decomposition.
[USV] � SVD(C(x, y)), If the multiplication arrangement has been changed to  International Journal of Optics 3 restored. Because of multiplication, order plays an important role, so if the door opener gets any components from any channel, he will not be able to determine the first image.

Nonlinear Phase Truncation Fourier Transform (PTFT).
PTFT can be a preparation of Fourier transform, but it has phase truncation, which means that because it only retains the amplitude (modulus part) of the Fourier spectrum, the phase part of the spectrum is truncated.
e phase truncation (PT) and the phase reservation (PR) operations can be expressed, respectively, as follows:

Asymmetric Cryptosystem for Encryption.
e input image f(x, y) is multiplied by RPM, i.e., [exp i(2πn 1 (x,y)) ] and then linear canonical transformation is performed in the order α 1 , β 1 , c 1 . Here, n 1 (x, y) is statistically independently and randomly distributed in [0, 1]. e PTFT separates the obtained complex spectrum into amplitude and phase. e amplitude-truncation (AT) value helps generate the first decryption key (DK 1 ) and the phase truncation (PT) value, bonded with another phase mask DPM (for the set m � 4), and then proceed to α 2 , β 2 , c 2 order then further take linear canonical transformed which give the encrypted image, which is further amplitude-truncated to generate a second decryption key (DK 2 ). Also, at the conclusion, SVD is connected; steps are appearing underneath. Finally, the encrypted image E(x, y) is obtained. Improper selection of any of these parameters during decryption comes out with negative results. Presence of number of encryption keys helps in making the system more secure against unauthorized attacker. e steps (Figure 3) of encryption of an input image f(x, y) can be expressed as follows: where PT denotes a phase truncation operator, LCT α 1 ,β 1 ,c 1 and LCT α 2 ,β 2 ,c 2 represent the linear canonical transform of order α 1 , β 1 , c 1 and inverse linear canonical transform order α 2 , β 2 , c 2 , respectively. e decryption keys (DKs) are obtained during the encryption process. Within the proposed strategy, the two encryption keys are treated as open keys and are not utilized within the unscrambling handle. e two decoding keys utilized are given by equations (12) and (13).

Asymmetric Cryptosystem for Decryption.
e decryption process is shown in Figure 4. First, perform inverse singular value decomposition on the image, then multiply it by second decryption key (DK 2 ), and then LCT.
en multiply with the asymmetric key DK 1 again perform LCT.
Steps for decryption is as follows:

Optoelectronic
Realization. An optoelectronic experimental setup of the proposed encryption scheme has appeared in Figure 5. In encryption, the image f(x, y) and RPM are first displayed on phase only spatial light-modulator (PO-SLM) associated with the machine and lit up by a He-Ne laser source (λ � 632.8 nm). LCTorder α 1 , β 1 , c 1 is performed optically. e resulting spectrum and DPM are displayed on to second PO-SLM 2 , which is additionally connected with the computer and after that performing an inverse LCT. e resultant spectrum is recorded by the charged coupled device (CCD) camera and stored in the computer system. e phase truncated part may be made by CCD. e amplitude-truncated part may be done by phase-shifting interferometry. In the decryption process, the digitally acquired image E(x, y) is multiplied with asymmetric key DK 1 is displayed on PO-SLM 1 irradiated with a laser source, and then subjected linear canonical transform through, then information is displayed on SLM 2 is associated with computer and intensity of the decrypted image is recorded in the output plane.

Performance Analysis.
In this section, mean squared error (MSE) and a peak signal-noise ratio (PSNR) are used as the convergence criterion in the iterative process. If f i and f i ′ denotes input and the decrypted image, then MSE is calculated as follows: In equation (16), L is the sum of pixels and denotes the size of the image. e suggested strategy is very safe because all the values of DPM must be reasonably when arranging for accurate image conversion. In case any of the esteem is inaccurately chosen automatically, there is an error in MSE; hence, decrypted image is not getting. e MSE for the tree and baboon pictures is as follows: 7.7485 × 10 −25 and 2.5223 × 10 −25 . e minimum value of MSE demonstrates a superior likeness to the tried image.
PSNR measures the modification between the input image f i and f i ′ is decoded image and its equation can be written as follows: e numerical esteem of PSNR obtained for our suggested algorithm for the tree and baboon image is 92.42 dB and 91.48 dB, respectively.

Relative Error (RE).
e relative error is computed between plain image and decoding image using mathematical expression represented in the following equation: Among them, f i (x, y) and f i ′ (x, y) , respectively, represented the input, decrypted picture. e RE values of the algorithm used for tree and baboon images are 0.0054 and 0.0049, respectively. It can be seen from these data that it reflects that the image is obtained faithfully.

