Cryptanalysis of DRPE using complex S-Box based on linear canonical transform

During recent decades, double random phase encoding grasped more attention for researchers. To achieve nonlinearity, it had been done with random S-Box. We exhibit this involvement that DRPE system is much vulnerable in the above methodology. Concatenating anything with DRPE needs an imaginary value, wherein S-Box unsuccessful in it. Used S-Box has been reformed into various sizes. Due to this scenario, S-Box values are replicating. So, complex S-Box has been employed and proposed size of the S-Box is similar to an input image. Numerical simulations such as performance analysis, histogram analysis and 3D plot analysis have been performed out to validate the practicability and trustworthiness of traditional DRPE system with complex S-Box. Moreover, in order to check the cryptanalysis, much other analysis done such as occlusion attack, noise attack, chosen plaintext analysis and sensitivity analysis also accomplished.


Introduction
In the past two to three decades, securing the data, images, audio files and video files from intruder plays a foremost task. Even though there are numerous algorithms are existing, it is very difficult to protect the information. A traditional image encryption algorithm delivers poor presentation for Where rand, r and c are a random function, rows and columns respectively. M and N are the size of input images. While investigating the S-Box from eq. 1 and 2, its size is 16 × 16, and then it had been resized into the size of the input image. Due to this, values are getting replicated. Moreover, DRPE system mainly deals with complex numbers. But the created S-Box, is not matching with complex numbers. Our proposed system overcomes the loopholes of the previous system and concentrated on enactment procedures for instance Non-linearity, Bit-Independence criterion (BIC), Strict Avalanche Criterion (SAC), Differential Probability (DP) and Linear Probability (LP). These parameters are shown in Table 1.

Linear canonical transform (LCT)
LCT is optically instigated by QPS (quadratic phase systems) [59]. LCT is considered as grander case of all the transforms such as Fourier Transform, Fractional Fourier Transform and Fresnel Transforms. The 2-dimensional LCT consists of three parameters. LCT is considered as based on linear integral transforms and it is completely defined as follows, Where LCT α, β, γ {.} represents the LCT transform through three real transform parameters α, β and γ. Two planes, one is called as input plane which is characterized as (x 0 , y 0 ) and the other is transform plane which is mentioned as (x, y). The three transform factors α, β and γ are associated through QPS renovation. Henceforward it is interconnected to the transmission distances d 1 , d 2 and the focal length f. Wavelength is denoted as λ and the real parameters are shown as (Fig. 1), Beginning from the Fig. 2, it is undoubtedly agreed, input and transform planes are placed as d 1 and d 2 . The transform planes and output planes are positioned as d 3 andd 4 . d 1 ,d 2 , d 3 and d 4 are recognized as distance factors and deliberated as important to QPS. Random phase masks from DRPE system (RPM1 and RPM2) and six parameters of LCT (α 1 , β 1 , γ 1 , α 2 , β 2 , γ 2 ). So, totally eight parameters are considered as the security space for LCT grounded DRPE system. Figure 3 shows the encryption and decryption of proposed system. Let us consider f(x, y) as an input image. It is getting multiplied with first random phase mask RPM1(x, y).In order to overcome the loopholes in [60], complex random S-Box has been created with the size of input image using the following equation.

Proposed work
Where M, N are the size of the input images. In the place of traditional Fourier transform, Linear canonical transforms has been considered in the proposed model with three security parameters α 1 , β 1 , γ 1 . Intermediate image I(x, y) has been calculated with the following equations.
Where PT and MT represents the phase truncation and magnetic truncation respectively. According to the above equations, input image is getting multiplied with first random phase mask and created complex S-Box. The resultant is transformed using linear canonical transforms with three security parameters. The absolution portion is called as I(x, y). R3 is denoted as phase portion of eq. 9. Encrypted image is obtained from an intermediate image with the following equations.
Intermediate image is multiplied with another random phase mask and complex S-Box. The overall product is undergone for the linear canonical transforms with another set of three security parameters. The absolute portion is called as an encrypted image. R4 is denoted as phase portion of eq. 11. R3 and R4 are also called as decryption keys. The flow chart for the decryption is given in Fig. 4. Cipher image from encryption portion is multiplied with one of the secret key and divide by randomly generated complex S-Box. The product undergoes for the Linear canonical transform using three security parameters (α 1 , β 1 , γ 1 ).After doing this process, I(x, y) is obtained successfully.
To obtain the decrypted image back I(x, y)is multiplied with another secret key R 3 and divided with complex S-Box. The output undergoes for transformation with another set of three security parameters (α 2 , β 2 , γ 2 ).

