790
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
Self-Verifying Visual Secret Sharing Using Error Diffusion and Interpolation Techniques Chin-Chen Chang, Fellow, IEEE, Chia-Chen Lin, Member, IEEE, T. Hoang Ngan Le, and Hoai Bac Le
Abstract—In this paper, we propose a novel scheme called a selfverifying visual secret sharing scheme, which can be applied to both grayscale and color images. This scheme uses two halftone images. The first, considered to be the host image, is created by directly applying a halftoning technique to the original secret image. The other, regarded as the logo, is generated from the host image by exploiting the interpolation and error diffusion techniques. Because the set of shadows and the reconstructed secret image are generated by simple Boolean operations, no computational complexity and no pixel expansion occur in our scheme. Experimental results confirm that each shadow generated by our scheme is a noise-like image and eight times smaller than the secret image. Moreover, the peak signal-to-noise ratio value of the reconstructed secret image is larger than 33 dB. Based on the extracted halftone logo, the proposed scheme provides an effective solution for verifying the reliability of the set of collected shadows as well as the reconstructed secret image. Furthermore, the reconstructed secret image can be established completely if and only if out of valid shadows have been collected. To achieve our objectives, four techniques were adopted: error diffusion, image clustering, interpolation, and inverse halftoning-based edge detection. Index Terms—Halftoning transforming, interpolation technique, parity check matrix, self-verifying visual secret sharing (VSS).
I. INTRODUCTION
O
VER the past decade, many visual secret sharing (VSS) schemes have been proposed, including simple schemes which are executed by stacking the collected shadows as well as more efficient schemes that employ Boolean operations. With adopted stacking approaching schemes [1]–[4], their execution is simple but brings with it the pixel expansion problem. Other schemes solve the pixel expansion problem. However, the cost of high computational complexity is another weakness that must be dealt with [5]. To overcome the earlier schemes’ shortcomings, Yang [6], Cimato et al. [7], and Wang et al. [8] individually Manuscript received September 22, 2008; revised July 07, 2009. First published October 09, 2009; current version published November 18, 2009. This work was supported in part by the National Science Council under 97-2221-E126-010. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Mohan S. Kankanhalli. C.-C. Chang is with the Department of Information Engineering and Computer Science, Feng Chia University, Taichung 407, Taiwan (e-mail: ccc@cs. ccu.edu.tw). C.-C. Lin is with the Department of Computer Science and Information Management, Providence University, Taichung 433, Taiwan (e-mail: mhlin3@pu. edu.tw). T. H. N. Le and H. B. Le are with the Department of Computer Science, Natural Science University, HCM City, Vietnam (e-mail:
[email protected];
[email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIFS.2009.2034203
proposed a new VSS scheme, called a ProbVSS scheme, that is based on the probabilistic concept and is designed for binary images. By taking advantage of Boolean operations, they resolve the problems of computational complexity and pixel expansion at the same time. Recently, Chang [9] extended the application of ProbVSS to both grayscale and color images and improved the quality of the reconstructed secret image. Overall, most of today’s VSS schemes focus on four general criteria: security, accuracy, computational complexity, and pixel expansion. However, other requirements that must also be concentrated on are preventing legal participants from being cheated by the dishonest participants or dealer. In 2006, Horng et al. proposed two cheating prevention schemes [10]. The first verifies the integrity of every participant’s share by using ) VSS scheme, additional shares. The other, called a (2, shadows instead of involves the dealer’s generating shadows. However, the dealer only distributes shadows to participants to decrease the probability that cheaters can correctly guess the structure of a victim’s shadow. Moreover, this scheme prevents cheaters from fooling honest participants when the secret is black. Cheaters can, however, fool honest participants when the secret is white. To overcome these problems, Prisco threshold scheme for and Santis [11] later proposed a binary images that is robust against cheaters without the need for extra shares. In their scheme, even a group of cheaters cannot force an honest participant to reconstruct a wrong secret image. However, the schemes of Horng et al. and Prisco and Santis are designed for binary images. To extend the application into grayscale images, in 2007, Zhao et al. [12] proposed a verifiable secret sharing scheme based on an improved version of Thien and Lin’s method [2]. Zhao et al.’s scheme allows honest participants to identify cheaters by using extra information. To do so, the dealer must publish two parameters and the participants must publish their secret share references during the shares construction phase. That is to say, both the dealer and the participants must communicate among themselves to make sure each secret share reference, which is derived by a secret share, is unique. Moreover, their scheme is limited to grayscale images and cannot be directly applied to color images. At present, most existing verifiable secret sharing schemes allow participants to verify the shadows they receive during the shares construction phase. However, most of these schemes do not allow participants to verify the reconstructed secret image during the revealing phase. Thus, most existing verifiable secret sharing schemes only identify the fake shadow distributed by dishonest participants. They do not consider the following situation: the dealer generates valid shadows and registers a correct halftone logo that will be embedded into the intermediate
1556-6013/$26.00 © 2009 IEEE Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
CHANG et al.: SELF-VERIFYING VISUAL SECRET SHARING USING ERROR DIFFUSION AND INTERPOLATION TECHNIQUES
