可預防欺騙的視覺密碼機制之改良 - 政大學術集成

全文

(1)國立政治大學資訊科學系 Department of Computer Science National Chengchi University. 立. 碩士論文 Master’s 政治Thesis 大. ‧ 國. 學. 可預防欺騙的視覺密碼機制之改良. ‧. Improvement on Cheating Prevention in Visual Cryptography. n. er. io. sit. y. Nat. al. Ch. engchi. i n U. v. 研究生：呂坤翰指導教授：左瑞麟. 中華民國一百零三年七月 July2014.

(2) 可預防欺騙的視覺密碼機制之改良 Improvement on Cheating Prevention in Visual Cryptography 研究生：呂坤翰. Student:Kunhan Lu. 指導教授：左瑞麟. Advisor: Raylin Tso. 大. 資訊科學系碩士論文. 學. ‧ 國. 立. 國立政治大學政治. sit. y. ‧. Nat. A Thesis. er. io. Submitted to Department of Computer Science. n. aNational iv l C Chengchi University n h e n g cofhthe i Urequirements in partial fulfillment for the degree of Master in Computer Science. 中華民國一百零三年七月 July2014.

(3) 可預防欺騙的視覺密碼機制之改良. 治政摘要大. 立. ‧ 國. 學. 視覺密碼至從由 Naor 和 Shamir[1]提出後，至今已延伸出許多的應用。包含圖像. ‧. 加密、信息隱藏、視覺的驗證和鑑定等多項研究。其中在預防詐欺方面，在 Horng 等人[15]提出一些參與者可以做出偽造的透明膠片來欺騙其餘的參與者後，也有不少人. y. Nat. io. sit. 投入預防詐欺這部分的研究。在本文中，我們點出劉等人[18]的方案中不安全之處及. n. al. er. 有可能造成的攻擊，並提出兩個不同需求且更為安全的改善方案。. Ch. 關鍵字:視覺密碼，預防欺騙。. engchi. I. i n U. v.

(4) Improving Cheating Prevention in Visual Cryptography. Abstract. 立. 政治大. Since visual cryptography was first proposed by Naor and Shamir[1], it has been extended. ‧ 國. 學. to many applications, including image encryption, information hiding, visual authentication and identification, and so on. One issue in visual cryptography is cheating prevention visual. ‧. secret sharing (CPVSS). Ever since Horng et al[15]. showed that some participants can deceive. y. Nat. sit. other participants using forged transparencies, many scholars have contributed to research in. n. al. er. io. this area. In this study, we show that the scheme by Liu et al[18]. is unsafe and may cause an. i n U. v. attack, and proposed two improvements with that address different needs are more secure.. Ch. engchi. Keywords:Visual Cryptography, Cheating prevention.. II.

(5) Table of contents. Abstract ......................................................................................................................................I Table of Contents ................................................................................................................... III. 政治大 List of Tables ......................................................................................................................... VI 立. List of Figures ........................................................................................................................ V. Chapter 1 Introduction ....................................................................................................... 1. ‧ 國. 學. 1.1 Background ........................................................................................................................... 1. ‧. 1.2 Motivation and Purpose ........................................................................................................ 2 1.3 Outline .................................................................................................................................. 2. y. Nat. sit. Chapter 2 Background Knowledge .................................................................................... 4. n. al. er. io. 2.1 Visual Cryptography ............................................................................................................ 4. i n U. v. 2.2 Cheating in Visual Cryptography ......................................................................................... 5 Chapter 3. Ch. engchi. Literature Review .............................................................................................. 9. 3.1 VSS Scheme ......................................................................................................................... 9 3.2 Cheating Prevention in Visual Cryptography..................................................................... 11 3.3 Improved Scheme Proposed by Chen et al ......................................................................... 15 3.3.1 Attack Method .......................................................................................................... 15 3.3.2 Scheme Revisit ......................................................................................................... 16 3.4 Improved Scheme Proposed by Liu et al ............................................................................ 19 3.4.1 Scheme Revisit ....................................................................................................... 19 3.4.2 Analysis of Liu et al.’s Scheme ............................................................................... 23 Chapter 4. Proposed Scheme ............................................................................................. 25 III.

(6) 4.1 Scheme 1 ............................................................................................................................ 25 4.2 Scheme 2 ............................................................................................................................ 28 Chapter 5. Security Analysis ............................................................................................. 33. 5.1 Security Analysis for Scheme 1 ......................................................................................... 33 5.2 Security Analysis for Scheme 2 ......................................................................................... 34 Chapter 6. Conclusion and future rearch ........................................................................ 37. References .............................................................................................................................. 38. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. IV. i n U. v.

(7) List of figures. Figure 2.1 Two out of two scheme: (a) secret image, (b) shared image 1, (c) shared image 2, and (d) stacked result. ................................................................................................................. 4. 政治大. Figure 2.2 Sharing and stacking scheme of black and white pixels. .......................................... 5. 立. Figure 2.3 Horng et al. in 2006 [15]: Cheating in a visual cryptographic scheme. .................... 6. ‧ 國. 學. Figure 3.1 Hu et al., 2007 [16]: Example of cheating prevention in visual cryptography. ...... 14. ‧. Figure 3.2 Chen et al., 2012 [17]: Proposed attack against Hu et al., step by step. ................. 15 Figure 3.3 Liu et al., 2013 [18]: Example of the cheating prevention VSS scheme proposed by. y. Nat. sit. Chen et al. [17] using a (2, 3)-threshold VSS. Image shares and verification image shares are. n. al. er. io. seven times wider than the verification and secret images, i.e., m + 4 = 7. ............................. 18. Ch. i n U. v. Figure 3.4 Liu et al., 2013 [18]: Example of the scheme proposed by Liu et al. for a (2, 3)-. engchi. threshold VSS method. ............................................................................................................. 22 Figure 3.5 Example of cheating using the black regions of the secret image. ......................... 24 Figure 4.1 Example of our proposed scheme 1 on (2, 3)-threshold VSS method. ................... 28 Figure 4.2 Example of our proposed scheme 2 on a (2, 3)-threshold VSS method. ................ 31. V.

(8) List of tables. Table 2.1 Horng et al., 2006 [15]: The basic concept of cheating in 2-out-of-3 VSS................ 8 Table 5.1 Comparison with our scheme and other scheme, and m is the number of expansion. 政治大. in VSS. ...................................................................................................................................... 36. 立. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. VI. i n U. v.

