Key Distribution and Changing Key Cryptosystem Based on Phase Retrieval Algorithm and RSA Public-Key Algorithm

. The optical image encryption has attracted more and more researchers’ attention, and the various encryption schemes have been proposed. In existing optical cryptosystem, the phase functions or images are usually used as the encryption keys, and it is difficult that the traditional public-key algorithm (such as RSA, ECC, etc.) is used to complete large numerical key transfer. In this paper, we propose a key distribution scheme based on the phase retrieval algorithm and the RSA public-key algorithm, which solves the problem for the key distribution in optical image encryption system. Furthermore, we also propose a novel image encryption system based on the key distribution principle. In the system, the different keys can be used in every encryption process, which greatly improves the security of the system.


Introduction
The characteristics of optical information processing are parallel and multidimensional, so more and more researchers have been studying the optical information security in the recent twenty years.Optical image encryption system based on double random phase encoding (DRPE) was proposed in 1995 [1] and the keys were two random phase matrices in this system.It was easy for the optical implementation and easy to combine with other encryption methods, so it attracted many researchers' attention and a lot of improved encryption systems were proposed in [2][3][4][5][6][7].However, the security of the system in the systems without reference to the key distribution and transmission concerned researchers more.Optical asymmetric cryptosystem (OACS) was proposed based on phase-truncated Fourier transforms (PTFT) in 2010 [8], and it used nonlinear operation of the phase truncation which overcame the defects that DRPE was linear and symmetric [9][10][11].Since then, the many improved systems have been proposed based on PTFT [12][13][14][15][16][17][18][19][20] and some researchers proposed different OACS from another perspective [21][22][23][24].However, the existing OACS was incomplete [25], which did not meet the basic protocol of asymmetric cryptosystem (ACS).Although the security of the systems is significantly improved, only the private key sharing can establish communication in reality.Recently, Zhang et al. proposed an optical cryptosystem based on the phase-truncated Fresnel diffraction (PTFD) and transport of intensity equation (TIE) [26].A random amplitude mask (RAM) and a random phase mask (RPM) are employed as two secret keys to encrypt the input image into a real-valued noise-like intensity distribution.Moreover, the proposed scheme is expected to against existing attacks.Wang et al. proposed a new optical information authentication system based on compressed DRPE images and quick-response (QR) codes, where the parameters of optical light wave are used as keys for optical decryption and the QR code is a key for verification [27].Cai et al. proposed an asymmetric cryptosystem using equal modulus decomposition (EMD) to create an effective trapdoor one-way function without a silhouette problem [28].In the system the encryption key is RPM, and the decryption key is obtained by EMD.
In the existing optical cryptosystem, usually the key generally is phase functions or other optical parameters (such as wavelength, focal length, etc.), but the problem to be solved is how to distribute and transmit the keys (phase functions).In this paper, we propose a key distribution scheme, which solves the problem for the key distribution.Furthermore, we propose an image encryption system of changing key based on the key distribution principle which conforms to the basic protocol of ACS, and the greatest advantage of the system is that both sides of communication can change key constantly, which greatly improve the security of the system.

Key Distribution Scheme
We propose a key distribution scheme on public channel, and the process is shown in Figure 1.
The basic protocol is as follows: (1) Alice opens the encryption keys (the public key  pub ) and reserves the decryption keys (the private key  pr ).
(2) Bob wants to send key  1 to Alice and he uses Alice's public key to encrypt  1 .
(3) Alice receives Bob's ciphertext and uses the private key for decryption and obtains  1 .
(4) If Alice receives Laura's ciphertext and uses the private key for decryption and obtains the key  2 .
In the key distribution scheme, users do not need to establish the secret channel and the whole transmission process can be open to the public.

