In this paper, we propose a new optical secret key sharing method based on the DiffieHellman key exchange protocol required in cipher system. The proposed method is optically implemented by using a freespace interconnected optical logic gate technique in order to process XOR logic operations in parallel. Also, we present a compact type of optical module which can perform the modified DiffieHellman key exchange for a cryptographic system. Schematically, the proposed optical configuration has an advantage of producing an open public key and a shared secret key simultaneously. Another advantage is that our proposed key exchange system uses a similarity to double key encryption techniques to enhance security strength. This can provide a higher security cryptosystem than the conventional DiffieHellman key exchange protocol due to the complexity of the shared secret key. Results of numerical simulation are presented to verify the proposed method and show the effectiveness in the modified DiffieHellman key exchange system.
I. INTRODUCTION
Secure personal communication and information security of the public network are becoming more and more important with the progress in internet or mobile networks. According to demands for following such a trend of the times, information security technology has been developed for protecting information during data transmission in communication channels
[1]
. One of the cryptosystems was the private or symmetric key encryption method. In this method, two users, for example Alice and Bob, select a key in advance, which is their private key, then they use the key in a private key cryptosystem to communicate messages over the public channel. Sometimes they can change these keys periodically. However, this cryptosystem may have lost the private key when these keys are changed. To solve this problem, public key cryptography such as DiffieHellman key exchange protocol was introduced
[2]
. In this protocol, two users unknown to each other can set up a private but random key for their symmetric key cryptosystem. There is no need for Alice and Bob to meet in advance, or use some other secret means to select a key. In recent years, there has been increasing interest in the use of optical encryption methods for security systems
[3

14]
. In addition, we have presented several papers on the optical encryption techniques by using phaseshifting digital holography
[15

19]
. Optoelectronic methods using digital logic may be adequate for encryption. Some researchers reported XOR(exclusive OR)based optical encryptions
[20

22]
. Recently, a technique using fractional Fourier transform based key exchange was reported
[23]
. However, until now there has been no other research to present an optical method of the DiffieHellman key exchange protocol.
In this paper, we propose a new optical secret key sharing method based on the DiffieHellman key exchange protocol, and show the performance of the proposed method. The secret key sharing algorithm is carried out optically by using dual freespace interconnected optical XOR logic operations. Section II is organized as three parts. In the first part, the DiffieHellman key exchange algorithm is overviewed. The second part explains the proposed optical secret key sharing method. In the third part, we propose an optical schematic and a compact optical module of the proposed system and explain the optical secret key sharing process. In Section III, computer experiments confirm the performance by showing results of the shared secret key generation with the proposed method. Finally, conclusions are briefly summarized in Section IV.
II. THEORY
 2.1. DiffieHellman Key Exchange Protocol
In 1976, Diffie and Hellman introduced a key exchange protocol
[2]
. The protocol is a specific algorithm of exchanging cryptographic keys. The DiffieHellman key exchange algorithm allows two users to exchange a shared secret key over an insecure communications medium without any prior secrets between each other. As to secret messages encryption, this shared key can be used to encrypt subsequent communications using a symmetric key cipher. In this protocol, two users(i.e., Alice and Bob) wish to communicate with each other but do not want an eavesdropper(i.e., Eve) to know their message. To do this, they will agree upon and set up a random secret key for their private key system, using a public but authenticated channel. The DiffieHellman key exchange algorithm is as follows.
1. Alice and Bob agree upon and make public two numbers g and p, where g is called a generator and p is a prime number. Note that anyone has access to these numbers in public.
2. Alice chooses a random number a and computes u by modulo p and sends it to Bob.
3. Bob chooses a random number b and computes v by modulo p and sends it to Alice.
4. Alice computes a secret key s_{a} by the same modulo p.
5. Bob computes a secret key s_{b} by the same modulo p.
6. Now both Alice and Bob have the same shared secret key, namely s.
7. Both Alice and Bob store this shared secret key as a private key, and it will be used in message encryption to each other.
