Threshold visual secret sharing by random grids

Threshold visual secret sharing by random grids

The Journal of Systems and Software 84 (2011) 1197–1208 Contents lists available at ScienceDirect The Journal of Systems and Software journal homepa...
Download PDF
3MB Sizes 29 Downloads 141 Views
Report

The Journal of Systems and Software 84 (2011) 1197–1208

Contents lists available at ScienceDirect

The Journal of Systems and Software journal homepage: www.elsevier.com/locate/jss

Threshold visual secret sharing by random grids Tzung-Her Chen ∗ , Kai-Hsiang Tsao Department of Computer Science and Information Engineering, National Chiayi University, 300 University Rd., Chiayi City 60004, Taiwan

a r t i c l e

i n f o

Article history: Received 5 June 2010 Received in revised form 8 October 2010 Accepted 12 February 2011 Available online 18 February 2011 Keywords: Random grid Visual secret sharing Visual cryptography Threshold

a b s t r a c t A new visual secret sharing (VSS) approach by random grids (RG-based VSS), proposed by Kafri and Keren (1987), has drawn close attention recently. With almost all advantages of visual cryptography-based VSS, RG-based VSS benefits more from keeping the same size of secret images without the problem of pixel expansion from which VC-based VSS suffer. In this paper, a threshold RG-based VSS scheme aiming at providing the wide-use version is presented. This is the first effort to develop the technique. The experimental results and theoretically analysis in visual quality and security show that the proposed scheme performs well. © 2011 Elsevier Inc. All rights reserved.

1. Introduction Recently, visual secret sharing (VSS) techniques, encrypting a secret image into several meaningless share images and later decoding the secret by superimposing the collected share images again, have been enthusiastically pursued in academia. Naor and Shamir (1995) were the initiators in proposing the (k,n) visual cryptography (VC) technique, which involves turning an image into n different shares. The secret image could be disclosed if, and only if, at least k shares were stacked, where n ≥ k; it could not be decrypted when (k − 1) or less shares are superimposed; the stacked image will still be meaningless. Table 1 shows a simple (2,3) VC-based VSS codebook. A pair of 1 × 3 blocks (also called codewords) is randomly selected to encrypt each pixel of the secret image into three share images SA , SB and SC . If a certain pixel of the secret image is transparent (resp. opaque), the selected one in “transparent” or “0” (resp. “opaque” or “1”) set is the pair of [1,0,0], [1,0,0], and [1,0,0] (in contrast to [1,0,0], [0,1,0] and [0,0,1]) and then these blocks are regarded as the corresponding shares of images SA , SB and SC in the same spatial location, respectively. Hence, it is easy to know that the superimposed result [1,0,0] (contrasting with [1,1,0], [0,1,1], or [1,0,1]) represents “transparent” (resp. “opaque”). Nevertheless, it magnifies the size of share images. If the codeword size in VC codebook is 1 × 3, VC-based VSS will generate three share images with the size 3 times larger than the original secret image (so-called pixel expansion).

∗ Corresponding author. Tel.: +886 5 271 7723; fax: +886 5 271 7741. E-mail address: [email protected] (T.-H. Chen). 0164-1212/$ – see front matter © 2011 Elsevier Inc. All rights reserved. doi:10.1016/j.jss.2011.02.023

Unfortunately, VC-based VSS has at least three drawbacks as follows. 1. Codebook design VC-based VSS always needs a codebook to support encoding. The codebook is not easily generated, especially for some specific applications in Shyu et al. (2007), Wu and Chang (2005) and Fang (2007, 2008). 2. Pixel expansion The designated codebook significantly increases the data size and decreases transmission. 3. Shape distortion As Table 1 shows, the shape of encoded image becomes wider than that of the original. Kafri and Keren (1987) firstly presented the encryption of binary secret images by random grids (RG), each of which turned into two meaningless random grids (share images), with the same size of the original secret image. The decryption operation is the same as that of traditional VC. The image encryption by random grids removes the drawbacks mentioned above. Unfortunately, its usage is hampered by the lack of further techniques to extend the (2,2) case to (k,n) where n ≥ k. Inspired by Kafri and Keren, Shyu (2007) presented the enhanced schemes to encrypt gray-level and color images by random grids in 2007. In 2008, Chen and Tsao (2008, 2009) and Shyu (2009) presented their own (n,n) or (2,n) RG-based VSS techniques. While the research of RG-based VSS is still tentative, designing a threshold one is a must. The authors of this paper extend the basic random-grids-based VSS schemes of (2,2) (Kafri and Keren, 1987), (2,n) (Chen and Tsao, 2009) and (n,n) (Chen and Tsao, 2008, 2009; Shyu, 2009) to develop

1198

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

Table 1 The codebook of (2,3) VC-based VSS scheme. Secret pixel

SA

SB

SC

Stacked results of two shares

Stacked results of three shares

Transparent

[1,0,0] [0,1,0] [0,0,1] [1,0,0] [0,1,0] [0,0,1]

[1,0,0] [0,1,0] [0,0,1] [0,1,0] [0,0,1] [1,0,0]

[1,0,0] [0,1,0] [0,0,1] [0,0,1] [1,0,0] [0,1,0]

[1,0,0] [0,1,0] [0,0,1] [1,1,0] [0,1,1] [1,0,1] [0,1,1] [1,0,1] [1,1,0] [1,0,1] [1,1,0] [0,1,1]

[1,0,0] [0,1,0] [0,0,1]

Opaque

(k,n) VSS. To decrypt the secret in the (k,n) VSS scheme, participants must collect at least k random grids to decrypt the secret. It is useless to gather only (k − 1) or less shares; i.e., the stacked image is still meaningless. Although the RG-based VSS schemes outperform VC-based ones by mainly avoiding pixel expansion, the former had been less researched than the latter until Shyu (2007, 2009) and Chen and Tsao (2008, 2009) made further research. The proposed (k,n) RGbased VSS schemes are more flexible and may be applied more widely than the existing RG-based VSS schemes. The formal proof demonstrates the precision and security while the experimental results show that the proposed scheme does work. The rest of the paper is organized as follows. The review of the basic VSS scheme by random grids is given in the next section. The proposed (k,n) RG-based VSS scheme is presented in Section 3. Section 4 analyses the performance of our scheme. Section 5 demonstrates the experimental results. The applications and the conclusions are in Sections 6 and 7.

