Visual Cryptography
description
Transcript of Visual Cryptography
![Page 1: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/1.jpg)
Visual Cryptography
Hossein HajiabolhassanDepartment of Mathematical Sciences
Shahid Beheshti UniversityTehran, Iran
![Page 2: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/2.jpg)
Secret Sharing SchemeA secret sharing scheme is a method of
dividing a secret S among a finite set of participants.
only certain pre-specified subsets of participants can recover the secret (Qualified subsets).
secret
![Page 3: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/3.jpg)
K out of n Consider a finite field GF(q) where q≥n+1 and Choose a secret key s from GF(q) . Randomly choose s=a0, a1,…, ak-1 from GF(q),
Freely choose distinct xi (1≤i≤n). Give to person i Secret share (xi, f(xi)) for all (1≤i≤n).
![Page 4: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/4.jpg)
Perfect Secret Sharing
A secret sharing scheme is perfect if all authorized subsets can reconstruct the secret but no other subset can determine any information about the secret.
This scheme is not perfect!
![Page 5: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/5.jpg)
Visual Cryptography
Anyone knows what is the secret?
![Page 6: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/6.jpg)
Basic Definitions Let P={1,...,n } be a set of elements called
participants. 2^P denote the set of all subsets of P. Q 2^P : members of qualified sets. F 2^P: members of forbidden sets, Q F=. =(Q ,F) is called the access structure of the
scheme. _0 : Call all the minimal qualified sets of basis
for the access structure : _0={A Q : B Q for all B A, B≠A}.
![Page 7: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/7.jpg)
Basic Definitions Secret Image: The Secret consists of a
collection of black and white pixels.
Share: Secret image encode into n shadow images in the form of the transparencies, called shares, where each participant receives one share.
Subpixel: Each pixel is divided into a certain number of subpixels.
![Page 8: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/8.jpg)
Superimposing:
1
2
q
+ + + +
![Page 9: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/9.jpg)
Generation of Shares
![Page 10: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/10.jpg)
share1
share2
stack
pixel
random
1 2 1 2
Generation of Shares
![Page 11: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/11.jpg)
Mathematical Model
(0,1,0,1,0)
(1,1,0,0,1)
Sticking (1,1,0,1,1)
Representationwith Matrix [0 1 0 1 0
1 1 0 0 1 ]
![Page 12: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/12.jpg)
msss 11211
msss 22221
nmnn sss 21
1
2
n
Mathematical Model
![Page 13: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/13.jpg)
2 out of 2
`Pixel Probability Shares#1 #2
Superposition ofthe two shares
5.0p
5.0p
5.0p
5.0p
1 01 0 [ ]
[0 1 0 1
]
[ ]0 1
1 0
[ ]1 0
0 1
C_0
C_1Same Matrices
withSame Frequency
![Page 14: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/14.jpg)
Expansion & ContrastThe number of subpixels that each pixel of the original image is encoded into on each transparency is termed pixel expansion.The difference measure between a black and a white pixel in the reconstructed image is called contrast.
[0 1 0 1
] [0 1 1 0
1 0 0 1
1 0 1 0
[[ ]]]
Expansion = 2 Contrast=(2-1)/2=0.5
[
![Page 15: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/15.jpg)
Visual Cryptography SchemeNaor and Shamir, 1994
Let =(Q, F) be an access structure on a set of n participants. A - VCS_1 with expansion m and contrast (m) consists of two collections of n×m matrices C_0 and C_1 such that:I. For any qualified subset X={i_1,…,i_k} and A ε C_0, the or V of rows i_1,…,i_k of A satisfies w(V) t_X- (m).m ; whereas, for any B ε C_1 it results that w(V) t_X.II. For any non-qualified subset X={i_1,…,i_t}. The two collections of t×m matrices D_j, with j ε {0,1}, obtained by restricting each n×m matrix in C_j to rows i_1,…,i_t are indistinguishable in the sense that they contain the same matrices with the same frequencies.
![Page 16: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/16.jpg)
2 out of 2
1 01 0 [ ][
0 1 0 1
]
[ ]0 1
1 0 [ ]
1 0
0 1
C_0
C_1 X={1,2}, W(V)=2
X={1,2}, W(V)=1D_0
D_1
X={1}
![Page 17: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/17.jpg)
VCS with Basis Matrices Let =(Q, F) be an access structure on a set of n participants. A basis for - VCS_2 with expansion m and contrast (m) consists of two matrices S^0 and S^1 such that:I. For any qualified subset X={i_1,…,i_k}, the or V of rows i_1,…,i_k of S^0 satisfies w(V) t_X- (m).m ; whereas, for S^1 it results that w(V) t_X.
II. For any non-qualified subset X={i_1,…,i_t}. The two t×m matrices D^j, with j ε {0,1}, obtained by restricting rows i_1,…,i_t to S^j are equal up to a permutation of columns.
