Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
DOI: 10.4018/IJDCF.2019010101
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
Copyright©2019,IGIGlobal.CopyingordistributinginprintorelectronicformswithoutwrittenpermissionofIGIGlobalisprohibited.
1
General Construction for Extended Visual Cryptography Scheme Using QR CodesYuqiao Cheng, Science and Technology on Information Assurance Laboratory, Beijing, China
Zhengxin Fu, Zhengzhou Information Science and Technology Institute, Zhengzhou, China
Bin Yu, Zhengzhou Information Science and Technology Institute, Zhengzhou, China
Gang Shen, Zhengzhou Information Science and Technology Institute, Zhengzhou, China
ABSTRACT
Thisarticledescribeshowavisualcryptographyscheme,withoneprominentfeature—decryptingsimply, has attractedmuch research attention since itwas first proposed.However,meaninglesssharesremainacontinuingchallengeinthedevelopmentofVCS.Inthisarticle,anextendedvisualcryptographyscheme(EVCS)basedonXORoperationisproposed,inwhichQRcodesareutilizedasthecoverimagesofshares.Bydesignation,allthesharesgeneratedintheschemecanbedecodedbystandardQRcodereaderswithspecificmeaning.Inaddition,toachievehighsharingefficiency,amethodofsimultaneouslysharingasecretQRcodeamongmultiplesubsetsispresented.Also,sufficientandnecessaryconditionsofthemethodareanalyzedwithanintegerprogrammingmodel,providingageneralconstructionapproachforEVCSunderarbitraryaccessstructures.
KEywoRDSError Correction Capacity, Extended Visual Cryptography Scheme (EVCS), General Access Structure, Multiple Subset Sharing (MSS), QR Codes
1. INTRoDUCTIoN
Asanimportantbranchofsecretsharing,theconceptofvisualcryptographyscheme(VCS)wasfirstproposedbyNaorandShamir(1995).Accordingtotheoriginaldefinitionofa(k,n)-VCS,asecretimageisdistributedintonshares.Nosecretinformationwillberevealedwithpossessionoffewerthankshares.Butwhenkormoresharesaresuperimposed,thesecretcanbeeasilydecryptedbyhumanvision.Inthepastfewdecades,VCSdevelopedrapidlyandhasmadegreatprogressinmanyaspects(Liu&Yan,2014).Aschemeforgeneralaccessstructureswasgiventherewith(Ateniese,Blundo,Santis,&Stinson,1996),gettingridofthresholdconstraintsonthequalifiedsubsets.Optimalpixelexpansion(Shyu&Chen,2015)andcontrast(Lin,Chen,&Lin,2010)wereexploredlater.Tofurtherimprovetheperformanceofrecovery,XORoperationwasintroducedintothestudyofVCS(Shen,Liu,Fu,&Yu,2017;Yang&Wang,2014;Wu&Sun,2014).Forthesakeofflexiblesharingstrategies,effortshavebeenmadeformultiplesecrets(Jia,Wang,Nie,&Zhang,2016),cheat
Thisarticle,originallypublishedunderIGIGlobal’scopyrightonJanuary1,2019willproceedwithpublicationasanOpenAccessarticlestartingonFebruary2,2021inthegoldOpenAccessjournal,InternationalJournalofDigitalCrimeandForensics(convertedtogoldOpenAccessJanuary1,2021),andwillbedistributedunderthetermsoftheCreativeCommonsAttributionLicense(http://creativecommons.org/
licenses/by/4.0/)whichpermitsunrestricteduse,distribution,andproductioninanymedium,providedtheauthoroftheoriginalworkandoriginalpublicationsourceareproperlycredited.
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
2
prevention(Chen,Tsai,&Horng,2013),regionorfullyincrementing(Hu,Shen,Fu,Yu,&Wang,2016;Chen,2017)andprogressiveschemes(Hou&Quan,2012).
All studiesmentionedabovecontributea lot to thepracticalapplicationsofVCS.Theonlydownsideisthatthesharesintheseschemesaremeaninglessandeasilyarousesuspicionof somepotential attackerswhendistributedviaapublic channel.Therefore, theextendedVCS(EVCS)seemsmoreattractivebecauseitgeneratesmeaningfulsharesinsteadofrandomimages(Naor&Shamir,1995).Byaddingsomeextracolumnsintothebasismatrices,Wangetal.(Wang,Yi,&Li,2009)designeda(k,n)-EVCSwithpoorcontrastofshares.Toimprovevisualperformance,aschemewasproposedonthebasisofhalftoneimagetechnology(Kang,Arce,&Lee,2011).Andotherstudieshavealsobeenattemptedwithbetterresults(Liu&Wu,2011;Yang,Sun,&Cai,2016;Yan,Wang,Niu,&Yang,2015;Ou,Sun,&Wu,2015).Nevertheless,thecamouflageeffectofsharesintheseschemeswasstillunsatisfactorysincethereweremanynoisypointsvisible.Later,secrethidingtechniqueswereutilizedtogeneratemeaningful shares (Yan,Wang,El-Latif,&Niu,2015;Amiri&Moghaddam,2016;Yuan,2014),butwithlargecomputationalload.
