On the Design of Multi-Party Reversible Data Hiding over Ciphered Overexposed Images

Abstract

Multi-party reversible data hiding over ciphered images (MRDH-CI) has high restorability since the image is split into multiple ciphered images by secret sharing. However, the MRDH-CI methods either fail to produce satisfied results, or only work well for conventional images. This paper introduces a multi-party reversible data-hiding approach over ciphered overexposed images. First, the pixels of the overexposed images are decomposed into two parts, each of which can be used for secret sharing. Then, the decomposed overexposed images are converted into multiple ciphered overexposed images by using a modified secret sharing method, in which the differences of the ciphered overexposed images are retained. The symmetry of the difference retaining makes the secret data conceal within the ciphered overexposed images such that the marked ciphered overexposed images can be created. Finally, by collecting sufficient marked ciphered overexposed images, it is possible to symmetrically reconstruct the concealed data and primitive overexposed image. Experimental results illustrate that the presented method can efficiently deal with overexposed images while maintaining a low computational overhead.

1. Introduction

In the era of digital information transmission, privacy and security issues are becoming increasingly prominent in the fields of information processing and transmission [1,2]. Confronted with the challenge of how to effectively hide sensitive information, reversible data hiding (RDH) has garnered significant interest. The feature of this technique is that the secret data are concealed in a cover, and the cover can be recovered nondestructively after the secret data are extracted. RDH has shown broad application prospects in many fields, including but not limited to medical image transmission [3], legal evidence [4], and military communication [5]. Existing RDH schemes are classified as difference expansion [6,7,8], histogram shifting [9,10], pixel value ordering [11,12], prediction error expansion [13,14,15], etc. However, traditional RDH schemes tend to embed data in plaintext images, which can be easily detected by unauthorized users, thus reducing covertness and security. To overcome these limitations, reversible data hiding over ciphered images (RDH-CI) has gained prominence during the last few yeas.

RDH-CI enhances the security of secret data by employing encryption algorithms [16], enabling more effective protection of privacy content during the transmission of sensitive data. In [17], Wang et al. introduced an adaptive most significant bit (MSB) prediction-based method for RDH-CI, in which the pixel correlation is remained by block permutation encryption. With the help of the symmetry of the block permutation, the embedding room can be created by MSB prediction. In the method of Gao [18], the cover image underwent encryption by block substitution and bitstream cipher. The ciphered image is then compressed on the basis of adaptive block coding; therefore, the room used for embedding data is vacated. In [19], Sui et al. used a pseudo-random matrix-based symmetric encryption to encrypt a primitive image. The receiver uses the same key matrix to restore the primitive image due to the symmetry of the encryption algorithm. In addition, MSB and the remaining bits of the primitive image are combined to generate hiding room by employing the property of image redundancy. In [20], bitstreams are initially encrypted using the JPEG encryption algorithm. Subsequently, a combination of Huffman code mapping and histogram shifting is employed to conceal secret data. Finally, the receiver extracts the concealed secret data from marked JPEG bitstreams, achieving perfect reconstruction of the primitive bitstreams. In Ge’s approach [21], chaotic sequences are generated using chaotic mapping, which are utilized to perform inter-block scrambled operations, and finally secondary encryption is performed by stream cipher to improve security. In the data embedding stage, the detection of all bit planes is achieved by recording smooth and rough bit planes, which yields a high embedding capability.

The homomorphism-based RDH-CI is also presented, which is particularly prominent in scenarios where computations need to be conducted while maintaining data encryption. In Wu’s scheme [22], the Pallier algorithm is used to encrypt the preprocessed images, which can realize the extraction of data in both plaintext and ciphertext domains due to the homomorphism of the Paillier algorithm. In addition, Zheng et al. [23] proposed a method to generate a ciphered cover using homomorphic encryption, which enables the data hider to conceal secret data within a ciphered cover by establishing a secret bit mapping and lossless modification. The receiver can successfully retrieve the hidden data from the ciphered domain. Ke et al. [24] proposed a fully homomorphic cryptographic encapsulation differential extension scheme to achieve ciphertext control for homomorphic encryption. By introducing a key-switching technique, the data extraction process can be efficiently achieved by directly retrieving data from the ciphered domain. However, an obvious disadvantage of homomorphic encryption is its high computational overhead, which may lead to performance decline during large-scale data processing.

