Reversible data hiding (RDH) is a technique to embed secret data into the cover data in a reversible way, while the secret data can be extracted without any error and the cover data can be reconstructed losslessly [1, 2, 3, 4]
. In the last decade, reversible data hiding has attracted extensive research interest from the information hiding community, due to this technology is quite useful for some special applications in which images are not allowed to be disturbed, such as military, medical, fine art work, law forensics and so on. As of now, many methods have been designed, which can be mainly classified into three categories: lossless compression-based[5, 6], difference expansion-based [7, 8, 9] and histogram shifting-based [10, 11]. These methods are designed to ensure the secret data is not detected and the change of the original image is not perceptible.
With the development of cloud storing and cloud computing, many reversible data hiding schemes in encrypted images (RDHEI) have been published since Puech  proposed the first RDHEI method. The RDHEI technology embeds data into encrypted images rather than plaintext images [13, 14, 15, 16], there are three end users: the content-owner, data-hider and receiver. The content-owner, that is, the original image provider, encrypts the original plaintext image before sending it to the data-hider. The data-hider embeds secret data into encrypted image without knowing the content of the original image or the encryption key. At the receiver side, the original content of the image can be restored and the secret information can be extracted. More precisely, as shown in Fig. 1.
In general, the reported RDHEI techniques can be mainly classified into three categories, 1) vacating room after encryption (VRAE) [13, 17]; 2) vacating room by encryption (VRBE) ; and 3) reserving room before encryption (RRBE) [19, 20, 21]. Since encryption would minimize the redundancy of images, it is difficult for VRAE methods to achieve a satisfactory capacity of embedding in encrypted images. The VRBE methods use some speciﬁc encryption algorithms to encrypt the original image while keeping spatial redundancy in the encrypted image. Different from VRBE and VRAE, RRBE methods have been proposed that reserve room before image encryption, which exploit spatial correlation in plaintext image so as to obtain a larger embedding capacity.
In the previous RDHEI methods, image recovery and secret information extraction should be processed jointly . To separate the processes of image recovery and secret information extraction, separable reversible data hiding schemes in encrypted images have been reported [17, 18, 19, 20, 21]. Zhang  proposed a separable RDHEI scheme to creat a sparse space to accommddate additional data by compressing the least significant bits. In, the secret data were embedded by MSB substitution. Due to the local correlation between a pixel and its neighbors in a plaintext image, the values of adjacent pixels are very close. For this reason, during the decoding process, the secret information must be extracted without error from the MSB plane and the original image must be perfectly restored based on MSB prediction, but the method in  only substitute one-MSB, so the embedding rate is lower than one bit per pixel (bpp). Based on , an improved method proposed in  to embed the secret data into the encrypted image by two-MSB (MSB and second MSB) planes substitution so that the embedding rate can exceed 1 bpp. Chen  adopted the extended run-length coding and block-based MSB plane rearrangement scheme to compress multiple MSB planes of the original image to embed secret data. Yi  proposed a VRBE separable RDHEI method using parametric binary tree labeling scheme to embed secret information into encrypted image by exploiting local correlation within small image blocks.
Based on Yi ’s method , IPBTL-RDHEI is proposed in this paper, which is a novel RRBE separable RDHEI method with high capacity. First, IPBTL-RDHEI reserves embedding space in the plaintext image before encryption by the content-owner. Second, at the data-hider end, the proposed IPBTL-RDHEI method uses parametric binary tree labeling scheme to label encrypted pixels in two different categories for hiding secret information. And then at the receiver end, according to different permissions, one can obtain the original image, secret information or both. Compared with Yi ’s method , the proposed IPBTL-RDHEI method take full advantage of the redundancy of image so that the embedding rate can be increased.
The rest of this paper is organized as follows. Section II introduces parametric binary tree labeling scheme. The proposed IPBTL-RDHEI method is discussed in detail in Section III. Section IV shows the experimental results and analysis. Finally, in Section V, the conclusions are drawn and future works are proposed.
Ii Parametric binary tree labeling scheme
Parametric binary tree labeling scheme (PBTL)  can be used to label image pixels in two different categories, namely G1 and G2, and a full binary tree is used to illustrate the distribution of binary labeling bits, as shown in Fig. 2.