QuickResponse(QR)codeisatwo-dimensionalcodedevelopedbytheJapaneseDensoWaveCompany,andnowhasbeenadoptedasauniversalspecificationperformedbyISO(2006).Withthepopularizationofintelligentterminals,QRcodeshavebeenwidelyusedinfieldssuchasinformationstorage,mobilepaymentandelectronictickets.ForagivenQRcode,wecanhardlyacquireitsmessagebyhumanvisionsincethedarkandlightmodulesarerandomlydistributed.ThismeaninglessappearanceissimilartotheimagecharacteristicofVCSshares.Assuch,QRcodecanbeagoodchoiceforthemaskofVCSshare.Therefore,investigationsoftheVCSandQRcodescombinationshaveattractedconsiderableattention.Atfirst,QRcodeswereembeddedassomepartsofsharestoauthenticateaVCS(Wang,Liu,&Yan,2014).Thismethodsoughtthebest embedding regionof agiven share, thus reducing the influenceof secret revealing.Later,acontinuous-toneVCS(Yang,Liao,Wu,&Yamaguchi,2016)wasdevelopedwherethecolorofasecretmodulewasdeterminedbythegraynessofblackdots.Subsequently,aclassofEVCSsbasedonQRcodeswasproposed.Inviewofmachinerecognitioncharacteristic,anEVCSwaspresentedfortwo-levelinformationstoragebyLiuetal.(Liu,Fu,&Wang,2016).Inthisscheme,aproperscanningdistanceandanglearestrictlyrequiredtodecodingtheshares,whichsignificantlyincreasestheinconvenienceofpracticalapplications.ByexploitingerrorcorrectionmechanismofQRcodes,a(n,n)sharingmethodwasdesigned(Chow,Susilo,Yang,Phillips,Pranata,&Barmawi,2016),andthen,a(k,n)schemeunderthetheoryofrandomgridswerefurtherimplemented(Wan,Lu,Yan,Wang,&Chang,2017).Sometimes,thesecretimagemaybeaQRcode,andthenWanetal.’sschemebecomesinvalidbecausetheerrorscontainedintherecoveredsecretarebeyonderrorcorrectioncapability.OnesolutiontothisproblemisthatrepeatedlyperformingChowetal.’smethodoneachminimalqualifiedsubset.Then,alargenumberofsharinginstancesarerequired.
Inthispaper,anovelEVCSispresentedcombiningwithQRcodes.First,toreducethenumberofsharinginstances,weintroduceanideaofMSSandprovideitssufficientandnecessaryconditionswithanintegerprogrammingmodel.Andbasedonthismodel,wedividetheinitialaccessstructureintoseveralcollections,eachofwhichcanachieveaMSSinstance.Further,detailedsharingalgorithmofMSSispresented.Experimentalresultsandcomparisonsshowthevalidityandadvantagesoftheproposedscheme.
Theremainderofthispaperisorganizedasfollows.Section2introducessomepreliminariesconcerningourstudy.TheproposedschemeisdescribedinSection3whilesomeconditionsaretheoreticallyprovedinSection4.ExperimentsandanalysisarepresentedinSection5toillustratethefeasibilityofthisworkandhowitimprovesonpreviouswork.
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
3
2. PRELIMINARIES
Inthissection,wewillgivesomebasicdefinitionsconcerningtheVCSandtheQRcode.First,thedenotationofsymbolsinourpaperisgiveninTable1.
2.1. EVCSExtendedXOR-basedVCS(EXVCS)isa typeofEVCS,inwhichtherecoveryprocessisbasedonXORoperation.BecauseXORoperationcanreverse1to0,recoveredcontrastissignificantlyimprovedinEXVCS,especiallyin(n,n)-EXVCSthesecretiscompletelyreconstructed.
Definition 1 [3].SupposeallparticipantsconstituteasetP={1,2, ,n}.LetΓQ,ΓF⊆2PandΓQ∩ΓF=∅.MembersofΓQandΓFaredefinedasqualifiedsubsetsandforbiddensubsets,respectively.Thepair(ΓQ,ΓF)iscalledanaccessstructure.IfΓQismonotoneincreasingwhileΓFismonotonedecreasing,andΓQ∪ΓF=2P,then(ΓQ,ΓF)issaidtobestrong.Moreover,definethebasisΓ0={Q∈ΓQ|Q′∉ΓQifQ′⊂Q}.AllofthemembersinΓ0areminimalqualifiedsubsets.
Definition 2.LetΓ=(ΓQ,ΓF)beanaccessstructureonPanditsbasisΓ0={Q1,Q2, ,Qt}.AnEXVCSbasedonQRcodesisconstitutedunderΓifthreeconditionsaresatisfied.(1) EachsharecanbedecodedbyastandardQRcodereaderanditsmessageismeaningful.(2) AnyforbiddensubsetQf={i1,i2, ,if}∈ΓFisinaccessibletothesecretinformation.(3) ForanyqualifiedsubsetQq∈ΓQ,∃Q’⊆QqandQ’∈Γ0,thesecretcanbereconstructedby
XOR-ingthesharesofQ’.
2.2. QR CodeQRcodesconveyinformationbasedonthearrangementofdarkandlightmodules.Thereare40versionswithdifferentdatacapacities.Version1iscomposedof21×21modules.Eachsubsequentversionincreasesbyfouradditionalmodulesperside,uptoversion40,whichiscomposedof177×177modules.
Table 1. Denotation of symbols
Symbol Denotation
c thenumberofallcodewordsinablock
b thenumberofdatacodewordsinablock
r thenumberoferrorsallowableinablock
S thesecretQRcode
Tj theshareofthej-thparticipant
Cj thecoverQRcodeofTj
Qi thei-thminimalqualifiedsubset
R[Qi] theresultofT1⊕T2⊕⊕TmifQi={1,2, ,m}
D[Qi] theresultofR[Qi]⊕S
Tj(u,v) moduleofTjattheu-throwandv-thcolumn
Q1ΔQ2 thesymmetricdifferenceofQ1andQ2
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
4
Figure1isthestructureofversion7.Asshown,aQRcodeincludestwoparts:functionpatternsandencodingregion.Theformerarespecificstructuresdesignedforgeometriccorrectionandeffectivedecoding,andthelattercontainsseveralQRblocksandsomeauxiliaryformatorversioninformation,suchaserrorcorrectionlevels,maskpatterns,andsymbolversions.Theformatinformationisabinarysequencewithfivedatabitsandtenerrorcorrectionbits.