2. Review of traditional RG-based VSS This section gives the brief review of traditional RG-based VSS. In 1987, Kafri and Keren (Lukac and Plataniotis, 2005) initiated RGbased VSS scheme, in which three similar algorithms were designed to encrypt a binary secret image A with the size of h × w and generate two meaningless random grids B1 and B2, whose size is the same as that of A. Let 0 represent the transparent and 1 the opaque pixel. In the encryption process, the random grid B1 is firstly generated by randomly selecting the pixel value 0 or 1 for the transparent or opaque color. Then, by a certain secret pixel A[i,j] (of A) and the corresponding pixel B1 [i,j] (of B1) , the pixel B2 [i,j] (of B2 ) is determined where [i,j] is the pixel position of the image (i = 1, 2,. . ., h and j = 1, 2,. . ., w). For example, if a certain secret pixel of A is 1, the corresponding pixel of B2 and B1 complement each other; otherwise, the pixel of B2 is equal to that of B1 . The stacked result B1 ⊕B2 is always opaque when A is opaque and has half chance to be transparent or opaque when A is transparent so that B1 ⊕B2 can be recognized as the shape or information of A. For the page limitation, only one of three traditional RG-based VSS algorithms is described below. Step 2.1: Randomly generate the first random grid B1 with the size of h × w by fc(0,1) which is used to randomly select “0” or “1” (representing a transparent or opaque pixel, respectively). Step 2.2: Based on the pixel A[i,j] of secret image A and the corresponding pixel B1 [i,j] of the first random grid B1 , the corresponding pixel value B2 [i,j] of the second random grid B2 is determined by

 B2 [i, j] =

B1 [i, j] B1 [i, j]

if A[i, j] = 0 otherwise

(a) (b)

where B1 [i, j] is a bit-wise complementary operation. Step 2.3: Repeat Step 2.2 until all pixels in A are done.

(1)

[1,1,1]

Stacking B1 and B2 , we easily recognize the secret information by human visual system without extra computation. 3. The proposed threshold scheme This section describes the details of the proposed (k,n) RG-based VSS scheme for binary and color images, respectively. A secret image is encrypted into n meaningless random grids. Therefore, participants cannot recognize any secret information appearing on each random grid alone. Nevertheless, superimposing at least k random grids will eventually reveal the original secret. 3.1. (k,n) RG-based VSS for binary images The proposed method can encode a binary secret image A with the size of h × w into n random grids, denoted as {B1 , B2 ,. . ., Bn } with the same size of A, which are so noise-like that no one can recognize the original secret information by any set of less than k random grids. In the decoding process, if participants collect and superimpose k or more random grids, denoted as {Bi1 , Bi2 , ..., Bik } where {i1 , i2 , . . ., ik } ⊆ {1, 2, . . ., n}, the secret information can be disclosed by human visual system without extra computation cost. The encoding process encompasses three steps: Step 3.1: Exploit traditional RG-based VSS to encode a pixel A[i,j] ∈ A so that two bits b1 and b2 are obtained, [i,j] being the pixel position in the secret image (i ∈ [1,. . ., h] and j ∈ [1,. . ., w]). Encode  b2 in the same way to generate two bits b2 and  b3 . Repeat this operbk are generated (the final bit  bk represented ation until b1 , b2 , ...,  as bk ). Step 3.2: The generated k bits are dispatched into k randomly selected random grid pixels {Bi1 [i, j], Bi2 [i, j], ..., Bik [i, j]}, a subset of {B1 [i,j], B2 [i,j],. . ., Bn [i,j]}; these k bits are arranged at the same spatial location, say [i,j], in the individual random grids Bi1 , Bi2 , ..., and Bik . Step 3.3: Lastly, the (n − k) bits located in the same location [i,j] of the remaining (n − k) random grids {B1 , B2 , . . . , Bn } − {Bi1 , Bi2 , ..., Bik } are generated by the function fc(0,1) used to randomly select “0” or “1”, representing a transparent or opaque pixel, respectively Step 3.4: Repeat Steps 3.1 through 3.3 until all pixels A[i,j] of secret image A are done. Taking (3,5) RG-based VSS for example, assume that the secret bit is “1” and the generated bits are {0,0,1} by Step 3.1. The subset {B2 [i, j], B3 [i, j], and B5 [i, j]} is selected from 10 possible subsets. Then the three bits “0”, “0”, and “1” are individually assigned to B2 [i, j], B3 [i, j], and B5 [i, j], respectively. The two remaining pixels B1 [i, j] and B4 [i, j] are randomly assigned “0” or “1”. The diagram of encoding process is shown in Fig. 1. The decoding process does not involve any computer assistance, but directly stacks k or more random grids to disclose the original secret information detectable by human eyes. Besides, if less than k random grids are stacked, the original secret information will not be revealed.

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

1199

Fig. 1. The diagram of encoding process.

3.2. (k,n) RG-based VSS for color images To demonstrate the feasibility of extending the proposed scheme mentioned above to encode the color images, their color model, either the additive (say RGB system) or the subtractive (say CMY system), should be determined. The following employs the former as example so that the colored transparencies are used to carry the color of random-grid pixels with three primary colors, red (R), green (G), and blue (B) (Li and Drew, 2004). The process to encrypt color secret image AC, includes five operations (Step 4.1 through 4.5). Step 4.1: The color secret image AC should be decomposed to three color components, i.e., R, G, and B, say ACr , ACg , and ACb . Step 4.2: Each color component is treated as a binary image (HACr , HACg , and HACb ) by using the error diffusion halftoning technique (Lau and Arce, 2000). r , BC g , and BC b , m = 1, 2,. . ., n) for Step 4.3: n random grids (BCm m m color components (HACr , HACg , and HACb ) are generated by the proposed scheme in Section 3.1.

g

r , BC , and BC b Step 4.4: The color components of random grids BCm m m are combined to from eight-color random grids BCm . Step 4.5: Finally, all random grids BCk are painted onto transparencies in the invert color by a printer.