![Page 18: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/18.jpg)
K out of K
1 0 0 1
0 1 0 1
0 0 1 1
{1} {2} {3} {1,2,3}
[ 0 1 1 0
0 1 0 1
0 0 1 1
{ } {1,2} {1,3} {2,3}
] [ ]S^1=. S^0=.
C_1={A: A is a permutation column of S^1}
C_0={B: B is a permutation column of S^0}
3
2
1
3
2
1
![Page 19: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/19.jpg)
K out of n scheme
There is a k out of k scheme with expansion 2k-1 and contrast α=2-k+1.
In any k out of k scheme m≥2k-1 and α≤21-k.
For any n and k, there is a k out of n VCS with m=log n 2O(klog k), α=2Ώ(k).
![Page 20: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/20.jpg)
General Access StructureQuestion: Let be a access structure. Is there an -VCS?
Note that if there exists an -VCS then Q should be monotone.
Theorem: Let =(Q,F) be a monotone access structure where F∩Q =, and let Z_M be the family of maximal forbidden sets in F. Then there exists a -VCS with expansion less than or equal to
2^(|Z_M|-1).
![Page 21: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/21.jpg)
Cumulative Array Method Let =(Q,F) be a monotone access structure where Q U F= 2^P.
Also, let F_1,… , F_t be maximal forbidden sets in F.
Let S^0 and S^1 be basis of white matrix and black matrix of t out of t VCS, respectively.
Construct n×2^(t-1) white basis matrix C^0 and black basis matrix C^1 of as follows:
I. For any participant i, set the i-th row of C^0 be the or of rows i_1,…,i_s of S^0 that i_1,…,i_s are rows of S^0 where for any 1≤j≤s, “i’’ is not member of F_(i_j).
II. Similarly, construct C^1.
![Page 22: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/22.jpg)
Cumulative Array MethodExample: Let P={1, 2, 3, 4}, _0={{1, 2}, {2, 3}, {3, 4}}, and Z_M={F_1,F_2, F_3}; F_1={1, 4} ,F_2={1, 3}, F_3={2, 4}. Hence,
011001010011
0^S
100101010011
1^S
0101011101110110
0^C
0101101101111001
1^C
Theoretically,
realizable.
![Page 23: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/23.jpg)
New VCS, Color of SecretTzeng and Hu, 2002
Let =(Q, F) be an access structure on a set of n participants. A - VCS_3 with expansion m and contrast (m) consists of two collections of n×m matrices C_0 and C_1 such that:I. For any qualified subset X={i_1,…,i_k} and A ε C_0, the or V of rows i_1,…,i_k of A satisfies w(V) = t_X; whereas,
II. For any non-qualified subset X={i_1,…,i_t}. The two collections of t×m matrices D_j, with j ε {0,1}, obtained by restricting each n×m matrix in C_j to rows i_1,…,i_t are indistinguishable in the sense that they contain the same matrices with the same frequencies.
for any B ε C_1 it results that w(V) t_X-(m).m or for any B ε C_1 w(V) ≤t_X- (m).m.
![Page 24: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/24.jpg)
New VCS, Color of SecretTzeng and Hu, 2002
![Page 25: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/25.jpg)
Extended VCS In 1998, S. Droste introduced an extension of the visual cryptography. In fact, he has presented an extended VCS in which every combination of the transparencies can contain independent information.
In 2001, G. Ateniese, C. Blundo, A. Santis and D.R. Stinson has introduced another version of extended visual cryptography in which every share have to be an image.
![Page 26: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/26.jpg)
Extended VCSDroste 1998
Consider multi-sets C^T (T is a subset of 2^P\{ф}) of n×m Boolean matrices which satisfy the following conditions. 1.For all X={i_1,…,i_k} and A ε C^T, where X is a member of T, the or V of rows i_1,…,i_t of A satisfies w(V) t_X.2.For all X={i_1,…,i_k} and A ε C^T, where X is not a member of T, the or V of rows i_1,…,i_k of A satisfies w(V) t_X- (m).m.3.The condition of Security!
![Page 27: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/27.jpg)
10101001
1011
10100101
100110110101
1010 101001111011
1011 10111011 0111
Extended VCSDroste 1998
C^{}= C^{{1,2}}=
C^{{1},{1,2}}=
C^{{2},{1,2}}=
C^{{1},{2},{1,2}}=
C^{{1}}=
C^{{2}}=
C^{{1},{2}}=
![Page 28: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/28.jpg)
Extended VCS G. Ateniese, C. Blundo, A. Santis and D.R. Stinson, 2001
![Page 29: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/29.jpg)
10101001
1011
10100101
100110110101
1010 101001111011
1011 10111011 0111
Extended VCSDroste 1998
C^{}= C^{{1,2}}=
C^{{1},{1,2}}=
C^{{2},{1,2}}=
C^{{1},{2},{1,2}}=
C^{{1}}=
C^{{2}}=
C^{{1},{2}}=
![Page 30: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/30.jpg)
10101001
1011
10100101
100110110101
1010 101001111011
1011 10111011 0111
Extended VCSDroste 1998
C^{}= C^{{1,2}}=
C^{{1},{1,2}}=
C^{{2},{1,2}}=
C^{{1},{2},{1,2}}=
C^{{1}}=
C^{{2}}=
C^{{1},{2}}=
![Page 31: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/31.jpg)
Colored Visual CryptographyThe generalized “or” of elements (colors) in
{a_0, a_1, . . . , a_{c−1}} equals a_i if all colors are equal to a_i, otherwise it equals BLACK Color.
