SSDLP: Sharing Secret Data between Leader and Participant

This paper investigates the problem of sharing the secret document containing a secret data between leader and participant(s) depending on specific conditions and rules.Theparticipant(s) can retrieve part of the secret document butwill not be able to retrieve any secret data without the leader. At the same time, the leader may have a little information about the secret document but cannot retrieve the secret data and the secret document without cooperating with participant(s). To evaluate the proposed model and the system efficiency, four tests are suggested, which are concatenation and sharing data test, leader visual test, information entropy analysis, and correlation analysis. Results show that the proposed model is efficient in sharing the data between the leader and participant(s) and the model can achieve our concept of the data sharing between leader and participant(s). However, by analyzing the proposed model using numerical tests and visual tests, the results show that the visual tests will not give attackers useful information about the original data, while the numerical tests show that the entropy attacks are not possible and the correlation between the adjacent pixels will not give useful information. Finally, the results show that the proposed model is strong against different types of attacks.


Introduction
The secret sharing mechanism is a mechanism used in the large network to share the secret key between participants in the network, in which each participant has his own shadow.The purpose of secret sharing is to secure the key between different participants, to allow the authorized participants to retrieve the secret information, and to recover the secret key if some shadows are lost or distorted.Therefore, the key could be retrieved if and only if a specific number of participants collaborated together by using their shadows.In 1979, Shamir [1] and Blakley [2] introduced the prototype of the secret sharing named as (, )-threshold secret sharing system.The problem statement introduced by Shamir in his work is the following.
"Eleven scientists are working on a secret project.They wish to lockup the document in a cabinet so that the cabinet can be opened if and only if six or more of the scientists are present.What is the smallest number of locks needed?What is the smallest number of keys to the locks each scientist must carry?" In this paper, we try to reformulate the problem to a new problem called leader and participant sharing puzzle as follows.
Eleven scientists are working on a secret project containing a secret data.One of them is a team leader and the rest are the team members.They wish to lockup the document in a cabinet so that the cabinet can be opened if and only if at least one leader and five participants are present.At the same time, the team leader or any five members can retrieve part of the secret project but will never retrieve the secret data.
The dealer of this system has two parts of information: the secret document and the secret data in the document.The solution could be described as two-level cabinet, one for participants as a first level and another one for leader as a second level (one inside another one).The participants can access the first cabinet that contains partial document which describes part of the information not the whole information, where the leader cannot access either document or the secret 2 Chinese Journal of Engineering data but it may have a little information about the document.In addition, neither leader nor participant(s) will ever retrieve the secret data in the document alone.The participants need to collaborate with leader to retrieve the whole secret document and the secret data in the document and vice versa.
In this scheme, a dealer can encode and divide secret document into two parts: the participant part and the leade part.The dealer then distributes the  shadows of the participant part to the involved participants.So, any  out of  shadows authorized participants and, with the leader part, the document can be retrieved with the secret data.
The proposed system could be found in many of our social life.Assume that we have a store with two doors: iron door and glass door, one behind the other one.If we assume that the glass door is a leader and the iron door is a participant(s), then the leader and the participant(s) should be existing at the same time to open the two doors and to access the store resources.With only the participant(s) information, the participant(s) can see what is inside the store through the glass door and will not have a permission to access the store without the leader part, where the leader cannot access the whole information about the store and it may access a little information only.
The rest of this paper is organized as follows.Related work is discussed in Section 2. In Section 3, we explain our proposed model.The experiment results and discussion are shown in Section 4. Finally, our conclusions are drawn in Section 5.

Related Work
Many researchers in the data sharing field focused on sharing the secret images between the participants in the network [3][4][5][6].As a second level of their research Naor and Shamir [3] introduced a new (, )-threshold visual secret sharing scheme, in which the image is encrypted into  transparencies called shares and at least  of  shares need to be collaborated together to retrieve or to decrypt the image.Thien and Lin [4] proposed a secret image sharing scheme.In the proposed scheme, a dealer generates  shadows from the secret image for all participants in the network.At least  of  participants can cooperate to recover the lossless secret image.Based on Thien and Lin's scheme, Wang and Shyu [5] introduced a scalable secret image sharing scheme that is depending on the priority of the participants.So, if the participant has his own permission to access the whole information at least  shadows will be given.If the participant has lower permission we can give him  − 1 shadows and at least he needs to cooperate with only one more participant to retrieve the data.The proposed system assumed three sharing modes, which are the multisecret, the priority, and the progressive modes, which allow the dealer to assign different priority shadows to the participants.
Lin and Chan [6] proposed a verifiable secret image sharing scheme to resist dishonest participants and to satisfy the requirements of lossless and camouflage.After running some experiments, the results indicate that the proposed scheme can share a large secret capacity according to the threshold .Yang et al. [7] proposed a fast secret image sharing based on Haar wavelet transform and Shamir's method.The proposed model decreased the computation time for sharing and retrieving that data by reducing the secret image to its quarter size by using discrete Haar wavelet transform.Chang et al. [8] proposed a new lossless sharing method to share the image among different users on the network by adopting the Sudoku puzzle in generating the image shadows.Bhattacharjee et al. [9] proposed a simple secret image sharing scheme based on bitwise operations and by using matrix addition and subtraction processes to share generation and reconstruction processes, respectively.On another side, Anbarasi and Kannan [10] proposed reversible image sharing approach for color image that revealed the secret image without loss and preserved the cover image.After some experiments, the proposed model indicates that the generated shadows are meaningful with better PSNR value compared with the previous methods.
This paper aims to design a new concept in the data sharing by assuming two types of users: leader and participant.The dealer can share the secret document with the secret data between the participant(s) and the leader, in which the participant(s) can retrieve part of the secret document but will not be able to retrieve any secret data without the leader.At the same time, the leader may have a little information about the secret document but cannot retrieve the secret data and the secret document without cooperating with participant(s).
The following subsections are dedicated to explain Shamir's (, )-threshold sharing mechanism [1] and the finite field and the benefits of using the finite field in the hiding and sharing models.

