Abstract
Visual Cryptography (VC) and Random Grids (RG) are both visual secret sharing (VSS) techniques, which decode the secret by stacking some authorized shares. It is claimed that RG scheme benefits more than VC scheme in terms of removing the problems of pixel expansion, tailor-made codebook design, and aspect ratio change. However, we find that the encryption rules of RGS are actually the matrices sets of probabilistic VCS. The transformation from RGS to PVCS is proved and shown by means of giving theoretical analysis and conducting some specific schemes. The relationship between codebook and computational complexity are analyzed for PVCS and RGS. Furthermore, the contrast of PVCS is no less than the one of RGS under the same access structure, which is shown by experimental results.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Visual secret sharing (VSS) techniques encrypt a secret image into several meaningless share images, and decrypt the secret by overlapping the some authorized shares. Due to the ease of decoding, VSS provides some new and secure imaging applications, e.g., visual authentication, steganography, and image encryption.
Visual cryptography scheme (VCS) was introduced by Naor and Shamir in Euro-crypt’94 [1]. The difference between visual cryptography and the traditional secret sharing schemes [2, 3] is the decryption process. Most secret sharing schemes are mainly realized by the computer, while visual cryptography schemes can decrypt secrets only with human eyes. In recent years, the studies of VCS focus on the general access structure [4], the optimization of the pixel expansion and the relative difference [5–8], and the grey and color images [9–12], etc.
In order to design the unexpanded shares, Ito et al. [13] firstly introduced a scheme without pixel expansion. Yang et al. [14, 15] provided a new model of visual cryptography scheme, in which the reconstruction of the secret image was probabilistic. In probabilistic model, the secret pixel is correctly reconstructed with probability. Thus, the quality of the reconstructed images depends on how big the probability is. The probabilistic scheme differs from the traditional VCS, which is now called deterministic scheme. The deterministic means that a white (black) original pixel can be represented in the reconstructed image by a set of subpixels with certain whiteness (blackness). Cimato et al. [16] introduced how to trade pixel expansion for the probability of a good reconstruction, which can be seen as a generalization of both the classical deterministic model and the probabilistic model.
Another VSS scheme is realized by Random Grids, which was proposed by Kafri and Keren in 1987 [17]. A binary secret image is encoded into two meaningless grids, which have the same size as the secret image. RG scheme (RGS) is mainly realized by using three different functions (f ran , f equ , f com ) recursively, and has no requirement of codebook which is the basis of VCS. Inspired of Kafri and Keren [17], Shyu [18] presented the other two RGSs to encrypt gray-level and color images in 2007. Later, Shyu [19] and Chen et al. [20, 21] proposed (2, n), (n, n) and (k, n) RGSs, which made further research.
In this paper, we mainly analyze the relationship between VCS and RGS, which is considered for the first time. It is found that the encryption rules of RGS are actually the set of distribution matrices in PVCS. In other words, there always exists a PVCS corresponding to every RGS. On the other hand, the corresponding RGS for every PVCS can not been guaranteed. Furthermore, the cost and contrast comparisons between RGS and PVCS are discussed in detail.
The rest of this paper is organized as follows. Section 2 briefly reviews RGS and PVCS. As the main part of this paper, Sect. 3 analyzes how to transform RGS into PVCS. Section 4 shows experimental results and discussions about the parameters of RGS and PVCS. Section 5 concludes the paper.
2 Related Studies
Prior to describing the proposed scheme, the reviews of RGS and PVCS are briefly introduced.
2.1 Random Grids Scheme
RGS mainly consists of three operations: (1) randomization, (2) complement, and (3) equivalence. The detailed definitions are given below.
Definition 1
(randomization) [20]. A random bit generation function
is used to create the pixel of cipher-grid. Precisely, a certain pixel r of a grid R is assigned the value 0 or 1 to represent the color white or black with the same probability 1/2. In other words, r = f ran (.) means P(r = 1) = P(r = 0) = 1/2.
Definition 2
(complement) [20]. According to a pixel r 1 of grid, say R 1, the complement function
turns r 1 inversely and assigns the inversed pixel value to a pixel r 2 of the other grid, say R 2. For instance, if r 1 is 0, the pixel value r 2 = 1 is obtained, i.e., r 2 = f com (r 1 = 0) = 1.
