1st Int’l Conf. on Recent Advances in Information Technology | RAIT-2012 |
Random Sequence based Secret Sharing of an Encrypted Color Image Shyamalendu Kandar
Bibhas Chandra Dhara
Department of Computer Sc. & Engineering Haldia Institute of Technology, Haldia, India
[email protected]
Department of Information Technology Jadavpur University, Kolkata, India
[email protected]
Abstract: Secret sharing was first proposed by Shamir and Blakley individually. It refers to a method of distributing secret information amongst a group of individuals say n, each of whom is allocated a share of the secret information. The secret can only be reconstructed when a sufficient number of individuals’ shares say k are combined together. The existing Secret sharing schemes are complex and depend on intensive mathematical calculation. Secret sharing technique has lack of security as from a sufficient number of shares secret information can easily be retrieved. In this current work we have taken a color image as a secret and have proposed a new technique called random sequence which needs very less computation for k-n secret sharing. For security purpose the image is encrypted by bit sieving with another image used as a key. Keywords: Secret Sharing, Random Sequence, Bit sieve
I. INTRODUCTION In digital imaging pixel (picture element) is the smallest element constructing a raster image [1]. Pixel consists on finite number of bit. In a 32 bit digital image, each pixel consists of 32 bits, which includes four parts, namely Alpha, Red, Green and Blue; each with 8 bits. Alpha part represents degree of transparency. In k-n secret sharing, secret information is divided into n number of shares and distributed to n individuals. If k number of shares (k ≤ n) are combined together then the secret information is reconstructed. In secret sharing both encryption and decryption need mathematical calculation. The existing secret sharing schemes [2][3][4] are algorithmically complex as they need complex mathematical calculation at both ends. In this current work a new technique called random sequence is proposed which needs bit wise OR operation in both ends. From the view of security aspect secret sharing is not as secure from illicit attack as k number of shares can easily retrieve the secret. Even less than k number of shares sometimes retrieve the secret partly. To make the secret sharing scheme more secure, the secret information can be encrypted with a key so that gathering k shares by some attacker fruits in vain in retrieving the secret.
978-1-4577-0697-4/12/$26.00 ©2012 IEEE
In this work, we have proposed a secret sharing scheme for the color image. In the present work, we first encrypt the image and then from the encrypted image shares are generated. To encrypt the image, we have adopted the concept of the bit-sieve [5] method which is an extension of pixel-sieve method [6][7]. In the present work, we have modified the bit sieve technique to encrypt the original image. The modified bit sieve method is simple and useful to resolve the problem ‘illicit attack’. Here, a random sequence based (k, n) sharing scheme is proposed to generate the shares. The proposed sharing scheme is applied on the encrypted image The paper is organized in the following way. Section II describes the existing secret sharing schemes. Random sequence based secret sharing scheme is described in section III. Improved Bit sieve process is presented in section IV. Experimental results are shown in section V. Finally, conclusions are made in section VI. II. EXISTING SECRET SHARING SCHEMES The idea of secret sharing was separately proposed by Adi Shamir [2] and G. Blakley [3] in 1979. In 1983 another method of secret sharing was proposed by Asmuth and Bloom [4]. Shamir’ scheme is based on Polynomial Interpolation; Blakley scheme is based on hyper plane geometry where as Asmuth-Bloom scheme is based on Chinese Remainder theorem. A. Shamir’s Secret Sharing Scheme This scheme divides a secret data S into n number of shares let S1, S2……Sn such that knowledge of k or more shares among Si (i ≤ n) can reveal the secret information.knowledge of less than k shares reveals no information about the secret. This technique is called (k, n) secret sharing. The technique is described with an example in the following section. The (k, n) secret sharing comes from the concept that k points are necessary to define a polynomial of degree (k−1).
