## Abstract

A novel information hiding method based on double random-phase encoding (DRPE) and Rivest-Shamir-Adleman (RSA) public-key cryptosystem is proposed. In the proposed technique, the inherent diffusion property of DRPE is cleverly utilized to make up the diffusion insufficiency of RSA public-key cryptography, while the RSA cryptosystem is utilized for simultaneous transmission of the cipher text and the two phase-masks, which is not possible under the DRPE technique. This technique combines the complementary advantages of the DPRE and RSA encryption techniques and brings security and convenience for efficient information transmission. Extensive numerical simulation results are presented to verify the performance of the proposed technique.

©2009 Optical Society of America

## 1. Introduction

The ever increasing need for improved data security and intellectual property protection demands the development of better information hiding techniques. Recently, a double random-phase encoding (DRPE) technique [1] has been proposed where good diffusion and confusion properties are effectively used for encryption [2–6] and information hiding [7–13]. Because the encryption key is the conjugate of the decryption key, the DRPE technique can be considered as a single-key system (or symmetrical key system) in cryptography. Therefore, to deliver the encrypted image, one must transmit the key via another secure channel. However, the security of the keys’ management and transmission becomes a serious problem because the number of keys is enormous especially for multi-user transmission involving large images. The public-key cryptosystem [14–16] i.e., the asymmetrical key system plays an important role in cryptography. Since the public key is open to all users, a legal user only needs to protect his own decryption key, which makes it simple and convenient to manage and assign the keys. The RSA public-key cryptography [14–16] is based on the decomposition of a large integer factor and the diffusion property of RSA seems to be insufficient. Consequently, in this paper, we propose to effectively combine the complementary properties of these two encryption systems to achieve a more secure and convenient system for information transmission.

As an important branch of information security, information hiding technique has been widely investigated. In information hiding technique, a secret image is embedded into a host image after it is encrypted to ensure the imperceptibility of the secret image in the transmission process and prevent the information from being read by unauthorized person. Recently, Zhou et al. [12] proposed an information hiding method based on the DRPE technique where the encrypted complex image is hidden in an enlarged host image. However, the quality of the recovered image is deteriorated because of the direct information superposition. To solve this problem, Zhang et al. [13] proposed an information hiding technique where a mask of the DRPE system is hidden in an enlarged host image after it is modulated by sine and cosine functions. This method eliminates the detrimental effect of the direct information superposition on the decrypted image. However, this technique hides only one mask of the DRPE system into a host image before transmitting it to the receiver. The other mask needs to be delivered as a secret key through a secure channel, which adds additional burden on the network. In addition, attackers can easily recover the secret information if they intercept the secret key and the transmitted image where the other mask is hidden.

To alleviate the problems associated in the above mentioned methods, in this paper, we propose a novel information hiding technique by smartly utilizing the complementary features of the DRPE technique and RSA public-key cryptography system. In the proposed technique, the two phase-masks used in the DRPE system are utilized to diffuse and confuse information and make it more robust to resist occlusion. The private key of the RSA public-key cryptography system is used as the key in the proposed method to ensure security. The proposed system ensures simultaneous transmission of the ciphertext and the two phase-masks. Thus there is no need to transmit keys separately for secret information transmission and the receivers can recover the secret image without any ambiguity.

## 2. RSA public-key cryptography

In the public-key cryptography, two related keys are used to separate the ability of encryption from that of decryption. The public key is open to all users and the private key is kept secret for authorized users only. There is no need to transmit key in the process of secret information transmission. As a result, public-key cryptography is very convenient for the management and assignment of keys. To the best of the authors’ knowledge, RSA public-key cryptography is the most mature public-key cryptosystem and is widely used in practice. The following steps show how the keys are generated in this algorithm [16]:

- Select two large prime numbers
*p*and*q*randomly; - Calculate
*n*=*p*×*q*,*φ*(*n*) = (*p*-1)(*q*-1), where*φ*(*n*) is the Euler function of*n*; - Select an integer
*e*, such that 1 <*e*<*φ*(*n*) and gcd(*φ*(*n*),*e*) = 1, where gcd(·) implies that*φ*(*n*) and*e*are prime to each other; - The decryption key
*d*is calculated by*d*·*e*≠ 1 mod*φ*(*n*), where mod denotes modular arithmetic operation; - {
*e*,*n*} denotes the public key, and {*d*,*n*} denotes the private key.

