Efficient secret sharing scheme with cheater identification based on QR code

Abstract

Secret sharing is an effective way of protecting secret messages. However, the traditional secret sharing schemes are considered meaningless due to malicious people attention which might raise risks. To overcome the weakness, this paper presents an effective secret sharing scheme with the functionality of cheater identification, based on meaningful QR code. The secret message will be split and concealed in the padding region of cover QR codes with the assistance of Latin square and it can be completely restored when all the involved participants cooperate. The concealing strategy exploits the characteristic of Reed-Solomon (RS) code to ensure the strong robustness of generated QR code pseudo-shares. The meaningful QR code pseudo-shares help to reduce the curious of unrelated persons. Some experiments were done to evaluate the performance of proposed scheme. The results showed that the proposed scheme is feasible, efficient and secure compared to the other existing schemes. It also achieves a higher secret payload and maintains stronger robustness.

1. Introduction

 Secret sharing (SS) schemes were invented by Shamir and Blakley independently in 1979 to protect the highly sensitive messages and has been extensively studied in recent years. In a typical  -threshold secret sharing scheme, the sensitive message divided into   shares and assigned to   involved participants. The sensitive message would be successfully reconstructed only when any   or more than   involved participants cooperate. The reconstruction process will fail when combination is fewer than   shares. Through this way, the sensitive message is protected. There are many well-known secret sharing schemes, such as Shamir’s SS [1], Blakley’s SS [2] and Azimuth–Bloom’s SS [3], but the sharing of these schemes are considered meaningless due to malicious people’s interest, which leads to the potential risk. To overcome this type of weakness, many researchers studied the secret sharing schemes in which the sensitive information are encoded into meaningful image shares [4-11]. The meaningful

 With the development of smart phone and Internet of Things (IoT), QR codes severed as interactive medium and widely used in various fields, such as mobile payment, marketing, production tracking and many others. QR code has a characteristic of faster readability and higher storage compared to one dimensional barcode. Therefore, researchers start to study the secret sharing schemes based on QR code.

 In 2010, Chuang et al. [12] firstly proposed a  -threshold secret sharing scheme based on QR code. The scheme employed the concept of Shamir’s SS to divide the secret message into   secret shares, and generated   shadows in the form of QR code by concealing these secret shares as the public message of QR codes. In the secret recovering procedure, any   out of   QR codes can be used to recover secret message by the Lagrange polynomial interpolation. However, for QR code as a public patent, the secret shares as the public of QR code would cause security issues. Anyone can decode the secret share with general QR code reader. The cheater can easily forge a fake QR code with secret share read from a real QR code shadow. Unfortunately, this fake QR code is treated as a valid shadow in the secret revealing process which lead to secret message leakage.

 To enhance system security, Lin [13] exploited the QR code error correction capacity by proposing an  -threshold secret sharing scheme. Lin’s scheme employed the technology of wet paper code [14] to randomly embed both the secret share and authentication message in cover QR codes. This randomly embedding strategy would produce a lot of QR code error codewords, and reduce the error correction capacity. The generated QR code pseudo-shares are still valid unless the error correction capacity bankrupt. The meaningful QR code pseudo-shares reduce malevolent people’s attentions with the help of the cheater detection function which makes it difficult to forge a fake QR code pseudo-shares. Chow et al. [15] and He et al. [16] proposed two QR code secret sharing scheme to improve the security of Chuang’s scheme. Their schemes employed the symmetric encryption algorithm to encrypt shares before embedding shares into the meaningful cover QR codes. The encrypted shares embedding strategies of these two schemes are also based on QR code error correction capacity. Huang et al. [17] utilized the concept of Sudoku puzzle and Shamir’s SS to propose a  -threshold secret sharing scheme with the functionality of cheater prevention. This scheme converted the secret shares into Sudoku digit stream and sequentially replaced them with the data codewords of cover QR codes. The byte-based embedding strategy produces minimum errors for QR code decoding. The secret payload would be much higher than that of Lin’s scheme with randomly embedding strategy. At the same time, Huang et al.’s scheme embedded the secret key along with secret share in the cover QR code. The participants do need to hold the additional secret embedding keys but just the QR code pseudo-shares.

