Reversible data hiding method based on pixel expansion and homomorphic encryption

Abstract

Digital image steganography algorithms usually suffer from a lossy restoration of the cover content after extraction of a secret message. When a cover object and confidential information are both utilised, the reversible property of the cover is inevitable. With this objective, several reversible data hiding (RDH) algorithms are available in the literature. Conversely, because both are diametrically related parameters, existing RDH algorithms focus on either a good embedding capacity (EC) or better stego-image quality. In this paper, a pixel expansion reversible data hiding (PE-RDH) method with a high EC and good stego-image quality are proposed. The proposed PE-RDH method was based on three typical RDH schemes, namely difference expansion, histogram shifting, and pixel value ordering. The PE-RDH method has an average EC of 0.75 bpp, with an average peak signal-to-noise ratio (PSNR) of 30.89 dB. It offers 100% recovery of the original image and confidential hidden messages. To protect secret as well as cover the proposed PE-RDH is also implemented on the encrypted image by using homomorphic encryption. The strength of the proposed method on the encrypted image was verified based on a comparison with several existing methods, and the approach achieved better results than these methods in terms of its EC, location map size and imperceptibility of directly decrypted images.

Keywords

Reversible data hiding pixel expansion reversible data hiding in encrypted image imperceptibility homomorphic encryption

1 Introduction

In the past several years, cryptography [1] and steganography [2 –4] have become two widely used techniques to protect confidential information when communicating over an untrusted medium. Cryptography ensures security by converting readable data into an unreadable form. Steganography protects a secret by concealing its existence; hence, in steganography, the communication is also made secretly and is a means of inserting covert information into a digital cover file. Despite communication being visible to everyone, cryptography methods are used to transfer images in a highly secured manner [5 –7].

Steganography algorithms can be classified into two classes, namely, irreversible steganography and reversible steganography. The primary focus of irreversible steganography is hiding a secret in a digital cover medium for secret communication. Various steganography techniques such as substitution, transform domain, and statistical methods have been developed under this irreversible technique. Although irreversible steganography is used to transmit secret data, as one significant limitation securely, the host image cannot be recovered at the receiver side after the extraction of a secret. In some unique applications such as medical imaging, military imaging, and law forensics, the restored property of a digital cover is essential because the digital cover is too valuable. For example, in electronic healthcare, the patient electronics records (PERs) and their medical images are transferred separately to obtain an expert suggestion. A PER can be transferred by embedding it into a medical image. Under this circumstance, extracting the PER and recovering a cover without any loss of information is extremely important.

In addition to necessitating a high payload capability and stego-imperceptibility, some implementations also require a precise recovery of the cover image, for example, geographic maps, diagnostic medical images, remote sensing images, military maps, and images regarding legitimate issues such as e-signatures or legal or other official documents. The proposed algorithm retrieves the secret and fully recovers the cover without any loss. The developed pixel expansion reversible data hiding (PE-RDH) scheme achieves a good imperceptibility, reversibility, and EC compared to several existing RDH systems. PE-RDH achieves an average structural similarity index metric (SSIM) value of 0.9136 and an average peak signal-to-noise ratio (PSNR) of 30.89 dB for an average EC of 0.75 bpp. The size of the location map for the developed PE-RDH scheme is 30 bits for a 100,000-bit payload. The recovered image and secrets are the same as in the original, and thus 100% reversibility is proved. In addition, PE-RDH is implemented on an encrypted image to provide security for the cover image. In this method, any third party may embed the secret without the knowledge of the original image.

The remainder of this paper is organised as follows. Section 2 describes related work; Section 3 describes the proposed method. The results and a discussion are then given in sections 4 and 5, respectively. Finally, section 6 provides some concluding remarks and future direction.

2 Related work

From 2000, reversible steganography was developed to overcome the significant disadvantages of irreversible steganography. The three main reversible algorithms are a difference expansion (DE) [4], histogram shifting (HS) [5], and pixel value ordering (PVO) [6]. The DE method achieves reversibility by calculating the average value and difference in the adjacent pixels [4]. With this method, only one bit can be embedded in every pair of pixels. Also, Alatter [7] developed an enhanced DE scheme by inserting three bits in every group of four pixels(quad). A difference expansion procedure along with a streamlined location map (LM) and expandability is provided in [8] and [9] for obtaining a larger entrenching capacity. Reversible data hiding is achieved in [8] using sorting and wavelet techniques, and in [9] a quasi-Laplace distribution of the difference values is used for data embedding. Reduced difference expansion (RDE) approaches to decrease the difference expansion value by using a transformation function [10, 11]. In [12], the differences are expanded in two directions to increase the EC.

With the HS method, the reversible data hiding (RDH) can be achieved by adjusting the histogram of an image. In [5], embed the data by shifting the histogram toward the left, from the peak to zero points. This approach was extended in [13]. In [14], the image is divided into several blocks; in every neighbourhood, the data are embedded in the neighbouring pixels of the peak point to increase the EC. The histogram shifting of n-bit planes is used for lossless data hiding in [15]. An adaptive prediction-error expansion (PEE) and pixel selection are proposed in [16]. With this method, the image pixels are divided into two segments to obtain flat and rough regions. The secret bits are embedded in a flat area and leave a rugged region unchanged.

