The Tutorial:
Cryptography
Yu

Hsiang Wang
(
王昱翔
)
E

mail: r98942059@ntu.edu.tw
Graduate Institute of Communication Engineering
National Taiwan University, Taipei, Taiwan, ROC
Abstract
In this report, we introduce some techniques of the cryptography since
1976. In
the beginning, the Data Encryption Standard (DES) is discussed for
the reason that
this is the primary cryptosystem formally accepted by National Bureau of Standards.
As the time goes by,
the DES algorithm is substituted by the
Advanced Encryption
Standard (AES) because of the easily break of DES in this era of scientific and
technological progress.
After
introducing the fundamental algorithms of the
cryptography, we mention two applications in the cryptograph
y. The first one is
watermark
.
I
t is
very important application in the problem of copyright. The other one
is visual cryptography
. The encryption and decryption of this technique are
based on
human visual
. We survey the concept of visual cryptography and introduce a data
hiding algorithm in i
mage size invariant visual cryptography.
1.
Introduction
Cryptography
is the study of hiding some confidential information. The current
cryptography crosses over the mathematics, engineering, and computer science. The
applications of cryptography embrace all
cases in our daily life, e.g. ATM cards,
network security, video and audio.
The cryptography covered field is very extensive.
In this report, we prefer introduce the conventional algorithm:
the Data Encryption
Standard (DES) and the
Advanced Encryption St
andard (AES). These two algorithms
are selected as an information processing standard by
National Bureau of Standards
and National Institute of Standards and Technology in different century, respectively.
The most
different
between them is distinct length of their key. The key length of AES
algorithm is much longer the DES. In
c
hapter 2 and 3, we will detailed introduce the
constructions and the functions of both algorithms, respectively. Next
in chapter 4 and
5
, we take the
focus on
some applications relevant with the cryptography, e.g. the
watermarking and the visual cryptography. Both of them is widely applied on the
copyright protection, commercial image transaction, content authentication, and
trusted camera. For waterma
rking, we
concentrate on the public key verification
watermark, which is the extension of the secret key scheme. Regard to the visual
cryptography
, we not only refer the conventional visual secret sharing (VSS) system
but also the
size
invariant VSS, which
is the refined vision of conventional VSS.
Finally, we introduce the integration between the data hiding and the visual
cryptography
.
2.
DES
Algorithm
The Data Encryption Standard (DES) is one of the cryptosystems. This
cryptosystem was selected as
Federal
Information Processing Standard
(FIPS) by
National Bureau of Standards
in 1976.
The speed of
DES
’
s
encryption
and decryption
is fast, but
the drawback of
DES is that the length of
its key
only has 56 bits. So that
it
is possible to crack
DES in
a
day
with
today
’
s technology.
In the following, we will describe the detail of the DES algorithm because that
DES remains an important model for the construction of secure block ciphers.
2.1
The Construction of DES
Given a
plaintext
p
of
length 2
t
with alphabet {0, 1}.
We
split it into two halves
of length
t
and it can be shown as
0 0
,
p L R
, where
0
L
is the left halt and
0
R
is
the right half.
Then we can
construct the sequence
1 1 1
,,, 1
i
i i i i K i
L R R L f R i r
,
(
2
.
1
)
and set
0 0
,,
k r r
E L R L R
,
(
2
.
2
)
W
here
k
f
is the encryption function for the key
K
,
r is a number of rounds, so we
may get a key space
K
contained
sequences
(
K
1
,
…
,
K
r
)
of round keys.
k
E
is the
encryption function of DES for key
k
K
.
Similarly, the decryption of DES could derive from
(2.1)
shown as
1 1
,,, 1
i
i i i i K i
R L L R f L i r
,
(
2
.
3
)
In the
decryption,
r
rounds make process with the reverse key sequence (
K
r
,
K
r

1
,
…
,
K
1
), so the plaintext (
R
0
,
L
0
)
is reconstructed from the ciphertext (
R
r
,
L
r
).
Next, we
introduce
DES
’
s three steps: initial permutation, internal block cipher, and keys
.
2.
2
Initial
permutation
(IP)
First of all, DES
permutes
p
by IP table shown in Table 2.1. The initial
permutation (IP) is a bit permutation on bit vectors of length 64 that is dependent of
the chosen key.
The usage of Table 2.1 is if
p
=
p
1
p
2
p
3
…
p
64
, IP(
p
) =
p
58
p
50
p
42
…
p
7
.
After finish all rounds, the ciphertext is constructed using the inverse permutation IP