In the encryption process, at first, divide the bit string of plaintext into many groups, and set the decimal number corresponding to each group be less than *n*. Then perform the encryption operation on each plaintext group *m* such that

The decryption operation on each ciphertext group may be expressed as

## 3. The secret image hiding and extraction methods

#### 3.1 Phase retrieval algorithm based on DRPE system

Figure 1 shows realization of the DRPE technique using a standard 4*f* system, where *f*(*x*, *y*) represents the input image, *g*(*x*, *y*) represents the gray image to be hidden on the output plane. Once the system is illuminated by a collimated light beam, *f*(*x*, *y*) is modulated by the phase mask 1 (PM1), defined as

The modulated image based light beam is Fourier transformed by lens (L1), which is then multiplied by phase mask 2 (PM2), expressed as,

where *θ*
_{0} (*x*, *y*) and *φ*
_{0} (*u*, *v*) are the two phase-functions inserted in the input plane and Fourier plane respectively, and their values are randomly distributed over the interval [0,1]. The transform process from the input image *f*(*x*, *y*) to the output image *g*(*x*, *y*) can be expressed as [1]

where *FT* and *FT*
^{-1} denote the Fourier transform and the inverse Fourier transform operations, respectively.

Sometimes we need to find a way to obtain the two phase-masks (PM1 and PM2), when *f*(*x*, *y*) and *g*(*x*, *y*) have been determined. That is, we choose an image as the input image *f*(*x*, *y*), and let it be transformed into a designated image to be hidden *g*(*x*, *y*) by DRPE system, so *f*(*x*, *y*) and *g*(*x*, *y*) are both known by us. The critical problem is to find the two phase-masks used in Fig. 1. It is somewhat similar to the image reconstruction and phase retrieval, which can be solved by phase retrieval algorithm. At present, there are many phase retrieval algorithms [17–20], and in this paper we use the cascaded iterative Fourier transform (CIFT) algorithm [19,20], which is an improvement on the Gerchberg-Saxton algorithm [17]. In this method, iterative Fourier transform is used back and forth among the input, Fourier, and output planes according to Eq. (5) until the desired criterion [19,20] is met. In general, the criterion can be the mean square error (MSE) or the correlation coefficient between the iterated and the target image, defined as

and

respectively. In Eqs. (6) and (7), *M* × *N* is the size of the image, *E*[·] denotes the mean of the image, *g* denotes the original image to be hidden, and *g _{k}* represents the image obtained after

*k*iteration of the CIFT algorithm. This algorithm has fast convergence speed, and ensures good quality of the recovered image [19,20].

^{th}#### 3.2 Specific method for information hiding

In this paper, we used a random 8 gray-scales image as the input image, whose gray values are uniformly distributed from 0 to 7. Reasons for such a selection will be explained in the appendix. From the above description in Section 3.1, we know that the input image *f*(*x*, *y*) can be transformed into the secret image *g*(*x*, *y*) by the modulation of the two phase-masks *θ*(*x*, *y*) and *φ*(*u*,*v*). Thus, hiding the secret image *g*(*x*,*y*) can be substituted by hiding the input image *f*(*x*,*y*) and the two phase-masks *θ*(*x*, *y*) and *φ*(*u*,*v*) (i.e. the two phase-functions *θ*
_{0}(*x*,*y*) and *θ*
_{0}(*u*,*v*)). The process of the information hiding is shown in Fig. 2, and the specific steps are described below:

1) The input image *f*(*x*, *y*) with only eight gray levels is divided into three bit-planes *f*
_{1}(*x*, *y*), *f*
_{2}(*x*, *y*), and *f*
_{3}(*x*, *y*), respectively. Then the three bit-planes are encrypted by RSA public-key cryptography according to Eq. (1). Thus the three encrypted binary images *f*'_{1}(*x*,*y*), *f*'_{2}(*x*,*y*), and *f*'_{3}(*x*,*y*) are obtained;

2) Choose a host image *h*(*x*, *y*) with same size as the input image. Then replace the lowest three bit-planes of the host image with the three binary images obtained in step 1). As a result, the image *h*'(*x*, *y*) is gotten;