The Encryption and Decryption
3.1.RSA Public-Key Algorithm.In 1978, Rivest et al. first proposed RSA algorithm based on public-key cryptosystems of numeric theory and RSA algorithm was the best encryption algorithm in public-key cryptosystems [29]; the following steps show how the keys are generated [30]: (1) Select two large prime numbers  and  randomly.
(5) (, ) denotes the public key, and  denotes the private key.
In the encryption process, at first, divide the bit string of plaintext into many groups, and set the decimal number corresponding to each group to be less than .Then perform the encryption operation on each plaintext group  such that  ≡   mod . ( The decryption operation on each ciphertext group may be expressed as  ≡   mod . (2) 3.2.The Encryption Scheme.In the key distribution scheme of Figure 1 the public key is  pub (, , ).The key (, ) is generated by RSA algorithm, and  is the public image.We present the encryption system as shown in Figure 2. The plaintext  is the key to be transferred, and  0 is the initial random phase encoding; then where FT denotes the Fourier transform.The correlation coefficient (CC) controls whether the iterative process continues, which is discussed in two different conditions.First, when CC <  ( = 0.99), iteration continues and the amplitude is limited, where  is the target image (the public image), and the inverse Fourier transform is to be done next: Recovered I 1 where IFT denotes the inverse Fourier transform, and phase is reserved: where PR denotes the operation of phase reservation.An iteration process is completed, and then  0 is replaced by exp( 1 ) to complete the next iteration process.Secondly, when CC ≥  ( = 0.99), the iteration is stopped and outputs   , which is processed dividing into two parts: (a) the ciphertext  1 = |  | is obtained by modulus operation; (b) the matrix  is obtained by binary modulation The encryption key (, ) is used to encrypt the matrix  and the ciphertext  2 is obtained: Then the encryption process is completed and the ciphertext ( 1 , 2 ) is obtained.
3.3.The Decryption Scheme.In the decryption system the private key  pr () is as the decryption key, and the decryption process is shown in Figure 3.The receiver receives the ciphertext ( 1 , 2 ) using the private key to decrypt the ciphertext  2 and gets the binary matrix ,  =   pr ( 2 ) ; then in order to calculate phase   , In the decryption process, the receiver uses the private key to decrypt the ciphertext  2 and gets the binary matrix  and finds the phase   through the constraint relationship between  and the ciphertext  1 ; thus it is easy to get the plaintext .

The Performance Analysis.
To evaluate the impact of iteration numbers on the retrieved image, the CC is introduced for comparing the retrieved image with the original image, which is defined as where (, ) and   (, ) stand for the original image and the retrieved image, respectively,   and    are the standard deviations of (, ) and   (, ), and COV[(, ),   (, )] is the covariance of the two corresponding images.The CC curves of different iteration numbers are shown in Figures 4 and 5, respectively.
In Figure 4 we present the CC curve which iteratives 200th.When the value of the CC is 0.99, the retrieved image is obtained and the original image is presented on the right.That is, the algorithm needs only a small iteration number to restore the clear image.In Figure 5, we present the CC curve which iteratives 1000th and mark the number of iterations () and the value of the CC ().Thus according to Figure 5 users can flexibly choose the value of the CC to control the iterative process in the encryption process.

Verification and Analysis
In this paper, we verify the key distribution scheme taking the DRPE, for example.The plaintext is real image, and just the second phase is distributed.In order to better facilitate observation, "Baboon" image is selected as the key.The simulation of the DRPE is given in Figure 6.Figures 6(a The key distribution based on DRPE is shown as follows. (1) Alice opens the public key  pub (, , ).( = 21746071,  = 37737253) is the public keys of RSA algorithm, and  is the public image (Figure 7(a)).
(2) Bob wants to send the phase  2 (Figure 6(d)) to Alice and uses the public key  pub (, , ) to encrypt the phase  2 as shown in Figure 7(b).
(3) Alice receives the ciphertext and uses the private key  pr () ( = 175771) for decryption; then the phase   2 is obtained in Figure 7(c).
So far the process of the key distribution is completed.In the above simulation experiment, we have completed the key transmission for the DRPE system and can restore the original image using the obtained key   2 .The above step indicates the feasibility of our proposed key distribution scheme, but the quality of the decrypted image depends on the phase   2 .Further, when the CC takes the different value, Alice will get the phase   2 of the different quality which is used to decrypt the ciphertext (Figure 6(b)); the results are shown in Figure 8.
From the analysis of Figure 8 we can see that the closer to 1 the value of CC is, the better the quality of the key transmission is.Though it is time-consuming, it is worth spending more time to transmit a good key for the cryptosystem.

