Exploiting the Security Aspects of Compressive SamplingView this Special Issue
Meaningful Image Encryption Based on Reversible Data Hiding in Compressive Sensing Domain
A novel method of meaningful image encryption is proposed in this paper. A secret image is encrypted into another meaningful image using the algorithm of reversible data hiding (RDH). High covertness can be ensured during the communication, and the possibility of being attacked of the secret image would be reduced to a very low level. The key innovation of the proposed method is that RDH is applied to compressive sensing (CS) domain, which brings a variety of benefits in terms of image sampling, communication and security. The secret image after preliminary encryption is embedded into the sparse representation coefficients of the host image with the help of the dictionary. The embedding rate could reach 2 bpp, which is significantly higher than those of other state-of-art schemes. In addition, the computational complexity of receiver is reduced. Simulations verify our proposal.
Along with the development of Internet and information science, Internet can definitely provide great convenience to information transmission and processing, but as the same time, severe security problems therein have emerged gradually [1, 2]. Data hiding, as an important method to guarantee secure information transmission, has attracted more and more people’s concern [3, 4]. It has solved the easily-being-attacked problems of Cryptosystem by hiding the existence of data. Most of the methods, however, arbitrarily alter the carrier of information, which result in an unrecoverable host image after the secret information has been extracted by the receiver, and the embedded information may also not be recovered exactly. This is vital in some distortion-unacceptable scenarios. Subsequently, the problem has been solved effectively by the reversible data hiding (RDH) [5–7]. RDH technique may hide the secret messages in digital images, and it has two merits: lossless restoration of host image and lossless extraction of embedded massage. Consequently, RDH has become one effective technique to achieve copyright protection for the host image and covert communication for the embedded message [8–10].
Image encryption is a well-known technique to protect the contents of the original images [11–13]. The encrypted result appears as a random image, whose histogram is flat and information entropy is close to 8. Therefore, a secure cryptographic system with large key space and effective encryption mechanism can resist unauthorized user to obtain the original image. But the noise-like image is easily detected and attacked by the hacker during the transmission. If the encryption result presents as a meaningful image, it would be secure visually, and the possibility of being attacked would be dropped down to a very low level. Recently, many researchers contribute to the visually secure encryption scheme [14, 15]. For example, Kanso and Ghebleh  first decomposed the host image into four sub-bands denoted by LL, HL, LH and HH, then embedded a scrambled image into the latter three sub-bands. Chai et al.  proposed to compress the shuffled plain image and embed it into the host image. In fact, the method to encrypt a plain image into another meaningful image employs the method of data hiding; therefore they have used many common algorithms. Among them, RDH based on lossless compression [6, 16], RDH using difference expansion [17, 18] and RDH using histogram shifting [19, 20] are the most influential methods. It is noticed that, if the secret image is encrypted into a meaningful image, the aim of image encryption (another kind of RDH) is not to protect the host image any more, but to protect the embedded secret image. Therefore, meaningful image encryption can be used for covert communication of the secret image.
Compressive sensing (CS), which broke through the Shannon-Nyquist sampling theorem, brings a huge impact on the area of communication. Recently, CS and sparse representation are applied in RDH [15, 21–25]. Xiao et al.  embedded the secret data into the AC coefficient of host image and then used compressive sensing to generate the encrypted image. Yamaç et al.  proposed to embed the data into the CS measurements. Hua et al.  have proposed an informed sparse data hiding system, which embeds the message in the sparse domain and relaxes the sparsity condition. Meanwhile, many researchers tested that CS based RDH is secure to resist multiple attacks, because the measurement matrix or dictionary in CS based RDH is set to be secret. Rachlin and Baron  confirmed that it is not possible to reconstruct the signal using only the measurements without knowing the measurement matrix or dictionary. Orsdemir et al.  argued that brute attacks to obtain the matrix above were computationally infeasible. Therefore, processing the host image by CS effectively enhanced the security of RDH. In addition, it also broadened the applications of RDH. However, RDH in CS domain is still an attempt, and the computation complexities and the embedding capacities in the existing methods are still not satisfactory.