3) Enlarge the image *h*'(*x*,*y*) with *M*×*N* pixels into the image *H*(*x*,*y*) with 2*M* × 2*N* pixels. The enlargement rules are as follows [12,13]:

$$H\left(2m,2n-1\right)=h\text{'}\left(m,n\right),\phantom{\rule{2em}{0ex}}H\left(2m,2n\right)=h\text{'}\left(m,n\right).$$

$$\phantom{\rule{3.2em}{0ex}}m=\mathrm{1,2,3},\cdots ,M\phantom{\rule{2em}{0ex}}n=\mathrm{1,2,3},\cdots ,N$$

From Eq. (8), it is evident that one pixel is extended to four pixels in neighboring rows and columns;

4) Superimpose phase-functions *θ*
_{0}(*x*,*y*) and *φ*
_{0}(*u*,*v*) into the enlarged image *H*(*x*, *y*) according to the following equations:

$$H\text{'}\left(2m-\mathrm{1,2}n\right)=H\left(2m-\mathrm{1,2}n\right)+\alpha \mathrm{sin}\left(2\pi {\theta}_{0}\left(m,n\right)\right),$$

$$H\text{'}\left(2m,2n-1\right)=H\left(2m,2n-1\right)+\alpha {\phi}_{0}\left(m,n\right),$$

$$H\text{'}\left(2m,2n\right)=H\left(2m,2n\right),$$

where *H*'(.,.) represents the combined image, and *α* represents a constant superposition parameter.

#### 3.3 Extraction and decryption of the hidden information

The extraction and decryption of the hidden information involves the inverse process of the hiding and encrypting the original information as shown in Fig. 2. At first, the two phase-functions *θ*
_{0}(*x*,*y*) and *φ*
_{0}(*u*,*v*) are extracted from the combined image *H*'(*x*, *y*). From Eqs. (8) and (9), we get

The real and imaginary parts obtained from Eqs. (10) and (11) are then used to compose a complex number *A*, given by

$$=\alpha \mathrm{cos}\left(2\pi {\theta}_{0}\left(m,n\right)\right)+\mathrm{i\alpha}\mathrm{sin}\left(2\pi {\theta}_{0}\left(m,n\right)\right)$$

$$=\alpha \mathrm{exp}\left(i2\pi {\theta}_{0}\left(m,n\right)\right).$$

Using Eq. (13), we can obtain the input plane phase mask *θ*
_{0}(*x*, *y*) and the superposition parameter *α* as

and

where *angle*(·) represents the angle of the argument, and *abs*(·) represents the modulus of the argument. Using Eqs. (12) and (15), we can obtain the Fourier plane phase-function, expressed as

From Eqs. (14) and (16), it is obvious that one can accurately extract the phase-functions while eliminating the influence of the superposition parameter in the extraction process. The non-enlarged image *h*'(*x*, *y*) can also be obtained from the combined image as

Subsequently, the lowest three bit-planes of the image *h*', i.e., the three encrypted binary images *f*' can be extracted by using the RSA algorithm. After these binary images are decrypted by using the private RSA key according to Eq. (2), the input image *f*(*x*, *y*) can be retrieved by assembling the three decrypted bit-planes in order. The input image *f*(*x*, *y*) and the phase-functions *θ*
_{0}(*x*,*y*) and *φ*
_{0}(*u*,*v*) are then introduced in the DRPE system as shown in Fig. 1, in order to generate the secret image *g*(*x*, *y*).

The two phase-functions *θ*
_{0}(*x*,*y*) and *θ*
_{0}(*u*,*v*) needs to be treated in a slightly different way because our information hiding technique uses a subtraction algorithm. From Eq. (9), we observe that three of the four pixel positions are embedded with cos(2*πθ*
_{0}(*m*, *n*)), sin(2*πθ*
_{0}(*m*,*n*)) and *φ*
_{0}(*m*,*n*), respectively, while the remaining pixel keeps its original value. Therefore, the embedded information can be successfully extracted by the subtraction algorithm using Eqs. (10), (11) and (12). If the phase-functions *θ*
_{0}(*x*,*y*) and *φ*
_{0}(*u*,*v*) are embedded in the four pixel positions after modulation by the sine and cosine functions, then all four pixels will contain embedded information. Thus the subtraction algorithm cannot be operated for extracting hidden information.