1
.
For example, a 8

round cipher, the ciphertext is
1
8 8
c IP R L
.
Table 2.1 The initial permutation IP.
IP
58
50
42
34
26
18
10
2
60
52
44
36
28
20
12
4
62
54
46
38
30
22
14
6
64
56
48
40
32
24
16
8
57
49
41
33
25
17
9
1
59
51
43
35
27
19
11
3
61
53
45
37
29
21
13
5
63
55
47
39
31
23
15
7
IP

1
40
8
48
16
56
24
64
32
39
7
47
15
55
23
63
31
38
6
46
14
54
22
62
30
37
5
45
13
53
21
61
29
36
4
44
12
52
20
60
28
35
3
43
11
51
19
59
27
34
2
42
10
50
18
58
26
33
1
41
9
49
17
57
25
2.
3 Internal block cipher
The internal block cipher is the encryption function
f
K
in (2.1)
, where input is
{0, 1}
32
and output is {0, 1}
32
with a key
48
0,1
K
.
Fig. 2.1 shows the structure of
internal block cipher. In the beginning, the argument
32
0,1
R
is expanded by
expand function E:
32 48
0,1 0,1
. This function is shown in Table 2.2 and the
usage is t
he same as Table 2.1.
Subsequently,
compute
E R K
and divide the
result into 8 blocks Bi,
1 8
i
of length 6, presented as
1 2 3 4 5 6 7 8
E R K BB B B B B B B
.
Next, use
function
s
6 4
:0,1 0,1, 1 8
i
S i
called
S

boxes.
The
S

boxes
are the core of DES because they are highly nonlinear. They are shown in Table 2.4
with 4 rows and 16 columns for each box.
The computing method is as follows. For
each
1 2 3 4 5 6
B bb b b b b
, the
integer with binary expansion
1 6
b b
is used as
the row
index and the middle integer with binary expansion
2 3 4 5
b b b b
is used as the columns
index. The entry of the
S

box in this row and column is written in binary expansion
with length 4. For example
S
1
(101010), the first bit is 1 and the last bit is 0, so the row
index is a integer with binary expansion 10 (i.e., 2)
and the column index is a integer
with binary expansion 0101 (i.e., 5).
The entry in row 2 and column 5 of the first
S

box is 6 and its bin
ary expansion is 110. Consequently,
S
1
(101010) = 0110.
So t
he expression
of output from
S

boxes
is
, 1 8
i i i
C S B i
and the
string
1 2 3 4 5 6 7 8
C CC C C C C C C
,
32
0,1
C
. Finally,
after letting
C
compute
permutation P from Table 2.3, the result
f
K
(
R
) can be obtained.
Fig. 2.1 The
encryption function
f
K
of DES
.
Table 2.2 The function E.
E
32
1
2
3
4
5
4
5
6
7
8
9
8
9
10
11
12
13
12
13
14
15
16
17
16
17
18
19
20
21
20
21
22
23
24
25
24
25
26
27
28
29
28
29
30
31
32
1
Table 2.3 The function P.
P
16
7
10
21
29
12
28
17
1
15
23
26
5
18
31
20
2
8
24
14
32
27
3
9
19
13
30
6
22
11
4
25
Table 2.4
S