If the subtractive color model is adopted, Step 4.5 is omitted. 4. Performance analysis Hereafter, we analyze the performance by visual quality and security. Meanwhile, our previous (n,n) scheme (Chen and Tsao, 2009) will be shown as the special case of the proposed (k,n) scheme. Definition 1 (Average light transmission (Shyu, 2007)). For a certain pixel x in binary image X, the probability of pixel color is transparent, say Prob(x = 0), is represented as the light transmission of x, say l[x]. The light transmission of a transparent (resp. opaque) pixel x ∈ X is defined as l冀 x冁 = 1 (resp. l冀 x冁 = 0). In addition, the average

1200

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

light transmission of X is defined as L冀 X 冁 = if the size of X is h × w.

1 h×w

h w i=1

j=1

l冀 x[i, j]冁

Definition 2 (Contrast (Shyu, 2007)). To estimate the visual quality of reconstructed image B for original secret A, the contrast  is defined as =

L冀 B[A(0) ]冁 − L冀 B[A(1) ]冁 1 + L冀 B[A(1) ]冁

Definition 3 (Visually recognizable). The recovered secret image B is recognizable as the original secret image A by the contrast  > 0. Precisely, the case L冀 B[A(0) ]冁 > L冀 B[A(1) ]冁 means B can be recognized as A visually. Otherwise, it cannot be recognized by any information about A (i.e.,  = 0). Lemma 1. If Superimposing t independent grid-pixels b1 , b2 ,. . ., and bt generated by function fc(0,1) to form a stacked pixel b1⊕2⊕· · ·⊕t , where b1⊕2⊕· · ·⊕t = b1 ⊕ b2 ⊕· · ·⊕ bt and t > 2, the light transmission of b1⊕2⊕· · ·⊕t is (1/2)t . In other words, l冀b1⊕2⊕···⊕t 冁 = (1/2)t . By induction on t,

(i) For t = 2, we have l冀b1⊕2 冁 = (1/2)2 . Let b1 be a certain pixel of random grid B1 , and b2 the corresponding pixel in B2 . We have Prob(b1 = 0) = 1/2 and Prob(b2 = 0) = 1/2. When superimposing two pixels b1 and b2 as b1⊕2 by stacking them, we have Prob(b1⊕2 = 0) = Prob(b1 = 0) × Prob(b2 = 0) = 1/2 × 1/2 = 1/4 so that l冀b1⊕2 冁 = (1/2)2 = 1/4 by Definition 1. (ii) Assume that the claim holds for t − 1, i.e., l冀b1⊕2⊕...⊕t−1 冁 = (1/2)t−1 and we need to prove that it also holds for t. (iii) Upon superimposing b1 , b2 ,. . ., bt−1 and bt , the average light transmission of the superimposed result is l冀b1⊕2⊕···⊕t 冁 = l冀b1⊕2⊕···⊕t−1 ⊕ bt 冁. However, Prob(b1⊕2⊕· · ·⊕t = 0) = Prob(b1⊕2⊕· · ·⊕t-1 = 0) × Prob(bt = 0) = (1/2)t−1 × (1/2) = (1/2)t . Precisely, l冀b1⊕2⊕...⊕t 冁 = (1/2)t can be obtained. Lemma 2. Given the grid-pixels b1 , b2 , ..., and bn generated from the corresponding secret pixel a in A by Steps 3.1 and 3.3  in the proposed method, their light transmissions are 1/2, i.e., l冀bi a(0) 冁 =



l冀bi a(1)



Proof.

By Lemma 2, we have

(i) l冀b1 [a(0) ]冁 = l冀b2 [a(0) ]冁 = . . . = l冀bn [a(0) ]冁 = 1/2 and (ii) l冀b1 [a(1) ]冁 = l冀b2 [a(1) ]冁 = . . . = l冀bn [a(1) ]冁 = 1/2.

,

where L冀 B[A(0) ]冁 (resp. L冀 B[A(1) ]冁) denotes the average light transmission of the corresponding area in B with respect to the transparent (in contrast to opaque) area in A. The larger , the higher visual quality.

Proof.

Lemma 3. Each random grid in the proposed (k,n) RG-based VSS scheme for binary secret images is meaningless.

冁 = 1/2 where i = 1, 2,. . ., n.

Proof. Without losing of generality, b1 , b2 , ..., and bk are generated according to the secret pixel a in A by Step 3.1 and the others by Step 3.3. b2 are firstly generated By Step 3.1, the bit pair of b1 and  by traditional RG-based VSS so that Prob(b1 = 0) = Prob(b1 = 1) = b2 = 0) = Prob( b2 = 1) = 1/2. Then,  b2 is encoded to generate Prob( b3 in the same way as we have Prob(b2 = 0) = the bit pair of b2 and  b3 = 0) = Prob( b3 = 1) = 1/2. Prob(b2 = 1) = Prob( Likewise, we have Prob(bm = 0) = Prob(bm = 1) =1/2, for m = 1, 2, . . ., k. Hence, we have l冀bm 冁 = 1/2, where bm came from Step 3.1. As a result, no matter if a is transparent or opaque, the light transmission is 1/2, i.e., l冀bm [a(0) ]冁 = l冀bm [a(1) ]冁 = 1/2. In addition, the remaining grid-pixels are generated by fc(0,1) in Step 3.3, independent of a so that we have l冀bm [a(0) ]冁 = l冀bm [a(1) ]冁 = 1/2 (bm came from Step 3.3). Consequently, the light transmission of each grid-pixel generated by our method is l冀bi [a(0) ]冁 = l冀bi [a(1) ]冁 = 1/2 where i = 1, 2,. . .,n.