 Noting that all these four schemes exploited the redundancy check mechanism of QR code to recover the errors caused by secret embedding process, but there are still several flaws in this kind of schemes. Firstly, the secret payload is limited by the error correction capacity of cover QR code. Secondly, the secret shares embedding strategy would reduce the QR code error correction capacity, so the generated QR code pseudo-shares became vulnerable to withstand image attacks, such as noising, fouling, print-and-scan processing. Therefore, the robustness of the QR code pseudo-shares is poor.

 Furthermore, both Lin’s scheme and Huang et al.’s scheme implemented the functionality of cheater prevention. First, in the secret revealing procedure, the cheater identification process is performed to detect and identify the malicious participants. Only through the valid verification of QR code pseudo-shares and secret keys, the secret retrieval process would be performed to reconstruct the secret message. This creates difficulty for malicious people to forge a fake QR code pseudo-shares. However, both the cheater prevention mechanisms are defective. The cheater detection functionality of Lin’s scheme is available only when the dishonest participant provides a real secret key and a fake QR code pseudo-shares. All the participants’ secret key together served as an input to generate the authentication stream, so the cheater detection would fail when the dishonest participant provides a fake secret key. But for Huang et al’ scheme, the authentication message depends on secret keys extracted from two sequential QR code pseudo-shares, so the functionality of cheater detection of Huang et al’ scheme is available only when the condition   is satisfied.

 Taking the above-mentioned flaws of existing works into consideration, we propose a new  -threshold secret sharing scheme with cheating prevention based on QR code. The proposed scheme divides the secret message into   secret shares, and disguises them as a series of coordinate position information of Latin square to prevent from leakage. The disguised shares along with authentication message will be embedded in the padding region of cover QR codes by utilizing the XORed characteristic of Reed-Solomon code. Finally, the generated QR code pseudo-shares will be distributed to involved participants. In the secret construction procedure, the legitimacy of QR code pseudo-shares will be verified before secret constructing to prevent secret message from being illegally acquired. Experimental results showed that the proposed scheme is feasible, efficient and keyless, also the generated QR code pseudo-shares can resist common image attacks such as nosing, blurring, fouling, damaging and so on. Comparison with existing works demonstrates the proposed scheme achieves a much higher secret payload.

 The organization of this paper is as follows: Section 2 briefly introduces the technology of QR code and Latin square, especially the XORed characteristic of Reed-Solomon code. Section 3 presents the secret sharing procedure and the secret construction procedure of the proposed scheme. Section 4 shows the performance of the proposed scheme, including secret payload, security analysis and robustness analysis. It also conducts the comparisons with existing works. Section 5 concludes this paper.

 

2. Preliminary

 This section briefly introduces the technology of QR code and Latin square, especially the XORed characteristic of RS code.

 

2.1 The technology of QR code

 A standard QR code consists of black and white modules that randomly arranged into a square. It always contains data codewords, error correction codewords and functional patterns. The QR code standard provides 40 user-selectable versions and 4 different error correction levels for each version. QR code employs the Reed-Solomon error correction mechanism to ensure its decodability even if it suffered from different kind of attacks. According to the QR code specification, two codewords of error correction code can correct one codeword’s error. Russ Cox [18] pointed out that two RS codes with the same length of data codewords and error correction codewords can be XORed. The result of XOR operation is still a valid RS code. It means that one RS code can be derived from two other RS codes. For instance, assume that two RS codes A and B consist of 8 bits data and following 4 bits error correction code. The XOR operation result C shown in Table 1 is still a valid RS code.