The mentioned RDH-CI methods are built on a data hider, and when the data hider is compromised, the recovery of the primitive image cannot be realized. To improve the restorability, there has been a rise in the introduction of multi-party reversible data hiding over ciphered images (MRDH-CI) [25,26]. Chen et al. [25] proposed a MRDH-CI method derived from secret sharing, in which multiple ciphered images are generated and assigned to multiple data hiders. Every data hider conceals the secret data into a designated area of the ciphered image through the substitution of the least significant bits. In [26], Hua et al. firstly proposed a cryptographic feedback secret sharing (CFSS) to generate multiple ciphered images. Then, a multi-MSB prediction method is employed to reserve embedding room for data hiding. MRDH-CI methods ensure the lossless restoration of the primitive image through gathering some marked ciphered images from intact data hides.

However, the MRDH-CI methods cannot efficiently deal with overexposed images since there are many pixels that are not directly encrypted into multiple ciphered pixels (called overflow pixels). They either fail to produce satisfactory results, or only work well for conventional images. To address this issue, multi-party reversible data hiding over ciphered overexposed images (MRDH-COI) is proposed, in which the overflow pixels are efficiently processed for data hiding. In the following, the contributions of this paper are encapsulated:

• By decomposing the pixel of the overexposed image into two parts, each of which is suitable for secret sharing, it is thus efficient to handle overflow pixels.
• An encryption algorithm combining group scrambling and modified secret sharing is given for the overexposed image, by which the differences of the groups of ciphered overexposed images are retained. It means that the ciphered overexposed images can be facilely used for data hiding.
• According to the given overexposed image encryption, the overflow pixels can be encrypted without labeling, so the executing time of the overexposed image encryption is reduced.

The subsequent sections of this paper are organized below. A brief analysis of related MRDH-CI works is given in Section 2. Section 3 provides the presented MRDH-COI approach. The experiment and its analysis are demonstrated in Section 4. At last, Section 5 draws our conclusion.

2. Related Works

The existing MRDH-CI methods are designed for conventional images. In [25], a MRDH-CI method is given, in which the traditional secret sharing strategy is employed to encrypt the primitive image into multiple ciphered images, and the ciphered images are distributed to multiple data hiders so that they can be used to embed data independently. In the case of a damaged hider, by collecting marked ciphered images from other undamaged hiders, the receiver is able to restore the primitive image in a lossless manner, which significantly improves the security of the image. In [26], a CFSS-based MRDH-CI method is proposed, in which the embedding room is reserved by the content owner. First, the median edge detector is used to predict the image to produce predictable pixels, and the MSB planes are determined based on the proportion of predictable pixels. Then, the predictor error is obtained by predicting the MSB planes, and the embedding room is reserved by encoding the predictor error with Huffman coding. This method provides a feasible and secure encryption protection mechanism for multiple data hiders.

The MRDH-CI methods proposed in [25,26] are constructed over finite field $F_p$ by Shamir secret sharing [27], where p is a prime. For grayscale images with 8 bits, the pixels exceeding 250 are not suitable for secret sharing since p is set to 251. Therefore, the pixels exceeding 250 need to be processed so that they can be used for secret sharing. In [25], a location map (LM) is used to label the pixels exceeding 250 and concealed within the primitive image in a reversible manner. In [26], to label the pixels exceeding 250, the difference between $p-1$ and the pixel value is encoded by introducing reference information. The reference information is embedded into the multiple MSBs of the pixel vacated via prediction error expansion.

However, the methods mentioned above have deficiencies in dealing with overexposed images. Four overexposed images selected from the standard dataset [28] are used for the demonstration as shown in Figure 1. We found that the percentages of pixels exceeding 250 are 51.7%, 61.7%, 59.8%, and 62.4%, respectively. In other words, there are plenty of overflow pixels that are not directly encrypted into multiple ciphered pixels. To deal with these overflow pixels, a lot of auxiliary information is required. For the method in [25], the primitive image may not have enough room to accommodate this auxiliary information. In [26], a lot of auxiliary information will increase the computational overhead since it is implemented by the reserving embedding room technique.

Faced with these challenges, we propose a novel MRDH-CI method that focuses on solving the problem of overflow pixels in overexposed images. The challenge posed by overflow pixels is effectively overcome by splitting the pixel of the image into two parts. In addition, by combining group scrambling and modified secret sharing techniques, the grouping differences of overexposed images can be preserved during encryption, thus making the ciphered overexposed images suitable for data hiding. The key to the proposed scheme is the successful fusion of overexposed image processing and encryption algorithms, which achieves the efficient encryption of overflow pixels without labeling. The proposed scheme simplifies the process of overexposed image encryption, thereby significantly reducing the time cost of processing overflow pixels.

