#### Abstract

Over the past decade, most of secret image sharing schemes have been proposed by using Shamir's technique. It is based on a linear combination polynomial arithmetic. Although Shamir's technique based secret image sharing schemes are efficient and scalable for various environments, there exists a security threat such as Tompa-Woll attack. Renvall and Ding proposed a new secret sharing technique based on nonlinear combination polynomial arithmetic in order to solve this threat. It is hard to apply to the secret image sharing. In this paper, we propose a -threshold nonlinear secret image sharing scheme with steganography concept. In order to achieve a suitable and secure secret image sharing scheme, we adapt a modified LSB embedding technique with XOR Boolean algebra operation, define a new variable , and change a range of prime in sharing procedure. In order to evaluate efficiency and security of proposed scheme, we use the embedding capacity and PSNR. As a result of it, average value of PSNR and embedding capacity are 44.78 (dB) and bit-per-pixel (bpp), respectively.

#### 1. Introduction

In a security system, there is a maintenance tool which must be checked every day. In order to check it, someone must have access to this system. Three senior administrators are engaged, but they do not trust the combination to any individual administrator. Hence, we would like to design a system whereby any two of three administrators can gain access to this system, but an individual administrator cannot do so. In order to design this system, we adapt a concept of secret sharing. A secret sharing is technique for distributing a secret amongst a group of honest participants, and each secret piece is allocated for each participant after the secret is divided into several pieces. This secret can be reconstructed only when a sufficient number, of possibly different types of shares are combined together; an individual share is no use on its own [1–3]. Blakley [4] and Shamir [5] have proposed a concept of secret sharing for the first time. It is that the secret is divided into shares for participants, and is used as a threshold value (). It was called a -threshold technique and it means that at least participants of participants should be gathered.

With the development of computing and network technologies, in the meantime, multimedia data such as image, audio, and video files have transmitted over the Internet, actively. As a result, multimedia security has emerged as an important issue [6–14]. In 2002, Thien and Lin [15] have proposed a -threshold secret image sharing scheme for the first time. The secret image can be shared by several shadow images so the size of each shadow image is only of that of the secret image for convenient hiding, storage, and transmission in their scheme. Lin and Tsai [16] have proposed a secret image sharing with steganography concept based on the Shamir’s -threshold scheme. By using the parity bit check method, they claimed that their scheme can prevent from incidentally bringing an erroneous shadow image or intentionally providing a false image to achieve the authentication goal. They also presented another user-friendly image sharing such that shadow images look like natural images [17]. Recently, Lin and Chan [18] proposed a reversible secret image sharing scheme in 2010. They have achieved a low distortion and high embedding capacity. Additionally, it can reconstruct the secret and cover images, completely.

As mentioned above, most of secret image sharing schemes are based on Shamir’s -threshold. It has utilized a linear combination polynomial arithmetic in sharing procedure. A configuration of the linear combination polynomial with is as follows:

In sharing procedure for participants, an arbitrary share () is computed by above function . Each share is distributed to participant . In order to reconstruct the secret, we need pairs of . In this procedure, an arbitrary participant can submit a false share and only he will be able to obtain the correct secret while leaving the others with the incorrect secret. It is called a Tompa-Woll attack [19, 20]. This attack is caused by the linear property. Renvall and Ding [21] have proposed a new secret sharing scheme based on a nonlinear combination polynomial arithmetic in order to solve this problem. The nonlinear combination arithmetic indicates an inner product for any arbitrary matrix [21]. However, it is hard to apply to the secret image sharing.

In this paper, we propose a nonlinear secret image sharing scheme with steganography concept. Although the proposed scheme is based on Renvall and Ding’s sharing and reconstruction methods [21], we adapt several new techniques in order to achieve a suitable and secure secret image sharing scheme. In sharing procedure, we define a new variable and change a range of prime in order to attain the prevention of overflow (or underflow) and reinforce the security. Also, we propose a modified LSB embedding technique with XOR Boolean algebra operation in order to get the high embedding capacity. In order to evaluate efficiency and security of proposed scheme, we use the embedding capacity and PSNR. As the experimental results, we analyze the efficiency and security between proposed and previous techniques.

This paper is organized as follows. Section 2 introduces Shamir’s and Renvall and Ding’s secret sharing scheme. Considerations and algorithm of proposed scheme are discussed in Section 3. Section 4 presents the experimental results. Lastly, Section 5 gives the conclusions.

