118 OPTICS LETTERS / Vol. 35, No.

2 / January 15, 2010

Asymmetric cryptosystem based on

phase-truncated Fourier transforms
Wan Qin and Xiang Peng*
College of Optoelectronic Engineering, Key Laboratory of Optoelectronics Devices and Systems of Ministry of
Education and Guangdong Province, Shenzhen University, Shenzhen, China
*Corresponding author: [email protected]
Received September 30, 2009; revised November 13, 2009; accepted December 1, 2009;
posted December 10, 2009 (Doc. ID 117985); published January 11, 2010
We propose an asymmetric cryptosystem based on a phase-truncated Fourier transform. With phase trun-
cation in Fourier transform, one is able to produce an asymmetric ciphertext as real-valued and stationary
white noise by using two random phase keys as public keys, while a legal user can retrieve the plaintext
using another two different private phase keys in the decryption process. Owing to the nonlinear operation
of phase truncation, high robustness against existing attacks could be achieved. A set of simulation results
shows the validity of proposed asymmetric cryptosystem. © 2010 Optical Society of America
OCIS codes: 070.2025, 070.4560, 100.4998.

During the past decade, many efforts have been tical cryptosystem. PTFT is a process of Fourier
made to develop the techniques of optical cryptogra- transform but with the phase truncation, which
phy because of the inherent nature of parallel and means only the amplitude (modular part) of the Fou-
multidimensional capability of optical signal process- rier spectrum is retained while the phase part of the
ing [1–5]. However, to the best of our knowledge, al- spectrum is truncated. For the sake of simplicity,
most all reported optical encryption techniques be- one-dimensional notation is used to illustrate this
long to the category of symmetric cryptosystems, in concept. Let f共x兲 denote the image to be encoded,
which the encryption key is identical to the decryp- FT共 · 兲 the operator of Fourier transform, PT共 · 兲 the op-
tion key. From the cryptography point of view, a sym- erator of phase truncation, and PR共 · 兲 the operator of
metric cryptosystem would suffer from several prob- phase reservation. Let a Fourier transformation
lems in practical use, in particular, under the F共u兲 = FT关f共x兲兴 = 兩F共u兲兩exp共i2␲␸共u兲兲, the phase trunca-
network environment, such as key distribution and tion and the phase reservation can be respectively ex-
management [6]. In this regard, it is necessary to de- pressed as follows:
velop asymmetric cryptosystems to solve those prob-
lems encountered in the symmetric cryptosystems PT关F共u兲兴 = 兩F共u兲兩, 共1兲
[7,8].
In general, the design rules for an asymmetric
cryptosystem should satisfy the following conditions. PR关F共u兲兴 = exp共i2␲␸共u兲兲. 共2兲
(1) A pair of keys, an encryption key (public key) EK Using Eqs. (1) and (2), we construct a one-way en-
and a decryption key (private key) DK, should be eas- coding process as illustrated in Fig. 1(a). Similar to
ily calculated. (2) Assume that M denotes the mes- the double-random phase encoding (DRPE) [2], the
sage to be encrypted. When EK and M are already PTFT scheme also employs a pair of independent
known, it should be easy to generate a ciphertext random phase masks R1共x兲 and R2共u兲 as encryption
through the calculation C = EEK共M兲, where EEK共 · 兲 is keys. Thus the encoded image or ciphertext g共x兲 can
the encryption operator. (3) It should be easy to re- be obtained by the following two steps:
trieve M with a private key through the calculation
M = DDK共C兲 = DDK共EEK共M兲兲, where DDK共 · 兲 is the de-
cryption operator. (4) Even if an opponent knew EK,
it should still be hard for him to infer DK. (5) Even if
an opponent knew EK and the ciphertext C, it should
still be hard to recover M, making such a calculation
infeasible [6]. From the design rules for an asymmet-
ric cryptosystem, we can see that a central role that
an asymmetric cryptography plays is an effective
trapdoor one-way function. In this Letter, we present
an approach to create a trapdoor one-way function
with aid of phase-truncated Fourier transform
(PTFT), leading to a new asymmetric optical crypto-
system. In this asymmetric optical cryptosystem, the
EK, two independent random phase functions, can
differ with the DK, another two phase functions.
First we show how to create one-way function with Fig. 1. Flowchart of (a) encryption process and (b) decryp-
PTFT strategy and then construct an asymmetric op- tion process with PTFT.