Table 1. An XOR operation result of two RS codes

 From another point of view, assume that we try to flip the 1^st bit and 5^th bit data codewords of RS code A, we can construct a data codewords 10001000 whose data bits are all zero except the 1^st bit and 5^th bit, and generate the corresponding error correction codewords by using Reed-Solomon algorithm and add them to the tail of data codewords to form RS code B. The result C will be derived by XORing RS code A with RS code B. The XOR operation not only flipped the 1^st bit and 5^th bit of RS code A, but also kept the result C to be a valid Reed-Solomon code.

 Noting that the content of QR code is combination of several RS codes. Utilizing the XOR characteristic of RS code, we can flip any bits of data codeword of QR code, but without scarifying the error correction capacity of QR code.

 

2.2 Latin square

 Latin square, introduced by Leonhard Euler is an \(n \times n\)  size of array filled with   n different symbols. Each symbol only occurs once in each row and each column. According to [19], the number of possible solutions of an \(n \times n\)  Latin square is growing exponentially. Table 2 is the example of \(8 \times 8\) sized Latin square with eight numbers from 0 to 7. The total possible solutions of an \(8 \times 8\)  Latin square are  108,776,032,459,082,956,800\(\approx 1.09 \times 10^{20}\) [20]. We take advantage of this feature to disguise the secret shadow message into Latin square matrix coordinates in our proposed secret sharing procedure described in Section 3.1, to satisfy the requirement of security and reversibility.

Table 2. An example of  Latin square

 

3. The proposed scheme

 Based on the XORed characteristic of RS code and the technology of QR code, we design a new  -threshold secret sharing scheme to protect secret message with meaningful QR code pseudo-shares. Fig. 1 illustrates the flowchart of secret sharing procedure of the proposed scheme. There is a dealer and  n participants in the proposed scheme. In the secret sharing procedure, the dealer is responsible for secret shares derivation, authentication message generation and message embedding in cover QR code. In the secret revealing procedure, firstly the dealer verifies the legitimacy of QR code pseudo-shares that provided from   participants to prevent cheater, and then reconstructs the secret message when all the QR code pseudo-shares are validated.

 

Fig. 1. The flowchart of secret sharing procedure of the proposed scheme

 Noting that data bits in the padding region of QR code is useless and meaningless, the proposed scheme tends to embed the secret share   and the authentication message   in the padding region of the cover QR code with the assistance of Latin square. Fig. 2 illustrates the composition of RS code within QR code of the proposed scheme.

Fig. 2. The composition of RS code within QR code of the proposed scheme

 

3.1 (n, n)-threshold secret sharing procedure

 Assume that there is a secret message S  to be shared among  n participants, who held n  cover QR codes marked as  \(c Q R_{1}, c Q R_{2}, \dots, c Q R_{n}\), respectively.

 Step 1 Generate n-1  random secret shares \(S_{1}, S_{2}, \dots, S_{n-1}\)  of the same length as  S. Then derive secret share s_n by XORing   with these secret shares \(S_{1}, S_{2}, \dots, S_{n-1}\) .

\(s_{n}=s_{1} \oplus s_{2} \oplus \ldots \oplus s_{n-1} \oplus S.\)       (1)

where  \(\oplus\) denotes the exclusive-or (XOR) operation.

 Step 2 Randomly choose a Latin square  LS with size of \(8 \times 8\)  as secret shares embedding key. Then generate n-1  random matrices  \(l s_{1}, l s_{2}, \dots, l s_{n-1}\) with the same size as Latin square LS  , all elements of these matrices are in the range of (0, 7). Finally, derive the last matrix ls_n by XORing Latin square  LS with those random matrices  \(l s_{1}, l s_{2}, \ldots, l s_{n-1}\) .

\(l s_{n}=l s_{1} \oplus l s_{2} \oplus \ldots \oplus l s_{n-1} \oplus L S.\)       (2)

 Step 3 Read public message pm₁  and RS code rs₁  of the cover QR code  .

\(\Gamma\left(c Q R_{i}\right)=\left\{p m_{i}, rs_{i}\right\},\)       (3)

where \(1 \leq i \leq n\)  and r(*) denotes QR code reading function. According to the length of public message of cover QR code, the scope of padding region can be easily deduced. The secret share and the authentication message will be embedded in padding region of cover QR code as shown in Fig. 2. The upper bound of secret payload is determined by the length of padding region.

