Optics Communications 309 (2013) 50–56

Contents lists available at ScienceDirect

Optics Communications

0030-40http://d

n CorrE-m

journal homepage: www.elsevier.com/locate/optcom

Asymmetric cryptosystem and software design based on two-stepphase-shifting interferometry and elliptic curve algorithm

Desheng Fan a, Xiangfeng Meng a,n, Yurong Wang a, Xiulun Yang a, Xiang Peng b, Wenqi He b,Guoyan Dong c, Hongyi Chen d

a Department of Optics, School of Information Science and Engineering and Shandong Provincial Key Laboratory of Laser Technology and Application,Shandong University, Jinan 250100, Chinab College of Optoelectronics Engineering, Shenzhen University, Shenzhen 518060, Chinac College of Materials Science and Opto-Electronic Techology, University of Chinese Academy of Sciences, Beijing 100049, Chinad College of Electronic Science and Technology, Shenzhen University, Shenzhen 518060, China

a r t i c l e i n f o

Article history:Received 26 April 2013Received in revised form4 June 2013Accepted 18 June 2013Available online 6 July 2013

Keywords:Image encryptionPublic keyPhase-shifting interferometry

18/$ - see front matter & 2013 Elsevier B.V. Ax.doi.org/10.1016/j.optcom.2013.06.044

esponding author. Tel.: +86 531 88362857; faail address: xfmeng@sdu.edu.cn (X. Meng).

a b s t r a c t

We propose an asymmetric cryptosystem based on two-step phase-shifting interferometry (PSI) andelliptic curve (EC) public-key cryptographic algorithm, in which one image is encrypted to twointerferograms by double random-phase encoding (DRPE) in Fresnel domain and two-step PSI, and thesession keys such as geometrical parameters and pseudo-random seeds, are asymmetrically encoded anddecoded with the aid of EC algorithm. The receiver, who possesses the corresponding private keygenerated by EC algorithm, can successfully decipher the transmitted data using the extracted sessionkeys. The utilization of EC asymmetric cryptosystem solves the problem of key management anddispatch, which is inevitable in the conventional optical symmetric cryptosystems. Not only computersimulation, but also software design and development are carried out to verify the feasibility of theproposed cryptosystem.

& 2013 Elsevier B.V. All rights reserved.

1. Introduction

Optical security technology has been extensively studied inrecent years because of its nature of parallel processing and high-freedom encoding since Réfrégier and Javidi proposed the doublerandom phase encoding (DRPE) technique [1], and it has beenfurther extended from Fourier domain [1,2] to other domains[3–23]. However, most of the optical cryptographic algorithms orencryption techniques developed so far belong to the category ofsymmetric cryptosystem (or private-key cryptosystem), in whichthe encryption key and decryption key are generally identical ormutually conjugate. From the point of view of cryptography,a symmetric cryptosystem would suffer from security problemssuch as key management and dispatch under an environment ofnetwork security; therefore, to solve these problems, the asym-metric cryptosystem (or public-key cryptosystem) plays an impor-tant role in modern cryptography. Unlike a symmetric encryptionalgorithm, asymmetric cryptography utilizes a pair of keys: onepublished publicly (known as the public key) for encryption andthe other (known as the private key) for decryption. Public-key

ll rights reserved.

x: +86 531 88364613.

schemes are typically used to transport or exchange keys forsymmetric-key ciphers [24–27].

Recently, some pioneer research work has been proposed toexplore asymmetric optical image cryptosystems [28–32]. Penget al. proposed an asymmetric cryptography based on wavefrontsensing [28], in which the public key was derived from optical andgeometrical parameters, while the private key was obtained froma kind of regular point array [28]. Subsequently, Peng and Qinpresented an alternative asymmetric cryptosystem based onphase-truncated Fourier transform and DRPE in an optical 4fsystem [29]. To expand the DRPE scheme to usage in the frame-work of the public-key infrastructure, Lin et al. proposed anasymmetric algorithm based on data embedding to encode anddecode the session key [30]. Zhou et al. [31] and we [32] reportedtwo kinds of asymmetric cryptosystems separately on the basis ofRivest–Shamir–Adelman (RSA) public-key cryptography, the secur-ity of which is based on the fact that the factorization of integersinto their prime factors would be very difficult. However, recentcryptanalytic advances have caused increased discussion aboutpublic key sizes and the security required. Elliptic curve crypto-graphy (ECC) introduced by Miller [33] and Koblitz [34] is gainingfavor as an efficient and attractive alternative to establishedpublic-key systems such as RSA, and the main attraction of ECCover RSA is that significantly smaller parameters can be used inECC than RSA, but with equivalent levels of security [24–27].

