## Abstract

In this paper, we propose a novel secure image sharing scheme based on Shamir’s three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

©2012 Optical Society of America

## 1. Introduction

Due to the development of Internet and the increasing requirement for image transmission, information encryption and secure communication are becoming more and more important in nowadays. Image encryption by use of optical systems has received increasing attention recently, because of their distinct advantages of processing two-dimensional complex data in parallel and at high speed. In the past decade, a number of new approaches are proposed and demonstrated with optical implementations [1–11]. Among them, the most widely used and highly successful method is the double random phase encoding (DRP) scheme in Fourier domain [1], and moreover, in the fractional Fourier transform (FRFT) domain [2], in which the original image is encrypted into stationary white noise. In this method, two random phase masks are used in the input and the Fourier or FRFT plane. Phase of these random phase masks are uniformly distributed in the interval [0,$2\pi $] and the second random phase mask is the main encryption key. Liu et al [3] developed this work by cascading the random phase filtering operation in the fractional Fourier domain to enlarge the key space. Recently, Liu et al present two novel algorithms for sharing and hiding secret image based on the combination theory [12] or the discrete fractional random transform (DFRNT) [13]. The secret image is firstly encoded by matrix multiplications or encrypted in the DFRNT domain together with some noise images as the encryption keys to increase the security, and then the cipher text is shared into many shadow images by multiplying binary random sampling matrices. Yang and Huang construct a k out of n scalable secret image sharing scheme [14], and Islam et al [15] present a new approach for sharing images between players by exploiting the additive and multiplicative homomorphic properties of two well-known public key cryptosystems, i.e. RSA and Paillier. Furthermore, although powerful, all of these methods need encryption keys distribution between users in advance and their security relies on the difficulty or infeasibility of computation to find the plain text through enlarging the key space. The classical cryptography is losing security more and more as the computational power is increased by technical innovations. Therefore, unconditionally secure cryptography has been expected eagerly. According to Kerckhoffs' principle [16], the security of any cryptography algorithm depends crucially on keeping encryption key secret. In the case of symmetric cryptographic algorithm the key exchange or distribution was necessary and the assurance of key exchange security would not be a trivial issue in the network environment. Therefore, key distribution between users through channels is a potential risk for the security system. Shamir's three-pass protocol [16] is an interesting no-key protocol which can establish secure communication with no-key-exchange beforehand in the cost of passing the encrypted information three times between users. The key technique of this protocol is that the encryption function must be commutative. Shamir and other researchers [16, 17] described algorithms that will work with this protocol based on one-time pads, large prime decomposition and quantum mechanics. For the first time, we find that the index additive property of the fractional Fourier transform can also be employed to implement Shamir's three-pass protocol, which means one can use simple optical device to establish no-key-exchange secure communication. In this paper, we propose a novel no-key-exchange scheme for secure data communication by implementing the encrypting function of Shamir’s three-pass protocol via the multiple-parameter fractional Fourier transform, which has extra parameters provided by periodicity and vector parameters to enhance the security of information. Simulations are performed to verify the validity of the proposed method.

The remaining sections of this paper are organized as follows. Section 2 briefly reviews Shamir's three-pass cryptography protocol. The proposed no-key-exchange secure image sharing scheme and the numerical simulation results are shown in detail in Section 3. Conclusions are stated in section 4.

## 2. Shamir's three-pass cryptography protocol

One of the most interesting cryptographic protocols is Shamir’s three-pass protocol [16], which shows that secrecy can be obtained with no advance distribution of either secret keys or public keys. The protocol assumes two users connected by a link (such as a seamless optical fiber) that guarantees that the enemy cannot insert or tamper with messages but allows the enemy to read all messages sent over the link. The users are assumed to have a secret-key cipher system whose encrypting function ${E}_{k}(\u2022)$ has the commutative property, that is, for all plaintexts X and all keys ${k}_{1}$ and ${k}_{2}$,

Shamir’s Three Pass Protocol illustrated in Fig. 1 can be described as follows:

- 1) Users Alice and Bob randomly choose their own private secret keys, ${k}_{A}$ and ${k}_{B}$, respectively.
- 2) When user Alice wishes to send a secret message X to user Bob, she encrypts X with her own key ${k}_{A}$, and then sends the resulting cryptogram ${C}_{1}={E}_{{k}_{A}}\left(X\right)$ to user Bob.
- 3) User Bob, upon receipt of ${C}_{1}$, treats ${C}_{1}$ as plaintext and encrypts ${C}_{1}$ with his own key ${k}_{B}$. He sends the resulting cryptogram ${C}_{2}={E}_{{k}_{B}}\left({C}_{1}\right)={E}_{{k}_{B}}\left({E}_{{k}_{A}}\left(X\right)\right)$ back to user Alice.
- 4) User Alice, upon receipt of ${C}_{2}$, decrypts ${C}_{2}$ with her own key ${k}_{A}$. Because of the commutative property (Eq. (1)), this removes the former encryption by ${k}_{A}$ and results in ${C}_{3}={E}_{{k}_{A}}^{-1}\left({E}_{{k}_{B}}\left({E}_{{k}_{A}}\left(X\right)\right)\right)={E}_{{k}_{A}}^{-1}\left({E}_{{k}_{A}}\left({E}_{{k}_{B}}\left(X\right)\right)\right)={E}_{{k}_{B}}\left(X\right)$. Then user Alice sends cryptogram ${C}_{3}$ back to user Bob.
- 5) User Bob, upon receipt of ${C}_{3}$, decrypts ${C}_{3}$ with his own key ${k}_{B}$ to obtain the message X that Alice has successfully sent to him.

In short, the message is delivered in a box securely to a receiver using two padlocks without sharing keys to open the locks.

## 3. The proposed no-key-exchange secure image sharing scheme

As a generalization of the ordinary Fourier transform, the fractional Fourier transform (FRFT) has been used for optical information processing [18]. It is generally agreed that a FRFT operator ${\mathcal{F}}^{\alpha}$ should be continuous for all real values $\alpha $, be reduced to an ordinary Fourier transform when $\alpha $ is a specific integer, and satisfy the following index additive property

#### 3.1 Image sharing based on the multiple-parameter fractional Fourier transform

From the mathematical viewpoint, the fractional Fourier transform has multiplicity, i.e. it has different kinds of mathematical definition, which is intrinsic in a fractional operator. Lang et al [19, 20] proposed a generalized fractional Fourier transform, the multiple-parameter fractional Fourier transform (MPFRFT), which maintains all of the desired properties of FRFT meanwhile possesses periodicity parameter M and a M-dimensional integral vector parameter $\mathfrak{N}\in {\mathbb{Z}}^{\text{M}}$. And then they exploit its multiple-parameter feature for optical image encryption directly by the MPFRFT spectrum without the use of phase keys [9, 20] (they [20] also correct a mistake in the derivation of weighted coefficients of MPFRFT in Ref. 9, which may result in deficiencies of the cryptography based on MPFRFT [10]). They also evaluated the sensitivity of various encryption keys in the MPFRFT method and compared with several existing methods [2–5]. Simulation results all demonstrated that the proposed MPFRFT method is reliable and superior in the sensitivity to decryption parameter errors, due to periodicity and vector parameter enlarge the encryption key space. An optoelectronic hybrid setup with an iterative mechanism is also suggested to implement MPFRFT [9].

Based on these prior works, we attempt to present a novel implementation of Shamir’s three-pass protocol by utilizing the additive property and the multiple-parameter feature of MPFRFT as the encrypting function ${E}_{k}(\u2022)$. The MPFRFT has more parameters to enlarge the key space in order to enhance the safety of information, and its optical setup can be directly employed to implement the proposed image sharing algorithm.

For the sake of notation brevity, we describe only the one-dimensional case. The conventional FRFT of any function $f\left(x\right)\in {L}^{2}\left(\mathbb{R}\right)$ with fractional order $\alpha $ can be defined [18] as

The vector parameter $\mathfrak{N}$ can be arbitrary M-dimensional integer vector. It’s easy to prove that the MPFRFT still satisfies the commutative property even with different periodicities and vector parameters

The expansion of MPFRFT for two-dimensional case is straightforward as successively performing MPFRFT in x axis and y axis respectively, since the MPFRFT is separable in both x and y axis. For a two-dimensional function $f\left(x,y\right)\in {L}^{2}\left({\mathbb{R}}^{2}\right)$, the two-dimensional multiple-parameter fractional Fourier transform (2D-MPFRFT) with periodicity $\left({M}_{L},{M}_{R}\right)$, fractional order $\left({\alpha}_{L},{\alpha}_{R}\right)$ and parameter vectors $\left({\mathfrak{N}}_{L},{\mathfrak{N}}_{R}\right)$ is given by