3. Presented Approach

Figure 2 shows the given MRDH-COI approach, which involves encrypting the overexposed image, hiding data into ciphered overexposed images, and extracting hidden data and restoring overexposed images. For encrypting the overexposed image, the owner first scrambles an overexposed image to obtain a scrambled overexposed image. Then, the scrambled overexposed image is split into multiple ciphered overexposed images by secret sharing, and the ciphered overexposed images are sent to the associated data hiders, respectively. After that, every data hider conceals the secret data within a ciphered overexposed image, resulting in the creation of a marked ciphered overexposed image. In the step of extracting hidden data and restoring the overexposed image, once a sufficient number of marked ciphered overexposed images are obtained, the receiver first performs data extraction to obtain the embedded secret data. Subsequently, the receiver proceeds with the overexposed image restoration to obtain the primitive overexposed image.

3.1. Overexposed Image Encryption

Suppose the overexposed image O is an eight-bit grayscale image sized by $P\times Q$, and $O_{\alpha ,\beta }$ is the pixel at location $(\alpha ,\beta )$, where $O_{\alpha ,\beta }\in [0,255]$, $1\le \alpha \le P$, $1\le \beta \le Q$. For simplicity, P and Q are considered even. The overexposed image encryption is comprised of two parts: group scrambling and secret sharing. First, the owner divides the overexposed image into groups with size $1\times 2$. It is easily obtained that there are $PQ/2$ groups. All groups of the overexposed image are scrambled by using an encryption key, then a scrambled overexposed image $O^{\prime }$ is obtained. It is worth mentioning that by using a pseudorandom number generator with a seed, the encryption key can be created. The key generation process is shown in Figure 3. First of all, the content owner chooses a seed at random and assigns the seed to the state. Secondly, with the state, an encryption key is generated by adopting a 256-bit secure hash algorithm (SHA-256). At the same time, the state is modified to the sum of the encryption key and step m, where m is an integer. Finally, the second step is repeated to generate multiple encryption keys as needed. In general, the encryption key is shared over a covert channel or a public channel with the assistance of a key exchange protocol, such as the Diffie–Hellman key negotiation algorithm.

After group scrambling, secret sharing is performed on the scrambled overexposed image $O^{\prime }$. Herein, a modified secret sharing method inherited from Shamir secret sharing is used to convert the scrambled overexposed image into multiple ciphered overexposed images. For grayscale images with eight bits, pixels exceeding 250 do not lend themselves to secret sharing. To address this issue, we decompose the pixels of the overexposed image and make a simple modification to $(t,n)$ threshold secret sharing [27], where $2\le t\le n$. Let a group of the scrambled overexposed image be $(O_{i,j}^{\prime },O_{i,j+1}^{\prime })$, where $1\le i\le P$, $j=1,3,\dots ,Q-1$. To obtain multiple ciphered overexposed images, a identifier is chosen for each ciphered overexposed image, denoted as $x_r$, $1\le r\le n$, each of which is distinct from one another. Usually, $x_r$ is determined by the encryption key. When $O_{i,j}^{\prime }$$\in [d,255]$ or $O_{i,j+1}^{\prime }$$\in [d,255]$, a polynomial $f\left(x\right)$ with a degree of $t-1$ is formulated via

$$f\left(x\right)=\left(a_0+dx+\sum _{q=2}^{t-1}{a}_q{x}^q\right)modp,$$

(1)

where $a_0=O_{i,j}^{\prime }-d$ or $a_0=O_{i,j+1}^{\prime }-d$, $d\ge 5$ is a integer, and $a_2,\dots ,a_{t-1}\in F_p$ are chosen at random. For each specified $x_r$, a corresponding $f\left(x_r\right)$ can be calculated by Equation (1), and $f\left(x_r\right)$ is set as the pixel of the ciphered overexposed image. When $O_{i,j}^{\prime }$$\in [0,d-1]$ or $O_{i,j+1}^{\prime }$$\in [0,d-1]$, another polynomial $f\left(x\right)$ with a degree of $t-1$ is formulated via

$$f\left(x\right)=\left(a_0+0x+\sum _{q=2}^{t-1}{a}_q{x}^q\right)modp,$$

(2)

where $a_0=O_{i,j}^{\prime }$ or $a_0=O_{i,j+1}^{\prime }$. Similarly, for each specified $x_r$, another corresponding $f\left(x_r\right)$ can be calculated by Equation (2), and the corresponding $f\left(x_r\right)$ is set as the pixel of the ciphered overexposed image. In this way, n ciphered overexposed images are created, and the created ciphered overexposed images are shared among n data hiders for data hiding. Algorithm 1 shows the procedure of the overexposed image encryption.