The incorporation of pixel-value-ordering (PVO) into PEE is introduced in [6]. With this method, the image is divided into several non-overlapping blocks, and in each block, the difference between the first and second maximum pixel values is calculated. If the difference is 1, that block is then used for secret data embedding; otherwise, embedding skips to the next block. Improved PVO (IPVO) [17], using a block with a difference of zero or 1, is applied for embedding, which increases the EC; this approach is extended in [18 –22]. The variance of each block is used in [23] to achieve RDH. The reversible integer transform (RIT) is used in [24] to create RDH. In [25], a new PVO-based RDH method was introduced for improving the intrinsic correlation between adjacent pixels in an image block. With this method, the image is divided into several non-overlapping regions based on the pixel values. Each part is divided into several blocks, and these blocks are then classified for data embedding based on predefined threshold values and the local complexity. Next, the same PVO method is applied in the selected blocks for data embedding. Although DE methods [4 , 7–12] provide a high EC, there is less imperceptibility, and the location map (LM) is enormous. The histogram shifting method [5 , 14] and PVO [6 , 25] increase the imperceptibility but with a low EC.

Data outsourcing relies on third parties for processing and storage. In RDH, when users outsource the data embedding process, both cover and secret should be encrypted to protect the cover as well as secret. As a result, reversible data hidden in encrypted images emerge. In which the secret can be embedded in a digital cover without the knowledge of cover and secrecy. The paillier encryption algorithm has a homomorphic property, and by using this property, the data can be embedded in the encrypted image using a difference expansion method similar to the tians’ [4] method. In this method, the secret is embedded in each pixel pair, and the maximum possible embedding capacity of this method is 0.5 bpp.In [28] the image is encrypted by stream cipher, and the data are embedded by difference histogram shifting and prediction error histogram shifting. In the histogram shifting method, the secrets are embedded only in the highest bin of the histogram, which reduces the embedding capacity. In [29], the data is embedded in the image using the Rhombus Pattern Prediction scheme and homomorphic property of ECC-ElGamal. The secret can only be embedded in each pair of pixels in the Rhombus Pattern Prediction scheme, which reduces the embedding capacity. To increase the embedding capacity, a pixel expansion method is introduced in the proposed method.

From the above discussion, a good RDH algorithm should offer salient features such as a good EC, high imperceptibility, and smaller location map size. To address these challenges, a novel RDH algorithm is proposed based on the pixel expansion method. The RDH method provides security for secret data and does not protect digital cover. Therefore, the proposed RDH is implemented on an encrypted image using homomorphic encryption, as shown in Fig. 1.

Fig. 1

The overall framework of the proposed scheme. (a) PE-RDH framework (b) PE-RDH framework in encrypted image.

3 Proposed PE-RDH

The method contains two phases. In the first phase, the secret data are encrypted by using the Advanced Encryption Standard (AES). It is a viral and effective algorithm for text encryption. It has three variants for the key size such as 128, 192 and 256 bits which results in the rounds of operation of 10, 12 and 14 rounds respectively. Substitution and permutation are the two major operations have been carried out in the AES with a series of linked operations. AES has Key expansion, AddRoundKey, SubBytes, ShiftRows and MixColumns blocks to encrypt a plaintext. In this work, AES – 128 has been adopted to encrypt the secret bits before it embedded into the host image. This method enhances the security of the secret in addition to the hiding strategy. Depends on the image size, the secret has been chosen. Hence, padding of bits has been utilised to create 128 bits of plaintext whenever it is necessary. Then the encrypted secret is embedded by expanding the pixel values. In the second phase, the secret data are extracted without any error, and the cover image is recovered without any loss. Table 1 lists the notations used in the proposed method.

Table 1
Notations used in PE-RDH

W, HT Width and height of the image

M, N Width and height of the single block

P_i Pixel value at i^th position in a block in the cover image

P_q (i) Sorted sequence of pixels P_i in a block, such that P_q (1) ≤P_q (2) ≤P_q (3) ≤_…P_q (MN)

P_q (1)_, P_q (MN)_, P_q (medain) The minimum, maximum, and median pixel values in a block of the cover image, respectively

P_q (i) diff The difference between P_q (median) and P_q (i)

AD Acceptable range of P_q (i) diff for data embedding

b Secret bit ‘0’ or ‘1’

L Bit depth of an image

S_i Pixel value at i^th position in the stego image

S_q (i) Sorted sequence of stego pixels S_i in a block, such that S_q (1) ≤S_q (2) ≤S_q (3) ≤_…S_q (MN)

S_q (1)_, S_q (MN)_, S_q (medain) The minimum, maximum, and median pixel values in a block in a stego image, respectively

S_q (i) diff The difference between S_q (median) and S_q (i)

R_i Pixel value at the i^th position in a block in the recovered image

SE_prkey Sender’s private key

SE_pukey Sender’s public key

RE_prkey Receiver’s private key

RE_pukey Receiver’s public key

E(P_i) Encrypted pixel value at i^th position in a block

X Block number

Ran_X Random number for block ‘X’ encryption

Rno Random number for public key creation.

3.1 Data embedding

The cover image is divided into several non-overlapping blocks with a size of M×N, and each block has a set of MN pixel values. The pixel values (P₁, P₂, P₃ ... P_MN) in a block are sorted according to their values to obtain (P_q (1), P_q (2), P_q (3) ... , P_q (MN)), where q:1,...MN⟶1,.., MN is a unique one-to-one mapping such that P_q (1) ≤P_q (2) ≤P_q (3) ≤... P_q (MN). In addition, q(i) <q(j) if P_q (i) =P_q (j) and i < j. In the sorted pixel values, the median, minimum, and maximum pixels are P_q (median), P_q (min), P_q (MN), respectively.

