Visual Cryptography - PowerPoint PPT Presentation

1 / 43
About This Presentation
Title:

Visual Cryptography

Description:

A secret sharing scheme is a method of dividing a secret S ... only certain pre-specified subsets of participants can recover the secret (Qualified subsets) ... – PowerPoint PPT presentation

Number of Views:8523
Avg rating:5.0/5.0
Slides: 44
Provided by: mrt5
Category:

less

Transcript and Presenter's Notes

Title: Visual Cryptography


1
Visual Cryptography
  • Hossein HajiabolhassanDepartment of
    Mathematical SciencesShahid Beheshti
    UniversityTehran, Iran

2
Secret Sharing Scheme
  • A secret sharing scheme is a method of dividing a
    secret S among a finite set of participants.
  • only certain pre-specified subsets of
    participants can recover the secret (Qualified
    subsets).

secret
3
K out of n
  • Consider a finite field GF(q) where qn1 and
    Choose a secret key s from GF(q) .
  • Randomly choose sa0, a1,, ak-1 from
    GF(q),
  • Freely choose distinct xi (1in).
  • Give to person i Secret share (xi, f(xi)) for
    all (1in).

4
Perfect Secret Sharing
  • A secret sharing scheme is perfect if all
    authorized subsets can reconstruct the secret but
    no other subset can determine any information
    about the secret.

This scheme is not perfect!
5
Visual Cryptography


Anyone knows what is the secret?
6
Basic Definitions
  • Let P1,...,n be a set of elements called
    participants.
  • 2P denote the set of all subsets of P.
  • Q ? 2P members of qualified sets.
  • F? 2P members of forbidden sets, Q ? F?.
  • ?(Q ,F) is called the access structure of the
    scheme.
  • ?_0 Call all the minimal qualified sets of ?
    basis for the access structure ?
    ?_0A? Q B ?Q for all B? A, B?A.

7
Basic Definitions
  • Secret Image The Secret consists of a
    collection of black and white pixels.
  • Share Secret image encode into n shadow
    images in the form of the transparencies, called
    shares, where each participant receives one
    share.
  • Subpixel Each pixel is divided into a certain
    number of subpixels.

8
Superimposing
1
2
q
9
Generation of Shares
10
Generation of Shares
pixel
1
2
1
2
share1
share2
stack
random
11
Mathematical Model
(0,1,0,1,0)
(1,1,0,0,1)
Sticking
(1,1,0,1,1)

0 1 0 1 01 1 0 0 1

Representationwith Matrix
12
Mathematical Model
1
2
n
13
2 out of 2
1 01 0


C_0

0 1 0 1



1 0 0 1
C_1


0 1 1 0
Same MatriceswithSame Frequency
14
Expansion Contrast
  • The number of subpixels that each pixel of the
    original image is encoded into on each
    transparency is termed pixel expansion.
  • The difference measure between a black and a
    white pixel in the reconstructed image is called
    contrast.


0 1 0 1


0 1 1 0
1 0 0 1
1 0 1 0






Expansion 2
Contrast(2-1)/20.5
15
Visual Cryptography SchemeNaor and Shamir, 1994
  • Let ?(Q, F) be an access structure on a set of
    n participants. A ?- VCS_1 with expansion m and
    contrast ?(m) consists of two collections of nm
    matrices C_0 and C_1 such that
  • For any qualified subset Xi_1,,i_k and A e
    C_0, the or V of rows i_1,,i_k of A satisfies
    w(V) ? t_X- ?(m).m whereas, for any B e C_1 it
    results that w(V) ? t_X.
  • For any non-qualified subset Xi_1,,i_t. The
    two collections of tm matrices D_j, with j e
    0,1, obtained by restricting each nm matrix in
    C_j to rows i_1,,i_t are indistinguishable in
    the sense that they contain the same matrices
    with the same frequencies.

16
2 out of 2
1 01 0



0 1 0 1

X1,2, W(V)1
C_0
D_0
X1


0 1 1 0


1 0 0 1
X1,2, W(V)2
C_1
D_1
17
VCS with Basis Matrices
  • Let ?(Q, F) be an access structure on a set of
    n participants. A basis for ?- VCS_2 with
    expansion m and contrast ?(m) consists of two
    matrices S0 and S1 such that
  • For any qualified subset Xi_1,,i_k, the or V
    of rows i_1,,i_k of S0 satisfies w(V) ? t_X-
    ?(m).m whereas, for S1 it results that w(V) ?
    t_X.
  • For any non-qualified subset Xi_1,,i_t. The
    two tm matrices Dj, with j e 0,1, obtained by
    restricting rows i_1,,i_t to Sj are equal up
    to a permutation of columns.