shadow S1 at the trusted third party during the shares construction phase, but s/he replaces some valid shadows with the fake shadows before distributing shadows to honest participants. In other words, there is no change of shadows on the participants’ side during the revealing phase. Thus, the set of shadows used to generate the reconstructed secret image is the same as the set distributed by the dealer. However, the reconstructed image would not be the same as the original secret image. When some fake shadows are collected during the reveling phase, verifying the reconstructed secret image is another problem having no answer until this day. In this paper we suggest a solution, called a self-verifying secret sharing scheme. Our proposed scheme uses four techniques. The first is an diffusion technique [13], [15] that helps to transform a grayscale image into a bicolors image; the second is an edge lookup inverse halftoning (ELIH) technique [16] that relies on edge detection and a lookup table to generate a reconstructed grayscale image from a halftone image; the third is an interpolation technique associated with error diffusion techniques used to resample a halftone image; and the last is a parity check matrix (7, 4). In this paper, we designed an image clustering technique using the parity check matrix (7, 4). The experimental results confirm that our scheme not only completely satisfies four basic criteria—security, accuracy, computational complexity, and pixel expansion—but also overcomes the disadvantages caused by dishonest dealers during the shares construction phase or dishonest participants during revealing phase. The remainder of this paper is organized as follows. In Section II, we briefly review the four techniques adopted in our proposed scheme: error diffusion, interpolation, clustering image technique, and edge lookup inverse halftoning. Full details of our proposed scheme are explained in Section III. Section IV gives some experimental results. Our conclusions are presented in Section V. II. RELATED WORK In this section, four techniques adopted in our scheme are introduced in sequence. An error diffusion technique [13] that helps to transform a grayscale image into a bicolor image is demonstrated in Section II-A. An interpolation technique associated with error diffusion techniques used to resample a halftone image and an ELIH technique [14] that relies on edge detection and a lookup table to generate a reconstructed grayscale image from a halftone image are presented in Sections II-B and II-C, respectively. An image clustering technique based on a parity check matrix (7, 4) that we designed especially for our scheme is introduced in Section II-D. A. Error Diffusion Technique Error diffusion techniques are used in most halftoning transformations to convert a multiple-level color image into a twolevel color image. The simple and attractive concept of this technique is the diffusion of errors to neighboring pixels; thus, image luminance is not lost. The diffused image is generated based on an error diffusion strategy also called an error filter. Each error filter has a set of kernel weights. In this section, we describe how the Floyd and Steinberg error diffusion strategy is used to transform a grayscale image into a binary image. The
791
Fig. 1. Flowchart of error diffusion architecture.
Fig. 2. Kernel weight of Floyd and Steinberg’s error filter.
kernel weights of Floyd and Steinberg’s error filter [16] are 7/16, 5/16, 3/16, and 1/16, shown in Fig. 2. After a quantizaat position in grayscale tion procedure, a pixel GI and has a value of either 0 or 255. image GI becomes HI During the quantization procedure, a threshold TH is used to and the quantization error is determined as determine HI GI HI . A signal consisting of past error values is passed through the error filter to produce a correction factor that is added to future input pixels. If the quantization is quantized as 255 so that the correerror is negative, GI is set as 255 and its neighboring pixels values sponding HI is quantized must be decreased. In contrast, the value of GI to zero, and its neighboring pixels values must be increased. Fig. 1 is a flowchart of the error diffusion technique. pixels. Each pixel is deAn original grayscale GI has , where and . The noted as GI threshold TH is set as 128. The following four steps are employed to create a halftone image HI from a multitone image GI. as (1, 1); that is, the first pixel is taken into Step 1) Set consideration. and corresponding pixel Step 2) Compute error value value HI in the halftone image HI according to in (1) and (2) for pixel located at coordinates grayscale image GI HI GI
if GI otherwise HI
TH
(1) (2)
Step 3) Diffuse error over four neighboring pixels. The four neighboring pixels altered in this step are 1 , GI 1 1 , GI 1 , and GI 1 1 . Their modified values are computed GI based on the kernel weight of the error filter as shown in GI GI GI GI GI
GI GI
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
(3)
792
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
Fig. 2 demonstrates the kernel weight of Floyd and Steinberg’s error filter. and , stop and output the halftone Step 4) If image HI; otherwise, go to Step 2) and process the next pixel in the grayscale image GI. Based on (3), we can see that when pixels are on the border of the grayscale image, a special case occurs. Four cases can be assumed: , where Case 1) the pixels located at ; , where Case 2) the pixels located at ; , where Case 3) the pixels located at ; . Case 4) the pixel located at However, the number of pixels in these cases is small compared with the total number of pixels in the whole image. Thus, Floyd and Steinberg’s error filter, when applied to these pixels, is slightly modified by ignoring the nonexistent pixels. To give a clearer explanation, we give one instance for each case in the following paragraphs. For Case 1), we take the pixel at position (1, 1). Here, the pixel located at (1, 1) is called GI(1, 1) and has an error value of (1, 1). Obviously, (1, 1) receives the default error value at the beginning. Thus, . The value of HI(1, 1) is determined by (1). However, there is no pixel at po1); thus, (3) becomes sition (2, 0) corresponding to GI( 1, (3a). The modified error filter is shown in Fig. 3(a). GI GI GI
GI GI GI
GI
GI
(3b)
GI GI
(c)
(d)
H; 1),
Fig. 3. The modified error filter for pixel located at (a) (1, 1), (b) ( (c) (1 ), and (d) ( ).