(9) Chapter 1 Introduction. 1.1 Background. 治政 Nowadays, information passes through networks everywhere, 大 and how to ensure the safe 立 transfer of information on the Internet is a particularly important issue. Reworded into ‧ 國. 學. cryptographic concepts, if the information is converted from plaintext to ciphertext before it is. ‧. transferred, this can ensure its security. Visual cryptography is a field of cryptography proposed by Naor and Shamir in 1994 [1]. In a visual secret sharing (VSS) scheme, participants only. y. Nat. er. io. sit. need to overlap image transparencies with each other to generate an afterimage that use the human eye’s natural ability to perceive incomplete pictures and reveal a secret image.. n. al. Ch. i n U. v. Compared to traditional secret sharing [2], [3], VSS does not require a computer to calculate. engchi. complex results; it is only necessary to overlap the transparencies with each other to decrypt the message. On this basis, many different research directions have been taken, such as image encryption [4], [5], visual authentication and identification [6], steganography [7], [8], or some non-binary secret images, such as in gray-scale [9], [10], or color [11], [12]. However, in many proposed methods, the secret image, when converted to the reorganization image, has significantly reduced sharpness. To address this issue, many scholars are researching how to enhance the contrast of the reorganization image and improve clarity [13], [14].. 1.

(10) 1.2 Motivation and Purpose. In 2006, Horng et al. showed how visual secret images can be forged [15]. If some participants cheat together, they can calculate the shared images of other honest participants and then generate forged shared images to deceive the others. Since then, research on preventing cheating in visual secrets has attracted a considerable amount of attention. Therefore, cheating. 政治大. prevention visual secret-sharing (CPVSS) schemes have been studied by many researchers. 立. [16], [17], [18], [19], [20], [22]. Our thesis also focuses on cheating prevention in visual. ‧ 國. 學. cryptography. Recently, [17] pointed out that the method in [16] was unsafe, and put forward a proposal to improve this fault. However, this proposal requires a significant amount of pixel. ‧. expansion, significantly reducing the clarity of the secret image. Therefore, [18] proposed a. y. Nat. sit. new improvement method to minimize pixel expansion. However, we also found that this. n. al. er. io. scheme was unsafe. Therefore, we propose two new schemes to address this issue.. 1.3 Outline. Ch. engchi. i n U. v. This thesis is divided into seven chapters. Chapter 1 is our introduction, and it is divided into two subsections, and all of them were background and motivation and purpose, respectively. Chapter 2 is our background knowledge, and it is divided into two subsections, and all of them were visual cryptography and cheating in visual cryptography, respectively. Chapter 3 is our literature review, and it is divided into four subsections, and all of them were VSS scheme, cheating prevention in visual cryptography, improved scheme proposed by chen et at and improved scheme proposed by Liu et at, respectively. Chapter 4 is our proposed scheme, and it is divided into two subsections, and all of them were scheme 1 and scheme 2, respectively. Chapter 5 is our security analysis, and it is divided into two subsections, and all. 2.

(11) of them were security analysis for scheme 1 and security analysis for scheme 2, respectively. Chapter 6 is our conclusion and future rearch, and then is our references.. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 3. i n U. v.

(12) Chapter 2 Background Knowledge. This chapter is divided into two parts. The first details the trandictional of the visual cryptography sharing mechanism, and the second introduces cheating in the VSS scheme.. 立. 政治大. 2.1 Visual Cryptography. ‧ 國. 學 ‧. In 1994, visual cryptography techniques were proposed by Naor and Shamir [1]. This technique used a VSS mechanism to encrypt a secret image into n shared images. If the shared. y. Nat. er. io. sit. images are superimposed over at least k pieces, it is possible to decrypt the original secret information. This is the so called k out of n scheme. For example, a two out of two. n. al. Ch. i n U. v. mechanism encrypts a secret image into two shared images, and by superimposing the two. engchi. shared images, secret information can be obtained (Figure 2.1).. Figure 2.1 Two out of two scheme: (a) secret image, (b) shared image 1, (c) shared image 2, and (d) stacked result 4.

(13) In a VSS scheme, first the input secret image is encrypted. The conventional process of encryption uses pixel expansion. Assuming a pixel of the secret image is white, then one row from the white section of Figure 2.2 is randomly selected, and the 2 × 2 blocks of pixels are written to shared images 1 and 2, respectively, such that an image of two black and two white pixels results after superimposition. Conversely, for a black pixel of the secret image, one row from the black section of Figure 2.2 is randomly selected, and the 2 × 2 pixel blocks are written. 政治大. to shared images 1 and 2, respectively, such that an all black image results after superimposition.. 立. Based on human visual characteristics, the block of two black and two white pixels will appear. ‧ 國. 學. gray, and have 50% chromatic aberration with respect to the all black blocks. Hence, the original secret information can be obtained after the images have been superimposed.. ‧. n. er. io. sit. y. Nat. al. Ch. engchi. i n U. v. Figure 2.2 Sharing and stacking scheme of black and white pixels.. 2.2 Cheating in Visual Cryptography. The issue of cheating is well studied and understood in secret-sharing schemes [3]. Since Visual Cryptography(VC) is a variant of secret sharing, it is natural to also consider this issue. Most cheating attacks in VC are known plaintext attacks where the cheaters know the secret 5.

(14) image and are able to infer the blocks of the victim’s transparency based on the base matrices. Let us consider a 2-out-of-3 VSS scheme as an example. Assume Alice, Bob, and Carol are three participants in a 2-out-of-3 VSS scheme. In the following, we refer to an image as a message since each image represents a password. A secret message is transformed into three distinct shared images, denoted by SA , SB , and SC . They are then delivered to Alice, Bob,. and Carol, respectively. Stacking two of the three shares will reveal the secret message. Figure 2.3 shows the cheating process.. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. i n U. v. Figure 2.3 Horng et al. in 2006 [15]: Cheating in a visual cryptographic scheme.. Alice and Bob are assumed to be the collusive cheaters who intend to deceive victim Carol. The related parameters used are BV = 2, WV = 1, H(S 0 ) = 1, H(S1 ) = 1, and m = 3, where:. m: the number of subpixels in a block.. 6.