1st Int’l Conf. on Recent Advances in Information Technology | RAIT-2012 |
To construct the polynomial, (k−1) coefficients a1, a2….ak−1 are required and a0= S, the secret data. The polynomial f(x) = a0 + a1x + a2x2 + …..+ak−1xk−1 is constructed from the coefficients. Consider n points, say, x0 , x1, x2 , ..., xn−1and corresponding f(xi), for i=0 to n-1, are computed. Therefore, we have n pairs (xi, yi=f(xi)), for i=0 to n-1. The original coefficients are retrieved, by Lagrange interpolation method, from k or more such pairs.
The reconstruction of the original is done by the following way. Assume S is a coalition of t users gathered to construct the
Example: Consider the secret information is 2134. For (3,4) sharing, say, coefficients are a1=145 and a2=70. Corresponding polynomial is
According to the Chinese Remainder Theorem, y can be determined uniquely in ZPs . Since y < P ≤ PS the solution is also unique in ZP.
f(x) = 2134 + 145x + 70x2. For four points x0=1, x1=2, x2=3 and x3=4, we have (1, 2349), (2, 2704), (3, 3199) and (4, 3834). Consider three pairs, say, (1, 2349), (3, 3199) and (4, 3834) and Lagrange Interpolations are found as l0=(x2-7x+12)/(6), l1 =(x2−4x+4)/(−2) and l2 =(x2-4x+3)/(3). From these three pairs, f(x) is calculated as f(x) = ∑ yjlj , 0≤ j ≤ 2, which produces the original polynomial f(x) = 2134 + 145x + 70x2. B. Blakley Secret sharing scheme Blakley secret sharing [3] is based on hyper plane geometry. It is a general true that non-parallel planes intersect at a specific point. This secret sharing scheme says that i)
secret is point in m-dimensional space
ii)
share corresponds to a hyper plane
iii)
intersection of threshold planes gives the secret
iv)
less than threshold planes will not intersect to the secret
C. Asmuth-Bloom secret sharing scheme This technique is based on Chinese Remainder theorem. Here a sequence of pair wise co prime positive integers p0, p1, …..pn are taken such that k −2
k
p 0 ∏ p n −i < ∏ p i i =0
i =1
where n ≥ 2 and 2 ≤ k ≤ n. The shares are constructed using the following method. k
i)
Let P denote
∏p
i
. The dealer computes y = d
i =1
+ ap0 Where ‘a’ is a randomly generated positive integer subject to the condition that 0≤y < P. ii) The share of the ith user, 1≤ i ≤n, is yi = y mod pi
secret. Let Ps denotes
∏
i∈S
pi
i)
Given the system y = yi (mod pi) for i∈ S, solve y in ZPs using Chinese Remainder theorem.
ii)
Compute the secret as d = y mod p0
Various secret sharing methods are been proposed mostly based on Shamir’s secret sharing scheme. Proactive secret sharing scheme in [8] and [9], verifiable secret sharing scheme in [10], multi secret sharing scheme in [11] and [12] are some of them. A method based on Blakley’s concept is proposed in [13]. In the secret sharing scheme presented in [14], Asmuth-Bloom scheme has been used. III. RANDOM SEQUENCE BASED SECRET SHARING In k-n secret sharing scheme an image is divided into n number of shares in such a way that the original image is retrieved by stacking at least k number of shares, where k ≤ n. Consider a binary message of length L and we also assume that length of the shares is also L. The collection of shares can be represented by a binary matrix of size n × L, we call this matrix as the ‘share matrix’. Each row of the ‘share matrix’ represents a share. The share generation method should ensure that when k or more shares are stacked (ORed) that gives same value as the original in each bit position. Therefore, if the ith bit value of the original message is ‘0’, then for all shares the value at ith position is also ‘0’, i.e., ith column of the ‘share matrix’ is a zero-column. If the original value at ith position is ‘1’, at least one of the k shares must have ‘1’ at the ith position. This can be ensured, if the ith position of k-t (1 ≤ t ≤ k) shares is set to ‘0’ and ‘1’ to remaining shares. In proposed method, we consider t=1. Hence, for the ith column of the ‘share matrix’ has nCk−1 alternatives when ith bit value is ‘1’. In the present method, we select one randomly, out of nCk−1 alternatives, using a key. The proposed random secret sharing scheme is explained in Figure 1. Say, we consider n=4 and k=3. Then, for bit ‘1’ we have 4C2 (nCk−1) different options to generate the ‘share matrix’. The alternative sequences are shown in Figure. 1(a). In this example, we consider 2134 as the secret message whose binary representation is 100001010110. For bit value ‘1’s we select sequence 1, 6, 4, 5 and 3, respectively. The constructed ‘share matrix’ is shown in Figure 1(b). The first row of the matrix represents the original message and other rows represent the generated shares (S1 to S4). In the reconstruction process, we select S1, S2 and S4 arbitrarily and then OR-ing them row-wise.