#### 3.2 Simulations results

Simulations are performed to verify the validity of the proposed algorithm. The image can be encrypted simply by applying a 2D-MPFRFT ${\mathcal{F}}_{\left({M}_{L},{M}_{R}\right)}^{\left({\alpha}_{L},{\alpha}_{R}\right)}\left({\mathfrak{N}}_{L};{\mathfrak{N}}_{R}\right)$ using Eq. (9) with a pair of keys $\left\{\left({M}_{L},{M}_{R}\right),\left({\alpha}_{L},{\alpha}_{R}\right),\left({\mathfrak{N}}_{L},{\mathfrak{N}}_{R}\right)\right\}$, i.e. the transform period pair $\left({M}_{L},{M}_{R}\right)$, fractional order pair $\left({\alpha}_{L},{\alpha}_{R}\right)$ and parameter vectors pair $\left({\mathfrak{N}}_{L},{\mathfrak{N}}_{R}\right)$. The input image can be encrypted well into a randomlike encoded image as shown in Fig. 2(b) , and one can decrypt it simply by substituting $\left(-{\alpha}_{L},-{\alpha}_{R}\right)$ for $\left({\alpha}_{L},{\alpha}_{R}\right)$ without changing other parameters. From the above discussions, the transform period pair, fractional order pair and parameter vectors constitute the keys for decryption of the proposed encryption method using 2D-MPFRFT. For the sake of simplicity, in our implementation we choose the vector parameters $\left({\mathfrak{N}}_{L},{\mathfrak{N}}_{R}\right)$ as $\left({M}_{L},{M}_{R}\right)$-dimensional random integer vector whose values are independent and uniformly distributed over interval [0, 1000].

Suppose the information that Alice wants to share with Bob is the gray image ‘Lena’ as shown in Fig. 2(a). Figure 2(b) is the resulting cryptogram ${C}_{1}$ of Alice with her private secret keys $\left\{\left(\text{23,31}\right),\left(\text{14}\text{.1,23}\text{.6}\right),\left({\mathfrak{M}}_{L},{\mathfrak{M}}_{R}\right)\right\}$. After receipt of ${C}_{1}$, Bob treats ${C}_{1}$ as plaintext and encrypts it with his own key $\left\{\left(\text{27,29}\right),\left(\text{18}\text{.4,23}\text{.2}\right),\left({\mathfrak{N}}_{L},{\mathfrak{N}}_{R}\right)\right\}$, then he sends the resulting cryptogram ${C}_{2}$ (Fig. 2(c)) back to Alice. Alice receives ${C}_{2}$ and decrypts it with her own keys $\left\{\left(\text{23,31}\right),\left(\text{-14}\text{.1,-23}\text{.6}\right),\left({\mathfrak{M}}_{L},{\mathfrak{M}}_{R}\right)\right\}$. Because of the commutative property (Eq. (8)), this removes Alice’s encryption and results in the cryptogram ${C}_{3}$ (Fig. 2(d)) of Bob with his private secret keys. Finally, Bob receives ${C}_{3}$ and decrypts it with his own key $\left\{\left(\text{27,29}\right),\left(\text{-18}\text{.4,-23}\text{.2}\right),\left({\mathfrak{N}}_{L},{\mathfrak{N}}_{R}\right)\right\}$ to obtain the message (Fig. 2(e)) that Alice has successfully sent to him secretly now. The received message appears the same as the original image. In the proposed method, the security of information is guaranteed for reasons of all messages are transmitted in the MPFRFT cryptograms [9, 20]. We have attempted to decode the cryptograms (or the transmitted messages) with different keys and demonstrated that this method is quite successful in preventing unauthorized access (man in middle attack). Figures 3(a) to (c) illustrate the messages that Bob obtains if Alice decodes the encoded image shown in Fig. 2(c) with different wrong decryption keys $\left\{\left(\text{23,31}\right),\left(\text{-14}\text{.098,-23}\text{.598}\right),\left({\mathfrak{M}}_{L},{\mathfrak{M}}_{R}\right)\right\}$, $\left\{\left(\text{22,30}\right),\left(\text{-14}\text{.1,-23}\text{.6}\right),\left({\mathfrak{M}}_{L},{\mathfrak{M}}_{R}\right)\right\}$ and $\left\{\left(\text{23,31}\right),\left(\text{14}\text{.1,23}\text{.6}\right),\left({{\mathfrak{M}}^{\prime}}_{L},{{\mathfrak{M}}^{\prime}}_{R}\right)\right\}$, respectively. Similar results can be obtained if someone decrypted the cryptogram ${C}_{3}$ shown in Fig. 2(d) with wrong keys. Figure 3(d) illustrate the message received if bob decrypted the cryptogram ${C}_{3}$ shown in Fig. 2(d) with wrong parameter vector $\left({{\mathfrak{N}}^{\prime}}_{L},{{\mathfrak{N}}^{\prime}}_{R}\right)$. It means that the proposed image sharing scheme is quite sensitive to the variations of various encryption keys. Any small errors during the decryption procedure will result in the failure of information sharing.