![Page 32: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/32.jpg)
Colored Visual CryptographyVERHEUL and VAN TILBORG, 1997
Let =(Q, F) be an access structure on a set of n participants. The c collections of n×m matrices C_0, C_1, . . . , C_{c−1} constitute a c-colour - VCS_1 with pixel expansion m, if there exist two integers h and l such that h > l satisfying:
I. For any qualified subset X={i_1,…,i_k} and A ε C_i, the generalized or V of rows i_1,…,i_k of A satisfies Z_i(V) h while for any j≠ i, Z_j(V) ≤ l.
II. For any non-qualified subset X={i_1,…,i_t}. The collections of t×m matrices D_j, obtained by restricting each n×m matrix in C_j to rows i_1,…,i_t , are indistinguishable in the sense that they contain the same matrices with the same frequencies.
![Page 33: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/33.jpg)
Colored Visual Cryptography2 out of 5
![Page 34: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/34.jpg)
Colored Visual Cryptography Yang and Laih, 2000
![Page 35: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/35.jpg)
Probabilistic Visual CryptographyK out of n, Yang 2004
A k out of n ProbVSS_1 scheme can be shown as two multi-sets, C_0 and C_1; consisting of n×1 matrices which satisfies the following conditions: For these matrices in the multi-set C_0 (resp. C1), the ‘‘OR’’-ed value of any k-tuple column vector V is L(V). These values of all matrices form a multi-set E_0 (resp. E_1), respectively.The two multi-sets E_0 and E_1 satisfy that p_1≥p_t andP_0≤p_t- α, where p_0 and p_1 are the appearanceprobabilities of the ‘‘1’’ (black color) in the multi-sets E_0 and E_1, respectively.For any subset {i_1,…,i_t} of participants with t<k the p_0 and p_1 are the same.
![Page 36: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/36.jpg)
Probabilistic Visual CryptographyK out of n, Yang 2004
2 out of 2
![Page 37: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/37.jpg)
Probabilistic Visual CryptographyK out of n, Yang 2004
2 out of 3
![Page 38: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/38.jpg)
![Page 39: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/39.jpg)
Share 1 Share 2
Secret 1 “VISUAL” Secret 2 “SECRET”
Staking Staking
Rotating 72o
![Page 40: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/40.jpg)
W.G. Tzeng and C.M. Hu, 2002, introduced another model for visual cryptography in which just minimal qualified subsets can recover the shared image by stacking their transparencies.
(C. Blundo, S. Cimato, and A. De Santis, 2006) Let =(Q, F) be an access structure. The best pixel expansion of -VCS_3 (basis matrices) satisfies
.2
|_0 |)(3
m
![Page 41: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/41.jpg)
(H. Hajiabolhassan and A. Cheraghi) Let =(Q, F) be an access structure. Also, assume that there exist disjoint qualified sets A_1, . . . ,A_t such that for any qualified set B A_1 ··· A_t⊆ ∪ ∪ , one should have A_i B⊆ for some 1 ≤ i ≤ t, i.e., A_i’s constitute an induced matching in Q. Then
One can consider another model for visual cryptography (VCS_4) in which minimal qualified subsets can recover the secret. In fact, we don’t mind whether non-minimal qualified subsets can obtain the secret.
)1(2)}(m,)(min{mt
1i
|-1A|32
i
t
![Page 42: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/42.jpg)
A graph access structure is an access structure for which the set of participants is the vertex set V (G) of a graph G = (V (G),E(G)), and the sets of participants qualified to reconstruct the secret image are precisely those containing an edge of G.
A strong edge coloring of a graph G is an edge coloring in which every color class is an induced matching. The strong chromatic index s (G) ′ is the minimum number of colors in a strong edge coloring of G.
(H. Hajiabolhassan and A. Cheraghi) Let G be a non-empty graph. Then
m_4(G) ≤ min{2bc(G), 2s (G)}′ .
![Page 43: Visual Cryptography](https://reader035.fdocuments.us/reader035/viewer/2022062521/56814a33550346895db75216/html5/thumbnails/43.jpg)
Thanks for your attention!