In this paper, enlightened by the idea of encrypting a secret image into another meaningful image which can significantly improve the covertness of the secret image communication, we propose a novel method of meaningful image encryption by combining RDH with CS. The host image is processed by CS, and the key problem of the proposed method is the achievement of RDH in CS domain. The contributions of this paper can be summarized as follows:
The covertness of the secret image to be encrypted can be ensured by RDH in a meaningful image.
A novel method of RDH in CS domain is proposed.
The embedding rate is significantly higher compared with the state-of-art schemes.
The complexity of computation of receiver is reduced.
The rest of this paper is organized as follows. Section 2 gives the related works about CS. Our proposed encryption scheme is described in Section 3. Section 4 verifies the proposed scheme via simulations. Comparisons between the proposed scheme and other works are discussed in Section 5. And the last section makes a conclusion of our work.
2. The Framework of CS
In this section, we discuss the basic CS theory and the exact recovery condition. Because the host images are usually natural images, they can be compressed by CS theory. Let a host image and its sparse solution be and respectively, then where is a matrix with full row rank. If we want to reconstruct from , the mutual incoherence property (RIP)  must be obeyed, which is showed as followswhere and are the th and th column vectors of respectively. Tropp  has described the condition to reconstruct exactly as followThis condition requires that the host image must be sparse enough, which is impossible for natural image. Hua et al.  proposed that for RDH this condition in (3) can be relaxed as
In the next section, we will propose how to maximize the embedding capacity by employing this condition above.
3. Description of Our Proposed Scheme
3.1. The Embedding Process
This section presents the proposed embedding algorithm, whose flowchart is shown in Figure 1. As in Figure 1, the embedding algorithm consists of four phases. In the first phase, a plain image can be encrypted by any of the existing cryptosystem. Next, the host image is represented sparsely by a given dictionary. Then, the encrypted plain image is embedded into the sparse coefficients of the host image. At last, the coefficients with message multiply with the new dictionary to generate the final cipher image, which is a meaningful image with visual security.
Step 1 (encrypt the plain image). Let a plain image and its cipher image in the first phase be and . And the cipher image is called Cipher image 1 in this paper. The plain image can be encrypted by any existing cryptosystem, whose keys are denoted by in Figure 1. Then we can obtain a vector image of .
Step 2 (represent the host image sparsely). To compress the host image, we must choose a dictionary such as DCT dictionary, wavelet dictionary, noiselets dictionary and so on, which can also be obtained from dictionary learning. Let be a host image, whose vectorized version is of length . The host vector can be represented sparsely by aswhere . Let the sparsity of be , then can be obtained by orthogonal matching pursuit algorithm with the fixed sparsity . Therefore, the vector would have nonzero elements. The indices of those nonzero elements are denoted by . If selecting the nonzero elements in order, we can get a vector satisfyingwhere and is a lossy equivalent of .
Step 3 (embed the message into the coefficients vector of host image). Let the null space of be , which satisfying and . We can first construct a new dictionary . Then the Cipher image 1 is embedded in coefficients vector, which is depicted by Algorithm 1.
In Algorithm 1, the function “dec2bin()” converts the decimal number to a binary number and the function “bin2dec()” is opposite. The function “getbits” gets the bits of from the th bit to the th bit and constructs a binary number. The typical workflows are introduced as follows. First, by Line , each pixel of Cipher image 1 is represented by 8-bit binary number. Second, by Line –, each 8-bit binary number is broken up into three parts and transformed to three decimal numbers , and . These decimal numbers should be small enough to obtain a meaningful cipher image but large enough to eliminate the effect of quantization. Third, we propose parity checks (Line –) to reduce the quantization error, where even numbers are set to be positive and odd numbers are negative. What’s more, due to the fact that zero is too small to reverse the positive and negative, we add 1 to (Line ) to avoid the appearance of zero. Last, each group of 8-bit of Cipher image 1 is assigned to three locations of for output (Line ). Meanwhile, the length of must equal to .
Step 4 (generate a meaningful image to transmit). A vector can be generated by the following equationwhere .
The meaningful image to transmit can be obtained by reshape the vector . Moreover, because the elements in vector are much smaller than the minimum value of , it has only a small effect on the transmitted image
The image quality to transmit depends on the sparsity . The bigger the sparsity , the nearer the image approximates to the host image.
