Secret Image Sharing for (k, k) Threshold Based on Chinese Remainder Theorem and Image Characteristics

Abstract

Secret image sharing (SIS) based on Chinese remainder theorem (CRTSIS) has lower recovery computation complexity than Shamir’s polynomial-based SIS. Most of existing CRTSIS schemes generally have the limitations of auxiliary encryption and lossy recovery, which are caused by that their ideas are borrowed from secret data sharing. According to image characteristics and CRT, in this paper we propose a CRTSIS method for (k, k) threshold, based on enlarging the grayscale image pixel values. Our method owns the advantages of no auxiliary encryption and lossless recovery for grayscale image. We perform experiments and analysis to illustrate our effectiveness.

1 Introduction

Secret image sharing (SIS) scheme encodes the secret image into multiple noise-like shadow images i.e., shadows or shares, which are then assigned to multiple participants. The secret can be disclosed by sufficient shadow images while insufficient shadow images rebuild nothing about the secret. SIS may be applied in many scenarios, such as, authentication, watermarking, access control, information hiding, transmitting passwords, distributed storage and computing etc. To share grayscale image, there exist Shamir’s polynomial-based method [5], Chinese remainder theorem-based SIS (CRTSIS) [1, 10] and so on [9, 11].

Shamir’s polynomial-based SIS [5] encodes the secret image into the constant coefficient of a random \((k-1)\)-degree polynomial to possess n shadow images, which are then as well assigned to n participants. The secret image can be disclosed with high-resolution making use of Lagrange interpolation by any k or more shadow images. Following Shamir’s original scheme and using all the k coefficients of the polynomial to take secrets, Thien and Lin [7] decreased the shadow image size 1/k times to the original secret image. Inspired by Thien and Lin’s research, some researchers [4, 12] developed more Shamir’s polynomial-based schemes to receive more features. Although Shamir’s polynomial-based SIS only needs k shadow images for decoding the distortion-less secret image, it is in general lossy recovery with auxiliary encryption and high computation complexity. On account of the secret is decoded modulo 251 which is less than maximum pixel value 255, the recovery image will be lost when the pixel value of the secret image is larger than 251 so that Shamir’s polynomial-based SIS owes a little bit of loss. Image encryption is usually utilized before sharing that results in auxiliary encryption. Because of Lagrange interpolations in the recovery phase, it needs \(O(k\log ^2 k)\) operations [1], i.e., complicated computations.

CRTSIS overall can achieve the advantages of lossless recovery, no auxiliary encryption and lower recovery computation complexity (the modular only O(k) operations [1]), so that which is discussed by other researchers [2, 3, 6, 8, 10].

Related works of CRTSIS are analyzed as follows. Yan et al. firstly [10] discussed CRT in SIS, which may deduce a little information leakage and may be lossy. Shyu and Chen [6] put forward a threshold CRTSIS utilizing Mignotte’s scheme based on pseudo random number generator which suffers from auxiliary encryption. Ulutas et al. [8] investigated a modified SIS using Asmuth Bloom’s secret sharing scheme through dividing the grayscale image pixel values into more possible intervals. It fails to consider pixel value 2 times or more to the parameter, which may lead to lossy recovery. Chunqiang et al. [3] designated a CRTSIS employing the chaotic map which results in auxiliary encryption. Chuang et al. [2] gave a simple CRTSIS and examined (3, 5) threshold for RGB color images. Their method has the limitation of lossy or least significant bits pre-stored. In addition, their algorithm parameters condition is different from the adopted explicit parameters in the experiment. Finally, most existing CRTSIS schemes fail to provide applicable explicit parameters for the implementations based on the image characteristics. As a result, traditional CRTSIS methods overall suffer from auxiliary encryption, lossy recovery and ignoring the image characteristics, which are caused by that their ideas are borrowed from secret data sharing.

According to image characteristics and CRT, in this paper we propose a CRTSIS method for (k, k) threshold, through enlarging the grayscale image pixel values. Our method owns the benefits of no auxiliary encryption and lossless recovery for grayscale image. The contributions of this paper are that, according to the image characteristics, our (k, k) threshold CRTSIS for grayscale image is lossless recovery without auxiliary encryption. Furthermore, we provide explicit parameters for the implementations based on image pixel value range. We perform experiments and analysis to illustrate our effectiveness.

