1 / 43

Visual Cryptography

Visual Cryptography. Hossein Hajiabolhassan Department of Mathematical Sciences Shahid Beheshti University Tehran, Iran. Secret Sharing Scheme. A secret sharing scheme is a method of dividing a secret S among a finite set of participants .

shani
Download Presentation

Visual Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Visual Cryptography Hossein HajiabolhassanDepartment of Mathematical SciencesShahid Beheshti UniversityTehran, Iran

  2. Secret Sharing Scheme • A secret sharing scheme is a method of dividing a secret Samong a finite set of participants. • only certain pre-specified subsets of participants can recover the secret (Qualified subsets). secret

  3. K out of n Consider a finite field GF(q)whereq≥n+1andChoose a secret key sfrom GF(q) . Randomly choose s=a0,a1,…, ak-1 from GF(q), Freely choose distinct xi(1≤i≤n). Give to personiSecret share (xi, f(xi)) for all (1≤i≤n).

  4. Perfect Secret Sharing • A secret sharing scheme isperfectif all authorizedsubsetscan reconstruct the secret butnoother subset can determine anyinformationabout the secret. This scheme is not perfect!

  5. Visual Cryptography Anyone knows what is the secret?

  6. Basic Definitions • LetP={1,...,n} be a set of elements called participants. • 2^Pdenote the set of all subsets of P. • Q  2^P : members ofqualifiedsets. • F 2^P: members of forbiddensets,Q  F=. • =(Q ,F)is called the accessstructureof the scheme. • _0: Call all the minimal qualified sets of  basis for the access structure :_0={A Q : B Q for all B A, B≠A}.

  7. Basic Definitions • Secret Image: The Secret consists of a collection of black and white pixels. • Share: Secret image encode into n shadow images in the form of the transparencies, called shares, where each participant receives one share. • Subpixel: Each pixel is divided into a certain number of subpixels.

  8. + + + + 1 Superimposing: 2 q

  9. Generation of Shares

  10. Generation of Shares pixel 1 2 1 2 share1 share2 stack random

  11. (0,1,0,1,0) Mathematical Model (1,1,0,0,1) Sticking (1,1,0,1,1) [ 0 1 0 1 01 1 0 0 1 ] Representationwith Matrix

  12. Mathematical Model 1 2 n

  13. Shares #1 #2 Superposition of the two shares Pixel Probability [ 1 01 0 ] 2 out of 2 C_0 [ 0 1 0 1 ] [ 1 0 0 1 ] ` C_1 [ 0 1 1 0 ] Same MatriceswithSame Frequency

  14. Expansion & Contrast Thenumber of subpixels that each pixel of the original image is encoded into on each transparency is termedpixel expansion. Thedifference measure between a black and a white pixel in the reconstructed image is calledcontrast. [ [ 0 1 0 1 ] [ 1 0 1 0 ] [ 1 0 0 1 ] [ 0 1 1 0 ] Expansion = 2 Contrast=(2-1)/2=0.5

  15. Visual Cryptography SchemeNaor and Shamir, 1994 Let =(Q, F) be an access structureon a set of n participants. A - VCS_1 with expansion mand contrast (m)consists of two collections of n×mmatricesC_0andC_1suchthat: For any qualified subset X={i_1,…,i_k} andA ε C_0, theor Vof rows i_1,…,i_k of A satisfiesw(V)  t_X- (m).m ; whereas, for any B ε C_1 it results that w(V)  t_X. For any non-qualified subset X={i_1,…,i_t}. The two collections of t×m matrices D_j, with j ε {0,1}, obtained by restricting each n×m matrix in C_j to rows i_1,…,i_t are indistinguishable in the sense that they contain thesame matrices with the same frequencies.

  16. [ 0 1 0 1 ] [ 1 01 0 ] X={1,2}, W(V)=1 D_0 C_0 2 out of 2 X={1} [ 1 0 0 1 ] [ 0 1 1 0 ] X={1,2}, W(V)=2 D_1 C_1

  17. VCS with Basis Matrices Let =(Q, F) be an access structureon a set of n participants. A basis for - VCS_2 with expansion m and contrast (m) consists of two matrices S^0 and S^1 such that: For any qualified subset X={i_1,…,i_k}, the or V of rows i_1,…,i_k of S^0 satisfies w(V)  t_X- (m).m ; whereas, for S^1 it results that w(V)  t_X. For any non-qualified subset X={i_1,…,i_t}. The two t×m matrices D^j, with j ε {0,1}, obtained by restricting rows i_1,…,i_t to S^j are equal up to a permutation of columns.