Figure 1
shows the DiffieHellman key exchange algorithm. As you see in
Fig. 1
, Alice generates a random number
a
and computes
u
by modulo arithmetic with a generator
g
and a prime number
p
. Alice sends the computed values
u
to Bob as a public key. From the received Alice’s public key, Bob computes a secret key
s_{b}
by the same modulo
p
arithmetic. Similarly, Alice computes a secret key
s_{a}
by Bob’s public key and this secret key is the same as Bob’s secret key to share. If an intruder Eve wants to compute the secret key
s
, she would need either a random number
a
or a random number
b
. Even though Eve notices the set {
g
,
u
,
v
}, which is now public information, it is not easy to get
a
or
b
from the set {
g
,
u
,
v
} because she needs to solve a discrete logarithm problem. There is no known algorithm to accomplish this problem in a reasonable amount of time. If the prime number
p
is large enough, a fair amount of time is needed to solve this discrete logarithm problem and it is not efficient and practical to calculate the solution by using brute force attack.
DiffieHellman key exchange algorithm.
 2.2. Proposed Optical Secret Key Sharing Method
Fundamentally, it is very difficult for the DiffieHellman key exchange algorithm to be implemented by optical means due to two main reasons. The first one is that there is no proper method to perform modulo arithmetic by optical techniques. The second is that it is hard to represent a prime number on an optical device properly. It may be possible to encode the prime number into binary digits by conversion. Despite these difficulties, we propose an optical secret key sharing method by modifying the DiffieHellman key exchange algorithm. In the proposed method, the conventional DiffieHellman key exchange algorithm can be modified to an optically realizable algorithm, where modulo arithmetic can be substituted with an XOR logic based encryption simply. Therefore, modulo arithmetic is mathematically replaced by the XOR logic operation, that is, modulo two addition. Specifically, XORonly encryption schemes will be perfectly secure if and only if the key data is perfectly random and never reused. When we apply the XORbased encryption method to the above DiffieHellman key exchange algorithm, the modified DiffieHellman key exchange algorithm proposed in this paper can be described as follows.
1. Alice and Bob agree upon and make public two numbers G and P, where G is a generator number which is generated randomly and P is also a random number instead of a prime number. Note that anyone has access to these numbers in public.
2. Alice chooses a random number A and computes firstly GA and PA by Boolean AND logic operation. Next, Alice computes a public key K_{A} by XOR logic operation of these two values, and sends it to Bob.
3. Bob chooses a random number B and computes firstly GB and PB by Boolean AND logic operation. Next, Alice computes a public key K_{B} by XOR logic operation of these two values, and sends it to Alice.
4. Alice computes firstly K_{B}A by AND logic operation and computes a secret key S_{A} by XOR operation with P.
5. Bob computes K_{A}B firstly by AND logic operation and computes a secret key S_{B} by XOR operation with P.
6. Now both Alice and Bob have the same shared secret key, namely S.
7. Both Alice and Bob store this shared secret key as a private key, and it will be used in message encryption.
Figure 2
shows the modified DiffieHellman key exchange algorithm, and
Fig. 3
shows the flow charts for the proposed optical secret key sharing method. As shown in
Fig. 2
, Alice generates a secret random number
A
which is not open to public. Then, Alice preencrypts this random number
A
with a generator
G
and a random number
P
by AND logic operation at first. With these preencrypted values,
GA
and
PA
, Alice encrypts her own secret random number
A
again by XOR logic operation in order to open her public key
K
_{A}
. Alice sends this double encrypted key information
K
_{A}
to Bob as public key. From the received Alice’s public key, Bob computes a secret key
S
_{B}
by AND operation with his secret random number
B
and its sequent XOR operation with
P
. Similarly, Alice computes a secret key
S
_{A}
by Bob’s public key, and this key is as same as Bob’s secret key to share. Also,
Fig. 3
shows that the proposed method has a realizable optical setup to provide the open public key and the shared secret key at the same time. In our proposed secret key sharing method, we use an XORbased double encryption. This technique is very similar to the triple DES (Data Encryption Standard) algorithm and was reported in the previous paper
[22]
. Most 3DES algorithms use two security keys. Double encryption by two security keys gives us much security strength, and it is much harder to break the key. If Eve wants to compute the secret key
S
, she must know either a random number
A
or a random number
B
. Although Eve notices the set {
K
_{A}
,
K
_{B}
}, which is now open to public, it is hard to get
A
and
B
from the set {
G
,
P
,
K
_{A}
,
K
_{B}
} because these secret numbers are double encrypted. The longer the length of these random numbers is, then Eve requires very much mojavascript:;re time to break.