;W
H;W
1 1 1 1 , and 1 1 corresponding to GI 1 GI 1 1 GI 1 , 1 1 . Thus, (3) becomes (3d). The error filter is and GI described in the following: GI
, for example. For Case 3), we take the pixel at position 1 is called GI 1 and has an error The pixel at position 1 value of 1 . The value of HI 1 is determined by (1). 1 and 2 However, there are no pixels at positions 1 1 corresponding to GI 1 and GI 1 1 . Thus, (3) becomes (3c). The error filter is described in Fig. 3(c) GI
(b)
GI
(3d)
(3a)
1 , for example. For Case 2), we take the pixel at position 1 is called GI 1 and has an error The pixel at position 1 . The value of HI 1 is determined by (1). value of 1, 0 1, 1 However, there are no pixels at positions and 1, 2 corresponding to GI 1 1 GI 1 , 1 1 . Thus, (3) becomes (3b). The error filter is and GI described in Fig. 3(b) GI
(a)
(3c)
is called GI For Case 4), the pixel at position and has an error value of . The value of HI is determined by (1). However, there are no pixels at positions
B. Interpolation Technique Because of the limitations of machine representation, a discrete number system rather than a real number system is applied in computer computations. Therefore, a continuous signal must be sampled for computer storage and calculation. However, sampling is destructive to the original information, and new samples must be reselected when the sampling scale is changed. Let us denote that RI is a real signal performed in the real number system and DI, which is created by sampling the continuous signal RI, is a digital signal performed in the discrete number system and displays a digital signal DI , which is generated by sampling digital signal DI. Typically, the resampled signal DI must be created from the former signal DI. Interpolation is a popular solution for calculating the new samples from another digital signal. In bilinear interpolation, the new sample value is expected to be the weighted average of the two neighboring original samples, and the weight is the inverse of distance. In other words, a new sample in signal DI is expected to be an average value of the two neighboring and original samples in DI. Assuming that are two neighboring samples in DI, a new sample in DI can be calculated by following (4)
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
(4)
CHANG et al.: SELF-VERIFYING VISUAL SECRET SHARING USING ERROR DIFFUSION AND INTERPOLATION TECHNIQUES
793
Fig. 4. Flowchart of Chung and Wu’s ELIH scheme.
C. Image Clustering by
Hamming Coding
In this paper, we use a (7, 4) parity check matrix as a simple, fast and useful strategy for clustering a halftone image into eight groups. Note that HI is a halftone image and
is a parity check matrix. as zero, where Step 1) At the initial stage, set GR and array GR is a set of groups and is the number is of elements in each group. Each group GR empty at the beginning. Step 2) Divide HI into nonoverlapping 7-bit blocks and denote that HI is the th block of halftone image HI. Assume that HI is the image consisting of pixels. Divide HI into nonoverlapping 7-bit blocks and then get a set of six blocks indexed from one to six. , that is, the first block is taken into considStep 3) Set eration. Step 4) fter HI is multiplied by , we update the values for GR and by using (5). Let be the index and HI into be calculated by transforming vector is a transpose a decimal number. Note that HI vector of th block HI in the halftone image HI
call Chung and Wu’s scheme ELIH for short. Chung and Wu’s ELIH scheme first applies the LUT-based inverse halftoning method as a preprocessing step and then employs edge detection. Fig. 4 is a flowchart of Chung and Wu’s ELIH scheme. Consider as given a set of training image pairs GI HI , where GI and HI are denoted as the th grayscale image GI and its corresponding halftone image HI , respectively. Step 1) Generate theLUT following four steps listed below. Note that LUT is an array used to map the input halftone image to the grayscale image. Step 1.1)At the initial stage, set as one, meaning that the first pair of training images GI HI is considered. Set lookup table LUT , . where Step 1.2)Divide images HI and GI into overlapping 4 4 blocks. Note that HI and GI are the th halftone block of halftone image HI and the th grayscale block of grayscale image GI , respectively. Step 1.3)Calculate index for each halftone block HI and update the value of the intermediate LUT by using (6). Here, GI (3, 3) is a representative pixel for each grayscale block HI LUT
[idx]
[idx]
and GR[idx]
GR[idx]
HI
(5)
Step 5) If the current block is the last block in the halftone image HI, stop and retrieve the result consisting and GR ; otherwise, go to the next block in the halftone image HI by increasing by one and go to Step 4). Step 6) Clustering results for a set of blocks in a halftone values. image based on their D. Edge Lookup Inverse Halftoning Technique Inverse halftoning is used to generate a reconstructed grayscale image from an input halftone image. In 2005, Chung and Wu [15] proposed a new edge-based lookup table (LUT) method for inverse halftoning that improves the quality of the reconstructed grayscale image. In the following paragraphs, we
LUT
GI
(6)
Step 1.4)Consider the next pair of training images , go to Step by increasing by one. If 1.2). Otherwise, compute and archive the final be the number of halftone LUT . Let blocks that obtain the same index value . The final LUT is calculated as LUT
LUT
where Step 2) First, divide each training halftone image , for , into a set of overlapping 4 4 blocks. In this case, the th block of the halftone image is denoted as . Then, replace element (3, 3) by LUT , where is the index in every block
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
794
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
Fig. 5. Procedure for reconstructed grayscale image generation in Step 4).
