Measurement 141 (2019) 267–276

Contents lists available at ScienceDirect

Measurement
journal homepage: www.elsevier.com/locate/measurement

A new two-level information protection scheme based on visual

cryptography and QR code with multiple decryptions
Zhengxin Fu, Yuqiao Cheng ⇑, Sijia Liu, Bin Yu
Zhengzhou Information Science and Technology Institute, Zhengzhou, China

a r t i c l e i n f o a b s t r a c t

Article history: Nowadays, Quick Response (QR) code has been used in many fields due to its advantages, such as relia-
Received 15 November 2018 bility, high-speed scanning and large data capacity. However, embedding the privacy information into the
Received in revised form 17 March 2019 QR code lacks adequate security protection. In this paper, a new two-level information protection scheme
Accepted 26 March 2019
is designed based on visual cryptography and QR code. Using any standard QR reader device or software,
Available online 18 April 2019
the public-level information can be read out directly from the shares. Moreover, the privacy-level infor-
mation can be decoded by three different decryptions, which are suitable to non-computation with rel-
Keywords:
ative difference 1/4, lightweight computation with relative difference 1/2 and common computation
Two-level information protection
Visual cryptography
environments with relative difference 1, respectively. Since the proposed scheme keeps the advantages
QR code of visual cryptography and QR code, it differs from the related schemes with low computational complex-
Multiple decryptions ity, robustness against deformations, and high payload. The effectiveness of the proposed scheme has
been proved theoretically. Experimental results and analysis demonstrate that the proposed scheme
can protect two-level information with multiple decryptions, and has many benefits compared with
the previous schemes.
Ó 2019 Elsevier Ltd. All rights reserved.

1. Introduction
Quick Response (QR) code is a kind of matrix two-dimension
(2-D) code devised by Japanese Denso Company in 1994, which
possesses advantages of ultra-high speed recognition, large
information capacity, high reliability etc. The information of QR
code easily can be decoded via the dedicated reader device or the
common smart phone. Currently, QR code has been authorized as
an international standard specification [1] published by ISO, and
has a huge number of real-world applications including: informa-
tion storage, redirection to web sites, product trace and passenger
identification etc. QR code has brought us not only the convenience
but also the problem of privacy.
As we know, the information in QR code can be obtained by
anyone. However, in many fields, the users only want to disclose
a part of their own information, while they hope to protect the
other part in the same QR code. For example, the patient may pre-
fer that the other patients can only get his/her name and age from
the QR code onto his/her bed. Meanwhile, his/her doctor and nurse
are accessible to the state of his/her illness and other privacy infor-
mation. Therefore, the two-level information protection scheme is
⇑ Corresponding author.
E-mail address: yuqiaoc1989@gmail.com (Y. Cheng).
required to solve this problem. Using the error correction capabil-
ity of the QR code, Tkachenko et al. [2] present a two-level QR code,
in which there were two different levels of data. The public level
data could be recognized by common QR code reader device or
software, while the secret level was decodable only if the partici-
pants possessed the right key. However, the QR code’s scale would
be too large when the privacy data increased. Moreover, some
scholars took the QR code as the cover image to hide the privacy
information [3–5], and their schemes also had the problems of
payload.
All of the aforementioned schemes were based on the conven-
tional stenography or encryption techniques, which might bring
high computational overhead on feature extraction or secret
decryption. Visual cryptography scheme (VCS) was proposed by
Naor and Shamir [6], which decoded the secret image without
computational device. In the (k, n)-VCS, the secret image was
encrypted into n shares, which didn’t leak any information about
the secret image. The secret dealer firstly printed n shares onto
transparent films, and then distributed the films to n users. By
stacking any k or more films together, the secret image could be
observed directly by human visual system (HVS). To the contrary,
any information about the secret image cannot be deduced from
a set of shares, whose number was less than k.

https://doi.org/10.1016/j.measurement.2019.03.080
0263-2241/Ó 2019 Elsevier Ltd. All rights reserved.
268 Z. Fu et al. / Measurement 141 (2019) 267–276