  18. {1} {2} {3} {1,2,3} { } {1,2} {1,3} {2,3} K out of K [ ] [ ] S^1=. • 0 0 1 • 0 1 0 1 • 0 0 1 1 S^0=. 0 1 1 0 0 1 0 1 0 0 1 1 1 1 2 2 3 3 C_1={A: A is a permutation column of S^1} C_0={B: B is a permutation column of S^0}

  19. K out of n scheme There is a k out of k scheme with expansion 2k-1and contrast α=2-k+1. In any k out of k scheme m≥2k-1and α≤21-k. For any n and k, there is a k out of n VCS with m=log n 2O(klog k), α=2Ώ(k).

  20. General Access Structure Question: Let  be a access structure. Is there an -VCS? Note that if there exists an -VCS then Q should be monotone. Theorem: Let  =(Q,F) be a monotone access structure where F∩Q=, and let Z_M be the family of maximal forbidden sets in F. Then there exists a -VCS with expansion less than or equal to 2^(|Z_M|-1).

  21. Cumulative Array Method Let =(Q,F) be a monotone access structure where Q U F= 2^P. Also, let F_1,… , F_tbe maximal forbidden sets in F. LetS^0andS^1be basis of white matrix and black matrix of t out of t VCS, respectively. Constructn×2^(t-1) white basis matrix C^0and black basis matrix C^1 of  as follows: For any participant i, set the i-th row of C^0 be the or of rows i_1,…,i_s of S^0 that i_1,…,i_s are rows of S^0 where for any 1≤j≤s,“i’’ is not member of F_(i_j). Similarly, construct C^1.

  22. Cumulative Array Method Theoretically, realizable. Example: Let P={1, 2, 3, 4}, _0={{1, 2}, {2, 3}, {3, 4}}, andZ_M={F_1,F_2, F_3}; F_1={1, 4} ,F_2={1, 3}, F_3={2, 4}. Hence,

  23. New VCS, Color of SecretTzeng and Hu, 2002 for any B ε C_1 it results that w(V)  t_X-(m).m or for any B ε C_1 w(V) ≤t_X- (m).m. Let =(Q, F) be an access structure on a set of n participants. A - VCS_3 with expansion m and contrast (m) consists of two collections of n×m matrices C_0 and C_1 such that: For any qualified subset X={i_1,…,i_k} and A ε C_0, the or V of rows i_1,…,i_k of A satisfies w(V) = t_X; whereas, For any non-qualified subset X={i_1,…,i_t}. The two collections of t×m matrices D_j, with j ε {0,1}, obtained by restricting each n×m matrix in C_j to rows i_1,…,i_t are indistinguishable in the sense that they contain the same matrices with the same frequencies.

  24. New VCS, Color of SecretTzeng and Hu, 2002

  25. Extended VCS In 1998, S. Droste introduced an extension of the visual cryptography. In fact, he has presented an extended VCS in which every combination of the transparencies can contain independent information. In 2001, G. Ateniese, C. Blundo, A. Santis and D.R. Stinson has introduced another version of extended visual cryptography in which every share have to be an image.

  26. Extended VCSDroste 1998 Consider multi-sets C^T(T is a subset of 2^P\{ф}) of n×m Boolean matrices which satisfy the following conditions. For allX={i_1,…,i_k}andA ε C^T, where X is a memberof T, the or V of rows i_1,…,i_t of A satisfiesw(V)  t_X. For allX={i_1,…,i_k} and A ε C^T, where X is not a memberof T, the or V of rows i_1,…,i_k of A satisfiesw(V)  t_X- (m).m. The condition of Security!