Anothersignificant featureofaQRcode iserrorcorrection,whichallowsQRcodereaderstocorrectlydecodedata, even ifpartsof the symbolaredirtyordamaged.Thereare fourerrorcorrectionlevelstoprovidedifferentcapabilities(L:7%,M:15%,Q:25%,andH:30%).Ahigherlevelcorrespondstoalargerdatapayload.Table2liststhecharacteristicofversion4∼7.
3. THE PRoPoSED SCHEME
Thissectionproposesaschemewithmeaningfulsharesforgeneralaccessstructures.Bytakingfulladvantageof theerrorcorrectioncapacitiesofQRcodes, lessstoragespaceofshares isrequiredintheproposedscheme.AsshowninFigure2,thewholesharingprocessincludestwoparts:collectiondivisionandMSS,withtheirdetailedalgorithmsillustratedinSection2.1and2.2,respectively.
3.1. Collection DivisionBythe(n,n)sharingmethod(Chow,Susilo,Yang,Phillips,Pranata,&Barmawi,2016),foranyΓ0={Q1,Q2, ,Qh},theEXVCSunderΓ0isconstructedasfollows.
InFigure3,aparticipantneedstsharesifitbelongstotsubsetsofΓ0,whichwouldcostmuchspacetostoresharesastgrows.Toimprovesharingefficiency,weattempttodealwithmultiplesubsetsbyonlyone(n,n)-MSSinstance.
Differentfrompreviouswork,theproposedmethodillustratedinFigure4performsonlyoneMSSinstanceasn=|Q1∪Q2∪∪Qh|.Thenaparticipantneedsonlyoneshareevenifitiscontainedinmorethanonesubsets.However,therearesomeconstraintstotheexistenceofsuchaninstance.Initially,weletTj=Cj(j=1,2, ,n).ToobtainthesecretmessageofS,differencesbetweenR[Qi](i=1,2, ,h)andSshouldbewithintheerrorcorrectioncapacityofS.Therefore,somecodewordsofTj(j=1,2, ,n)needmodifyingtoadjustthevalueofR[Qi].WetakeeachQRcodeblockastheresearchobjectforsubsequentanalysis.LetXbeathree-dimensionalmatrixwiththesizeofh×(n+1)×c.Amathematicalmodelissetuptodeterminewhethera(n,n)-MSSinstanceofQ1,Q2, ,Qhcanbesatisfied.
Figure 1. The symbol structure of version 7
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
5
Table 2. Error correction characteristics of several versions
Version Error correction level Number of blocks (c, b, r)
4
L 1 (100,80,10)
M 2 (50,32,9)
Q 2 (50,24,13)
H 4 (25,9,8)
5
L 1 (134,108,13)
M 2 (67,43,12)
Q2 (33,15,9)
2 (34,16,9)
H2 (33,11,11)
2 (34,12,11)
6
L 2 (86,68,9)
M 4 (43,27,8)
Q 4 (43,19,12)
H 4 (43,15,14)
7
L 2 (98,78,10)
M 4 (49,31,9)
Q2 (32,14,9)
4 (33,15,9)
H4 (39,13,13)
1 (40,14,13)
Figure 2. The sharing process of the proposed scheme
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
6
X i h k c
X r j n
X
ijkj
n
ijkk
c
i
h
i n kk
�
�
��
�
�
��
� � � � �
� � �
1
1
11
1
1 1 1
1
( , )
( )
( )
��� � � �
� � � � � �� � � �
1
1
0 1 1
0 1 1 1
c
ijk i
ijk
r i h
X i h j Q k cX i h j
( )
( , , )
{ , }( , �� � � �
�
�
�����
�
����� n k c1 1, )
(1)
Chooseanyt(2≤t≤h)subsetsfromQ1,Q2, ,QhandassumetheyareQp1,Qp2
, ,Qpt.
LetQa=Qp1∪Qp2
∪∪Qpt−Qp1
ΔQp2ΔΔQpt
,then
X X X t v v v Q k cp v k p v k p v k t at t1 1 2 2 1 2 1� � � � � � � ( , , , , ) (2)
If(1)and(2)haveacommonsolution,Q1,Q2, ,Qhcanconstituteacollection,ofwhichallsubsetscanbesharedbyone(n,n)-MSSinstance.Xijk=1indicatesthatthek-thcodeword(1≤k≤c)ofTjwouldbemodifiedtoletR[Qi]=S.AndXi(n+1)k=1denotesthatthek-thcodewordofR[Qi]isdifferentwiththatofS.Insomecases,morethanonecommonsolutionto(1)and(2)arepossible,sowearesupposedtochooseaproperonefromthem.Generally,asolutionisgoodornotdependsonthedifferencebetweenthenumberoferrorsinTj(j=1,2, ,n)andthatinR[Qi](i=1,2, ,h),namely
Figure 3. The previous method
Figure 4. The proposed method
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
7
min ( )X Xijkk
c
i
h
i n kk
c
���
��� ��
���
���11
1
1
(3)
Withabovemodel,basisΓ0ofanyaccessstructurecanbedividedintoanumberofcollectionsΓ1,Γ2, ,Γd.
3.2. MMSInthesharingprocedure,themodulesoffunctionpatternsandversioninformation,aswellastenerrorcorrectionbitsofformatinformation,arefixed.DetailedalgorithmisgiveninAlgorithm1.
