Machine-learning attacks on interference-based optical encryption: experimental demonstration

Optical techniques have boosted a new class of cryptographic systems with some remarkable advantages, and optical encryption not only has spurred practical developments but also has brought a new insight into cryptography. However, this does not mean that it is elusive for the opponents to attack optical encryption systems. In this paper, for the first time to our knowledge, we experimentally demonstrate the machine-learning attacks on interference-based optical encryption. Using machine-learning models that are trained by a series of ciphertext-plaintext pairs, an unauthorized person is capable to retrieve the unknown plaintexts from the given ciphertexts without the usage of various different optical encryption keys existing in interference-based optical encryption. In comparison with conventional cryptanalytic methods, the proposed machine-learning-based attacking method can estimate transfer function or point spread function of interference-based optical encryption systems without subsidiary conditions. Simulations and optical experiments demonstrate feasibility and effectiveness of the proposed method, and the proposed machine-learning-based attacking method provides a versatile approach to analyzing the vulnerability of interferencebased optical encryption. © 2019 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

Nowadays, many studies are mainly focused on employing more optical techniques for designing optical encryption systems which are essential for the development of cryptography. Much effort has been devoted to advancing research on the design of optical security systems, and vulnerability analysis of the designed optical encryption systems does not attract sufficient attention. Whether the designed optical encryption systems can withstand the attacks from unauthorized persons is still a serious concern. In essence, cryptography and cryptoanalysis are mutually beneficial, and can form a close relationship for common developments. Cryptographic techniques claimed to be secure should withstand various attacks via the cryptoanalysis. Conversely, the cryptoanalysis can stimulate the development of more advantageous and secure schemes. Hence, cryptoanalysis of optical encryption schemes [29][30][31][32][33] is also of high importance. Carnicer et al. [29] first reported that the DRPEbased optical encryption is vulnerable to chosen-ciphertext attack. Peng et al. [30] proposed an analogous method called chosen-plaintext attack to retrieve the plaintext from the stationary white noise. Liao et al. [32] analyzed optical encryption systems using ciphertextonly attack (COA) to retrieve the plaintext. Recently, Liu et al. [33] improved the COA method by using multiple phase retrieval algorithms to develop a hybrid iterative phase retrieval algorithm. Conventional methods for analyzing the vulnerability of optical cryptosystems focused on applying elaborately-designed information to retrieve or estimate various optical encryption keys. Conventional methods for attacking optical cryptosystems are also limited by a need of complex phase retrieval algorithms along with the requirement of some preconditions. Moreover, in many applications, the retrieval or estimate of various different optical encryption keys is difficult and time-consuming, which restricts their applications and is unfavorable in practice. Therefore, it is desirable to develop a new method for the cryptoanalysis of optical encryption systems, which is capable to extract the unknown plaintexts from the given ciphertexts without the usage of various different optical encryption keys and various complex phase retrieval algorithms.
In this paper, we experimentally demonstrate for the first time to our knowledge that interference-based optical encryption cannot withstand the proposed machine-learning attacks, and the estimate of various different optical encryption keys or the usage of complex phase retrieval algorithms are not requested. Machine-learning method is a powerful tool which can discover and emulate senior representations of the relationships between the given data by using the specially treated neural networks [34]. After training, the trained machinelearning model can be considered as a black box which contains an explicit illustration of the given data. Without definite representations of the parameters, the trained learning model can make predictions of original objects leading to the decreased time for extracting effective information [34]. Due to remarkable features of machine-learning models, machine-learningbased attacking method is proposed here and is used to extract the unknown plaintexts from the given ciphertexts without the usage of various different optical encryption keys. Simulations and optical experiments simultaneously demonstrate that the proposed machinelearning attacks are feasible and effective, and it is expected that the proposed method can be a promising strategy for the cryptoanalysis of various interference-based optical encryption systems.