Due to the attractive computation feature of decryption, many The rest of this paper is organized as follows. Section 2 intro-
researchers have focused on VCS in literature [6–20], including duces some preliminaries concerning our work. The proposed
the topics of the general access structure, grey and color secret scheme and effectiveness proof are described in Section 3. Section 4
images, multiple secret images, optimization of pixel expansion presents the experiments and analysis in order to illustrate the
and relative difference, XOR operation, cheating prevention, deter- effectiveness and advantages of our scheme. Finally, Section 5 pro-
ministic and probabilistic schemes, etc. Recently, some scholars vides conclusions.
proposed the combinations of VCS and QR code [21–25]. Weir
and Yan [21] presented the scheme using the QR code to authenti- 2. Preliminary studies
cate the shares of VCS. The recovered secret was embedded into
the verification information with the form of QR code. Wang To promote an understanding of the subsequent results, we will
et al. [22] designed a cheating-prevent scheme by embedding the provide some basic terms and the notations concerning in the
QR code into different shares. In order to maintain the visual study in Table 1.
effects of the recovered secret, the best region of a given share
was selected to embed the QR code. However, since the shares
2.1. QR code
were generated randomly in Ref. [21,22], the noise-like shares
might attract suspicions of the potential attackers.
The QR code [1] is a kind of two-dimensional barcode which
Chow et al. [23] presented a (n, n)(n P 3) threshold secret shar-
stores data by the distribution of black and white modules. The
ing scheme by encoding a secret QR code into several QR code
QR symbol version is indicated by version V-E, where V denotes
shares. Each QR code share could be recognized by the common
the version number from 1 to 40 and E denotes the error correction
QR code reader device. The secret QR code could be decoded by
level L, M, Q, H. Symbol specifications are from 21
21 modules
XOR-ing all the n shares and appending the function patterns.
(versions 1) to 177
177 modules (versions 40) with 4 additional
Moreover, the secret information would be recognized from the
modules per side of the previous version. Four kinds of error cor-
recovered secret QR code using QR code reader device. Based on
rection level ratio are: L 7%, M 15%, Q 25%, and H 30%. For instance,
the QR codes, Wan et al. [24] proposed a (k, n) visual secret sharing
level H can tolerate approximately 30% of miscodes or substitution
scheme. They designed two different methods of recovering the
errors in the data and error correction code words. The black mod-
secret image. The secret image could be observed by HVS based
ule and white module represent digits 1 and 0, respectively. The QR
on stacking QR code shares, if no computation device was avail-
symbol consists of two parts, the function patterns and encoding
able. Moreover, the secret image could be recovered with better
region and. Fig. 1 shows the structure of QR code symbol with ver-
visual effects by XOR-ing shares, when the lightweight computa-
sion 7.
tion device was useable. The secret image of Ref. [24] was a com-
As depicted, the basic structure of the QR code consists of the
mon binary image but not a QR code, so the QR reader was not
position detection patterns, alignment patterns, format informa-
necessary. The similarity of Refs. [23] and [24] is that the schemes
tion, version information, and the data and correction code words,
are designed based on the error correction capacities of QR code.
etc. The QR modules are surrounded by a blank, quiet-zone border.
Liu et al. [25] proposed a two-level QR code based on the machine
recognition property of QR code. Several cells were designed with
different contrast in order to distinguish the black pixel from the Table 1
white pixel. The shares and secret were all valid QR codes, and Denotation of Symbols.
could be recognized by QR code reader device. The secret QR code Symbol Denotation
could be decoded by stacking QR code shares directly without any
P a set of n participants
computation. The relative difference of the decoded secret and the CQual all qualified subsets of participants
shares were all 1/4, which should be increased for quicker recogni- CForb all forbidden subsets of participants
tion of QR code reader. PuIi the public information of participant i
PrIj the privacy information of participant j
In this paper, a new two-level information protection scheme is
Bi public-level QR code
proposed by combining VCS and QR code. The n-1 user shares and Vj privacy-level QR code
one manager share are all valid QR code, and the public informa- Ti share of participant i
tion of n shares can be recognized by QR code reader as usual. + OR operation
Three recovery methods are provided for the privacy QR code of  XOR operation
a relative difference
n-1 users. When no computational device is usable, the privacy
m pixel expansion
QR code of the i-th user can be revealed by stacking the i-th user’s Filter() threshold filter function
share and manager directly. When the lightweight computation
device is available, the privacy QR code can be recovered with bet-
ter relative difference based on OR and XOR operation. When smart
phone or PC is available, the privacy QR code can be recovered per-
fectly by filtering the stacked shares. The ability of extracting the
public information from the QR code shares can decrease the sus-
picions of potential attackers. Only the manager can further decode
the privacy information from the users’ QR code via the QR code
reader device. The proposed method can satisfy the essentials of
two-level information protection and different computational con-
ditions of decryption. Compared with the previous schemes, the
proposed scheme has higher relative difference of public and pri-
vacy QR codes, higher payloads without utilizing error correction
capacities of QR code, and more flexible recovery strategies for
three scenarios. Experimental results and comparisons demon-
strate the effectiveness and advantages of our scheme. Fig. 1. Structure of QR code symbol with version 7.
 Z. Fu et al. / Measurement 141 (2019) 267–276
Fig. 2. (2, 2)-VCS: (a) Lena; (b) Share 1; (c) Share 2; (d) The recovery image using stacking two shares.
The function patterns are used to adjust the geometry deformation
and obtain accurate machine identification. Another significant
advantage of QR code is the effective error correction mechanism,
even if parts of the QR code are damaged or dirty. Generally, the
larger QR version and higher error correction level can offer satis-
fied data payload and reliability. To design an efficient and feasible
application for the QR code, the proposed scheme exploits the
adjustable capacity and error correction feature to achieve read-
ability and secret sharing on QR modules directly.
2.2. Visual cryptography
Let P={1, 2, . . ., n} denote a set of n participants. CQual is denoted
as the set of all qualified subsets, in which the participants can
decrypt the secret image successfully. CForb is denoted as the set
of all forbidden subsets, in which the participants cannot decrypt
the secret image even if the infinite computation power is avail-
able. (CQual, CForb), that is all qualified and forbidden subsets of par-
ticipants, denotes an access structure on P. It is obvious that
CQual \ CForb = Øand CQual [ CForb = 2P, where 2P is the set of all
the possible subsets of P. Let X = {x1, x2, . . ., xi} 2 2P, where
1  x1 < x2< . . .< xi  n. Let M [X] denote the submatrix of the x1,
x2, . . ., xi rows of matrix M, and W(V) denote the Hamming weight
of the vector V.
One pixel of the secret image is encrypted into n
m subpixels,
which are distributed to n shares with m subpixels per share. m is
called pixel expansion, which means the enlarged scale of the
secret pixel. For any qualified set of participants, it is guaranteed
that the secret pixel can be recovered by stacking (OR-ing) shares.
Specifically, if the secret pixel is black, the Hamming weight of the
stacked m subpixels is at least h; whereas if the secret pixel is
white, the Hamming weight of the stacked m subpixels is at most
l, satisfying l < h. For any forbidden set of participants, the color of
secret pixel cannot be deduced from the stacked m subpixels, guar-
anteeing the security of the scheme. The formal definition of VCS is
as follow.
Definition 1. Let (CQual, CForb) be an general access structure about
a set of n users. C0 and C1 are two collections of n
m boolean
matrices, constituting a visual cryptography scheme (CQual, CForb,
m)-VCS, if there exist the integers l and h (l < h), satisfying the
following conditions:
269
1) Any qualified set Q = {i1, i2, . . ., iq} 2 CQual can decrypt the
secret image by stacking their transparent films. For any
matrix M1 2 C1, the vector V1 denotes the stacking result of
all rows of M1 [Q]. For any matrix M0 2 C0, the vector V0
denotes the stacking result of all rows of M0 [Q]. V1 and V0
satisfy that W (V1)  h and W(V0)  l.
2) Any forbidden set F = {i1, i2, . . ., if} 2 CForb has no information
about the secret image. Formally, two collections of f
m
matrices D1 and D0 are denoted as D1 = {M [F] | M 2 C1}
and D0 = {M [F]|M 2 C0}, and then D1 = D0.
The relative difference has many definitions such as (h  l)/m/
(h + l), (h  l)/(h + l), (h  l)/m. The classical representation is a =
(h–l)/m which is used in this paper.
Example 1. (2, 2)-VCS