The position of the median pixel value is calculated using Equation (1). Then, the differences (P_q (i)diff) between P_q (median) and the other pixel values (P_q (i)) are calculated using Equation (2). The secret bits are embedded only in those blocks whose P_q (i)diff values are less than or equal to the acceptable difference (AD). The AD is the minimum positive integer value whose acceptable range is 0 to 30.

If the AD exceeds the acceptable range, then the image quality decreases. Hence, to obtain a good stego image quality, the AD should be at a minimum. The embedding of a secret bit and creation of a stego pixel are shown in Equation (3). If the P_q (1)diff or P_q (MN)diff values are higher than the AD in a block, then such blocks are not used for embedding. In these blocks, the stego pixels are calculated using Equations (4) and (5). $median = ⌊ (1 + MN) / 2 ⌋$ (1) $P_{q (i)} diff = | P_{q (median)} - P_{q (i)} |, i = 1, 2 . . . MN$ (2) $S_{q (i)} = {\begin{matrix} P_{q (i)} \times 2 - b - P_{q (median)}, if i < median \\ P_{q (i)} \times 2 + b - P_{q (median)}, if i > median \\ P_{q (i)}, if i = median \end{matrix}$ (3) $S_{q (i)} = {\begin{matrix} P_{q (1)} - AD - 1, if i = 1 \\ P_{q (i)}, if i \neq 1 \end{matrix} {, if P}_{q (1)} diff > AD$ (4) $S_{q (i)} = {\begin{matrix} P_{q (MN)} + AD + 1, if i = MN \\ P_{q (i)}, if i \neq MN \end{matrix} if P_{q (1)} diff < AD$ (5)

The value of S_i should be within 0–255. If it is not within this range, then all operations conducted on these particular blocks are revoked, and these blocks are considered as invalid blocks. Then these invalid blocks are later identified based on the location map. The overall data embedding procedure is shown in Fig. 2. Algorithm1 shows the data embedding procedure in a step-by-step manner.

Fig. 2

Data embedding.

Algorithm 1:

Step 1: Divide the image into several non-overlapping blocks with a size of M×N.

Step 2: Sort the pixels (P_1, P_2, … P_MN) in a block according to their values to obtain (P_q (1), P _{q (2) …}, P _q (MN)), where q:1,...MN⟶1,.., MN is a unique one-to-one mapping such that P_q (1) ≤P_q (2) ≤P_q (3) ≤_…P_q (MN).

Step 3: Select the median pixel (P_q (median)) from the sorted sequence.

Step 4: In each block, calculate P_q (i)diff =|P_q (median) - P_q (i) |, where i = 1,2 ... MN.

Step 5: In a block, if P_q (i)diff of all pixels is less than or equal to the acceptable difference, then those blocks are marked as embedding blocks, and the others are marked as non-embedding blocks.

Step 6: In the embedding blocks, all pixels (P_q (i)) except P_q (median) are expanded by multiplying by 2 and subtracting P_q (median) from the expanded pixels.

Step 7: Then, in the embedding block, the secret bits are embedded by subtracting the secret bit(b) from pixels P_q (1) to P_{q (median - 1)} and adding ‘b’ from P_{q (median +1)} to P_q (MN).

Step 8: In non-embedding blocks, if P_q (1)diff is greater than the acceptable difference(AD), then subtract AD and a value of 1 from P_q (1); otherwise, add the AD and a value of 1 to P_q (MN).

3.2 Data extraction and image recovery

The stego image is divided into several non-overlapping blocks with a size of M×N, and each block has a set of MN pixel values. The pixel values (S₁, S₂, S₃ ... S_MN) in a block are then sorted according to their values to obtain (S_q (1), S_q (2), S_q (3) ... , S_q (MN)), where q:1,...MN⟶1,.., MN is a unique one-to-one mapping such that S_q (1) ≤S_q (2) ≤S_q (3) ≤_…S_q (MN). Here, q(i) <q(j) if S_q (i) = S_q (j) and i < j. Among the sorted pixel values, the median, minimum, and maximum pixels are S_q (median), S_q (min), S_q (MN), respectively. Then, the differences (S_q (i)diff) between S_q (median) and the other pixel values S_q (i) are calculated using Equation (6). The secret bits are extracted only from those blocks in which S_q (i)diff is less than 2(AD) +2.

In these blocks, the pixels with the secret (S_q (i)) are added to S_q (median), as shown in Equation (7), the secret bit (b) is extracted using Equation (8), and the pixel values are recovered using Equation (9). $S_{q (i)} diff = | S_{q (median)} {- S}_{q (i)} |, i = 1, 2 . . . MN$ (6) $D_{q (i)} = {\begin{matrix} S_{q (i)} + S_{q (median)} & , & i \neq median \\ S_{q (i)} & , & i = median \end{matrix}$ (7) $b = {\begin{matrix} 0, \begin{matrix} \end{matrix} D_{q (i)} % 2 = 0 \\ 1, \begin{matrix} \end{matrix} D_{q (i)} % 2 = 1 \end{matrix}, \begin{matrix} \end{matrix} i \neq median$ (8) $R_{q (i)} = {\begin{matrix} {(D}_{q (i)} + b) / 2, if i < median \\ {(D}_{q (i)} - b) / 2, if i > median \\ D_{q (i)}, if i = median \end{matrix}$ (9)

The value of S_q (1)diff or S _q (MN)diff is greater than 2(AD) +1 in a block, and such blocks do not contain the secret data. In these blocks, the pixel values are recovered through Equations (10) and (11). $R_{q (i)} = {\begin{matrix} S_{q (1)} + AD + 1, if i = 1 \\ S_{q (i)}, if i \neq 1 \end{matrix} {, if S}_{q (1)} diff > 2 AD + 1$ (10) $R_{q (i)} = {\begin{matrix} S_{q (MN)} - AD - 1, if i = MN \\ S_{q (i)}, if i \neq MN \end{matrix} {, if S}_{q (1)} diff < = 2 AD + 1$ (11)

The overall data extraction procedure is shown in Fig. 3. Algorithm 2 shows the data extraction procedure in a step-by-step manner.