  27. Extended VCSDroste 1998 C^{}= C^{{1,2}}= C^{{1}}= C^{{1},{1,2}}= C^{{2}}= C^{{2},{1,2}}= C^{{1},{2}}= C^{{1},{2},{1,2}}=

  28. Extended VCSG. Ateniese, C. Blundo, A. Santis and D.R. Stinson, 2001

  29. Extended VCSDroste 1998 C^{}= C^{{1,2}}= C^{{1}}= C^{{1},{1,2}}= C^{{2}}= C^{{2},{1,2}}= C^{{1},{2}}= C^{{1},{2},{1,2}}=

  30. Extended VCSDroste 1998 C^{}= C^{{1,2}}= C^{{1}}= C^{{1},{1,2}}= C^{{2}}= C^{{2},{1,2}}= C^{{1},{2}}= C^{{1},{2},{1,2}}=

  31. Colored Visual Cryptography Thegeneralized“or” of elements (colors) in {a_0, a_1, . . . , a_{c−1}} equals a_iif all colors are equal toa_i, otherwise it equals BLACK Color.

  32. Colored Visual CryptographyVERHEUL and VAN TILBORG, 1997 • Let =(Q, F) be an access structure on a set of n participants. The c collections of n×m matrices C_0, C_1, . . . , C_{c−1} constitute ac-colour - VCS_1 with pixel expansion m, if there exist two integershandlsuch that h > l satisfying: • For any qualified subset X={i_1,…,i_k}andA ε C_i, the generalized orV of rows i_1,…,i_k of A satisfies Z_i(V)  h while for any j≠ i, Z_j(V) ≤ l. • For any non-qualified subset X={i_1,…,i_t}. The collections of t×m matrices D_j, obtained by restricting each n×m matrix in C_j to rows i_1,…,i_t , are indistinguishable in the sense that they contain the same matrices with the same frequencies.

  33. Colored Visual Cryptography 2 out of 5

  34. Colored Visual Cryptography Yang and Laih, 2000

  35. Probabilistic Visual Cryptography K out of n, Yang 2004 • A k out of nProbVSS_1 scheme can be shown as two multi-sets, C_0 and C_1; consisting of n×1matriceswhich satisfies the following conditions: • For these matrices in the multi-set C_0 (resp. C1), the ‘‘OR’’-ed value of any k-tuple column vector V is L(V). These values of all matrices form a multi-setE_0(resp. E_1), respectively. • The two multi-sets E_0 and E_1 satisfy thatp_1≥p_t and • P_0≤p_t- α, where p_0 and p_1 are the appearance • probabilities of the ‘‘1’’ (black color) in the multi-sets E_0 and E_1, respectively. • For any subset {i_1,…,i_t} of participants witht<kthep_0andp_1arethe same.

  36. Probabilistic Visual Cryptography K out of n, Yang 2004 2 out of 2

  37. Probabilistic Visual Cryptography K out of n, Yang 2004 2 out of 3

  38. Shape of Pixel

  39. Shape of PixelWu and Chang, 2005 Rotating 72o Staking Staking Share 2 Share 1 Secret 1 “VISUAL” Secret 2 “SECRET”

  40. Bounds for Pixel Expansion W.G. Tzeng and C.M. Hu, 2002, introduced another model for visual cryptography in which justminimal qualified subsets can recover the shared image by stacking their transparencies. (C. Blundo, S. Cimato, and A. De Santis, 2006)Let =(Q, F) be an access structure. The best pixel expansion of  -VCS_3 (basis matrices)satisfies

  41. Bounds for Pixel Expansion (H. Hajiabolhassan and A. Cheraghi) Let =(Q, F) be an access structure. Also, assume that there exist disjoint qualified sets A_1, . . . ,A_t such that for any qualified set B ⊆ A_1∪···∪A_t, one should have A_i ⊆ B for some 1 ≤ i ≤ t, i.e., A_i’s constitute an induced matching in Q. Then One can consider another model for visual cryptography (VCS_4) in which minimal qualified subsets can recover the secret. In fact, we don’t mind whether non-minimal qualified subsets can obtain the secret.

  42. Bounds for Pixel Expansion A graph access structure is an access structure for which the set of participants is the vertex set V (G) of a graph G = (V (G),E(G)), and the sets of participants qualified to reconstruct the secret image are precisely those containing an edge of G. A strong edge coloring of a graph G is an edge coloring in which every color class is an induced matching.The strong chromatic index s′(G) is the minimum number of colors in a strong edge coloring of G. (H. Hajiabolhassan and A. Cheraghi) Let G be a non-empty graph. Then m_4(G) ≤ min{2bc(G), 2s′(G)}.

  43. Thanks for your attention!

More Related