 


10 01 10 01
C0 ¼ ; ; C1 ¼ ;
10 01 01 10
For this scheme, m = 2, h = 2, l = 1 and a = 0.5. Taking a binary
Lena image as an example, the two shares and recovery image
are shown in Fig. 2.
3. The proposed scheme
This section presents the basic idea, secret sharing and recover-
ing algorithms, and effectiveness proof of our scheme. The motiva-
tion of our scheme is to solve the access authority problem of the
public and privacy information of a group. The public information
is accessible for anyone in the group, while the privacy information
can only be caught by the specified manager or trusted third party.
3.1. Basic idea
Let P = {1, 2, . . ., n} denotes the set of participants, where 1, 2,
. . ., n-1 are common users and n is the manager. PuIi (1 6 i 6 n)
denotes the public information of participant i, and PrIj
(1 6 j 6 n  1) denote the privacy information of participant j.
Firstly, the public information is encoded into QR code as Bi, and
privacy information is encoded into QR code as Vj. Then, the secret
sharing algorithm takes the public and privacy QR codes as inputs,
and outputs n shares which can show n public QR codes respec-
270 Z. Fu et al. / Measurement 141 (2019) 267–276

tively. At last, the privacy QR codes can be decrypted through the
secret recovering algorithm. The secret sharing procedure is shown
in Fig. 3. The recovery procedure of public information is shown in
Fig. 4(a), and the recovery procedure of privacy information is
shown in Fig. 4(b).
shown in Fig. 5, in which 2 subpixels in the first row are used to
store the public QR codes and 2 subpixels in the second row are
used to store the privacy QR codes.
(1) Secret sharing algorithm

3.2. Secret sharing and recovering algorithms
Suppose the public QR codes Bi and privacy QR codes Vj have the
same size a
b. n pixels of all public QR codes and n-1 pixels of all
privacy QR codes at the same coordinate are encrypted into 4(n
+ 1) subpixels of n shares and one mask. In order words, one orig-
inal pixel is expanded into 4 subpixels, which consist of one basis
unit in the shares. The 4 subpixels are arranged as a 2
2 matrix
In this section, the design of secret sharing algorithm is present
in detail.
Input: public QR codes B1 ; B2 ;    ; Bn , privacy QR codes
V 1 ; V 2 ;    ; V n1 , the sizes of QR codes are a
b
Output: Shares T 1 ; T 2 ;    ; T n ; T mask
Step 1. Let i = 1, where i means the row of QR code.
Step 2. Let j = 1, where j means the column of QR code.

Privacy PrI1 PrI2 PrIn-1

Information

QR encoding

Privacy QR Code
Public V1 V2 Vn-1
Information Public QR Code Shares

PuI1 B1 T1

B2 T2
PuI2 QR Secret sharing
encoding algorithm

PuIn Bn
Tn

Fig. 3. The sharing procedure of public and privacy information.

Share Ti Share Tn

Secret
recovering
algorithm

Share Ti

a b

Public Privacy
Information Information

Fig. 4. (a) the recovery of public information; (b) the recovery of privacy information.
 Z. Fu et al. / Measurement 141 (2019) 267–276 271

2) Transparent films and copy machines are available

2i-1, 2j-1 2i-1, 2j Public QR codes
Rf = RA2(Tf, Tn, Tmask) = (Tf  Tmask) + (Tn + Tmask), where ’+’
denotes OR operator and ’’ denotes XOR operator. Since
2i, 2j-1 2i, 2j Privacy QR codes A  B ¼ A þ B þ A þ B, the common copy machines can realize
XOR operation by combining the OR and reverse operators. Using
transparent films and copy machines, the privacy QR code Vf can
Fig. 5. The constitution of a subpixel unit.
be recovered with distortions. The relative difference between Vf
and Rf is 0.5, which will be proved in Theorem 5 of Section 3.3.