0146-9592/10/020118-3/$15.00 © 2010 Optical Society of America

 January 15, 2010 / Vol. 35, No. 2 / OPTICS LETTERS 119

g1共u兲 = PT关FT共f共x兲 · R1共x兲兲兴, 共3兲 directly applied to decryption. For the condition of
encryption, a reference beam should be split from the
g共x兲 = PT关IFT共g1共u兲 · R2共u兲兲兴. 共4兲 light source to record the truncated phase by inter-
ferometry. However, owing to the current resource
At the same time, the following additional two steps limitation in our laboratory, we just make a proof-of-
should also be performed to generate a pair of decryp- concept study with the computer simulation under
tion (private) phase keys P1共x兲 and P2共u兲: the environment of MATLAB 7.01.
We consider an image f共x兲 as a plaintext shown in
P2共u兲 = PR关FT共f共x兲 · R1共x兲兲兴, 共5兲 Fig. 3(a) (Lena, 256⫻ 256 pixels). The encoded image
(ciphertext) obtained with PTFP strategy is shown in
P1共x兲 = PR关IFT共g1共u兲 · R2共u兲兲兴. 共6兲 Fig. 3(b), which looks like white noise. Suppose an at-
tacker who has intercepted the ciphertext attempts
Obviously, g1共u兲, g共x兲 and P1共x兲, P2共u兲 have simple re- to retrieve the true plaintext without the knowledge
lations, g1共u兲P2共u兲 = FT共f共x兲 · R1共x兲兲 and g共x兲P1共x兲 of DKs; he might try to decode the plaintext with (a)
= FT共g1共u兲 · R2共u兲兲. For decoding, P1共x兲 and P2共u兲 no key(s) (brute force attack), (b) arbitrarily selected
serve as two decryption (private) keys that are differ- a pair of random phase keys (chosen public key at-
ent from encryption keys R1共x兲 and R2共u兲. Moreover, tack), (c) true EKs (known public key attack). How-
Fig. 1(b) shows the decryption process, in which the ever, Figs. 4(a)–4(c) show that all these attempts will
plaintext f共x兲 can also be retrieved by two steps, fail. Even if the opponent knows the EKs, it is still
impossible to infer the DK without the plaintext,
g1共u兲 = PT关FT共g共x兲 · P1共x兲兲兴, 共7兲 since the DK has a relationship with the plaintext.
Figure 4(d) shows that if the attacker attempts to
f共x兲 = PT关IFT共g1共u兲 · P2共u兲兲兴. 共8兲 generate the DK from a fake plaintext arbitrarily
chosen, then such an attempt will still fail. Only
From the processes of encryption and decryption as when the true pair of DKs is known, the original im-
described above, one can see that the encryption can- age of Fig. 4(e) can be retrieved. The mean-square er-
not be inversed with the EKs because the phase trun- ror (MSE) values between the original image and the
cation leads to one-way function and results in a ci- different decrypted images illuminated in Fig. 4 are
phertext with EKs. The decryption can only be calculated by the following equation:
achieved when private keys DKs P1共x兲 and P2共u兲 are L
used. Any attempt at the decryption of plaintext
without DKs, even with EKs, will fail because of one- 兺
i=1
共fi − 兩fi⬘兩兲2
way effect of phase truncation. The retained phase MSE = , 共9兲
would be a trap door for the decryption in this cryp- L
tographic mechanism.
It is worth noting that this asymmetric encryption where L is the sum of pixels. The MSE values corre-
scheme can not only be implemented digitally but sponding to Figs. 4(a)–4(e) are 3931.5, 3944.0,
also possibly be implemented in optics with the help 3955.7, 3926.8, and 0, respectively. These results ad-
of some optoelectronic devices. For example, it is equately demonstrate the robustness of the PTFT-
straightforward to perform the operation of phase based scheme.
truncation with a CCD detector, and the phase reser- Comparing PTFT with DRPE, we summarize the
vation possibly can be accomplished by virtue of ho- following points. First, similar to DRPE, the PTFT
lographic recording and recovered by phase-shifting system also employs two phase keys for encryption
interferometry. The optical setup shown in Fig. 2 can and decryption. However, for PTFT the pair of phase
be used to implement the PTFT. SLM1 and SLM2 are keys for encryption is not identical to that for decryp-
amplitude-modulated and phase-modulated space- tion, leading to an asymmetric structure. Neverthe-
light modulators respectively. The 4-f imaging sys- less, to our best knowledge, almost all existing opti-
tem enables the two SLMs to optically come into con- cal encoding methods, including DRPE, belong to
tact with each other. All the two SLMs and the CCD
are controlled by a computer (PC). This setup can be

Fig. 3. Input plaintext (Lena, 256⫻ 256 pixels).