D. Fan et al. / Optics Communications 309 (2013) 50–56 51

Therefore, to increase security and bring more convenience for keymanagement and dispatch than RSA, in this paper, we propose anasymmetric cryptosystem based on two-step PSI and elliptic curve(EC) public-key cryptographic algorithm, in which, an image isencrypted to two interferograms, using DRPE and two-step PSIwith session keys enciphered by EC algorithm. The receiver whopossesses the corresponding private keys can successfully deci-pher the transmitted data by the extracted session keys. Further-more, we design a kind of asymmetric cryptosystem software bymixed programming between Visual C++ and Matlab based on theMatcom software environments. In the following sections, we willfirst describe the basis idea of ECC and the procedure of thismethod, then present its simulation verification and softwareimplementation, and finally give the conclusions.

2. Elliptic curve cryptography (ECC)

To design public-key cryptographic systems, the EC cryptosys-tem proposed by Koblitz [34] and Miller [33] independently is nowgaining a lot attention in industry and academia as an alternativeto established RSA public-key cryptosystem. The primary advan-tage of ECC over RSA and other competing technologies is that thefastest known algorithm (known as the Pollard rho method) forsolving the underlying hard mathematical problem in ECC takesfully exponential time, in contrast to the subexponential-timealgorithms known for the integer factorization problem (theunderlying mathematical problem in RSA) [26]. This means thata desired security level can be attained with significantly smallerkeys in ECC than is possible with RSA. It is generally accepted,given current algorithmic knowledge, that the strength of an ECsystem based on 160-bit keys is roughly equivalent to that of a1024-bit RSA system [25]. The result is smaller key sizes, band-width savings, and faster implementations, features which areespecially attractive for security applications. An overview of ECCis given below [35,36].

The equation of a non-singular EC Ep(a, b) over a finite fieldZp (p43 and is a large prime number) takes the form

y2≡x3 þ axþ bðmodpÞ; ð1Þ

where the operator ‘mod’ denotes the modular operation, a and bare two constant such that 4a3+27b2≢0(mod p) must be satisfiedfor its non-singularity. Any point P(xp, yp)∈Ep(a, b), x, y∈Zp togetherwith O, called ‘point at infinity’ forms an abelian groupE¼ x; yð Þ∈Epða; bÞ∪ Of g� �

under the EC addition operation, whereO serves as additive identity element of the group. Given Q, P∈E,finding k such that Q¼kP is referred to as the EC discrete logarithmproblem (ECDLP), whose hardness is essential for the security ofall EC cryptographic schemes.

Fig. 1. Schematic diagram of the propos

The implementation of the ECC is briefly summarized asfollows.

�

ed asy

Elliptic curve key generation:

– select a large prime number p and the EC cryptosystemEp(a, b).

–

Select a base point G on the EC cryptosystem Ep(a, b), havinga prime number n as the order (the smallest positive integern such that nG¼O).

–

Choose a random or pseudo-random integer d from theinterval [1,n�1] as the private key, and the correspondingpublic key is Q¼dG.

–

Publicize the system parameter (Ep(a, b), G, n) and publickey Q.

�

Encryption: the ciphertext of an arbitrary plaintext m¼(m1,m2) takes the form c¼{C0, (c1, c2)}, where C0¼kG, (t1, t2)¼kQ(k is a randomly selected integer from the interval [1,n�1]),c1¼t1m1 mod p, c2¼t2m2 mod p.

�

Decryption: the recipient who possesses the correspondingprivate key d can decrypt the ciphertext c¼{C0, (c1, c2)} bycomputing m¼(c1t1�1 mod p, c2t2�1 mod p), where (t1, t2)¼dC0, t�1 and t are multiplicative inverses mod p, which satisfyt�1t≡1 mod p.

