Visual cryptography is a cryptographic technique which allows visual information (pictures, text, etc.) to be encrypted in such a way that the decrypted information appears as a visual image.
One of the best-known techniques has been credited to Moni Naor and Adi Shamir, who developed it in 1994.[1] They demonstrated a visual secret sharing scheme, where a binary image was broken up into n shares so that only someone with all n shares could decrypt the image, while any n − 1 shares revealed no information about the original image. Each share was printed on a separate transparency, and decryption was performed by overlaying the shares. When all n shares were overlaid, the original image would appear. There are several generalizations of the basic scheme including k-out-of-n visual cryptography,[2][3] and using opaque sheets but illuminating them by multiple sets of identical illumination patterns under the recording of only one single-pixel detector.[4]
Using a similar idea, transparencies can be used to implement a one-time pad encryption, where one transparency is a shared random pad, and another transparency acts as the ciphertext. Normally, there is an expansion of space requirement in visual cryptography. But if one of the two shares is structured recursively, the efficiency of visual cryptography can be increased to 100%.[5]
Some antecedents of visual cryptography are in patents from the 1960s.[6][7] Other antecedents are in the work on perception and secure communication.[8][9]
Visual cryptography can be used to protect biometric templates in which decryption does not require any complex computations.[10]
Example
In this example, the binary image has been split into two component images. Each component image has a pair of pixels for every pixel in the original image. These pixel pairs are shaded black or white according to the following rule: if the original image pixel was black, the pixel pairs in the component images must be complementary; randomly shade one ■□, and the other □■. When these complementary pairs are overlapped, they will appear dark gray. On the other hand, if the original image pixel was white, the pixel pairs in the component images must match: both ■□ or both □■. When these matching pairs are overlapped, they will appear light gray.
So, when the two component images are superimposed, the original image appears. However, without the other component, a component image reveals no information about the original image; it is indistinguishable from a random pattern of ■□ / □■ pairs. Moreover, if you have one component image, you can use the shading rules above to produce a counterfeit component image that combines with it to produce any image at all.
(2, n) visual cryptography sharing case
Sharing a secret with an arbitrary number of people, n, such that at least 2 of them are required to decode the secret is one form of the visual secret sharing scheme presented by Moni Naor and Adi Shamir in 1994. In this scheme we have a secret image which is encoded into n shares printed on transparencies. The shares appear random and contain no decipherable information about the underlying secret image, however if any 2 of the shares are stacked on top of one another the secret image becomes decipherable by the human eye.
Every pixel from the secret image is encoded into multiple subpixels in each share image using a matrix to determine the color of the pixels.
In the (2, n) case, a white pixel in the secret image is encoded using a matrix from the following set, where each row gives the subpixel pattern for one of the components:
{all permutations of the columns of} :
While a black pixel in the secret image is encoded using a matrix from the following set:
{all permutations of the columns of} :
For instance in the (2,2) sharing case (the secret is split into 2 shares and both shares are required to decode the secret) we use complementary matrices to share a black pixel and identical matrices to share a white pixel. Stacking the shares we have all the subpixels associated with the black pixel now black while 50% of the subpixels associated with the white pixel remain white.
Cheating the (2, n) visual secret sharing scheme
Horng et al. proposed a method that allows n − 1 colluding parties to cheat an honest party in visual cryptography. They take advantage of knowing the underlying distribution of the pixels in the shares to create new shares that combine with existing shares to form a new secret message of the cheaters choosing.[11]
We know that 2 shares are enough to decode the secret image using the human visual system. But examining two shares also gives some information about the 3rd share. For instance, colluding participants may examine their shares to determine when they both have black pixels and use that information to determine that another participant will also have a black pixel in that location. Knowing where black pixels exist in another party's share allows them to create a new share that will combine with the predicted share to form a new secret message. In this way a set of colluding parties that have enough shares to access the secret code can cheat other honest parties.
Visual steganography
2×2 subpixels can also encode a binary image in each component image, as in the scheme on the right. Each white pixel of each component image is represented by two black subpixels, while each black pixel is represented by three black subpixels.
When overlaid, each white pixel of the secret image is represented by three black subpixels, while each black pixel is represented by all four subpixels black. Each corresponding pixel in the component images is randomly rotated to avoid orientation leaking information about the secret image.[12]
In popular culture
In "Do Not Forsake Me Oh My Darling", a 1967 episode of TV series The Prisoner, the protagonist uses a visual cryptography overlay of multiple transparencies to reveal a secret message – the location of a scientist friend who had gone into hiding.
^Naor, Moni; Shamir, Adi (1995). "Visual cryptography". Advances in Cryptology – EUROCRYPT'94. Lecture Notes in Computer Science. Vol. 950. pp. 1–12. doi:10.1007/BFb0053419. ISBN978-3-540-60176-0.
^Verheul, Eric R.; Van Tilborg, Henk C. A. (1997). "Constructions and Properties of k out of n Visual Secret Sharing Schemes". Designs, Codes and Cryptography. 11 (2): 179–196. doi:10.1023/A:1008280705142. S2CID479227.
^Ateniese, Giuseppe; Blundo, Carlo; Santis, Alfredo De; Stinson, Douglas R. (2001). "Extended capabilities for visual cryptography". Theoretical Computer Science. 250 (1–2): 143–161. doi:10.1016/S0304-3975(99)00127-9.