boxes of DES
.
Row
Column
[0]
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
S
1
[0]
14
4
13
1
2
15
11
8
3
10
6
12
5
9
0
7
[1]
0
15
7
4
14
2
13
1
10
6
12
11
9
5
3
8
[2]
4
1
14
8
13
6
2
11
15
12
9
7
3
10
5
0
[3]
15
12
8
2
4
9
1
7
5
11
3
14
10
0
6
13
S
2
[0]
15
1
8
14
6
11
3
4
9
7
2
13
12
0
5
10
[1]
3
13
4
7
15
2
8
14
12
0
1
10
6
9
11
5
[2]
0
14
7
11
10
4
13
1
5
8
12
6
9
3
2
15
[3]
13
8
10
1
3
15
4
2
11
6
7
12
0
5
14
9
S
3
[0]
10
0
9
14
6
3
15
5
1
13
12
7
11
4
2
8
[1]
13
7
0
9
3
4
6
10
2
8
5
14
12
11
15
1
[2]
13
6
4
9
8
15
3
0
11
1
2
12
5
10
14
7
[3]
1
10
13
0
6
9
8
7
4
15
14
3
11
5
2
12
S
4
[0]
7
13
14
3
0
6
9
10
1
2
8
5
11
12
4
15
[1]
13
8
11
5
6
15
0
3
4
7
2
12
1
10
14
9
[2]
10
6
9
0
12
11
7
13
15
1
3
14
5
2
8
4
[3]
3
15
0
6
10
1
13
8
9
4
5
11
12
7
2
14
S
5
[0]
2
12
4
1
7
10
11
6
8
5
3
15
13
0
14
9
[1]
14
11
2
12
4
7
13
1
5
0
15
10
3
9
8
6
[2]
4
2
1
11
10
13
7
8
15
9
12
5
6
3
0
14
[3]
11
8
12
7
1
14
2
13
6
15
0
9
10
4
5
3
S
6
[0]
12
1
10
15
9
2
6
8
0
13
3
4
14
7
5
11
[1]
10
15
4
2
7
12
9
5
6
1
13
14
0
11
3
8
[2]
9
14
15
5
2
8
12
3
7
0
4
10
1
13
11
6
[3]
4
3
2
12
9
5
15
10
11
14
1
7
6
0
8
13
S
7
[0]
4
11
2
14
15
0
8
13
3
12
9
7
5
10
6
1
[1]
13
0
11
7
4
9
1
10
14
3
5
12
2
15
8
6
[2]
1
4
11
13
12
3
7
14
10
15
6
8
0
5
9
2
[3]
6
11
13
8
1
4
10
7
9
5
0
15
14
2
3
12
S
8
[0]
13
2
8
4
6
15
11
1
10
9
3
14
5
0
12
7
[1]
1
15
13
8
10
3
7
4
12
5
6
11
0
14
9
2
[2]
7
11
4
1
9
12
14
2
0
6
10
13
15
3
5
8
[3]
2
1
14
7
4
10
8
13
15
12
9
0
3
5
6
11
2.
4 Keys Computation
In this section, we explain the computation procedure of the round keys. First, let
64
0,1
k
be a DES key and create the round keys
, 1 16
i
K i
with length 48.
Then we define
the values
, 1 16
i
i
as follows.
1 for 1, 2, 9, 16
2 otherwise
i
i
,
and
the functions
64 28 28
PC1:0,1 0,1 0,1
and
28 28 48
PC2:0,1 0,1 0,1
.
The steps of the round keys are shown as below.
set (
C
0
,
D
0
) = PC1(
k
);
for i:= 1 to 16 do
(A)
Compute string
C
i
derived from
C
i

1
by
a circular left shift of
i
points.
(B)
Compute string
D
i
derived from
D
i

1
by a circular left shift of
i
points.
(C)
Decide
K
i
= PC2(
C
i
,
D
i
).
end
The function PC1 transforms a bitstring
k
with length 64 to two bitstrings
C
and
D
with length 28 according to Table 2.5
(a)
. The function PC1 in Table 2.5
(a)
is
divided into two halves. The upper half
presents
C
. If k = k
1
k
2
…
k
64
,
C
= k
57
k
49
…
k
36
.
The lower half presents
D
, where
D
=
k
63
k
55
…
k
4
.
The function PC2 transforms (
C
,
D
)
of bitstrings to a bitstring with length 48 according to Table 2.5(b), e.g. PC2(b
1
b
2
…
b
56
)
=
b
14
b
17
…
b
32
.
Table 2.5(a) The function PC1and (b) PC2.
(a)
PC1
57
49
41
33
25
17
9
1
58
50
42
34
26
18
10
2
59
51
43
35
27
19
11
3
60
52
44
36
63
55
47
39
31
23
15
7
62
54
46
38
30
22
14
6
61
53
45
37
29
21
13
5
28
20
12
4
(b)
PC2
14
17
11
24
1
5
3
28
15
6
21
10
23
19
12
4
26
8
16
7
27
20
13
2
41
52
31
37
47
55
30
40
51
45
33
48
44
49
39
56
34
53
46
42
50
36
29
32
3.
AES Algorithm
The Advanced Encryption Standard (AES) is a symmetric

key encryption
standard selected by National
Institute of Standards and Technology (NIST)
and
substituted the DES
algorithm
in 2001.
AES is a block cipher with alphabet
2
,
0, 1, 2, 3, ...
and is a special case of the Rijndael cipher. In the Rijndael
cipher more different block lengths and ciphertext spaces are possible than in AES.
The Rijndael cipher is mainly composed of the encryption function
Cipher
and
the
key function
KeyExpansion
.
W
e will describe two functions in following subsections.
Before
introduce the AES algorithm
, we define some parameters previously
.
Nb
: The plaintext and ciphertext blocks
are
compose
d
of
Nb
32

bit words,
4 8
Nb
.
So the Rijndael block length is
Nb
*32 and then AES block is
4*32.
Nk
: The key is composed of
Nk
32

bit words,
4 8
Nk
. So the Rijndael key
space is
2
*32
Nk
and AES has
Nk
= 4, 6, or 8.
So the AES key space is
2
128
,
2
192
, or
2
256
.
Nr
:
Number of rounds.
AES has
10 for 4,
12 for 6,
14 for 8.
Nk
Nr Nk
Nk
The plaintext and ciphertext are shown as two