(15) BV : the number of black subpixels in a block that represents a single black pixel of the reconstructed secret image.. WV : the number of black subpixels in a block that represents a single white pixel of the reconstructed secret image.. H(S 0 ): the number of black subpixels of any block in C0 .. H(S1 ): the number of black subpixels of any block in C1 .. Let. 政治大. C10 1 0 Co = �C20 � =� all the matrices obtained by permuting the columns of �1 0 1 0 C30. 立. ‧. ‧ 國. 學. C11 C1 = �C21 � = � all the matrices obtained by permuting the columns of C31. 1 �0 0. 0 0� 0. 0 0 1 0� 0 1. � �. Nat. Based on Co and C1 , it produces three shares SA , SB , and SC . If the i-th pixel in the secret. sit. y. message is white, a matrix M 0 is chosen randomly from C0 and M10 , M20 , and M30 are. n. al. er. io. assigned to SAi, SBi , and SCi, respectively. Conversely, if the i-th pixel is black, a matrix M1. i n U. v. is chosen randomly from C1 and M11 , M21 , and M31 are assigned to SAi, SBi , and SCi,. Ch. engchi. respectively. This operation will repeat until every pixel of the secret message is encoded. Intuitively, collusive cheaters can derive the exact values from their shares. The secret message is composed of many white or black blocks. If the cheaters intend to cheat someone, it is necessary for them to change the construction of their shares. First, they predict the positions of black and white subpixels in the victim’s share. Then, based on this prediction, they change the positions of the black and white subpixels in the forged shares. Finally, after stacking the forged shares with the victim’s shares, the forged message will be revealed instead of the real secret message. The main problems for cheaters are how to predict the positions of black and white subpixels in the victim’s share and rearrange the new positions of 7.

(16) black and white subpixels in the cheaters’ shares. There are four possible cases, as listed in Table 2.1. Table 2.1 Horng et al., 2006 [15]: The basic concept of cheating in 2-out-of-3 VSS.. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 8. i n U. v.

(17) Chapter 3 Literature Review. This section describes the VSS scheme [1] and cheating prevention in the VSS scheme proposed by Hu et al. [16]. It also describes the improved scheme proposed by Liu et al. [18].. 政治大. 立. 3.1 VSS Scheme. ‧ 國. 學 ‧. Given a secret image, pixel expansion can be used to generate n shared images that are given to n secret participants, and as long as there are k or more participants to superimpose the. y. Nat. er. io. sit. shared images, hidden secrets will appear. The above mechanism is called a (k, n)-threshold VSS mechanism (or scheme) [1].. n. al. Ch. i n U. v. A VSS scheme is a special variant of a k-out-of-n secret-sharing scheme, where the. engchi. shares given to participants are copied onto transparencies. Therefore, a share is also called a transparency. If X is a qualified subset of participants, then the participants in X can visually recover the secret image by stacking their transparencies without performing any cryptographic computation. Usually, the secret is an image. To create the transparencies, each pixel, either black or white, of the secret image is separately handled. It appears as a collection of m black and white subpixels in each of the n transparencies. We say that these m subpixels together form a block. This block is referred to as a black (or white) block if the pixel to be shared is black (or white). Therefore, a pixel of the secret image corresponds to n ×. 9.

(18) m subpixels. We can describe the n × m subpixels by an n × m Boolean matrix, called a base matrix, S = �Sij � such that Sij = 1 if and only if the j-th subpixel of the i-th share is black and Sij = 0 if and only if the j-th subpixel of the i-th share is white. The gray level of the. stack of k-shared blocks is determined by the Hamming weight H(V) of the ORed m-vector V of the corresponding k rows in S. This gray level is interpreted by the visual system of the. participants as black if H(V) ≥ d and as white if H(V) ≤ d – α*m for some fixed threshold d and relative difference α. Usually, m and α are referred to as the pixel expansion factor and. 政治大. the scheme contrast, respectively. We would like m to be as small as possible and α to be as. 立. large as possible.. ‧ 國. 學. More formally, a solution to a k-out-of-n VSS scheme consists of two collections C0. ‧. and C1 of n × m base matrices. To share a white pixel, the dealer randomly chooses one of. Nat. the matrices from C0 , and to share a black pixel, the dealer randomly chooses one of the. sit. y. matrices from C1 . The chosen matrix determines the m subpixels in each one of the n. 0. al. n. Contrast conditions:. er. io. transparencies. The solution is considered valid if the two conditions are met.. 0. Ch. engchi. i n U. v. 1. For any matrix S in C , V of any k of the n rows satisfies H(V) ≤ d – α* m 2. For any matrix S1 in C1 , V of any k of the n rows satisfies H(V) ≥ d. Security condition:. 3. For any subset � i1 , i2 , … , iq � of { 1, 2, … , n } with q ＜ k, the two collections D0 and D1 of q × m matrices obtained by restricting each n × m matrix in C0 and C1 to rows. i1 , i2 , … , iq are indistinguishable, in the sense that they contain the same matrices with the. same frequencies.. In the black-and-white VSS mechanism, first we assume that S 0 and S1 are the two. fundamental matrices of size n × m used to generate the shared image, where S 0 represents a 10.

(19) white point and S1 represents a black point. For example, in a (k, n)-threshold VSS. mechanism, dealer assume that the secret image at each pixel in an image share Si (where i = 1, 2, 3, ..., n) is a pixel expansion of m points, where S 0 and S1 are defined as follows. 1 S = �1 1 0. 1 S 1 = �0 0. 0 0 0 0�，. 0 0. 0 0 1 0�，. 0 1. 立. 政治大. ‧ 國. 學. In this case, n = 3, m = 3, k = 2, and Si is generated as follows:. ‧. Step 1: If the pixel of secret image is white, three bits of S 0 are put into the i-th row into Si .. sit. y. Nat. Step 2: If the pixel of secret image is black, three bits of S1 are put into i-th row into Si .. n. al. er. io. 3.2 Cheating Prevention in Visual Cryptography (CPVSS). Ch. engchi. i n U. v. There is a fatal flaw in the VSS scheme. If some of the participants cheat together, they can calculate the other honest participants’ shared images and then make a forged shared image to deceive the others. To prevent the occurrence of the above situation, Hu et al. proposed a new scheme called CPVSS [16]. For practical reasons, most cheating-prevention schemes focus on 2-out-of-n schemes. An authentication-based cheating-prevention scheme consists of secret shares Si (where i =. 1, 2, 3, ..., n), and verification shares Vi (where i = 1, 2, 3, ..., n). The secret shares Si (where. i = 1, 2, 3, ..., n) can be generated by any share generation process in current VSS schemes. Verification shares Vi (where i = 1,2,3, ..., n) are generated by the verification-share 11.