3. Procedure of the proposed asymmetric cryptosystem

Fig. 1 schematically depicts the proposed asymmetric crypto-system, the working principle of which is described in detail in thefollowing sub-sections.

3.1. Optical encryption based on DRPE and two-step PSI

Assume that Alice utilizes two seeds S1 and S2 to generate twoRPMs G1 and G2 to encrypt an image in the Fresnel domain. G1 andG2 are placed in the object plane (x1, y1) and the transform plane(x2, y2), respectively. The complex amplitude transmittances of thetwo RPMs G1 and G2 may be denoted as exp[i2πP1(x1, y1)] and exp[i2πP2(x2, y2)], respectively, where P1 and P2 are two independentwhite noises uniformly distributed in the interval [0, 1]. Thedistance between the object and the transform plane is z1 andthat between the transform plane and the recording plane (x, y) isz2. When an image O in the object plane is illuminated by an on-axis plane wave of wavelength λ, the complex wave in therecording plane (x, y) can be mathematically represented by[16,32]

Uðx; yÞ ¼ FrTz2 fFrTz1 fOðx1; y1Þ exp ½i2πP1ðx1; y1Þ�g exp ½i2πP2ðx2; y2Þ�g;ð2Þ

mmetric cryptosystem.

D. Fan et al. / Optics Communications 309 (2013) 50–5652

where FrTz stands for the Fresnel transform of distance z. Further-more, an on-axis reference wave with the constant amplitude Ar isintroduced and interferes with the object wave to form interfer-ograms. In general, two interferograms I1 and I2 with a phaseincrement of δ (0oδoπ) can be written as [16,32]

I1 ¼ Ao2 þ Ar

2 þ 2AoAr cosφ; ð3Þ

I2 ¼ Ao2 þ Ar

2 þ 2AoAr cos ðφ�δÞ; ð4Þwhere, Ao and φ represent the real amplitude and phase distributionof the complex object wave U(x, y), respectively. In this encryptionprocess, the information of original image O has been encrypted totwo interferograms I1 and I2, the seeds (S1, S2) to generate RPMs andthe geometrical parameters (λ, z) can be used as session keys.

3.2. Asymmetric encoding and decoding for the session keys by ECC

For asymmetric cryptosystem, Bob uses the ECC public-keyalgorithm to generate a pair of public-private key (d, Q) andpublicizes the system parameter (Ep(a, b), G, n) and public key Qwhich can be accessed by an authorized user while keep theprivate key in secret. Any authorized user who wants to send Boba secret message utilizes Bob's public key Q to cipher the message.The secure communication processes of the session keys basedon ECC between Alice and Bob are schematically depicted inFig. 2 and described as follows in detail:

3.2.1. Bob's key-generating steps

�

g¼

Select the EC Ep(a, b): y2≡x3 þ axþ bðmodpÞ.p¼FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 7FFFFFFF,a¼FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 7FFFFFFC,b¼1C97BEFC 54BD7A8B 65ACF89F 81D4D4AD C565FA45.

�

Select a base point G on the elliptic curve cryptosystem Ep(a, b),having a prime number n as the order. G¼(4A96B568 8EF57328

ð1� cos δÞðI1 þ I2Þ þ 2A2r sin 2 δ�

ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffið1� cos δÞðI1 þ I2Þ þ 2A2

r sin 2 δh i2

�2ð1� cos δÞ I1�I2 cos δð Þ2 þ I22 sin 2 δþ 4A4r sin 2 δ

h ir

2ð1� cos δÞ : ð6Þ

46646989 68C38BB9 13CBFC82, 23A62855 3168947D 59DCC91204235137 7AC5FB32), n¼01 00000000 00000000 0001F4C8F927AED3 CA752257.

�

Choose a random integer d from the interval [1,n�1] as theprivate key, then compute Q¼dG.Let d¼3F4D28CD D34BD33E 1AFB177C 3462764D 9DFF0F8C, thenQ¼(13C25F1D E24FC2F4 9E561FCA 1B9BA579 7A2F581A,D3D19497 55FC3F38 AD1964A3 02562B4E 658D5100).