Fig. 3

Data extraction.

Algorithm 2:

Step 1: Divide the stego image into several non-overlapping blocks of size M×N.

Step 2: Sort the pixels (S₁, S₂,_… S_MN) in a block according to their values to obtain (S_q (1), S_q (2),_… S _q (MN)), where q:1,...MN⟶1,.., MN is a unique one-to-one mapping such that S_q (1) ≤S_q (2) ≤S_q (3) ≤_…S_q (MN).

Step 3: Select the median pixel (S_q (median)) from the sorted sequence.

Step 4: In each block, calculate S_q (i)diff =|S_q (median)-S_q (i)|, where i = 1,2 ... MN.

Step 5: In a block, if S_q (i)diff of all pixels is less than 2AD +2, then those blocks are marked as secret blocks, and the others are marked as non-secret blocks.

Step 6: In a secret block, pixels (S_q (i)) are added with S_{q (median) ,} and the resultant pixel value is D_q (i). The secret bit b = D_q (i) % 2.

Step 7: If i < median, then the pixels are retrieved as R_q (i) = (D_q (i)+b)/2. Ifi > median, then R_q (i) = (D_q (i)-b)/2.

Step 8: In non-secret blocks, if S_q (1)diff is higher than (2AD) +1, then add AD and a value of 1 to S_q (1); otherwise, subtract AD and a value of 1 from S_q (MN).

3.3 PE-RDH in encrypted image

In this method, the image is encrypted by using additive homomorphic encryption[30]. If the sum of the encrypted data is decrypted, the sum of the plain data will be collected. Using this additive homomorphic property, the secret data is embedded in the encrypted image and the secret extraction; image recovery can be carried out in two modes. In mode I, the secret data is extracted from the encrypted image without decrypting it. In mode II the image is decrypted before the secret is extracted.

3.3.1 Image encryption and data embedding

Each block of an image is encrypted by using Equations (12) to (15). $E (P_{i}) = (P_{i} + {SE}_{prkey} \times {RE}_{pukey}) % 256$ (12) $E ({Ran}_{X}) = ({Ran}_{X} + {SE}_{prkey} \times {RE}_{pukey}) % 256$ (13) ${RE}_{pukey} = (Rno \times {RE}_{prkey})$ (14) $E (X) = (E (P_{i}) + E ({Ran}_{X})) % 256, i = 1, 2, 3 . . . . MN$ (15)

Where ‘SE_prkey’ is a sender’s private key, ‘RE_pukey’ is a receiver’s public key, ‘RanX’ is a random number for block X. ‘Rno’ is a random number to create a public key. The image encryption is shown in Fig. 4. After mage encryption, the secret data are going to embedded in an encrypted image as similar, as shown in Fig. 2.

Fig. 4

Image encryption.

3.3.2 Data extraction and image decryption

The person who needs secret they can extract the secret from an encrypted image as similar, as shown in Fig. 3. After the secret is obtained, the encrypted image is decrypted using Equations (16) and (17) the resulting value is subtracted from the random number to get the recovered pixel(RP_i) using Equation (18). The image decryption process is shown in Fig. 5.

Fig. 5

Image decryption.

$D (E (P_{i})) = (E (P_{i}) - {RE}_{prkey} \times 2 \times {SE}_{pukey}) % 256$ (16) ${SE}_{pukey} = Rno \times {SE}_{prkey}$ (17) ${RP}_{i} = D (E (P_{i})) - Rno$ (18)

3.3.3 Image decryption and data extraction

The image is first decrypted, and then the secret is extracted. The directly decrypted image gives an approximate image. The secret can be obtained from that approximated image; after extraction of the secret, it will provide the original image, which is shown in Fig. 6.

Fig. 6

Image decryption and secret extraction.

4 Experiment results

The proposed method is executed in jdk1.8 using Windows10. To test the efficiency of the proposed method, the experiments were carried out on several grayscale images with a pixel size of 512×512. In this study, the results are shown for six test images, namely, Lena, Sailboat, Peppers, Airplane, House, and Boat. These six test images are shown in Fig. 7 (a–f). The EC, image quality, and location map size of the proposed scheme PE-RDH are calculated for various block sizes (1×2, 2×2, 4×4, and 4×2) using different AD values. Security analysis and time analysis of the proposed scheme are made for different grayscale images with a pixel size of 512×512.

Fig. 7

Test imagesImage Quality.

4.1 Embedding capacity (EC)

The number of bits that can be embedded in an image is called the EC. The average EC of the proposed method is 0.75 bpp for grayscale images. For acceptable image quality (PSNR >30 dB) a graph is plotted between maximum the EC and the AD values for the various block sizes, the results of which are shown in Fig. 8 (a–f). The embedding capacity of the test images for a block size 4×2 and with different AD values, which are listed in Table 2. The embedding capacity of the test images for AD of 12 and with varying quantities of the block, which are listed in Table 3. Finally, Table 4 shows that the proposed method can achieve high embedding capacity(0.75 bpp) for the block size of 4×2 and with AD of 30.

Fig. 8

The maximum EC versus AD values for various block sizes based on the image quality (PSNR ≥30 dB).