#### 2. Preliminaries

In this section, Shamir’s -threshold secret sharing and Renvall and Ding’s nonlinear secret sharing are introduced.

##### 2.1. Shamir’s -Threshold Secret Sharing

In 1979, Shamir has proposed a secret sharing scheme for the first time [5]. It is based on -threshold which is defined as follows [2].

*Definition 1. *Let be positive integers and . A ()-*threshold* is a method of sharing a* key * among a set of participants (denoted by ), in such a way that any participants can compute the value of , but no group of participants can do so.

For the example of -threshold, the value of is chosen by a honest participant called the* dealer* (denoted by , , where is a set of participants). If wants to share among the participants in , distributes some partial information of (called a* share*) for each participant. The shares should be distributed secretly, so no participant knows the share given to another participant. That is, an arbitrary participant does not know the information of in -threshold. In order to reconstruct a , two or more participants should get together by an arbitrary algorithm.

In Shamir’s scheme, the linear combination polynomial and Lagrange’s interpolation arithmetic operations over prime were used in order to distribute and reconstruct a , respectively. It consists of three phases with ()-threshold: initialization, share distribution, and reconstruction.

###### 2.1.1. Initialization Phase

chooses distinctly nonzero elements of , denoted by , (where ). For , gives the value to . The value is public.

###### 2.1.2. Share Distribution Phase

When wants to share a key , secretly chooses elements of which are denoted as . And then computes , for , by where are randomly determined from integers within . Finally, distributes the share to .

###### 2.1.3. Reconstruction Phase

If participants want to reconstruct a , or more participants will be recruited by . is reconstructed with information () for each participant and Lagrange interpolation formula as shown in (3) for polynomials.

Consider

Lastly, a key can be derived from .

##### 2.2. Renvall and Ding’s -Threshold Nonlinear Secret Sharing

In 1996, Renvall and Ding [21] have proposed a nonlinear secret sharing scheme. A polynomial arithmetic technique is based on quadratic form (called a nonlinear combination) instead of the linear combination. In fact, it is an inner product for an arbitrary matrix, and detailed arithmetic is as follows [21].

Let be a large prime of the form (). In order to generate the secret, it should be within . All arithmetic operations are performed over Galois field . For any positive integers , () and each set of indices , Vandermonde matrix is generated by
where all elements in matrix are distinct nonzero over and must satisfy two requirements as follows.R1:for any set of indices ,
* *where is the inverse of by the Chinese remainder algorithm.R2:for any set of indices , one of the following conditions is held:(1) and is a quadratic residue,(2), , and is a quadratic residue, * *where , and are expressed by (6), (7), and (8), respectively. * *Consider
* *where .

In sharing process, the secret with is selected to be shared among participants. Then, are randomly chosen over . Let a set . Each share is calculated by where is a row vector (or row matrix which has a single row of elements) and it can be expressed as , and is a transpose of .

In order to distribute the shares, calculates and as follows: where is th row vector in a Vandermonde matrix (as shown in (4)) and . Then distributes to participant .

If participants want to reconstruct the secret , or more participants will be recruited by . And then, is reconstructed with information for each participant and as follows:

They have completed verification of security for Tompa-Woll attack [21]. In this paper, we propose a nonlinear secret image sharing based on concepts of their scheme and steganography.

#### 3. The Proposed Scheme

In this section, we illustrate considerations, sharing, and reconstruction algorithms.

##### 3.1. Considerations

In order to propose a new nonlinear secret image sharing scheme, we discuss some considerations such as handing techniques of secret and shadow images and overflow (or underflow).

###### 3.1.1. Handling of Secret Image

In previous scheme, they used ()-threshold concept. But we adapt a concept of ()-threshold because of the convenience of proposed scheme. Given ()-threshold, we require that the secret image () to be divided into shadow images (s), and cannot be reconstructed without or more s. However, secrets () are generated from ’s pixel values. The major difference between proposed and Renvall and Ding’s schemes is that random value does not use . Also, the range of prime should be at least 60 bits in their scheme, but we let the range be . Tompa-Woll attack can occur because the range of prime is less than 60 bits. But, our scheme is safe for this attack because it is based on the steganography concept that the secret is hidden in friendly cover image such as Lena, airplane, and baboon.