(20) generation process, and are used to verify the correctness of the secret shares Sj , for all i ≠ j.. Each participant Pi should provide the dealer with a distinct verification image Li to be used to verify the authenticity of the other shares. All verification images are confidential. The. verification-share generation process is based on a 2-out-of-2 VSS scheme. During the secretimage reconstruction phase, before stacking the transparencies (ie, share images), each Pi. checks whether the stacking result of Vi with Sj reveals his/her verification image Li , where Sj is the secret share of participant Pi .. 政治大. Let S 0 and S1 be the n × m-sized basic matrices for share generation in a black-and-. 立. ‧ 國. 學. white VSS method in which each party Pi holds shared image Si (where i = 1, 2, 3, ..., n),. and a pixel in a secret image has been expanded to m subpixels in a shared image.. follows:. ‧. First, dealer creates four n × (m + 2)-sized basic matrices T 0 , T1 , R0 , and R1 , as. sit. n. al. er. io. 10 T = � ⋮ � S1 �，. 10 1. y. Nat. 10 T 0 = � ⋮ � S 0�，. 10. Ch. engchi. i n U. v. 10 R0 = � ⋮ � 0 �，. 10 01 R1 = � ⋮ � 0 �，. 01. where T 0 and T1 are used to generate Si and R0 and R1 are used to generate Vi . The method to generate Si and Vi is as follows: 12.

(21) Step 1: For each white pixel in the secret image, put the i-th row of T 0 into Si as (m + 2)-. length subpixels.. Step 2: For each black pixel in the secret image, put the i-th row of T1 into Si as (m + 2)length subpixels.. Step 3: For each white pixel in V i , put the i-th row of R0 into Vi as (m + 2)-length subpixels.. 政治大. Step 4: For each black pixel in V i , put the i-th row of R1 into Vi as (m + 2)-length. 立. subpixels.. ‧ 國. 學 ‧. When Pi verifies the share Sj of Pj , we see how the verification image appears on Vi. Nat. + Sj . For each black pixel of the verification image, the first two subpixels of Vi + Sj are [0. sit. y. 1] + [1 0] = [1 1]. For each white pixel of the verification image, the first two subpixels of Vi. n. al. er. io. + Sj are [1 0] + [1 0] = [1 0] . Thus, the black and white pixels of the verification image have. i n U. v. a positive contrast and Pi can see the verification image in Vi + Sj .. Ch. engchi. Each participant has his/her own private verification image that is not known to the other. participants. Since the first two subpixels [1 0] (before permutation) of all shares are the same, a participant Pi, even with all shares, cannot know the positions of the black pixels of the. verification image of participant Pj , j ≠ i. Therefore, Pi cannot produce a forged share FSi. such that FSi + Vj shows the verification image of Pj . Participant Pi cannot cheat. participant Pj for i ≠ j. Furthermore, we see that the collaboration of some participants cannot. succeed at cheating, either.. 13.

(22) 立. 政治大. ‧ 國. 學. Figure 3.1 Hu et al., 2007 [16]: Example of cheating prevention in visual cryptography.. ‧. Nat. sit. y. Figure 3.1 shows an example of cheating prevention. Three participants P1、, P2, and. n. al. er. io. P3 have their own verification images A, B, and C, respectively. For P1, if S2 and S3 are. i n U. v. stacked with V1 , respectively, and verification image A appears both times, then this. Ch. engchi. guarantees that S2 and S3 are the correct shared images. Similarly, P2 and P3 can also use the same method to confirm whether they have the correct shared image.. On the surface, the cheating prevention scheme proposed by Hu et al. looks safe, but a new attack technique was proposed in [17]. If conspirators deliberately choose inverted verification images , they can determine the correct position of the two verification bits and then easily tamper with the shared images to deceive honest participants. Therefore, [17] proposed an improved method.. 14.

(23) 3.3 Improved scheme proposed by Chen et al.. 3.3.1 Attack method. In 2012, Chen et al. [17] discovered an attack against Hu et al. [16] and proposed a new scheme to defend against it. First, we simply describe the method of attack proposed by Chen et al., and then introduction their proposed improvement scheme.. 政治大. First, we assume that there are three participants P1、, P2 and P3three participants, and. 立. ‧. ‧ 國. io. sit. y. Nat. n. al. er. 3.2.. 學. that P1 and P2 wish to deceive P3 together. The method of deception is shown in Figure. Ch. engchi. i n U. v. Figure 3.2 Chen et al., 2012 [17]: Proposed attack against Hu et al., step by step.. 15.

(24) In Figure 3.2, P1 and P2 have selected the same verification image B with black and white. pixels inverted. That is, V1 has black word B and white background, and V2 has white word B and black background. With V1 and V2 , the two conspirators can then determine all. positions of the verification bits. Therefore, they can use the attacking method proposed by Horng et al. [15] to make a forged shared image and successfully deceive the other participant P3.. 3.3.2 Scheme Revisit.. 立. 政治大. ‧ 國. 學. In order to prevent this method of attack, Chen et al. proposed a new improved scheme. First,. ‧. we assume that there are n participants Pi (where i = 1, 2, …, n). If we want to hide the. location of the other participants’ verification bits from the conspirators, we simply need to. Nat. sit. y. expand the verification bits to n + 1. Using this method, even if n−1 number of conspirators. n. al. er. io. wish to deceive the other participant, they still cannot know all the locations of the. i n U. v. verification bits. The following example illustrates a (2, 3)-threshold VSS to further explain. 0. 1. Ch. engchi. Let S and S be the n × m-sized basic matrices for share generation in a black-. and-white VSS method in which each participant Pi holds shared image Si (where i = 1, 2,. 3), and a pixel in a secret image is expanded to m = 3 subpixels in a shared image.. First, the proposed scheme creates four 3 × (m + 4)-sized basic matrices T 0 , T1 , R0 ,. and R1 , as follows: T0= �. 1000 ⋮ � S 0 �，. 1000 16.

(25) 1000 T = � ⋮ � S1 �，. 1000 1. R0 = �. 1000 ⋮ � 0 �，. 1000. 0001 R = � ⋮ � 0 �，. 01 0 0 1. 政治大. where T 0 and T1 are used to generate Si , and R0 and R1 are used to generate Vi , as. 立. follows:. ‧ 國. 學. length subpixels.. ‧. Step 1: For each white pixel in the secret image, the i-th row of T 0 is put into Si as (m + 4)-. Nat. y. sit. n. al. er. length subpixels.. io. Step 2: For each black pixel in the secret image, the i-th row of T1 is put into Si as (m + 4)-. i n U. v. Step 3: For each white pixel in V i , the i-th row of R0 is put into Vi as (m + 4)-length subpixels.. Ch. engchi. Step 4: For each black pixel in V i , the i-th row of R1 is put into Vi as (m + 4)-length. subpixels.. Figure 3.3 shows an example of this cheating prevention VSS scheme when it is applied to a (2, 3)-threshold VSS. It is shown that participant Pi can see his/her own verification. image V i by stacking Vi and Sj , where Sj is the shared image from participant Pj . It also shows that stacking the shares shows the secret image.. The scheme proposed by Chen et al. can indeed protect against this attack. However, 17.