18
K out of K
1 2 3 1,2,3
1,2 1,3 2,3
  • 0 0 1
  • 0 1 0 1
  • 0 0 1 1


0 1 1 0 0 1 0
1 0 0 1 1



S1.
S0.
1
1
2
2
3
3
C_1A A is a permutation column of S1
C_0B B is a permutation column of S0
19
K out of n scheme
  • There is a k out of k scheme with expansion 2k-1
    and contrast a2-k1.
  • In any k out of k scheme m2k-1 and a21-k.
  • For any n and k, there is a k out of n VCS with
    mlog n 2O(klog k), a2?(k).

20
General Access Structure
  • Question Let ? be a access structure. Is there
    an ?-VCS?
  • Note that if there exists an ?-VCS then Q should
    be monotone.
  • Theorem Let ? (Q,F) be a monotone access
    structure where FnQ ?, and let Z_M be the family
    of maximal forbidden sets in F. Then there exists
    a ?-VCS with expansion less than or equal to
  • 2(Z_M-1).

21
Cumulative Array Method
  • Let ? (Q,F) be a monotone access structure
    where Q U F 2P.
  • Also, let F_1, , F_t be maximal forbidden sets
    in F.
  • Let S0 and S1 be basis of white matrix and
    black matrix of t out of t VCS, respectively.
  • Construct n2(t-1) white basis matrix C0 and
    black basis matrix C1 of ? as follows
  • For any participant i, set the i-th row of C0
    be the or of rows i_1,,i_s of S0 that
    i_1,,i_s are rows of S0 where for any 1js,
    i is not member of F_(i_j).
  • Similarly, construct C1.

22
Cumulative Array Method
  • Example Let P1, 2, 3, 4, ?_01, 2, 2, 3,
    3, 4, and Z_MF_1,F_2, F_3 F_11, 4
    ,F_21, 3, F_32, 4. Hence,

Theoretically, realizable.
23
New VCS, Color of SecretTzeng and Hu, 2002
  • Let ?(Q, F) be an access structure on a set of n
    participants. A ?- VCS_3 with expansion m and
    contrast ?(m) consists of two collections of nm
    matrices C_0 and C_1 such that
  • For any qualified subset Xi_1,,i_k and A e
    C_0, the or V of rows i_1,,i_k of A satisfies
    w(V) t_X whereas,
  • For any non-qualified subset Xi_1,,i_t. The
    two collections of tm matrices D_j, with j e
    0,1, obtained by restricting each nm matrix in
    C_j to rows i_1,,i_t are indistinguishable in
    the sense that they contain the same matrices
    with the same frequencies.

for any B e C_1 it results that w(V) ? t_X-?(m).m
or for any B e C_1 w(V) t_X- ?(m).m.
24
New VCS, Color of SecretTzeng and Hu, 2002
25
Extended VCS
  • In 1998, S. Droste introduced an extension of
    the visual cryptography. In fact, he has
    presented an extended VCS in which every
    combination of the transparencies can contain
    independent information.
  • In 2001, G. Ateniese, C. Blundo, A. Santis and
    D.R. Stinson has introduced another version of
    extended visual cryptography in which every share
    have to be an image.

26
Extended VCSDroste 1998
  • Consider multi-sets CT (T is a subset of
    2P\?) of nm Boolean matrices which satisfy
    the following conditions.
  • For all Xi_1,,i_k and A e CT, where X is a
    member of T, the or V of rows i_1,,i_t of A
    satisfies w(V) ? t_X.
  • For all Xi_1,,i_k and A e CT, where X is not
    a member of T, the or V of rows i_1,,i_k of A
    satisfies w(V) ? t_X- ?(m).m.
  • The condition of Security!

