an ethnography survey on visual cryptography schemes

8/12/2019 An Ethnography Survey on Visual Cryptography Schemes

1/4

International Journal of Engineering Trends and Technology (IJETT) - Volume4 Issue8- August 2013

ISSN: 2231-5381 http://www.ijettjournal.org Page 3332

An Ethnography Survey on Visual Cryptography SchemesBala Kondareddy Pesala#1, Nagaraja Rao. A*2

#1M.Tech 2nd year, Dept of CSE,ASCET, GUDUR, AP, India2*

Professor, Dept of CSE, ASCET, GUDUR, AP, India

Abstract Visual Cryptography Scheme (VCS) is an

encryption method that uses combinatorial techniques to

encode secret written materials. The idea is to convert the

written material into an image and encode this image into

n shadow images. The decoding only requires only

selecting some subset of these n images, making

transparencies of them, and stacking them on top of each

other. In this survey paper, we will provide the readers an

overview of the basic VCS constructions, as well as several

extended work in the area. In addition, we also review

several state-of-art applications that take full advantage ofsuch simple yet secure scheme..

Keywords Visual cryptography, securescheme, decoding

INTRODUCTION

Suppose 4 intelligent thieves have deposited theirloot in a Swiss bank account 1. These thieves obviously do nottrust each other. In particular, they do not want a singlemember of themselves to withdraw the money and fled.However, they assume that withdrawing money by twomembers of the group is not considered a conspiracy, rather itis consideredto have received "authorizations". Therefore, they decided toencode the bank code (with a trusted computer) into 4

partitions so that any two or more partitions can be used toreconstruct the code. Since the thieves representatives willnot have a computer with them to decode the bank code whenthey come to withdraw the money, they want to be able todecode visually: each thief gets a transparency. Thetransparency should yield no information about the bank code(even implicitly). However, by taking any two transparencies,stacking them together and aligning them, the secret numbershould "pop out". How can this be done?

The solution is proposed in 1994 by Naor and Shamir[1] who introduced a simple but perfectly secure way thatallows secret sharing without any cryptographic computation,which they termed as Visual Cryptography Scheme (VCS).

The simplest Visual Cryptography Scheme is given by thefollowing setup. A secret image consists of a collection ofblack and white pixels where each pixel is treatedindependently. To encode the secret, we split the originalimage into n modified versions (referred as shares) such thateach pixel in a share now subdivides into m black and whitesub-pixels. To decode the image, we simply pick a subset S ofthose n shares and Xerox each of them onto a transparency. IfS is a "qualified" subset, then stacking all these transparencieswill allow visual recovery of the secret. Figure 1 provides anexample of such construction. Suppose the secret image "IC"

is divided into 4 shares, which is denoted by P={1,2,3,4}, andthat the qualified sets are all subsets of } containing at leastone of the three sets {1,2}, {2,3} or {3,4}.Then the qualified sets are exactly the following:

Qual = {{1; 2}; {2; 3}; {3; 4}; {1; 2; 3}; {1; 2; 4}; {1; 3; 4}; {2; 3; 4}; {1; 2; 3; 4}}

Along with this basic setup, Naor and Shamir alsoproposed (k,n) threshold model as its extension. This extendedscheme is constructed such that any k shares can be stackedtogether to reveal the original secret, but any k-1 shares gainno information about it. It is not hard for the readers to verifythat the scenario described at the beginning of the paper is aninstance of (2,4)-threshold VCS.

The rest of the paper is structured as follows. Insection 2 we will introduce the construction of (k,n)-thresholdVCS along with some parameters used to describe the model.

Figure 1. Different shares overlaying

In section 3 we review several extension of visualcryptography research that includes VC for general accessstructure, contrast optimization and the concept of

randomness. We briefly introduce some applications of VCSin section 4 and conclude our paper in section 5.

II. THE MODELIn this section we formally define VCS model, as well as(k,n)-threshold VCS scheme that was proposed by Naor andSharmir [1].Definition 2.0.1. Hamming weight: The number of non-zerosymbols in a symbol sequence. In a binary representation,Hamming weight is the number of "1" bits in the binarysequence.


2/4



Definition 2.0.2. OR-ed k-vector: Given a j x k matrix, it isthe k-vector where each tuple consists of the result ofperforming boolean OR operation on its correspondingjx1column vector.

Definition 2.0.3.An VCS scheme is a 6-tuple (n; m; S; V; ;d). It assumes that each pixel appears in n versions called

shares, one for each transparency. Each share is a collection ofm black and white subpixels. The resulting structure can bedescribed by an n x m Boolean Matrix S=[Sij ] where Sij = 1iff the jth sub-pixel in the ith share is black.