1st Int’l Conf. on Recent Advances in Information Technology | RAIT-2012 |
This gives the original message 2134. The message reconstruction is given in Figure 1(c).
0 0 1 1
n=4 k=3 Sequence No.
1 0 1 0
0 1 1 0
1 1 0 0
1 0 0 1
0 1 0 1
1 2 3 4 5
Original Image I
Key Image
Share 1
6
(a) For bit ‘1’ different alternatives to generate the share matrix
Share 2
Figure 2. Pixel Sieve Method
(b) Share matrix
One of the problems of these sieve methods is that if the decryption key is slightly different from the ‘sieve key’ (encryption key), the decrypted image can be interpreted. Another major drawback of the sieve methods is the number of holes and number of field positions in the ‘sieve key’. If the difference between number of holes and number of field positions is large, then one of the shares contains too much information. From this, any one can easily guess the original image. Best result can be obtained when the difference is close to zero. This limitation reduces the size of the key space. If the length of the key is L, then only 2L/3 keys are useable in which the ratio between holes and field positions is between 1/3 and 2/3 [5][7].
(c) Message Reconstruction Figure 1. Random sequence based secret sharing and reconstruction
IV. ENCRYPTION BY IMPROVED BIT SIEVE The bit sieve method [5] is based on the concept of the pixel sieve [6][7]. In these methods, from original message two shares are generated and these shares are defined respect to the ‘sieve key’. In pixel sieve, an image (I) is taken as a plaintext and a binary image (Ik), is taken as a ‘sieve key’. ‘I’ is placed over the ‘Ik’. The black pixels of Ik are considered as hole. The pixels of the original image, placed above the holes are sieved and form one share and the remaining pixels form another share. The method is illustrated in the Figure 2. In bit sieve method, both the images (plaintext and key) are represented as bit string. Here bit ‘1’ of the key image is considered as hole. The Bit-Sieve process is shown in Figure 3.
Figure 3. Bit Sieve Method
These bit sieve methods are used to generate the shares only. In the present work, we have used this concept to encrypt the original image. Here, the original image, I, is encrypted to Iek. Then, the proposed random sequence based secret sharing mechanism (described in previous section) is applied on Iek to generate n shares. In the modified bit sieve method, we have adopted the concept of the modified pixel sieve method [6]. We have named this technique as ‘improved bit sieve’ method. The improved bit sieve method is as follows: Step 1: The original secret image, I, is divided into two halves Ileft and Iright.
1st Int’l Conf. on Recent Advances in Information Technology | RAIT-2012 |
Step 2: With key Ik, apply bit sieve on Ileft and Iright separately, which results share Sleft:1, Sleft:2, Sright:1, and Sright:2. Step 3: a) Merge (Sleft:1, Sright:2) and (Sleft:2, Sright:1) which results mleft and mright, respectively. b) Merge above two sequences (mleft and mright) by using alternate sequencing and gives encrypted image Iek. An example of the improved bit sieve method is given in Figure 4.
(a) Lena (b) stone Figure 5: Image used in this experiment
The encrypted image (Iek) produced from the above described method becomes noisy and same size of the original image.