The rest of the paper is organized as follows. Section 2 introduces some basic requirements for the proposed method. In Sect. 3, our method is presented in detail. Section 4 is devoted to experimental results. Finally, Sect. 5 concludes this paper.

2 Preliminaries

In this section, we describe some preliminaries for our work. In (k, k) threshold SIS, the original secret image S is encrypted among k shadow images \(SC_1,SC_2, \cdots SC_k\), and the decrypted secret image \( {S}' \) is reconstructed from k shadow images.

2.1 Chinese Remainder Theorem (CRT)

CRT has a long history. It motivates to solve a set of linear congruence equations.

A set of integers \({m_i }(i = 1,2, \cdots ,k)\) are chosen subject to \(\gcd \left( {m_i ,m_j } \right) = 1,i \ne j\). Then there exists only one solution \(y \equiv \left( a_1 M_1 M_1^{ - 1} + a_2 M_2 M_2^{ - 1} + \cdots \right. \left. +\, a_k M_k M_k^{ - 1} \right) \left( {\bmod \;M} \right) \), \(y \in \left[ {0,M - 1} \right] \) satisfying the following linear congruence equations.

$$\begin{aligned} y&\equiv a_1 \left( {\bmod \;m_1 } \right) \nonumber \\ y&\equiv a_2 \left( {\bmod \;m_2 } \right) \nonumber \\&\cdots \\ y&\equiv a_{k-1} \left( {\bmod \;m_{k-1} } \right) \nonumber \\ y&\equiv a_k \left( {\bmod \;m_k } \right) \nonumber \end{aligned}$$

(1)

where \(M = \prod \nolimits _{i = 1}^k {m_i }\), and .

\(\gcd \left( {m_i ,m_j } \right) = 1,i \ne j\) tells that every equation in Eq. (1) will not be eliminated by other equations.

We note that in \(\left[ {0,M - 1} \right] \) there exists unique solution. If only the first \(k-1\) equations in Eq. (1) are given, we can gain only one solution for the first \(k-1\) equations in \([0,\prod \nolimits _{i = 1}^{k-1} {m_i }-1]\), denoted as \(y_0\). While in \([0,M-1]\), \(y_0+b\prod \nolimits _{i = 1}^{k-1} {m_i }\) for \(b = 1,2, \cdots ,{m_i -1}\) are the solutions as well satisfying the first \(k-1\) equations in Eq. (1). Thus, there are another \({m_i -1}\) solutions in \([\prod \nolimits _{i = 1}^{k-1} {m_i }-1,M-1]\), other than unique one, which will be applied in the proposed method to get (k, k) threshold.

2.2 The Feature Analysis of Image

Image is different from pure data. The image consists of pixels, and there are some correlations between pixels as well, such as texture, edge, structure and other related information. As a result, SIS should scramble both the pixel values and the correlations between adjacent pixels.

The pixel value range of grayscale image is \(\left[ {0,255} \right] \), which should be referred in the SIS design, such as, the secret pixel value is less than 256 and the shadow image pixel value is less than 256 as well. In addition, we know \({m_i \le 256}\) in Eq. (1).

3 The Proposed CRTSIS Method for (k, k) Threshold

We present the proposed CRTSIS method for (k, k) threshold based on the secret image S outputting k shadow images \(SC_1,SC_2, \cdots SC_k \) and corresponding private modular integers \(m_1,m_2, \cdots m_k \). Our generation Steps are demonstrated in Algorithm 1. And the recovery Steps are given in Algorithm 2.

In Algorithm 1 and Algorithm 2, we remark that.

1. 1.

   In Step 1 of our Algorithm 1, \(\left\{ {m_1,m_2 \cdots , m_k < 256} \right\} \) is due to shadow image pixel value range. We suggest that \(m_i\) is as large as possible so that the pixel values of shadow images will randomly lie in large range. \(\gcd \left( {m_i ,m_j } \right) = 1\) is issued to satisfy CRT conditions. The user may further restrict \(\gcd \left( {m_i ,256} \right) = 1\) for \(i=1,2,\cdots ,k\) in specific applications.