#### 3.4 Numerical simulation and discussion

An extensive computer simulation software was developed to test the performance of the proposed information hiding and extraction technique, and the results are shown in Fig. 3. For simplicity, in the RSA based encryption process, we used *n* = *p*×*q* = 91593 × 77041 = 5515596313 (Actually, *p* and *q* are often chosen as big primes which are more than a decimal number 10^{100} in practical application), *e* = 1757316971, and *d* = 2674607171. The phase-masks PM1 and PM2 were obtained by performing 100 iterations of the CIFT algorithm. Here, the value of the parameter *α* in Eq. (9) was selected as 20. To measure the performance of the proposed technique, the peak signal-to-noise ratio (PSNR) metric [7] was used, which is defined as

where *M*×*N* is the size of image, *k* represents the gray level number, *g* and *g*' represent the original image and the obtained image, respectively. The PSNR is an indicator of image quality. It is based on the sum of the squared differences between corresponding pixels of two images, and decreases as the difference between *g* and *g*' increases. The PSNR of the combined image has been found to be 27.2 dB, and of the decrypted image is 31.2 dB.

Figure 4 illustrates how the value of *α* affects the PSNR for both the combined and decrypted images in Fig. 3. There is no optimum value for *α*, but the choice of *α* depends on following conditions. Firstly, perceptible deterioration cannot be induced to the host image by the superposed phase-masks. Secondly, the secret image can be decrypted by the DRPE system as an acceptable image, because the values of the phase functions must be rounded to the nearest integers before they are added into the digital host image, and their error values aroused by rounding are determined by the value of *α*. Thirdly, the proposed method should be robust enough to resist some kinds of attacks, such as adding noise, compression, filtering and so on. In this paper, the gray values of the host image are distributed in the interval [0,255], while the values of cos(2*πθ*
_{0}(*m*,*n*)), sin(2*πθ*
_{0}(*m*,*n*)) and *φ*
_{0}(*m*,*n*) in Eq.(9) are distributed in the interval [0,1]. From Fig. 4, a comparably good result will be achieved if the value of *α* is set to 20.

Compared to alternative techniques [12,13], the proposed method provides two distinct advantages:

(i) It realizes simultaneous transmission for the ciphertext and the two phase-masks, and uses RSA public-key cryptography to ensure secure information transmission. In fact, the input image *f*(*x*,*y*) can be regarded as the ciphertext of the secret image *g*(*x*,*y*), thus avoiding the separate delivery of keys in the information transmission process.

(ii) It is quite imperceptible. The purpose of information hiding is to realize the imperceptibility of the secret image in the transmission process. The information hiding method is based on enlargement of the host image, i.e. every pixel is extended to four pixels with the same gray value in the neighboring rows and columns, as shown in Eq. (8). In alternate techniques [12,13], the secret data is superposed only on two out of every four pixels, so the other two pixels have no superposed information and contain the same gray value. Therefore, two pixels with the same gray value exist in every other row or column in the combined image. This characteristic may attract the attention of attackers to suspect that some secret information has been embedded in the combined image. However, in our technique, the secret data is superposed on three out of every four pixels as shown in Eq. (9). Thus, there is no regularity remaining in the combined image to attract attackers’ attention, and the secret data is more difficult to be perceived compared to alternate methods [12,13].

## 4. Security analysis

#### 4.1. Complementary Advantages of DRPE and RSA public-key cryptography

From Eq. (1), we observe that the diffusion quality of RSA public-key cryptography is determined by the length of plaintext group. The diffusion insufficiency of RSA is illustrated in the image encryption process as shown in Figs. 5 and 6, respectively. For example, consider the binary image encryption process shown in Fig. 5. There are many plaintext groups with the same value in the binary image as shown in Fig. 5(a). These plaintext groups are encrypted into the same ciphertext groups by Eq. (1), so that the profile of the original image can still be seen after it is encrypted by the RSA as shown in Fig. 5(b). When a gray image is encrypted by RSA, the ciphertext cannot prevent the occlusion attack. From Figs. 6(a) and 6(b), we observe that the original image cannot be completely recovered by 75% of the encrypted image pixels leading to partial information loss. In this paper, the diffusion insufficiency of RSA public-key cryptography has been effectively tackled by using the DRPE technique as shown in Figs. 6(c) and 6(d), respectively. The decrypted image is fuzzy (PSNR=13.2 dB), but it displays the entire information of the secret image. The utilization of RSA also ensures simultaneous transmission of the two phase-masks, which is not possible DPRE technique. Thus the proposed technique yields better results by utilizing the complementary advantages of RSA and DPRE.