Shamir Data Sharing (𝑡, 𝑘).
To share a secret , a dealer determines a prime  and generates a ( − 1)-degree polynomial () as (1).Choosing any prime numbers will not always guarantee retrieving the () coefficients, so we need to specify a monic irreducible (primitive) polynomial of degree  for calculations in GF (2  ) as shown in [1,11].Consider The coefficients  1 ,  2 , . . .,  −1 are integer numbers within [0,  − 1].The dealer then can derive  shadows by substituting the  numbers in (2).Then the shadows will be distributed to the involved participants.At least  participants should collaborate to retrieve the secret data by using the langrage interpolation polynomial in finite field.On the other hand, if the calculations are not in the finite field, the participants will not always guarantee to retrieve all coefficients of the (), since the calculations in the standard arithmetic could find more than one solution for (), whereas if the calculations are in the finite field only one solution of () could be found [11].
The irreducible polynomial could be found for most degrees.For example, there are eight different irreducible polynomials of degree 8.In Table 1, all the primitive polynomials from 2 up to 8 degree are listed.2.2.Data Hiding.The secret data would be hidden within the sharing data by using the secret data as a coefficients of the (, ) model instead of the random numbers.So, the dealer will create shadows using the secret data and send each shadow to the corresponding participant.Only  participants or more could collaborate to retrieve the hiding data using the langrage interpolation.Moreover, if the calculations are in the simple arithmetic the retrieving will not always grantee to retrieve the secret data since different solutions could be found for (), whereas in the case of finite field using the primitive polynomial will retrieve only one solution for () [11].

Proposed Model
In this section, the proposed sharing model and retrieving model will be discussed, in which the sharing model is divided into three core phases, which are startup phase; to create a leader and the participant, hiding phase to hide the secret data within the participant data, and sharing phase to share the participant data between the participants, where, to retrieve the original data and the secret information, the reverse calculations will be applied.

Proposed Sharing Model.
The proposed sharing model is divided into three phases which are startup, hiding, and sharing phases as shown in the detailed subsections.

Startup Phase.
The original data will be divided into two parts: leader part and participant part, in which the generated parts have smaller size than the original data and could describe part of the original data.The proposed model will divide the original data using the following: Leader = Data mod 16.The participant and the leader parts have the same size of the original image, where each block contains 4 bits only.Therefore, each adjacent block will be concatenated to create one block with 8 bits each as shown in (5).The concatenation will be within the same row or column or diagonal adjacent.Each type of concatenation will create new image characteristics: Participant  = + Type, 2 Participant, Leader  = + Type, 2 Leader, (5) where + means the concatenation between adjacent blocks, type = {row, column, diagonal} adjacent, and 2 is the number of concatenated blocks within the same type.Assume that the size of the original data is equal to  × , so, by using three types: row, column, and diagonal adjacent, the data size will be  × /2, /2 × , and /2 × , respectively.

Data Hiding Phase.
Before sharing the secret data, a linear independence relationship between the leader and the secret data will be created.The simple method to create a linear independence relationship is to use XOR operation between two sides as shown in the following: Creating the linear independence between the participant and leader and between secret data and leader will increase the randomness of the transmitted data, which will add a new protection level on the transmitted data.Moreover, the modified secret data (Sec  ) will use a Shamir model to hide the data as shown in the next phase.