�

Publicize the system parameter (Ep(a, b), G, n) and public key Qand keep private key d in secret.

3.2.2. Alice's encryption steps

�

Acquire Bob's public domain parameter (Ep(a, b), G, n) andpublic key Q.

�

Select an integer k randomly from the interval [1,n�1].Let k¼1683F517 201C5511 B83BB2B3 2AB0666E C75AE152.

�

For encryption of session keys (S1, S2)¼(13579, 24680), calculateC0¼kG¼(D527729F 311F0D34 ABCEA4C1 003705FC AB782D75,EB3A97F3 F3C1DA90 25888D7C 4BC6A6E7 33802598),(t1, t2)¼kQ¼(901B8557 F44BDA27 EC7774BB 69AF1BA113E12FF3,3205A5ED DE6893D6 DE5A11C1 C1B6CFF7 377555D8),

c1¼t1S1mod p¼E3C9F05B 336CA3AB E44CD0EE CB3E97F6F99A7C4C,c2¼t1S2mod p¼70849C09 91ECA2AC 1B3FDF5B 40413AA587DBF296.

�

Send the enciphered session keys c¼{C0, (c1, c2)} to Bob.

3.2.3. Bob's decryption stepsBob performs the following steps after receiving Alice's enci-

phered data c¼{C0, (c1, c2)}:

�

Calculate (t1, t2)¼dC0 with the private key d¼3F4D28CDD34BD33E 1AFB177C 3462764D 9DFF0F8C. (t1, t2)¼dC0¼(901B8557 F44BDA27 EC7774BB 69AF1BA1 13E12FF3,3205A5ED DE6893D6 DE5A11C1 C1B6CFF7 377555D8).

�

Calculate t1�1¼8EEBF448 81686567 CF5C4F7F DA1EF5DC

5E29B69, t2�1 ¼70849C09 91ECA2AC 1B3FDF5B 40413AA5

87DBF296.

� Compute m¼(c1t1�1 mod p, c2t2�1 mod p)¼(13579, 24680) to

recover the encrypted session keys S1 and S2.

3.3. Information reconstruction and image decryption

Once Bob has deciphered the session keys with private key andreceived the interferograms I1 and I2, he can utilize the decipheredsession keys to decrypt the image according to the followingprocess:

Using a two-step PSI together with the decoded keys andreceived interferograms, one is able to reconstruct the complexwave field U in the recording plane (x, y) [16,32]

U ¼ I1�g2Ar

þ iI2�I1 cos δ�ð1� cos δÞg

2Ar sin δ; ð5Þ

where

Use the decoded session keys S1 and S2 to generate two RPMsG1 and G2 and take the inverse Fresnel transform to obtain the realamplitude O′ in the object plane (x1, y1)

O′¼ abs IFrTz1 IFrTz2 ðUÞ exp ð�i2πP2Þ� �� �

; ð7Þwhere ‘abs’ denotes the operation of taking the real amplitude.Finally, the original image O″ can be decrypted by the amplitudenormalization

O″¼ O′�minðO′ÞmaxðO′Þ�minðO′Þ ; ð8Þ

where the operator ‘min’ and ‘max’ denote taking the minimumvalue and the maximum value, respectively.

4. Computer simulations

Numerical simulations by ‘Matlab R2009a’ and ‘Visual C++6.0’are performed to verify the feasibility of the proposed asymmetriccryptosystem. The image ‘Baboon’ with size of 256�256 and256 Gy levels is used in experiments to evaluate the proposedcryptosystem, as shown in Fig. 3(a). Other parameters known asthe session keys are arbitrarily selected as S1¼13579, S2¼24680,

Fig. 2. The secure communication processes of the session keys based on ECC.

Fig. 3. (a) The image to be encrypted; (b) and (c) two RPMs G1 and G2; (d) and (e) two interferograms I1 and I2; and (f) the final decrypted image.

