Color Image Encryption Based on Secret Sharing and Iterations

INTRODUCTION

Digital image encryption plays an important role in multimedia security due to the development of Internet and the increasing requirement for image transmission. Nowadays many schemes have been developed for image encryption. Most of them are designed for gray level image encryption based on various transforms such as Hartley transform (Li and Zhao, 2009; Ahmad and Liu, 2009; Singh and Sinha, 2009) fractional wavelet transform (Chen and Zhao, 2008) fractional Fourier transform (Jin and Yan, 2007; Liu et al., 2009a, b; Liu and Liu, 2007; Joshi et al., 2009) and so on. Besides transform domain based methods, some spatial domain based image encryption schemes have been reported in literatures. A pixel-based scrambling scheme is proposed for gray level medical image encryption in (Hu and Han, 2009). In this system, the input image is decomposed into several binary bitplanes and then the simple exclusive-OR (XOR) operation is performed in an innovative way.

This letter proposes a novel simple scheme for color image encryption. The principle of image secret sharing combined with iterations is exploited in our spatial domain based method. The XOR-based method (Hu and Han, 2009) can be essentially regarded as a module-2 mechanism. In contrast, a module-p mechanism is employed in our scheme, where p is a specific prime integer. In image encryption, the pixel values are directly input for secret sharing after a pixel-wise color space mapping. As once secret sharing is not enough to scramble the pixel values randomly, several iterations of secret sharing are executed. The image decryption is a task to solve an equation set consisting of three simultaneous equations with Largrange’s interpolation.

Our color image encryption method is motivated from the (r, n)-threshold scheme proposed by Shamir (1979). Suppose, we encrypt a secret integer s into n shares held by n participants. In the (r, n)-threshold paradigm, two properties must be maintained. One is that any r or more than r shares can be used to recover the secret integer and the other is that any r-1 or fewer shares cannot reconstruct it. In particular, the sharing procedures are described below.

To encrypt s into n shares, a prime p is randomly selected and an r-1 degree polynomial is constructed as:

(1)

where, the coefficients a_i (i = 1, 2, …, r-1) is a randomly chosen positive integer. Both s and a_i are smaller than p. Accordingly, the set consisting of n shares q(j) (j = 1, 2, …, n) can be generated as:

(2)

According to Largrange’s interpolation, the secret data s can be recovered by solving an equation set constructed by any r shares. For example, suppose s = 3 is shared with a (2, 4)-threshold model and p is set as 7. Then an equation is defined as q(x) = (3+5x)mod7, where, the coefficient 5 is randomly selected. Thus, four shares q(1) = 1, q(2) = 6, q(3) = 4 and q(4) = 2 are computed. If q(2) and q(3) are collected, we have q(2) = 6 = (s+2a₁)mod7 and q(3) = 4 = (s+3a₁)mod7. In this way, the secrets can be solved as 3 based on these two equations.

In this basic (r, n)-threshold scheme, we can find that each share is of the same size as that of the input secret and in practice the coefficient is also calculated (e.g., a₁ = 5 in the above example) along with the secret integer during decryption. In order to reduce the share size, (Thien and Lin, 2002) extended the (r, n)-threshold model to share an 8-bit gray level image. Their idea is to employ all coefficients of the r-1 degree polynomial in Eq. 1 to carry the input image data. Specifically, the secret image is partitioned into a set of non-overlapping segments, each having r pixels. For each segment j, an r-1 degree polynomial is defined as:

(3)

where, p₀, p₁,…, p_r-1 are the r pixel values of the segment. Then q_j(1), q_j(2), …, q_j(n) can be computed and sequentially assigned to n share holders. As each share receives one of the generated pixels, it is 1/r size of the secret image. Thus transmission is speeded up and the storage space is saved.

In Thien and Lin’s method, p is set as 251 for the largest prime between 0 and 255 is 251. Hence, the input pixel values must be truncated into 0 to 251 before sharing. Obviously, this truncation is a lossy process. In other words, some original information is lost when encrypting a pixel with the value larger than 251. Thien and Lin (2002) also tailored a lossless sharing scheme for this special case. That is, some extra space is used to record the difference between 250 and 255. Consequently, the size of each share is more or less larger than 1/r of the input image.

PROPOSED METHOD

Our goal is to encrypt a 24-bit color image with the red (R), green (G) and blue (B) color components of each pixel P(u, v) recorded by 8 bits, respectively. In our context, P(u, v) denotes the pixel in the u-th row and v-th column of the image. The image encryption and decryption procedures are described below.