3.2. The Extraction and Reconstruction Process
This section presents the proposed extraction and reconstruction algorithm, which is shown in Figure 2. As shown in Figure 2, this algorithm includes two phases. The first phase is to obtain the plain image by extracting the Cipher image 1 and decrypting it. The second phase is to recover the host image.
Step 1 (generate the matrix and its null space ). Based on the vector k and dictionary D, we can construct the matrix and compute the null space matrix .
Step 2 (extract the plain image).
Sub-Step 1. Obtain the Cipher image 1 by the following Equationwhere is the received cipher image vector. In application, quantification causes that the difference between vectors and is 1. But, this quantification error can be eliminated by our parity checks strategy, which can have a great promoting effect on recovering the embedded image exactly. The extraction flows of the Cipher image 1 are shown in Algorithm 2.
Algorithm 2 achieves the recovery of precisely, which is the inverse of Algorithm 1. In Algorithm 2, the function “fix()” takes out the integer part of a number, the function “sign()” takes out a positive or negative sign of a number and the function “strcat()” concatenates strings. The main flows are discussed as follows. First, by Line –, the sign of is extracted and its parity is determined to reduce the quantization errors, which correspond to Line – of Algorithm 1. Second, by Line , we have all elements of minus 1, which correspond Line of Algorithm 1. Third, by Line –, is divided into three parts (high, middle and low bit vectors), which correspond to Line – of Algorithm 1. Last, by Line –, each cipher pixel is extracted, which correspond to Line – of Algorithm 1.
Sub-Step 2. Decrypt the Cipher image 1 and obtain the plain image.
Step 3 (recover the host image).
4. Simulation Results
In this section, we verify our proposed embedding and extraction algorithm by experimental results. Without loss of generality, all host images and embedded images are with size and , respectively. Diaconu’s encryption algorithm  is chosen to encrypt the plain image. The Dictionary we choose is DCT dictionary.
4.1. The Performance of Extraction and Reconstruction
We choose two host images (Baboon and Lena) and one plain image (Lady) to discuss, which are shown as Figures 3(a), 3(b) and 3(c). Figure 3(c) is encrypted by Diaconu’s encryption algorithm  and the Cipher image 1 is shown in Figure 3(d). Then, Figure 3(d) is embedded in Figures 3(a) and 3(b) respectively. The embedding results are two cipher images Figures 4(a) and 5(a), which are visually secure. Figures 4(b) and 5(b) are the recovered host images from Figures 4(a) and 5(a). Only through our visual sense, we cannot distinguish the differences among the host image, the cipher image and the recovered host image.
Figure 4(c) is the difference image between Figures 3(a) and 4(b), and Figure 5(c) is the difference image between Figures 3(b) and 5(b). From Figures 4(c) and 5(c), we can conclude that there is very tiny difference between the original host image and its recovered version. One of the applications of RDH is covertly communication, which aims to protect the embedded secret image, then, little distortion of the host image is acceptable in this scenario. To discrmminate more about the differences among the host image, the cipher image and the recovered one, we draw their histograms. Figures 4(d)-4(e) are the histograms of Figures 3(a), 4(a) and 4(b) and Figures 5(d)-5(e) are the histograms of Figures 3(b), 5(a) and 5(b). Because Lena has more grey center of clustering than Baboon, its histograms Figures 5(d)-5(e) are even more telling. From Figures 5(d)-5(e), especially the the labeled regions, we can see that the recovered image is closer to the original host image than the cipher image with message, which varifies the perfermance of our proposed algorithm to recover the host image.
The plain images embedded in two host images can be extracted precisely, which are shown in Figures 3(e) and 3(f). One can see that the extracted image is exactly the same as Figure 3(a), indicating that the secret image can be covertly transmitted without any distortion.
4.2. The Embedding Rate
From Algorithms 1 and 2, the embedding rate can be denoted byWe explain the concluded embedding rate as follows. Supposing that a host image has pixles and sparsity, there are locations in coefficients vector to embed message. The length of Cipher image 1 must equal to as shown in Algorithm 1. Considering that each pixel is 8-bit, the Eq. (11) can be obtained.