Table 2

EC, location map size, PSNR, and SSIM for different AD values with a block size of 4×2

AD		4	8	12	16	20	24	26	30
Lena	EC(bits)	67,060	143,304	172,627	187,992	197,316	203,707	206,402	210,763
	LM(bits)	0	0	30	45	60	45	75	105
	PSNR(dB)	42.81	38.61	36.58	35.21	34.19	33.37	33.00	32.38
	SSIM	0.9801	0.9412	0.9305	0.9257	0.9182	0.9121	0.9093	0.9008
Boat	EC(bits)	82,964	122,059	142,506	158,585	171,514	181,496	189,777	193,305
	LM(bits)	0	0	90	225	300	450	735	1005
	PSNR(dB)	43.05	39.12	36.61	34.74	33.30	32.19	31.28	30.89
	SSIM	0.9892	0.9512	0.9301	0.9202	0.9108	0.9082	0.9007	0.8991
Peppers	EC(bits)	93,996	155,687	181,258	193,571	200,802	205,849	209,405	211,099
	LM(bits)	840	1020	1140	1560	2415	3135	4050	4575
	PSNR(dB)	43.19	39.13	37.10	35.79	34.85	34.08	33.16	32.31
	SSIM	0.9910	0.9516	0.9297	0.9208	0.9154	0.9101	0.9054	0.9002
Airplane	EC(bits)	101,185	146,496	164,962	176,960	185,346	191,464	196,294	198,408
	LM(bits)	0	0	0	0	0	0	45	90
	PSNR(dB)	43.38	39.60	37.40	35.78	34.52	33.51	32.65	32.28
	SSIM	0.9821	0.9415	0.9389	0.9306	0.9287	0.9212	0.9197	0.9189
House	EC(bits)	68,635	103,803	125,090	143,059	158,095	170,352	180,733	185,108
	LM(bits)	0	0	0	0	60	255	900	1485
	PSNR(dB)	43.49	38.99	36.24	34.24	32.72	31.52	30.53	30.14
	SSIM	0.9924	0.9574	0.9421	0.9386	0.9310	0.9289	0.9217	0.9152
Sailboat	EC(bits)	30,975	85,491	126,154	148,932	163,457	174,279	182,595	186,235
	LM(bits)	15	60	90	300	555	1,005	1,425	1,650
	PSNR(dB)	43.04	38.10	35.39	33.71	32.47	31.47	30.63	30.25
	SSIM	0.9817	0.9617	0.9523	0.9456	0.9317	0.9221	0.9123	0.9021

Table 3

EC, LM, PSNR, and SSIM for different block sizes with an AD of 12

Lena	Block	EC	LM	PSNR	SSIM
	Size	(bits)	(bits)	(dB)
	1×2	114,455	0	34.95	0.9104
	2×2	164,586	0	35.84	0.9218
	4×2	172,627	30	36.58	0.9305
	4×4	153,195	15	37.53	0.9393
Boat	1×2	109,415	289	34.56	0.9156
	2×2	146,808	160	35.29	0.9213
	4×2	142,506	90	36.61	0.9301
	4×4	130,320	28	38.42	0.9509
Pepper	1×2	120,545	7361	36.82	0.9217
	2×2	172,491	3952	36.96	0.9221
	4×2	181,258	1140	37.10	0.9297
	4×4	167,115	658	37.83	0.9301
Airplane	1×2	117,894	0	36.32	0.9344
	2×2	163,011	0	36.67	0.9352
	4×2	164,962	0	37.40	0.9389
	4×4	158,340	0	38.77	0.9567
House	1×2	107,262	17	34.49	0.9213
	2×2	136,278	0	34.92	0.9321
	4×2	125,090	0	36.24	0.9421
	4×4	112,785	0	38.23	0.9645
Sailboat	1×2	104,026	901	33.37	0.9212
	2×2	134,742	368	34.12	0.9321
	4×2	126,154	90	35.39	0.9523
	4×4	107,190	98	37.07	0.9643

Table 4

The maximum EC of the test images and the corresponding location map size, PSNR, and SSIM

Image	Block size	AD	EC	Location	PSNR	SSIM
			(bits)	map (bits)	(dB)
Lena	4×2	30	210,763	105	32.38	0.9008
Boat	4×2	30	193,305	1,005	30.89	0.8991
Pepper	4×2	30	211,099	4575	32.31	0.9002
Airplane	4×2	30	198,408	90	32.28	0.9189
House	4×2	30	185,108	1,485	30.14	0.9152
Sailboat	4×2	30	186,235	1,650	30.25	0.9021

4.2 Image quality

The image imperceptibility can be calculated using two metrices, the PSNR and the structural similarity index metric (SSIM). A higher PSNR reflects the high visual quality of an image. The PSNR between the cover image and the stego image is calculated using Equations (19) and (20). $PSNR = 10 {log}_{10} (\frac{255^{2}}{MSE})$ (19) $MSE = \frac{1}{HT \times W} \sum_{i = 1}^{P \times Q} {(P_{i} - S_{i})}^{2}$ (20)

The PSNR value is greater than or equal to 30 dB; it is highly difficult for the human visual system to differentiate a stego image from a cover image.