dimensional arrays have four rows
and
Nb
columns. The plaintext and ciphertext of AES is as follow.
0,0 0,1 0,2 0,3
1,0 1,1 1,2 1,3
2,0 2,1 2,2 2,3
3,0 3,1 3,2 3,3
s s s s
s s s s
s s s s
s s s s
,
where
s
i,
j
is a byte of a bit

vector of length 8 and
s
i,0
s
i,
1
s
i,2
s
i,3
is a word of a bit

vector
of length 32.
3
.1 Cipher
We present the encryption function
Cipher
. The input is the plaintext block
byte
in[4,
Nb
]
and the expanded key
word w[
Nb
*(
Nr
+1)]
.
The output is the ciphertext block
byte out[4,
Nb
]
.
In the beginning, the plaintext
in
is copied into byte
state
and
transformed
state
by
AddRoundKey
. Then in the first
Nr

1 rounds, apply
the
transforms
SubBytes
,
ShiftRows
,
MixColumns
and
AddRoundKey
for
state
. In the last
round only, only use
SubBytes
,
ShiftRows
and
AddRoundKey
.
Algorithm
3

1:
The AES function cipher
Cipher(byte in[4,
Nb
], byte out[4,
Nb
], word w[
Nb
*(
Nr
+1)])
begin
byte state[4,
Nb
];
state = in;
AddRoundKey(state, w[0,
Nb

1]);
for round = 1 step 1 to
Nr

1
SubBytes(state);
ShiftRows(state);
MixColumns(state);
AddRoundKey(state, w[round*
Nb
, (round+1)*
Nb

1]);
end for
SubBytes(state);
ShiftRows(state);
AddRoundKey(state, w[
Nr
*
Nb
, (
Nr
+1)*
Nb

1]);
out = state;
end
Before describing the transforms, we previously define the role byte plays in the
Rijndael cipher.
Bytes are identified with elements of the finite field GF(2
8
). We can
use
the
polynomial
8 4 3
1
m X X X X X
.
Because this polynomial is irreducible
over GF(2), we can write GF(2
8
) = GF(2)(
α
),
where
α
satisfies the equation:
α
8
+
α
4
+
α
3
+
α
+ 1 = 0.
So the byte (
b
7
b
6
b
5
b
4
b
3
b
2
b
1
b
0
)
corresponds to the element
7
0
i
i
i
b
of GF(2
8
). Therefore, bytes can be added,
multiplied, and inverted except zero cannot be inverted. We set
b

1
as the inverse of a
byte
b
, e.g. 2

1
= 2 or 0

1
= 0.
Then we give an example, the byte b = (0, 0, 0, 0, 0, 0, 1, 1) corresponds to the
field element
α
+
1 and
1
7 6 5 4 2
1
.
So
1
1,1,1,1,0,1,1,0
b
. In the following three subsect
ions, we describe functions
SubB
yte
,
ShiftRows
, and
MixColumns
.
3
.
1.1
SubBytes
SubBytes
is a non

linear function. It transform
s
each byte of state to
1
Ab c b
,
(
3
.
1
)
where
1 0 0 0 1 1 1 1 1
1 1 0 0 0 1 1 1 1
1 1 1 0 0 0 1 1 0
1 1 1 1 0 0 0 1 0
and
1 1 1 1 1 0 0 0 0
0 1 1 1 1 1 0 0 1
0 0 1 1 1 1 1 0 1
0 0 0 1 1 1 1 1 0
A c
.
Among the equation,
b
is a bit

vector with 2
8
possible arguments. The
S

box table can
imply in the
SubBytes
.
For example, if we apply to b = (0, 0, 0, 0, 0, 0, 1, 1), then it
can decide the value of the
S

box. Because we have known
1
1,1,1,1,0,1,1,0
b
before,
1
0,1,1,0,0,1,1,1
Ab c
. The
S

box ensures
the
non

linearity of AES.
3.
1.2
ShiftRows
In function
ShiftRows
, it applies cyclic left

shifts to the rows of the matrix. The
transform is shown as below. The left matrix has 4 rows and
Nb
columns and each
entries are bytes. The right matrix is the cyclic left shifts result.
0,0 0,1 0,2 0,3 0,0 0,1 0,2 0,3
1,0 1,1 1,2 1,3 1,1 1,2 1,3 1,0
2,0 2,1 2,2 2,3 2,2 2,3 2,0 2,1
3,0 3,1 3,2 3,3 3,3 3,0 3,1 3,2
s s s s s s s s
s s s s s s s s
s s s s s s s s
s s s s s s s s
,
(
3
.
2
)
Generally, the cyclic left