 Step 4 Convert secret share  s to be octal digital stream  \(\left\{d_{1}, d_{2}, \dots, d_{k}\right\}\). Covert the corresponding message in cover QR code padding region to be octal digital stream \(\left\{p_{1}, p_{2}, \cdots, p_{m}\right\}\) . Sequentially pick up two padding digits as a group \(\left(p_{j}, p_{j+1}\right)\) .  According to Section 2.2, each symbol only occurs once in each row and each column of Latin square, select a group \(\left(r_{j}, c_{j}\right)\)  in row p_j  or column p_j+1  of Latin square matrix LS to learn a value equal to d_j  by mapping the row r_j and the column c_j  at Latin square matrix  LS. Both r_j  and c_j  are in the range of [0, 7]. The searching strategy reduces the bit number need to flip in Step 7. The less data bits are flipped in cover QR code, the less noticeable changes QR code pseudo-share will have. This process can be described as Eq. (4):

\(d_{j}=\mathrm{M}\left(\left(r_{j}, c_{j}\right),\left(p_{j}, p_{j+1}\right)\right),\)       (4)

where \(1 \leq j \leq k\)  and m(*)  is Latin square matrix mapping function based on \(\left(p_{j}, p_{j+1}\right)\)  . So the secret digit d_j  is well disguised as \(\left(r_{j}, c_{j}\right)\)   which is the coordinate of Latin square matrix. For instance, suppose we choose Latin square matrix LS  shown in Table 2  as embedding key, the secret digit d_j  is 4, and it will be embedded in padding region which contain two digits 3 and 5. We group them to be (3, 5) as (p_j,p_j+1) , then select \(\left(r_{j}, c_{j}\right)\)  in row 3 or column 5 of LS  to meet the condition  \(d_{j}=L S\left(r_{j}, c_{j}\right)\). It easy to find out that  , thus we just need to flip one bit in (3, 5) to be (3, 1) in order to embed secret message 4 based on Latin square matrix  .

 Repeat the mapping process until all the octal digital bits  \(\left\{d_{1}, d_{2}, \dots, d_{k}\right\}\) are camouflaged. Finally, we will get the disguised message  \(s_{i}^{\prime}=\left\{\left(r_{1}, c_{1}\right),\left(r_{2}, c_{2}\right), \ldots,\left(r_{k}, c_{k}\right)\right\}\) for secret share  s'_i .

 Step 5 Derive the authentication message   by hashing the cover QR code public message, random matrix ls_i  and the disguised secret share s' .

\(a_{i}=\mathrm{H}_{{ls}_{i}}\left(p m_{i}, ls_{i}, s_{i}^{\prime}\right),\)       (5)

where \(1 \leq i \leq n\)  and H_isi(*)  is the one-way hash function with key  .

 Step 6 Packet the message {ls_i,s'_i,a_i}  to be embedded into a message stream m_i  in order by

\(m_{i}=p m_{i}\left\|l s_{i}\right\| s_{i}^{\prime} \| a_{i}, 1 \leq i \leq n.\)       (6)

 Step 7 Derive the bit locations bits  in the data codewords of cover QR code that need to be flipped to embed  m_i by comparing message stream m_i  with RS code   of cover QR code.

\( {bits}=\mathrm{P}\left(m_{i}, r s_{i}\right),\)        (7)

where \(1 \leq i \leq n\)  and P(*)  denotes the bit comparison function.

 Step 8 According to bit location   and the length of RS code rs_i , we can construct a new RS code whose data codewords all are zero except the locations in bits . We can utilize the XORed characteristic of RS code demonstrated in Section 2.1to embed message {ls_i,s'_i,a_i} in cover QR code padding region by XORing the RS code   rs_iwith this new RS code.