Next, we will demonstrate that the obtained ciphered overexposed images are suitable for data hiding. An example is given in Figure 4, where $(3,3)$ modified secret sharing is adopted. Assume that a group of the scrambled overexposed image is $(252,254)$. With the encryption key, three identifiers 2, 3, and 5 are generated. According to Equation (1), two 2-degree polynomials with $d=5$ and random integer $a_2=10$ are constructed by

$$f\left(x\right)=247+5x+10x^{2}mod251,$$

(3)

and

$$f\left(x\right)=249+5x+10x^{2}mod251,$$

(4)

respectively. Three identifiers 2, 3, and 5 are substituted into Equations (3) and (4), and three corresponding groups of ciphered overexposed images $(46,48)$, $(101,103)$, and $(20,22)$, are generated, respectively. As can be seen, the differences of the generated three groups are retained, which means that the ciphered overexposed images can be used for data hiding.

Algorithm 1 Overexposed image encryption.

Input: Overexposed Image O, Encryption Key.

Output: Ciphered Overexposed Image $C{O}^r$.

Divide O into groups with size 1 × 2;

Obtain scrambled overexposed image $O^{\prime }$ by scrambling the groups;

for r ← 1 : n do

Generate $x_r$ with the encryption key;

for i ← 1 : P do

for j ← 1 : Q do

if $O_{i,j}^{\prime }$ ≥ d && $O_{i,j}^{\prime }$ ≤ 255 then

$a_0$←$O_{i,j}^{\prime }-d$;

Construct polynomial $f\left(x\right)$ by Equation (1) with $a_0$, d and random integer $a_q$;

else

$a_0$←$O_{i,j}^{\prime }$;

Construct polynomial $f\left(x\right)$ by Equation (2) with $a_0$ and random integer $a_q$;

end if

$C{O}_{i,j}^r$← Calculate $f\left(x\right)$ with $x_r$;

end for

end for

end for

For the group belonging to $[0,d-1]$, the difference retaining verification is similar to the group belonging to $[d,255]$, and thus no description is provided here.

3.2. Data Hiding

To manage the obtained ciphered overexposed images, data hiders conceal secret data into them to create marked ciphered overexposed images without accessing the primitive overexposed image. Based on the analysis in Section 3.1, the differences of the groups of ciphered overexposed images are retained, so data hiding can be achieved using the classic difference expansion algorithm, such as the method in [7]. Let the ciphered overexposed image be $C{O}^r$,$1\le r\le n$. The group of the ciphered overexposed image is represented by $(C{O}_{i,j}^r,C{O}_{i,j+1}^r)$, $1\le i\le P$, $j=1,3,\dots ,Q-1$. Specifically, comprehensive description of the data hiding algorithm is provided below.

• Compute the integer mean and difference of the groups of ciphered overexposed images. For each $(C{O}_{i,j}^r,C{O}_{i,j+1}^r)$, the integer mean and difference are computed by $l=⌊\frac{C{O}_{i,j}^r+C{O}_{i,j+1}^r}{2}⌋$ and $h=C{O}_{i,j}^r-C{O}_{i,j+1}^r$, respectively, where $\lfloor ·\rfloor$ is a floor function.
• Determine the expandable and non-expandable groups. A group is expandable if its integer mean l and difference h satisfy $\left|2\times \lfloor \frac{h}{2}\rfloor +b\right|\le min(2(255-l),2l+1)$, where b is the bit of the secret data; otherwise, it is considered non-expandable. In addition, an LM is created to label expandable and non-expandable groups, and their associated bits are set to 0 and 1, respectively.
• Embed secret data into the expandable groups. First, for each expandable group, a new difference is generated with the difference h by

  $$h^{\prime }=2\times h+b,$$

  (5)

  where $b\in \{0,1\}$ is the bit of the secret data that is concealed within the ciphered overexposed images. Then, with the new difference $h^{\prime }$, the pixels of the marked ciphered overexposed image are computed by

  $$\left\{\begin{array}{c}CO{D}_{i,j}^r=l+\lfloor \frac{h^{\prime }+1}{2}\rfloor ,\hfill \\ CO{D}_{i,j+1}^r=l-\lfloor \frac{h^{\prime }}{2}\rfloor ,\hfill \end{array}\right.$$

  (6)

  where $CO{D}_{i,j}^r$ (resp. $CO{D}_{i,j+1}^r$) is the pixel of the rth marked ciphered overexposed image at location $(i,j)$ (resp. $(i,j+1)$).

By these means, the ciphered overexposed images can accommodate the embedding of secret data, and the marked ciphered overexposed images are generated, denoted as $CO{D}^r$, $1\le r\le n$. The data hiding procedure is given in Algorithm 2.

Algorithm 2 Data hiding.