shifts of
c
i
positions are applied the
i
th row with
c
i
in
Table
3
.
1
.
Table
3
.
1
The Cyclic left

shift in
ShiftRows
.
Nb
c
0
c
1
c
2
c
3
4
0
1
2
3
5
0
1
2
3
6
0
1
2
3
7
0
1
2
4
8
0
1
3
4
3.
1.3
MixColumns
A state
0,1,2,3,
,,,
j j j j j
s s s s s
for
0
j Nb
, which can be recognized as the
polynomial
2 3 8
0,1,2,3,
2
j j j j
s s x s x s x GF x
.
(
3
.
3
)
The function MixColumns is
4
* mod 1, 0
j j
s s a x x j Nb
,
(
3
.
4
)
where
3 2
03 * 01 * 01 * 02
a x x x x
.
Furthermore, it can be presented as a linear transformation in GF(2
8
)
4
shown as
02 03 01 01
01 02 03 01
, 0
01 01 02 03
03 01 01 02
j j
s s j Nb
,
(
3
.
5
)
3.1.4 AddRoundKey
Define
s
0
,
…
,
s
Nb

1
as the columns of state and the function
AddRoundKey
(state,
w[1*
Nb
, (l+1)*
Nb

1]) is
*, 0
j j
s s w l Nb j j Nb
.
(
3
.
6
)
In this function the words of
the round key are added mod 2 to the columns of state
and let each round key dependent.
3.2 KeyExpansion
The algorithm
KeyExpansion
is in order to expand a Rijndael key
key
, which is a
byte array of length 4*
Nk
and the expanded key
w
, which is a word arr
ay of length
Nb
*(
Nr
+1). The pseudocode of
KeyExpansion
is
displayed in following.
Table 3.2 The function
KeyExpansion
in AES.
KeyExpansion (byte key[4*
Nk
], word w[
Nb
*(
Nr
+1)]
,
Nk
)
Begin
word temp;
i = 0;
while (i <
Nk
)
w[i] = word(key[4*i], key[4*i+1],
key[4*i+2], key[4*i+3]);
i = i + 1;
end while
i =
Nk
;
while (i <
Nb
*(
Nr
+1))
temp = w[i

1];
if (i mod
Nk
= 0)
temp = SubWord(RotWord(temp)) xor Rcon[i/
Nk
];
else if (
Nk
> 6 and i mod
Nk
= 4)
temp = SubWord(temp);
end if
w[i] = w[i

Nk
] xor temp;
i = i + 1;
end while
end
In the beginning, the first
N
k words
w
are filled with the bytes of
key
by using
the function
word
, which concatenates its arguments.
The function
SubWord
applies
the previous mentioned function
SubBytes
in 3.1.1. Its input is a word, which can be
written as a sequence (
b
0
,
b
1
,
b
2
,
b
3
)
of bytes. Each byte is transformed by (3.1) shown
as
1 1 1 1
0 1 2 3 0 1 2 3
,,,,,
Ab c Ab c Ab Ab c b b b b
.
(
3
.
7
)
And the input of
RotWord
is also a word (
b
0
,
b
1
,
b
2
,
b
3
). The output is
0 1 2 3 1 2 3 0
,,,,,,
b b b b b b b b
.
(
3
.
8
)
Besides, we have
Rcon
[n] = ({02}
n
, {00}, {00}, {00}).
4.
Cryptography for Watermark
ing
Digital watermarking is a technique to insert a digital signature into an image so
that the signature can be extracted i
n order to
ownership
verification or authentication.
There are many different types of watermarking schemes for different applications.
One type of watermark makes sure the integrity of images because digital image can
be tampered with ease.
The ability to
detect
any changes is important
in many
applications
, e.g.
medical archiving or illegal usage.
Another type is for image
authentication, e.g. when a buyer buys a digital image from a seller on network. After
the seller transmits
the
digital image to the buyer over network, the buyer wants to
check the integrity of the received image and whether this image is sent by the seller.
In this section, we survey a public key watermarking algorithm for image
integrity verification
[4]
.
This
algorithm is extended from the secret key verification
watermark. In this system,
the
owner of the image inserts a watermark by a private
key
K
’
and any person can use the public key
K
, which is corresponding to the private
key
K
’
to extract a watermark. S
o that we can detect if that exists any change in the
watermarked image according to observe the extracted watermark.
4.1 Pre