Performance investigation
The suggested asymmetric cryptosystem has been surveyed by numerous methods such as Mean Square Error (MSE), Peak Signal to Noise Ratio (PSNR) and Correlation Coefficient (CC). MSE, PSNR and CC [20,21,38,47,65] have been computed using the given formulas.
Where P(x, y) the plain is image and P ′ (x, y) is recovered image. cov, σ denotes the co-variance and standard deviation respectively. The computed MSE value from the above equation for 256 × 256 medical image is 9.06 × 10 -26. PSNR finds the variance between plain image and recovered image and it is represented in below equation. If the PSNR value is high, it gives the good quality of image. The result of PSNR is 372.21 dB. From the result, it has been clearly observed the value is high, so, it gives the good quality of image. Since all the correct keys given in our system, the value of CC is equal to 1. Table 2 drafts the comparison results for all the analysis. It has been clearly understood from the Table 2; our proposed asymmetric cryptosystem provides better results.

Histogram analysis
Histogram is otherwise defined as evaluator for our proposed cryptosystem. To avoid the leakage of information [20,21,38,47,65], histogram of cipher image must be different from histogram of plain image. Figure 5.represents the histogram investigation of offered asymmetric cryptosystem. Figure 5

3D plot analysis
The efficiency of asymmetric system is checked by 3d plot analysis as indicated in Fig. 6. The 3D plot of plain image, encrypted image and recovered image are in Fig. 6 (a) (b) and (c) respectively.

DRPE S-Box cryptanalysis
In this segment, conflict of DRPE using S-Box has been checked against various attacks such as occlusion attack, noise attack and chosen plaintext attack in brief.

Occlusion attack analysis
Occlusion is defined as hiding some portions or overwriting throughout communication. To examine the robustness of an encrypted data, occlusion attack [20,21,38,47,65] has been preferred for this cryptosystem. Figure 7 demonstrates the occlusion analysis. Minimum portion that is 10% on encrypted images are hidden in Fig.7 (a) and obtained recovered image is in Fig. 7 (b) 25% and 75% portion of encrypted images are occluded in (c) and (e) corresponding decrypted images are shown in fig. (d) and (f) respectively. As the data hiding is increasing, it is not possible to recover the image back.

Noise attack analysis
During transmitting and receiving the signals in channels, there is always a chance for noise distortion. In case, if the level of distortion is high, sometimes, it is not possible to clear picture the recovered image. Hence, it is mandatory to check our proposed system with respect to noise. In Fig. 8, it has been checked with salt and pepper noise. Figure 8 (a, b) represents the salt and pepper noise with density of 0.2 and 0.9 respectively. It has been observed from the Fig. 9, as the noise increases, MSE value decreases.

Chosen plaintext analysis
In CPA, attacker has the plain image and scheme. With respect to these, he will try the cipher image. Normally, DRPE is highly vulnerable to CPA. If an attacker chooses Dirac delta function [31] which is shown in the below equation, From the above equation, second secret key is easily obtained by drpe cpa . Figure 9 shows the CPA analysis of DRPE system (Fig. 10).

Sensitivity analysis
The proposed system has been checked with sensitivity analysis [20,21,38,47,65]. It means, how much the system is sensitive even there is a small difference. Then only when attacker LCT has three security parameters; until unless attacker gets all three parameters, he is not possible for cracking. So, analysis made w.r.t LCT. Figure 11. (a) represents the plot of medical image when all the security parameters are correct. Figure 11. (b) denotes the all wrong parameters Fig. 11 (c) Indicates one correct parameter and other two wrong parameters. Figure 11 (d) Represents only one wrong parameter. Hence, even attacker gets only one parameter, he is not capable to pull through the image. So, our proposed system is highly sensitive and provides best results.

Performance analysis
The proposed complex S-Box based asymmetric cryptosystem is instigated in MATLAB R2020b and the rapidity is tested on Intel(R) core(TM) i5-7200 CPU @ 2.5-2.71 GHz, 8 GB RAM successively Windows 10. The time duration for the proposed system execution is 0.534 seconds.

Conclusion
Since, DRPE is in need of nonlinearity; the foremost important block to support nonlinearity is S-Box. Creation of random S-Box and embedded in DRPE is already done. The size of the random S-Box is small and it replicates the values in order to match with the plain image. Moreover, the created S-Box is not consisting of complex values. The cryptanalysis has been performed and a new approach has been specified and given as proposed asymmetric cryptosystem. Numerical analysis such as histogram, occlusion, noise attack and sensitivity analysis has been done for the proposed asymmetric cryptosystem. The transform used for proposed system is LCT with three security parameters. These three security parameters also play a vital role for the robustness of our system. Hence, the proposed asymmetric cryptosystem provides better results in comparison with other DRPE systems.

Declarations
Conflict of interest The authors declare no conflict of interest.