\(r s_{i}^{\prime}=\Lambda\left( {bits}, r s_{i}\right),\)       (8)

where \(1 \leq i \leq n\)  and A(*)  is the RS code construction and updating function. rs'_i  is the result after updating operation, it is still a valid RS code.

 Step 9 According to QR code specification [21], the final RS code rs'_i  will be encoded into a QR code pseudo-share mQR .

\(m Q R_{i}=\mathrm{E}\left(r s^{\prime}\right),\)       (9)

where   denotes the standard QR code encoding procedure.

 Step 10 Repeat Step 3 to Step 9, until all n QR code pseudo-shares \(\left\{m Q R_{1}, m Q R_{2}, \ldots, m Q R_{n}\right\}\)  are generated. Then assign them to each   participants, respectively.

 By exploiting the XORed characteristic of RS code, the embedding results are still a valid RS code. So the proposed secret sharing scheme does not scarify any error correction capacity of the generated QR code pseudo-shares  , which means the generated QR code pseudo-shares   maintains strong robustness. Moreover, the involved participants do not need to hold any additional secret embedding key but just the QR code pseudo-shares

 

3.2 Secret revealing procedure

 Assume that QR codes \(\left\{\overline{m Q R}_{1}, \overline{m Q R}_{2}, \ldots, \overline{m Q R}_{n}\right\}\)  are the secret pseudo-shares provided from   participants.

3.2.1 Cheater identification phase

 Step 1 Extract the RS code \(\overline{r s}_{i}\)  in the QR code pseudo-share \(\overline{m Q R}_{i}\)  by using standard QR code decoding process.

 Step 2 Extract the public message \(\overline{p m_{i}}\) , the random matrix \(\overline{I_{S}}\) , the secret share \(\bar{s}_{i}\)  and the authentication message \(\bar{a}_{i}\)  from RS code  \(\overline{r^{*} S_{i}}\).

 Step 3 Recalculate the authentication message \(\overrightarrow{\boldsymbol{a}_{i}}\) .

\(\bar{a}_{i}^{\prime}=\mathrm{H}_{\overline{ls}_{i}}\left(\overline{p m}_{i}, \overline{ls}_{i}, \bar{s}_{i}\right),\)       (10)

where \(\mathrm{H}_{\mathrm{L}_{\mathrm{s}}}(*)\)  is the one way hash function with key \(\overline{l s}\) .

 Step 4 Verify the legitimacy of the QR code pseudo-shares by comparing  \(\bar{a}_{i}\) with  \(\overrightarrow{\boldsymbol{a}_{i}}\). If both have the same value, it indicates that the QR code pseudo-shares  \(\overline{m Q R}_{i}\) is legal. Otherwise, the QR code pseudo-shares  \(\overline{m Q R}_{i}\) will be considered as fake. It indicates that the i^th  participant is a cheater.

 Step 5 Repeat Step 1 to Step 4 until all the  n participants’ legality is verified. If more than one participant is considered as a cheater, the secret reconstruction process will be terminated immediately. Only when all the n  participants pass the honesty and trustworthiness verification, the secret construction process will be authorized to perform.

 

3.2.2 Secret reconstruction phase

 Step 1 Construct the Latin square \(\overline{L S}\)  with size  \(8 \times 8\) from the random matrices  \(\left\{\overline{l s}_{1}, \overline{l s}_{2}, \ldots, \overline{l s}_{n}\right\}\).

\(\overline{L S}=\overline{l s}_{1} \oplus \overline{l s}_{2} \oplus \ldots \oplus \overline{l s}_{n}.\)       (11)

 Step 2 Sequentially group six bits of the secret disguised message bit stream  \(\overline{b s}_{i}\) as an octal data pair \((\bar{r}, \bar{c})\) . Using Equation 6, extract all the digits of secret share   \(\bar{S}_{i}\) by mapping the row \(\bar{r}\)  and the column \(\overline{\mathcal{C}}\)  in the Latin square \(\overline{L S}\) . Finally, we can derive the secret shares \(\left\{\bar{s}_{1}, \bar{s}_{2}, \dots, \bar{s}_{n}\right\}\)  from the n  QR code pseudo-shares  \(\left\{\overline{m Q R_{1}}, \overline{m Q R}_{2}, \ldots, \overline{m Q R}_{n}\right\}\).