(26) Figure 3.3 clearly shows that the results in this figure compared to the original figure significantly expands the image. In addition to the need for more storage space, picture distortion may occur. Therefore, Liu et al. proposed a new scheme in [18], hoping to solve the need for more storage space and the resulting picture distortion.. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. i n U. v. Figure 3.3 Liu et al., 2013 [18]: Example of the cheating prevention VSS scheme proposed by Chen et al. [17] using a (2, 3)-threshold VSS. Image shares and verification image shares are seven times wider than the verification and secret images, i.e., m + 4 = 7. 18.

(27) 3.4 Improved scheme proposed by Liu et al.. 3.4.1 Scheme Revisit.. On the surface, the cheating prevention scheme proposed by Hu et al. appears safe, but a new attack technique was proposed in [17]. If conspirators deliberately choose inverted. 政治大. verification images, they can determine the correct position of the two verification bits and. 立. then easily tamper with the shared images to deceive honest participants. Therefore, [17]. ‧ 國. 學. proposed an improved method. As long as the verification bits from two images are expanded to (n + 1) points, this attack method can be resisted. However, the pixel has been expanded to. ‧. twice its original width, hence in order to reduce the required space, Liu et al. proposed an. y. Nat. sit. improved scheme [18] that requires minimal pixel expansion to prevent the attack.. n. al. er. io. The scheme proposed in [18] is similar to the scheme proposed by Hu et al. [16].. i n U. v. Firstly, let S 0 and S1 be the n × m-sized basic matrices for shared image generation in a. Ch. engchi. black-and-white VSS method, where S 0 and S1 are for white and black pixels, respectively. Further, each participant Pi holds shared image Si (i = 1, 2, …, n) and a pixel in a secret image is expanded to m subpixels in a shared image.. The scheme then creates four n × (m + 2)-sized basic matrices T 0 , T1 , R0 , and R1 as. follows:. 10 T 0 = � ⋮ � S 0�，. 10 19.

(28) 10 T = � ⋮ � S1 �，. 10 1. 10 R0 = � ⋮ � 0 �，. 10 01 R = � ⋮ � 0 �，. 01 1. 政治大. where T 0 and T1 are used to generate Si and R0 and R1 are used to generate Vi .. 立. Hence, according to the pixel value of the secret and verification images, verification. ‧ 國. 學. shared image generation can be divided into four cases:. ‧. Case 1: The focal pixels in the secret and verification images are white.. y. Nat. n. al. er. io. respectively.. sit. Case 2: The focal pixels in the secret and verification images are black and white,. i n U. v. Case 3: The focal pixels in the secret and verification images are white and black, respectively. Ch. engchi. Case 4: The focal pixels in the secret and verification images are black.. As in [16], T 0 and T1 are used to generate shared image Si as in . Furthermore, each of. the (m + 2)-length subpixels in Vi are generated as follows:. Case 1: Party-dependent (m + 2)-length row vector ri0 is put into V. It is obtained from t 0i. which is, the i-th row of T 0 (where i = 1, 2, …, n) that is given by as the following formula, t 0i = [10� si0 ]，.. 20.

(29) where si0 is the i-th row of S 0 , the number of ones in si0 is x (where 0 < x < m), and the number of ones in t 0i is (x + 1). The position of a one is randomly chosen from the (x + 1). existing ones, and the other ones are set to zero to obtain a new (m + 2)-length row vector ri0 . For example, when t 0i =[1 0 1 0 0], either ri0 =[1 0 0 0 0] or ri0 =[0 0 1 0 0].. Cases 2, 3, and 4: The verification shared image Vi is generated using 𝑅𝑅 0 and 𝑅𝑅1 , as in [16]. That is, the i-th row of R0 and R1 are put into Vi as (m + 2)-length subpixels for. 政治大. white and black pixels in verification image V i , respectively.. 立. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 21. i n U. v.

(30) 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. i n U. v. Figure 3.4 Liu et al., 2013 [18]: Example of the scheme proposed by Liu et al. for a (2, 3)threshold VSS method.. In Figure 3.4, subfigures (a), (b), and (c) are shared images S1, S2 , and S3 , respectively,. and (d), (e), and (f) are verification shared images V1 , V2 , and V3 , respectively. Then (g), (h), and (i) are verification images, and (j), (k), and (l) are secret images. All the verification. pixels cannot be accurately estimated, so it is impossible to generate a forged shared image.. 22.

(31) 3.4.2 Analysis of Liu et al.'s Scheme. In Liu et al.’s scheme [18], when the verification image and secret image are white, each participant’s verification shared image is not the only choice. If malicious participants wish to generate forged sharing images to deceive honest participants, when the verification image. 政治大. and the secret image are white, there will be a 1⁄2opportunity chance of failure, hence it can. 立. be secure.. ‧ 國. 學. Since this scheme protects the case in which the verification and secret images are white, here we focus on the other three cases that have not been protected. First, we picked out two. ‧. attack conditions, where the secret and verification images are black and white, respectively,. sit. y. Nat. and the secret and verification images are both black. For both cases, shared image Si and. er. io. verification shared image Vi were generated as in [16], so it is possible to use the attack of. al. v i n C hof the verification bits they can determine all the positions e n g c h i U when the secret image is black to n. [17]. Participants who cheat together only need to select inverted verification images, then. deceive the other participants. Hence, when malicious participants wish to cheat honest participants into believing that the black parts of the secret image are white, honest participants will be unaware of this fact. Even forcing the secret image to become all white is easily accomplished.. 23.

(32) (a) secret image. (b) forged image. Figure 3.5: Example of cheating using the black regions of the secret image.. 政治大 In Figure 3.5, (a) is the original secret image. When using the attack method proposed by 立. ‧ 國. 學. [17], malicious participants can cheat using the black regions of the secret image, generating a forged shared image. Honest participants would not know that the shared image was forged.. ‧. In this case, if honest participants overlap their shared image with the forged shared image,. n. al. er. io. sit. y. Nat. forged image (b) will appear instead of secret image (a).. Ch. engchi. 24. i n U. v.