27
Extended VCSDroste 1998
C
C1,2
C1,1,2
C1
C2,1,2
C2
C1,2,1,2
C1,2
28
Extended VCS G. Ateniese, C. Blundo, A. Santis
and D.R. Stinson, 2001
29
Extended VCSDroste 1998
C
C1,2
C1,1,2
C1
C2,1,2
C2
C1,2,1,2
C1,2
30
Extended VCSDroste 1998
C
C1,2
C1,1,2
C1
C2,1,2
C2
C1,2,1,2
C1,2
31
Colored Visual Cryptography
  • The generalized or of elements (colors) in
    a_0, a_1, . . . , a_c-1 equals a_i if all
    colors are equal to a_i, otherwise it equals
    BLACK Color.

32
Colored Visual CryptographyVERHEUL and VAN
TILBORG, 1997
  • Let ?(Q, F) be an access structure on a set of
    n participants. The c collections of nm matrices
    C_0, C_1, . . . , C_c-1 constitute a c-colour
    ?- VCS_1 with pixel expansion m, if there exist
    two integers h and l such that h gt l
    satisfying
  • For any qualified subset Xi_1,,i_k and A e
    C_i, the generalized or V of rows i_1,,i_k of
    A satisfies Z_i(V) ? h while for any j? i,
    Z_j(V) l.
  • For any non-qualified subset Xi_1,,i_t. The
    collections of tm matrices D_j, obtained by
    restricting each nm matrix in C_j to rows
    i_1,,i_t , are indistinguishable in the sense
    that they contain the same matrices with the same
    frequencies.

33
Colored Visual Cryptography 2 out of 5
34
Colored Visual Cryptography Yang and Laih, 2000
35
Probabilistic Visual Cryptography K out of n,
Yang 2004
  • A k out of n ProbVSS_1 scheme can be shown as
    two multi-sets, C_0 and C_1 consisting of n1
    matrices which satisfies the following
    conditions
  • For these matrices in the multi-set C_0 (resp.
    C1), the OR-ed value of any k-tuple column
    vector V is L(V). These values of all matrices
    form a multi-set E_0 (resp. E_1), respectively.
  • The two multi-sets E_0 and E_1 satisfy that
    p_1p_t and
  • P_0p_t- a, where p_0 and p_1 are the appearance
  • probabilities of the 1 (black color) in the
    multi-sets E_0 and E_1, respectively.
  • For any subset i_1,,i_t of participants with
    tltk the p_0 and p_1 are the same.

36
Probabilistic Visual Cryptography K out of n,
Yang 2004

2 out of 2
37
Probabilistic Visual Cryptography K out of n,
Yang 2004

2 out of 3
38
Shape of Pixel
39
Shape of PixelWu and Chang, 2005
Rotating 72o
Staking
Staking
Share 2
Share 1
Secret 1 VISUAL
Secret 2 SECRET
40
Bounds for Pixel Expansion
  • W.G. Tzeng and C.M. Hu, 2002, introduced another
    model for visual cryptography in which just
    minimal qualified subsets can recover the shared
    image by stacking their transparencies.
  • (C. Blundo, S. Cimato, and A. De Santis, 2006)
    Let ?(Q, F) be an access structure. The best
    pixel expansion of ? -VCS_3 (basis matrices)
    satisfies

41
Bounds for Pixel Expansion
  • (H. Hajiabolhassan and A. Cheraghi) Let ?(Q, F)
    be an access structure. Also, assume that there
    exist disjoint qualified sets A_1, . . . ,A_t
    such that for any qualified set B ? A_1??A_t,
    one should have A_i ? B for some 1 i t, i.e.,
    A_is constitute an induced matching in Q. Then
  • One can consider another model for visual
    cryptography (VCS_4) in which minimal qualified
    subsets can recover the secret. In fact, we dont
    mind whether non-minimal qualified subsets can
    obtain the secret.

42
Bounds for Pixel Expansion
  • A graph access structure is an access structure
    for which the set of participants is the vertex
    set V (G) of a graph G (V (G),E(G)), and the
    sets of participants qualified to reconstruct the
    secret image are precisely those containing an
    edge of G.
  • A strong edge coloring of a graph G is an edge
    coloring in which every color class is an induced
    matching. The strong chromatic index s'(G) is the
    minimum number of colors in a strong edge
    coloring of G.
  • (H. Hajiabolhassan and A. Cheraghi) Let G be a
    non-empty graph. Then
  • m_4(G) min2bc(G), 2s'(G).

43
Thanks for your attention!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Visual Cryptography" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!