 Step 3 Construct the secret message  \(\bar{S}\) from the secret shares \(\left\{\bar{s}_{1}, \bar{s}_{2}, \dots, \bar{s}_{n}\right\}\) .

\(\bar{S}=\bar{s}_{1} \oplus \bar{s}_{2} \oplus \ldots \oplus \bar{s}_{n}.\)       (12)

 

4 Simulated results and analysis

4.1 An example of the proposed scheme

 To evaluate the practicality of the proposed  \((n, n)\)-threshold QR code secret sharing scheme, a piece of software was developed in Python language and used to encode and decode QR code pseudo-shares. The QR codes with version 5 and error correction level L were selected as cover QR codes. Fig. 3(a)-(c) show three normal QR codes with public message “www.fcu.edu.tw”, “www.google.com”, “www.xmut.edu.cn”, respectively. Latin square as shown in Table 2 was selected to be the secret shares embedding key. 2010110704 is the secret message to be shared, it was divided into three secret shares and embedded in the padding region of the cover QR codes with the help of Latin square. Take the cover QR code \(c Q R_{1}\)  for example, the version 5-L \(c Q R_{1}\)  contains 108 data codewords and 26 error correction codewords according to the QR code specification. The public message “www.fcu.edu.tw” would be encoded into a bit stream of length 124, so the secret share and the authentication message could be embedded in the padding region with size of  \(108 \times 8-124=740\) bits. Fig. 3(d)-(f) list the corresponding QR code pseudo-shares of Fig. 3(a)-(c) after sharing the secrets message “2010110704”. These QR code pseudo-shares would be shared and assigned to 3 involved participants. It is necessary to mention that, the involved participant does not need to hold an additional key beside a QR code pseudo-shares.

Fig. 3. (3, 3)-threshold secret sharing of the proposed scheme for QR code version 5-L

 For QR code consists of the noise-like modules, the QR code pseudo-shares are difficult to draw people’s attentions and identify the abnormal areas. Furthermore, the QR code pseudo-shares are still valid and could be decoded by any QR code standard reader. For example, the public message of QR code pseudo-share \(m Q R_{1}\)   is “www.fcu.edu.tw”, which is the same as the public message of cover QR code \(c Q R_{1}\) . The meaningful QR code pseudo-shares help to further reduce people’ curiosity. If the malicious participant tries to forge a QR code pseudo-share with the same public message in order to steal the secret message, the cheater identification process of the proposed scheme can detect the authenticity of QR code pseudo-share before reconstructing secret message. In this way it effectively prevents secret from leakage. Only when all the QR code pseudo-shares pass the cheater detection process, then the secret reconstruction process will be authored to be performed.

 

4.2 Storage analysis

 The proposed scheme divides secret message s  into n  secret shares, and then embeds them into the padding region of cover QR code with the assistance of Latin square matrix. In order to achieve the functionality of keyless and cheating prevention, the proposed scheme also embeds some additional information such as random matrix and authentication message in the padding region together with secret share. These three kinds of information are packaged into order as shown in Fig. 2. Hence, the secret payload of the proposed scheme is determined by a number of factors: the length of data codewords, the length of cover QR code public message, the length of random matrix and the length of authentication message. Note that random matrix is the size as Latin square matrix. Its size would be  \((8 \times 8 \times 3=192)\) bits. Authentication message is the hash value of front portion of data codewords. Its length depends on hash algorithm chosen. For ease of calculation, we assume that the length of hash digest is 64 bits. In a specific version of a QR code, the length of the data codewords is deterministic. In this case, the secret payload is determined by the length of public message, and it approaches to maximum when the length of cover QR code public message approaches 0. It is easy to infer that the length of the data codewords of the cover QR code should be greater than \((192+64=256)\)  bits. According to the QR code specification, version 2-L is the minimum version available for the proposed scheme. Table 3 lists the secret payloads for QR code with different QR versions and different error correction levels. It is easy to find out that, the secret payload is adjustable, within the range of (16, 23392) bits.