#### 3.3 Security analysis

### 3.3.1. Sensitivity of the keys

To evaluate the security of the decrypted image, we introduce the mean square error (MSE) between the decrypted image $D={\left({d}_{n,m}\right)}_{N\times M}$ and the original image $X={\left({x}_{n,m}\right)}_{N\times M}$ as

To evaluate the security of the algorithm against brute-force attack, we assume that incorrect keys locate in the vicinity of the correct key values, and then the relations between the keys used for decryption and encryption are given as follows

### 3.3.2 Statistical analysis

In order to verify the reliability of the proposed algorithm, statistical analysis has been performed on the proposed encryption algorithm using different images and different keys, which is shown by a test on the histograms and autocorrelations of the original and encrypted images as shown in Fig. 5 . Figures 5(a) and (b) show that there is distinct difference between the histogram of the original image and the encryption. That is because the original image and the encrypted image are in the spatial domain and the MPFRFT domain respectively, but not a simple permutation in the same domain. This can be considered as diffusion in the classical cryptology, which diffuses the statistic characteristic of original image to the whole space. In addition, we find that the cipher text of different original images have similar histogram after encrypted with independent encryption keys after a number of parallel experiments. This can be considered as confusion in the classical cryptology. It is difficult for attackers to obtain useful information from the statistic characteristic, thus it can bring us considerable capacity of resisting statistic cryptanalysis. Figure 5(c) shows the autocorrelation of the image Lena, there is strong self-correlation between the pixels. By contrast, Fig. 5(d) shows that the correlation of the encrypted image is much weaker than that of the original image, and the input image can be encrypted into a nearly white distributed image. So the proposed method has an excellent decorrelation capability to realize good diffusion and confusion.

### 3.3.3. Middle attack

If an attacker filches all of the messages sent over the link, it means

- Alice -> Bob: ${C}_{1}=A\cdot X\cdot B$
- Bob -> Alice: ${C}_{2}=C\cdot A\cdot X\cdot B\cdot D=A\cdot C\cdot X\cdot D\cdot B$ (because of commutative property)
- Alice->Bob: ${C}_{3}=C\cdot X\cdot D$

Since the DMPFRFT matrices $A,B,C,D$ are unitary matrix, there will be at most $\frac{N\left(N+1\right)}{2}+\frac{M\left(M+1\right)}{2}$ variables in the above equation for a $N\times M$ pixel image X. But we have only N or M linear equations, so it is difficult to recover $A$ and $B$ both. Furthermore, these matrices are usually singular (the condition number is extremely large) because they may have many nearly zero eigenvalues. It is also hard to recover the secret image X by simple matrix inversion, due to the noise influence or computational error.

### 3.3.4. Resistance to data loss

We also perform computer simulations to check the tolerance of our method to loss of encrypted data. We occlude 25%, 50% and 75% of the encrypted image pixels. Figure 6 shows the occluded encrypted images of Fig. 2(b) and the corresponding recovered images with correct decryption keys. All recovered images with correct keys are visual recognizable, however, it is possible to perform digital post-processing technique to further improve the quality of these recovered images. The proposed method distributes the input image over the entire output plane, thus providing robustness to the distortions due to loss of encrypted data. This will be useful when transmit images through network, especially for only loading part of the encrypted image in the case of heavy traffic.

### 3.3.5. Noise attack

Simulations are also performed to test the robustness of the proposed method against additive noise, which has a white Gaussian distribution with a zero mean in simulation. For the noise attack, we assume that the noise interferes the encrypted image in the following way

where $E$ and ${E}^{\prime}$ are the ideal encrypted image and the noise-affected encrypted image respectively, $\sigma $ is a coefficient on noise strength, and $G$ represents Gaussian random data with zero-mean and identity standard deviation. Figure 7 shows the decrypted images when $\sigma $ equals to 0.05, 0.1, 0.2, 0.5, 0.8 and 1. And the corresponding MSE curves between the original image and decrypted one with different $\sigma $ are illustrated in Fig. 8 . From Fig. 7 and 8, the decrypted images can be recognized despite of some noise interference. Even when $\sigma =1$, the contour of the image can still be recognized.From Figs. 3 to 8, we can conclude that the proposed image sharing scheme is sensitive to the variations of various encryption keys during decryption, and robust against the loss of data, noise perturbation.

## 4. Conclusion

In summary, we have proposed a novel no-key-exchange secure image sharing method based on the multiple-parameter fractional Fourier transform. This approach makes full use of the advantage of the classical Shamir’s three-pass protocol and the properties of the multiple-parameter fractional Fourier transform. Information can be shared between users through transmitting the encrypted messages three times without any key distribution in advance. Simulations results demonstrate the validity and reliability of the proposed method.