3) Computation devices are available, such as personal com-

    puters or smart phones
Step 3. T f ð2i  1; 2j  1Þ; T f ð2i  1; 2jÞ ¼ Bf ði; jÞ; Bf ði; jÞ , where
1 6 f 6 n.
Rf = RA3(Tf, Tn, Tmask) = Filter(Tf + Tn + Tmask), where ’+’ denotes OR
Step 4. Equal ðT n ð2i; 2j  1Þ; T n ð2i; 2jÞÞ to (0, 1) or (1, 0) ran-
operator and Filter() denotes the threshold filter function. For
domly, with the same probability 1/2.
( Tf + Tn + Tmask, the operation unit of Filter() is a matrix X with the
  ðT n ð2i; 2j  1Þ; T n ð2i; 2jÞÞ; V f ði; jÞ ¼ 0
Step 5. T f ð2i; 2j  1Þ; T f ð2i; 2jÞ ¼    , size of 2
2. If the Humming Weight of X is 4, then Filter(X) = 1;
T n ð2i; 2j  1Þ; T n ð2i; 2jÞ ; V f ði; jÞ ¼ 1
otherwise, Filter(X) = 0. Therefore, the size of Filter(Tf + Tn + Tmask)
1 6 f 6 n  1. is 1/4 of the size of Tf + Tn + Tmask. Using computation devices, the
Step 6. ðT mask ð2i  1; 2j  1Þ; T mask ð2i  1; 2jÞÞ ¼ ð1; 1Þ, privacy QR code V f can be recovered perfectly, which will be
ðT mask ð2i; 2j  1Þ; T mask ð2i; 2jÞÞ ¼ ð0; 0Þ. proved in Theorem 6 of Section 3.3.
Step 7. Generate a random permutation matrix Mpermu, which is
used to permute the 4 subpixels in n + 1 shares in the same 3.3. Effectiveness proof
order.
Step 8. Let j = j + 1, if j 6 b then turn to Step 3; otherwise turn to The effectiveness of our scheme includes three aspects: the
Step 7. security of forbidden subsets, the contrast of public QR code in
Step 9. Let i = i + 1, if i 6 a then turn to Step 2; otherwise the shares, and the contrast of recovered privacy QR code. The random
algorithm ends. permutation in Step 7 of sharing algorithm is used to disrupt the
sort of 4 subpixels in one block, which can prevent attackers from
In the above sharing algorithm, the manager n owns two shares guessing the position of privacy QR code’s pixels. However, the
T n and T mask , where T n shows the public QR code and T mask is only random permutation has no influence on the Hamming Weight
used in the secret recovering algorithm. of subpixel block. In order words, the contrast property of the pro-
Example 2. Secret sharing algorithm with n = 2 and a = b = 1. posed scheme is equal to the scheme without random permuta-
Suppose B1(1,1) = 1 and B2(1,1) = 0, we have T1(1,1) = T1(1,2) = 1 tion. Therefore, we mainly concern the effectiveness of the
and T2(1,1) = T2(1,2) = 0 according to Step3. Suppose V1(1,1) = 1 scheme without random permutation. The detailed proofs are
and (T2(2,1), T2(2,2)) = (0, 1), we have (T1(2,1), T1(2,2)) = (1, 0) described in Appendix.
according to Step4. Therefore, we have




1 1 0 0 1 1
T1 ¼ ; T2 ¼ ; T mask ¼ : Suppose Mpermu = 4. Experiments and analysis
1 0 0 1 0 0
(2,4,3,1) and according to Step 7, we have final shares



 To evaluate the applicability of the proposed scheme, the open
1 0 0 1 1 0
T1 ¼ ; T2 ¼ ; T mask ¼ : source library ZXing is used to generate and decode the QR code.
1 1 0 0 0 1
The version 3-M (version 3, error correction level M) is selected
for the QR code, and the size of the generated QR code by ZXing
(2) Secret recovering algorithm is 296
296 pixels.

Considering the diversity of users’ computational conditions, 4.1. Experimental results

three algorithms RA1, RA2 and RA3 are designed to decode the pri-
vacy QR codes. In order to decode the privacy QR code
V f ð1 6 f 6 n  1Þ, the three algorithms all need Tf, Tn and Tmask as
the inputs parameters. The detailed computational conditions
and procedures of three algorithms are as follows.
1) Only transparent films are available
Rf = RA1(Tf, Tn, Tmask) = Tf + Tn + Tmask, where ’+’ denotes OR oper-
ator. In some special scenes, the participants only have transparent
films without any computation device. Hence, the shares Tf, Tn and
Tmask are printed onto the transparent film firstly. Then the privacy
QR code V f ð1 6 f 6 n  1Þ can be observed by stacking the films of
Tf, Tn and Tmask directly. Actually, the operator of stacking films is ’+’
and brings the distortions between the original QR code Tf and the
recovery QR code Rf. Although the privacy QR code is distorted, the
privacy information will be recognized under the error-correcting
mechanism of QR code. The relative difference between Vf and Rf
is 0.25, which will be proved in Theorem 4 of Section 3.3.
Taking the hospital as the scene, there is one doctor taking care
of four patients simultaneously. Every patient has public informa-
tion (such as name, age, sex) and privacy information (such as ill-
ness, severity), and he/she expects that only the appointed doctor
can get the privacy information. Fig. 6 shows the public and pri-
vacy information and the corresponding QR codes, where PuI1 -
 PuI4 are the public information of four patients, PuI5 is the
public information of the doctor, B1  B5 are the public QR codes
of PuI1  PuI5, PrI1  PrI4 are the privacy information of four
patients, and V1  V4 are the privacy QR codes of PrI1  PrI4.
Using the secret sharing algorithm, the shares are generated
and shown in Fig. 7. Shares T1–T4 are distributed to four patients
respectively, and shares T5 and Tmask are given to the doctor.
Although the shares T1–T5 look like distorted QR codes, the public
information can easily be extracted from T1–T5 since the relative
difference of public QR code is 1/2.
Using three secret recovering algorithms, the results are gener-
ated and shown in Fig. 8. (a)–(d) are results of RA1(Ti, T5, Tmask)
272 Z. Fu et al. / Measurement 141 (2019) 267–276

“Patient 1 “Patient 2 “Patient 3

Alice Bob Charles
Age: 20 Age: 25 Age: 30
Female” Male” Male”
PuI1 B1 PuI2 B2 PuI3 B3

“Patient 4 “Doctor “Patient 1

Doris Frank Alice
Age: 35 Age: 50 Cardiopathy
Female” Male” Mild”
PuI4 B4 PuI5 B5 PrI1 V1

“Patient 2 “Patient 3 “Patient 4

Bob Charles Doris
Inluenza Toothache Infertility
Moderate” Serious” Mild”
PrI2 V2 PrI3 V3 PrI4 V4

Fig. 6. Public and privacy information and corresponding QR codes.

Fig. 7. The shares of our scheme.