2. 2.

   From Step 3 of our Algorithm 1, A is randomly picked up from \( \left[ {\left\lceil {\frac{N}{256}} \right\rceil ,\left\lfloor {\frac{M}{256} - 1} \right\rfloor } \right] \), thus \(N \le y < M\) in order to obtain (k, k) threshold for y as explained in Sect. 2.1.

3. 3.

   In Step 3 of Algorithm 1, since \(0 \le x < 256\) and Step 3 of Algorithm 2, we have x can be losslessly reconstructed for arbitrary \(x \in \left[ {0,255} \right] \).

4. 4.

   In Step 3 of Algorithm 1, A is randomly picked up for each x, therefore \(y = x + Ap\) can enlarge x value in order to scramble both the pixel value and the correlations between adjacent pixels without auxiliary encryption.

5. 5.

   In Step 3 of Algorithm 1, \(y = x + Ap\) and \(x<256\) can determine only one x due to \(x \equiv y\left( {\bmod \;256} \right) \).

Fig. 1.

Experimental example of CRTSIS method for (k, k) threshold, where \(k =3\)

4 Experimental Results and Analyses

In this section, experiments and analyses are realized to show the effectiveness of our method.

Figure 1 demonstrates the experimental results for (3, 3) threshold, where \(m_1=253,m_2=254,m_3=255\) and the grayscale secret image is shown in Fig. 1(a). Figure 1(b–d) display the 3 shadow images \(SC_1,SC_2,SC_3\), which are noise-like. Figure 1(e–h) indicate the reconstructed secret images by any 2 or 3 shadow images based on CRT, from which the recovered secret image from \(k=3\) shadow images is lossless by CRT due to \(\sum \limits _{h = 1}^H {\sum \limits _{w = 1}^W {\left| {S(h,w) - S'(h,w)} \right| } } = 0\), where \(S'=CRT(SC _{1} , SC_{2}, SC_{3})\) indicates the recovered secret image from \(SC _{1} , SC_{2}, SC_{3}\) by CRT. While any 2 shadow images give no clue about the secret.

Fig. 2.

Experimental example of CRTSIS method for (k, k) threshold, where \(k=5\)

The next example, we just give the results by the first tth shadow images for short.

Figure 2 denotes the experimental results for (5, 5) threshold, where \(m_1=247,m_2=251,m_3=253,m_4=254,m_5=255\) and the grayscale secret image is exhibited in Fig. 2(a). Figure 2(b–f) show the 5 shadow images, which are also noise-like. Figure 2(g–j) demonstrate the reconstructed secret image with any \( t\left( {2 \le t \le 5} \right) \) (taking the first t shadow images as an example) based on CRT recovery. When \( t < 5 \) shadow images are collected, there is no information of the secret image. In contrast, when 5 shadow images are given, the secret image is reconstructed losslessly by CRT.

Based on the above results we can see that:

• Since the shadow images are noise-like, the proposed method has no cross interference of secret image for single shadow image.

• When \( t < k \) shadow images are obtained, there is no information of the secret image could be deduced, which shows the security of our scheme.

• When \( t=k\) shadow images are given, the secret image will be reconstructed losslessly by CRT.

• CRTSIS method for (k, k) threshold is achieved.

In addition, due to no CRTSIS method for (k, k) threshold designed for image in the literature, we omit the comparisons.

5 Conclusion

In this paper, based on image characteristics and Chinese remainder theorem (CRT), we propose a CRTSIS method for (k, k) threshold, through enlarging the grayscale image pixel values. Our method realizes secure (k, k) threshold and lossless recovery for grayscale image without auxiliary encryption. Experimental results further show the effectiveness of our work, where explicit parameters for the implementations based on image pixel value range are presented. The proposed method may be extended to share color secret image based on color decomposition and color composition. (k, n) threshold extending will be our future work.