As the secret image and the input image are real-valued distributions in this paper, only one phase-mask is needed for decryption according to DRPE method. But the 4*f* system with two phase-masks has better diffusion quality than that with one phase-mask. It makes the combined image robust to resist occlusion attack. The decrypted image is shown in Fig. 6(e) (using a single phase-mask, *φ*) when 25% of the combined images’ pixels are occluded. Comparing Figs. 6(d) with 6(e), we can see that the decrypted image using two phase-masks is clearer than that using one. Therefore, we employ two phase-masks to diffuse and confuse information in our method.

#### 4.2 Robustness of the Proposed Technique

We conducted extensive computer simulations to illustrate the robustness of the proposed method. The superposition parameter *α* is set to 20 for all simulations tests conducted.

In the first experiment, we tested the effect of adding additive white noise to the combined image and the simulation result is shown in Fig. 7. Figure 7(a) shows the combined image with added Gaussian white noise (mean 0 and variance 0.5), and Fig. 7(b) shows the corresponding recovered image with a PSNR of 16.3 dB.

In the following experiment, we tested the effect of applying JPEG compression to the combined image. We used discrete cosine transform (DCT) based coding to perform the JPEG compression. The experiments were performed for JPEG compression when 90% and 85% of the combined image quality are preserved and the experimental results are shown in Fig. 8. The PSNR when 90% and 85% of the combined image quality is reserved has been found to be 21.8dB and 15.7dB, respectively.

In the last experiment, we tested the effect of filtering the combined image with the Gaussian low-pass filter. The simulation results are shown in Fig. 9. Here, we used a 3×3 symmetric Gaussian low-pass filter with standard deviation of 256 pixels which is equal to half of the size of the combined image. From Fig. 9(b), we observe that the desired image has been recovered with a PSNR of 12.9 dB.

## 5. Conclusion

In this paper, we propose a new technique to hide images using the DRPE technique and RSA public-key cryptography. In the proposed technique, the DRPE concept is used to overcome the diffusion insufficiency of the RSA; and RSA public-key cryptography is used to eliminate the requirement of separate transmission of the secret key in the DRPE method. The DRPE technique strengthens the robustness toward occlusion related weakness the RSA while the separate transmission of keys is eliminated because of the utilization of RSA. Simulation tests verify the effectiveness of the proposed technique.

We also conducted computer simulations to test the robustness of the proposed method. Simulation results show that the proposed technique is capable of recovering the secret image, even under severe distortions. For example, this technique can recover the secret image even when (i) 25% of the pixels are occluded, (ii) Gaussian white noise is added to the combined image, (iii) the combined image is compressed by JPEG compression, and/or (iv) filtered by Gaussian low-pass filters.

## Appendix

In this appendix, we will explain the reasons why a gray-scales image instead of a binary image should be selected as the input image.

Firstly, we perform several numerical simulations to verify the property of DRPE technique that the secret image can be recovered by part of the ciphertext [4,7] (in this paper, the ciphertext is represented by input image *f*(*x*, *y*)). We occlude 1/2, 3/4, and 7/8 of the input image pixels, and the occluded images are displayed in Figs. A1(a), A1(b), and A1(c), respectively. When the occluded input images and the two phase masks are introduced into the DRPE system as shown in Fig. 1, the corresponding decrypted images are obtained, and shown in Figs. A1(d), A1(e), and A1(f), respectively.

From Fig. A1, we can observe that part of the input image is enough to decrypt the secret image. But when less than 1/4 of the input image pixels are used, the decrypted secret image is too fuzzy to be seen clearly.

If the attacker knows the steps of our information hiding method, the two phase-masks in the DRPE system can be easily extracted from the combined image (according to Eqs. (10) to (17)). Further, the secret image can be decrypted, provided the attacker obtains the input image or even more than 1/4 of the input image pixels.