By our thoroughly experiments, the embedding rate 2 bpp is a proper rate to balance the embedding capacity and reconstruction performance. If we want to achieve 2 bpp embedding rate, the compressive ratio . In our experiments, for the host image sized and , there are locations to embed message. For each pixel of Cipher image 1 is assigned to 3 locations, the total pixels of additional plain image should be . Therefore, we choose a plain image sized to verify our algorithm as shown in Figure 3.
If we want to improve the quality of the recovered image, the parameter can be increased. Two indexes, Peak signal to Noise Ratio (PSNR) and Structure Similarity (SSIM), are suitable to measure the quality of the recovered host image, which are shown in Eqs. (12) and (13)where and denote the th pixels of the original and recovered host images respectivelywhere and are mean values of two host images, and are standard deviations, and are two adjust parameters. For PSNR, a higher value is better; For SSIM, the nearer a value approximates to 1, the better the recovered image is.
Figure 6 shows that the PSNRs of the recovered host image increase with the raising of compressive ratio () for three test host images, i.e., Lena, Pepper and Baboon. Meanwhile, different images have different reconstruction performances by using a fixed dictionary. For example, the smooth image Lena is more suitable for embedding data while the textured image Baboon is not. Table 1 gives the SSIMs of the recovered host images with the compressive ratios ranging in , where three images Lena, Pepper and Baoon are chosen as host images. From Table 1, one can see that the SSIMs are all close to 1, which show our proposed algorithm has good performance to recover host image. Since the closer to 1 the SSIM the better the reconstruction is, based on the Table 1 we can see Baboon is the least suited to embedding data and Lena is the most suited one. The analysises from Table 1 are consistant with those from Figure 6.
Because the compressive ratio is proportional to the sparity and the embedding rate decreases with the increasing the sparity , the embedding rate decreases with the increasing the compressive ratio.
4.3. Against Noises
Each pixel of the embedded Cipher image 1 is transformed into 8 bits. These bits are divided into three parts and included in the coefficients vector by Line – of Algorithm 1. Therefore, these coefficients related to the embedded pixels are usually smaller than those of host image. If the cipher image is explosure in noisy invironment during transmition, the smaller coefficients would be influenced seriously. Therefore, the embedded Cipher image 1 is more sensitive to noises than the host image. Figure 7 discusses the sensitivity of the proposed algorithm to the noises. We add two levels “salt & pepper” noises to the received images. Figures 7(a) and 7(d) are the received cipher images, and they are full of “salt & pepper” noises. Figure 7(a) has noise density of 0.001 and Figure 7(d) is with 0.01. Figures 7(b) and 7(e) are the recovered host images, which are closer to the original host image. However, the quality of the extracted images are not satisfactory, as shown in Figures 7(c) and 7(f), which are in the presence of noises. These results manifest that the proposed algorithm has good reconstruction performance in noisy envioronment, but the embedded image is sensitive to noises, and this property can be used to detect the potential attacks which is unconspicuous on the stego-image.
We would present the complexity from two phases: embedding phase, extraction and reconstruction phase. In embedding phase, the complexity of encrypting plain image is related to the size of plain image. Therefore, this complexity is . As for embedding the Cipher image 1, the complexities are related to the bits of the plain image and the sparse presentation by OMP. Then, the complexities are and respectively, where is sparity. In summary, the complexity in the embedding phase is close to .
In extraction and reconstruction phase, the computational complexity can be effectively decreased due to the fact that matrix multiply instead of the CS recovery is executed in this phase, which is one of the main merits of this paper. Then, the complexity in extraction and reconstruction phase is related to multiplication between and the cipher image, which is close to . Therefore the total complexity of our algorithm is .
5. Comparison and Discussion
First, we discuss these algorithms from the view of the embedded image. Our proposed algorithm embeds natural image, but Refs. [22–24] embed binary image. Binary image is much sparser than natural image and it is much easier to be embedded.
Second, from the view of embedding location, we discuss their differences. In , the message is embedded in the AC coefficients, and then is compressed by CS. If one wants to extract the message precisely, the plain image must have ultra-sparse pixels. Yamaç et al.  proposed a method to embed data in the measurements, but our method is to embed the data in the sparse coefficients. The embedded locations in Hua et al.  are the same as those of our proposed algorithm, but there is drastically difference between them.