 

Table 3. The secret payload of the proposed scheme

 

4.3 Robustness analysis

 During capturing, the quality of digital QR code image is also affected by light conditions. Lack of sufficient light creates the noises added to QR code image which seriously degrade the quality of QR code image. These noises are considered as a kind of attacks and decrease the success rate of the QR code decoding process. The first four rows of Fig. 4 showed the results of the QR code pseudo-share in Fig. 3(d) after suffering from varying degrees of noising and blurring attacks.

Fig. 4. The results the QR code pseudo-shares in Fig. 3(d) after suffering common attacks

Fig. 5. The results the QR code pseudo-shares in Fig. 3(d)  under the rotation attacks

 QR codes are also usually printed on paper media, such as magazine, billboard, tickets, which frequently defaced. The last two rows of Fig. 4 showed the results, that the QR code pseudo-share in Fig. 3(d) suffers from varying degree of fouling and damage attacks. Fig. 5 shows the experimental results of the proposed method under the rotation attacks. The term “Readable” means that the public message of QR code pseudo-share still can be decoded, vice versa. And the term “decodable” means that secret share in QR code pseudo-share can be successfully extracted, vice versa. From Fig. 4 and Fig. 5 we can see that the shares can still be extracted, although the QR code pseudo-shares suffered serious attacks. The results shown in Fig. 4 and Fig. 5 illustrate that the generated QR code pseudo-shares of the proposed scheme has a strong robustness.

4.4 Security analysis

 Considering the cheating situation, a malicious participant tries to provide a fake QR code pseudo-shares to cheat other involved participants. Noting that the proposed scheme embeds authentication message within the QR code pseudo-shares. The authentication message is the one-way hash function value of public message, random matrix, and the disguised secret share. Any bit changed in the data codewords of QR code pseudo-share results in a new hash value recalculated in cheater identification process, and the recalculated hash value will not equal to authentication message extracted from the QR code pseudo-shares. This makes the fake QR code pseudo-shares unable to pass the cheater identification process.

 Considering the security of secret share, it is disguised as Latin square matrix coordinate information and embedded in the padding region of cover QR code. In order to correctly extract secret information, we need to reconstruct Latin square matrix from random matrices \(\left\{l_{S_{1}}, l s_{2}, \cdots, l_{S_{n}}\right\}\) . As the total number of possible solutions of an  \(8 \times 8\) Latin square are\(108,776,032,459,082,956,800 \approx 1.09 \times 10^{20}\)  , so the possibility of one guess is \(1 / 1.09 \times 10^{20}=9.17 \times 10^{-19}\) . It is nearly impossible for malicious participants to successfully extract the secret share.

 If less than n  participants correctly construct the secret message, the possibility is  \(1 / 2^{\operatorname{len}_{x}}\), which is nearly impossible, here \(l e n_{d c}\)  is the length of data codewords of QR code pseudo-shares. For example, the possibility of hitting the secret message in version 5-L QR code is \(1 / 2^{864}\) . Only, when all the n  participants provide real QR code pseudo-shares, the secret reconstruction process will be allowed to perform, and the secret message can be successfully revealed.

 The above analysis demonstrates that the proposed  (n,n) -threshold secret sharing scheme achieves high security.

 

4.5 Comparisons

 So far, the research of secret sharing based on QR code is still not much. Table 4 lists the overall comparisons between exiting schemes and the proposed scheme.

 For the secret shares embedding mechanism, Chuang et al.’s scheme treats the shares as the QR code public message, Lin’s scheme, Chow et al.’ scheme, He et al.’ scheme and Huang et al.’ scheme embeds the secret in the RS code in the cover QR code by exploiting the QR code error correction capacity. The proposed scheme hides the shares in the padding region of cover QR code based on the XORed characteristic of RS code, it would not reduce the error correction capacity of cover QR code.