(1 6 i 6 4), (e)–(h) are results of RA2(Ti, T5, Tmask) (1 6 i 6 4), and
(i)-(l) are results of RA3(Ti, T5, Tmask) (1 6 i 6 4). Since the relative
differences of RA2 and RA3 are 1/2 and 1 respectively, the privacy
information of patients can be extracted immediately from the
recovered privacy QR code (e)–(h) and (i)–(l) using QR code reader.
On the other hand, since the relative difference of RA1 is 1/4 which
is equal to literature [25], the scanning distance and angle of (a)–
(d) should be tried and adjusted in order to extract the privacy
information.
Fig. 9 illustrates the readability of the share and recovery QR
codes, when the QR codes suffered from common deformations,
such as rotation, squeezing, twist, and region cutting. The deforma-
tions are mounted further to the QR codes to estimate the perfor-
mance of our scheme with the use of mobile devices and various
degrees of scan. The public information PuI1 can be decoded from
(a), (e), (i) and (m) using QR code reader device. Meanwhile, the
privacy information PrI1 can be extracted from (b)-(d), (f)–(h),
(j)–(l) and (n)–(p). Therefore, the designed scheme is practicable
and has sufficient ability to resist deformations. Note that the dif-
ferent QR code decoders and environments, such as lights, moni-
tors, scales, and mobile devices, would influence the decoded
results of the original QR codes and our special QR codes.
4.2. Comparison and discussion
The comparisons of this paper and other related schemes are
described in Table 2.
(1) Meaningful of shares
The shares are generated randomly in [21,22], and the noise-
like shares might attract suspicions of the potential attackers.
 Z. Fu et al. / Measurement 141 (2019) 267–276 273

Fig. 8. Results of three recovering algorithms: (a)-(d) are results of RA1; (e)–(h) are results of RA2; (i)–(l) are results of RA3.

The proposed scheme and [2,23–25] have meaningful shares, (5) Readability of recovered privacy QR code
which are or like QR codes. Furthermore, the public information
can be recognized from the QR codes in the meaningful shares, The recovery results of [21,22,24] are common binary images
which can reduce suspicions of potential attackers. not QR codes, which cannot be recognized by QR code reader.
RA1 of this paper and [25] have small relative difference 1/4, which
(2) Utilizing the error correction capability leads to adjusting the distance and angle during scanning of recov-
ered QR codes. Although the relative difference of RA2 is 1/2, the
The schemes in [23] and [24] have utilized the error correction scanning speed of RA2 is as quick as RA3, [2] and [23].
capability of QR code, which will reduce the QR codes’ robustness
against geometric attacks and loss of integrity. On the contrary, the (6) Privacy information payload
proposed scheme and [2,21,22,25] are more robust (as shown in
Since the schemes of [21] and [22] are aiming to authenticate
Fig. 9) than [23] and [24].
the shares of VCS, they don’t have privacy information payload.
The schemes in [23,24] use the error correction modules to hide
(3) Recovery computation
secret, while the proposed scheme and [2,25] use all error correc-
tion and data modules. Therefore, the privacy information payload
RA1 of the proposed scheme and [21,22,24,25] utilize OR as the
of our scheme is higher than the ones of [23,24]. The privacy infor-
recovery computation, which means stacking the printed shares.
mation payloads of the proposed scheme and previous ones are
RA2 of the proposed scheme and [24] use XOR as the recovery com-
shown in Table 3.
putation, which can be realized by lightweight device such as prin-
Functional comparisons of our scheme and previous works have
ter and copy machine. RA3 of the proposed scheme and [2,23] need
been discussed above. And the major advantages of our scheme are
computer or smartphone to realize the recovery computation.
listed as follows.
(4) Computational complexity
(1) Two-level information protection
Suppose the size of the public and privacy QR code is N mod-
The shares of proposed scheme are valid QR codes, in which the
ules. During the procedure of recovering the secret, there are 4N
public information of users can be recognized. The privacy infor-
’OR’ operations for RA1, 8N ’OR’ and 4N ’XOR’ operations for RA2,
mation of users can be extracted from the recovered QR codes by
and 4N ’OR’ and N ’Filtering’ (4 ’+’ and 1 ’comparison’) operations
stacking, XOR-ing, or filtering shares. The two-level information
for RA3. Therefore, the computational complexities of our three
protection scheme can be used in many fields, which have different
recovering algorithms are all O(N), which are equal to [21–25]
levels of information need to be managed in the meantime.
and better than [2].
274 Z. Fu et al. / Measurement 141 (2019) 267–276

Fig. 9. Deformations of share and recovery QR codes: (a)–(d) are the rotations of T1, RA1, RA2, RA3 with 45°; (e)–(h) are the squeezings of T1, RA1, RA2, RA3 in horizontal; (i)–(l)
are the twists of T1, RA1, RA2, RA3; (m)–(p) are the region cuttings of T1, RA1, RA2, RA3.

Table 2
Functional comparisons of our scheme and the previous ones.

Meaningful Utilizing the error Recovery computation Computational complexity Readability of recovered Privacy information
of shares correction capability privacy QR code payload
[2] Yes No secret extracting O(NlogN) Easy High
[21] No No OR O(N) No –
[22] No No OR O(N) No –
[23] Yes Yes XOR and Adding pattern O(N) Easy Low
[24] Yes Yes OR or XOR O(N) No Low
[25] Yes No OR O(N) Hard High
Our scheme Yes No RA1: OR O(N) Hard High
RA2: OR and XOR O(N) Easy
RA3: OR and Filtering O(N) Easy
 Z. Fu et al. / Measurement 141 (2019) 267–276 275

Table 3
Number of privacy bits of our scheme and related works.

