Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
125
√
m−i 1/ 2, if 2i j − 1 ≤ k < 2i j + 2i − 1 where Uλ and U(λ) denote uniform random ensembles of λ-
where vj,k = bit and (λ)-bit sequences, respectively. In addition, it can
0, otherwise
and ⎧ √ be shown that the output of a PRG is unpredictable, i.e., for
⎨ 1/ √ 2, if 2i j − 1 ≤ k < 2i j + 2i−1 − 1 every probabilistic poly-time predicting algorithm A, for every
m−i
wj,k = −1/ 2, if 2i j + 2i−1 − 1 ≤ k < 2i j + 2i − 1 . positive polynomial p(·), and every sufficiently large integer
⎩ λ,
0, otherwise
The signal vector x can be reconstructed as
Pr[A(G(Uλ )) = nextA (G(Uλ ))] < 0.5 + 1/p(λ),
c0j vj0 + dm−i
j wjm−i .
where nextA (·) is a special function for definitional purpose:
j=1,...,2n−m i=1,...,m j=1,...,2n−i
when the Turing machine A processes the first k bits, of the
input tape, nextA (·) outputs the (k +1)-th bit of the input tape;
Digital signature scheme and its unforgeability: when A reads in all λ bits, nextA (·) outputs a uniform random
bit [9, Chap.3.3.5].
A digital signature scheme consists of three algorithms:
KeyGen(1λ ): The key generation algorithm inputs the security III. C ONSTRUCTION & S ECURITY A NALYSIS
parameter 1λ and outputs a key pair (P K,SK).
The proposed provable watermark-based copyright protec-
Sign(SK, m): The signing algorithm inputs the secret key tion scheme consists of three algorithms: (WSetup, WEmbed,
SK, the message m, and outputs the corresponding signature WVerify) based on one-way functions from the integer fac-
σ. toring problem. WSetup(1λ ) is a probabilistic algorithm that
inputs a security parameter 1λ and outputs a public parameter
Verify(P K, m, σ): The verification algorithm inputs the P K and an embedding key EK. WEmbed(P K, EK, I) is the
public key P K, the message m, the signature σ, and outputs watermark embedding algorithm that uses P K and EK to
1 if the signature is valid; 0 otherwise. generate a unique watermark, embeds it into the cover image
The security of a signature scheme is captured by the I, and outputs the watermarked image Iw together with the
existential unforgeability (EUF) under the adaptive chosen extraction key XKI = (I, σI ), where σI is the digital signature
message attack (CMA) [8]. In the following game, a challenger produced by the embedding key EK. WVerify(P K, XKI , Ia )
C interacts with an adversary A and the message space is is the watermark verification algorithm that uses the public key
denoted as M. P K and the extraction key XKI to determine if an arbitrary
image Ia contains the watermark corresponding to I.
Setup phase: C runs KeyGen(1λ ) to obtain a pair of keys
These three algorithms are described in detail as follows:
(P K,SK) and sends P K to A.
- WSetup(1λ ): This algorithm first runs KeyGen(1λ )
Query phase: A queries adaptively the signing oracle qs times to generate the parameters for an RSA signature
of arbitrary message m(j) ∈ M. C simulates the signing oracle scheme: It chooses randomly two λ/2-bit primes
and returns the corresponding signature σ (j) to A. p1 , q1 , calculates the modulus N1 = p1 · q1 , cal-
culates the Euler totient function φ(N1 ) = (p1 −
Output phase: A outputs a message-signature pair (m∗ ,σ ∗ ). 1)(q1 − 1), chooses the verification exponent e co-
If m∗ ∈ {m(j) }j=1,...,qs and Verify(P K, m∗ ,σ ∗ )=1, then A prime to φ(N1 ), and calculates the signing exponent
wins the game with the advantage d ≡ e−1 (modφ(N1 )). The public verification key
AdvA EUF-CMA λ
(1 ) = Pr [Verify (P K, m∗ , σ ∗ ) = 1 is (N1 , e) and the private signing key is d. The
setup algorithm then chooses parameters for a BBS
and m∗ ∈ / {m(j) }j=1,...,qs . [1] pseudo random generator (PRG): It chooses a
Blum integer N2 = p2 · q2 with random primes
p2 , q2 of λ/2 each and satisfying p2 ≡ q2 ≡ 3
A signature scheme (KeyGen, Sign, Verify) is EUF- (mod 4). The Rabin function fN2 : QRN2 → QRN2
CMA secure if the advantage Adv EUF -CMA (1λ ) of an arbitrary
A is defined as fN2 (x) = x2 (mod N2 ), where QRN2
probabilistic polynomial time adversary A in the above game is the set of quadratic residues in Z∗N2 . The BBS
is negligible. PRG GfN2 : {0, 1}λ → {0, 1}kλ is defined as
GfN2 (s) = LSB(fN2 (s)) LSB(fN2 2 (s)) . . .