Fig. 6. General flowchart of our proposed scheme.
value of block . After the replacement procedure is finished, retrieve the grayscale image with pixel values corresponding to LUT . Step 3) After applying Step 2) to a set of training images in succession, a set of reconstructed grayscale images , can be retrieved. called GR , for Apply the Canny edge detector to each reconstructed grayscale image GR to generate an edge map EP , . Each edge map EP consists of for a set of 4 4 blocks. Therefore, the th block of the edge map EP is denoted as EP . By combining the lookup table generation procedure described in Step 1) with a set of edge maps EP , an edge-based LUT, called an ELUT, is generated. Note that in this step, we call the edge map EP. The order of the edge pattern of the th block is denoted as EP . The index value for th block is for . Lastly, the mean grayscale EP , where value can be derived from ELUT EP based on the number of edge patterns reported by Chung and Wu [15]. In Chung and Wu’s scheme, the value of GI (3, 3) is determinate ELUT EP as GI Step 4) Given a halftone image HI, which is required to convert the reconstructed grayscale image GI , shown in Fig. 5. In Step 4), first Chung and Wu create an intermediate reconstructed grayscale image IGI by applying inverse halftoning based on the LUT procedure described in Step 2) into halftone image HI. Secondly, the Canny edge detector is performed on the intermediate reconstructed grayscale image IGI to obtain the
edge map EP. From the edge map EP, the index EP of each 4 4 subedge map is obtained by searching the subedge map in the space of the two categories described by Chung and Wu, the first of which consists of four regular edge types and the second of which consists one irregular edge type. Lastly, employ the ELUT to retrieve the reconstructed grayscale image GI . III. PROPOSED SCHEME FOR GRAYSCALE IMAGE This section presents a detailed description of a novel VSS scheme, called a self-verifying secret sharing scheme, proposed for grayscale images. In our proposed scheme, a halftone image HI is created from the grayscale secret image GI by using an error diffusion technique. A half-sampled image of the halftone image HI, called a halftone logo HL, is created by using an interpolation technique. In our scheme, the halftone logo HL is used to ascertain the reliability of the reconstructed grayscale secret image GI and the judiciousness of the set of collected shadows. Full details of our scheme are presented in three phases. The first is the shares construction phase, which creates two halftone shadows from a grayscale secret image GI. The second is the revealing phase, which generates the reconstructed grayscale secret image GI and the extracted halftone logo HL . The verifying phase, during which any cheating is discovered by comparing HI and HL using human vision or the MSE value, is the last. Note that in this phase, HI is a half-sampled image of HI , which is created from the set of two collected shadows. Moreover, the halftone image HI extracted during the revealing phase could be either a meaningful image or a noise-like image, depending on whether the collected shadows are true or fake. A general flowchart of the phases of our scheme appears in Fig. 6.
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
CHANG et al.: SELF-VERIFYING VISUAL SECRET SHARING USING ERROR DIFFUSION AND INTERPOLATION TECHNIQUES
A. Shares Construction Phase
The following steps reuse the error diffusion technique to transform a grayscale image into a halftone image. Assume that is the width and height of the original grayscale image GI, and two shadows are generated as shown in Fig. 7. Step 1) Apply the error diffusion technique to the grayscale image GI to retrieve a halftone image HI. Obviously, and . Moreover, the width and height of HI are each pixel in halftone image HI only contains 1 bit. Step 2) The halftone logo, named HL, which is a half-sample of HI, is created by using the interpolation and error diffusion techniques. In this step, the halftone logo HL is shrunk to one-half of halftone image HI in each dimension. This step is depicted in Steps 2.1), 2.2), and 2.3) of the error diffusion strategy of Floyd and Steinberg [16] as follows. , to Step 2.1)Consider the first pixel in HI, i.e., be set as (1, 1). Threshold TH is set as 128. Step 2.2)Calculate the new halftone value HL by applying (7), which was proposed by Feng et al. [14] and is shown at the bottom of the page. Here, is the caused error and is the kernel weights of Floyd and Steinberg’s error filter from position to . Step 2.3)Go to the next pixel and repeat Step 2.2) is equal to 2 2 . until and . Step 3) Randomly generate two symmetric keys and symmetric Encrypt pixels of HL with key cryptographic algorithm, such as DES [17], when pixels are located at even rows of halftone image HL, and then encrypt pixels of halftone image and symmetric cryptographic HL with key algorithm when pixels are located at odd rows of halftone image HL to derive the encrypted halftone logo HL. Step 4) Divide the halftone image HI into nonoverlapping pixels in HI, 7-bit blocks. Since there are there is a set of 7 nonoverlapping blocks divided from HI. Denote that BI is the th block of HI. Step 5) Cluster the halftone image HI into eight groups by applying the same procedures performed [idx], for in Section II-C. Let GR[idx] and , be the array of eight groups and idx the number of elements in each group, respectively.