Definition 3
(equivalence) [20]. The equivalence function
referring to a pixel r 1 of grid R 1 assigns the same pixel value to a pixel r 2 of the other grid R 2. For instance, if r 1 is 0, the pixel value r 2 = 0 is obtained. In other words, r 2 = f equ (r 1 = 0) = 0.
Definition 4
(Representation of corresponding area) [20]. Assume that A(0) (resp. A(1)) is the corresponding area of all the white (resp. black) pixels in the secret image A, where A = A(0) ∪ A(1) and A(0) ∩ A(1) = ∅. Hence, B[A(0)] (resp. B[A(1)]) is the corresponding area of all the white (resp. black) pixels in the binary image B, which is reconstructed by the VSS scheme based on RG, with respect to the secret image A.
Definition 5
(Average light transmission) [20]. For a certain pixel r in a binary image B, the light transmission of a white (resp. black) pixel is defined as t(r) = 1 (resp. 0). In addition, for B with the size of h × w, the average light transmission of B is defined as
Definition 6
(Contrast) [20]. The contrast of the superimposed binary image B with respect to the original secret image A is,
\( \alpha \) would be as large as possible. In other words, the larger the value of \( \alpha \), the more recognizable the superimposed secret will be.
Since the recovery of the secret images depends on the human visual system, the contrast of superimposed secret images plays a critical role in guaranteeing that the superimposed image can be visually recognized as the exact secret message. Consequently, the following definition is given.
Definition 7
(Visually recognizable) [20]. The reconstructed binary image B with respect to the original secret A by superimposing two RG is visually recognizable in the sense, at least, that its contrast is greater than or equal to a threshold value which is greater than zero. In principle, if the reconstructed binary image can be recognizable, \( \alpha \) must be greater than zero. The numerator of \( \alpha \) is T(B[A(0)]) − T(B[A(1)]) that causes \( \alpha \) to be a non-zero value. Therefore, if T(B[A(0)]) is greater than T(B[A(1)]), B is visual recognizable. On the contrary, if T(B[A(0)]) is equal to or less than T(B[A(1)]), B is meaningless.
2.2 Probabilistic Visual Cryptography Scheme
In a probabilistic scheme, the recovery property cannot be guaranteed. Each pixel can be correctly reconstructed only with a probability given as a parameter of the scheme. Given a qualified set of participants Q, let p i|j denote the probability of having a reconstructed pixel i, and the corresponding pixel in the secret image is j, where i, j ∈ {0, 1}. Then p 0|0 (Q) denotes the probability of correctly reconstructing a white pixel when stacking the shares of Q, and p 1|0 (Q) is the probability of incorrectly reconstructing a white pixel. In a similar way p 1|1 (Q) and p 0|1 (Q) can be defined. The formal definition of a β-probabilistic visual cryptography scheme is as follow.
Definition 8
(Probabilistic VCS) [15]. A (Γ Qual, Γ Forb, m, β) -PVCS consists of two collections of n × m binary matrices, C 0 and C 1, satisfying the following properties:
1. (Contrast property) For any set Q = {i 1, i 2, …, i q } ∈ Γ Qual , there exists β > 0 such that p 1|1 (Q) − p 1|0 (Q) ≥ β and p 0|0 (Q) − p 0|1 (Q) ≥β
2. (Security property) For any set F = {i 1, i 2, …, i f } ∈ Γ Forb , the two collections of f × m matrices D t, with t ∈ {0, 1}, obtained by restricting each n × m matrix in C t to rows i 1, i 2, …, i p are indistinguishable in the sense that they contain the same matrices with the same frequencies.
In this paper, we mainly use PVCS scheme with no pixel expansion, that is having m = 1. Suppose \( C_{0} = \{ M_{0}^{1} ,M_{0}^{2} , \cdots ,M_{0}^{c0} \} \), \( C_{1} = \{ M_{1}^{1} ,M_{1}^{2} , \cdots ,M_{1}^{c1} \} \), S[i, j] is the i-th row and j-th column pixel in secret image S, n shares denoted as {R 1, R 2, …, R n }. The secret sharing algorithm of PVCS only needs two steps: select and distribute.
- Select::
-
if S[i, j] = 0, generate a random number k ∈ [1, …, c 0], \( M = M_{0}^{k} \).
else S[i, j] = 1, generate a random number k ∈ [1, …, c 1], \( M = M_{1}^{k} \).
Distribute: (R 1[i, j], R 2[i, j], …, R n [i, j])T = M.
Example 1.