Input: Ciphered Overexposed Image $C{O}^r$, Embedded Bit b. Output: Marked Ciphered Overexposed Image $CO{D}^r$. 1: for $i\leftarrow 1$ : P do 2:     for $j\leftarrow$ 1 : 2 : Q do 3:         $h\leftarrow C{O}_{i,j}^r-C{O}_{i,j+1}^r$; 4:         $l\leftarrow \lfloor (C{O}_{i,j}^r+C{O}_{i,j+1}^r)/2\rfloor$; 5:         if $|2\times \lfloor h/2\rfloor +b|\le min(2\times (255-l),2\times l+1)$ then 6:            $h^{\prime }\leftarrow 2\times h+b$; 7:            $CO{D}_{i,j}^r\leftarrow l+\lfloor \frac{h^{\prime }+1}{2}\rfloor$; 8:            $CO{D}_{i,j+1}^r\leftarrow l-\lfloor \frac{h^{\prime }}{2}\rfloor$; 9:         end if 10:     end for 11: end for

It is noted that the LM has high data redundancy since most groups are expandable. We use run-length coding to compress LM to generate compressed LM. Meanwhile, the compressed LM is required for data retrieval and overexposed image reconstruction, and hence it is embedded into the pixels of the initial few rows of the ciphered overexposed images. The initial few rows of pixels from the ciphered overexposed images will be concealed within the remaining pixels along with the secret data.

3.3. Data Extraction and Overexposed Image Restoration

When having any t marked ciphered overexposed images, the concealed data and the primitive overexposed image can be obtained by the receiver. Assume any t marked ciphered overexposed images are received, represented by $CO{D}^{r_1},CO{D}^{r_2},\dots ,CO{D}^{r_t}$, where $\{r_1,r_2,\dots ,r_t\}$ ⊆ $\{1,2,\dots ,n\}$.

3.3.1. Data Extraction

Extracting concealed secret data is performed on the expandable groups of marked ciphered overexposed images. Denote $(CO{D}_1^{r_s},CO{D}_2^{r_s})$ as an expandable group, where $s=1,2,\dots ,t$. The data extraction is described in detail as follows:

• Fix the expandable groups. Extract the compressed LM from the pixels of the initial few rows of marked ciphered overexposed images, and decode it to obtain the associated LM. By the decoded LM, the expandable groups are fixed, that is, if the bit of LM is 0, the corresponding group is expandable.
• Compute the integer mean and difference of the expandable groups. For an expandable group $(CO{D}_1^{r_s},CO{D}_2^{r_s})$, the integer mean $l^{\prime }$ and difference $h^{\prime }$ are computed by $l^{\prime }=⌊\frac{CO{D}_1^{r_s}+CO{D}_2^{r_2}}{2}⌋$ and $h^{\prime }=CO{D}_1^{r_s}-CO{D}_2^{r_s}$, respectively.
• Retrieve the secret data by utilizing the difference $h^{\prime }$. The embedded secret data are obtained by

  $$b=h^{\prime }mod2,$$

  (7)

  where b is the bit of the secret data.

Algorithm 3 shows the data extraction procedure.

Algorithm 3 Data extraction.

Input: Any t Marked Ciphered Overexposed Image $CO{D}^{r_s}$. Output: Embedded bit b. 1: for $i\leftarrow 1:P$ do 2:     for $j\leftarrow 1:2:Q$ do 3:         if $(CO{D}_{i,j}^{r_s},CO{D}_{i,j+1}^{r_s})$ is an expandable group then 4:            $l^{\prime }\leftarrow \lfloor (CO{D}_{i,j}^{r_s}+CO{D}_{i,j+1}^{r_s})/2\rfloor$; 5:            $h^{\prime }\leftarrow CO{D}_{i,j}^{r_s}-CO{D}_{i,j+1}^{r_s}$; 6:            $b\leftarrow h^{\prime }mod2$; 7:         end if 8:     end for 9: end for

3.3.2. Overexposed Image Restoration

For overexposed image restoration, we first transform the marked ciphered overexposed images to ciphered overexposed images and then restore the primitive overexposed image from the ciphered overexposed images. In fact, only expandable groups of the ciphered overexposed images are modified for data hiding. Therefore, the non-expandable groups of the marked ciphered overexposed images can be recognized as those of the ciphered overexposed images. On the other hand, with the integer mean $l^{\prime }$ and the difference $h^{\prime }$, the expandable groups of the ciphered overexposed images can be obtained by

$$\left\{\begin{array}{c}C{O}_1^{r_s}=l^{\prime }+\lfloor \frac{h+1}{2}\rfloor ,\hfill \\ C{O}_2^{r_s}=l^{\prime }-\lfloor \frac{h}{2}\rfloor ,\hfill \end{array}\right.$$

(8)

where $(C{O}_1^{r_s},C{O}_2^{r_s})$, $1\le s\le t$ is an expandable group of the ciphered image $C{O}^{r_s}$ and $h=\lfloor \frac{h^{\prime }}{2}\rfloor$.