## Acknowledgment

The authors would like to thank the anonymous reviewers for their great efforts and valuable comments that are greatly helpful to improve the clarity and quality of this manuscript. This work was supported by the Northeastern University Talents project under Grant (No. 28720521), “985 Project” of Northeastern University (No. 26311005) and the Fundamental Research Funds for the Central Universities (N110404027).

## References and links

**1. **P. Refregier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. **20**(7), 767–769 (1995). [CrossRef] [PubMed]

**2. **G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. **25**(12), 887–889 (2000). [CrossRef] [PubMed]

**3. **S. Liu, L. Yu, and B. Zhu, “Optical image encryption by cascaded fractional Fourier transforms with random phase filtering,” Opt. Commun. **187**(1-3), 57–63 (2001). [CrossRef]

**4. **B. Zhu, S. Liu, and Q. Ran, “Optical image encryption based on multifractional Fourier transforms,” Opt. Lett. **25**(16), 1159–1161 (2000). [CrossRef] [PubMed]

**5. **B. Hennelly and J. T. Sheridan, “Optical image encryption by random shifting in fractional Fourier domains,” Opt. Lett. **28**(4), 269–271 (2003). [CrossRef] [PubMed]

**6. **J. Lang, R. Tao, and Y. Wang, “Image encryption based on the multiple-parameter discrete fractional Fourier transform and chaos function,” Opt. Commun. **283**(10), 2092–2096 (2010). [CrossRef]

**7. **X. Wang and D. Zhao, “Double-image self-encoding and hiding based on phase-truncated Fourier transforms and phase retrieval,” Opt. Commun. **284**(19), 4441–4445 (2011). [CrossRef]

**8. **Z. Liu, M. A. Ahmad, and S. Liu, “Image encryption scheme based on the commutation and anti-commutation rules,” Opt. Commun. **279**(2), 285–290 (2007). [CrossRef]

**9. **R. Tao, J. Lang, and Y. Wang, “Optical image encryption based on the multiple-parameter fractional Fourier transform,” Opt. Lett. **33**(6), 581–583 (2008). [CrossRef] [PubMed]

**10. **Q. Ran, H. Zhang, J. Zhang, L. Tan, and J. Ma, “Deficiencies of the cryptography based on multiple-parameter fractional Fourier transform,” Opt. Lett. **34**(11), 1729–1731 (2009). [CrossRef] [PubMed]

**11. **R. Tao, J. Lang, and Y. Wang, “The multiple-parameter discrete fractional Hadamard transform,” Opt. Commun. **282**(8), 1531–1535 (2009). [CrossRef]

**12. **Z. Liu, M. A. Ahmad, and S. Liu, “Image sharing scheme based on combination theory,” Opt. Commun. **281**(21), 5322–5325 (2008). [CrossRef]

**13. **Z. Liu, S. Liu, and M. A. Ahmad, “Image sharing scheme based on discrete fractional random transform,” Optik (Stuttg.) **121**(6), 495–499 (2010). [CrossRef]

**14. **C. N. Yang and S. M. Huang, “Constructions and properties of k out of n scalable secret image sharing,” Opt. Commun. **283**(9), 1750–1762 (2010). [CrossRef]

**15. **N. Islam, W. Puech, K. Hayat, and R. Brouzet, “Application of homomorphism to secure image sharing,” Opt. Commun. **284**(19), 4412–4429 (2011). [CrossRef]

**16. **J. Massey, “An introduction to contemporary cryptology,” Proc. IEEE **76**(5), 533–549 (1988). [CrossRef]

**17. **L. Yang, A. W. Ling, and S. H. Liu, “Quantum three-pass cryptography protocol,” Proc. SPIE **4917**, 106–111 (2002). [CrossRef]

**18. **H. M. Ozaktas, Z. Zalevsky, and M. A. Kutay, *The Fractional Fourier Transform with Applications in Optics and Signal Processing* (John Wiley & Sons, Chichester, 2001).

**19. **J. Lang, R. Tao, Q. Ran, and Y. Wang, “The multiple-parameter fractional Fourier transform,” Sci. China Ser. F, Inf. Sci. **51**(8), 1010–1024 (2008). [CrossRef]

**20. **J. Lang, R. Tao, and Y. Wang, “The discrete multiple-parameter fractional Fourier transform,” Sci. China Ser. F, Inf. Sci. **53**(11), 2287–2299 (2010). [CrossRef]