HL HI
if HI otherwise HL
795
Step 6) Divide the encrypted halftone logo HL into nonoverlapping 3-bit blocks. Based on the above 2 2 pixels in assumption, there are encrypted halftone logo HL. Hence, a set of 12 nonoverlapping blocks is generated when the dividing operation is completed. 12 However, to expand the set of blocks to the set of 7 blocks cor7 blocks responding to the set of obtained from Step 4), we use a padding operation. To perform this padding operation, we adopt the repeating strategy to guarantee that each shadow is a noise-like image and no extra information is used in the revealing phase. To achieve the expansion 12 7 objective, we first take 5 blocks from the set of blocks. Then, 12 7 blocks we append these 5 12 blocks and get a set to the set of 7 blocks. Note that is the th of block of encrypted halftone logo HL. from three Step 7) Generate the first intermediate shadow pieces of input information such as the eight groups blocks BI , and block BL , GR , a set of where . This procedure contains three substeps, . which are performed as follows Step 7.1)Set , which means that we consider the first block in the halftone image HI and the encrypted halftone logo HL. Step 7.2)Convert the binary value of block BL into its decimal value. Let idx be the decimal , obvivalue of block BL , idx ously. The most different element in GR of BI , which is called BS , is an element contained in GR[idx] such that the Hamming distance between elements BI and BS is the largest. The following example gives a more precise demonstration. BL , , BI and GR . is equal to two after block BL is Here, transformed into a decimal value. Therefore, [2] BS is obtained by considering BI and GR[2]. The Hamming distances between BI and the first element in GR[2], the second element in GR[2], and the third element in GR[2] are one, two, and four,
TH
HI HI
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
(7)
796
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
Fig. 7. Flowchart of the shares construction phase.
respectively. In this case, the third element BS is the most different element in GR[2]. 7 , increase Step 7.3)If is less than by one and go to Step 7.2); otherwise, generate the first intermediate shadow by ap7 blocks BS . pending a set of Step 7.4)Generate the second intermediate shadow by combining the first intermediate shadow, which was just created, and the halftone image HI with XOR operations. Obviously, based on blocks, each of which contains 7 bits, the size of the second interbits. In other mediate shadow is also words, each intermediate shadow is a binary pixels in size. That is to say, image our scheme can effectively reduce the size of each shadow to about one-eighth of the size of the original secret image. and into the intermediate Step 8) Embed the keys and by one of the existing reversible shadows data hiding schemes [18]–[21] to generate two shadows, called SH and SH . To achieve the desired experimental results, we chose Kim et al.’s reversible embedding scheme [19] because it not only provides high hiding capacity but also ensures and can that our two intermediate shadows be completely restored after the hidden keys and are extracted from shadows SH and SH ,
respectively. After shadows SH and SH are generated, they will be delivered to the participants. Note that, to increase the security of secret image, a permutation key PK can be randomly generated and then used to permute all blocks in the halftone image HL in Step 4). Then, in Step 8) PK can be embedded into intermediate shadow during the shares construction phase. Without the potential attacker’s knowing permutation key PK, s/he will not be able to restore the secret image. That is, no information is available to the attacker regarding the secret image as long as the two valid shadows are not collected during the revealing phase. In addition, one more assumption is required in our proposed scheme. That is, the deader being honest or not, s/he must register his/her issued logo with the trusted third party (TTP) before s/he distributes the shadows to participants during the shares construction phase. After receiving the logo, the TTP checks whether the logo is the same as the half-sampling result of the halftone secret image. If they are the same, the TTP accepts the dealer’s request; otherwise, the TTP rejects the dealer’s request. This added assumption ensures the reliability of shadows and prevents a dealer from denying his/her embedded logo. B. Revealing Phase This section describes in detail how to extract the halftone logo HL and the reconstructed secret grayscale GI from the set of collected shadows. Step 1) By using the reversible data hiding scheme, the first key and the intermediate shadow are derived from the shadow SH . Similarly, the second key
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
CHANG et al.: SELF-VERIFYING VISUAL SECRET SHARING USING ERROR DIFFUSION AND INTERPOLATION TECHNIQUES
Step 2)
Step 3)
Step 4)
Step 5)
and the intermediate shadow are derived from the shadow SH . Divide the first intermediate shadow into nonoverlapping 7-pixel blocks. Then, multiply each 7-pixel block by a (7, 4) Hamming code. The (7, 4) Hamming code is defined in Section II-C. That is to say, 3 bits can be obtained from each 7-bit block. blocks divided from 7 pixels in Based on the intermediate shadow , we obtain a set of blocks, with each block consisting of 3 bits. By comblocks, reconstruct the encrypted bining these halftone logo HL . Decrypt extracted encrypted halftone image HL by using keys and for pixels located in even rows and odd rows in the encrypted halftone image HL , respectively. After the decryption is completed, the extract halftone image HL is obtained. Create the halftone image HI by performing the XOR and . operation on the intermediate shadows Because the intermediate shadows and are pixels, where binary images containing 7 , HI is a binary image consisting of pixels. 7 Apply the inverse halftoning technique ELIH described in Section II-B to the halftone image HI to generate the intermediate reconstructed image .