(2, 2) -PVCS
\( C_{0} = \left\{ {\left[ {\begin{array}{*{20}c} 1 \\ 1 \\ \end{array} } \right],\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right]} \right\} \),\( C_{1} = \left\{ {\left[ {\begin{array}{*{20}c} 1 \\ 0 \\ \end{array} } \right],\left[ {\begin{array}{*{20}c} 0 \\ 1 \\ \end{array} } \right]} \right\} \). For this scheme, m = 1, p 1|1 = 1, p 1|0 = 1/2, p 0|0 = 1/2, p 0|1 = 0, and β = p 1|1 − p 1|0 = p 0|0 − p 0|1 = 1/2.
3 A Transformation from RGS to PVCS
In RGS, the random grids are with the same size of the original secret image. The sharing algorithm of RGS relies on iterations and loops, which has no requirement of designing a codebook. Although RGS is called removing the problems of pixel expansion, tailor-made codebook design, and aspect ratio change in VCS [20], we find that the encryption rules of RGS are actually the matrices sets of PVCS. In this section we will show how to transform a RGS into a PVCS with the same contrast and security.
Definition 9
(sets of encryption rules). Let E 0 = {f 1, f 2, …, f e0} and E 1 = {g 1, g 2, …, g e1} be two sets, where f i and g j are both n × 1 Boolean vector (i ∈ [1, …, e 0], j ∈ [1, …, e 1]). f i denotes the i-th encryption rule by which a white pixel is encrypted, while g j denotes the j-th encryption rule by which a black pixel is encrypted. We call E 0 and E 1 the sets of encryption rules, which represent all of the encryption rules of a RGS.
Definition 10.
r denotes a random Boolean number, where r = 0 or 1 with the same probability 1/2. Let [r] denote two 1 × 1 matrices [1] and [0]. Suppose x is a Boolean number, let \( \left[ \begin{gathered} r \\ x \\ \end{gathered} \right] \) denote two 2 × 1 matrices \( \left[ \begin{gathered} 0 \\ x \\ \end{gathered} \right] \) and \( \left[ \begin{gathered} 1 \\ x \\ \end{gathered} \right] \). Suppose r 1 is another random Boolean number which is independent with r, let \( \left[ \begin{gathered} r \\ r_{1} \\ \end{gathered} \right] \) denote four 2 × 1 matrices \( \left[ \begin{gathered} 0 \\ 0 \\ \end{gathered} \right] \), \( \left[ \begin{gathered} 0 \\ 1 \\ \end{gathered} \right] \), \( \left[ \begin{gathered} 1 \\ 0 \\ \end{gathered} \right] \) and \( \left[ \begin{gathered} 1 \\ 1 \\ \end{gathered} \right] \). Suppose M = {M 1, M 2, …, M m } is a set of n × 1 matrices, let \( \left[ \begin{gathered} r \\ M \\ \end{gathered} \right] \) denote 2m (n + 1) × 1 matrices \( \left[ \begin{gathered} 0 \\ M_{1} \\ \end{gathered} \right] \), \( \left[ \begin{gathered} 1 \\ M_{1} \\ \end{gathered} \right] \), \( \left[ \begin{gathered} 0 \\ M_{2} \\ \end{gathered} \right] \), \( \left[ \begin{gathered} 1 \\ M_{2} \\ \end{gathered} \right] \),…, \( \left[ \begin{gathered} 0 \\ M_{m} \\ \end{gathered} \right] \), \( \left[ \begin{gathered} 1 \\ M_{m} \\ \end{gathered} \right] \).
3.1 (2, 2)-RGS
Chen et al. proposed three different kinds of (2, 2)-RGSs, which were the basic model of RGS. In this section, we firstly analyze the sets of encryption rules of (2, 2)-RGS, and then prove that E 0 and E 1 are also the sets of distribution functions.
Algorithm 1.
(2, 2) 1 -RGS [20]
Input: A binary secret image S = {S[i, j]| S[i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]}
Output: Two cipher-grids R 1 = {R 1[i, j]| R 1[i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]} and R 2 = {R 2[i, j]| R 2[i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]}
Step 1. R 1[i, j] = f ran (.), for all i and j. // Create R 1 as a cipher-grid
Step 2. R 2[S(0)] = f equ (R 1[S(0)]). // Create the white area of R 2 corresponding to S by R 1
Step 3. R 2[S(1)] = f com (R 1[S(1)]). //Create the black area of R 2 corresponding to S by R 1
The construction of encryption rules of Algorithm 1 will be described in detail, which is in accordance with the steps in Algorithm 1. The construction is as follows.