Therefore, the grey level of the combined share, obtained bystacking the transparencies, is proportional to the Hammingweight H(V) of the OR-ed m-vector V. This grey level isusually interpreted by the visual system as black if H(V)>=dand as white if H(V )


3/4



3.2. Optimizations. The optimality of VCS is determinedmostly by its pixel expansion m and the relative contrast .Pixel expansion m represents the loss in resolution from theoriginal image to the decoded one. Therefore m needs to be assmall as possible. In addition, m also needs to be in the formof n2 where n N in order to preserve the aspect ratio of theoriginal image. On the other hand, the relative contrast

needs to be as large as possible to ensure visibility[1]. In thescope of this paper, we will only explore works related tocontrast optimization. Works related to deriving lower boundof pixel expansion m can be found in [7], [8] etc.

The research on contrast optimization was motivatedby the problem of extra graying effect introduced to decodedimage. This occurs because the decoded image is not an exactreproduction of the original image, but an expansion of theoriginal, with extra black pixels. The black pixels in theoriginal image will remain black if d=m. However, the whitepixels will become grey, due to the blackness introduced bythe black sub-pixels, which resulted in loss of contrast to theentire image. It is not hard to show that a (2,2) thresholdschemes have the best possible relative contrast = 1=2. Tofurther improve this contrast, Naor and Shamir extended their1994 work by introducing the "Cover" semi-groupOperation.[2] There are a few changes in this new model. Firstof all, instead of considering only binary colors, the newmodel would consist of two "opaque" colors (say, red andyello w) and the third "transparent" one. When overlayingtogether, the top opaque color will always dominate.Secondly, instead of having two shares I and II, there are now2c sheets marked I1, I2,...Ic, II1, II2,...IIc. Each sheet containsred,yellow and transparent pixels. When overlaying, we alsomake sure that II1 is placed on top of I1, I2 is placed on top ofII1, etc. Formally:

Definition 3.2.1. A solution to (2,2) threshold VCS using theCover semi-group consists of:(1) Two distributionsDR andDY on c m matrices where m isthe number of sub pixels used to encode one pixel in theoriginal image. Each entry of DR and DY is an element from{R,Y,T}, which stands for red, yellow and Transparentrespectively.

(2) A partition of {1...c} into 2 subsets S1andS2.

The upper bound for relative contrast obtained in this coversemi-group construction is 1 1/ c for (2,2) threshold VCS.Unfortunately, the construction cannot be extended to (k,n)threshold VCS.

3.3. VCS randomness. Recall that any VCS would consist oftwo collections of matrices 0 and 1. When encoding a pixel,depending on the color of the pixel, we need to randomly picka matrix from one of the collections. In other words, if wenumber all the candidate matrices as 1,2,.., |t|, the encodingalgorithm should generate a secret key k, where k representsthe index of the matrix that we have used to encode this pixel.

Blundoet al[4] formalizes this idea of randomness behindVCS as the follows:

Definition 3.3.1. The randomness of a VCS represents thenumber of random binary bits per pixel required to share asecret image among the participants. Formally, let therandomness of a VCS be denoted R,then R(0; 1) =log(min{|j0|||}).Note that given an arbitrary VCS, we can always find anotherVCS that have same m, and equal sized 1 and 2. Thisproof is shown in [3]. Therefore it is safe to assume

Figure 2. Hide secret in natural images

0 = 1 = r w.o.l.g. It turns out that r is the only variable thatimpacts the randomness R. We further know that virtually allconstructions of 0 and 1 for (k,n)-threshold VCS consists ofbasis matrices S0 0 and S1 1 together with all of theirpermutations, each of which satisfy contrast and securityconditions outlined in section 1. Recall that each matrix isn*m where m is the pixel expansion. Hence it follows that the

randomness of such threshold VCS can also be expressed aslog (m!). This lower bound is further improved in [9] for(k,k)-threshold VCS.

3.4. Secret Encoding With Natural Images. Now we knowthat given a secret message, we can always encode it into setsof n images, each containing no information about the secret.However, it would be more useful to conceal the existence ofthe secret message. In other words, the shares given toparticipants in the scheme should not look as a random bunchof pixels, but they should be innocent looking images (anhouse, a dog, a tree, etc). The solution is addressed in [1] [8]and [10]. The basic idea behind is to represent the hidden

image by controlling the way opaque sub-pixels in naturalimages are stacked together. A class of VCS constructions aredeveloped in [10] to hide images in the multi-color naturalimages. We conclude this section by showing you a workingexample of this work in the figure below.\

IV. APPLICATIONSVisual Cryptography Schemes can decode concealed imagesbased purely on human visual systems, without any aid fromcryptographic computation. This nice property gives birth to awide range of encryption applications. In this section, we will


4/4



discuss how VCS is used in applications such as E-Votingsystem, financial documents and copyright protections.