Pseudo-random generator and its unpredictability:
LSB(fN2 kλ−1 (s)), where s is the λ-bit seed for the
A cryptographic pseudo-random generator (PRG) G(s) is PRG and fN2 2 (s) denotes the composition of fN2 , i.e.
a poly-time deterministic algorithm, which inputs a uniformly fN2 (fN2 (s)). Finally, it chooses a collision-resistant
distributed λ-bit seed s, outputs an (λ)-bit sequence that is hash function H(·).
computationally indistinguishable from a uniformly distributed The public parameter P K consists of N1 , e, N2 , and
(λ)-bit random sequence, where λ is the security parameter H(·). The embedding key EK is d.
and the polynomial (λ) > λ. Formally, for every poly- - WEmbed(P K, EK, I): This algorithm first computes
time probabilistic binary-output distinguishing algorithm D, the digital signature σI = H(I)d (modN1 ) of the
for every positive polynomial p(·), and every sufficiently large cover image I. Then, it generates kλ-bit pseudo
integer λ, random sequence wI [1, kλ] = Gf (σI ), of which the
| Pr[D(G(Uλ )) = 1] − Pr[D(U(λ) ) = 1] | < 1/p(λ), first λ bits wI [1, λ] are used later as the watermark
126
and the remaining bits wI [λ + 1, kλ] are used as unauthorized reproduction, public usage, and redistribution of
the embedding keys, wI [λ + 1, kλ] are partitioned Iw . In the following, (P KO , EKO ) and (P KP , EKP ) denote
as λ groups, each specifying one out of = 2k−1 the public and private key pairs of O and P respectively. The
pixels for embedding a single bit of the water- proposed procedure to resolve the ownership dispute on Id in
mark. Next, it obtains the one-level discrete Haar the court is as follows:
wavelet transform of the cover image I as DW T (I)
= (LL, LH, HL, HH) and embeds the watermark 1) The plaintiff O sends the image I with his verifiable
wI [1, λ] into LL as follows: For i = 1 to λ, it uses signature σI (O) to the court-designated trusted third
(O)
the (k − 1)-bit subsequence wI [λ + i] wI [2λ + i] . . . party T . T first verifies σI with O’s public key
(O) (O)
wI [(k−1)λ+i] to specify one out of possible pixels. PK by checking if Verify(P K (O) , I, σI ) = 1.
Then, it replaces the d-th bit of that pixel with the i- T presents the verification results in the court.
th watermark bit wI [i]. If I is a 256-level grey-scale 2) T checks if WVerify(P KO , I, σI (O) , Id ) = 1 to
image or a 256-level luminance color image, putting see if the disputed image Id contains the watermark
the watermark at the d-bit is equivalent to a noise which only O can make exclusively with image I
of amplitude {2d−1 , 0, −2d−1 }, where 1 ≤ d ≤ 8. and secret key EKO . T then checks if the objective
The parameter d is a tradeoff to be determined from measure P SN R(I, Id ) is greater than 30. The case
our experiments such that the watermark is on one is dismissed if any one of these two conditions fails.
hand embedded in perceptually significant part of the 3) The defendant P may enter a plea of not guilty by
cover image and can survive under common image presenting another image I with its signature σI (P)
processing operations or geometric transformations; (P)
to T such that Verify(P K (P) , I , σI ) = 1 and
on the other hand is still perceptually invisible. Be- (P) (P)
WVerify(P K , I , σI , Id ) = 1. If any one of
cause the watermark is hidden with a one out of the above two tests fails, P would be declared guilty.
strategy, in order to remove every watermark bit (O)
in a brute-force way, an adversary would need to 4) T makes sure that WVerify(P K (O) , I, σI , I ) =
(P) (P)
clear/set all other − 1 genuine pixels at the d-th 1 and WVerify(P K , I , σI , I) = 0 to see if
bit and would cause significant quality degradation the image I contains the watermark which only
of the stego image. Finally, the embedding algorithm O can make exclusively with image I and secret
obtains the inverse one-level discrete Haar wavelet key EKO and the image I does not contain the
transform IDW T (LL , LH, HL, HH) to get the watermark of P. If this is the case, P would be
spatial domain stego image Iw . Iw is the ultimate declared guilty. Otherwise, the case is dismissed. The
product that can be publicly used. The original cover following theorem guarantees that the probability of
image I and the signature σI are kept secret as the the event that first check being 0 and the second check
extraction key XKI for resolving future copyright being 1 is computationally negligible.
disputes.