The SSIM is used to measure the degradation of an image based on the structural data [26]. The SSIM is calculated using Equation (21). $SSIM = \frac{(2 μ_{P} μ_{S} + c_{1}) (2 σ_{PS} + c_{2})}{(μ_{P}^{2} + μ_{S}^{2} + c_{1}) (σ_{P}^{2} + σ_{S}^{2} + c_{2})}$ (21)

Where μ_P and σ_P are the average and variance of a cover image and μ_S and σ_S are the average and variance of a stego image, respectively. Besides, σ_PS is the covariance between cover and stego images, and c₁and c₂ are predefined constants. To achieve a good visual quality, the SSIM value must be closer to 1, and PSNR value must be greater than 30 dB. The PSNR and SSIM values are calculated for a block size of 4×2 and for different AD values are shown in Table 2, and these values are also calculated for AD of 12 and for different block sizes are shown in Table 3. Finally, Table 4 shows that the proposed method can provide good visual quality (PSNR >30 dB) for its high EC(0.75 bpp).

4.3 Location map size

After embedding the secret, the value of the stego pixel should be within the range of 0 to 255(0≥S_i≤255). Even if one pixel in a block is not within this range, then that block is not used for embedding. Such blocks are identified by the location map. The size of the location map is calculated for the test images for a block size of 4×2 and with different AD values, which are listed in Table 2. The size of the location map is also calculated for the test images with an AD of 12 and with different block sizes, which are listed in Table 3. Finally the Table 4 shows, that the proposed method has much smaller location map size(0.005 bpp) for its’ high EC.

4.4 Relationship between AD, block size, PSNR, LM

When the AD value is higher, the embedding capacity is high, but the maximum acceptable range of AD is 30 otherwise, the PSNR value will be reduced, and the location map size will be increased. Therefore, the acceptable range of ADs’ is between 1 and 30. As if the block size is greater than 4×2, the difference between the median pixel and the other pixel value in a block becomes higher than AD, so that most blocks are not used for embedding; therefore the embedding capacity is reduced. If the block is not used for embedding, the maximum pixel or the minimum pixel in the block is shifted by the AD value; therefore the PSNR value is reduced, and the location map size is increased. Hence the size of the block and the AD values are should be moderate, respectively 4×2 and 30.

4.5 Security analysis

Effective encryption algorithms should convert meaningful data into meaningless data. The security level of the encryption algorithm can be evaluated using some of the analysis provided in [31]. These are encrypted images’ histogram, entropy, deviation from ideality, correlation coefficients and keyspace analysis.

4.5.1 Histogram analysis

If encrypted pixel values are distributed equally, then it is complicated to figure out the statistical nature of the original image. Figure 9 shows that the pixel values of the encrypted images are distributed uniformly, hence it is difficult to obtain the original image information.

Fig. 9

Histogram of Lena and encrypted Lena.

4.5.2 Entropy analysis

The randomness of the encrypted image is measured by Global Shannon entropy; Equation (22) is used to calculate entropy value. $H (SY) = - \sum_{j = 0}^{I} Pr ({SY}_{j}) {log}_{2} Pr ({SY}_{j})$ (22)

Where ‘I’ is the maximum intensity value of an image, and Pr(SY_j) is the probability of occurrence of symbol SY_j. In Table 5, the entropy values of the test images are very close to ‘8,’ which makes it very difficult to obtain information about the original image.

Table 5

The Entropy, Deviation from ideality and correlation coefficient of the encrypted images

Image	Global Shannon Entropy	Deviation from Ideality	Diagonal correlation	Horizontal correlation	Vertical correlation
Lena	7.9991	0.0239	0.0097	–0.0012	0.0014
Boat	7.9991	0.0243	0.0039	–0.0012	–0.0013
Pepper	7.9991	0.0237	0.0097	0.0014	0.0019
Airplane	7.9992	0.0231	0.0047	0.0033	0.0005
House	7.9994	0.0264	0.0052	–0.0036	0.0043
Sailboat	7.9993	0.0264	0.0078	0.0022	0.0008

4.5.3 Deviation from ideality

This parameter will be used to determine how much the encrypted image is deviating from the ideal image. To determine this parameter, the Equations (23) and (24) are used. $HIS ({ID}_{I} MG) = \frac{W \times HT}{8}$ (23) $DI = \frac{\sum_{i = 0}^{255} | HIS ({IMG}_{i}) - HIS (I) |}{W \times HT}$ (24)

HIS(I) is an ideal image histogram. The lower value of DI is the good randomness of the image. The tabulated values in Table 5 are shown; the encrypted image is very close to the ideal image.

4.5.4 Correlation coefficient analysis

The correlations between adjacent pixels are very low in an encrypted image, then finding the original image information is very hard. Table 5 shows that the correlation coefficients very low, hence the proposed method has excellent confusion properties.

4.5.5 Keyspace analysis

A keyspace is the calculation of the possible number of secret keys that can be generated from the key generator. The larger keyspace offers high security. In this work, four keys have been used, namely SEprkey, REprkey, Rno and seed for generating the random numbers. The keys SEprkey, REprkey and Rno have been generated from the chaotic process where each key has the precision of 1014, and for random number generation, the seed value is 8 bit wide which has the keyspace of 28. Hence the total keyspace will be 2148 (1014×1014×1014 = 1042, which is approximately equal to 2140 + 28), which resists the brute force attack effectively.

4.6 Time analysis

Each pixel is encrypted by using Equations (12) to (15). Hence the execution time of the encryption algorithm is O(W×HT); similarly, the decryption algorithm execution time is O(W×HT). For data embedding, in each block, the median pixel value is calculated by using a radix sort. For single block, the sorting time is O(M×N) for total blocks O(W×HT). After finding the median pixel value, the data are embedded by using Equations (1) to (5). The total execution time of the embedding process is O(W×HT) similarly the data extraction and image recovery execution time are O(W×HT)

5 Performance analysis

In this section, the performance of the proposed algorithm is compared with related methods based on the EC, image imperceptibility, and location map size. The proposed method with a block size of 4×2 and an AD of 12 are distorted by embedding the various numbers of bits, and their visual qualities are compared with various existing methods. The results of which are shown in Fig. 10. The maximum EC of the Lena image for a block size of 4×2 and an AD of 30 is 0.8 bpp with a PSNR of 30.22 dB.