Changing Key Cryptosystem
We propose an asymmetric cryptosystem of changing key, and the advantage of the system is that users can change key at any time (they even can use a different key in every encryption process).Thus, the security of the system is greatly improved.The communication protocol is shown in Figure 9.
The basic principle is as follows: (1) The public key  pub (, , ) was public, while the private key  pr (, ) was reserved by Alice.
(2) Bob wants to send image  1 to Alice and can use the public key  pub (, , ) to encrypt the image  1 ; the process is shown in Figure 2.
(3) Alice receives the ciphertext  1 from Bob and then uses her private key to decrypt the ciphertext and obtains the image  1 ; the process is shown in Figure 3.
(5) Alice receives the ciphertext  2 and then uses the key  pr (,  1 ) to decrypt the ciphertext  2 and obtains the image  2 .
The encryption scheme of changing key conforms to the basic agreement of asymmetric cryptosystem.Its characteristic is that the sender can change the key at any time and the receiver can use their existing recovery plaintext for decryption.(3) Alice receives the ciphertext  1 from Bob and then uses her private key () and the image  to decrypt the ciphertext  1 and obtains the image "Baboon" (Figure 11(a)).As cycle index increases, the correlation coefficient curve gradually declines in Figure 15.In the fifth cycle, correlation coefficient reaches its lowest point and the corresponding image contrast is shown in Figures 14(b) and 14(d).In Figure 14(d) there is the large noise in the decrypted images, so it is necessary to use the image  as the encryption key in the next encryption process, and the cycle renews.

Conclusion
In this paper, we propose a key distribution scheme based on phase retrieval algorithm and RSA public-key algorithm, which solves the problem that it is not easy to distribute due to overloaded key data in optical cryptosystem.Furthermore, we propose an image encryption system of changing key.The advantages are that the security of the system is guaranteed and users can change key at any time, which greatly protect users from economic loss.
) and 6(b) are the plaintext and the ciphertext, respectively, and Figures6(c) and 6(d) are both the encryption keys.

( 4 )
Next, Bob sends the ciphertext (Figure 6(b)) to Alice who uses the phase   2 for decryption and gets the plaintext (Figure 7(d)).

( 1 )
The public key ( = 21746071,  = 68585227) and the private key ( = 62065831) are obtained by RSA algorithm; at the same time an image  is opened (Figure10(a)).

( 2 )
Bob wants to send image  1 to Alice and can use the opened image  and the public key (, ) to encrypt the image  1 , as shown in Figures 10(b) and 10(c).

Figure 15 :
Figure 15: Correlation coefficient curve of cycle index.

( 4 )
Next, Bob uses the image  1 and the public key to encrypt the image  2 , as shown in Figures 11(b) and 11(c).(5) Alice receives the ciphertext  2 and then uses her private key and the recovered image  1 for decryption and obtains the image "Lena" (Figure 12(a)).(6) Next, Bob uses the image  2 and the public key to encrypt the image  3 , as shown in Figures 12(b) and 12(c).(7) Alice receives the ciphertext  3 and then uses her private key and the recovered image  2 for decryption and obtains the image "Man" (Figure 13(a)).(8) Next, Bob uses the image  3 and the public key to encrypt the image  4 , as shown in Figures 13(b) and 13(c).(9) Alice receives the ciphertext  4 and then uses her private key and the recovered image  3 for decryption and obtains the image "Cameraman" (Figure 14(a)).(10) Next, Bob uses the image  4 and the public key to encrypt the image  5 , as shown in Figures 14(b) and 14(c).(11) Alice receives the ciphertext  5 and then uses her private key and the recovered image  4 for decryption and obtains the image "Babar" (Figure 14(d)).