Theoretical demonstration
Vulnerability of interference-based optical encryption is analyzed here, and the schematic setup is shown in Fig. 1. The optical encryption procedure is briefly described as follows: random mask 1 ( , ) M x y is bonded with the plaintext ( , ) f x y at the object beam arm, and another random mask 2 ( , ) M x y is placed at the reference beam arm. The two modulated beams form a pattern by using a beam splitter which is recorded by a CCD camera. The interference procedure and the pattern ( , )

The designed CNN architecture
Here, machine-learning attacks are proposed and designed, and convolutional neural network (CNN) is newly designed and applied to verify the vulnerability of interference-based optical encryption as schematically illustrated in Fig. 2. Fig. 2. Schematic of the designed CNN architecture for attacking interference-based optical encryption. The inputs (i.e., ciphertexts) are resized from 512 512 × pixels to 100 100 × pixels to lower computational load. After two convolutions and two pooling layers, the input is reshaped and fully connected to the ground truth. Using sufficient pairs of ciphertexts and plaintexts fed to the learning model, the CNN model is trained to predict unknown plaintexts from the given ciphertexts. The CNN architecture designed for the proposed machine-learning attacks is shown in Fig. 2(a), and the designed CNN architecture is described as follows: The input (i.e., ciphertext) with a dimension of 100 100 × pixels is resized from the recorded pattern to lower computational load. Then, it convolves with 20 kernels of size 5 5 × forming the first convolution layer (size of 96 96 20 × × ). The activation function used in the two convolution layers is the sigmoid function which is frequently applied in machine learning because of boundedness. In the first pooling layer, an action of down-sampling is taken to further reduce the computational load, and size of the first pooling layer is 48 48 20.
× × The pooled data is sent to the second convolution layer which adopts the same number and size of kernels. Size of the second convolution layer is 44 44 20 × × followed by the second pooling layer with size of 22 22 20. × × After two rounds of convolution and down-sampling processing, the first reshaping layer reshapes the second pooling layer (size of 22 22 20 × × ) to a 1 9680 × vector, and then the reshaped vector is transported to the fully connected layer with size of 1 784.
× Before the output layer, the second reshaping layer reshapes the 1 784 × vector to an 28 28 × image. A number of the recorded ciphertexts (i.e., intensity patterns) and the corresponding ground truths (i.e., plaintexts) are fed to the designed CNN model. After training, the trained learning model can be used to retrieve the unknown plaintexts from the given ciphertexts, and typical testing examples are shown in Fig. 2(b). Here, the CNN architecture is implemented by using Matlab platform on a PC with Nvidia Geforce GTX1080Ti GPU.

Simulations
Both MNIST database [38] and fashion MNIST database [39] are used to verify feasibility and effectiveness of the proposed machine-learning attacks on interference-based optical encryption. Figure 3 shows simulation results about the retrieval of the unknown plaintexts by The PSNR values mean that the unknown plaintexts are fully extracted. In comparison with conventional cryptanalytic methods, the proposed machine-learning attacks on interference-based optical encryption are capable to extract the unknown plaintexts from the given ciphertexts without the usage of various different optical encryption keys and various complex phase retrieval algorithms, and are superior to conventional cryptanalytic methods. In this theoretical demonstration, interference-based optical cryptosystem is proven to be vulnerable to the proposed machinelearning attacks.
To verify the robustness and applicability of the proposed machine-learning attacking method, the trained learning model is also applied to attack different databases. For the objects (e.g., double digits, lowercase and uppercase letters) which are not from the database used in the training phase, the trained learning model can also retrieve the unknown plaintexts from the correspondingly given ciphertexts. Several typical ciphertexts (i.e., for other objects) obtained by using the interference-based optical cryptosystem are respectively shown in Figs.

3(m), 3(o) and 3(q). Figures 3(n), 3(p) and 3(r) show the retrieved plaintexts obtained from
the machine-learning model trained by the MNIST database, and PSNR values of the retrieved images in Figs. 3(n), 3(p) and 3(r) are 26.07 dB, 29.59 dB and 32.78 dB, respectively. These retrieved images effectively illustrate that the proposed machine-learning attacks are also applicable for other objects (i.e., from different databases) which are not used in the training phase. It can be ascribed to two main reasons for the availability and universality of the trained learning model for other images which are different from those used in the training phase. One reason is that the designed learning model is trained to learn the relationship between the input ciphertexts and output plaintexts without individual retrieval of optical security keys. The other reason is that the ciphertexts obtained by the optical cryptosystem share some similarities and correlations. In addition, when the database with more complex objects is trained, the proposed method is also feasible and applicable.