After the t ciphered overexposed images are generated, the primitive overexposed image is recovered. According to the encryption key, the identified $x_{r_s}$,$1\le s\le t$, can be obtained. Subsequently, the polynomial $f\left(x\right)$ with a degree of $t-1$ is reconstructed via the Lagrange polynomial interpolation technique as represented by

$$f\left(x\right)=\sum _{1\le v\le t}\left(C{O}_{\alpha ,\beta }^{r_v}\prod _{1\le u\le t,u\ne v}\frac{x-x_{r_u}}{x_{r_v}-x_{r_u}}\right)modp,$$

(9)

where $C{O}_{\alpha ,\beta }^{r_v}$ is the pixel of the ciphered overexposed image $C{O}^{r_v}$ at location $(\alpha ,\beta )$, $1\le \alpha \le P$, $1\le \beta \le Q$. Obviously, the parameter d is equivalent to the coefficient associated with a term in the function $f\left(x\right)$. If $d\ne 0$, the pixel of the scrambled overexposed image is calculated by $O_{\alpha ,\beta }^{\prime }=a_0+d$ or $O_{\alpha ,\beta +1}^{\prime }=a_0+d$; otherwise, we have $O_{\alpha ,\beta }^{\prime }=a_0$ or $O_{\alpha ,\beta +1}^{\prime }=a_0$, where $a_0$ is the constant term of $f\left(x\right)$. Finally, the primitive overexposed image is obtained from the scrambled overexposed image according to the inverse operation of the group scrambling with the encryption key. The procedure of overexposed image restoration is provided in Algorithm 4.

Algorithm 4 Overexposed image restoration.

Input: Any t Marked Ciphered Overexposed Image $CO{D}^{r_s}$, Encryption Key. Output: Primitive Overexposed Image O. 1: for $i\leftarrow 1:P$ do 2:     for $j\leftarrow 1:2:Q$ do 3:         if $(CO{D}_{i,j}^{r_s},CO{D}_{i,j+1}^{r_s})$ is an expandable group then 4:            $l^{\prime }\leftarrow \lfloor (CO{D}_{i,j}^{r_s}+CO{D}_{i,j+1}^{r_s})/2\rfloor$; 5:            $h^{\prime }\leftarrow CO{D}_{i,j}^{r_s}-CO{D}_{i,j+1}^{r_s}$; 6:            $h\leftarrow \lfloor h^{\prime }/2\rfloor$; 7:            $C{O}_{i,j}^{r_s}\leftarrow l^{\prime }+\lfloor \frac{h+1}{2}\rfloor$; 8:            $C{O}_{i,j+1}^{r_s}\leftarrow l^{\prime }-\lfloor \frac{h}{2}\rfloor$; 9:         end if 10:     end for 11: end for 12: Generate $x_{r_s}$ with the encryption key; 13: for $i\leftarrow 1:P$ do 14:     for $j\leftarrow 1:Q$ do 15:         Reconstruct $f\left(x\right)$ by Equation (9) with $C{O}_{i,j}^{r_s}$ and $x_{r_s}$; 16:         $a_0\leftarrow$ Constant term of $f\left(x\right)$; 17:         $d\leftarrow$ One term of $f\left(x\right)$; 18:         if $d\ne 0$ then 19:            $O_{i,j}^{\prime }\leftarrow a_0+d$; 20:         else 21:            $O_{i,j}^{\prime }\leftarrow a_0$; 22:         end if 23:     end for 24: end for 25: Obtain O by the inverse operation of the group scrambling with $O^{\prime }$;

4. Experimental Results and Analysis

Herein, the presented method will be evaluated by some experiments, such as effectiveness, security, efficiency, and embedding capacity. Four overexposed images from the common dataset [28] are employed for our experiments, including “1851.pgm”, “1933.pgm”, “2025.pgm”, and “7343.pgm”. All the overexposed images possess a 512 × 512 resolution and are in grayscale as shown in Figure 1.

4.1. Experimental Setup

During the experiment, a computer running 64-bit Windows 10 Professional is chosen as the hardware environment. This computer is configured with an Intel Core i5-11600 processor at 2.8 GHz and an 8 GB of Kingston DDR4 memory. The strong hardware platform provides reliable performance and computational resources to ensure efficient execution of our experiments. Matlab 2012a serves as the experimental software tool, which provides comprehensive support for the research conducted in this paper. This software is a professional tool widely used in the fields of scientific computing and engineering, which contributes to the thorough execution of the study. In the numerical processing procedure, all programs are developed by Matlab language and carried out in Matlab 2012a. The built-in plotting tools of Matlab software are utilized to ensure user-friendly visualization of the experimental results.