###### 3.1.2. Overflow and Underflow

If an arbitrary pixel value in SI is one of 251 to 255, it can occur an overflow or underflow because all arithmetic operations are performed within GF(251). So, we define another variable positive integer () in order to prevent overflow or underflow. A pixel value in is converted by -ary form. For example, if a pixel value and are and 7, respectively, converted pixel value is . This converting technique is to provide reinforcement of security robustness. The converted -ary values utilize inputs of nonlinear polynomial arithmetic. And then, its outputs are performed with modulo- operation. Even if an attacker knows sharing and reconstruction algorithm of the proposed scheme, it is difficult to extract the correct .

###### 3.1.3. The Generation of Shadow Image

In Renvall and Ding’s scheme, is just a shadow. It was distributed to the participant by the dealer . However, the shadow is an image that is embedded in the proposed scheme. In order to generate the shadow image, hence, we utilize Boolean algebra operation for and .

##### 3.2. Sharing Procedure

Suppose that the cover image (), shadow image (), and secret image () consist of , and pixels, and these represent , , and , respectively. In order to determine the number of participants, the dealer () decides to fix the threshold values and (). Also, securely chooses a prime and positive integer ().

In this procedure, the sharing process is described. Input: A with size of and a with size of . Output: SHIs with size of .

*Step 1. *Convert a th pixel value () in into -ary’s expression as follows:
where and . For example, if is 3, is one of 0, 1, or 2. Let a set consist of subsets that compose -ary’s values and it is expressed by

If is not a multiple of , the remaining part in the last subset is filled by using well-known padding techniques.

*Step 2. *Choose for all participants by , where and . For any participants, the matrix which satisfies two requirements R1 and R2 is constructed as (14) in order to ensure the correctly selected . If does not satisfy two requirements, should select a new . Also, will be used in the reconstruction procedure.

Consider

*Step 3. *Calculate a shadow value (where , and ) with (as shown in (9)) and and by .

*Step 4. *Embed the generated th shadow value () for -th participant into CI with LSB1 and LSB2 techniques by Table 1 in order to generate ( and ). “” indicates XOR Boolean algebra operation. Table 1 shows the embedding method by prime . For example, it corresponds to the range of when is 19. Hence, are embedded by LSB1 and LSB2 techniques for 3 pixels.

*Step 5. *Distribute the generated into th participant by . And then, stores () for all ().

##### 3.3. Reconstruction Procedure

In this procedure, the reconstruction process is described. Input: s with size of . Output: a reconstructed with size of .

*Step 1. *Extract a th shadow value () from* j*th participant’s ( and ), and by Boolean operation .

*Step 2. *Calculate a th converted -ary’s value () as follows:

*Step 3. *Convert the calculated into pixel values by , and, reconstruct a with size of .

#### 4. Experimental Results

In this section, we analyze the security and efficiency of proposed scheme.

##### 4.1. The Measurement Tools

In order to estimate the efficiency and security of secret image sharing schemes, there exist two typical measurement tools: the embedding capacity and . The embedding capacity means the amount of embedded secret data in a cover image, and it can evaluate the efficiency of secret image sharing technique. That is, if the embedding capacity of an arbitrary technique is more increased, we can say that this technique has a good efficiency. It is generally measured in bit-per-pixel () or bit.

is the abbreviation for “*peak signal-to-noise ratio*” and it is the ratio between the maximum possible power of a signal and the power of corrupting noise that affects the fidelity of its representation. Nowadays, is the most popular distortion measurement tool in the field of image and video coding and compression. It is usually measured in* decibels *, and it is well known that these difference distortion metrics are not very well correlated with the human visible system (HVS). This might be a problem for their application in secret image sharing since sophisticated secret image sharing methods exploit in one way or the other effects of these schemes [22]. The detailed PSNR is represented by
where MAX indicates the maximum possible pixel value of the image. It is 255 because greyscale test images were used in this paper. is the abbreviation for “*mean squared error*” and it is represented by
where indicates the size of and . and are th pixel values in and , respectively. Given two greyscale images, if value is close to infinity (=∞), the distortion between two images is zero; that is, two images are the same. On the other hand, if value is close to zero, the distortion is higher; that is, two images are different. Generally, value is more than 35 dB, the difference between two images cannot be distinguished in HVS.