D. Fan et al. / Optics Communications 309 (2013) 50–56 53

λ¼532 nm, z¼z1¼z2¼0.1083 m, δ¼π/2 and Ar is a constant asspecified earlier. The EC secp160r1 recommended by ‘Standardsfor Efficient Cryptography (SEC)’ is exploited to cipher the sessionkeys, whose public domain parameters are aforementioned inSection 3.2.1. For quantitative evaluation, the correlation coeffi-cient (CC) is adopted to evaluate the similarity between theoriginal image and the decrypted one, which is defined as [32]

CC¼ COVðO;O′ÞsOsO′

ð9Þ

where O and O′ denote the original image and the decrypted one,respectively, s is the standard deviation of corresponding image,COV(O, O′) is the covariance of two corresponding images.

The two RPMs G1 and G2 generated by random seed S1 and S2are shown in Fig. 3(b) and (c), respectively. Fig. 3(d) and(e) presents the ciphered interferograms I1 and I2, respectively.The enciphered data of session keys (S1, S2) and (z, λ) by secp160r1are {(D527729F 311F0D34 ABCEA4C1 003705FC AB782D75,EB3A97F3 F3C1DA90 25888D7C 4BC6A6E7 33802598),(E3C9F05B 336CA3AB E44CD0EE CB3E97F6 F99A7C4C, 70849C0991ECA2AC 1B3FDF5B 40413AA5 87DBF296)} and {(B60F5818EAC5B0D2 71AD4ACE DCDD41CF 6B31FCDF, C0BB29B9 99ADAA4B2B853C2F 1869EDD7 9E4A127B), (5DF4FA28 B6BFC74D 79A454E80787B1FA 201ECA7E, B4651972 E88C8A7F 24D6BC38 EE9053DF5DD072CF)}, respectively, where z is transformed into integer inthe processes of encoding and decoding by ECC. When all thecorrectly extracted session keys are used, a decrypted image is

D. Fan et al. / Optics Communications 309 (2013) 50–5654

correspondingly obtained as shown in Fig. 3(f), and its CC value is1.0, which means that the original image is fully and accuratelydecrypted without any recognizable noise or distortion.

Then, the sensitivity of the geometric parameters (λ, z) to imagereconstruction was analyzed. By shifting the decoded RPMs fromits correct position with a deviation Δz along the axis, the distancebetween the object plane and the Fresnel transform plane and thedistance between the transform plane and the recording planebecame (z1+Δz) and (z2�Δz), respectively. The influences of aslight change in λ (Δλ) and an axial shifting (Δz) on the decryptedimage are shown in Fig. 4, from which, we can see that the CCvalues decrease sharply with the increase of relative errors, inparticular, the wavelength-shift is more sensitive than thedistance-drift.

Next, the robustness of the proposed cryptosystem againstnoise attack and JPEG compression is investigated by subjecting

-5 -4 -3 -2 -1 0 1 2 3 4 50.0

0.2

0.4

0.6

0.8

1.0

CC

Relative Error(%)

λ

z

Fig. 4. Variations of CCs of the decrypted images with the wavelength and distanceerrors.

Fig. 5. (a) and (b) One of the decoded interferograms with additive Gaussian noise of ze(d) results similar to (a) and (b) but distorted by additive salt and pepper noise with 0.speckle noise with zero mean and standard deviation 0.01.

the decoded interferograms to JPEG compression and additive ormultiplicative noises. One of the decoded interferograms cor-rupted by additive Gaussian noise with a zero mean and astandard deviation 0.01 and corresponding decrypted image, isshown in Fig. 5(a) and (b) (CC is 0.3364), respectively. Fig. 5(c) and(d) (CC is 0.6796) demonstrates one decoded interferogram dis-torted by additive salt and pepper noise with 0.01 density and theretrieved image, respectively. While the third column in Fig. 5(0.8448) shows the results in the case of noise attack by multi-plicative speckle noise with a zero mean and a standard deviation0.01. In the case of JPEG compression, Fig. 6 shows the CCs curveversus different JPEG compression factors; obviously, the CCsincrease with increasing JPEG compression factors.