(33) Chapter 4 Proposed Schemes. In Liu et al.’s scheme, malicious participants can generate a forged shared image to cheat on honest participants using the black regions of the secret image. In order to solve this problem. 政治大. such that malicious participants cannot generate a forged shared image, we propose scheme 1.. 立. Although scheme 1 can resist the attack method proposed in [17], it also limits all verification. ‧ 國. 學. images to all white images. In order to allow participants to choose their desired verification image, we proposed scheme 2 to remove this inconvenience.. ‧. n. al. er. io. sit. y. Nat. 4.1 Scheme 1. i n U. v. Because the scheme in [18] only protects the white regions of the secret image, if we can also. Ch. engchi. protect the black, then this attack method will not be effective. Hence, we modify some of the parts in the scheme. Let S 0 and S1 be the n × m-sized basic matrices for the shared image generation in a. black-and-white VSS method where S 0 and S1 are for white and black pixels, respectively. Further, each participant Pi holds shared image Si (i = 1, 2, …, n) and a pixel in a secret. image is expanded to m subpixels in a shared image.. Unlike the scheme in [16], which creates four basic matrices, dealer create three n × (m + 2)-sized basic matrices T 0 , T1 , and R0 as follows: 25.

(34) 10 T = � ⋮ � S 0�，. 10 0. 10 T1 = � ⋮ � S1 �，. 10. 10 R = � ⋮ � 0 �，. 10 0. 政治大. where T 0 and T1 are used to generate shared image Si and R0 is used to generate. 立. verification shared image Vi (where i = 1, 2, …, n).. ‧ 國. 學. Both T 0 and T1 are used to generate shared image Si as in [16]. First, we stipulate. that each point in the verification image of each participant is white, then according to the. ‧. pixel value of the secret and verification images, verification shared image generation can be. y. Nat. n. al. er. io. sit. divided into two cases:. i n U. v. Case 1: The focal pixels in the secret and verification images are white.. Ch. engchi. Case 2: The focal pixels in the secret and verification images are black and white, respectively.. Furthermore, each (m + 2)-length subpixel in the verification shared image Vi are. generated as follows:. Case 1: As in [18], ri0 is put into Vi . In addition, where party-dependent (m + 2)-length row vector ri0 is obtained from t 0i , the i-th row of T 0 (where i = 1, 2, …, n), and is given by as the following formula,. 26.

(35) t 0i = [10� si0 ]，. where si0 is the i-th row of S 0 , the number of ones in si0 is x (where 0 < x < m), and the. number of ones in t 0i is (x + 1). The position of a one is randomly chosen from the (x + 1). existing ones, and the other of ones are set to zero to obtain a new (m + 2)-length row vector ri0 . For example, when t 0i =[1 0 1 0 0], ri0 =[1 0 0 0 0] or ri0 =[0 0 1 0 0].. 政治大. Case 2: As in [16], the i-th row of R0 is put into Vi as (m + 2)-length subpixels.. 立. ‧ 國. 學. Figure 4.1 is an example of our proposed scheme 1 on a (2, 3)-threshold VSS method,. ‧. where S1, S2 , and S3 are shared images, and V1 , V2 , and V3 are verification shared. Nat. images. Three participants P1、, P2 and P3 have the same verification images that are all. sit. y. white. For P1, if S2 and S3 are stacked with V1 , respectively, and an all white verification. n. al. er. io. image appears, then we can guarantee that S2 and S3 are the correct shared images.. i n U. v. Similarly, P2 and P3 can also use the same method to confirm whether they have the real. Ch. engchi. shared image. All the verification pixels cannot be accurately estimated, so it is impossible to generate a forged shared image.. 27.

(36) 立. 政治大. ‧. ‧ 國. 學 y. Nat. n. al. er. io. sit. Figure 4.1: Example of our proposed scheme 1 on (2, 3)-threshold VSS method.. i n U. v. Although scheme 1 can resist the attack method proposed in [17], it also limits all. Ch. engchi. verification images to all white images. In order to allow participants to choose their desired verification image, we proposed scheme 2 to remove this inconvenience.. 4.2 Scheme 2. Let S 0 and S1 be the n × m-sized basic matrices for shared image generation in a VSS. method, where S 0 and S1 are for white and black pixels, respectively. Furthermore, each participant Pi holds shared image Si (i = 1, 2, …, n) and a pixel in a secret image is expanded to m subpixels in a shared image.. 28.

(37) First, dealer create five n × (m + 3)-sized basic matrices T 0 , T1 , R0 , R1 , and R2 as. follows:. 100 T 0 = � ⋮ � S 0 �，. 100. 100 T1 = � ⋮ � S1 �，. 100. 100 R0 = � ⋮ � 0 �，. 100. 立. 政治大. ‧. ‧ 國. 學. 010 R1 = � ⋮ � 0 �，. 010. n. al. er. io. sit. y. Nat. 001 R2 = � ⋮ � 0 �，. 001. i n U. v. where, T 0 and T1 are used to generate shared image Si , as in [16]. Because this method is. Ch. engchi. designed to improve the shortcomings of scheme 1 such that participants can choose their desired verification image, verification shared image generation can be divided into four cases:. Case 1: The focal pixels in the secret and verification images are white. Case 2: The focal pixels in the secret and verification images are black and white, respectively. Case 3: The focal pixels in the secret and verification images are white and black, respectively Case 4: The focal pixels in the secret and verification images are black. 29.

(38) Furthermore, each (m + 3)-length subpixel in the verification shared image Vi is. generated as follows:. Case 1: As in [18], ri0 is put into Vi . In addition, where party-dependent (m + 3)-length row vector ri0 is obtained from t 0i , the i-th row of T 0 (where i = 1, 2, …, n), and t 0i is defined by the following formula. 立. ‧ 國. 學. t 0i = [1 0 0� si0 ]，.. 政治大. ‧. where si0 is the i-th row of S 0 , the number of ones in si0 is x (where 0 < x < m), and the. Nat. number of ones in t 0i is (x + 1). The position of a one is randomly chosen from the (x + 1). sit. y. existing ones, and other ones are set to zero to obtain a new (m + 3)-length row vector ri0 . For. n. al. er. io. example, when t 0i =[1 0 0 1 0 0], ri0 =[1 0 0 0 0 0] or ri0 =[0 0 0 1 0 0].. i n U. v. Case 2: As in [16], the i-th row of R0 is put into Vi as (m + 3)-length subpixels.. Ch. engchi. Case 3: First, dealer randomly select a Vi from V1 to Vn . If the point happens to be in case. 3, then dealer put the i-th row of R1 into Vi as in [16]. For other participants Pj (j≠i) and Vj is in case 3, then dealer put the j-th row of R2 into Vj . In other words, only one participant’s. V is generated by R1 , all the other participants’ Vs are generated by R2 . For example, if there are five participants with verification images V1 to V5 , respectively. First, assume dealer. randomly selected V2 from V1 to V5 . In addition, assume V1 、, V2 , and V4 happened to. be in case 3. As a result, dealer would put the 2-nd row of R1 into V2 , and put the 1-st row of R2 into V1 and the put 4-th row of R2 into V4 .. Case 4: The procedure for case 4 is the same as for case 3. First, dealer randomly select a Vi 30.