Inordertorestorethesecret,wefirstobtainR[Qk](1≤k≤h)byXOR-ingsharesinQk.AndthenwecandeducesecretformatinformationaccordingtotheformatdatabitsofR[Qk].Finally,thesecretmessageisreconstructed.Notethatthefixedmoduleswillnotbehandledwithduringtherecoveryprocess.
4. THEoRETICAL PRooFS
Thevalidityoftheproposedschemeisanalyzedinthissectionfromtwoaspects.Oneprovesthesecuritythatforbiddensubsetsarehardlytoobtainsecretmessages;theotherillustratesthatacommonsolutionto(1)and(2)isthesufficientandnecessaryconditionsofaMSSinstance.
4.1. Security
Theorem 1.Anyindividualsharecannotobtainanyinformationaboutthesecret.Proof: Because QR codes adopt a universal encoding standard, an adversary can easily decode
themessageofashare,furtherinferringtheknowledgeofitscorrespondingcoverQRcode.Accordingtotheproposedscheme,nomorethanrcodewordsaredifferentbetweenashareanditscover.Andthisdifferencemakesnosensebecausetheadversaryknowsnothingaboutothershares.Therefore,reconstructingthesecretwithonlyoneshareisimpossible.
Algorithm 1. Sharing algorithm
Input:ThesetP={1,2, ,n}thatconsistsofallparticipantsfromQ1,Q2, ,Qh;ncoverQRcodesC1,C2, ,Cn;asecretQRcodeS.(EachQRcodehasdblocksandthesymbolsizeisa×a.)Output: nsharesT1,T2, ,Tn. Algorithm starts. Step 1:Leti=j=0andTk=Ck(1≤k≤n).GotoStep2. Step 2:Calculateacommonsolutionto(1)and(2)fortheu-thblock(1≤u≤d)anddenoteitbyXu.Moreover,acommonsolutionXwhereXk(n+1)v=0(1≤k≤h,1≤v≤5)iscalculatedforsharingfiveformatinformationdatabits.GotoStep3. Step 3:Leti=i+1.Ifi≤a,gotoStep4;else,gotoStep9. Step 4:Letj=j+1.Ifj≤a,gotoStep5;else,letj=0andgotoStep3. Step 5:IfS(i,j)isafixedmodule,skipandgotoStep4;elseifS(i,j)isamodulefromdataanderrorcorrectionblock,gotoStep6;else,gotoStep7.Step 6:SupposeS(i,j)isamoduleofthev-thcodewordoftheu-thblock.ForQk(1≤k≤h),findtheq-thelementthat
satisfies Xkqvu =1 .Ifq=n+1,skipandgotoStep4;else,gotoStep8.
Step 7:SupposeS(i,j)isthev-thbitofformatinformation.ForQk(1≤k≤h),findtheq-thelementthatsatisfiesXkqv=1.GotoStep8. Step 8:AdjustTq(i,j)toletS(i,j)=R[Qk](i,j),andgotoStep4.Step 9:OutputnsharesT1,T2, ,Tn. Algorithm ends.
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
8
Theorem 2.Noknowledgeofthesecretcanbeobtainedwithsharesofanyforbiddensubset.Proof: In terms of QR code specification, dark and light modules of a QR code are randomly
distributed.Therefore,thepossibilityofeachmodule’scolorisapproximately0.5.For∀Q∈Γ0andQF⊂Q,supposeQ={a1,a2, ,ax,b1,b2, ,by}andQF={b1,b2, ,by}.Then,
T T T S T T Tb b b a a ay x1 2 1 2� � � � � � � � (4)
SinceT T Ta a ax1 2⊕ ⊕ ⊕ arerandom,theinformationaboutSisinaccessible.
4.2. Sufficient and Necessary Conditions
Theorem 3.Thereisatleastonecommonsolutionto(1)and(2)ifaMSSinstancecanbesatisfied.Proof:Ifamulti-subsetsharinginstancecanbeappliedonQ1,Q2, ,Qh,thereisR[Qi]⊕D[Qi]=
S(1≤i≤h).ConsideringthesharingofQ1andsupposeQ1={j1,j2, ,jm}.InordertosatisfytheresultR[Q1](u,v)⊕D[Q1](u,v)=S(u,v)(1≤u≤a,1≤v≤a),amodulefromT1(u,v),T2(u,v), ,Tm(u,v)shouldbereversedorletD[Q1](u,v)=1.ThisstepisnotrequiredunlessT1(u,v)⊕T2(u,v)⊕⊕Tm(u,v)=S(u,v)underthepossibilityof1/2.Forthek-thcodeword(1≤k≤c),thereis
X
X
jkj
n
1
1
1
1255
256�
�
� � ���
���the probability of this event is
11
1
1
01
256jk
j
n
�
�
� � ���
���
�
��
the probability of this event is
��
���
(5)
Similarly,theconclusionisappliedtoanalysisofQ2,Q3, ,Qh.Thus,foranysubsetQi(1≤i≤h)andanycodewordk(1≤k≤c),thereis
X
X
ijkj
n
�
�
� � ���
���
1
1
1255
256the probability of this event is
iijkj
n
�
�
� � ���
���
�
��
1
1
01
256the probability of this event is
��
���
(6)
Sincetheprobabilityof255/256isfarlargerthan1/256,thuswecanapproximatelyconsider(6)
as Xijkj
n
�
�
� �1
1
1 .Moreover,tokeepbothreadabilityofthereconstructedsecretandshares,thereare
X ri n kk
c
( )��� �1
1
and X rijkk
c
i
h
���� �
11.Therefore,(1)canbeinferred.