Finally, some brief comparisons with our previous RSA method[32] have been made. The primary advantage of elliptic curvesystems over RSA systems is the absence of subexponential-timealgorithm to solve the underlying mathematical problem, whichmeans a similar security level can be attained with significantly

ro mean and standard deviation 0.01 and corresponding decrypted image; (c) and01 density; (e) and (f) results similar to (a) and (b) but corrupted by multiplicative

0 20 40 60 80 1000.0

0.2

0.4

0.6

0.8

1.0

CC

JPEG compression factor

Fig. 6. CCs curve versus different JPEG compression factors.

Fig. 7. The encryption interfaces of the resulted software.

D. Fan et al. / Optics Communications 309 (2013) 50–56 55

smaller keys in ECC than is possible with RSA. The result is smallerkey sizes, lower power consumption, and higher processingspeeds, etc., which are especially attractive for security applica-tions. Since it is generally accepted that the strength of an ECsystem based on 160-bit keys is roughly equivalent to that of a1024-bit RSA system given current algorithmic knowledge, acomparison of time test between RSA-1024 and ECC-160 wasmade under C++ environment on an AMD Athlon (tm) 64 X2 DualCore Processor 4600+2.39 GHz PC. It takes RSA 109 ms to encryptand decrypt S1¼13579 while costs ECC 31 ms to complete theencryption and decryption process.

5. Software design and development

By the mixed programming between ‘Visaul C++6.0’ and‘Matlab R2009a’ based on the Matcom software environment, wedesign and develop a kind of asymmetric cryptosystem software.Visual C++ is a functionally powerful programming environment,in which the program developed complies in line with the generaluser's custom and has the advantages of simplicity and rapidcomputation. Matlab is a highly integrated system with powerfulnumerical analysis, matrix calculation, signal processing andgraphical display, involving numerous highly integrated functions.Consequently, this hybrid programming system has many goodfeatures, such as friendly convenient and flexible man–machineconversation interface, prompt program, easy development, graphicaldisplay, etc.

The software is designed to customize a diverse set of datamanipulations and control functions needed for shared workspace

and standard interfaces, and it is realized with Microsoft Founda-tion Class (MFC) in a computer with the Windows XP operatingsystem. The overall architecture is implemented via the singledocument interface (SDI) approach. The main procedure of theproject is described as follows. (1) Use the MFC application wizard(AppWizard) provided by Microsoft to create the project based onSDI. (2) Design two dialog boxes that contain required controls,named EncDialog and DecDialogy. (3) Use ClassWizard to generatetwo dialog class CEncDialog and CDecDialog that is derived fromCDialog and attached to the resource created in step (2). (4) Associ-ate data members with each of the dialog's controls and add themessage-handling function for specific controls. Most functionsare designed using the C++ classes documented in the MicrosoftVisual C++ MFC library reference, while some transforms, such asFresnel transform, two-step PSI, etc. are transcoded from Matlabwith the aid of Matcom. (5) Design code in CMainFrame Class toactivate the dialog and switch between the two dialogs. Theencryption and decryption interfaces of the resulted software areshown in Figs. 7 and 8, respectively, which illustrate and verify thevalidity and feasibility of the proposed method.

6. Conclusions

In conclusion, we have proposed an asymmetric cryptosystem,that employs DRPE in Fresnel domain and two-step PSI to encryptthe original image, while adopts the EC public-key cryptographicalgorithm to asymmetrically encode and decode the sessionkeys (geometrical parameters, pseudo-random seeds). Becauseof the absence of a subexponential-time algorithm to solve the

Fig. 8. The decryption interfaces of the resulted software.

D. Fan et al. / Optics Communications 309 (2013) 50–5656

underlying elliptic curve discrete logarithm problem (ECDLP), theintroduction of ECC not only enhances the security, but also solvesthe issues of key management and distribution; therefore, itmakes the asymmetric cryptosystem appropriate for practicalsecure communications. The feasibility of this method has beenconvincingly verified through both computer simulation and soft-ware implementation.

Acknowledgments

This work is supported by the National Natural Science Founda-tion of China (Grants 61275014, 60907005, 61171073, 51102148 and11104188), the National Natural Science Foundation of Shandongprovince (ZR2011FQ011), the National science and Technologyprograms of Shandong province (2011GGH20119), and the ResearchAward Fund for Outstanding Young Scientists of Shandong Province(BS2011DX023). We also thank the reviewers for some usefulsuggestions.