(39) from V1 to Vn . If that point happens to be in case 4, then dealer put the i-th row of R1 into Vi as in [16]. For other participants Pj (j≠i) and Vj is in case 4, then dealer put the j-th row. of R2 into Vj . In other words, only one participant’s V is generated by R1 , all the other participants’ Vs are generated by R2 . For example, if there are five participants with. verification images V1 to V5 , respectively. First, assume dealer randomly selected V2 from. V1 to V5 . In addition, assume V1 、, V2 , and V4 happened to be in case 4. As a result, dealer would put the 2-nd row of R1 into V2 , and put the 1-st row of R2 into V1 and the put 4-th. row of R2 into V4 .. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. i n U. v. Figure 4.2: Example of our proposed scheme 2 on a (2, 3)-threshold VSS method.. Figure 4.2 is an example of our proposed scheme 2 on a (2, 3)-threshold VSS method. 31.

(40) Three participants P1、, P2, and P3have their own verification images A, B, and C,. respectively. For P1, if S2 and S3 are stacked with V1 , respectively, and verification image. A appears, then it can be guaranteed that S2 and S3 are the correct shared images. Similarly, P2 and P3 can also use the same method to confirm whether they have the correct shared image. All the verification pixels cannot be accurately estimated, so it is impossible to generate a forged shared image. Figure 4.1 is wider than Figure 4.2. This is because scheme 2 is more expanded than. 政治大. scheme 1 with respect to verification bits, however, it is possible to allow participants to. 立. choose their own verification image.. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 32. i n U. v.

(41) Chapter 5 Security Analysis. We analyze the security of scheme 1 and scheme 2 for all cases as follows.. 5.1 Security Analysis for Scheme 1. 立. 政治大. Here, we analyze the security of our scheme 1 in two cases.. ‧ 國. 學 ‧. Case 1: In this case, there is no difference between our scheme and the scheme [18]. If the malicious participants wish to cheat together to lead a honest participant into believing that. y. Nat. sit. er. io. the secret image is black, they will have 1⁄2 opportunity of wrongly guessing the position. having value 1 in the verification image of the honest participant. Assuming an image size is. n. al. Ch. i n U. v. X × Y, and each pixel has 1⁄2 probability to be in case 1, so the probability of successfully. engchi. 1. XY 2. generating a forged shared image is �2� .. Case 2: As scheme 1’s verification image only can choose white, the attack method of choosing inverted verification images in [17] is invalid. For example, in a (2, 3)-threshold VSS, if the malicious participants wish to cheat together to lead the honest participants into believing that the secret image is white, they will have 1⁄2 opportunity of wrongly guessing the position having value 1 in the share image of the honest participant. Assuming an image size is X × Y, and each pixel has 1⁄2 probability to be in case 2, so the probability of 33.

(42) 1. XY 2. successfully generating a forged shared image is �2� .. 5.2 Security Analysis for Scheme 2. Here, we analyze the security of our scheme 1 in four cases.. Case 1: In this case, there is no difference between our scheme and the scheme [18]. If the. ‧ 國. 學. 治政 malicious participants wish to cheat together to lead a honest 大 participant into believing that 立 the secret image is black, they will have 1⁄2 opportunity of wrongly guessing the position. having value 1 in the verification image of the honest participant. Assuming an image size is. 1. ‧. X × Y, and each pixel has 1⁄4 probability to be in case 1, so the probability of successfully XY 4. y. sit. Nat. generating a forged shared image is �2� .. io. er. Case 2: As scheme 2 slightly expands the verification bit and allows only one participant’s V to be generated by R1 , where all the other participants’ Vs are generated by R2 when the. al. n. v i n verification image is black. If theC malicious h e n gparticipants c h i Uchoose inverted verification images as in [17] to attack the honest participants, they will have 1⁄n opportunity of wrongly. guessing all the positions of the verification bits (where n is the number of participants). For example, in a (2, 3)-threshold VSS, if the malicious participants wish to cheat together and lead the honest participants to believe that the secret image is white, they will have 1⁄3. opportunity of wrongly guessing all the positions of the verification bits. In this situation, they will have 1⁄2 opportunity of wrongly guessing the position having value 1 in the share. image of the honest participant. Hence, the attack will fail with a probability of. 1 3. 1. × 2.. Assuming an image size is X × Y, and each pixel has 1⁄4 probability to be in case 2, so the 34.

(43) 5. XY 4. probability of successfully generating a forged shared image is �6� .. Case 3: As in case 2, only one participant’s V is generated by R1 , and all other participants’ Vs are generated by R2 when the verification image is black. If the malicious participants. choose inverted verification images as in [17] to attack the honest participants, they will have 1⁄n opportunity of wrongly guessing all the positions of the verification bits (where n is the number of participants). For example, in (2, 3)-threshold VSS, if the malicious participants. wish to cheat together to lead the honest participants to believe that the secret image is black,. ‧ 國. value 1 in the verification image of the honest participant. 1 3. 2 3. . Assuming an image size is X × Y, and each pixel has 1⁄4 probability to. Nat. ×. Hence, the attack will fail with. ‧. probability. 學. 治政 they will have 1⁄3 opportunity of wrongly guessing all大 the positions of the verification bits. 立 In this situation, they will have 2⁄3 opportunity of wrongly guessing the position having 7. XY 4. sit. y. be in case 3, so the probability of successfully generating a forged shared image is �9� .. n. al. er. io. Case 4: As in case 2, scheme 2 slightly expands the verification bits, and only one. i n U. v. participant’s V is generated by R1 , where and all the other participants’ Vs are generated by 2. Ch. engchi. R when the verification image is black. If the malicious participants choose inverted. verification images as in [17] to attack the honest participants, they will have 1⁄n. opportunity of wrongly guessing all the positions of the verification bits (where n is the number of participants). For example, in (2, 3)-threshold VSS, if the malicious participants wish to cheat together to lead the honest participants to believe that the secret image is white, they will have 1⁄3 opportunity of wrongly guessing all the positions of the verification bits. In this situation, they will have 1⁄2 opportunity of wrongly guessing the position having value 1 in the share image of the honest participant. Hence, the attack will fail with a. 35.

