We analyze the security of scheme 1 and scheme 2 for all cases as follows.
5.1 Security Analysis for Scheme 1
Here, we analyze the security of our scheme 1 in two cases.
Case 1: In this case, there is no difference between our scheme and the scheme [18]. If the malicious participants wish to cheat together to lead a honest participant into believing that the secret image is black, they will have 1 2⁄ opportunity of wrongly guessing the position having value 1 in the verification image of the honest participant. Assuming an image size is X × Y, and each pixel has 1 2⁄ probability to be in case 1, so the probability of successfully generating a forged shared image is �12�
XY 2.
Case 2: As scheme 1’s verification image only can choose white, the attack method of choosing inverted verification images in [17] is invalid. For example, in a (2, 3)-threshold VSS, if the malicious participants wish to cheat together to lead the honest participants into believing that the secret image is white, they will have 1 2⁄ opportunity of wrongly guessing the position having value 1 in the share image of the honest participant. Assuming an image size is X × Y, and each pixel has 1 2⁄ probability to be in case 2, so the probability of
33
‧
successfully generating a forged shared image is �12�
XY 2.
5.2 Security Analysis for Scheme 2
Here, we analyze the security of our scheme 1 in four cases.
Case 1: In this case, there is no difference between our scheme and the scheme [18]. If the malicious participants wish to cheat together to lead a honest participant into believing that the secret image is black, they will have 1 2⁄ opportunity of wrongly guessing the position having value 1 in the verification image of the honest participant. Assuming an image size is X × Y, and each pixel has 1 4⁄ probability to be in case 1, so the probability of successfully generating a forged shared image is �12�
XY 4.
Case 2: As scheme 2 slightly expands the verification bit and allows only one participant’s V to be generated by R1, where all the other participants’ Vs are generated by R2 when the verification image is black. If the malicious participants choose inverted verification images as in [17] to attack the honest participants, they will have 1 n⁄ opportunity of wrongly guessing all the positions of the verification bits (where n is the number of participants). For example, in a (2, 3)-threshold VSS, if the malicious participants wish to cheat together and lead the honest participants to believe that the secret image is white, they will have 1 3⁄ opportunity of wrongly guessing all the positions of the verification bits. In this situation, they will have 1 2⁄ opportunity of wrongly guessing the position having value 1 in the share image of the honest participant. Hence, the attack will fail with a probability of 1
3 × 12. Assuming an image size is X × Y, and each pixel has 1 4⁄ probability to be in case 2, so the
34
‧
probability of successfully generating a forged shared image is �56�
XY 4.
Case 3: As in case 2, only one participant’s V is generated by R1, and all other participants’
Vs are generated by R2 when the verification image is black. If the malicious participants choose inverted verification images as in [17] to attack the honest participants, they will have 1 n⁄ opportunity of wrongly guessing all the positions of the verification bits (where n is the number of participants). For example, in (2, 3)-threshold VSS, if the malicious participants wish to cheat together to lead the honest participants to believe that the secret image is black, they will have 1 3⁄ opportunity of wrongly guessing all the positions of the verification bits.
In this situation, they will have 2 3⁄ opportunity of wrongly guessing the position having value 1 in the verification image of the honest participant. Hence, the attack will fail with probability 1
3 × 23 . Assuming an image size is X × Y, and each pixel has 1 4⁄ probability to be in case 3, so the probability of successfully generating a forged shared image is �79�
XY 4. Case 4: As in case 2, scheme 2 slightly expands the verification bits, and only one
participant’s V is generated by R1, where and all the other participants’ Vs are generated by R2 when the verification image is black. If the malicious participants choose inverted verification images as in [17] to attack the honest participants, they will have 1 n⁄ opportunity of wrongly guessing all the positions of the verification bits (where n is the number of participants). For example, in (2, 3)-threshold VSS, if the malicious participants wish to cheat together to lead the honest participants to believe that the secret image is white, they will have 1 3⁄ opportunity of wrongly guessing all the positions of the verification bits.
In this situation, they will have 1 2⁄ opportunity of wrongly guessing the position having value 1 in the share image of the honest participant. Hence, the attack will fail with a
35
‧
to be in case 4, so the probability of successfully generating a forged shared image is �56�XY 4 .
The report in [21] mentions two kinds of cheating, meaningful cheating and meaningful deterministic cheating. We now discuss these types of cheating with respect to schemes 1 and 2. In scheme 1, for any single point, malicious participants cannot completely construct a forged share point, so the scheme can resist meaningful deterministic cheating. In scheme 2, for any single point, malicious participants in some situations can completely generate a forged share point, so the scheme cannot resist meaningful deterministic cheating. However, for the whole image, malicious participants cannot generate a complete forged shared image, so the scheme can resist meaningful cheating.
Table 5.1 Comparison with our scheme and other scheme, and m is the number of pixel expansion in VSS, and n is the number of participants.
Scheme Number of expansion Security
Hu et al[16] m+2 Insecure