- WVerify(P K, I, σI , Ia ): This algorithm generates If the proposed watermark embedding algorithm is suffi-
the pseudo random sequence wI [1, kλ] = Gf (σI ). ciently robust such that the embedded watermark is hard to
Next, it runs DW T (Ia ) to decompose Ia as the tuple remove cleanly, we prove the following theorem:
(LL, LH, HL, HH), and extracts the bits wIa [1, λ] (O)
from LL according to original hiding locations spec- Theorem: If WVerify(P KO , I, σI , I ) = 1, the probability
ified by wI [λ + 1, kλ]. Then the algorithm com- that I is not derived from Iw is computationally negligible.
pares wI [1, λ] with wIa [1, λ] bit by bit, and cal- The proof of this theorem follows the unpredictability of
culates the normalized Hamming distance as 1 − the pseudo random sequence. Basically we assume that the
λ
probability I not derived from Iw is non-negligible and try
1
λ (wI [i] wIa [i]), which is also the common
to construct a probabilistic polynomial time adversary that can
i=1
normalized cross correlation N C(wI [1, λ], wIa [1, λ]) predict the bits of the pseudo random sequence. The details
when each bit is represented by values {1, −1}. This will be presented in the full version of this paper.
is the indicator of the ratio of bits which are identi- In the above ownership infringement scenario, if an ad-
cal in both sequences. If N C(wI [1, λ], wIa [1, λ]) ≥ versary P wants to use O’s image without authorization, he
0.5+2/, the algorithm outputs 1; otherwise it outputs might try every possible operation to remove the watermark
0. embedded in Iw to obtain a clean image I . He then embeds his
own watermark to I and obtains Id . If he removes successfully
Ownership resolution protocol: the watermarks in Iw , i.e. I is free of O’s watermark, Id in
step 2 would not contain the watermark of O. However, if P
Consider the following scenario of an ownership dispute: does not remove completely O’s watermark in Iw , T should
An owner O creates an original image I and holds I secretly. find that O’s watermark still in I . By this result, the judge
O calculates the watermarked image Iw = WEmbed(P K (O) , should declare P guilty since I and Id must be reproduced
EK (O) , I) and uses Iw in the public. If the owner O finds a from some image that contains O’s watermark, namely Iw .
disputed image Id , which is both subjectively and objectively Put it in another way, even if the non-removability of the
close to the original image I, in the merchandise of a plagiarist watermark cannot be proved, we force the plagiarist into a
P. Because O has never authorized anyone to use the image very risky situation that he has to try removing the watermark
Iw , he files an ownership infringement lawsuit against P on the blindly without any verification measure. Because the unpre-
127
dictability of the watermark bit sequence, we establish a strong JPEG encoding quality factors from 80% down to 40%. Note
removal barrier that the remaining correct watermark bits must that the N C values stay far above 60%.
be less than 0.5 + 2/ to avoid the detection by algorithm
WVerify. If P cannot cleanly remove the watermark in Iw ,
he would face the guilty verdict for sure. Although it is not
the focus of this paper to improve the non-removability of the
watermark, it has been the goal for almost all previous papers
on digital watermarking. We suggest that a combination of
spread spectrum watermarking technique [4] with our scheme
by modulating each watermark bit to image pixels with again
signature-seeded cryptographical pseudo random sequence as
the PN-sequence would further improve the non-removability.
IV. E XPERIMENTAL R ESULTS Fig. 2. Image quality and correct percentage of the residual watermark versus
JPEG encoding quality factors
The common test image, 256-level 512×512 greyscale
”Lenna”, is used to evaluate the proposed scheme. The pri- Figure 3 shows the quality of the watermarked image and
mary goals of these experiments are to decide the watermark correct percentage of the residual watermark versus scaling
intensity parameter d in the last section and to demonstrate factors from 150% down to 25%. We should focus on those
the robustness of the watermarking scheme against common results with P SN R above 30.
signal processing operations and geometrical transformations.
Figure 1 shows the P SN R image quality of the published
image under the ”brute-force watermark removal attack” over
the choices of the watermark strength parameter d, where
the ”brute-force watermark removal attack” means that an
attacker transforms the stego image to the transform domain
and clear the corresponding bit of every pixel in LL according
to the public parameter d of the embedding algorithm; then
transforms back to spatial domain to get an image without the
owner’s watermark.
The goal is to embed the watermark into perceptually Fig. 3. Image quality and correct percentage of the residual watermark versus
significant part of the cover image while keeping it invisible. scaling factors
Therefore, d = 6 is used for the following experiments in
demonstrating the robustness of the embedded watermark. Figure 4 shows the quality of the watermarked image and
correct percentage of the residual watermark versus rotation
angles from 0.1 degrees to 0.5 degrees.