Color image encryption: Suppose the original image I is of size MxN, then the encryption steps can be given as follows.

Step 1. Image permutation: This step is to decorrelate the color component correlation of the input image. Generate a pseudo random number sequence with MxNx3 elements according to a key K. Suppose the RGB components of P(u, v) are represented as P_r(u, v), P_g(u, v) and P_b(u, v), respectively. Concatenate the RGB planes of P(u, v) into a sequence S with the raster scanning order as:

(4)

Then permute S into S_p with the pseudo random number sequence as:

(5)

Obviously, S_p can be rearranged into a permuted color image PI. That is, P_pr(1, 1), P_pr(1, 2),…, P_pr(M,N) are rewritten to the red channel of PI, P_pg(1,1), P_pg(1,2),…, P_pg(M,N) are rewritten to the green channel of PI and P_pb(1,1), P_pb(1, 2),…, P_pb(M,N) are rewritten to the blue channel of PI. Actually, each RGB component of the permuted pixel is retrieved from that of some other pixel of I.

Step 2. RGB to YCbCr color space transform: In this step, the permuted image PI is transformed from RGB into the YCbCr color space image PI'. The YCbCr system is a popular luminance-chrominance space. As the Human Visual System (HVS) is more sensitive to changes in luminance than those in chrominance, the main advantage of luminance-chrominance systems (e.g., YCbCr, YUV, YIQ) is that some of the chrominance information can be discarded without causing noticeable artifacts. In our case, the RGB to YCbCr space mapping is defined as follows:

(6)

where, Y stands for the luminance component, Cb and Cr represent the blue and red chrominance components. Obviously, the RGB to YCbCr space transform is a lossy process. Each color component in the RGB space lies in the range of 0 to 255, while in the YCbCr space, the Y component is transformed into the range of 16 to 235 and Cb and Cr are both scaled to the range of 16 to 240. In general, the visual distortion introduced by the RGB to YCbCr color space transform is very slight such that it cannot be distinguished by human eyes.

Actually, the color space transform is essential because the largest prime can be used between 0 and 255 is 251 and the color component of each pixel in the YCbCr space is smaller than 251. The color channel decomposition and transform of the 512x512 Lena image are shown in Fig. 1.

Step 3. Secret Sharing: This step is to encrypt the YCbCr space image PI'. The encryption operation is given as Eq. 7. Suppose the Y, Cb and Cr components of the encrypted image EI¹ are EI¹_y, EI¹_cb and EI¹_cr, respectively. Here the superscript 1 denotes they are results of the first iteration of secret sharing.

(7)

Repeated the above operations on all pixels of PI' and then EI¹ can be obtained by EI¹_y, EI¹_cb and EI¹_cr, recomposition.

Step 4. Iterations: Although, the secret sharing in step 3 converts the PI' into a random noise-like image EI¹, this single procedure cannot scramble the pixel values evenly distributed. In other words, three histograms of EI¹ in the R, G and B components are not flat. Therefore, the operations in the Step 3 are iterated as Eq. 8.

(8)

where, k is a positive integer. According to Eq. 8, we can obtain the scrambled image after k+1 times of iterations EI^k+1 from the version of EI^k.

Color image decryption: The image decryption is the inverse process of the encryption, which can be illustrated below:

Step 1. Simultaneous equation set construction and solution: The first step is to construct the simultaneous equation set as Eq. 8. It can be further rewritten as Eq. 9.

(9)

It can be expressed as:

(10)

Fig. 1:	Color channel decomposition of the 512x512 image Lena: the original image in the RGB space and the R, G and B channel planes (the top row, from left to right); the transformed image in the YCbCr space and the Y, Cb and Cr channel planes (the bottom row, from left to right)

where, is the inverse matrix of . Thus, the can be obtained by solving the equation set as Eq. 10. That is, EI^k is recovered.

Step 2. Inverse iterations: As the iterations in Eq. 7 and 8 are reversible in nature, we can obtain the EI¹ with inverse iterations. It is a repeated process of tracing the source EI^k of EI^k+1 by solving an equation set until k = 1. In this way, the permuted image PI' can be finally recovered according to EI¹.

Step 3. YCbCr to RGB color space transform: The permuted image PI' in the YCbCr space is transformed into the RGB space image PI with the inverse mapping given in Eq. 6.

Step 4. Image inverse permutation: The last step is to apply the permuted key K in encryption to inversely permute PI and thus the decrypted image is obtained.