By Definition 1, we have (i) L冀B1 [A(0) ]冁 = L冀B2 [A(0) ]冁 = . . . = L冀Bn [A(0) ]冁 = 1/2 and (ii) L冀B1 [A(1) ]冁 = L冀B2 [A(1) ]冁 = . . . = L冀Bn [A(1) ]冁 = 1/2. Since L冀Bi [A(0) ]冁 = L冀Bi [A(1) ]冁 = 1/2 where i = 1, 2,. . ., n, a random grid in the proposed (k,n) RG-based VSS scheme for binary secret images is meaningless by Definition 3. Lemma 4. Upon stacking p grid-pixels bi1 , bi2 , ..., and bip generated from secret pixel a in A by Step 3.1 (p < k) to form bi1 ⊕i2 ⊕···⊕ip = bi1 ⊕ bi2 ⊕ · · · ⊕ bip , the stacked result with the light transmission

l冀bi1 ⊕i2 ⊕···⊕ip [a(0) ]冁 = l冀bi1 ⊕i2 ⊕···⊕ip [a(1) ]冁 = (1/2)p , where p < k.

Proof. Assume {bi1 , bi2 , . . . , bip } is a subset of {b1 , b2 ,. . ., bk } produced by Step 3.1. In order to prove that the stacked pixel bi1 ⊕i2 ⊕···⊕ip is meaningless to a secret pixel in A for any set of integers {i1 , . . ., / {i1 , ip } ⊂ {1, 2, . . ., k}, we consider two cases: k ∈ {i1 , . . ., ip } and k ⊂ . . ., ip } where k means the last bit bk =  bk in Fig. 1. Case 1: k ∈ {i1 ,. . ., ip }. In this case, we consider bu ⊕ · · · ⊕ bv ⊕ bk

with u,. . ., v being the indices in {i1 ,. . ., ip } besides k. The bit  bk−1 should be recovered by bk−1 ⊕ bk . Assume that k − 1 ∈ {i1 ,. . ., ip }, then

bu ⊕ · · · ⊕ bv ⊕ bk · · · ⊕ bv−1 ⊕ bk = bu ⊕ · · · ⊕ bv−1 ⊕  bk−1 with u,. . ., (v − 1) being the indices in {i1 ,. . ., ip } besides k and k − 1, where bk ⊕ bk−1 probabilistically looks like the independent pixel

 bk−1 and the light transmission l冀bk−1⊕k 冁 = (1/2)2 by Lemma 1.

Actually, except bk , the other grid-pixels are generated by the function fc(0,1) so that they are independent of the corresponding secret pixel a. Hence, by stacking any p grid-pixels the light transmissions are obtained as l冀bi1 ⊕i2 ⊕···⊕ip [a(0) ]冁 =

l冀bu⊕u+1⊕···⊕v−1 ⊕ bk−1⊕k [a(0) ]冁 = (1/2)p−2 × (1/2)2 = (1/2)p and l冀bi1 ⊕i2 ⊕···⊕ip [a(1) ]冁 = l冀bu⊕u+1⊕···⊕v−1 ⊕ bk−1⊕k [a(1) ]冁 =

(1/2)p−2 × (1/2)2 = (1/2)p by Lemma 1. If k − 1 ∈ / {i1 ,. . ., ip }, then all p grid-pixels are independent and l冀bi1 ⊕i2 ⊕···⊕ip [a(0) ]冁 = l冀bi1 ⊕i2 ⊕···⊕ip [a(1) ]冁 = (1/2)p are obtained by Lemma 1. Case 2: k ∈ / {i1 ,. . ., ip }. Except for bk , b1 , b2 ,. . ., and bk−1 are created by the fc(0,1) and are independent of the secret pixel a so that the result of superimposing any p bits of indices {i1 ,. . ., ip } with l冀bi1 ⊕i2 ⊕···⊕ip [a(0) ]冁 = l冀bi1 ⊕i2 ⊕···⊕ip [a(1) ]冁 = (1/2)p by Lemma 1. Lemma 5. In the proposed (k,n) RG-based VSS scheme by random grids for binary secret images, stacking less than k random grids cannot reveal the secret image. Proof. By Lemma 4, we know that the stacked result, with the light transmission l冀bi1 ⊕i2 ⊕···⊕ip [a(0) ]冁 = l冀bi1 ⊕i2 ⊕···⊕ip [a(1) ]冁 = (1/2)p , of stacking any p grid-pixel bi1 ⊕i2 ⊕···⊕ip reveals the secret, where p < k. By Definition 1, upon stacking any p random grid, the average light transmission is L冀Bi1 ⊕i2 ⊕···⊕ip [A(0) ]冁 = L冀Bi1 ⊕i2 ⊕···⊕ip [A(1) ]冁 = (1/2)p . Based on Definition 3, stacking less than k random grids is meaningless.

Theorem 1 (Security). The proposed (k,n) RG-based VSS scheme for binary secret images is as secure as Kafri and Keren’s.

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

1201

Fig. 2. The diagram of randomly selecting grid-pixels.

Fig. 3. The experimental results of (2,4) RG-based VSS.

Proof. The proofs of Lemmas 3 and 5 hold so that each random grid in the proposed (k,n) RG-based VSS for binary secret images is meaningless and stacking less than k random grids cannot reconstruct the secret image. Thus, the proposed (k,n) is secure. Lemma 6. Assume stacking the grid-pixels b1 , b2 , ..., bk (Fig. 1) to form b1⊕2⊕· · ·⊕k = b1 ⊕ b2 ⊕ · · · ⊕ bk , where b1 , b2 , ..., bk are generated by Step 3.1.

(1) The light transmission of the corresponding pixel b1⊕2⊕· · ·⊕k with respect to the transparent pixel a in A is l冀b1⊕2⊕...⊕k [a(0) ]冁 = (1/2)k−1 .

(2) The light transmission of the corresponding pixel b1⊕2⊕· · ·⊕k with respect to the opaque pixel a in A is l冀b1⊕2⊕···⊕k [a(1) ]冁 = 0. Proof. (1) For a certain pixel b1⊕2⊕· · ·⊕k with respect to a transparent pixel a in A, we have b1⊕2⊕···⊕k [a(0) ] = b1 [a(0) ] ⊕ b2 [a(0) ]· · · ⊕ bk−1 [a(0) ] ⊕ bk [a(0) ] In fact, bits b1 [a(0) ], b2 [a(0) ], . . ., and bk−1 [a(0) ] are created by fc(0,1) and, thus, independent; thus light transmission of b1⊕2⊕· · ·⊕k−1 [a(0) ] is (1/2)k−1 by Lemma 1. i.e., l冀b1⊕2⊕...⊕k−1 [a(0) ]冁 = (1/2)k−1 . The corresponding pixel bk [a(0) ] concerning the transparent pixel a in the secret image A is generated by Eq.