C. Verifying Phase This phase has two goals. The first is to verify the reliability of the reconstructed secret image and the set of collected shadows. The second is to recover the reconstructed secret image when the second shadow is being cheated. Step 1) Given halftone image HI , which is generated from Step 4) in the revealing phase, perform the half-sampling by applying error diffusion and interpolation techniques to retrieve another halftone image, called HI . In our proposed scheme, this new halftone image HI is used to serve the two goals mentioned earlier, which are described in greater detail in Steps 2) and 3). Step 2) This step executes our first goal, which is to verify whether any cheating occurs by using the encrypted halftone image HL , as shown in Fig. 6. Note that HL is the extracted halftone image whose original image is the halftone logo HL and HL is the halfsampled image of HI. The reconstructed halftone logo HL depends on the intermediate shadow , which is only extracted from shadow SH . If there is no cheating, the intermediate shadow in the revealing phase is the same as the intermediate shadow in the shares construction phase. In other words, the halftone logo HL is the same as halftone logo HL when no cheating occurs. Clearly, HL and HL are the same because our scheme does not affect the halftone logo. Let us say that is the difference between HL and HI , HL HI . When the value of is equal to
797
Fig. 8. (a) Four 256 256 grayscale images (b) Four 256 256 color images. (a) Sailboat, (b) Tiffany, (c) Peppers, (d) Lena, (e) Barbara, (f) Jet, (g) Watch, and (h) Zelda.
zero, the reconstructed secret image GI is generated completely from HI by inverse halftoning transformation. Otherwise, dealers and participants come under suspicion when is equal to any value other than zero. Step 3) Obviously, when is not equal to zero, if a fake shadow drops in the first shadow, the reconstructed image GI is usually a noise-like image and extracted halftone logo HL is either a noise-like image or a meaning halftone image. In this case, we can only conclude that GI is not an expected reconstructed secret image. Otherwise, if the fake shadow is the second one, a noise-like image GI is generated in addition to a meaning halftone image HL . In this case, we not only know that GI is fake but also can recover GI by using HL . To recuperate GI from HL , we first perform double-sampling by applying an interpolating operation into HL to retrieve HI . Then, we recover GI by using inverse halftoning transforming. This scheme can be expanded to color images. First, a color image is decomposed into three subimages: red, green, and blue. Secondly, the scheme is applied independently to each subimage, individually. Lastly, the reconstructed secret color is generated by concatenating the three reconstructed grayscale components together. IV. EXPERIMENTAL RESULTS Experimental results demonstrate three objectives. The first is to generate the constructed secret image with high quality, with no computational complexity and no pixel expansion. The second is
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
798
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
TABLE I RECONSTRUCTED GRAYSCALE IMAGE QUALITY AND RELIABILITY CONCLUSION WHEN NO CHEATING IS DETECTED
TABLE II RECONSTRUCTED COLOR IMAGE QUALITY AND RELIABILITY CONCLUSION WHEN NO CHEATING IS DETECTED
to verifythe reliability of the setof collectedshadows as well as the reconstructedsecretimage.Thelastistorecoverthereconstructed secret image when the second shadow is a fake. The two sets of test images shown in Fig. 8(a) and (b) illustrate that our scheme can perform well on both grayscale and color images. The first set contains four 256 256 grayscale images: Sailboat, Peppers, Tiffany, and Lena. The second set contains four 256 256 color images: Barbara, Jet, Watch, and Zelda. In our scheme, peak signal-to-noise ratio (PSNR) is used to evaluate the quality of the reconstructed original image GI . Similarly, we use mean square error (MSE) to identify the difference between the extracted halftone logo HL and halftone image HI . The reliability of the VSS scheme is guaranteed if MSE is equal to zero. Experiments were based two assumptions corresponding to two circumstances. The first circumstance assumes that neither the dealer nor the participants are cheating. Tables I and II, which present the two first objectives when no cheating occurs, correspond to the set of grayscale images and the set of color images. The second circumstance, which is shown in Table III, is carried out if some changes occur in the set of shadows. The third objective, which is to recover the reconstructed secret image, is executed in Table III. To measure the reliability of the set of received shadows and the reconstructed secret image, the reliability parameter uses two values: “Sure” and “Not sure.” If the MSE value of HI and HL is zero, the parameter is “Sure,” and vice versa.
The quality of the reconstructed secret image is considered by using two points of view. First, under the human visual system, the reconstructed secret image GI is almost indistinguishable from the original image GI. Secondly, the PSNR values of the reconstructed secret images and the original images range from 32 to 34.5 dB. Moreover, all MSEs are equal to zero when no cheating occurs. The reconstructed images can be assumed to be completely believable. To illustrate the verification ability of this scheme, the set of shadows is assumed to be altered by a dealer or by some participants. Table III explains the conclusion as to the reconstructed grayscale image quality and reliability. Four acts of defrauding are described in the following scenarios. 1) Sailboat is the original secret image. The second shadow is not changed, and the first shadow is replaced by a fake shadow. 2) Tiffany is the original secret image. The first shadow is not changed, but the second shadow is replaced by a fake shadow. 3) Peppers is the original secret image. The first shadow is replaced by a fake shadow, and the second shadow of Peppers is the original image under XOR operations. 4) Lena is the original secret image. The first shadow is not changed, but the second shadow is replaced by a fake shadow.