(44) 1. probability of. 3. 1. × 2. Assuming an image size is X × Y, and each pixel has 1⁄4 probability 5. XY 4. to be in case 4, so the probability of successfully generating a forged shared image is �6� .. The report in [21] mentions two kinds of cheating, meaningful cheating and meaningful deterministic cheating. We now discuss these types of cheating with respect to schemes 1 and 2. In scheme 1, for any single point, malicious participants cannot completely construct a. 政治大 for any single point, malicious participants in some situations can completely generate a 立. forged share point, so the scheme can resist meaningful deterministic cheating. In scheme 2,. ‧ 國. 學. forged share point, so the scheme cannot resist meaningful deterministic cheating. However, for the whole image, malicious participants cannot generate a complete forged shared image,. ‧. so the scheme can resist meaningful cheating.. sit. y. Nat. Comparison with our scheme and other scheme, and m is the number of pixel. io. al. er. Table 5.1. v. n. expansion in VSS, and n is the number of participants. Scheme. i n C Number h e nof gexpansion chi U. Hu et al[16]. m+2. Insecure. Chen et al[17]. m+(n+1). Secure. Liu et al[18]. m+2. Insecure. Our scheme1. m+2. Secure. Our scheme2. m+3. Secure. 36. Security.

(45) Chapter 6 Conclusion and future rearch. Visual cryptography was proposed by Naor and Shamir in 1994. Thus far, there have been many developments in different directions. However, the research on cheating prevention is relatively limited, even though preventing malicious participants from cheating on honest. 治政 participants is an extremely important issue. If the security 大of a scheme cannot protect all 立 participants, it cannot be trusted. Relatively, there would be no value to using it. Regardless of ‧ 國. 學. how good a scheme is, it needs to have safe and trusted prevention mechanisms, only then can. ‧. it truly achieve secret sharing.. n. er. io. sit. y. Nat. al. Ch. engchi. 37. i n U. v.

(46) References. [1] M. Naor and A. Shamir, “Visual cryptography,” in Proc. Advances in Cryptology, LNCS. , vol. 950, pp. 1–12, 1994.. 治政 [2] G. Blakley, “Safeguarding cryptographic keys,” in Proc. 大 AFIPS National Computer 立 Conference, pp. 313-317, 1979. ‧ 國. 學. 612–613, 1979.. ‧. [3] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp.. er. io. sit. y. Nat. [4] T. H. Chen and D. S. Tsai, “Owner-customer right protection mechanism using a. n. al. Ch. i n U. v. watermarking scheme and a watermarking protocol,” Pattern Recognition, vol. 39, no. 8, pp. 1530–1541, 2006.. engchi. [5] R. Lukac and K. N. Plataniotis, “Bit-level based secret sharing for image encryption,” Pattern Recognition, vol. 38, no. 5, pp. 767–772, 2005.. [6] M. Naor and B. Pinkas, “Visual authentication and identification,” in Proc. Advances in Cryptology , LNCS, vol. 1294, pp. 322–336, 1997.. 38.

(47) [7] C. C. Chang and J. C. Chuang, “An image intellectual property protection scheme for gray-level image using visual secret sharing strategy,” Pattern Recognition Letters, vol. 23, no. 8, pp. 931–941, 2002.. [8] C. C. Wang, S. C. Tai, and C. S. Yu, “Repeating image watermarking technique by the visual cryptography,” IEICE Transactions on Fundamentals Electronics, Communications and Computer Sciences, vol. E83-A, no. 8, pp. 1589–1598, 2000.. 立. 政治大. [9] C. Blundo, A. De Santis, and M. Naor, “Visual cryptography for grey level images,”. ‧ 國. 學. Information Processing Letters, vol. 75, no. 6, pp. 255–259, 2000.. ‧. [10] C. C. Lin and W. H. Tsai, “Visual cryptography for gray-level images by dithering. y. Nat. n. al. er. io. sit. techniques,” Pattern Recognition Letters, vol. 24, no. 1–3, pp. 349–358, 2003.. i n U. v. [11] Y. C. Hou, “Visual cryptography for color images,” Pattern Recognition, vol. 36, no. 7, pp. 1619–1629, 2003.. Ch. engchi. [12] V. Rijmen and B. Preneel, “Efficient colour visual encryption for shared colors of Benetton,” in Proc. EUROCRYPTO, Berlin, Germany, Rump Session, 1996.. [13] C. Blundo, P. D’Arco, A. De Santis, and D. R. Stinson, “Contrast optimal threshold visual cryptography schemes,” SIAM Journal on Discrete Mathematics, vol. 16, no. 2, pp. 224–261, 2003.. 39.

(48) [14] A. Shamir and M. Naor, “Visual Cryptography II: Improving the contrast via the cover base,” in Proc. Security Protocols, LNCS, vol. 1189, pp. 197–202, 1996.. [15] G. Horng, T. H. Chen, and D. S. Tsai, “Cheating in visual cryptography,” Designs, Codes and Cryptography, vol. 38, no. 2, pp. 219–236, 2006.. [16] C. M. Hu and W. G. Tzeng, “Cheating prevention in visual cryptography,” IEEE. 政治大. Transactions Image Processing, vol. 16, no. 1, pp. 36–45, 2007.. 立. ‧ 國. 學. [17]Y.C. Chen, G. Horng, and D.S. Tsai, “Comment on ‘Cheating Prevention in Visual Cryptography’,” IEEE Transactions, Image Processing,vol.21, no.7, pp.3319-3323, 2012.. ‧ y. Nat. sit. [18]S.C. Liu, M. Fujiyoshi, and H. Kiya, “A cheat-prevention visual secret sharing scheme. n. al. er. io. with efficient pixel expansion”IEICE Transactions on Fundamentals of Electronics. i n U. v. Communications and Computer Sciences,vol. E96-A, no. 11, pp. 2134-2141, 2013.. Ch. engchi. [19] R. De Prisco and A. De Santis, “Cheating immune threshold visual secret sharing,” Computer Journal, vol. 53, no. 9, pp. 1485–1496, 2009.. [20] D. S. Tsai, T. H. Chen, and G. Horng, “A cheating prevention scheme for binary visual cryptography with homogeneous secret images,” Pattern Recognition, vol. 40, no. 8, pp. 2356–2366, 2007.. [21]Y.C. Chen, D.S. Tsai, G.Horng, “Visual secret sharing with cheating prevention 40.

(49) revisited” Digital Signal Processing, Vol. 23, Issue 5, pp. 1496-1504, 2013.. [22] H.Yan, Z. Gan, and K. Chen, “A cheater detectable visual cryptography scheme,” (in Chinese) Journal of Shanghai Jiaotong University, vol. 38, no. 1, 2004.. 立. 政治大. ‧. ‧ 國. 學. n. er. io. sit. y. Nat. al. Ch. engchi. 41. i n U. v.

(50)