##### 4.2. Analysis

In the experiments, we have performed the experiment for -threshold and used eight greyscale test images as shown in Figure 1. The sizes of and were and , respectively. And the size of was or , depending on the experiments. The secret data was generated by Rand function in C++ Library. And then, generated secret bitstream was composed by each eight-bit. In order to implement the proposed scheme, the OpenCV Library and C++ programming language (environment: MS Visual Studio 2010) were used.

**(a) Lena**

**(b) Baboon**

**(c) Airplane**

**(d) Peppers**

**(e) Boat**

**(f) Man**

**(g) Elaine**

**(h) Woman**

In the proposed scheme, PSNR result depends on the embedding method by prime ’s interval as shown in Table 1. Our embedding method is that LSB1 and LSB2 were utilized. Hence, the minimum of PSNR without prime is more than 44 dB because PSNR value of LSB2 embedding method is close to 44 dB in general. Depending on the change of prime , PSNR result of the proposed scheme is shown in Table 2. If a prime is 17, 19, or 29, PSNR values were higher than other values. This result was due to the embedding method in sharing phase. For example, maximum embedding capacity is 5-bit when the range of is corresponding to . And, 5-bit is embedded into 3 pixels in by and (i.e., ). On the other hand, if is 11, the number of maximum embedding bits is four and it is embedded into 2 pixels in by . So, result was less than that of . Also, the number of maximum embedding bits is seven when is 113. But values were less than that of range of because embedding technique was utilized once more (i.e., ). In the experimental result of , the minimum was 44.11 dB. This result shows that we cannot distinguish the distortion between and s in HVS.

In the meantime, we utilized a variable in order to prevent the overflow and reinforce the security for secret data. So, the variable and prime should not be correlated relatively and Figure 2 shows that the relation of between and with prime as 19 and 29. values were located at 45.10 to 45.60 dB regardless of the increase (or decrease) of . This result shows that there is no correlation between and .

The embedding capacity of the proposed scheme was decided with the embedding method by prime ’s interval as shown in Table 1. So, we have calculated the theoretical embedding capacity and it is shown in Table 3. s, , , and indicate the number of maximum embedding bits, embedding capacity, threshold value, and size of shadow image, respectively. The embedding capacity is more increased when is odd and is close to 251. But, the embedding capacity is fixed at bit when is even. This is because of the proposed embedding method as mentioned above. The best case is the intervals of and in terms of tradeoff between and the embedding capacity. And average of all embedding capacity values is bit.

In order to verify an excellence of the proposed scheme, we have performed a comparison between our and the previous schemes and the result of it is shown in Table 4. All results were average values and a unit of is bit-per-pixel (). In results, the proposed and Lin and Chan’s [18] schemes were related to a threshold value . On the other hand, other schemes (Lin and Tsai [16], Wang and Shyu [23], and Chang et al. [24]) were fixed. This is because the amount of secret data that is inserted into polynomial is different. In typical schemes, the secret data is only embedded into the constant terms in the polynomial. But, the secret data is embedded into all coefficients except the highest order terms in Lin and Chan’s scheme. If a threshold is increased (this fact shows that the number of participants is also increased), each is also increased more for our and Lin and Chan’s schemes. But, and results in Lin and Chan’s scheme have a inversely proportional relationship. In results, the proposed scheme was higher than others. We obtained that the efficiency and security of proposed scheme was superior to the previous schemes.

#### 5. Conclusions

In this paper, we have proposed a ()-threshold nonlinear secret image sharing scheme for the first time. Renvall and Ding’s scheme was based on quadratic combination and Vandermonde matrix arithmetic operations. In the proposed scheme, it was extended to secret image sharing scheme with steganography concept. All arithmetic operations in the proposed scheme was limited within because the target of secret was a pixel value in . In order to prevent the overflow in and reinforce the security, a new variable was used in sharing procedure. In sharing procedure, the embedding technique depended on , , and prime . Boolean algebra operation for embedding data was performed in order to increase and the embedding capacity. As the results, the average values of PSNR and the embedding capacity are 44.78 and (), respectively. Also, the best case of the proposed scheme is the intervals of and in terms of tradeoff between and the embedding capacity.

The future works are as follows: the studies of nonlinear secret image sharing scheme over (), the various experiments for and the embedding capacity, and the improved embedding technique.

#### Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

#### Acknowledgments

This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (NRF-2012R1A1A2008348) and Brain Korea 21 Plus (BK21+) Project in 2014.