Modified DiffieHellman key exchange algorithm by using XOR logic operations.
Flow charts for the proposed optical secret key sharing method: (a) Alice, (b) Bob.
In our proposed method, one of the advantages is that it is a more advanced cryptosystem to exchange keys compared to the conventional DiffieHellman protocol because our method uses double encryption in making the public key and the shared secret key. Another advantage of this method is that it is convenient to change Alice’s and Bob’s secret random numbers in producing the public key and to exchange the public key without knowing the other user’s private key directly. This means this method has a property that users can change the secret random numbers at their own discretion. The last merit is that the proposed optical method has an expansibility of key length in 2dimensions, which strengthens the security of the cipher system.
 2.3. Optical Implementation of the Proposed Method
Generally, an optical information processing system has an inherent advantage of 2dimensional (2D) data processing and fast parallel information processing time. This implies that the optical encryption system can have huge key length and vast data processing in the cryptosystem. For this reason, the public key and the shared secret key lengths can increasingly be chosen by expanding these keys to 2D array, but this 2D expansion does not increase processing speed. With these properties, we propose an optical implementation of the modified secret key sharing method which has 2D pagetyped input format, resulting in the same 2D arrayed public key and the shared secret key output formats.
In this paper, the main idea of the proposed method is that the modified DiffieHellman key exchange algorithm is implemented in an optical way by using the bitwise XORbased encryption technique with a freespace interconnected optical logic gate method. The advantage of the freespace interconnected optical logic gate method is that no cell encodingdecoding process is required and the output has the same format as the input. In the optical configuration of a logic gate, binary input variables are spatially dual encoded by using two’s complement
[22]
. The architecture of XOR logic operation can be made by combining the logic AND scheme with the logic OR scheme. The 2dimensional XOR logic operation is expressed as follows simply.
where symbols •, +, and ⊕ represent AND, OR and XOR logic operations, and
means the complement of
X
.
Referring to the modified DiffieHellman key exchange algorithm by using XOR logic operations shown in
Fig. 2
, we design the proposed optical DiffieHellman key exchange configuration with optical components such as mirrors, beam splitters(BSs), and spatial light modulators(SLMs). In this configuration, all the SLMs are used as freespace interconnected optical logic gates.
Figure 4(a)
shows the optical schematic for the proposed optical DiffieHellman key exchange method so as to generate an open public key and a shared secret key simultaneously, which is based on the dual freespace interconnected AND, OR and XOR logic operations for binary data. Schematically, the optical setup contains three MachZehnder type interferometers. Four beam splitters BS1, BS2, BS3 and BS4 divide a collimated light into two lights and three beam splitters BS5, BS6 and BS7 combine these divided lights into one light, resulting in records on two CCDs. Also, this architecture is composed of eleven SLMs which are used for displaying data inputs.
Proposed optical DiffieHellman key exchange method to generate a shared secret key: (a) optical schematic using dual freespace interconnected XOR logic operations, (b) representations of input SLMs’ data and output CCDs’ data.