4.1. Electronic-Balloting System. Nowadays, most of thevoting are managed with computer systems. These votingmachines expected voters to trust them, without giving proofthat they recorded each vote correctly. One way to solve this

problem is to issue receipts to voters to ensure them theirvotes are counted. However, this could improperly influencethe voters, which produces coercion or vote selling problems.To solve this dilemma, Chaum [6] proposed a secret-BallotReceipts system that is based on (2,2)- threshold binary VCS.It generates an encrypted receipt to every voter which allowsher to verify the election outcome - even if all electioncomputers and records were compromised.At the polling station, you will receive a double-layer receiptthat prints your voting decision. You will be asked to give oneof the layer to the poll worker who will destroy it immediatelywith a paper shredder. The remaining one layer will nowbecome unreadable. To make sure that your vote is not alteredor deleted, you could querying the serial number on yourreceipt on the election Web site. This will return a postedreceipt that looks identical to yours in hand. Notice that youdo not need any software to verify this: simply print theposted receipt and overlaying it with your original receipt.There are two security advantages of this system. First of all, areceipt that is not properly posted can act as a physicalevidence of the failure of the election system. Secondly,voters are ensured that their vote is correctly recorded at thepolling station, but after surrendering a layer of the receipt, noone can decode it unless he somehow know the decryptionalgorithm and obtained all secret keys, which are typicallyheld by different trustee. Thirdly, even if all electioncomputers were compromised, there are only limited waysthat the system could alter the voting. For example, the systemcould print a wrong layer and hope that the voter will chooseanother one. However, the chances that it wouldgo undetected is 1/2 for one vote, and hence (1=2)10 for 10ballots, which is considered negligible for a voting populationof, say 30,000 people.

4.2. Encrypting financial documents. The VCS principle canalso be applied in transmitting confidential financialdocuments over Internet. VCRYPT is an example of this typeof system being proposed by Hawkes et al [?]. VCRYPT canencode the original drawing document with a specified (k,n)VCS, then send each of the encoded n shares separatelythrough Emails or Ftp to the recipient. The decoding onlyrequires bitwise "OR" operation on all shares in the specifieddirectory, and needs no extra effort of cryptographiccomputation. Any malicious attacker who intercepts only m ofn shares where m < k will not be able to gain any informationabout the financial document. Moreover, it is impossible toalter the content of the document unless all shares areintercepted, altered and re-inject into the network. Financialdocuments often contain a lot of digits. Therefore, after

applying VCS, we will expect that the greying effect willprevent us from recognizing the "fuzzy" digits in decodeddocuments. To work around this problem, VCRYPT proposeda post filtering process to return the decoded image preciselyto its original form. It evaluates every set of m sub-pixelsagainst the encoding threshold and display the final pixel asblack if the number of black sub-pixels is above the threshold

and white otherwise.

V. CONCLUSIONIn this paper, we briey review the literature of visualcryptography schemes as special instances of secret sharingmethods among participants. We also described differentconstructions that generalize and optimize VCS. Amongvarious advantages of VCS, we emphasize the property thatVCS decoding relies purely on human visual system, whichleads to a lot of interesting applications in private and publicsectors of our society.

REFERENCES1. M. Naor and A. Shamir, Visual cryptography, in "Advances in Cryptology{ EUROCRYPT '94", A. De Santis, ed., Lecture Notes in Computer Science950 (1995), 1-12.2. M. Naor and A. Shamir, Visual cryptography II: improving the constrastvia the cover base, in "Security Protocols", M. Lomas, ed., Lecture Notes inComputer Science 1189 (1997), 197-202.3. G. Ateniese, C. Blundo, A. De Santis and D. R. Stinson, Visualcryptography for general access structures, Information and Computation 129(1996), 86-106.4. C. Blundo, A. Giorgia Gaggia and D. R. Stinson, On the dealer'srandomness required in secret sharing schemes, Designs, Codes andCryptography 11 (1997), 107-122.5. W. Hawkes, A. Yasinsac, C. Cline, An Application of Visual Cryptographyto Financial Documents, technical report TR001001, Florida State University(2000).6. D Chaum, Secret-ballot receipts: True voter-veri able elections, IEEE

Security and Privacy, 2004, 38-47.7. A.Klein, M. Wessler, Extended Visual Crypotography Schemes. 8. G.Ateniese, C. Blundo, A. De Santis, and D. R. Stinson, Extended Schemes forVisual Cryptography Theoretical Computer Science.9. A. Bonis and A.Santis, Randomness in secret sharing and visualcryptography schemes, Theor. Comput. Sci. 314 (2004), 351-374.10. Nakajima, M. and Yamaguchi, Y., Extended Visual Cryptography forNatural Images, WSCG02, 2002, 303.