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
CHANG et al.: SELF-VERIFYING VISUAL SECRET SHARING USING ERROR DIFFUSION AND INTERPOLATION TECHNIQUES
799
TABLE III RECONSTRUCTED GRAYSCALE IMAGE, EXTRACTED HALFTONE LOGO, EXTRACTED RESULTS, AND RECOVERED GRAYSCALE IMAGE WHEN SOME CHEATING OCCURS
After viewing the results in Table III, we can see that when the first shadow is replaced by a fake shadow, either the extracted halftone logo HL or the half-sampled halftone image HI is noise-like. After comparing the extracted halftone logo HL with the half-sampled halftone image HI , we see that no matter how doubtful the first shadow is, it is impossible to successfully establish the reconstructed secret image. If the second shadow is faked, the partial information of the halftone logo , which is used to can be reconstructed due to the hidden encrypt pixels located at even rows in the halftone image HL, and the encrypted halftone logo HL can be correctly extracted from the first shadow. In this case, only the partial information of the extracted halftone logo HL can be derived during verifying phase. Therefore, the reconstructed secret image contains sufficient noises to be rendered unreadable, and thus the security of the secret image remains. Experimental results listed on Table III confirm the PSNR of two reconstructed images is only 4.5 and 8.2 dB, respectively. However, honest participants can recognize the cheating situation based on the pattern of the extracted halftone logo HL. In other words, our scheme is useful in verifying the reliability of the recovered collected shadows and in verifying the reliability of the reconstructed secret image. To prove that the security of this scheme is guaranteed—in other words, that each shadow reveals no information about the secret grayscale image even when each shadow is a halftone image—the sets of shadows generated by our scheme for our grayscale and color test images are given in Table IV. From Table IV, we can see that because each shadow is a random-like halftone image, the security of the proposed scheme is guaranteed. Moreover, based on the performance of the shares construction phase, the size of each shadow is
one-eighth the size of its original image. Thus, our proposed scheme can efficiently reduce shadow size. V. CONCLUSION In this paper, we propose a novel self-verifying secret sharing scheme for both grayscale and color images. Our scheme not only protects an original secret image by dividing shadows but also verifies the reconstructed secret it into image and identifies the cheating types when some of collected shadows are fake during the revealing phase. Moreover, the reconstructed secret image is established only when out of valid shadows are collected and no one can force the honest participant to reconstruct a wrong secret image. Error diffusion, interpolation, image clustering, and inverse halftoning are four techniques employed as foundation of this scheme. Based on the Boolean operator XOR, this mechanism can easily recover the reconstructed image from the collected shadows without adding computational complexity in the revealing and verifying phase. Even in the shares construction phase, clustering for blocks in halftone images can be performed in advance, and the second shadow can be easily generated by performing Boolean operator XOR on the first shadow and the permuted halftone secret image. Therefore, the computational cost of the shares construction remains low. Experimental results confirm that our proposed scheme gives not only high reconstructed image quality but also smaller shadow size without causing significantly high computational complexity. The PSNR values of the reconstructed secret images range from 33.5 to 35.8 dB when no cheating occurs. Note that when cheating does occur, the PSNR values of the reconstructed secret images range from 4.5 to 8.2 dB, which
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
800
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 4, NO. 4, DECEMBER 2009
TABLE IV CORRESPONDING SHADOWS FOR EACH TEST IMAGE ARE DIVIDED FROM GRAYSCALE IMAGES AND COLOR IMAGES
means no information is leaked regarding the secret image. Each shadow is a random-like halftone image, and its size is one-eighth the size of the original image. Moreover, based on the MSE between the extracted halftone logo HL and the half-sampled halftone image HI, we can verify the reliability of the reconstructed secret image and the set of collected shadows. If the MSE value is equal to zero, there is no shadow being faked by a dealer or participants. Otherwise, based on the extracted halftone logo HL , an almost unreadable reconstructed secret image is recovered by using an inverse halftoning technique. Thus, when the number of collected valid shadows is less than the security of the secret image remains and no information is leaked regarding the secret image. REFERENCES [1] Blude, A. D. Santis, and M. Naor, “Visual cryptography for grey level images,” Inf. Process. Lett., vol. 27, pp. 255–259, 2000. [2] Thien and J. C. Lin, “Secret image sharing,” Comput. Graph., vol. 26, no. 1, pp. 765–770, 2002. [3] A. Adhikari and S. Sikdar, “A new (2; n)-visual threshold scheme for color images,” INDOCRYPT 2003, ser. Lecture Notes in Computer Science, vol. 2904, pp. 148–161, 2003. [4] S. J. Shyu, “Efficient visual secret sharing scheme for color images,” Pattern Recognit., vol. 39, no. 5, pp. 866–880, May 2006. [5] Y. F. Chen, Y. K. Chan, C. C. Huang, M. H. Tsai, and Y. P. Chu, “A multiple-level visual secret-sharing scheme without image size expansion,” Inf. Sci., vol. 177, no. 21, pp. 4696–4710, Nov. 2007. [6] N. Yang, “New visual secret sharing schemes using probabilistic methods,” Pattern Recognit. Lett., vol. 25, no. 4, pp. 481–494, 2004. [7] S. Cimato, R. D. Prisco, and A. D. Santis, “Probabilistic visual cryptography schemes,” Comput. J., vol. 49, no. 1, pp. 97–107, 2006. [8] A. Wang, L. Zhang, N. Ma, and X. Li, “Two secret sharing schemes based on Boolean operations,” Pattern Recognit., vol. 40, pp. 2776–2785, 2007. [9] C. C. Chang, C. C. Lin, T. H. N. Le, and B. H. Le, “A probabilistic visual secret sharing scheme for grayscale images with voting strategy,” in Intell. Inf. Hiding Multimedia Signal Process., 2008, pp. 184–188. [10] G. Horng, T. Chen, and D. Tasi, “Cheating in visual cryptography,” Designs Codes Crypto., vol. 38, pp. 219–236, 2006.