Version 2 Version 10 Version 15 Version 40

L M Q H L M Q H L M Q H L M Q H
[2] 810 810 810 810 1960 1960 1960 1960 3683 3683 3683 3683 20,012 20,012 20,012 20,012
[23] 32 64 88 112 288 520 768 896 528 960 1440 1728 3000 5488 8160 9720
[24] 32 64 88 112 288 520 768 896 528 960 1440 1728 3000 5488 8160 9720
[25] 359 359 359 359 2768 2768 2768 2768 5243 5243 5243 5243 29,648 29,648 29,648 29,648
our scheme 359 359 359 359 2768 2768 2768 2768 5243 5243 5243 5243 29,648 29,648 29,648 29,648

(2) Multiple recovering methods with low computational Appendix

complexity
Let M f ði; jÞ denote the (i, j)-th subpixels block in share Tf, that is
The proposed scheme provides three recovering algorithms to

T f ð2i  1;2j  1Þ T f ð2i  1; 2jÞ
adapt different computational conditions. RA1 is designed for M f ði;jÞ ¼ ð1 6 i 6 a;1 6 j 6 bÞ
non-computing scene, RA2 is suitable to the lightweight computing T f ð2i;2j  1Þ T f ð2i;2jÞ
scene, and RA3 is fit for common computing device such as PC or Let W f ði; jÞ denote the Hamming Weight of M f ði; jÞ, that is
smartphone. Moreover, the three recovering algorithms all have
low computational complexity, which are easy to be realized in W f ði; jÞ ¼ T f ð2i  1; 2j  1Þ þ T f ð2i  1; 2jÞ þ T f ð2i; 2j  1Þ
the real-world applications. þ T f ð2i; 2jÞ

(3) High privacy payload rate with strong error correction

capability
Theorem 1. Any information of public information Bg cannot be
Unlike [23,24], the proposed scheme preserves the error correc- deduced from share Tf, where 1 6 f –g 6 n.
tion capacity of the QR code, which leads to the better robustness
against geometric attacks and loss of integrity. Since the all mod-
Proof. According to the secret sharing algorithm,
ules of QR codes are used, more privacy information can be pro-
Bg ði; jÞ ¼ T g ð2i  1; 2j  1Þ ¼ T g ð2i  1; 2jÞ, where 1 6 g 6 n. Mean-
tected in our scheme.
while, Bg(i, j) has no relationship with other shares’ subpixels.
Therefore, any information of Bg cannot be inferred from share
T f ð1 6 f –g 6 nÞ. h
5. Conclusion

In this paper, a novel two-level information protect scheme is
designed based on QR code and VCS, which may be used wildly
in real-world applications. During the secret sharing algorithm,
the public and privacy information are simultaneously encoded
into subpixel blocks. The public-level information can be directly
extracted from shares using any standard QR reader device or soft-
ware. On the other hand, the privacy-level information can be
recovered by three decryptions, which are suitable to non-
computation, lightweight computation, and common computation,
respectively. Compared with other related works, the proposed
scheme has low computational complexity, robustness against
deformations, and high payload. Our scheme can be utilized in
many scenarios, where the information needs to be managed with
different levels. For example, the patient information includes
‘name’ (public) and ‘illness’ (privacy), the express information
includes ‘address’ (public) and ‘phone number’ (privacy), docu-
ment information includes ‘title’ (public) and ‘owner’ (privacy),
and etc. Also, the designed algorithm can be utilized to encoding
other 2-D barcodes, such as the Data Matrix and PDF417. In the
future, we plan to investigate some characteristics of machine
recognition for the higher secret payload and smaller image scale.
Theorem 2. Any information of privacy information V f cannot be
deduced from share T f , where 1 6 f 6 n  1.
Proof. According to the secret sharing algorithm, T f ð2i; 2j  1Þ and
T f ð2i; 2jÞ are decided by V f ði; jÞ, T n ð2i; 2j  1Þ and T n ð2i; 2jÞ. The
other subpixels have no relationship with V f ði; jÞ.
Since ðT n ð2i; 2j  1Þ; T n ð2i; 2jÞÞ are randomly equal to (1, 0) or (0,
1), V f ði; jÞ cannot be inferred by T f ð2i; 2j  1Þ and T f ð2i; 2jÞ only. For
the whole image, any information of V f cannot be deduced from
share T f (1 6 f 6 n  1). h
Theorem 3. The public information Bf (1 6 f 6 n) is shown in share
Tf, and the relative difference of Tf is aB ¼ 1=2.
Proof. According to the Step 3 and Step 4 in secret sharing algo-
rithm, T f ð2i  1; 2j  1Þ þ T f ð2i  1; 2jÞ ¼ 2Bf ði; jÞ. According to the
Step 5 and Step 6, T n ð2i; 2j  1Þ þ T n ð2i; 2jÞ ¼ 1. Hence,
W f ði; jÞ ¼ T f ð2i  1; 2j  1Þ þ T f ð2i  1; 2jÞ þ T f ð2i; 2j  1Þ
þ T f ð2i; 2jÞ ¼ 1 þ 2Bf ði; jÞ

If Bf ði; jÞ ¼ 1, W f ði; jÞ ¼ 3. Otherwise Bf ði; jÞ ¼ 0, W f ði; jÞ ¼ 1.

Acknowledgments
The authors thank the anonymous reviewers for their valuable
comments. This work was supported in part by the National Natu-
ral Science Foundation of China under Grant No. 61602513 and the
Outstanding Youth Foundation of Zhengzhou Information Science
and Technology Institute under Grant No. 2016611303.
Therefore, T f ði; jÞ can show the QR code of public information
Bf ði; jÞ. The relative difference aB ¼ ð3  1Þ=4 ¼ 1=2. h
Theorem 4. The privacy QR code Vf (1 6 f 6 n  1) can be shown in
RA1 ðT f ; T n ; T mask Þ ¼ T f þ T n þ T mask , and the relative difference of
RA1 ðT f ; T n ; T mask Þ aV1 ¼ 1=4.
276 Z. Fu et al. / Measurement 141 (2019) 267–276
Proof. Let T f þnþmask denote the stacking result of T n , T f and T mask .
According to the Step 6 in secret sharing algorithm
T mask ð2i  1; 2j  1Þ ¼ T mask ð2i  1; 2jÞ ¼ 1, we have
T f þnþmask ð2i  1; 2j  1Þ ¼ T f þnþmask ð2i  1; 2jÞ ¼ 1.
From the Step 4, Step 5 and Step