Fig. 10

The maximum EC versus imperceptibility.

Further, the proposed PE-RDH is implemented on an encrypted image using homomorphic encryption. In homomorphic encryption, changes in the encrypted domain caused by the data hiding process should also appear in the directly decrypted image at the same location. The embedding capacity, location map size, and visual qualities of instantly decrypted images are compared with various existing methods [27 –29], the comparison is shown in Table 6. This result shows that the proposed method has a high embedding capacity, good image quality, less location map size. The visual quality of directly decrypted image for a various number of secret bits with a block size of 4×2 and an AD of are compared with various existing methods. The results of which are shown in Fig. 11.

Table 6

Performance Comparison of PE-RDH on the encrypted image

Methods	Shiu [27]			Huang [28]			Zhou [29]			PE-RDHEI (lock size 4×2 and AD is 12)
images	EC	PSNR	LM	EC	PSNR	LM	EC	PSNR	LM	EC	PSNR	LM
	(bpp)	(dB)	(bits)	(bpp)	(dB)	(bits)	(bpp)	(dB)	(bits)	(bpp)	(dB)	(bits)
Lena	131072	35.69	629	31672	49.04	4162	65520	41.146	33	172627	32.38	30
Boat	130967	33.25	4089	18803	48.92	4040	–	–	–	142,506	30.89	90
Peppers	130573	34.03	9830	24205	48.96	4022	–	–	–	181,258	33.30	1140
Airplane	130731	32.54	1232	44484	49.16	4076	65520	37.727	670	164,962	32.28	0
Sailboat	130836	30.36	5006	21321	48.94	4103	–	–	–	126,154	30.25	90

Fig. 11

The Performance comparison of the directly decrypted image.

6 Conclusion

This paper presented a novel RDH algorithm for effectively reducing the location map size and improving the imperceptibility and EC. Further, the proposed PE-RDH method was validated using several grey-scale images of different block sizes with different AD values as a benchmark. As a final note, the proposed PE-RDH algorithm has an average EC of 0.75 bpp with an average PSNR of 30.89 dB, which are superior to those of several existing RDH algorithms. A high EC was achieved with minimal overhead, and a lossless recovery can be provided, which are extremely useful for extensive real-time applications such as image authentication, law enforcement, secret communication, e-government, and medical data transmission. There is also a downside to the proposed method, i.e., high visual quality cannot be provided for a low EC as achieved with PVO methods. However, PVO methods cannot offer a high embedding capacity. The proposed method is applied to the encrypted image to ensure protection for the cover as well. In this method, the image decryption and secret extraction can be a separate process. This methodology concentrated on the noise-free channel. In future, we intend to develop a new method to reduce the error in the noisy channel.

Footnotes

Acknowledgments

Authors thank the Department of Science & Technology, New Delhi, for the FIST funding (SR/FST/ET-II/2018/221). Also, the authors wish to thank the Intrusion Detection Lab at School of Electrical & Electronics Engineering, SASTRA Deemed University, for providing infrastructural support to carry out this research work.

References

Diffie

and Hellman

M.E.

, New Directions in Cryptography, IEEE Transactions on Information Theory 22(6) (1976), 644–654. doi: 10.1109/TIT.1976.1055638

Petitcolas

F.a.P.

, Anderson

R.J.

and Kuhn

M.G.

, Information hiding-a survey, Proc IEEE 87 (1999)–10.1109/5.771065

Ravichandran

, Praveenkumar

, Rayappan

J.B.B.

and Amirtharajan

, DNA Chaos Blend to Secure Medical Privacy, IEEE Transactions and Nanobioscience 16(8) (2017), 850–858. doi: 10.1109/TNB.2017.2780881

Tian

, Reversible Data Embedding Using a Difference Expansion, IEEE Transactions on Circuits and Systems for Video Technology 13 (2003), 890–896. doi: 10.1109/TCSVT.2003.815962

, Shi

Y.-Q.

, Ansari

and Su

, Reversible data hiding, IEEE Transactions on Circuits and Systems for Video Technology 16 (2006), 354–362.

, Li

and Yang

, High-fidelity reversible data hiding scheme based on pixel-value-ordering and prediction-error expansion, Signal Processing 93 (2013), 198–205. doi: 10.1016/j.sigpro.2012.07.025

Alattar

A.M.

, Reversible watermark using the difference expansion of a generalised integer transform, IEEE Transactions on Image Processing 13 (2004), 1147–1156. doi: 10.1109/TIP.2004.828418

Kamstra

and Heijmans

H.J.A.M.

, Reversible data embedding into images using wavelet techniques and sorting, IEEE Transactions on Image Processing 14 (2005), 2082–2090.

Kim

H.J.

, Sachnev

, Shi

Y.Q.

, Nam

and Choo

H.-G.

, A novel difference expansion transform for reversible data embedding, IEEE Transactions on Information Forensics Security 3 (2008), 456–465. doi: 10.1109/TIFS.2008.924600

10.

Al Huti

M.H.A.

, Ahmad

and Djanali

, Increasing the capacity of the secret data using DEpixels blocks and adjusted RDE-based on grayscale images, in: 2015 Int Conf Inf Commun Technol Syst 2015, 225–230.

11.

Maniriho

and Ahmad

, Enhancing the Capability of Data Hiding Method Based on Reduced Difference Expansion, Eng Lett 26 (2018).