1202

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

Fig. 4. The experimental results of (3,4) RG-based VSS.

(1)(1(a)):

l冀b1⊕2⊕···⊕k [a(0) ]冁 = l冀b1⊕2⊕···⊕k−1 [a(0) ] ⊕ bk [a(0) ]冁 =

l冀b1⊕2⊕···⊕k−1 [a(0) ] ⊕ bk−1 [a(0) ]冁 = l冀b1⊕2⊕···⊕k−1 [a(0) ]冁 = (1/2) (2) For a certain pixel b1⊕2⊕...⊕k of an opaque pixel a in A, we have k−1

(1) the light transmission of stacking any t grid-pixels in relation to a transparent pixel a in A is

 

l冀bi1 ⊕i2 ⊕···⊕it [a(0) ]冁 =

t k

 × ⎛

= b1 [a(1) ] ⊕ b2 [a(1) ]

Lemma 7. Given k grid-pixels b1 , b2 , ..., bk generated by Step 3.1 and n − k grid-pixels bk+1 , bk+2 , ..., bn are generated by function fc (0,1),

 ⎞ t

k ⎟ 1 t ⎜ + ⎜1 −   ⎟ × ⎝ 2 n ⎠

= b1 [a(1) ] ⊕ b2 [a(1) ]· · ·bk−3 [a(1) ] ⊕ bk−2 [a(1) ]

b2 [a(1) ] with respect to the opaque pixel The corresponding pixel  a is created by Eq. (1)(1(b)). Hence, b1⊕2⊕· · ·⊕k [a(1) ] is opaque, i.e., l冀b1⊕2⊕···⊕k [a(1) ]冁 = 0.

2

n k

b1⊕2⊕···⊕k [a(1) ] = b1 [a(1) ] ⊕ b2 [a(1) ]· · ·bk−1 [a(1) ] ⊕ bk [a(1) ] = b1 [a(1) ] ⊕ b2 [a(1) ]· · ·bk−2 [a(1) ] ⊕ bk−1 [a(1) ]

1 t−1

k (2) the light transmission of stacking any t grid-pixels with respect to an opaque pixel a in A is



 ⎞ t

k ⎟ 1 t ⎜ l冀bi1 ⊕i2 ⊕···⊕it [a(1) ]冁 = ⎜1 −   ⎟ × ⎝ 2 n ⎠ k where k ≤ t < n.

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

1203

Fig. 5. The experimental results of (2,4) RG-based VSS.

Proof. For t grid-pixels, ˛ grid-pixels are selected from b1 , b2 , ..., bk , generated by Step 3.1 and ˇ grid-pixels from bk+1 , bk+2 , ..., bn generated by Step 3.3 (Fig. 2). The proof considers two cases. Case 1: ˛ = k and ˇ = t − ˛. Case 2: ˛ < k and ˇ = t − ˛, where ˛ + ˇ = t. Before analyzing the following light transmissions, assume that the result of stacking the ˛ (resp. ˇ) grid-pixels is defined as ba (resp. bˇ ). (1) Computing l冀bi1 ⊕i2 ⊕...⊕it [a(0) ]冁 Case 1: ˛ = k and ˇ = t − ˛ ˛ = k implies that all grid-pixels generated by Step 3.1 are chosen. By Lemma 6(1), upon stacking these k grid-pixels as a pixel ba , the light transmission of ba with respect to the transparent pixel a in A is known as l冀b˛ [a(0) ]冁 = (1/2)˛−1 . Besides, upon stacking the selected ˇ grid-pixels generated by fc(0,1) as bˇ , its light transmission with respect to transparent pixel a in A is known as l冀bˇ [a(0) ]冁 = (1/2)ˇ by Lemma 1 (ba and bˇ are independent). Thus, the light transmission of bi1 ⊕i2 ⊕···⊕it regarding transparent pixel a in A is l冀bi1 ⊕i2 ⊕...⊕it [a(0) ]冁 = l冀b˛ [a(0) ]冁 × l冀bˇ [a(0) ]冁 = (1/2)˛−1 × (1/2)ˇ = (1/2)t−1 by Lemma 1.

Case 2: ˛ < k and ˇ = t − ˛ ˛ < k implies that less than k grid-pixels generated by Step 3.1 are chosen. By Lemma 4, upon stacking ˛ grid-pixels as a pixel b˛ , its light transmission in relation to the transparent pixel a in A is known as l冀b˛ [a(0) ]冁 = (1/2)˛ . Besides, upon stacking the selected ˇ grid-pixels generated by fc(0,1) as bˇ , the light transmission of bˇ with respect to the transparent pixel a in A is known as l冀bˇ [a(0) ]冁 = (1/2)ˇ by Lemma 1 (ba and bˇ are independent of each other). Thus, the light transmission of bi1 ⊕i2 ⊕···⊕it with respect to transparent pixel a in A is l冀bi1 ⊕i2 ⊕...⊕it [a(0) ]冁 = l冀b˛ [a(0) ]冁 × l冀bˇ [a(0) ]冁 = (1/2)˛ × (1/2)ˇ = (1/2)t by Lemma 1. By



n−k t−k

Case

1,

   /

n t

if

˛ = k,

we

have

  a

probability

k k

×

to select all k grid-pixels generated by Step

3.1 and ˇ (=(t − ˛)) grid-pixels generated   byStep 3.3.  InCase 2, if k n−k n ˛ < k, we have a probability 1 − × / to k t−k t pick up ˛ grid-pixels from the k ones generated by Step 3.1. Con-

1204

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

Fig. 6. The experimental results of (3,4) RG-based VSS.

 

sequently, upon stacking any t grid-pixels, the light transmission of bi1 ⊕i2 ⊕···⊕it with respect to transparent pixel a in A is



Prob(bi1 ⊕i2 ⊕...⊕it [a(0) ] = 0) = Prob(bi1 ⊕i2 ⊕...⊕it [a(0) ] = 0|˛ = k) + Prob(bi1 ⊕i2 ⊕...⊕it [a(0) ] = 0|˛ < k)

   k k

=

×

n−k t−k



 

×

n t

1 t−1 2

⎜ ⎝

+ ⎜1 −

  1 t

×

2

= ... =

t k

  



 ×

⎛ 1 t−1

n k

(by Lemma A1 in Appendix A).