[11] R. D. Prisco and A. D. Santis, “Cheating immune (2; n)-threshold visual secret sharing,” Lecture Notes in Computer Science, vol. 4116, pp. 216–228, 2006. [12] R. Zhao, J. J. Zhao, F. Dai, and F. Q. Zhao, “A new image secret sharing scheme to identify cheaters,” Comput. Standards Interfaces, vol. 31, pp. 252–257, 2007. [13] Shiozaki, “Digital half-toning by error diffusion with perturbation,” Electron. Lett., vol. 32, no. 18, pp. 1655–1656, Aug. 1996. [14] J. B. Feng, I. C. Lin, and Y. P. Chu, “Halftone image resampling by interpolation and error-diffusion,” in Proc. 2nd Int. Conf. Ubiquitous Inf. Manage. Commun., 2008, pp. 409–413. [15] K. L. Chung and S. T. Wu, “Inverse halftoning algorithm using edgebased lookup table approach,” IEEE Trans. Image Process., vol. 14, no. 10, pp. 1583–1589, Oct. 2005. [16] R. W. Floyd and L. Steinberg, “An adaptive algorithm for spatial gray scale,” Proc. Soc. Image Display, vol. 17, no. 2, pp. 75–77, 1976. [17] “DES encryption standard (DES),” in Federal Information Processing Standards Publication 46. Springfield, VA: National Technical Information Service, 1997. [18] M. Fallahpour and M. H. Sedaaghi, “High capacity lossless data hiding based on histogram modification,” IEICE Electron. Expr., vol. 4, no. 7, pp. 205–210, 2007. [19] H. J. Kim, V. Sachnev, Y. Q. Shi, J. Nam, and H. G. Choo, “A novel difference expansion transform for reversible data embedding,” IEEE Trans. Inf. Forensics Security, vol. 3, no. 3, pp. 456–465, Sep. 2008. [20] C. C. Lee, H. C. Wu, C. S. Tsai, and Y. P. Chu, “Adaptive lossless steganographic scheme with centralized difference expansion,” Pattern Recognit., vol. 41, no. 6, pp. 2097–2106, 2008. [21] C. C. Lin and N. L. Hsueh, “A lossless data hiding scheme based on three-pixel block difference,” Pattern Recognit., vol. 41, no. 4, pp. 1415–1425, 2008. Chin-Chen Chang (M’88–SM’92–F’99) received the B.S. degree in applied mathematics and the M.S. degree in computer and decision sciences from National Tsing Hua University, Hsinchu, Taiwan, R.O.C., in 1977 and 1979, respectively. He received the Ph.D. degree in computer engineering from National Chiao Tung University, Hsinchu, in 1982. During the academic years 1980–1983, he was on the faculty of the Department of Computer Engineering, National Chiao Tung University. From 1983 to 1989, he was on the faculty of the Institute of Applied Mathematics, National Chung Hsing University, Taichung, Taiwan. From August 1989 to July 1992, he was Head of, and a Professor in, the
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
CHANG et al.: SELF-VERIFYING VISUAL SECRET SHARING USING ERROR DIFFUSION AND INTERPOLATION TECHNIQUES
Institute of Computer Science and Information Engineering , National Chung Cheng University, Chiayi, Taiwan. From August 1992 to July 1995, he was Dean of the College of Engineering at the same university. From August 1995 to October 1997, he was the Provost of National Chung Cheng University. From September 1996 to October 1997, he was Acting President of National Chung Cheng University. From July 1998 to June 2000, he was Director of the Advisory Office, Ministry of Education, R.O.C. From 2002 to 2005, he was a Chair Professor at National Chung Cheng University. Since February 2005, he has been a Chair Professor at Feng Chia University. In addition, he has served as a Consultant to several research institutes and government departments. His current research interests include database design, computer cryptography, image compression, and data structures.
Chia-Chen Lin (M’08) received the B.S. degree in information management from the Tamkang University, Taipei, Taiwan, R.O.C., in 1992. She received the M.S. degree in information management and the Ph.D. degree in information management from National Chiao Tung University, Hsinchu, Taiwan, in 1994 and 1998, respectively. She was a Visiting Associate Professor at the Business School, University of Illinois at Urbana Champaign, during August 2006 to July 2007. She is currently a Professor in the Department of Computer
801
Science and Information Management, Providence University, Sha-Lu, Taiwan. Since August 2008, she has been Associate Dean of Academic Affairs there. Her research interests include image and signal processing, image hiding, mobile agent, and electronic commerce. Prof. Lin is a member of ACM.
T. Hoang Ngan Le received the bachelor’s degree in information technology from the University of Natural Sciences in 2005 and the master’s degree from the University of Natural Sciences, HCM City, Vietnam, in 2008. Since 2008, she has been with the MSN Lab, Feng Chia University, Taichung, Taiwan. Her current research interests include image processing and multimedia security.
Hoai Bac Le received the B.S. degree in mathematics and the M.S. degree in computer sciences from the University of Education, Vietnam, in 1984 and 1990, respectively. He received his Ph.D. degree in mathematics for computers and computing systems from the University of Natural Sciences, HCM City, Vietnam, in 2000. He currently is Head of the Computer Science Division and Vice Dean of Postgraduate Training, University of Natural Sciences. His current research interests include artificial intelligence, soft computing, knowledge discovery, and data mining and data hiding.
Authorized licensed use limited to: Feng Chia University. Downloaded on December 30, 2009 at 04:50 from IEEE Xplore. Restrictions apply.