128
bit sequence to make the false negative watermark detection
rate computationally negligible. Supporting experiments are
presented for the choice of scheme parameter and demonstrat-
ing the robustness of the scheme to unintentional watermark
removal attacks. Most important is that we set up a theorem
that proves affirmatively that as long as a small percentage of
watermark survives from the adversarial watermark removal
attack, it is a sufficient legal evidence that proves the infringe-
ment of copyright.
R EFERENCES
Fig. 5. Image quality and correct percentage of the residual watermark versus [1] L. Blum, M. Blum, and M. Shub, “A Simple Unpredictable Pseudo-
shifting offsets Random Number Generator,” SIAM Journal on Computing 15 (2): 364
- 383, 1986.
[2] M. Blum and S. Micali, “How to Generate Cryptographically Strong
Sequences of Pseudo-random Bits,” SIAM Journal on Computing 13
(4): 850-864, 1984, (extended abstract in FOCS 1982).
[3] D. Boneh and J. Shaw, “Collusion-Secure Fingerprinting for Digital
Data,” Advances in Cryptology - Crypto’95, LNCS 963, Springer-Verlag,
452 - 465, 1995.
[4] I. J. Cox, J. Kilian, T. Leighton, and T. Shamoon, “Secure Spread Spec-
trum Watermarking for Multimedia,” IEEE Trans. on Image Processing,
6, 12, 1673 - 1687, 1997.
[5] I. Cox, M. Miller, J. Bloom, J. Fridrich, and T. Kalker, Digital Wa-
termarking and Steganography, 2nd Ed., Morgan Kaufmann Publishers
Inc., 2008.
Fig. 6. Image quality and correct percentage of the residual watermark versus
intensity of noise [6] J. Fridrich, “Robust Bit Extraction from Images,” Proc. IEEE Intern.
Conf. Multimedia Computing and Systems (ICMCS’99), 1999.
[7] C. Fei, D. Kundur, and R. H. Kwong, “Analysis and Design of Secure
Watermark-Based Authentication Systems,” IEEE Trans. on Information
frequencies of low pass filtering performed using DCT in the Forensics and Security 1(1), 2006.
frequency domain. [8] S. Goldwasser, S. Micali, and R. Rivest, “A Digital Signature Scheme
Secure against Adaptive Chosen-Message Attacks,” SIAM J. Computing,
Vol. 17, No. 2, pp.281–308, 1988.
[9] O. Goldreich, Foundations of Cryptography: Volume 1, Basic Tools,
Cambridge University Press, 2000.
[10] C.-Y. Lin and S.-F. Chang, “Generating Robust Digital Signature for
Image/Video Authentication,” Multimedia and Security Workshop at
ACM Multimedia’98, 1998.
[11] B. Pfitzmann and M. Schunter, “Asymmetric Fingerprinting,” Advances
in Cryptology - Eurocrypt’96, LNCS 1070, Springer-Verlag, 84 - 95,
1996.
[12] K. SriSwathi and S. G. Krishna, “Secure Digital Signature Scheme for
Image Authentication over Wireless Channels,” Int. J. Comp. Tech Aool.
2 (5): 1472 - 1479, 2011.
Fig. 7. Image quality and correct percentage of the residual watermark versus [13] L. F. Turner, “Digital Data Security System,” Patent IPN WO 89/08915,
cutoff frequencies of low pass filtering 1989.
[14] X.-G. Xia, C. G. Boncelet, and G. R. Arce, “Wavelet Transform Based
Through the above experiments, we can observe that as Watermark for Digital Images,” Comm. ACM 57(3): 86 - 95, 2014.
long as the P SN R of the image is larger than 30, the amount [15] E. Zielinska, W. Mazurczyk, and K. Szczypiorski, “Trends in Steganog-
of watermark bit sequence is far above the threshold we raphy,” Comm. ACM 57(3): 86 - 95, 2014.
suggested such that the false negative probability is essentially
negligible.
V. C ONCLUSION
In this paper, a provable, cryptographic watermarking
scheme that operates in the ‘exhibition’ model to provide
‘proof of ownership’ mechanism is proposed such that when
a piece of exhibited digital content is duplicated, modified, or
reproduced without proper authorization, the copyright owner
can provide sufficient direct evidences in proving his/her own-
ership when a lawsuit is filed for the perceived infringement of
intellectual property ownership. We build our scheme based on
previous successful signal processing techniques but focus on
how to employ unpredictable signature-seeded pseudo random
129