Step 1. \( E_{0} = \left\{ {[r]} \right\},E_{1} = \left\{ {[r]} \right\}R_{1} \), where r is a random Boolean number.
Step 2. \( E_{0} = \left\{ {\left[ \begin{gathered} r \\ r \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \).
Step 3. \( E_{1} = \left\{ {\left[ \begin{gathered} r \\ {\bar{r}} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \), where \( \bar{r} \) is the complement of r.
Since r ∈ {0,1}, we have \( E_{0} = \left\{ {\left[ \begin{gathered} 1 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} 1 \\ 0 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \) finally.
Theorem 1.
E 0 and E 1 of (2, 2)1-RGS are the sets of distribution functions of (2, 2)-PVCS.
Proof.
(1) Contrast property. For two participants, p 1|1 = 1, p 1|0 = 1/2, p 0|0 = 1/2 and p 0|1 = 0. There exist β = 1/2 satisfying p 1|1 − p 1|0 ≥ β and p 0|0 (Q) − p 0|1 (Q) ≥ β. Therefore, E 0 and E 1 satisfy the contrast property of Definition 2.
(2) Security property. For single participant, let D t (t ∈ {0, 1}) denote the set of matrices, obtained by restricting each n × 1 matrix in E t to the single row. Since D 0 = D 1 = {[0], [1]}, E 0 and E 1 satisfy the security property of Definition 2.
To sum up, E 0 and E 1 are the sets of distribution functions of (2, 2)-PVCS. ∎
Algorithm 2.
(2, 2) 2 -RGS [20]
Input and Output are as same as Algorithm 1.
Step 1. R 1[i, j] = f ran (.), for all i and j. // Create R 1 as a cipher-grid
Step 2. R 2[S(0)] = f equ (R 1[S(0)]). // Create the white area of R 2 corresponding to S by R 1
Step 3. R 2[S(1)] = f ran (.), for all i and j. // Create the black area of R 2 corresponding to S
The construction of encryption rules of Algorithm 2 is as follows.
Step 1. \( E_{0} = \left\{ {[r]} \right\},E_{1} = \left\{ {[r]} \right\}R_{1} \), where r is a random Boolean number.
Step 2. \( E_{0} = \left\{ {\left[ \begin{gathered} r \\ r \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \).
Step 3. \( E_{1} = \left\{ {\left[ \begin{gathered} r \\ r_{1} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \), and r 1 is another random number, which is independent with r.
Since r ∈ {0,1} and r 1 ∈ {0,1}, \( E_{0} = \left\{ {\left[ \begin{gathered} 1 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} 1 \\ 0 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 1 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \) can be gotten.
Theorem 2.
E 0 and E 1 of (2, 2)2-RGS are the sets of distribution functions of (2, 2)-PVCS.
Proof.
(1) Contrast property. For two participants, p1|1 = 3/4, p1|0 = 1/2, p0|0 = 1/2 and p0|1 = 1/4. There exist β = 1/4 satisfying p1|1 − p1|0 ≥ β and p0|0 (Q) − p0|1 (Q) ≥ β. Therefore, E0 and E1 satisfy the contrast property of Definition 2.
(2) Security property. For single participant, let D t (t ∈ {0, 1}) denote the set of matrices, obtained by restricting each n × 1 matrix in E t to the single row. Since D 0 = {[0], [1]} and D 1 = {[0], [0], [1], [1]}, D 0 and D 1 contain the same matrices ([0], [1]) with the same frequencies (1/2). Therefore, E 0 and E 1 satisfy the security property of Definition 2.
To sum up, E 0 and E 1 are the sets of distribution functions of (2, 2)-PVCS. ■
Algorithm 3.
(2, 2) 3 -RGS [20]
Input and Output are as same as Algorithm 1.
Step 1. R 1[i, j] = f ran (.), for all i and j. // Create R 1 as a cipher-grid
Step 2. R 2[S(0)] = f ran (R 1[S(0)]). // Create the white area of R 2 corresponding to S by R 1
Step 3. R 2[S(1)] = f com (.), for all i and j. // Create the black area of R 2 corresponding to S
The construction of encryption rules of Algorithm 3 is as follows.