1 V f ði; jÞ ¼ 0
T f þnþmask ð2i; 2j  1Þ þ T f þnþmask ð2i; 2jÞ ¼ .
2 V f ði; jÞ ¼ 1
That is T f þnþmask ð2i; 2j  1Þ þ T f þnþmask ð2i; 2jÞ ¼ 1 þ V f ði; jÞ.
Therefore, W f þnþmask ði; jÞ ¼ T f þnþmask ð2i  1; 2j  1Þ þ T f þnþmask ð2i  1; 2jÞþ
T f þnþmask ð2i; 2j  1Þ þ T f þnþmask ð2i; 2jÞ
¼ 1 þ 1 þ 1 þ V f ði; jÞ ¼ 3 þ V f ði; jÞ
If V f ði; jÞ ¼ 1,W f þnþmask ði; jÞ ¼ 4; otherwise V f ði; jÞ ¼ 0,
W f þnþmask ði; jÞ ¼ 3. T f þnþmask ði; jÞ can show the privacy QR code of
V f ði; jÞ. Therefore, the privacy QR code Vf (1 6 f 6 n  1) is shown
in Rf ¼ RA1 ðT f ; T n ; T mask Þ¼ T f þ T n þ T mask . And the relative differ-
ence aV 1 ¼ ð4  3Þ=4 ¼ 1=4. h
Theorem 5. The privacy QR code Vf can be shown in
RA2 ðT f ; T n ; T mask Þ ¼ ðT f þ T mask Þ  ðT n þ T mask Þ, and the relative dif-
ference aV2 ¼ 1=2.
Proof. Let T f þmask and T nþmask denote the stacking result of
T f þ T mask and T n þ T mask , respectively. According to the Step 6,
ðT mask ð2i  1; 2j  1Þ; T mask ð2i  1; 2jÞÞ ¼ ð1; 1Þ,
ðT mask ð2i; 2j  1Þ; T mask ð2i; 2jÞÞ ¼ ð0; 0Þ. Hence,
 
T f þmask ð2i  1; 2j  1Þ; T f þmask ð2i  1; 2jÞ ¼ ð1; 1Þ;
    (2015) 1557–1561, https://doi.org/10.1109/TCSVT.2015.2389372.
T f þmask ð2i; 2j  1Þ; T f þmask ð2i; 2jÞ ¼ T f ð2i; 2j  1Þ; T f ð2i; 2jÞ :
ðT nþmask ð2i  1; 2j  1Þ; T nþmask ð2i  1; 2jÞÞ ¼ ð1; 1Þ;
ðT nþmask ð2i; 2j  1Þ; T nþmask ð2i; 2jÞÞ ¼ ðT n ð2i; 2j  1Þ; T n ð2i; 2jÞÞ:
Next, T f þmask ð2i  1; 2j  1Þ  T nþmask ð2i  1; 2j  1Þ ¼ 1  1 ¼ 0,
T f þmask ð2i  1; 2jÞ  T nþmask ð2i  1; 2jÞ ¼ 1  1 ¼ 0.
According to Step 5, T f þmask ð2i; 2j  1Þ  T nþmask ð2i; 2j  1Þ ¼
 measurement.2016.10.042.
0 V f ði; jÞ ¼ 0
T f ð2i; 2j  1Þ  T n ð2i; 2j  1Þ ¼ and T f þmask ð2i; 2jÞ
1 V f ði; jÞ ¼ 1
 schemes via linear algebra, Des. Codes and Cryptogr. 85 (2017) 15–37.
0 V f ði; jÞ ¼ 0
T nþmask ð2i; 2jÞ ¼ T f ð2i; 2jÞ  T n ð2i; 2jÞ ¼ .
1 V f ði; jÞ ¼ 1
So, W ðf þmaskÞðnþmaskÞ ði; jÞ ¼ T ðf þmaskÞðnþmaskÞ ð2i  1; 2j  1Þþ
T ðf þmaskÞðnþmaskÞ ð2i  1; 2jÞ þ T ðf þmaskÞðnþmaskÞ ð2i; 2j  1Þ þ T ðf þmaskÞðnþmaskÞ
ð2i; 2jÞ ¼¼ 0 þ 0 þ V f ði; jÞ þ V f ði; jÞ ¼ 2V f ði; jÞ.
If V f ði; jÞ ¼ 1,W ðf þmaskÞðnþmaskÞ ði; jÞ ¼ 2; otherwise V f ði; jÞ ¼ 0,
W ðf þmaskÞðnþmaskÞ ði; jÞ ¼ 0. Hence, the (i,j)-th pixel of privacy
QR code V f can be decided by M ðf þmaskÞðnþmaskÞ ði; jÞ. Therefore, the
privacy QR code Vf can be shown in
RA2 ðT f ; T n ; T mask Þ ¼ ðT f þ T mask Þ  ðT n þ T mask Þ. And the relative dif-
ference aV2 ¼ ð2  0Þ=4 ¼ 1=2. h
Theorem 6. The privacy QR code Vf can be recovered perfectly in
RA3 ðT f ; T n ; T mask Þ ¼ FilterðT f þ T n þ T mask Þ, and the relative difference
aV 3 ¼ 1.
Proof. For one pixel V f ði; jÞ of the privacy QR code V f , the
corresponding matrix M f ði; jÞ consists of 4 pixels in
T f þ T n þ T mask . In the proof of Theorem 4, the Humming Weight
of M f ði; jÞ has been proved as W f þnþmask ði; jÞ ¼ 3 þ V f ði; jÞ. Accord-
ing to the definition of the threshold filter function Filter(), if the
Humming Weight of matrix X is 4, then Filter(X) = 1; otherwise,
 