Sharing
Phase.The dealer will share the two parts: leader and participant, to the corresponding users on the network.The leader data will be transmitted to the leader using different media: CD, video tape, USB flash, and so forth, where the participant data will be shared using the Shamir model in (7) by considering the (2, )-threshold model.Consider Participant  () = Participant  + Sec   (mod 285) in the GF (2 8 ) , (7) where all the calculations will be in the finite field 2 with the degree 8 GF (2 8 ).In this model, the primitive polynomial (285) for the 8 bits data is used.Moreover, to retrieve the participant data at least two participants need to be collaborated with each other.
Lemma 1.The dealer can share the original data between the users by using (, ) threshold in a finite field by choosing one of the primitive polynomials [11].
Proof.The dealer can divide the data into two parts using ( 3)-( 6); then the participant part can be shared between the participants using the Shamir model in the finite field by using one of the primitive polynomials in the GF [11].

Retrieving Model.
The original data will be retrieved by using the reverse order of the sharing process.So, the leader and the participant need to be collaborated with each other to retrieve the data and the secret information.First, the participants need to be collaborated with each other to retrieve the participant part by using the langrage interpolation in a finite field.Afterwards, the leader and the participant will be collaborated with each other to retrieve the secret data and the original data using ( 8)-(12).The sharing participant part (Participant  ) and the sharing leader part will be used to solve the linear independence relationship and to retrieve the original leader part (Leader  ) in (8) and to retrieve the secret data in (9).Moreover, to retrieve the original data the splitting method for the leader and the participant parts will be used to retrieve the original image size depending on the type of concatenation in (10) and (11).Finally, the participant and the leader will be combined in (12) to retrieve the original data: All the calculations in ( 8)-(12) will be in the normal arithmetic and only the participants will use the calculations in the finite field to retrieve the participant part.
Lemma 2. The participants can retrieve part of the original data using the langrage interpolation in the finite field [11].
Proof.The data is divided into two parts: participant and leader; since the participant will use (3), only part of the original data will be described.To share the participant part the dealerwill use (7), and the participant will use the langrage interpolation in GF (2 8 ) to retrieve the original coefficients and participant part as shown by authors in [11].

Lemma 3. The participant can retrieve the original data and the secret data if and only if leader and participant are used.
Proof.The linear independence relationship between the leader and the participant and between the leader and the secret data can be solved only if the two parts are used.So, the participant will not be able to retrieve the original data and the secret data without other parts from another side.
Theorem 4. The participant can retrieve the original data and the secret data using the langrage interpolation in the finite field if and only if leader data is used.
Proof.Proofed in the above discussion.

Experimental Results and Analysis
To evaluate the performance of the proposed model different types of images are used.Figure 1 shows grayscale test images with 256 × 256 pixels.

Concatenation and Sharing Data
Test.Due to the page limit, the peppers image is used only in this test.Using the proposed model, the data will be divided into two parts: leader and participant.The leader part will be sent to the desired person using any media such as CD, video tape, and internet, where the participant part will be shared between the participants on the network.Figures 2(a), 2(b), 2(c), 2(d), 2(e), and 2(f) show the participant part and leader part for the peppers image using different concatenation types: row, column, and diagonal, respectively.The resulted participant images will be sent to the participants using (2) (Figure 3), where the primitive polynomial is equal to 285 and the concentration type is the row concentration.The results show that the images are not visually meaningful to the users on the network.

Leader Visual Test.
The visual test is used to validate if the leader part will give any useful information about the original image.In this test, four images are used: peppers, Lena, montage, and cameraman with row concatenation type.To increase a randomization in the image, we can use a random concatenation or a distance concatenation (using the faraway rows) instead of the three mentioned methods.The Figures (Figures 4 and 2(f)) are partially useful for the user but they may give little information about the original images.Overall, the leader image will not be useful to retrieve the original image completely and the secret data.

Information Entropy Analysis.
The entropy could be defined depending on the field of science.In the data transmission and information theory, the entropy is defined as a measure of the loss of information in a transmitted signal, whereas, in the statistical mechanics, it is defined as a measure of the randomness of the microscopic constituents of a  thermodynamic system.In this part, we are interested in the randomness of leader and participant images, where the true random variable should generate 2 8 symbols with equal probability and the entropy value equals 8. To check the randomness of the image the following is used: where (  ) represents the probability of symbol   ; in our tests the average entropy of the leader images (Table 2) for Lena, peppers, and cameraman are close to the optimal value, so the entropy attack is not possible.Where the average entropy for montage image, indicates that the result is not randomized properly compared with the previous tested images.
In Table 3 the participant's entropy is shown, in which the results indicate that the pixels have a lower entropy compared with the original data.

Correlation Analysis.
It is known that some algorithms were broken by using correlations analysis between the adjacent pixels, so the correlation coefficient will be calculated for all possible cases.To find a correlation between the adjacent where  is the total number of randomized pairs and  and  are the two vectors that contain  values and  values of the pair in the tested image, respectively.

Figure 2 :
Figure 2: Peppers image using the proposed model.

Figure 3 :
Figure 3: Two shares for the participant part using (2).

Table 1 :
The possible primitive polynomials for different degrees.

Table 2 :
The information entropy for the leader part.