Step 1. \( E_{0} = \left\{ {[r]} \right\},E_{1} = \left\{ {[r]} \right\}R_{1} \), where r is a random Boolean number.
Step 2. \( E_{0} = \left\{ {\left[ \begin{gathered} r \\ r_{1} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \), and r 1 is another random number, which is independent with r.
Step 3. \( E_{1} = \left\{ {\left[ \begin{gathered} r \\ {\bar{r}} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \), where \( \bar{r} \) is the complement of r.
Since r ∈ {0,1} and r 1 ∈ {0,1}, \( E_{0} = \left\{ {\left[ \begin{gathered} 1 \\ 0 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 1 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} 1 \\ 0 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \) can be gotten.
Theorem 3.
E 0 and E 1 of (2, 2)3-RGS are the sets of distribution functions of (2, 2)-PVCS.
The proof is like as the proof of Theorem 2.
3.2 (n, n)-RGS
In this section, the n-out-of-n RGS is discussed. It is extended from the (2, 2)-RGS to form a general model. When encrypting the secret image into n cipher-grids, the (n, n)-RGS will recall the (2, 2)1-RGS (n − 1) times.
Algorithm 4.
( n, n )-RGS [20]
Input: A binary secret image: S = {S[i, j]| S[i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]} and a number of cipher-grids: n.
Output: n cipher-grids: R k = {R k [i, j]| R k [i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]}, where k = 1, 2,…, n
Step 1. R 1||ℜ2 = (2, 2)1-RGS(S). // Create R 1, ℜ2 as two cipher-grids
Step 2. If (n > 2) { for k = 2 to n − 1 R k || ℜ k+1 = (2, 2)1-RGS(ℜ k )} // Create R 2 ~ R n − 1 as cipher-grids recursively
Step 3. R n = ℜ n . // Create R n as the last cipher-grid
The construction of encryption rules of Algorithm 4 is as follows.
Step1. \( E_{0}^{2} = \left\{ {\left[ \begin{gathered} 1 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ \end{gathered} \right]} \right\},E_{1}^{2} = \left\{ {\left[ \begin{gathered} 1 \\ 0 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {\Re_{2} } \\ \end{array} \).
Step2. \( E_{0} = \left\{ {\left[ \begin{gathered} 1 \\ E_{1}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ E_{0}^{2} \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} 1 \\ E_{0}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ E_{1}^{2} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {\Re_{2} } \\ \end{array} . \)
Step2’. \( E_{0} = \left\{ {\left[ \begin{gathered} 1 \\ 1 \\ E_{0}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 1 \\ 0 \\ E_{1}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ E_{1}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ E_{0}^{2} \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} 1 \\ 1 \\ E_{1}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 1 \\ 0 \\ E_{0}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 1 \\ E_{0}^{2} \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ E_{1}^{2} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ {\Re_{3} } \\ \end{array} \)
……
Step 3. E 0 is the set of all Boolean vectors of length n with an even number of ones, and E 1 is the set of all Boolean vectors of length n with an odd number of ones. Hence, | E 0| = | E 1|= 2n − 1.
Theorem 4.
E 0 and E 1 of (n, n)-RGS are the sets of distribution functions of (n, n)-PVCS.
Proof.
(1) Contrast property. For n participants, p 1|1 = 1, p 1|0 = 1 – 21 − n, p 0|0 = 21 − n and p 0|1 = 0. There exist β = 21 − n satisfying p 1|1 − p 1|0 ≥ β and p 0|0 (Q) − p 0|1 (Q) ≥ β. Therefore, E 0 and E 1 satisfy the contrast property of Definition 2.
(2) Security property. Let B 0 (resp. B 1) be a n × 2n − 1 matrix, which is constructed by connecting all vectors of E 0 (resp. E 1). It is interesting that B 0 and B 1 are the basis matrices of (n, n)-VCS proposed by Naor and Shamir [1]. Therefore, E 0 and E 1 satisfy the security property of Definition 2.
To sum up, E 0 and E 1 are the sets of distribution functions of (n, n)-PVCS. ∎
3.3 (2, n)-RGS
In this section, the 2-out-of-n RGS is analyzed. Assume a secret image S will be encrypted into n cipher-grids R 1, R 2, …, R n . The decryption process is superimposing directly any pair of cipher-grids and the original secret can be disclosed.
Algorithm 5.
(2, n )-RGS [20]
Input: A binary secret image: S = {S[i, j]| S[i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]} and a number of cipher-grids: n.