4.2. Effectiveness of the Presented Scheme

In this experiment, we conduct tests on an overexposed image to demonstrate the effectiveness of the presented scheme. The result of the experiment is given in Figure 5, where (3,4) modified secret sharing is used. According to the proposed overexposed image encryption algorithm, the overexposed image is encrypted into four different ciphered overexposed images as shown in Figure 5b–e. For each ciphered overexposed image, the secret data are concealed into it, and a marked ciphered overexposed image is generated. The generated marked ciphered overexposed images are shown in Figure 5f–i. With any three marked ciphered overexposed images, the concealed secret data are retrieved, and the primitive overexposed image is restored. The restored overexposed images are shown in Figure 5j–m, each of which is identical to the primitive overexposed image. Therefore, the presented approach can efficiently deal with the overexposed image. In [25,26], the overflow pixels are processed by using a labeling technique. In fact, labeling the overflow pixels generates a lot of auxiliary information, especially for overexposed images. As a result, the primitive overexposed image does not have enough room to accommodate it.

4.3. Security Analysis

The security of the presented approach is evaluated in the following aspects.

4.3.1. Key Strength

According to the key generation process shown in Figure 3, a 256-bit secure hash algorithm (SHA-256) is adopted to generate the encryption key. The security of the encryption key is based on the SHA-256. Thus, the length of the encryption key is 256 bits, and the space of the encryption key is $2^{256}$. In order to recover a certain pixel, the adversary needs to obtain parameter $x_{r_s}$, $1\le s\le t$, $2\le t\le n$. This means that the adversary can break the certain pixel by exploiting $A_{p-1}^t$ attacks, where $p=251$ for 8-bit overexposed image. On the other hand, the encryption key can be used to encrypt 32 pixels at a time since it is of a 256-bit length. For 32 pixels, the adversary needs ${\left(A_{p-1}^t\right)}^{32}$ attacks. Therefore, the strength of the encryption key is $32lo{g}_2^{A_{p-1}^t}$.

4.3.2. Imperceptibility

The analysis of the imperceptibility security is illustrated in Figure 6. Figure 6a shows the primitive overexposed image, while Figure 6b presents the image after group scrambling. From Figure 6b, it can be seen that after the first stage of encryption, the image takes on a noise-like appearance and does not show any information about the primitive image. To further improve security, we perform a second round of encryption via modified secret sharing. The scrambled image is segmented into multiple ciphered images (only the effect of one ciphered image is shown here) as shown in Figure 6c. Upon closer examination of these images, we observe that after the second round of encryption, the images exhibit more randomized noise characteristics. More importantly, a sufficient number of ciphered images must be collected if the primitive overexposed image is to be successfully recovered. Figure 6d,e show the marked ciphered images at different embedding rates, respectively. From these two images, we do not obtain any information about the primitive overexposed image and the embedded data, which means that different embedding capacities do not affect the imperceptibility security. Therefore, the presented approach effectively obfuscates the visual characteristics of the image and provides reliable imperceptibility security for the primitive overexposed image.

4.3.3. Statistical Security

In the proposed scheme of this paper, we adopt a modified secret sharing strategy to share the scrambled overexposed image. This scheme fully utilizes the characteristics of the secret sharing, providing excellent fault tolerance for the overexposed image. To assess the statistical properties of image encryption and data hiding, we plot the histograms of the ciphered and marked ciphered images of two overexposed images, respectively, as shown in Figure 7. The histogram distributions of these two images are shown in Figure 7a,h. Observing the histogram reveals that the pixel values of the primitive image are unevenly distributed. Figure 7b–d,i–k show the histogram distribution of the ciphered image through secret sharing. As can be seen from these histogram distributions, the pixel values of the ciphered images are evenly distributed, thereby effectively improving the statistical security. In addition, Figure 7e–g,l–n show the histogram distributions of the marked ciphered images with embedding rates of 0.1 bpp, 0.2 bpp, and 0.3 bpp, respectively. Observing these six histograms, it is evident that despite different embedding rates, the pixel distribution of the marked ciphered images remains uniform. This indicates that the proposed scheme is effective in protecting image content, whether for different embedding rates of the same image or similar embedding rates for different images.

4.3.4. Occlusion Attack

In the presented scheme, by sharing the primitive overexposed image into n ciphered overexposed images with a modified secret sharing method, we enhance the resistance of the image to occlusion attack. An adversary may attempt to hinder the understanding of the image by obscuring or disrupting it. However, due to the adoption of secret sharing, the information of the primitive overexposed image is distributed among multiple marked ciphered overexposed images. Thus, even if a portion of the marked ciphered overexposed images are subjected to an occlusion attack, it is still possible to recover the primitive overexposed image by collecting a sufficient number of marked ciphered overexposed images. This fault tolerance enables the effective restoration of the primitive overexposed image, thereby enhancing the robustness of the proposed scheme against occlusion attacks.