2

k k

×

n−k t−k

  n t

⎞ ⎟ ⎟ ⎠

 ⎞ t

k ⎟ 1 t ⎜ + ⎜1 −   ⎟ × ⎝ 2 n ⎠ k

Precisely,

 ⎞

l冀bi1 ⊕i2 ⊕···⊕it [a(0) ]冁 =

t k

 × n k

1 t−1 2

+

t

k ⎟ t ⎜ ⎜1 −   ⎟ × 1 . ⎝ 2 n ⎠ k (2) Computing l冀bi1 ⊕i2 ⊕···⊕it [a(1) ]冁 Case 1: ˛ = k and ˇ = t − ˛ By Lemma 6(2), we have l冀b˛ [a(1) ]冁 = 0 and l冀bˇ [a(1) ]冁 = (1/2)ˇ by Lemma 1 (ba and bˇ are independent). Thus, the light transmission of bi1 ⊕i2 ⊕···⊕it in contrast to opaque pixel a in

 ˇ

= 0 by A is l冀bi1 ⊕i2 ⊕···⊕it [a(1) ]冁 = l冀b˛ [a(1) ]冁 × l冀bˇ [a(1) ]冁 = 0 × 12 Lemma 1. Case 2: ˛ < k and ˇ = t − ˛ By Lemma 4, we have l冀b˛ [a(1) ]冁 = (1/2)˛ and l冀bˇ [a(1) ]冁 = (1/2)ˇ by Lemma 1. Again, ba and bˇ are independent. Thus, light transmission of bi1 ⊕i2 ⊕···⊕it with respect to opaque pixel

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

 

a in A is l冀bi1 ⊕i2 ⊕...⊕it [a(1) ]冁 = l冀b˛ [a(1) ]冁 × l冀bˇ [a(1) ]冁 = (1/2)˛ ×

The numerator 2 ×

(1/2)ˇ = (1/2)t by Lemma 1. Consequently, upon stacking any t grid-pixels, the light transmission of bi1 ⊕i2 ⊕···⊕it in contrast to opaque pixel a in A is

   k k

Prob(bi1 ⊕i2 ⊕...⊕it [a(1) ] = 0) =

×

n−k t−k

n > t,

   k k

⎜ ⎝

+ ⎜1 −

×

  

 

=

×

n−k t−k

  n t

1 t

×

2

k k

⎜ ⎝

× 0 + ⎜1 −

×

n−k t−k

Proof. By 

n t



⎟ ⎟ ⎠

 ⎞ t

   

t n t / (2t + 1) × − , where k k k k ≤ t ≤ n. Thus its information is recognizable with the contrast greater than zero. 2×

Proof. Definition 1 shows the average light transmission of the corresponding areas if stacking any t random grids Bi1 ⊕i2 ⊕···⊕it with respect to transparent and opaque areas of secret image A is

1 h×w

h w  

    t k

n k

/



× (1/2)

+

t k

n k

/

×

(1/2)t by Lemma 7(1) and w h  

(ii) L冀Bi1 ⊕i2 ⊕···⊕it [A(1) ]冁 = (1/(h × w))



    t k

1−

/

l冀bi1 ⊕i2 ⊕...⊕it [a(1) ]冁 =

i=1 j=1

n k

   

=

/

n k

+ 1) ×

the  2,  −

t k

   

=

contrast

=

× (1/2)t by Lemma 7(2).

Hence, the contrast can be calculated by Definition 2 as t k

  

n k

A secret image Lena with the size of 1024 × 1024 is shown in Fig. 4(a). After encoding by the proposed (3,4) RG-based VSS, four random grids with the same size of Lena are generated as (Fig. 4(b)-(e)) noise; nobody can recognize the original secret from any random grid alone. The decoding phase stacks any pair of noise-like random grids as in Fig. 4(f)–(k). Stacking any three random grids lets a stacker recognize the secret information shown in Fig. 4(l)–(o) with contrast  = 2/35. All random grids stacked, the reconstructed secret is shown in Fig. 4(p) with contrast  = 1/8.

    1−

/

Theorem  (2t

5.2. Simulation 2: (3,4) RG-based VSS for binary images

l冀bi1 ⊕i2 ⊕···⊕it [a(0) ]冁 =

i=1 j=1 t−1



t k

A secret image A with the size of 1024 × 1024 is shown in Fig. 3(a). After encoding A by the proposed (2,4) RG-based VSS, four noise-like random grids (Fig. 3(b)–(e)) with the same size of A are generated; nobody can recognize the original secret information from any random grid alone. In the decoding phase, by stacking any pair of random grids, the secret information can be visually recovered (Fig. 3(f)–(k)) with contrast  = 2/29. By stacking any three random grids, we can recognize the secret information shown in Fig. 3(l)–(o) with contrast  = 2/17. When all random grids are stacked, the reconstructed secret is shown in Fig. 3(p) with contrast  = 1/8.

Theorem 2 (Contrast). The contrast of the superimposed results Bi1 ⊕i2 ⊕···⊕it in the proposed (k,n) RG-based VSS scheme for binary

(i) L冀Bi1 ⊕i2 ⊕···⊕it [A(0) ]冁 =

+1 ×

5.1. Simulation 1: (2,4) RG-based VSS for binary images

k

  

   



2t

To demonstrate the feasibility of the proposed (k,n) RG-based VSS scheme, we conducted four experiments.

k ⎟ 1 t ⎜ Precisely, l冀bi1 ⊕i2 ⊕···⊕it [a(1) ]冁 = ⎜1 −   ⎟ × .  ⎝ 2 n ⎠





5. Experimental results

k

images is  =

= (t(t − 1)· · ·(t − k + 1))/(1 ×

n n n / (2n + 1) × − = 2/2n = 1/2n−1 k k k in the proposed scheme is equal to that in Chen and Tsao (2009) by t = n.

t







k ⎟ 1 t ⎜ = . . . = ⎜1 −   ⎟ × ⎝ 2 n ⎠

(by Lemma A1 in Appendix A).

t k



= 2t + 1 × (n(n − 1)· · ·(n −

Remark 1. The previous (n,n) scheme in Chen and Tsao (2009) is treated as the special case of the proposed (k,n) RG-based VSS with the same contrast  = 1/2n−1 .