If a binary image is taken as the input image *f*(*x*,*y*), the attacker even need not to decode the RSA-encoded input image *f*'(*x*, *y*). Because a binary image only has two kinds gray values (0 and 1), a random binary image, which is arbitrarily chosen, will have about 1/2 of its pixels which have the same gray value as the corresponding pixels of the input random binary image (as shown in Fig. A2(a) for example). Especially, an image, with 0 or 1 gray value for all pixels, has about 1/2 of its pixels which have the same gray value as the corresponding pixels of the input random binary image. For example, Fig. A2(b) is an image with 1 gray value for all pixels. Those pixels with 1 gray value in Fig. A2(a) are the same as the corresponding pixels of Fig. A2(b). The number of pixels with 1 gray value in Fig. A2(a) is about 1/2 of its total pixels, so Fig. A2(b) have about 1/2 of its pixels which are the same as the corresponding pixels of Fig. A2(a). Therefore, when the binary image (Fig. A2(a) for example) is taken as the input image, even he does not know how to decode the RSA-encoded input image, the attacker can decrypt the secret image by arbitrarily choosing a random binary image, or more simply, by choosing an image with 0 or 1 gray value for all pixels as the input image. Fig. A2(c) shows the decrypted image when Fig. A2(b) is used as the input image. So a binary image cannot be used as the input image in this method.

Similarly, if an image with 4 gray-scales is taken as the input image, a random gray image with 4 gray-scales, or an image with 0, 1, 2, or 3 gray value for all pixels has about 1/4 of its pixels which have the same gray value as the corresponding pixels of the input image. When the attacker takes any one of them as the input image, the secret image can be decrypted with the same quality as Fig. A1(e). Though it is fuzzy, the secret image can be identified. For security, the image with 4 gray-scales cannot be used in this method, either.

Generally, a gray image has 2^{n} gray-scales, *n* =1,2,3⋯. From Fig. A1(f), we can see that 1/8 of the input image pixels can not recover the secret image, so 8 gray levels should be the minimum number for this method. That is to say, in this condition, the secret information will remain safe if the attacker cannot decode the RSA-encoded input image. Therefore, we take an image with only 8 gray levels in this paper as the input image, whose gray values are uniformly distributed from 0 to 7, shown in Fig. A3(a).

A random gray image with 8 gray levels, which is arbitrarily chosen, only has about 1/8 of the image pixels which have the same gray value as the corresponding pixels of the input image, so does an image with 0, 1, 2, 3, 4, 5, 6, or 7 gray value for all pixels. If the attacker only uses the same 1/8 of the image pixels to decrypt the secret image, the decrypted secret images (shown in Figs. A3(b)–(j)) are too fuzzy to be seen clearly. When a random 8 gray-levels image is arbitrarily selected as the input image, the decrypted image is shown in Fig. A3(b). Figures A3(c)–(j) are the decrypted images obtained by using the images with 0, 1, 2, 3, 4, 5, 6, or 7 gray value for all pixels as the input image, respectively.

From the above description, we can know that a fuzzy but acceptable secret image could be recovered just using more than 1/4 of the input image pixels. Under the condition that a random 8 gray-levels image is taken as the input image, the probability, of which an arbitrarily selected 8 gray-scales image has more than 1/4 of its pixels with the same gray value as the corresponding pixels of the input image, can be expressed as:

*M* × *M* is the size of image.
${C}_{M\times M}^{n}=\frac{\left(M\times M\right)!}{n!\left(M\times M-n\right)!}$, this is the number of combinations of *M* × *M* things taken *n* at a time.

To a 8 gray-levels image with 256×256 pixels,

Let *a*(*n*) = 7^{n}
*C ^{n}*

_{65536}, so

*a*(

*n*-1) = 7

^{n-1}

*C*

_{65536}

^{n-1}. Thus, from

*n* < 57345 can be obtained. That is, when *n* < 57345,

So the Eq. (A2) can be estimated as follows:

That is *P*<5.5×10^{-1640}.

From the result, we can know that the probability is very small. Which means, it is quite difficult to find an image, which have more than 1/4 of its pixels with the same gray value as the corresponding pixels of the input image. So only 8 gray levels, contained in a random gray image, which is taken as the input image, are enough to ensure the security for our proposed method. Therefore, unless the attacker has found a way to decode the RSA-encoded input image, he cannot obtain the secret image.