Filter(X) = 0. So, Filter M f ði; jÞ ¼ V f ði; jÞ. For the whole image of
T f þ T n þ T mask , FilterðT f þ T n þ T mask Þ ¼ V f , which means the pri-
vacy QR code Vf can be recovered perfectly using
RA3 ðT f ; T n ; T mask Þ ¼ FilterðT f þ T n þ T mask Þ. h
6,
References
[1] ISO, IEC 18004, Information technology automatic identification and data
capture techniques-, Bar Code Symbol.-QR Code (2000).
[2] I. Tkachenko, W. Puech, C. Destruel, O. Strauss, J.M. Gaudin, C. Guichard, Two-
level QR code for private message sharing and document authentication, IEEE
Trans. Inf. Forensics Secur. 11 (2016) 571–583, https://doi.org/10.1109/
TIFS.2015.2506546.
[3] J. Wang, L. Song, X. Liang, Y. Liu, P. Liu, Secure and noise-free nonlinear optical
cryptosystem based on phase-truncated Fresnel diffraction and QR code, Opt.
Quant. Electron. 48 (2016) 523, https://doi.org/10.1007/s11 082-016-0796-3.
[4] C. Patvardhan, P. Kumar, C.V. Lakshmi, Effective color image watermarking
scheme using YCbCr color space and QR code, Multimedia Tools Appl. (2017),
https://doi.org/10.1007/s11042-017-4909-1.
[5] P.Y. Lin, Distributed secret sharing approach with cheater prevention based on
QR Code, IEEE Trans. Ind. Inf. 12 (2016) 384–392, https://doi.org/10.1109/
TII.2015.2514097.
[6] M. Naor, A. Shamir. Visual cryptography. EUROCRYPT 1994: Advances in
Cryptology — EUROCRYPT’94 (1995)950, 1–12. doi: 10.1007/BFb0053419
[7] G. Ateniese, C. Blundo, A.D. Santis, D.R. Stinson, Visual cryptography for general
access structures, Inf. Comput. 129 (1996) 86–106, https://doi.org/10.1006/
inco.1996.0076.
[8] S. Arumugam, R. Lakshmanan, A.K. Nagar, On (k, n)*-visual cryptography
scheme, Des. Codes Crypt. 71 (2014) 153–162, https://doi.org/10.1007/
s10623-012-9722-2.
[9] J. Cui, Y. Liu, Y. Xu, H. Zhao, H. Zha, Tracking generic human motion via fusion
of low- and high-dimensional approaches, IEEE Trans. Syst. Man Cybernet. Part
B43 (2013) 996–1002, https://doi.org/10.1109/TSMCA.2012.2223670.
[10] S.J. Shyu, M.C. Chen, Minimizing pixel expansion in visual cryptographic
scheme for general access structures, IEEE Trans. Circ. Syst. Video Technol. 25
[11] H. Luo, H. Chen, Y. Shang, Z. Zhao, Y. Zhang, Color transfer in visual
cryptography, Measurement 51 (2014) 81–90, https://doi.org/10.1016/j.
measurement.2014.01.033.
[12] P. Tuyls, H.D. Hollmann, J.H. Lint, L. Tolhuizen, XOR-based visual cryptography
schemes, Des. Codes Crypt. 37 (2005) 169–186, https://doi.org/10.1007/
s10623-004-3816-4.
[13] Z.X. Fu, B. Yu, Optimal pixel expansion of deterministic visual cryptography
scheme, Multimedia Tools Appl. 73 (2014) 1177–1193.
[14] C.N. Yang, T.C. Tung, F.H. Wu, Z. Zhou, Color transfer visual cryptography with
perfect security, Measurement 95 (2017) 480–493, https://doi.org/10.1016/j.
[15] G. Shen, F. Liu, Z.X. Fu, Y. Bin, Perfect contrast XOR-based visual cryptography
[16] Z. Fu, Y. Cheng, B. Yu, Perfect recovery of XOR-based visual cryptography
scheme, Multimedia Tools Appl. (2018), https://doi.org/10.1007/s11042-018-
6364-z.
[17] P.V. Chavan, M. Atique, Threshold-Based Hierarchical Visual Cryptography
Using Minimum Distance Association. 2018, doi: 10.1007/978-981-10-3773-
3_50.
[18] C. Kim, C.C. Chang, C.N. Yang, X. Zhang, J. Baek, Special issue: real-time data
hiding and visual cryptography, J. Real-Time Image Proc. 14 (1) (2018) 1–4,
https://doi.org/10.1007/s11554-018-0749-0.
[19] P. Kanakkath, S. Madathil, R. Krishnan, Deterministic extended visual
cryptographic schemes for general access structures with OR-AND and XOR-
AND operations, Multimedia Tools Appl. (2018), https://doi.org/10.1007/
s11042-018-6158-3.
[20] Y. Liu, C.C. Chang, A turtle shell-based visual secret sharing scheme with
reversibility and authentication, Multimedia Tools Appl. (2018), https://doi.
org/10.1007/s11042-018-5785-z.
[21] J. Weir, W.Q. Yan. Authenticating Visual Cryptography Shares Using
2DBarcodes. IWDW 2011: Digital Forensics and Watermarking, 2011, 7128,
196–210. doi: 10.1007/978-3-642-32205-1_17
[22] G. Wang, F. Liu, W.Q. Yan, 2D barcodes for visual cryptography, Multimedia
Tools Appl.. 75 (2016) 1–19.
[23] Y.W. Chow, W. Susilo, G. Yang, J.G. Phillips, I. Pranata, A.M. Barmawi, in:
Exploiting the Error Correction Mechanism in QR Codes for Secret Sharing,
Springer International Publishing, 2016, pp. 409–425, https://doi.org/10.1007/
978-3-319-40253-6_25.
[24] S. Wan, Y. Lu, X. Yan, Y. Wang, C. Chang, Visual secret sharing scheme for (k, n)
threshold based on QR code with multiple decryptions, J. Real-Time Image
Proc. (2017), https://doi.org/10.1007/s11554-017-0678-3.
[25] Y. Liu, Z.X. Fu, Y.W. Wang, Two-level information management scheme based
on visual cryptography and QR code, Appl. Res. Comput. 33 (2016) 3460–3463,
https://doi.org/10.3969/j.issn.1001-3695.2016.11.057.