set
Define a grayscale image
x
m,
n
, a binary watermark image
b
m,
n
and a
watermarked image
y
m,
n
of size M by N pixels.
Then we partition both the image and
watermark image into blocks of size
I
by
J
pixels. After that each block of
b
m,
n
is
inserted into the corresponding block of
x
m,
n
to derive
the
watermarked block of
y
m,
n
.
The watermark insertion and extraction proce
dures are presented in 4.2 and 4.3.
4.2 Watermark Insertion
Let
X
r
denote the
r
th
block of data in the image
x
m,
n
and the corresponding block
r
X
, which each element in
r
X
equals the corresponding element in
X
r
except that
the least significant bit is set to zero. Then we compute the hash
1 2
,,,,...,
r r r
r s
H M N X t t t
.
(
4
.
1
)
where
H
is a cryptographic hash function, e.g. the MD5 [5]
,
r
i
t
denotes the output
bits from the hash function, and
s
is size of the output bits which is depend on
the
hash function chose.
Carefully, the block size
I
*
J
should satisfy
*
I J s
.
Consequently, set
T
r
as the first I*J bits from the bit stream shown as
1 2
,,...,
r r r
r IJ
T t t t
and use exclusive

OR
to combine
T
r
with a corresponding block
B
r
in
b
m,
n
,
i.e.
r r r
W T B
where
denotes the element

wise exclusive

OR
operation between
the
two blocks.
After derive
W
r
, we encrypt
W
r
with a public key cryptographic system
[6]
to get
'
r K r
C E W
.
(
4
.
2
)
where
E
is the encryption function of
the
public key system and
K
’
is the private key.
Then we insert the binary block of data
C
r
into the least significant bit of
r
X
to form
a block
Y
r
of the
watermarked
image. The watermark insertion procedure is shown in
Fig. 4
.
1.
Fig. 4
.
1 A public key watermarking algorithm: the watermark insertion procedure.
[4]
4.3 Watermark Extraction
Assume
Z
r
denote the image block, we split
Z
r
into two pieces. The first piece
G
r
contains the least significant bits, and the second piece
r
Z
contains the pixel values
except the least significant bits
. We compute the hash function of
M
,
N
and
r
Z
,
1 2
,,,,...,
r r r
r s
H M N Z q q q
and use
Q
r
denote the first 64 bits of
,,
r
H M N Z
.
Then we decrypt
G
r
by a decryption algorithm [6] with
the
public key
K
that
corresponds to the private key
K
’
used in the watermark insertion.
r K r
U D Z
.
(
4
.
3
)
Finally we can use the element

wise exclusive

OR
operation to compute the output
block
r r r
O Q U
.
The
watermark extraction procedure is shown in Fig. 4
.
2.
Fig. 4
.
2 A public key watermarking algorithm: the
watermark extraction procedure.
[4]
Note that if
Z
r
=
Y
r
, then
r r
Z X
and
G
r
=
C
r
, so
P
r
=
Q
r
and
U
r
=
W
r
. Hence
the
output binary image
O
r
is
identical to the block
B
r
. When the watermarked image
had been tampered, the output binary image will appear similar to random noise due
to the property of
hash function.
5.
Visual Cryptography and Data Hiding
5.1 Visual Cryptography
In
encryption procedure, v
isual c
ryptography
[7]
is a technique for hiding a
two