References

[1] P. Refrégier, B. Javidi, Optics Letters 20 (1995) 767.[2] S. Kishk, B. Javidi, Applied Optics 41 (2002) 5462.[3] N. Takai, Y. Mifune, Applied Optics 41 (2002) 865.[4] O. Matoba, B. Javidi, Optics Letters 24 (1999) 762.[5] G. Situ, J. Zhang, Optics Letters 29 (2004) 1584.[6] L.F. Chen, D.M. Zhao, Optics Express 12 (2006) 8552.[7] T. Nomura, S. Mikan, Y. Morimoto, B. Javidi, Applied Optics 42 (2003) 1508.[8] E. Tajahuerce, B. Javidi, Applied Optics 39 (2000) 6595.[9] X.G. Wang, D.M. Zhao, F. Jing, X.F. Wei, Optics Express 14 (2006) 1476.

[10] G. Unnikrishnan, J. Joseph, K. Singh, Optics Letters 25 (2000) 887.[11] B. Hennelly, J.T. Sheridan, Optics Letters 28 (2003) 269.[12] S.T. Liu, Q.L. Mi, B.H. Zhu, Optics Letters 26 (2001) 1242.[13] N.R. Zhou, T.J. Dong, J.H. Wu, Optics Communications 283 (2001) 3037.[14] H. Kim, D.H. Kim, Y.H. Lee, Optics Express 12 (2004) 4912.[15] L.Z. Cai, M.Z. He, Q. Liu, X.L. Yang, Applied Optics 43 (2004) 3078.[16] X.F. Meng, L.Z. Cai, X.F. Xu, X.L. Yang, X.X. Shen, G.Y. Dong, Y.R. Wang, Optics

Letters 31 (2006) 1414.[17] P.C. Mogensen, J. Glückstad, Optics Communications 173 (2000) 177.[18] X. Peng, Z.Y. cui, T.N. Tan, Optics Communications 212 (2002) 235–245.[19] Z.J. Liu, Q. Guo, L. Xu, M.A. Ahmad, S.T. Liu, Optics Express 18 (2010) 800.[20] Y. Shi, G. Situ, J. Zhang, Optics Letters 33 (2008) 542.[21] W. Chen, X.D. Chen, C.J.R. Sheppard, Optics Letters 35 (2010) 3817.[22] W. Chen, X. Chen, A. Anand, B. Javidi, Journal of the Optical Society of America

A 30 (2013) 806.[23] W. Chen, X. Chen, Optics Communications 286 (2013) 123.[24] S.A. Vanstone, Computers and Security 22 (2003) 412.[25] V. Kapoor, V.S. Abraham, R. Singh, ACM Ubiquity 9 (2008) 1.[26] W. Stallings, Cryptography and Network Security (Principle and Practice),

Prentice-Hall, New Jersey, 1998.[27] W. Trappe, L.C. Washington, Introduction to Cryptography with Coding

Theory, Prentice-Hall, New Jersey, 2001.[28] X. Peng, H. Wei, P. Zhang, Optics Letters 31 (2006) 3579.[29] W. Qin, X. Peng, Optics Letters 35 (2010) 118.[30] G.S. Lin, H.T. Chang, W.N. Lie, C.H. Chuang, Optical Engineering 42 (2003)

2331.[31] S. Yuan, X. Zhou, D.H. Li, D.F. Zhou, Applied Optics 42 (2003) 3747.[32] X.F. Meng, X. Peng, L.Z. Cai, A.M. Li, Z. Gao, Y.R. Wang, Journal of Optics A: Pure

and Applied Optics 11 (2009) 085402.[33] V. Miller, Proceedings of the Advances in Cryptology – Crypto'85, LNCS, 1985,

p. 417.[34] N. Koblitz, Journal of Computational Mathematics 48 (1987) 203.[35] D. Hankerson, A. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptography,

Springer, New York, 2004.[36] N. Koblitz, A. Menezes, S. Vanstone, Designs, Codes and Cryptography 19

(2000) 173.