ConsideringtheintersectionamongQ1,Q2, ,Qt,therelationshipXajk=Xbjk=1maynotalwaysbesatisfiedforanyaandb.Forexample,supposetwosubsetsQp={ja1,ja2, ,jat,jb1,jb2, ,jbx}andQq={ja1,ja2, ,jat,jc1,jc2, ,jcy}.BecauseR[Qp]⊕D[Qp]=R[Qq]⊕D[Qq]=S,thereis
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
9
T T T T T T D Q D Qj j j j j j p qb b bx c c cy1 2 1 2� � � � � � � � � [ ] [ ] (7)
Tosatisfy(7),twoapproachesareprovidedinthefollowing.
1. ChangeacodewordfromTjb1,Tjb2
, ,Tjbx ,Tjc1 ,Tjc2, ,Tjcy ;
2. LetD[Qp]=1orD[Qq]=1.
Atthismoment,ifa∈Qp∩Qqandb∈Qp∩Qq,Xajk=Xbjk=1isalmostimpossible.So(2)canbeobtained.
Theorem 4.AMSSinstancecanbeconstructedif(1)and(2)haveacommonsolution.Proof:If(1)and(2)haveacommonsolution,itmeansthereisanXthatsatisfies(1)and(2)atthe
sametime.Apparently,Xensuresthaterrorscontainedintherecoveredsecretandthesharesarebothwithintheirerrorcorrectioncapacities.Supposeanyt(2≤t≤h)subsetsfromQ1,Q2, ,QhareQp1
,Qp2, ,Qpt
,thereis
R Q D Q R Q D Q R Q D Q Sp p p p p pt t[ ] [ ] [ ] [ ] [ ] [ ]
1 1 2 2� � � � � � � (8)
AssumeQb=Qp1ΔQp2
ΔΔQpt={i1,i2, ,ix}.Then(8)canbesimplifiedas
T T T D Q D Q D Q t
T Ti i i p p p
i i
x t1 2 1 2
1 2
0 2 4 6� � � � � � � � �
� �
[ ] [ ] [ ] ( , , , )
�� � � � � � �
���
�� T D Q D Q D Q S ti p p px t[ ] [ ] [ ] ( , , , )
1 21 3 5
(9)
Undertherequirementsgivenby(2),wecanalwaysfindacodewordfromTi1 ,Ti2 , ,Tix ,orletoneofD Qp[ ]
1,D Qp[ ]
2, ,D Qpt
[ ] be1.Then,(9)canbesatisfied.
5. EXPERIMENTS AND ANALySIS
In this section, the feasibilityof theproposed scheme is evaluatedbyexperiments.Suppose theparticipantsetP={1,2, ,9}anditsbasisΓ0={{1,2,3,4},{3,4,5,6},{1,2,7,8},{5,6,8,9}}.The secretmessage is “IJDCF-2017”and the first cover is “20170801|Beijing|123456789”.Messageformatsofothercoversaresimilartothefirstcover,soweomitthedescriptionofthemforbrevity.TheexperimentaldatasetisgiveninTable3.
Table 3. The experimental dataset
Data groups Secret QR code Cover QR code
1 version6-levelH version6-levelH
2 version6-levelM version6-levelH
3 version6-levelL version6-levelH
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
10
First,weobtainasolutionto(1)and(2)underdatagroup1.Theresultisgotbytheoptimizer“Lingo11”,asshowninFigure5.
Figure5declaresthatacommonsolutionto(1)and(2)exists,whichindicatesthataMSSinstancecanbeimplementedwiththesolvedX,anditsexperimentalresultisgivenbelow.ThedecodingtoolisthesourcedemoprovidedbyZXing.Net.
InFigure6,(a)and(e)aretheoriginalcoverandsecretQRcodes,respectively.Accordingtotheproposedmethod,(b)isgeneratedfrom(a)bychangingsomecodewordsshownbythewhiteregionsin(c).Moreover,(d)demonstratesthattheshare(b)isreadable.(f)isthereconstructedsecretobtainedbyXOR-ingT1,T2,T3andT4,and(g)representstheerrorscontainedin(f)thatshouldbecorrectedbyitself.Becausethefaultcodewordsin(f)arewithintheerrorcorrectioncapacity,themessageof(f)iscorrectlydecoded.HereweonlyexhibittheresultsofT1andR[Q1]forbrevity,whicharesametothoseofothersharesandreconstructedsecrets,exceptthatthemessagesofcoverQRcodesaredifferent.Moreover,(i)-(l)demonstratethatnosecretinformationcanbeobtainedbyanyforbiddensubsets.
Next(1)and(2)aresolvedwiththedatasetofgroup2,andtheresultisshownbyFigure7(a).Figure7clarifiesthatthemodelofMSSunderΓ0isunsolvable.Therefore,wedivideΓ0into
twocollectionsΓ1andΓ2,eachofwhichcansupportaMSSinstance.HerewesetΓ1={{1,2,3,4},{1,2,7,8}}andΓ2={{3,4,5,6},{5,6,8,9}},andthesolutionofthemodelbuiltonΓ1isdisplayedasFigure8.
Figure9isthesharingresultofdatagroup2.SinceΓ0isdividedintotwocollections,Γ1andΓ2correspondtotworespectiveMSSinstances.Becauseparticipant3belongstobothofthetwocollections,itneedstwoshares,whichisshowninFigure9(b)and(c).However,participant2isonlycontainedbythesubsetsincollectionΓ1,therefore,participant2onlyneedsoneshare,asshowninFigure9(a).Apparently,theMSSmethodisalsousefulinthisexperimentevenifthenumberofsharesisnotreducedforsomeparticipants.
Figure 5. The solution of data group 1
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
11
ProvidingthatΓ1={{1,2,3,4},{1,2,7,8}}andΓ2={{3,4,5,6},{5,6,8,9}},thereisnosolutiontodatagroup3.Sowere-divideΓ0intoΓ1={{1,2,3,4}},Γ2={{3,4,5,6}}andΓ3={{1,2,7,8},{5,6,8,9}}.Andatthistimeonlythenumberofsharesforparticipant8decreases.