Experimental demonstration and discussion
Experimental verification of the proposed machine-learning attacks on interference-based optical encryption is also conducted. The experimental setup is schematically shown in Fig. 1. The laser beam is launched by a He-Ne laser source (Newport R-30993, wavelength of 633.0 nm). It is expanded by a microscope objective (Newport M-40X, 0.65NA), and then collimated by a collimating lens with a focal length of 50.0 mm. The collimated laser beam illuminates on a SLM. The plaintexts used in the experiments are 8-bit grayscale handwrittendigit images from the MNIST database [38] and 8-bit fashion images from the fashion MNIST database [39]. A series of plaintexts are sequentially embedded into the SLM by using a programmable controller (i.e., via Labview). The masks used in the experiments are diffusers (Thorlabs, N-BK7) to scatter the object beam and reference beam [41]. Hence, a series of ciphertexts, i.e., intensity patterns, are correspondingly recorded by a CCD camera The 5000 handwritten-digit images from the MNIST database [38] and also 5000 fashion images from the fashion MNIST database [39] are encoded by the interference-based optical encryption setup, and their corresponding ciphertexts are sequentially recorded by CCD camera. Here, a window with 600 600 × pixels is cropped as region of interest to reduce the computational load, and to improve efficiency of the designed machine-learning model the recorded ciphertexts are further resized to 100 100 × pixels. For both MNIST database and fashion MNIST database, 4800 pairs of ciphertexts and plaintexts are used to respectively train their learning models, and another 200 ciphertexts, i.e., their plaintexts treated as unknown, are respectively recorded for the testing. Architecture of the designed learning models for the experiments is shown in Fig. 2(a). It is worth noting that value of the momentum m for updating the SGD is set as 5 9.5 10 .