Output: n cipher-grids: R k = {R k [i, j]| R k [i, j] ∈ {0, 1}, i ∈ [1, 2,…, h], j ∈ [1, 2, …, w]}, where k = 1, 2,…, n
Step 1. R 1[i, j] = f ran (.), for all i and j. // Create R 1 as a cipher-grids
Step 2. For k = 2 to n // Create R 2 ~ R n as cipher-grids repeatedly
The construction of encryption rules of Algorithm 5 is as follows.
Step1. \( E_{0} = \left\{ {\left[ r \right]} \right\},E_{1} = \left\{ {\left[ r \right]} \right\}R_{1} \)
Step2. \( E_{0} = \left\{ {\left[ \begin{gathered} r \\ r \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} r \\ r_{1} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ {R_{2} } \\ \end{array} \)
Step3. \( E_{0} = \left\{ {\left[ \begin{gathered} r \\ r \\ r \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} r \\ r_{1} \\ r_{2} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ R_{2} \\ R_{3} \\ \end{array} \) \( \Rightarrow E_{0} = \left\{ {\left[ \begin{gathered} 1 \\ 1 \\ 1 \\ \end{gathered} \right],\left[ \begin{gathered} 0 \\ 0 \\ 0 \\ \end{gathered} \right]} \right\}, \)
……
Step n. \( E_{0} = \left\{ {\left[ \begin{gathered} r \\ r \\ \ldots \\ r \\ \end{gathered} \right]} \right\},E_{1} = \left\{ {\left[ \begin{gathered} r \\ r_{1} \\ \ldots \\ r_{n - 1} \\ \end{gathered} \right]} \right\}\begin{array}{*{20}c} {R_{1} } \\ R_{2} \\ \ldots \\ R_{n} \\ \end{array} \). r, r 1, …, r n − 1 are random Boolean numbers, where any one of them is independent with others. Hence, | E 1| = 2 and | E 1| = 2n.
Theorem 5.
E 0 and E 1 of (2, n)-RGS are the sets of distribution functions of (2, n)-PVCS.
Proof.
(1) Contrast property. For two participants, p1|1 = 3/4, p1|0 = 1/2, p0|0 = 1/2 and p0|1 = 1/4. There exist β=1/4 satisfying p1|1 − p1|0 ≥ β and p0|0 (Q) − p0|1 (Q) ≥ . Therefore, E0 and E1 satisfy the contrast property of Definition 2.
(2) Security property. For single participant, let D t (t ∈ {0, 1}) denote the set of matrices, obtained by restricting each n × 1 matrix in E t to the single row. Since D 0 = {[0], [1]} and D 1 consists of 2n−1 [0] and 2n−1 [1], D 0 and D 1 contain the same matrices ([0], [1]) with the same frequencies (1/2). Therefore, E 0 and E 1 satisfy the security property of Definition 2.
To sum up, E 0 and E 1 are the sets of distribution functions of (2, n)-PVCS. ∎
3.4 (k, n)-RGS
In this section, (k, n)-RGS can encode a binary secret image S with the size of h × w into n random grids, denoted as {R 1, R 2, …, R n }, which are so noise-like that no one can recognize the original secret information by any set of less than k random grids. In the decoding process, if participants collect and superimpose k or more random grids, denoted as {R i1, R i2, …, R ik } where {i 1, i 2,…, i k } ⊆ {1, 2,…, n}, the secret information can be disclosed by human visual system without extra computation cost.
Algorithm 6.
( k, n )-RGS [21]
Step 1. Exploit traditional RGS to encode a pixel S[i, j] ∈ S so that two bits R 1 and ℜ2 are obtained, [i, j] being the pixel position in the secret image (i ∈ [1, … , h] and j ∈ [1, … , w]). Encode ℜ2 in the same way to generate two bits R 2 and ℜ3. Repeat this operation until R 1, R 2, …, ℜ k are generated (the final bit ℜ k represented as R k ).
Step 2. The generated k bits are dispatched into k randomly selected random grid pixels { R i1[i, j], R i2[i, j], … , R ik [i, j]}, a subset of { R 1[i, j], R 2[i, j], … , R n [i, j]}; these k bits are arranged at the same spatial location, say [i, j], in the individual random grids R i1, R i2 , …, and R ik .