Toshowtheefficiencyoftheproposedscheme,thedecreaseofsharinginstancesiscalculatedunderseveralspecific(k,n)accessstructures,aslistedinTable4.(AllofthesecretandcoverQRcodesareofversion6andlevel’H’.)PartsofthecollectiondivisionresultaregiveninAppendix.
Figure 6. The MSS result of data group 1. (a) cover QR code C1; (b) share T1; (c) C1 ⊕ T1; (d) decoding of (b); (e) secret QR code S; (f) recovered secret R[Q1]; (g) S ⊕ R[Q1]; (h) decoding of (f); (i) T2 ⊕ T3; (j) T2 ⊕ T3 ⊕ T4; (k) T2 ⊕ T3 ⊕ T4 ⊕ T5; (l) decoding of (i) (or (j),(k))
Figure 7. Solution of data group 2 on Γ0
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
12
Figure 8. Solution of data group 2 on Γ1
Figure 9. The sharing result of data group 2. (a) share of participant 2; (b) the first share of participant 3; (c) the second share of participant 3
Table 4. The decreasing number of sharing instances
kn
3 4 5 6 7 8
3 1(1) 4(4) 5(10) 10(20) 12(35) 19(56)
4 — 1(1) 3(5) 8(15) 12(35) 24(70)
5 — — 1(1) 3(6) 7(21) 19(56)
6 — — — 1(1) 3(7) 10(28)
7 — — — — 1(1) 3(8)
8 — — — — — 1(1)
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
13
AccordingtoTable4,thenumberofinstancesdecreasesatleast50%inourscheme,exceptfor(3,4)and(n,n)accessstructuressince(1)cannotbesatisfiedinthetwocases.Inaddition,thedifficultyofdecodingsharesinLiuetal.’s(Liu,Fu,&Wang,2016)schemeisillustratedinFigure10.
Liuetal.’sschemeisdesignedonthebasisofmachinerecognitioncharacteristicswhereeachmoduleofitsshareisdistinguishedbytakingeachblockconsistingof2×2sub-modulesasawhole.Inthiscase,ZXing.NetdemocannotcorrectlydecodetheshareasshowninFigure10(b),whichmeansthattheshareisunabletobeusedelectronically.Figure10(c)and(d)aredecodingresultsindifferentscanningdistancebyamobilereader“BarcodeScanner”.Apparently,aproperscanningwayisakeyfactortocorrectlydecodetheshare.Then,decodingisinconvenient.Finally,functionalcomparisonsofthispaperwithotherrelatedworkaregiveninTable5.
AsisexhibitedinTable5,theproposedschemehasamoreflexiblesharingstrategythansomeotherwork(Wang,Yi,&Li,2009;Yang,Sun,&Cai,2016;Yan,Wang,Niu,&Yang,2015;Ou,Sun,&Wu,2015;Yan,Wang,El-Latif,&Niu,2015;Amiri&Moghaddam,2016;Yuan,2014;Liu,Fu,&Wang,2016;Chow,Susilo,Yang,Phillips,Pranata,&Barmawi,2016;Wan,Lu,Yan,Wang,&Chang,2017),becausetheproposedschemeisdesignedforgeneralaccessstructures.Forthesakeofvisualcharacteristic,theQRcodeisanexcellentchoicetocovertheshares.Therefore,thecamouflageeffectishighinthispaperandsomeotherworkrelatedtoQRcodes(Liu,Fu,&Wang,2016;Chow,Susilo,Yang,Phillips,Pranata,&Barmawi,2016;Wan,Lu,Yan,Wang,&Chang,2017)orstenography(Ou,Sun,&Wu,2015;Yan,Wang,El-Latif,&Niu,2015;Amiri&Moghaddam,2016;Yuan,2014).Inaddition,thecomputationalcomplexityofVCSislowerthanthatofotherstudies(Yan,Wang,El-Latif,&Niu,2015;Amiri&Moghaddam,2016).
Figure 10. The decoding results with different scanning ways. (a) share T1; (b) decoding of (a) by computer demo; (c) decoding of (a) by the mobile reader with the scanning distance of 6cm; (d) decoding of (a) by the mobile reader with the scanning distance of 12cm
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
14
6. CoNCLUSIoN
ThispaperproposesanovelEVCSthatallsharesaremeaningfulQRcodes.Itreducesthelikelihoodofbeingsuspectedbypotentialattackersifdistributedviapublicchannels.Moreover,theproposedschemecanalsobeusedtoimprovethesecuritywhenQRcodesareappliedinsomesecretapplicationfields.ByfurtherutilizingerrorcorrectioncapacitiesofQRcodes,thispaperpresentsamethodtosharemultiplesubsetssimultaneously,whichreducesthenumberofsharinginstancesonthebasisofpreviouswork.Asaresult,fewersharesofeachparticipantarerequired.However,ourpaperonlyprovidessufficientandnecessaryconditionsforaMSSinstance;findinganoptimaldivisionmethodremainsanopenproblemtobesolved.
ACKNowLEDGMENT
Theauthorsthanktheanonymousreviewersfortheirvaluablecomments.Thisworkwassupportedinpartby theNationalNaturalScienceFoundationofChinaunderGrantNo.61602513and theOutstandingYouthFoundationofZhengzhouInformationScienceandTechnologyInstituteunderGrantNo.2016611303.