− − ×
After the training of 4 hours, the learning models are well trained to be used for retrieving the unknown plaintexts from the given ciphertexts in the testing phase. Typical retrieval examples from the experimentallyobtained ciphertexts are shown in Fig. 4, which use the trained learning models to implement machine-learning attacks on the interference-based optical encryption. Figures 4(a), 4(c), 4(e), 4(g), 4(i), 4(k), 4(m), 4(o) and 4(q) show the recorded ciphertexts by using those plaintexts respectively from the MNIST database [38] and the fashion MNIST database [39]. It can be seen that the plaintexts are encoded into noisy patterns by using interference-based optical cryptosystem. By using their trained learning models, it is found in the testing phase that the experimentally-obtained ciphertexts are successfully attacked, and the retrieved plaintexts are shown in Figs. 4(b), 4(d), 4(f), 4(h), 4(j), 4(l), 4(n), 4(p) and 4(r) respectively. Performance of the proposed machine-learning attacks is also evaluated by using the PSNR, which are 25.58 dB, 27.64 dB, 26.08 dB, 20.89 dB, 22.74 dB, 28.91 dB, 19.50 dB, 12.64 dB, and 26.07 dB, respectively. The experimental results demonstrate that the unknown plaintexts can be extracted by using the trained learning models without the usage of various different optical encryption keys and various complex phase retrieval algorithms. Hence, the proposed machine-learning attacks are also verified to be effective by using the experimental results for analyzing the vulnerability of interference-based optical encryption.
It has been illustrated previously that more random masks [6,10,11,27] used in optical encryption setup can enhance the security, and here we further study the applicability of the proposed machine-learning attacks on interference-based optical encryption with multiple diffusers. In Fig. 5, two diffusers are cascaded and used at the object beam arm as a typical example. At the object beam arm, the random mask M1 is bonded with the plaintext, and the random mask M2 is placed about 5.0 cm away from random mask M1. The axial distance between the random mask M2 and CCD is 5.0 cm. The images from the MNIST database and fashion MNIST database are used as the plaintexts, and a series of ciphertexts, i.e., intensity patterns, are sequentially recorded by the CCD camera. The number of images chosen from each database is 5000, and 4800 pairs of ciphertexts and plaintexts are selected to train the designed learning models for each database. Another 200 recorded ciphertexts are used for the testing. Time used for training each database is about 4 hours. After the training of each database, two learning models are trained and can be used to correspondingly retrieve the unknown plaintexts from the given ciphertexts as shown in Figs. 6(a), 6(c), 6(e), 6(g), 6(i), 6(k), 6(m), 6(o) and 6(q).  The unknown plaintexts can be correspondingly retrieved as respectively shown in Figs. 6(b), 6(d), 6(f), 6(h), 6(j), 6(l), 6(n), 6(p) and 6(r) by using their trained learning models. The PSNR values for Figs. 6(b), 6(d), 6(f), 6(h), 6(j), 6(l), 6(n), 6(p) and 6(r) are 15.10 dB, 25 It is demonstrated that without the extraction or estimate of various different optical encryption keys, unauthorized persons can retrieve the unknown plaintexts from the given ciphertexts by using the trained learning models.
Interference-based optical encryption using cascaded random masks at the reference beam arm is also experimentally studied to verify feasibility and effectiveness of the proposed machine-learning attacks. Optical setup for interference-based optical cryptosystem with cascaded random masks at the reference beam arm is schematically shown in Fig. 7. After the training, some recorded ciphertexts are further tested as shown in Figs  The aforementioned results demonstrate that the proposed machine-learning attacks are also applicable to analyze different optical encryption setups, e.g., multiple masks or diffusers used in the optical paths. The proposed machine-learning attacks can retrieve unknown plaintexts from the given ciphertexts without knowledge of various parameters, e.g., the diffusers and axial positions of the diffusers. In comparison with the existing attacking methods, the proposed machine-learning attacks do not need to individually retrieve each security key. For complex optical encryption systems, it could be difficult and timeconsuming for conventional attacking methods, however the trained machine-learning models can still extract the unknown plaintexts from the given ciphertexts. Hence, it is believed that the proposed machine-learning attacks are able to analyze the security of various interferencebased optical encryption systems and others.
The proposed machine-learning attacks are verified to be feasible and applicable for analyzing the vulnerability of interference-based optical cryptosystem. Although interferencebased optical encryption with more random masks [6,10,11,27] is demonstrated to be of the higher security, the proposed machine-learning attacks still have the capability to extract the unknown plaintexts from the given ciphertexts without the usage of various different optical encryption keys. The proposed learning method can function as a black box which can effectively estimate transfer function or point spread function of the interference-based optical encryption systems without subsidiary conditions. The proposed machine-learning attacks provide new avenues for the cryptoanalysis of interference-based optical encryption.

Conclusions
We experimentally demonstrate for the first time to our knowledge that interference-based optical encryption is vulnerable to the proposed machine-learning attacks. The designed learning-based architecture is validated to have the ability to retrieve the unknown plaintexts from the given ciphertexts without the usage of various different optical encryption keys and various complex phase retrieval algorithms. Moreover, the retrieved plaintexts are of high quality, which also avoids extra effort to further identify the retrieved plaintexts. Feasibility and effectiveness of the proposed machine-learning attacks are verified by simulations and optical experiments. It is also validated that the proposed machine-learning attacks can work effectively to extract the unknown plaintexts from the given ciphertexts obtained by using interference-based optical encryption with cascaded random masks. Due to the distinctive advantages of the designed machine-learning attacks, it is believed that the proposed machine-learning method can also be applied to attack other optical encryption systems. It is expected that the proposed machine-learning attacks can provide a promising strategy for the cryptoanalysis of optical encryption systems, and can lead to the further investigation of more advanced and secure interference-based optical encryption systems.