Fig. 2. Sketch of optical setup for PTFT. (b) Ciphertext corresponding to (a).
120 OPTICS LETTERS / Vol. 35, No. 2 / January 15, 2010

viously, is more convenient in the processes of record

and transmission. Finally, because of working with
an one-time pad manner, the decryption keys of
PTFT system cannot be reused. Although this man-
ner guarantees a high-level security, it also causes
some troubles. For example, the decryption keys
should be delivered in every communication. Thus
solving the key distribution through a secure trans-
mission channel or with the help of other techniques
is required.
In conclusion, we have proposed an asymmetric
cryptography technique based on twice phase-
truncated Fourier transforms. Two random phase
masks are employed as encryption keys, transform-
ing the input image into real-value stationary white
noise. Meanwhile, after each PTFT, two truncated
phases are recorded that will be used in the process
of decryption. Owing to the nonlinear operation of
phase truncation, high robustness against existing
attacks could be achieved. A set of simulation experi-
ments is made to demonstrate the validity of the
asymmetric encryption–decryption process and ro-
bustness. From the perspective of cryptology, asym-
metric cryptography is of the same significance with
symmetric scheme. To this point, it is necessary to
develop effective asymmetric optical cryptosystems
for the integrity of optical cryptography.
This work is supported by the National Natural
Science Foundation of China (NSFC) (grants
60775021 and 60907005), the China postdoctoral Sci-
ence Foundation funded project (200902334), and the
Shanghai Institute of Microsystems and Information
Technology, and the Chinese Academy of Sciences.
The authors are grateful to the helpful comments of
anonymous reviewers.
References
1. B. Javidi, Phys. Today 50, 27 (1997).
2. P. Refregier and B. Javidi, Opt. Lett. 20, 767 (1995).
3. H. T. Chang, W. C. Lu, and C. J. Kuo, Appl. Opt. 41,
4825 (2002).
Fig. 4. Decryption results using (a) no keys, (b) random 4. P. K. Wang, L. A. Watson, and C. Chatwin, Opt. Eng.
phase keys, (c) encryption keys, (d) fake decryption keys (Bellingham) 35, 2464 (1996).
generated from a fake plaintext, and (e) true decryption 5. Y. Li, K. Kreske, and J. Rosen, Appl. Opt. 39, 5295
keys. (2000).
6. W. Stallings, Cryptography and Network Security:
Principles and Practice, 2nd ed. (Prentice Hall, 1999).
symmetric systems. Second, it has been demon- 7. G. H. Lin, H. T. Chang, W. N. Lai, and C. H. Chuang,
strated that DRPE is vulnerable to several attacks Opt. Eng. 42, 2331 (2003).
such as chosen-ciphertext attack [9], known-plaintext 8. X. Peng, H. Wei, and P. Zhang, Opt. Lett. 31, 3579
attack [10], and ciphertext-only attack [11] because of (2006).
its inherently linear property. To enhance the secu- 9. A. Carnicer, M. Montes-Usategui, S. Arcos, and I.
rity strength, many efforts have been made to use Juvells, Opt. Lett. 30, 1644 (2005).
more additive keys, for example [12,13]. Neverthe- 10. X. Peng, P. Zhang, H. Wei, and B. Yu, Opt. Lett. 31,
less, increasing the number of keys contributes little 3261 (2006).
to security strength as long as the linearity property 11. X. Peng, H. Q. Tang, and J. D. Tian, Acta Phys. Sin. 56,
2629 (2007).
of the system is kept [14,15]. In contrast, the PTFT 12. G. Situ and J. Zhang, Opt. Lett. 29, 1584 (2004).
system could endure those attacks owing to employ- 13. G. Unnikrishnan and K. Singh, Opt. Eng. 39, 2853
ing a nonlinear operation, phase truncation. Third, (2000).
the ciphertext of DRPE is a complex function that is 14. X. Peng, H. Wei, and P. Zhang, Opt. Lett. 31, 1044
difficult to record by regular method, whereas the ci- (2006).
phertext of PTFT system is a real function that, ob- 15. W. Qin and X. Peng, J. Opt. A 11, 075402 (2009).