In order to investigate operating principles of the optical schematic, the flow charts for the proposed optical secret key sharing method shown in
Fig. 3
are considered. For convenience, let us consider Alice’s open public key and shared secret key generation procedure shown in
Fig. 3(a)
. In
Fig. 4(a)
, the collimating light, after being reflected by the beam splitters and the mirrors, illuminates and passes through the SLMs, where all the SLMs are arranged with a purpose of operating optical AND, OR and XOR logics as freespace interconnected optical logic gates. When the light continuously passes two SLMs in series, optical AND logic operation is obtained by inner production pixel by pixel. On the other hand, the combining beam splitter performs the optical OR logic operation by adding two lights in parallel. As a result, the integration of these processes is equivalent to the optical XOR logic operation obtained by the combination of two logic ANDs and one logic OR. First, Alice preencrypts her secret random number(
A
) with a common generator(
G
) and a random number(
P
). To do this preencryption,
G
and
P
are displayed on SLM3 and SLM6, while the complements of these numbers,
and
, are displayed on SLM1 and SLM7, respectively. Therefore,
G
⊕
P
is propagated after BS5 and goes to SLM9 which displays Alice’s random number(A). After passing through SLM9, the resultant light represents Alice’s open public key
G
⊕
P
•
A
which is recorded on CCD1 and is sent to Bob. Second, Bob’s received open public key(
K_{B}
) and Alice’s random number(
A
) are displayed on SLM5 and SLM8, while the complements of these,
and
, are displayed on SLM2 and SLM4 respectively. When the light continuously passes SLM5 and SLM8 in series, this operation gives optical AND logic of
K_{B}
and
A
, that is
K_{B}
•
A
. On the other hand, the combined light after passing through BS6 represents optical NAND logic between
and
, that is
. At this time, when a common random number(
P
) and its complement(
) are displayed on SLM10 and SLM11, two optical AND operations occurs. The one is
, the other is (
K_{B}
•
A
)•
. Finally, the resultant combined light by these two lights, which is recorded on CCD2 in the form of (
K_{B}
•
A
)⊕
P
, represents the shared secret key of Alice. This secret key is used to encrypt Alice’s message transmitted to Bob.
Fig. 4(b)
shows representations of input SLMs’ data and output CCDs’ data about the processes.
The proposed optical schematic for the secret key sharing method shown in
Fig. 4(a)
can also be fabricated in the form of an optical module. This module is implemented by rearranging the optical elements geometrically and by reducing the number of SLMs and mirrors.
Figure 5(a)
shows the simplified optical module for the proposed DiffieHellman key exchange architecture. In this module, pixel matching apertures are placed in front of SLMs for the purpose of blocking the unwanted diffraction wave propagation and of pixel matching between SLMs, and the imaging lens plays a role of another pixel matching between output image pattern and CCD pixel array. The advantage of this module is that it can be manufactured compactly and can be used for realistic applications.
Figure 5(b)
shows representations of input SLMs’ data and output CCDs’ data in the process of light propagation, and also it shows light distribution after passing through SLM2, BS1, SLM3 and BS2.
Optical implementation for the proposed secret key sharing based on DiffieHellman key exchange architecture: (a) the proposed optical module, (b) representations of input SLMs’ data and output CCDs’ data.
III. COMPUTER EXPERIMENTS
In order to verify the proposed method and show the effectiveness in the modified DiffieHellman key exchange system, we carry out numerical simulations. In our method, input data to be processed is binary bit data or a binary image. In computer simulations, all input data have the form of pagetyped 2D arrays which consists of 64×64 binary pixels for convenience. This data size provides the total heights of SLM1 and SLM2 shown in
Fig. 5(a)
with 64×5=320 pixels, which is easily obtained by the practical SLM. Also, this means the security key length has 64×64=4,096 bits which is very much longer key length compared to the conventional electronic cryptography. For example, the conventional 1D key length for the RSA public key cryptosystem has 512 bits, 768 bits or 1,024 bits. If we expand the data size to 128×128 pixels array, then the height of SLM increases twice to 128×5=640 pixels which is also allowable in the practical SLM, and the key length increases to 16,384 bits surprisingly.
A generator
G
shown in
Fig. 6(a)
is a random generated binary code and is used like a common key for preencrypting Alice’s secret random number, where white areas have value of 1 and black areas are 0 numerically.