In , Hua et al. expanded possible locations to embed data, and they also dictated that there are locations for data hiding except the coefficients of host image. At the same time they indicated that multiple chips can be inserted, but the length of multiple chips was not stated explicitly. If inserting multiple chips at the same time, using their detection algorithm multiple chips are inseparable and cannot be extracted precisely. Therefore, they did not give the method how to embed and extract multiple bits. In a word, our proposed work improves Hua’s algorithm in two ways. One is to give a method to embed data into locations at the same time and to extract them precisely. The other is to insert more than two bits into one location.
Last, from the view of embedding rate, our proposed work achieves the largest rate. As previously described, our embedding rate achieves 2 bpp, which is larger than those in [22–24], but it leads to the sensitivity to noises. If we insert one bit into a coefficient location, the demerit (sensitivity to noises) can be made up. The idea is discussed as follows.
In Line of Algorithm 1, the output can be changed to , where denotes the embed strength and represents the embedded bits. If the th embedded data is 0, then . If the th embedded data is 1, then . Thus, the embed rate can achieve . If the transmitted cipher image is polluted by noises, the receiver data is changed towhere is additive noise satisfying . After extracting data like Line of Algorithm 2, we can obtainFor , we can change (15) into where .
When extracting, we can use to replace Line of the Algorithm 2. If , then , i.e., the embedded bits can be extracted precisely. In simulation, is set to be 5.
The simulation results are shown from Figures 8–10. Figures (a) are the transmitted cipher images. Because each pixel in a binary image can be represented by 1 bit, we embed a binary image Lady in three Figures (a). Figure 8(a) is polluted by Gaussian noise, where noise level is smaller than the embed strength . From Figure 8(c), we can see the extracted image is without noises. In contrast, the Gaussian noise level in Figure 9(a) is larger than the embed strength and from Figure 9(c) we can see the extracted image is degraded by Gaussian noise. In Figure 10(a), the cipher image is exposed in “salt & pepper” noisy environment. From Figure 10(c), we can see that the extracted result is degraded as same as Figure 9(c). It is because the “salt” noises are much larger than , and the “pepper” noises cleared some information of transmitted data. In fact, these noises caused by strong Gaussian or “salt & pepper” cannot be eliminated by these methods [22–24].
We can conclude, for our proposed algorithm in this section, decreasing the embedding rate and embedding a bit in a location of coefficients vector can improve the robustness to noises. If the compressive ratio is still , the embedding rate is 0.75 bpp, which is still larger than those in [22–24].
In this paper, an algorithm for meaningful image encryption is proposed. The main idea is to embed the secret image into the sparse representation of host image to achieve high covertness. Our proposed algorithm has the following merits. First, a novel method of RDH in CS domain is proposed, and the data embedding capacity is significantly higher than other similar schemes. Second, we propose the parity checks strategy to eliminate quantization error. Third, if the transmitted cipher image is not polluted by noises, the embedding rate achieves 2 bpp. And, if the transmitted cipher image is polluted by additive noise with lower level, the embedding rate bpp is equal to the difference between 1 and compressive ratio. Last, we use matrix multiplication in reconstruction phase to decrease computational complexity. In the future, we aim to improve the robustness of the proposed algorithm with lower computational complexity.
Conflicts of Interest
The authors declare that they have no conflicts of interest.
This work was supported by the National Natural Science Foundation of China (Grant nos. 61602158, 61572089, 61633005, U1604156, 61671042, 61403016), the China Postdoctoral Science Foundation (Grant no. 2016M600030), the Beijing Natural Science Foundation (Grant no. 4172037), the Open Fund Project of Fujian Provincial Key Laboratory in Minjiang University (Grant no. MJUKF201702), the Science Foundation for the Excellent Youth Scholars of Henan Normal University (Grant no. YQ201607), the Natural Science Foundation of Chongqing Science and Technology Commission (Grant no. cstc2017jcyjBX0008), and the Fundamental Research Funds for the Central Universities (Grants nos., 106112017CDJQJ188830, 106112017CDJXY180005).