 For the functionality of cheating prevention, except the Chuang et al’ scheme, all these schemes implement the cheater prevention mechanism. However, the cheater identification function of Lin’s scheme would fail when one of the participants provide a fake embedding key. The cheating detection function of Huang et al’ (1,n) -threshold secret sharing scheme rely on two adjacent QR code pseudo-shares, and it is available when condition l=n  is satisfied. In the proposed scheme, the cheater identification process on each QR code pseudo-share does not rely on any additional data. The reliability of the cheater identification will be much higher than others schemes.

 

Table 4. The comparison of the proposed scheme with exiting schemes

 The QR code pseudo-share of Chuang et al’ scheme can be easily forged; it has poor security. Lin’s scheme utilized the wet paper code to randomly embed the shares in cover QR code. Both Chow et al. scheme and He et al.’s scheme encrypted shares using symmetric encryption algorithm. Both Huang et al.’s scheme and the proposed scheme camouflage secret share as coordinate information. The possibilities of successfully extracting the secret share in the QR code pseudo-share of these five schemes are negligible, thus, their securities are high.

 In terms of robustness of the generated QR code pseudo-share, Chuang et al.’s scheme generated QR code pseudo-shares by treating secret share as QR code public message. The generated QR code pseudo-shares still maintains the full error correction capacity, the robustness is strong. Lin’s scheme, Chow et al.’s scheme, He et al.’ scheme and Huang et al.’s scheme employ QR code error correction capacity to embed shares. The shares embedding process would reduce the error correction capacity of cover QR code, the robustness of generated QR code pseudo shares would be weakened. However, the proposed scheme exploits the XORed characteristic of the RS code to embed the secret shares into the QR code without scarifying the error correction capacity. As listed in the Fig. 4, the generated QR code pseudo-shares of the proposed scheme can resist common QR code image attacks. The robustness of the proposed scheme is much stronger compared to Lin’s scheme and Huang et al.’s scheme.

 In the aspect of computational complexity, suppose that these schemes generate   QR code pseudo-shares. The main operations of Chuang et al.’ scheme, Chow et al.’s scheme, He et al.’ scheme and Huang et al.’ scheme are the secret shares derivation based on Shamir’s SS, According to [1], their computational complexity is \(O\left(n \log ^{2} n\right)\)  . The proposed scheme and Lin’s scheme directly divided secret message into   pieces, and embedded them in the spatial domain of cover QR code, the corresponding computational complexity is \(O(n)\)  . The low computational complexity of the proposed scheme is highlighted.

 In the aspect of secret payload, the randomly embedding strategy of Lin’s scheme results have too many error codewords in the QR code, the secret payload is dramatically reduced, it is in the range of [2, 1215] bits. The QR code error correction capacity determines the secret payload of Chow et al.’s scheme and He et al.’s scheme, their payloads are in the range of [16, 9620] bits. At the same time, beside the secret share, Huang et al.’s scheme also embedded many side information to implement the cheating preventions function and embedding key reconstruction. This side information occupied storage capacity, and the secret payload of Huang et al.’s scheme is in the range of [20, 9620] bits. Table 5 shows the secret payload of the proposed scheme compared to the exiting schemes with different QR code versions and different error correction levels.

Table 5. The comparison of secret payloads between exiting schemes and the proposed scheme

5. Conclusions

 This paper utilized the XORed characteristic of RS code to propose a keyless  -threshold secret sharing scheme. The secret shares camouflage as the coordinate position information of Latin square matrix and embedding in the padding region of cover QR code. The meaningful generated QR code pseudo-shares help to reduce the people’s attentions. Some experiments were done to evaluate the performance of the proposed scheme. The proposed scheme is highly secure and cheater identifiable. It has a higher secret payload and maintain a stronger robustness than exiting schemes. In the future, we will try to investigate the reversible data hiding technology to further improve the secret payload.