Figure 6(b)
shows another random generated binary code which is also used in Alice’s secret random number preencryption.
Figure 6(c)
and
(d)
show Alice’s and Bob’s secret images respectively, where we use binary images instead of random number in order to show the processing data patterns visually.
Figure 6(e)
and
(f)
express ANDbased Alice’s secret image preencryption results with a generator
G
and
P
,
G
•
A
and
P
•
A
, respectively. The similar preencryptions about Bob’s secret image,
G
•
B
and
P
•
B
, are shown in
Fig. 6(g) and (h)
.
Figure 6(i)
represents continuously XORbased encryption result (
G
⊕
P
) •
A
between the preencrypted
G
•
A
and
P
•
A
of Alice’s secret image according to Eq. (6), and
Fig. 6(j)
represents continuously (
G
⊕
P
) •
B
between the preencrypted
G
•
B
and
P
•
B
of Bob’s secret image according to Eq. (7). These two encrypted keys are exchanged with each other as public keys and are used to generate the shared secret keys to the opposite user.
Figure 6(k)
and
(l)
show the computed result of
K_{B}
•
A
and
K_{A}
•
B
, respectively. From these figures, we know these two data patterns are exactly same because of
K_{B}
•
A
=(
G
⊕
P
)•
B
•
A
=(
G
⊕
P
) •
A
•
B
=
K_{A}
•
B
. The final shared secret keys are computed by (
K_{B}
•
A
)⊕
P
and (
K_{A}
•
B
)⊕
P
according to Eqs. (8) and (9). The generation processes of the shared secret key are shown in
Fig. 6(m)
and
(n)
. As shown in
Fig. 6(m)
and
(n)
, the resultant output keys have exactly the same pattern and therefore they will be used as a shared secret key between them.
Numerical simulations: (a) a generator G in public, (b) a random number P in public, (c) a binary mill image A as Alice’s secret number, (d) a binary flower image B as Bob’s secret number, (e) G AND A, (f) P AND A, (g) G AND B, (h) P AND B, (i) K_{A}=(G AND A) XOR (P AND A), (j) K_{B}=(G AND B) XOR (P AND B), (k) K_{B} AND A, (l) K_{A} AND B, (m) (K_{B} AND A) XOR P, (n) (K_{A} AND B) XOR P.
IV. CONCLUSION
In this paper, we propose a new optical secret key sharing method based on the DiffieHellman key exchange protocol required in encryption systems. The proposed optical secret key sharing method is realized by using optical XOR logic operations to modify the DiffieHellman key exchange algorithm, where XOR logic operation is implemented by using a freespace interconnected optical logic gate method. The optical schematic of the proposed method consists of three MachZehnder type interferometers to perform dual XOR logic operations. Also, we present a compact type of optical module. Schematically, the proposed optical module has a merit of being able to produce the open public key and the shared secret key simultaneously with a compact form. Our proposed key exchange system uses a kind of double key encryption technique which consequently enhances security strength. This can provide a higher security cryptosystem than the conventional Diffie Hellman key exchange protocol due to the double encrypted complexity of a shared secret key. Also, the proposed optical configuration has 2D array data format which can increase the key length easily to strengthen the security system. In addition, 2D expansion of data size does not increase information processing time owing to parallel processing property despite increase in 2D data. Another advantage of this method is that it is convenient to change the user’s secret random number in generating the open public key and to exchange the public key without knowing the other user’s private key directly. This means our method has a property that users can change secret random numbers at their own discretion. Computer experiments verify that the proposed method is effective and suitable for the DiffieHellman key exchange system and secure communication system. To the best of our knowledge, this proposed optical schematic may be the first report on the DiffieHellman key exchange protocol by optical means.
Acknowledgements
This work was supported by the Incheon National University (International Cooperative) Research Grant in 2012.
Schneier B.
1994
Applied Cryptography
2nd ed.
John Wiley
New York, USA
Diffie W.
,
Hellman M.