4.4. Discussion on Parameter d

Parameter d is one of the important factors for effectively handling overflow pixels in the presented method. The trend of embedding capacity with the variation of parameter d is illustrated in Figure 8. It can be observed from waveform diagrams that the variation of parameter d has a very small effect on the embedding capacity. It is interesting to note that the optimal choice of parameter d may vary due to the introduction of random numbers in the polynomials. This implies that the embedding capacity exhibits randomness and uncertainty for different values of parameter d. This randomness plays a positive role in improving the security and attack resistance of the scheme. Specifically, in these four images, the fluctuation range of the embedding capacity remains between 0.0018 and 0.0039 as d changes. This variation may be related to the smoothness or randomness of the image. For the image “7343.pgm”, the embedding capacity fluctuates the least, showing a relatively stable behavior. Also, the experimental results show that the embedding capacity of “7343.pgm” is higher compared to the other three images. Overall, the effect of the parameter d on the embedding capacity is very small, while the introduced randomness effectively improves the security of the proposed scheme.

4.5. Efficiency Comparison

Efficiency is a key metric of the MRDH-CI method. In this context, we consider the executing time to demonstrate efficiency.

Table 1. Comparison of executing time (in second) between the presented approach and the approach in [26] under different encryption strategies for overexposed images.

Schemes	Overexposed Images	Encryption Strategies
		(3,4)	(3,5)	(4,5)	(3,6)	(4,6)
Hua et al. [26]	1851.pgm	13.53	15.28	11.82	17.06	12.39
	1933.pgm	12.61	14.23	10.38	16.01	12.16
	2025.pgm	15.09	16.07	12.17	18.58	14.05
	7343.pgm	9.95	11.48	8.75	12.77	9.58
Proposed	1851.pgm	6.28	7.76	7.65	8.89	9.24
	1933.pgm	7.15	8.21	7.70	9.17	9.89
	2025.pgm	6.33	9.31	8.07	9.22	9.83
	7343.pgm	6.51	7.47	8.05	9.44	9.53

shows the comparison of the average executing time of the overexposed image encryption phase between the proposed approach and the approach in [26] under various encryption strategies for different overexposed images. For the image encryption of the presented approach, the overexposed image is directly ciphered by the group scrambling and modified secret sharing. Instead, for the image encryption of the method in [26], reserving the embedding room is performed first, and then the image is encrypted by secret sharing. It is known that the presented approach gains a faster processing speed in the image encryption phase by increasing parameters t and n. It means that reserving embedding room increases the extra computational overhead.

4.6. Embedding Capacity Analysis

The embedding rate is used to assess embedding performance. The embedding rate (bpp) is the proportion of the total embedded bits to the total pixels of each ciphered overexposed image. For the method in [25], the maximum embedding rate is approximately 3.5 bpp since 7 bits can be embedded into one pixel when sharing two ciphered images. At the same time, the embedding rate does not vary with the distribution of images. However, the embedding rate decreases rapidly as more ciphered images are shared. For the method in [26], it is also possible to achieve a high embedding rate since the hiding room is created from the primitive image during the image encryption stage. But vacating the embedding room from the primitive image requires more computational overhead. As discussed in Section 4.5, the method in [26] has a longer executing time in the image encryption phase. In the proposed scheme, a bit is embedded into a group, and a embedding rate with 0.5 bpp is obtained. Obviously, the presented approach cannot produce a satisfactory embedding capacity due to conservative hiding. To improve the embedding capacity, multi-level hiding is introduced, that is, hiding the data into an expandable group multiple times until the expandable group becomes a non-expandable group.

5. Conclusions

Recently, there has been growing interest in the MRDH-CI approach. This approach ensures the ability to restore the primitive image, even when some data hiders are damaged. However, the MRDH-CI cannot efficiently deal with overexposed images since there are plenty of overflow pixels that are not directly encrypted into multiple ciphered pixels. This paper proposes a MRDH-COI, in which the overflow pixels can be efficiently processed. First of all, the pixels of the group of the overexposed image are decomposed into two parts so that they can be encrypted by secret sharing. In order to encrypt the overexposed image into multiple ciphered overexposed images, the overexposed image is first scrambled by group scrambling and then converted by modified secret sharing. The obtained ciphered overexposed images have the ability to facilitate data hiding since their differences are retained. With the symmetry of the difference retaining, the difference expansion algorithm can be exploited to conceal the secret data within ciphered overexposed images to generate marked ciphered overexposed images. When any sufficient marked ciphered overexposed images are authorized, the primitive overexposed image and the concealed data are retrieved symmetrically. Finally, an experiment and its analysis are provided to illustrate the effectiveness and efficiency of the presented approach.