Step 3. Lastly, the (n − k) bits located in the same location [i, j] of the remaining (n−k) random grids { R 1, R 2, … , R n} − { R i1, R i2 , …, R ik } are generated by the function f ran (.) used to randomly select “0” or “1”, representing a transparent or opaque pixel, respectively.
Step 4. Repeat Steps 1~3 until all pixels S[i, j] of secret image S are done.
The construction of encryption rules of Algorithm 6 is as follows.
\( E_{0}^{k} \) and \( E_{1}^{k} \) are the encryption rules of (n, n)-RGS in Algorithm 4.
| E 0| = | E 1| = C(n, k) × 2k − 1 × 2n − k = C(n, k) × 2n− 1.
Theorem 6.
E 0 and E 1 of (k, n)-RGS are the sets of distribution functions of (k, n)-PVCS.
Proof.
(1) Contrast property. For k participants, p 1|1 − p 1|0 = \( \frac{1}{{C(n,k) \times 2^{n - 1} }} \). Since p 0|1 = 1 − p 1|1 and p 0|0 = 1 − p 1|0, we have β = p 0|0 − p 0|1 = p 1|1 − p 1|0 = \( \frac{1}{{C(n,k) \times 2^{n - 1} }} \). Therefore, E 0 and E 1 satisfy the contrast property of Definition 2.
(2) Security property. For k − 1 participant, let D t (t ∈ {0, 1}) denote the set of matrices, obtained by restricting each n × 1 matrix in E t to the k − 1 rows. Every matrix of D 0 (resp. D 1) has the character that i (i ∈ [0,…, k − 1]) rows are from \( E_{0}^{k} \)(resp. \( E_{1}^{k} \)) and the other k – 1 − i rows are random Boolean numbers. According to the security of \( E_{0}^{k} \) and \( E_{1}^{k} \), we have \( D_{0}^{i} = D_{1}^{i} \) for any i (i ∈ [0,…, k–1]) participants. Therefore, D 0 = D 1, which means that E 0 and E 1 satisfy the security property of Definition 2.
To sum up, E 0 and E 1 are the sets of distribution functions of (k, n)-PVCS. ∎
4 Experimental Results and Discussions
4.1 Codebook and Computational Complexity
The encryption of PVCS relies on codebook C 0 and C 1, which is easy to generate shares but needs more storage space costs than RGS. The encryption of RGS is realized by several recursive computing steps, which does not need codebook but requires more computing resources than PVCS.
Generally speaking, the complexity evaluation of an algorithm contains two aspects: space and time. PVCS and RGS are just good at one point, respectively. In some sense, PVCS and RGS are complementation for each other.
4.2 Contrasts of PVCS and RGS
The evaluation of contrast property in PVCS is \( \beta \) = p 0|0 − p 0|1. In RGS, the recovery image is evaluated by \( \alpha = \frac{T(B[A(0)]) - T(B[A(1)])}{1 + T(B[A(1)])} \). α is used for measuring decrypted image as a whole. Since each pixel in original image is encrypted independently, we have \( T(B[A(0)]) = p_{0|0} \) and \( T(B[A(1)]) = p_{0|1} \). Therefore,
The recovery effects of PVCS and RGS can be compared under the same parameter α or β. For each RGS, there always exists a PVCS corresponding to it. However, transforming any PVCS to RGS can not be guaranteed, since some PVCSs can not be expressed by just f equ , f ran and f com . Therefore, for (k, n) scheme, we have the following equations:
Taking (3, 4) scheme for example, a secret image S of size 512 × 512 pixels is encrypted. RGS is realized according to Algorithm 6. For PVCS, we construct C 0 and C 1 as follows.
Figure 1 shows the results of (3, 4)-RGS and (3, 4)-PVCS, which encrypt secret S (Fig. 1(a)) into four random grids and shares, respectively. Nobody can recognize the original secret from single grid (Fig. 1(b)) or single share (Fig. 1(c)). Figure 1(d)–(e) show the noise-like decoding effects of two grids and two shares, respectively. The secret information can be recognized by stacking three grids or three shares, shown in Fig. 1(f)–(g) with contrast \( \alpha_{RGS} = {2 \mathord{\left/ {\vphantom {2 {35}}} \right. \kern-0pt} {35}} \) < \( \alpha_{PVCS} = {1 \mathord{\left/ {\vphantom {1 7}} \right. \kern-0pt} 7} \). All grids or shares stacked, the reconstructed secrets are shown in Fig. 1(h) and Fig. 1(i) with contrast \( \alpha_{RGS} = {1 \mathord{\left/ {\vphantom {1 8}} \right. \kern-0pt} 8} \) < \( \alpha_{PVCS} = {1 \mathord{\left/ {\vphantom {1 3}} \right. \kern-0pt} 3} \).