1976
“New directions in cryptography,”
IEEE Trans. on Info. Theory
22
644 
654
Javidi B.
,
L. Horner J.
1994
“Optical pattern recognition for validation and security verification,”
Opt. Eng.
33
1752 
1756
Heanue J. F.
,
Bashaw M. C.
,
Hesselink L.
1995
“Encrypted holographic data storage based on orthogonalphasecode multiplexing,”
Appl. Opt.
34
6012 
6015
Refregier P.
,
Javidi B.
1995
“Optical image encryption based on input plane and Fourier plane random encoding,”
Opt. Lett.
20
767 
769
Javidi B.
,
Sergent A.
,
Ahouzi E.
1998
“Performance of double phase encoding encryption technique using binarized encrypted images,”
Opt. Eng.
37
565 
569
Weber D.
,
Trolinger J.
1999
“Novel implementation of nonlinear joint transform correlators in optical security and validation,”
Opt. Eng.
38
62 
68
Cuche E.
,
Bevilacqua F.
,
Depeursinge C.
1999
“Digital holography for quantitative phasecontrast imaging,”
Opt. Lett.
24
291 
293
Javidi B.
,
Nomura T.
2000
“Securing information by means of digital holography,”
Opt. Lett.
25
28 
30
Unnikrishnan G.
,
Singh K.
2000
“Double random fractional Fourier domain encoding for optical security,”
Opt. Eng.
39
2853 
2859
Lin G.S.
,
Chang H. T.
,
Lie W.N.
,
Chuang C.H.
2003
“Publickeybased optical image cryptosystem based on data embedding techniques,”
Opt. Eng.
42
2331 
2339
Hennelly B. M.
,
Sheridan J. T.
2004
“Random phase and jigsaw encryption in the Fraesnel domain,”
Opt. Eng.
43
2239 
2249
Situ G.
,
Zhang J.
2004
“A lensless optical secyrity system based on computergenerated phase only masks,”
Opt. Commun.
232
115 
122
Nomura T.
,
Okazaki A.
,
Kameda M.
,
Morimoto Y.
2005
“Image reconstruction from compressed encrypted digital hologram,”
Opt. Eng.
44
2313 
2320
Gil S. K.
,
Jeon S. H.
,
Kim N.
,
Jeong J. R.
2006
“Successive encryption and transmission with phaseshifting digital holography,”
Proc. SPIE
6136
339 
346
Jeon S. H.
,
Hwang Y. G.
,
Gil S. K.
2008
“Optical encryption of graylevel image using onaxis and 2f digital holography with twostep phaseshifting method,”
Opt. Rev.
15
181 
186
Jeon S. H.
,
Gil S. K.
2010
“QPSK modulation based optical image cryptosystem using phaseshifting digital holography,”
Journal of the Optical Society of Korea
14
(2)
97 
103
Jeon S. H.
,
Gil S. K.
2011
“2step phaseshifting digital holographic optical encryption and error analysis,”
Journal of the Optical Society of Korea
15
(3)
244 
251
Jeon S. H.
,
Gil S. K.
2012
“Dual optical encryption for binary data and secret key using phaseshifting digital holography,”
Journal of the Optical Society of Korea
16
(3)
263 
269
Han J.W.
,
Park C.S.
,
Ryu D.H.
,
Kim E.S.
1999
“Optical image encryption based on XOR operations,”
Opt. Eng.
38
47 
54
Shin C.M.
,
Kim S.J.
2005
“Image encryption using modified exclusiveOR rules and phasewrapping technique,”
Opt. Commun.
254
67 
75
Jeon S. H.
,
Gil S. K.
2013
“Optical implementation of triple DES algorithm based on dual XOR logic operations,”
Journal of the Optical Society of Korea
17
(5)
362 
370
A. Sinha
2007
“Fractional Fourier transform based key exchange for asymmetric key cryptography,”
Proc. the 6th WSEAS Int. Conf. on Electronics, Hardware and Optical Communications
Corfu Island, Greece
51 
54