tone secret image into a set of binary transparencies which seem like random
noise. In the decryption step, the secret image can be observable by human visual
system by stacking
some transparencies.
Generally,
v
isual c
ryptography
use a visual
secret sharing (VSS) scheme based on a {
k
,
n
} threshold framework, where
n
means a
secret image will be hidden in
n
transparencies, and k is that we can stack
k
or more
than
k
transparencies
to reconstruct the secret image in visual.
5.1.1 The conventional {2, 2} VSS
In the conventional {2, 2} VSS,
a secret image is encrypted into two
transparencies and
there exists six 2
*
2 codewords shown
in Fig. 5
.
1. Form Fig. 5
.
1,
we can see that each codeword contains two white pixels and two black pixels, this is
for the purpose of producing random noise in transparencies.
c
1
c
2
c
3
c
4
c
5
c
6
Fig. 5
.
1 The codewords of the conventional {2, 2} VSS. [7]
In encryption
part, each secret pixel is encrypted into two 2
*
2 codewords. So
each white (black)
pixel has six pairs in encryption part
shown in
Table. 5
.
2
. For
white pixel, it can be encrypted into six types {(
c
1
,
c
1
), (
c
1
,
c
2
), (
c
3
,
c
3
),
(
c
4
,
c
4
),
(
c
5
,
c
5
),
(
c
6
,
c
6
)}, where the former codeword is assigned to the first transparency and the latter
one is assigned to the second transparency. Each combination appears with an equal
probability. Similarly, a black pixel is encrypted into six combinations {(
c
1
,
c
2
),
(
c
2
,
c
1
),
(
c
3
,
c
4
),
(
c
4
,
c
3
),
(
c
5
,
c
6
),
(
c
6
,
c
5
)
}
. Therefore, a
k
1
*
k
2
secret will be encrypted into
two 2
k
1
*2
k
2
transparencies
(
T
1
and
T
2
)
.
After combine two transparencies, the
reconstructed image
R
can be
derived
.
There is an example of the conventional {2, 2}
VSS shown in Fig. 5
.
2
.
Table. 5
.
2 The encryption and decryption types of the conventional {2, 2} VSS.
[8]
S
ecre
t
T
1
T
2
S
tack in
R
C
0
C
1
Fig. 5
.
2 The
example of the conventional {2, 2} VSS, (a) the secret image, (b) the
transparency
T
1
, (c) the transparency
T
2
, (d)
the stacking output of
T
1
and
T
2
. [8]
The drawback of the
conventional VSS is that the transparencies will be
expanded several times, e.g. for the conventional {2, 2} VSS are
four times of the
original secret image.
It is
a heavy
load
ing
for the storage space and
the
network
bandwidth. So that
the image size inva
riant visual cryptography was announced in
1999.
5.1.2 The image size invariant {2, 2} VSS
Ito et al. [9] designed an image size invariant VSS. This technique is based on
the probabilistic principle
. Different to the conventional
{2, 2} VSS,
Ito et al.
’
s
model
only has two single pixel codewords shown in Fig. 5
.
3
. The same partition with the
conventional
{2, 2} VSS is that there has two choices for a white pixel and a black
pixel encryption, too.
The encryption and decryption types of t
he image size invar
iant
{2, 2} VSS
are shown in
Table
.
5
.
2
.
If we want to encrypt a white (black) pixel, then
just randomly choose a column from
C
0
(
C
1
) and assign them to the two
transparencies, respectively.
When we need to decrypt pixels, compute the
exclusive

OR
operation between the pixels of two transparencies. T
here is an example
of the
image size invariant {2, 2} VSS in Fig. 5
.
4
.
c
1
c
2
Fig. 5
.
3
The codewords of the
image size invariant
{2, 2} VSS. [8]
Table 5
.
2 The encryption and decryption types of
the
image size invariant
{2, 2} VSS.
[8]
Secret
C
0
C
1
T
1
T
2
stacking
XOR
Fig. 5
.4
The
example of the
image size invariant
{2, 2} VSS, (a) the secret image, (b)
the transparency
T
1
, (c) the transparency
T
2
, (d) the stacking output of
T
1
and
T
2
. [8]
5.1.3 The characteristics of visual cryptography
For visual cryptography, it has some
advantages
[10]
:
a.
Complete security.
b.
Robust method against the loss of compression and distortion because of the
property of
binary.
c.
Do not need computer device for decryption.
The drawback of visual cryptography:
a.
The resolution of t
he restored secret image
is lower than the original secret
image.
b.
If we
want
to apply the visual cryptography in color image, there have to add
some
extra processing such as halftoning and color

separation.
c.
The superposition of two
transparencies is not easy to accomplish unless it
provides some special alignment marks.
5.2
Combination of
Data Hiding
and
Visual Cryptography
Data Hiding can be applied in tamper detection, content authentication,
and
copyright protection.
Presently, lots of image data hiding techniques have been
proposed, e.g. for the cover media of audios, images, and videos. I
n this section, we
survey an algo
rithm [8]
of hiding some important data by image size invariant visual
cryptography.
5.2.1
Data Hid
ing
and Encryption
Let the secret image
I
be an
M
*
N
halftone image and
the
hidden data
W
is an
M
*
N
/2 binary image.
The sizes of the two transparencies
T
1
and
T
2
are
M
*
N
because
it uses
image size invariant visual cryptography here.
We assume 0 and 1 denote a
black and a white pixel, respectively.
The encryption procedure is three pixels
considered at a same time which is 1 bit data hiding
w
c
and 2 bit secr
et image data (
s
c
,
s
c
+1
)
.
The
computation order is first: data
w
c
is hidden in
T
1
(
x
,
y
) and
T
2
(
x
,
y
+1
) in (5.1),
the second step:
s
c
is encrypted in
T
1
(
x
,
y
) and
T
2
(
x
,
y
) in (5.2), and the last step:
s
c
+1
is
encrypted in
T
1
(
x
,
y
+1
) and
T
2
(
x
,
y
+1
) in (5.3).
The encrypted scheme is presented in
Fig. 5.5.
Fig. 5.5 The encrypted and data hiding scheme.
1
2
1
,if 0
,1
1,if 1
c
c
T x y w
T x y
T x y w
.
(
5
.
1
)
1
2
1
1,if 0
,
,if 1
c
c
T x y s
T x y
T x y s
.
(
5
.
2
)
2 1
1
2 1
1,1 if 0
,1
,1 if 1
c
c
T x y s
T x y
T x y s
.
(
5
.
3
)
5.2.2 Data Extraction and Decryption
In decryption,
the
secret
image and the hidden data can be extracted by using the
exclusive