5 Conclusion
The relationship between VCS and RGS is analyzed for the first time. It is interesting that the encryption rules of RGS are actually the set of distribution matrices in PVCS. Considering the costs of algorithms, PVCS is good at the computational complexity while RGS has advantage in no codebook needed. Generally speaking, the contrast of PVCS is better than RGS under the same access structure. Our future work is how to improve the contrast of RGS.
References
Naor, M., Shamir, A.: Visual cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995)
Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)
Blakley, G.R.: Safeguarding cryptographic keys. In: Merwin, R.E., Zanca, J.T., Smith, M. (eds.) National Computer Conference, vol. 48, pp. 242–268. IEEE, New York (1979)
Ateniese, G., Blundo, C., Santis, A.D., Stinson, D.R.: Visual cryptography for general access structures. Inf. Comput. 129, 86–106 (1996)
Hsu, C.-S., Tu, S.-F., Hou, Y.-C.: An optimization model for visual cryptography schemes with unexpanded shares. In: Esposito, F., Raś, Z.W., Malerba, D., Semeraro, G. (eds.) ISMIS 2006. LNCS (LNAI), vol. 4203, pp. 58–67. Springer, Heidelberg (2006)
Liu, F., Wu, C., Lin, X.: Step construction of visual cryptography schemes. IEEE Trans. Inf. Forensics Secur. 5, 27–38 (2010)
Shyu, S.J., Chen, M.C.: Optimum pixel expansions for threshold visual secret sharing schemes. IEEE Trans. Inf. Forensics Secur. 6, 960–969 (2011)
Yang, C.N., Wang, C.C., Chen, T.S.: Visual cryptography schemes with reversing. Comput. J. bxm118, pp. 1–13 (2008)
Lin, C.C., Tai, W.H.: Visual cryptography for gray-level images by dithering techniques. Pattern Recogn. Lett. 24, 349–358 (2003)
Cimato, S., Prisco, R.D., Santis, A.D.: Optimal colored threshold visual cryptography schemes. Des. Codes Crypt. 35, 311–335 (2005)
Yang, C.N., Chen, T.S.: Colored visual cryptography scheme based on additive color mixing. Pattern Recogn. 41, 3114–3129 (2008)
Shyu, S.J.: Efficient visual secret sharing scheme for color images. Pattern Recogn. 35, 866–880 (2006)
Ito, R., Hatsukazu, T.: Image size invariant visual cryptography. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E82-A, 2172–2177 (1999)
Yang, C.N.: New visual secret sharing schemes using probabilistic method. Pattern Recogn. Lett. 25, 481–494 (2004)
Yang, C.N., Chen, T.S.: Size-adjustable visual secret sharing schemes. IEICE Trans. Fundam. E88-A, 2471–2474 (2005)
Cimato, S., Prisco, R.D., Santis, A.D.: Probabilistic visual cryptography schemes. Comput. J. 49, 97–107 (2006)
Kafri, O., Keren, E.: Encryption of pictures and shapes by random grids. Opt. Lett. 12, 377–379 (1987)
Shyu, S.J.: Image encryption by random grids. Pattern Recogn. 40, 1014–1031 (2007)
Shyu, S.J.: Image encryption by multiple random grids. Pattern Recogn. 42, 1582–1596 (2009)
Chen, T.H., Tsao, K.H.: Visual secret sharing by random grids revisited. Pattern Recogn. 42, 2203–2217 (2009)
Chen, T., Tsao, K.: Threshold visual secret sharing by random grids. J. Syst. Softw. 84, 1197–1208 (2011)
Acknowledgment
This work was supported by the National Natural Science Foundation of the People’s Republic of China under Grant No. 61070086. The authors would like to thank the anonymous reviewers for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fu, Zx., Yu, B. (2014). Visual Cryptography and Random Grids Schemes. In: Shi, Y., Kim, HJ., Pérez-González, F. (eds) Digital-Forensics and Watermarking. IWDW 2013. Lecture Notes in Computer Science(), vol 8389. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43886-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-43886-2_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43885-5
Online ISBN: 978-3-662-43886-2
eBook Packages: Computer ScienceComputer Science (R0)