Key Sensitivity Analysis.
Image encryption technique is sensitive to the initial values of the secret key. To obtain a sensitivity analysis of the image encryption technique, take incorrect parameters. e correct parameters are α 1 � 0.3, β 1 � 0.5, c 1 � 0.7 and α 2 � 0.5, β 2 � 0.7, c 2 � 0.9 as the orders of LCT. e responsiveness of the architecture has also been substantiated against each individual parameter. e retrieved images for erroneous values are shown in Figure 7 for the various variable of and phase masks.

Correlation Coefficient (CC) Analysis.
In this section, the correlation coefficient (CC) of two adjacent pixels in the original image and its encrypted image is examined. e CC is calculated by the following relations: where x � 1/N N i�1 x i and y � 1/N N i�1 y i . An illegitimate user cannot obtain any valid information from this statistical data. Plots of correlation distribution for randomly chosen 15,000-pixel pairs Figures 9(a), 9(d), 9(g), 9(j), and 9(m) show the input images; Figures 9(b), 9(e), 9(h), 9(k), and 9(n) show correlation distribution of input images; Figures 9(c), 9(f ), 9(i), 9(l), and 9(o) correlation distribution of encrypted images, respectively. e correlation graphics of input images are different, but the correlation plots of encrypted images are similar, so based on the encryption images, it is difficult for the hacker to identify the correct image. Table 1 shows the values of horizontal, diagonal, and vertical pixels of input and encrypted images ( Figure 9).

Statistical Analysis.
To demonstrate the ability to resist statistical attacks of the proposed image encryption algorithm, different kinds of statistical analysis methods are being utilized.

Histogram Analysis.
In order to obtain an effective and safe optical image encryption scheme, it should be able to encrypt different input images into an encryption form with similar histograms. e histograms of the tree, baboon, and their corresponding encrypted images are shown in Figures 10(a)-10(d). We can see from the histograms point of view input images are completely different, but the histograms of the encrypted images are indistinguishable, so it is difficult for an attacker to identify the correct picture.

Entropy Analysis. Entropy (H) can be represented as follows:
e chi-square value is calculated by the following equation [74][75][76]: where pi represents the probability. e ideal entropy is 8. e entropies obtained from the cipher image of the baboon, tree, optical image processing, OPT, and Lena images using the proposed algorithm are nearly standard entropy, respectively. ese values are near the ideal value, then the loss is insignificant, and the suggested algorithm is strongly against the entropy attack. Table 2 shows entropies of input, encrypted and decrypted, respectively.
Variance is the quantitative measure of histogram analysis. In addition, histogram variances are mainly used to quantitatively examine the uniformity of an image. Lower variance means higher uniformity of an image, alternatively the better security of the particular algorithm. e mathematical expression for calculating the variance is as follows [74][75][76]: where k is the number of grayscale values, I i and I j are the number of pixels for a particular grayscale values i and, j, respectively, and I is the vector of all I i ′ s and I j ′ s . Variance results are tabulated in Table 3. e result shows our encryption scheme is better and more efficient, giving better results than others.
e chi-square test is the degree of deviation between the actual observation value and the theoretical inference value  of the statistical sample. e larger the chi-square value, the less conformable and on the contrary, the more it is consistent. If the two values are completely equal, the chi-square value is 0, indicating that the theoretical value is completely consistent.where obs i is the observed frequency of i, and exp i is the expected frequency of i. e expected frequency exp i is as follows: where M × N is the size of images. Table 4 lists the test results for encrypted images. According to the chi-square distribution, χ 2 255;0: 05 � 293: 247 and χ 2 255;0: 01 � 310: 457; from this, we can see that for the 1% and 5% significant level, accept the hypothesis, so we can confirm that the pixel distribution is uniform.

Robustness Method Against Pixels Cropped.
In an occlusion attack, some parts of the encrypted image are blocked, which will cause the encrypted image to be blurred. is leads to blurred decrypted images depending on the size of the blocked parts. Different cases have been evaluated by taking the different sizes of the filter in the encrypted image. When the encrypted image is occluded or blocked, it impacts the quality of the recovered images. e occlusion is considered by changing the encrypted image by 10%, 25%, 50%, and 75%. As the occlusion percentage increases, the quality of the restored image gradually decreases. But still, the recovered images are visible till 25%. Figure 11(a) is 10% encrypted image; Figure 11(b) is occluded 25%. Similarly, 50% is occluded in Figure 11(c), 75% in Figure 11(d), and their corresponding effect is reflected in Figures 11(e) and 11(f ); the MSE and CC plot with the occluded area. A larger value of MSE states a larger loss of information and degraded condition of recovered images.