Figure 6: Encrypted Image
(i)
(ii)
(iii)
(iv)
Figure 4: Improved Bit Sieve method
V. EXPERIMENTAL RESULT In this experiment, we consider the color image of ‘Lena’ of size 200 × 200 (I) as the original image and ‘stone’ image of 100 × 100 as the key image, Ik. The used images are shown in Figure 5. Here, we consider n=4 and k=3. The improved bit sieve method is applied on ‘Lena’ with ‘stone’ as the key, which results the encrypted image Iek. The encrypted image is shown in Figure 6. The encrypted image is quite different from the original image. Thereafter, the random sequence based sharing technique is applied on Iek and we obtained four shares, which are shown in Figure 7. To get back the original image, we select share images (i), (iii) and (iv) of the Figure 7 and stacked (ORed) them, which produce the encrypted version of ‘Lena’. Finally, the encrypted image is decrypted using ‘stone’ image. The reconstruction of ‘Lena’ from the shares is shown in Figure 8.
Figure 7: Shares produced after secret sharing
VI. CONCLUSIONS In this paper, we have proposed a secret sharing mechanism to make the process more secure from the ‘illicit attack’. Here, first the original image is encrypted by an improved bit sieve method and then a random sequence based secret sharing technique is applied to generate the shares. In this method, if shares are available then also it is not possible to get back the original image. Both the improved bit sieve method and the proposed secret sharing method are simple.
1st Int’l Conf. on Recent Advances in Information Technology | RAIT-2012 |
REFRENCES [1] [2] [3] [4] [5]
[6]
[7] (b) Encrypted Image [8]
[9]
[10]
[11] (a) Selected Shares
(c) Reconstructed Image
Figure 8: Example of Reconstruction of the original image
[12]
[13] [14]
John F Koegel Buford, “Multimedia Systems”, Addison Wesley, 2000 Shamir: “How to share a secret ?” Comm ACM, 22(11):612-613, 1979. G. Blakley : “Safeguarding cryptographic keys “ Proc. of AFIPS National Computer Conference, 1979. C. Asmuth and J. Bloom :”A modular approach to key safeguarding” IEEE transaction on Information Theory, 29(2):208-210, 1983. Incze, A. el at. “Prom pixel sieve to bit sieve. Bit level based secret sharing cryptographic method ” 11 IEEE International Symposium on Computational Intelligence and Informatics, 2010. pp 81-85 Choudhary, V. el at. “An Improved Pixel Sieve Method for Visual Cryptography” International Journal of Computer Application Vol 12 No 9 January 2011. Pp 7-10. Incze, A, “Pixel Sieve method for secrey sharing & Visual Cryptography” 9th RoEduNet IEEE International Conference 2010 pp 89-94 Herzberg, A., Jarecki, S., Krawczyk, H. and Yung, M. (1995) ‘Proactive secret sharing or: how to cope with perpetual leakage’, in Don Coppersmith (Ed.): Advancesin Cryptology – Crypto ’95, August, Santa Barbara, CA, pp.339–352. Bai Li, Zou XuKai “A Proactive Secret Sharing Scheme in matrix projection method” Int. J. Security and Networks, Vol. 4, No. 4, 2009 pp 201-209 P. Feldman, A practical scheme for non-interactive verifiable secret sharing. IEEE Symposium on Foundations of Computer Science, pages 427--437. IEEE, 1987 H.-Y. Chien, J.-K. Jan and Y.-M. Tseng, “A practical (t; n) multisecret sharing scheme," IEICETransactions on Fundamentals, vol. E83-A, no. 12, pp. 2762-2765, 2000. Tan Xiao-qing, Wang Zhi-guo, “A New (t, n) Multi-secret Sharing Scheme” International Conference on Computer and Electrical Engineering 2008, pp 861-865. Bozkurt, Kaya, Selcuk, Guloglu “Threshold Cryptography Based on Blakely Secret Sharing” Information Sciences. K. Kaya and A. A. Selcuk “Threshold Cryptograhy based on AsmuthBloom Secret Sharing” Information Sciences 177(19) 4148-4160, 2007