Obviously, the larger number of gray-scales the input image has, the safer the RSA-encoded image is. But the more gray levels the input image has, the more bit-planes of the host image are substituted, and the more deterioration to the quality of the host image is induced. Generally, 4 bit-planes of the host image, which can be replaced without noticing changes, is the maximum permissible number; beyond it, severe deterioration to the host image may be aroused. Therefore, in order to ensure the imperceptibility transmission for the hidden image and the security of the RSA-encoded input image, we take a random 8 gray-scales image as the input image *f*(*x*,*y*) in this paper.

## References and links

**1. **P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. **20**, 767–769 (1995). [CrossRef] [PubMed]

**2. **G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. **25**, 887–889 (2000). [CrossRef]

**3. **O. Matoba and B. Javidi, “Encrypted optical memory system using three-dimensional keys in the Fresnel domain,” Opt. Lett. **24**, 762–764 (1999). [CrossRef]

**4. **B. Javidi, A. Sergent, G. Zhang, and L. Guibert, “Fault tolerance properties of a double phase encoding encryption technique,” Opt. Eng. **36**, 992–998 (1997). [CrossRef]

**5. **B. Javidi and T. Nomura, “Securing information by use of digital holography,” Opt. Lett. **25**, 28–30 (2000). [CrossRef]

**6. **X. Zhou, S. Yuan, S. W. Wang, and J. Xie, “Affine cryptosystem of double-random-phase encryption based on the fractional Fourier transform,” Appl. Opt. **45**, 8434–8439 (2006). [CrossRef]

**7. **S. Kishk and B. Javidi, “Information hiding technique with double phase encoding,” Appl. Opt. **41**, 5462–5470 (2002). [CrossRef] [PubMed]

**8. **J. Rosen and B. Javidi, “Hidden images in halftone pictures,” Appl. Opt. **40**, 3346–3353 (2001). [CrossRef]

**9. **Y. S. Shi, G. H. Situ, and J. J. Zhang, “Multiple-image hiding in the Fresnel domain,” Opt. Lett. **32**, 1914–1916 (2007). [CrossRef] [PubMed]

**10. **K. T. Kim, J. H. Kim, and E. S. Kim, “Multiple information hiding technique using random sequence and Hadamard matrix,” Opt. Eng. **40**, 2489–2494, (2001). [CrossRef]

**11. **J. J. Kim, J. H. Choi, and E. S. Kim, “Optodigital implementation of multiple information hiding and extraction system,” Opt. Eng. **43**, 113–125 (2004). [CrossRef]

**12. **X. Zhou and J. G. Chen, “Information hiding based on double random phase encoding technology,” J. Mod. Optics. **53**, 1777–1783 (2006). [CrossRef]

**13. **H. Zhang, L. Z. Cai, X. F. Meng, X. F. Xu, X. L. Yang, X. X. Shen, and G. Y. Dong, “Image watermarking based on an iterative phase retrieval algorithm and sine-cosine modulation in the discrete-cosine-transform domain,” Opt. Commun. **278**, 257–263 (2007). [CrossRef]

**14. **D. R. Stinson, *Cryptography: Theory and Practice* (CRC Press2002).

**15. **B. Yang, *Modern Cryptography* (Tsinghua University Press2007) (in Chinese).

**16. **S. Yuan, X. Zhou, D. H. Li, and D. F. Zhou, “Simultaneous transmission for an encrypted image and a double random-phase encryption key,” Appl. Opt. **46**, 3747–3753 (2007). [CrossRef] [PubMed]

**17. **R. W. Gerchberg and W. O. Saxton, “A practical algorithm for the determination of phase from image and diffraction plane pictures,” Optik. **35**, 237–246 (1972).

**18. **J. R. Fienup, “Phase retrieval algorithms: a comparison,” Appl. Opt. **21**, 2758–2769 (1982). [CrossRef] [PubMed]

**19. **G. H. Situ and J. J. Zhang, “A cascaded iterative Fourier transform algorithm for optical security applications,” Optik. **114**, 473–477 (2003). [CrossRef]

**20. **G. H. Situ, J. J. Zhang, Y. Zhang, and Z. S. Zhao, “A cascaded-phase retrieval algorithm for optical image encryption,” J. Optoelectron. Laser. **15**, 341–343 (2004) (in Chinese).