Noise Attack Analysis.
e encrypted image on the stage of image processing and image transmission is susceptible to different kinds of noise. ese noises have a great influence on the quality of the decryption images. In this work, we have added Gaussian noise to the encoded image. e noise interferes with the ciphered images by relation [80][81][82].
where μ(u, v) is encrypted picture and μ ′ (ρ, σ) is the noised image, k is a constant factor and G is Gaussian noise with 0 and 1 standard deviation. Figures 12(a)-12(h) show the recovered images from the encrypted data distorted by Gaussian noise with standard deviations of 0.02. Figure 13 shows the plot of MSE with noise factor (k).

Classical Attack
Analysis. e security of a cryptographic system depends on its resistance to four basic attacks. ese basic attacks are cipher text only attack, known plain text attack, chosen plain text attack, and chosen cipher text attack. Among them, chosen plain text attack is the most powerful attack. If a cryptosystem is secure against this attack, it is secure against the other three attacks. e proposed scheme has eight keys; one from a deterministic phase mask, one from RPM, and six from linear canonical transform parameters, and the scheme is highly sensitive to all these parameters. If a small change is made in these parameters, the results would be completely different. So, the proposed scheme is secure enough against chosen plain text    attacks and hence against other classical attacks too. e analysis proves that the presented system is resistant to several attacks which threaten the authenticity of any cryptosystem. Hence it is a much more secure and powerful yet simple cryptosystem. In CPA, the attacker has the plain image and scheme. With respect to these, he will try the cipher image. Normally, DRPE is highly vulnerable to CPA. If an attacker chooses the Dirac delta function, which is shown in the below equation: δ(x, y) � 1, x � 0 and y � 0, 0, otherwise.
Dirac delta function is to be considered a single nonzero pixel at the centre of the image and all the other values are zero. In order to perform chosen plaintext analysis, created Dirac delta function is considered as plain image and cipher image calculation is given in the equation.
From the above equation, the second secret key is easily obtained by drpe cpa . Figure 14 shows the CPA analysis of the DRPE system.

Speed Performance Analysis.
e speed of the scheme measures the performance and the time taken by the scheme for the execution. It is important that the encryption and decryption schemes are fast enough to meet real time requirements. e scheme needs to be faster to reach the level of real time applications. e scheme has been tested against the speed by executing the scheme on a personal computer with configuration Intel (R) Core (TM) i3-2328 CPU @ 2.20 GHz-2.71 GHz, 2 GB RAM running Windows 10 on MATLAB R2020a 5 (9.6..0.1174912) 64 bit (win64), LM: 40664749. e total time taken for both encryption and decryption is 0.66 s. is time is due to the introduction of DPM. After introducing the DPM, the time taken is still very small and proves the scheme to be fast and efficient.

Quantitative Comparison Analysis.
e proposed scheme is quantitatively compared with various recent schemes in terms of entropy, execution time, and key space. Table 4 gives the key space, time execution, and entropy of cipher text of various schemes. As can be seen from Table 4, the proposed scheme has the least execution time of 1.515843 seconds with a key space of RPM, DPM, and 6 keys. e cipher-text entropy value is 7.261, which indicates the randomness in the encrypted image. All these parameters demonstrate the strength and quality of the proposed encryption scheme. Table 5 reflected the quantitative comparative analysis of the proposed scheme and earlier reported schemes.

Differential Attack Analysis
e Number of Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI): Let encrypted images before and after one pixel change in the image be E 1 (x, y) or E 2 (x, y). e NPCR and UACI are given as follows [76]: where D(x, y) is a two-dimensional array having the same size as images E 1 (x, y) or E 2 (x, y) and M and N are the width and height of the image. e matrix D(x, y) is defined by E 1 (x, y) and E 2 (x, y); if E 1 (x, y) ≠ E 2 (x, y), then

Conclusion
In this contribution, it demonstrates that the simulation LCT encrypting system is capable of information security with noise-free recovery. e experimental results show that the linear canonical transform order can be considered as an extra security key. It is found that a small variation in order will lead to a large change in CC, MSE, and PSNR values. e use of DPM increases the key space also as extra security of the scheme. e proposed scheme is asymmetric and also uses the SVD operation that increases the security of the algorithm. e scheme is tested for various attacks such as occlusion and noise and it was found the scheme is not vulnerable. Numerical simulations are performed to demonstrate the feasibility and validity of this method. Key sensitivity has been analyzed by MSE curves under different decryption keys. Several possible attacks such as KPA and CPA have been considered and results demonstrate that the proposed encryption system has higher security.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.