12.

Wang

, A reversible data hiding algorithm based on bidirectional difference expansion, Multimed Tools Appl (2019), 1–24.

13.

Hwang

, Kim

and Choi

, A reversible watermarking based on histogram shifting. In: International Workshop on Digital Watermarking (2006), 348–361.

14.

Tseng

C.-P.

and Hsieh

H.-W.

, Reversible data hiding based on image histogram modification, The Imaging Science Journal 56 (2008), 271–278.

15.

Liu

, Chang

C.-C.

and Wang

, Reversible data hiding scheme based on histogram shifting of n-bit planes, Multimedia Tools and Applications 75 (2016), 11311–11326.

16.

, Yang

and Zeng

, Efficient reversible watermarking based on adaptive prediction-error expansion and pixel selection, IEEE Transactions on Image Processing 20 (2011), 3524–3533. doi: 10.1109/TIP.2011.2150233

17.

Peng

, Li

and Yang

, Improved PVO-based reversible data hiding, Digital Signal Processing 25 (2014), 255–265. doi:https://doi.org/10.1016/j.dsp.2013.11.002

18.

, Li

, Zhao

and Ni

, Reversible data hiding using invariant pixel-value-ordering and prediction-error expansion, Signal Processing and Image Communication 29 (2014), 760–772.

19.

and Kim

H.J.

, Pixel-based pixel value ordering predictor for high-fidelity reversible data hiding, Signal Processing 111 (2015), 249–260.

20.

, Cai

, Zhou

and Xiong

, Efficient PVO-based reversible data hiding using multistage blocking and prediction accuracy matrix, Journal of Visual Communication and Image Representation 46 (2017), 58–69. doi:https://doi.org/10.1016/j.jvcir.2017.03.010

21.

, Zhou

, Cai

, Wang

and Xiong

, Reversible data hiding using multi-pass pixel value ordering and prediction-error expansion, Journal of Visual Communication and Image Representation 49 (2017), 351–360.

22.

Meikap

and Jana

, Directional PVO for reversible data hiding scheme with image interpolation, Multimedia Tools and Applications 77(23) (2018), 31281–31311.

23.

T.-C.

, Tseng

C.-Y.

, Huang

S.-W.

and Nhan

, Pixel-Value-Ordering based Reversible Information Hiding Scheme with Self-Adaptive Threshold Strategy, Symmetry 10 (2018), 764.

24.

Hong

, Zhou

and Weng

, Joint adaptive coding and reversible data hiding for AMBTC compressed images, Symmetry 10 (2018), 254.

25.

, Wang

, Li

, Shen

and Pei

, Reversible data hiding using the dynamic block-partition strategy and pixel-value-ordering, Multimed Tools Appl 78 (2019), 7927–7945.

26.

Wang

, Bovik

A.C.

, Sheikh

H.R.

and Simoncelli

E.P.

, and others, Image quality assessment: from error visibility to structural similarity, IEEE Trans Image Process 13 (2004), 600–612.

27.

Shiu

C.-W.

, Chen

Y.-C.

and Hong

, Encrypted image based reversible data hiding with public key cryptography from difference expansion, Signal Process Image Commun 39 (2015), 226–233.

28.

Huang

, Huang

and Shi

Y.-Q.

, New framework for reversible data hiding in encrypted domain, IEEE Trans Inf Forensics Secur 11 (2016), 2777–2789.

29.

Zhou

, Zhang

, Wang

, Liu

, Ke

and Wang

X.A.

, Reversible Data Hiding Scheme in Homomorphic Encrypted Image Based on EC-EG, Appl Sci 9 (2019), 2910.

30.

, El-Latif

A.A.A.

, Niu

and Elliptic

, curve ElGamal based homomorphic image encryption scheme for sharing secret images, Signal Processing 92 (2012), 1069–1078.

31.

Abd El-Samie

F.E.

, H.E.H. Ahmed

F.E.

, I.F. Elashry

F.E.

, M.H. Shahieen

F.E.

, O.S. Faragallah

F.E.

, El-Rabaie

E.-S.M.

and Alshebeili

S.A.

, Image encryption: a communication perspective, CRC Press (2013).

W, HT	Width and height of the image
M, N	Width and height of the single block
P_i	Pixel value at i^th position in a block in the cover image
P_q (i)	Sorted sequence of pixels P_i in a block, such that P_q (1) ≤P_q (2) ≤P_q (3) ≤_…P_q (MN)
P_q (1)_, P_q (MN)_, P_q (medain)	The minimum, maximum, and median pixel values in a block of the cover image, respectively
P_q (i) diff	The difference between P_q (median) and P_q (i)
AD	Acceptable range of P_q (i) diff for data embedding
b	Secret bit ‘0’ or ‘1’
L	Bit depth of an image
S_i	Pixel value at i^th position in the stego image
S_q (i)	Sorted sequence of stego pixels S_i in a block, such that S_q (1) ≤S_q (2) ≤S_q (3) ≤_…S_q (MN)
S_q (1)_, S_q (MN)_, S_q (medain)	The minimum, maximum, and median pixel values in a block in a stego image, respectively
S_q (i) diff	The difference between S_q (median) and S_q (i)
R_i	Pixel value at the i^th position in a block in the recovered image
SE_prkey	Sender’s private key
SE_pukey	Sender’s public key
RE_prkey	Receiver’s private key
RE_pukey	Receiver’s public key
E(P_i)	Encrypted pixel value at i^th position in a block
X	Block number
Ran_X	Random number for block ‘X’ encryption
Rno	Random number for public key creation.