Table 5. Functional comparisons of this paper with other studies
Paper Access Structure
Camouflage effect
Computational complexity
Wang,Yi,&Li,2009 (k,n) low O(1)
Kang,Arce,&Lee,2011 general low O(1)
Liu&Wu,2011 general low O(1)
Yang,Sun,&Cai,2016 (k,n) low O(1)
Yan,Wang,Niu,&Yang,2015 (k,n) low O(1)
Ou,Sun,&Wu,2015 (n,n) high O(1)
Yan,Wang,El-Latif,&Niu,2015 (k,n) high O(n)
Amiri&Moghaddam,2016 (n,n) high O(n2)
Yuan,2014 (k,n) high O(1)
Liu,Fu,&Wang,2016 (2,n)* high O(1)
Chow,Susilo,Yang,Phillips,Pranata,&Barmawi,2016 (n,n) high O(1)
Wan,Lu,Yan,Wang,&Chang,2017 (k,n) high O(1)
thispaper general high O(1)
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
15
REFERENCES
Amiri,T.,&Moghaddam,M.E.(2016).AnewvisualcryptographybasedwatermarkingschemeusingDWTandSIFT formultiple cover images.Multimedia Tools and Applications,75(14), 8527–8543. doi:10.1007/s11042-015-2770-7
Ateniese,G.,Blundo,C.,Santis,A.D.,&Stinson,D.R.(1996).Visualcryptographyforgeneralaccessstructures.Information and Computation,129(2),86–106.doi:10.1006/inco.1996.0076
Chen,Y.C.(2017).Fullyincrementingvisualcryptographyfromasuccinctnon-monotonicstructure.IEEE Transactions on Information Forensics and Security,12(5),1082–1091.doi:10.1109/TIFS.2016.2641378
Chen,Y.C.,Tsai,D.S.,&Horng,G.(2013).Visualsecretsharingwithcheatingpreventionrevisited.Digital Signal Processing,23(5),1496–1504.doi:10.1016/j.dsp.2013.05.014
Chow,Y.W.,Susilo,W.,Yang,G.,Phillips,J.G.,Pranata,I.,&Barmawi,A.M.(2016).ExploitingtheErrorCorrectionMechanisminQRCodesforSecretSharing. InJ.Liu,&RSteinfeld(Eds.),2016 Australasian Conference on Information Security and Privacy, LNCS(Vol.9722,pp.409-425).Berlin,Germany:Springer-Verlag.doi:10.1007/978-3-319-40253-6_25
Hou,Y.C.,&Quan,Z.Y.(2012).Progressivevisualcryptographywithunexpandedshares.IEEE Transactions on Circuits and Systems for Video Technology,21(11),1760–1764.doi:10.1109/TCSVT.2011.2106291
Hu,H.,Shen,G.,Fu,Z.,Yu,B.,&Wang,J.(2016).GeneralconstructionforXOR-basedvisualcryptographyanditsextendedcapability.Multimedia Tools and Applications,75(21).doi:10.1007/s11042-016-3250-4
ISO/IEC.(2015).ISO/IEC18004:2015Information-Automaticidentificationanddatacapturetechniques-QRCodebarcodesymbologyspecification.
Jia,X.,Wang,D.,Nie,D.,&Zhang,C.(2016).Collaborativevisualcryptographicschemes.IEEE Transactions on Circuits and Systems for Video Technology.
Kang,I.,Arce,G.R.,&Lee,H.K.(2011).Colorextendedvisualcryptographyusingerrordiffusion.IEEE Transactions on Image Processing,20(1),132–145.doi:10.1109/TIP.2010.2056376PMID:20615812
Lin,S.J.,Chen,S.K.,&Lin,J.C.(2010).Flipvisualcryptography(FVC)withperfectsecurity,conditionally-optimalcontrast,andnoexpansion.Journal of Visual Communication and Image Representation,21(8),900–916.doi:10.1016/j.jvcir.2010.08.006
Liu,F.,&Wu,C.(2011).Embeddedextendedvisualcryptographyschemes.IEEE Transactions on Information Forensics and Security,6(2),307–322.doi:10.1109/TIFS.2011.2116782
Liu,F.,&Yan,W.Q.(2014).Visual cryptography for image processing and security.SpringerInternationalPublishing.doi:10.1007/978-3-319-09644-5
Liu,Y.,Fu,Z.,&Wang,Y.(2016).Two-levelinformationmanagementschemebasedonvisualcryptographyandQRcode.Jisuanji Yingyong Yanjiu,33(11),3460–3463.
Naor,M.,&Shamir,A.(1995).Visualcryptography.InA.DeSantis(Ed.),LectureNotesinComputerScience:Vol. 950. Advances in Cryptology — EUROCRYPT’94. EUROCRYPT 1994. Berlin Heidelberg, Germany:Springer-Verlag.doi:10.1007/BFb0053419
Ou,D.,Sun,W.,&Wu,X.(2015).Non-expansiblexor-basedvisualcryptographyschemewithmeaningfulshares.Signal Processing,108,604–621.doi:10.1016/j.sigpro.2014.10.011
Shen,G.,Liu,F.,Fu,Z.,&Yu,B.(2017).Perfectcontrastxor-basedvisualcryptographyschemesvialinearalgebra.Designs, Codes and Cryptography,85(1),15–37.doi:10.1007/s10623-016-0285-5
Shyu,S.J.,&Chen,M.C.(2015).Minimizingpixelexpansioninvisualcryptographicschemeforgeneralaccessstructures.IEEE Transactions on Circuits and Systems for Video Technology,25(9),1557–1561.doi:10.1109/TCSVT.2015.2389372
Wan,S.,Lu,Y.,Yan,X.,Wang,Y.,&Chang,C.(2017).Visualsecretsharingschemefor(k,n)thresholdbasedonqrcodewithmultipledecryptions.Journal of Real-Time Image Processing,9,1–16.