⎞

 

 ⎞



n k

n t − k k is greater than zero, so is the contrast , implying the secret information on the superimposed result is recognizable.

  



 



2t + 1 ×

2 × · · · × k). Hence, the denominator

⎟ ⎟ × Prob(bi ⊕i ⊕...⊕it [a(1) ] 1 2 ⎠





is always greater than zero. Given

 

⎞

n t

have

k + 1))/(1 × 2 × · · · × k) >

n t

 

= 0|˛ < k) k k

n−k t−k

we

t k



×Prob(bi1 ⊕i2 ⊕...⊕it [a(1) ] = 0|˛ = k)



1205



t−1

× (1/2)

+

   

1−

 1+

(by Lemma A2 in Appendix A).

t k

/

n k

 t

× (1/2) −

   

1−

t k

/

n k

× (1/2)t

    1−

t k

/

n k

  t

× (1/2)



t k

   

= ··· = (2t + 1) ×

n k



t k

1206

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

Table 2 Comparisons between related works and the proposed scheme. Comparisons

Naor and Shamir (1995)

Kafri and Keren (1987)

Shyu (2007)

Shyu (2009)

Chen and Tsao (2009)

Ours

Encryption method Pixel expansion Codebook needed The type of VSS Format of secret image

VC-based Yes Yes (n,n) and (k,n) Binary

RG-based No No (2,2) Binary

RG-based No No (2,2) Binary color

RG-based No No (n,n) and (2,n) Binary color

RG-based No No (n,n) and (2,n) Binary color

RG-based No No (k,n) Binary color

5.3. Simulation 3: (2,4) RG-based VSS for color images A color secret image AC with the size of 1024 × 1024 is shown in Fig. 5(a). After encoding AC by the proposed scheme in Section 3.2, four random grids with the same size of AC are generated shown in Fig. 5(b)–(e) noise-like and the original secret information is not recognizable from any random grid alone. In the decoding phase, stack any pair of random grids; the secret information can be visually disclosed, shown in Fig. 5(f)–(k). Stack any three random grids; the secret information can be recognizable clearly by user’s human visual system (Fig. 5(l)–(o)). All the random grids stacked, the reconstructed secret is shown in Fig. 5(p).

while the third is kept public and used to verify the other two embedded share images. Obviously, the abovementioned VCbased applications will profit more if the RG-based VSS scheme is adopted. (3) Image hiding: More and more VC researches combined with image hiding approaches (Chang et al., 2005; Fang and Lin, 2006) have been presented. In Chang et al. (2005), the secret image is encoded to two share images by (2,2) VC and the share images become cover images in the LSBs. In Fang and Lin (2006), two secret images are encoded into two share ones. If they are superimposed directly, the information of the first secret can be visibly disclosed. The information of the second secret is also recognizable by shifting one share image.

5.4. Simulation 4: (3,4) RG-based VSS for color images A color secret image AC with the size of 1024 × 1024 is shown in Fig. 6(a). After encoding AC by the proposed scheme in Section 3.2, four noise-like random grids with the same size of AC are generated as shown in Fig. 6(b)–(e): the original secret information is not recognizable from any random grid alone. In the decoding phase, stacking any pair of random grids cannot disclose the secret information, shown in Fig. 6(f)–(k). When stacking any three random grids, the secret information can be recognizable by users’ visual system as shown in Fig. 6(l)–(o). All random grids stacked, the reconstructed secret is shown in Fig. 6(p). Table 2 gives the functionality comparison between related works and the proposed scheme. Obviously, RG-based VSS is superior to VC-based VSS, especially in terms of avoiding pixel expansion. Furthermore, the proposed RG-based VSS presents a threshold method so that rendering some existing RG-based VSSs becomes the special cases of the proposed one 6. Applications The proposed methods are suitable for the VC-based applications. Before examining potential applications of the proposed RG-based VSS schemes, except for image encryption and visual secret sharing, we survey the research of VC-based applications: (1) Visual authentication: The scheme proposed in Naor and Pinkas (1997) might be the first research to give the solution for the problem of authentication by a human recipient without using any trustable computational device. The authentication method based on VC is natural and easy to use. (2) Digital watermarking: In Chen and Tsai (2006), a watermark is encoded to two share images by (2,2) VC. One share image is embedded in a protected image and the other a secret key for later watermark extraction. The other scheme (Chen et al., 2008) encodes a watermark into three share images by (2,3) VC. Two share images are embedded into the protected image

Nowadays, the VC-based applications are of wide use, including image encryption (Lukac and Plataniotis, 2005), visual authentication (Naor and Pinkas, 1997), digital watermarking (Chen and Tsai, 2006; Chen et al., 2008), image hiding (Chang et al., 2005; Fang and Lin, 2006), and so on. Therefore, it is of importance to redesign them in a way of slight modification by RG-based techniques.

7. Conclusions Although VC-based VSS is one important image secret sharing approach, its innate disadvantages make RG-based VSS a better candidate. Thus, it is worthwhile to propose a threshold RG-based VSS scheme. The main contributions of the proposed scheme are achieving the goals of (1) threshold RG-based VSS, (2) avoiding pixel expansion, and (3) no codebook to use. Previous (n,n) and (2,n) schemes (Chen and Tsao, 2008, 2009; Shyu, 2009) are the special cases of our threshold version.

Acknowledgement The authors would like to thank the anonymous referees for their valuable discussions and comments.

Appendix A. Appendix A

   Lemma A1. where 2 ≤ k ≤ n.

k k

×

n−k t−k

   /

n t

    =

t k

/

n k

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

Proof.