OR operation. The hidden data extraction is presented in (5.4) and the
reconstruction of secret image (
s
c
,
s
c
+1
) is expressed as (5.5) and (5.6). Th
ese
two
processes are independent with ea
ch other.
1 2
,,,1
c
w XOR T x y T x y
.
(
5
.
4
)
1 2
,,,
c
s XOR T x y T x y
.
(
5
.
5
)
1 1 2
,1,,1
c
s XOR T x y T x y
.
(
5
.
6
)
The experimental results of data hiding in image size invariant visual cryptography
are shown in Fig. 5.6 [8].
Fig. 5.6 The experi
mental results of
the combination of the data hiding and the visual
cryptography. (a) the secret image, (b) the original watermark, (c) the transparency
T
1
,
(d) the transparency
T
2
, (e)
the
stacking results of
T
1
and
T
2
. (f) the rebuilt secret
image, (g)
the
extracted watermark.
6.
Conclusion
The DES algorithm and the AES algorithm are both great cryptography algorithm
and both of them are broadly applied in the 20
th
century and the beginning of the 21
th
century. However,
the
DES algorithm is replaced by the
AES algorithm and the RSA
algorithm because of the length of DES
’
s key is so short that induce someone
can
spend
only a day
crack
the DES. In this report, we did not discuss the RSA algorithm,
but it does not mean RSA is not important. Actually, the RSA a
lgorithm is vastly
applied in lots of field
. Until 2008 there does not appear a reliable cracking method
can crack the RSA as long as the length of RSA
’
s key is l
ong enough. Nevertheless,
the RSA only loses to the DES and other
symmetric
algorithm is that the RSA need
more time than them.
For the applications of the cryptography, we introduce
the combination about the
cryptography with
the
watermarking or the visual cryptography in data hiding. Both
of watermarking and visual cryptograph
y are for the purpose of concealing some
significant information
.
For the public key authentication watermark, if we use the
private key to insert
the
watermark, the watermark can be extracted by a public key. It
is conve
nient for everyone who can use the
public to check the image without
exchanging the private key.
For data hiding in image size invariant visual
cryptography, both the secret image and the hidden information can be losslessly
reconstructed with exclusive

OR operation.
That proves this techni
que is practical.
Reference
[1]
J.
Buchmann,
Introduction to cryptography
, 2nd Ed., Springer, New York,
2004.
[2]
F. Mintzer, G. Braudaway, and M. M. Yeung, “Effective and
I
neffective
D
igital
W
atermarks,
”
in Proceedings of
ICIP
, (Santa Barbara, CA),
October
1997.
[3
] N. Memon and P. W. Wong, “Protecting
D
igital
M
edia
C
ontent: Watermarks for
C
opyrighting and
A
uthentication,
”
Communications of
ACM
, July 1998.
[4] P. W. Wong,
“
A Public Key Watermark for Image Verification and Authentication
,
”
in
Proceedings of the
IEEE International Conference
, 1998.
[5]
R. L. Rivest
, “The MD5 message digest algo
rithm.
” Internet RFC 1321, April
1992.
[6] R. L. Rivest, A. Shamir, and L. Adleman, “A
M
ethod for
O
btaining
D
igital
S
ignatures and
P
ublic
K
ey
C
ryptosystems,” Communications of the
ACM
, vol. 21, pp.
120

126, February 1978.
[7]
M. Naor and A. Shamir, “Visual cryptography”, Eurocrypt94, Lecture Notes in
Computer Science
, vol. 950, pp. 1

12, 1995.
[8] H. Luo and F. Yu,
“
Data
Hiding
in
Image
Size
Invariant
Visual Cryptography
”
,
3rd Internati
onal Conference on ICIC
,pp. 25

25,
20
08.
[
9]
R. Ito, H. Kuwakado and H. Tanka, “Image size invariant visual cryptography”,
IEICE Trans. Fundamentals
, E82

A, (10), pp. 2172

2177, 1999.
[10] W. Q. Yan, D. Jin, M. S. Kankanhalli,
“
V
isual
cryptography
for
print
and
scan
applications
”
,
ISCAS
, vol. 5, pp. 572

575
, 2004.
Comments 0
Log in to post a comment