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
16
Wang,D.,Yi,F.,&Li,X.(2009).Ongeneralconstructionforextendedvisualcryptographyschemes.Pattern Recognition,42(11),3071–3082.doi:10.1016/j.patcog.2009.02.015
Wang,G.,Liu,F.,&Yan,W.Q.(2016).2DBarcodesforvisualcryptography.Multimedia Tools and Applications,75(2),1223–1241.doi:10.1007/s11042-014-2365-8
Wu,X.,&Sun,W. (2014).Extendedcapabilities forxor-basedvisualcryptography. IEEE Transactions on Information Forensics and Security,9(10),1592–1605.doi:10.1109/TIFS.2014.2346014
Yan,X.,Wang,S.,El-Latif,A.A.A.,&Niu,X.(2015).Newapproachesforefficientinformationhiding-basedsecretimagesharingschemes.Signal, Image and Video Processing,9(3),499–510.doi:10.1007/s11760-013-0465-y
Yan,X.,Wang,S.,Niu,X.,&Yang,C.N.(2015).Halftonevisualcryptographywithminimumauxiliaryblackpixelsanduniformimagequality.Digital Signal Processing,38(C),53–65.doi:10.1016/j.dsp.2014.12.002
Yang,C.N.,Liao,J.K.,Wu,F.H.,&Yamaguchi,Y.(2016).Developingvisualcryptographyforauthenticationonsmartphones. In J.Wan, I.Humar,&DZhang (Eds.),2016 International Conference on Industrial IoT Technologies and Applications, LNICSSITE(Vol.173,pp.189-200).BerlinHeidelberg,Germany:Springer-Verlag.doi:10.1007/978-3-319-44350-8_19
Yang,C.N.,Sun,L.Z.,&Cai,S.R.(2016).Extendedcolorvisualcryptographyforblackandwhitesecretimage.Theoretical Computer Science,609(P1),143–161.doi:10.1016/j.tcs.2015.09.016
Yang,C.N.,&Wang,D.S.(2014).Propertyanalysisofxor-basedvisualcryptography.IEEE Transactions on Circuits and Systems for Video Technology,24(2),189–197.doi:10.1109/TCSVT.2013.2276708
Yuan,H.D.(2014).Secretsharingwithmulti-coveradaptivesteganography.Information Sciences,254,197–212.doi:10.1016/j.ins.2013.08.012
International Journal of Digital Crime and ForensicsVolume 11 • Issue 1 • January-March 2019
17
Yuqiao Cheng received the MS degree in information security at Zhengzhou Information Science and Technology Institute. Her research interests include visual cryptography and information security.
Zhengxin Fu received the PhD degree from Zhengzhou Information Science and Technology Institute in 2014. His research interests include visual cryptography and information security.
Bin Yu is a professor of the Department of Computer Science and Information Engineering at Zhengzhou Information Science and Technology Institute. His research interests include the design and analysis of algorithms, visual secret sharing and network security.
Gang Shen received the PhD degree from Zhengzhou Information Science and Technology Institute in 2017. His research interests include: visual security and cryptography, image security.
APPENDIX
1) Collectionsof(3,5)accessstructure:
Γ1={{1,2,3},{1,4,5}};Γ2={{1,2,4},{2,3,5}};Γ3={{1,2,5},{3,4,5}};Γ4={{1,3,5},{2,3,4}};Γ5={{1,3,4},{2,4,5}}.
2) Collectionsof(4,6)accessstructure:
Γ1={{1,2,3,4},{1,2,3,5}};Γ2={{1,2,3,6},{1,2,4,5}};Γ3={{1,2,4,6},{1,2,5,6}};Γ4={{1,3,4,5},{1,3,4,6}};Γ5={{1,3,5,6},{1,4,5,6}};Γ6={{2,3,4,5},{2,3,4,6}};Γ7={{2,3,5,6},{2,4,5,6}};Γ8={{3,4,5,6}}.
3) Collectionsof(5,7)accessstructure:
Γ1={{1,2,3,4,5},{1,2,3,4,6},{1,2,3,4,7}};Γ2={{1,2,3,5,7},{1,2,3,6,7},{1,2,4,6,7}};Γ3={{1,2,5,6,7},{1,3,4,5,6},{1,3,4,5,7}};Γ4={{1,3,4,6,7},{2,3,4,5,6},{2,3,4,6,7}};Γ5={{1,3,5,6,7},{1,4,5,6,7},{2,3,4,5,6}};Γ6={{2,3,5,6,7},{2,4,5,6,7},{1,2,4,5,6}};Γ7={{3,4,5,6,7},{1,2,4,5,7},{1,2,3,5,6}}.
4) Collectionsof(6,8)accessstructure:
Γ1={{1,2,3,4,5,6},{1,2,3,4,5,7},{1,2,3,4,5,8}};Γ2={{1,2,3,5,6,7},{1,2,3,5,6,8},{1,2,3,4,6,7}};Γ3={{1,2,3,5,7,8},{1,2,3,6,7,8},{1,2,3,4,6,8}};Γ4={{1,2,4,5,6,7},{1,2,4,5,6,8},{2,3,5,6,7,8}};Γ5={{1,2,4,5,7,8},{1,2,4,6,7,8},{1,3,4,6,7,8}};Γ6={{1,2,5,6,7,8},{1,3,4,5,6,7},{1,3,5,6,7,8}};Γ7={{2,3,4,5,6,7},{2,3,4,5,6,8},{1,3,4,5,6,8}};Γ8={{2,3,4,5,7,8},{3,4,5,6,7,8},{1,3,4,5,7,8}};Γ9={{1,2,3,4,7,8},{2,3,4,6,7,8},{2,4,5,6,7,8}};Γ10={{1,4,5,6,7,8}}.