Since

   k k

×

n−k t−k

1207



  n t

=

1 × (((n − k)(n − k − 1)· · ·((n − k) − (t − k) + 1))/(1 × 2 × · · · × (t − k))) ((n(n − 1)· · ·(n − t + 1))/(1 × 2 × · · · × t))

=

(((n − k)(n − k − 1)· · ·(n − t + 1))/(1 × 2 × · · · × (t − k))) ((n(n − 1)· · ·(n − t + 1))/(1 × 2 × · · · × t))

=

1 × 2 × · · · × t × [(n − k)(n − k − 1)· · ·(n − t + 1)] 1 × 2 × · · · × (t − k) × [n(n − 1)· · ·(n − t + 1)]

=

1 × 2 × · · · × (t − k) × (t − k + 1) × · · · × t × [(n − k)(n − k − 1)· · ·(n − t + 1)] 1 × 2 × · · · × (t − k) × [n(n − 1)· · ·(n − k + 1)(n − k)(n − k − 1)· · ·(n − t + 1)]

=

t(t − 1)· · ·(t − k + 1) n(n − 1)· · ·(n − k + 1)

=

((t(t − 1)· · ·(t − k + 1))/(1 × 2 × · · · × k)) ((n(n − 1)· · ·(n − k + 1))/(1 × 2 × · · · × k))

  t

=

k

 , n k

we have

   k k

×

n−k t−k



 

 

t k

 

=

n t

n k

    t−1 1 t n /

k

×

k

2

Lemma A2.

 +

1−

    t 1 t n k

 1+

 

/

1−

×

k

2

 −

1−

    t 1 t n

    t 1 t n k

/

×

k

/

k

×

k

2

=

2

t k



   . (2t + 1) Proof.

n k



Since



t k

t k

/

n k

t−1

× (1/2)

+



t k

1−



1+

/

n k





1−

t k

/

t



× (1/2) −

n k



1−

t k

/

n k



t

× (1/2)



=

t

× (1/2)

1+

=

=

=

t k

n k

/

t−1

× (1/2)





1−

t

/

n

t k

n k

/

t

× (1/2)

k k

t−1

× (1/2)

  n k

n k

+



t k

t k



+

n



n k

t k



t−1

n k



t k





(2t + 1)

n k

×2







t k

t

× (1/2)

× (1/2)

× 2t +

=

/

t−1

k

t k



× (1/2)

  n k

t

× (1/2)

t k

t

× (1/2)

n k

1208

T.-H. Chen, K.-H. Tsao / The Journal of Systems and Software 84 (2011) 1197–1208

we have

    t k

/

n k

 × (1/2)t−1 +

    t k

1−

 1+

/

n k

 × (1/2)t −

   

1−

t k

/

n k

× (1/2)t

References Chang, C.C., Chuang, J.C., Lin, P.Y., 2005. Sharing a secret two-tone image in two graylevel images. In: Proceedings of the 11th International Conference on Parallel and Distributed Systems, vol. 2 , pp. 300–304. Chen, T.H., Tsai, D.S., 2006. Owner–customer right protection mechanism using a watermarking scheme and a watermarking protocol. Pattern Recognition 39 (8), 1530–1541. Chen, T.H., Tsao, K.H., 2008. Image encryption by (n,n) random grids. In: Proceedings of 18th Information Security Conference , Hualien. Chen, T.H., Tsao, K.H., 2009. Visual secret sharing by random grids revisited. Pattern Recognition 42, 2203–2217. Chen, T.H., Hung, T.H., Horng, G., Chang, C.M., 2008. Multiple watermarking based on visual secret sharing. International Journal of Innovative Computing Information and Control 4 (11), 3005–3026. Fang, W.P., 2007. Visual Cryptography in reversible style. In: Proceedings of the Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing , Kaohsiung, Taiwan. Fang, W.P., 2008. Friendly progressive visual secret sharing. Pattern Recognition 41 (April (4)), 1410–1414. Fang, W.P., Lin, J.C., 2006. Visual cryptography with extra ability of hiding confidential data. Journal of Electronic Imaging 15 (2), 023020-1–023020-7. Kafri, O., Keren, E., 1987. Encryption of pictures and shapes by random grids. Optics Letters 12 (6), 377–379. Lau, D.L., Arce, G.R., 2000. Modern Digital Halftoning. Marcel-Dekker, New York, pp. 52–89. Li, Z.N., Drew, M.S., 2004. Fundamentals of Multimedia. Pearson Prentice Hall. Lukac, R., Plataniotis, K.N., 2005. Bit-level based secret sharing for image encryption. Pattern Recognition 38 (5), 767–772.

 

    1−

t k

/

n k

× (1/2)t

t k



   .

= (2t + 1)

n k



t k

Naor, M., Pinkas, B., 1997. Visual authentication and identification. In: Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, Lecture Notes in Computer Science , Santa Barbara, California, USA, vol. 1294, pp. 322–336. Naor, M., Shamir, A., 1995. Visual cryptography. In: Proceedings of Advances in Cryptology: Eurocrypt94, Lecture Notes in Computer Science, vol. 950 , pp. 1–12. Shyu, S.J., 2007. Image encryption by random grids. Pattern Recognition 40 (3), 1014–1031. Shyu, S.J., 2009. Image encryption by multiple random grids. Pattern Recognition 42, 1582–1596. Shyu, S.J., Huanga, S.Y., Lee, Y.K., Wang, R.Z., Chen, K., 2007. Sharing multiple secrets in visual cryptography. Pattern Recognition 40, 3633–3651. Wu, H.C., Chang, C.C., 2005. Sharing visual multi-secrets using circle shares. Computer Standards & Interfaces 28 (1), 123–135. Tzung-Her Chen was born in Tainan, Taiwan, Republic of China, in 1967. He received the B.S. degree in Department of Information & Computer Education from National Taiwan Normal University in 1991 and the M.S. degree in Department of Information Engineering from Feng Chia University in 2001. In 2005, he received his Ph.D. degree in Department of Computer Science from National Chung Hsing University. He has been with Department of Computer Science and Information Engineering at National Chiayi University as Associate Professor. His research interests include information hiding, multimedia security, digital rights management, network security. He is an honorary member of the Phi Tau Phi Scholastic Honor Society. Kai-Hsiang Tsao is currently pursuing his M.S. degree in Department of Computer Science and Information Engineering from National Chiayi University. His research interests include information security, and image security.