For pixels with 8-bit depth, the full binary tree has 7 layers, and the layer has nodes, where . Given two parameters and , where . For G2, all pixels are labeled by the same bits of ’0…0’, which is the first node of the layer. For G1, all pixels are classified into different sub-categories according to and , where is calculated by:
When , the nodes from right to left in the layer are selected to label different sub-categories in G1. When , the nodes from right to left in the layer are selected to label different sub-categories in G1, that is, when , the selected binary codes that are not derived from the node of ’0…0’. Moreover, pixels in the same sub-category are labeled with the same -bit binary code, and pixels in different sub-categories are labeled with different -bit binary codes. Fig. 3 is an illustrative example of labeling bits selection when = 1 to 3 and = 1 to 7.
As can be seen from Fig. 3, for example, when , , the G2 pixels are labeled by the same 2 bits of ’00’, the nodes from right to left in layer are selected to label different sub-categories in G1, the selected nodes are ’111’, ’110’, ’101’, ’100’, ’011’ and ’010’, which are not derived from the node of ’00’, that is, ’000’ and ’001’ that derived from ’00’ are ignored and the remaining nodes in layer are kept.
Iii Proposed Scheme
The proposed IPBTL-RDHEI method is composed of three main phases: 1) Generation of encrypted image with labels done by the content-owner, 2) Generation of marked encrypted image done by the data-hider, and 3) Data-extraction/image-recovery done by the receiver. In the first phase, the content-owner detects the prediction error of the original plaintext image and encrypts the original plaintext image by an encryption key. Then, PBTL is used to label encrypted image. In the second phase, after using a data-hiding key, the secret information can be hidden by bit replacement. In the third phase, the secret information must be extracted without error from the marked encrypted image with only the data-hiding key, and the original image must be reconstructed losslessly by exploiting the spatial correlation in plaintext image with only the encryption key. When using both of the keys, the original image and the secret information can be restored and extracted losslessly. Fig. 4 shows the framework of the proposed IPBTL-RDHEI method.
Iii-a Generation of Encrypted Image with labels
Generation of encrypted image with labels includes four steps: prediction error, image encryption, pixel grouping and pixel labeling using PBTL. Next, these four steps are described one by one.
Iii-A1 Prediction Error
For an original image, the pixels in the first row and first column are retained as reference pixels. The MED predictor  as shown in Fig. 5 can exploit the left, upper and upper left neighboring pixels to predict an image pixel:
where is the predicted value of . Hence the predicted error is calculated by:
Iii-A2 Image Encryption
After obtaining the predicted error of the 8-bit depth original image , we convert all pixels in the original image into 8-bit binary sequence using
where k is the corresponding bit of the binary sequence, and , is the size of the original image and
is floor operation. A pseudo-random matrixof the same size as the original image is generated by an encryption key, similarly, each pixel value of is converted into 8-bit binary sequence using Eq. (4). Then the encrypted 8-bit binary sequence can be obtained through the bitwise exclusive-or (XOR) operation:
where is the bitwise XOR operation, and denotes the encrypted 8-bit binary sequence. Finally, Eq. (6) is used to calculate the encrypted pixel
In this way, the encrypted image is generated. An example of the prediction and image encryption process is described in Fig. 6. Fig. 6(a) is taken as the original image, where and . The corresponding predicted value of Fig. 6(a) is shown in Fig. 6(b). Fig. 6(c) is the predicted error from the subtraction of Fig. 6(a) and Fig. 6(b). Fig. 6(d) is an encrypted image of Fig. 6(a) by an encryption key .
Iii-A3 pixel grouping
We separate all pixels in into four sets, namely: reference pixel (), special pixel (), embeddable pixel () and non-embeddable pixel (). Here, the pixels on the first row and first column are retained as reference pixels (), which will be kept unmodiﬁed during data embedding phase. contains only one pixel which will be utilized to store the parameters and . Then, for the remaining pixels , according to the corresponding predicted error calculated by Eq. (3), if satisﬁed the condition of Eq. (7), the pixel belongs to ; otherwise, it is in set . Pixels in can be utilized to embed secret data while cannot.
is a positive integer, calculated by the parameters and , and are the ceil and floor operations. Let , and represent the number of pixels in , and , respectively. Thus, = +++1, and = .
Fig. 7 is the pixel grouping of Fig. 6 when and . According to aforementioned, we pick pixels on first row and column as . Without loss of generality, the last pixel is selected as . By the Eq. (1) and Eq. (7). if the predicted error satisﬁed the condition: , the pixel belongs to ; otherwise, it is in set .
Iii-A4 Pixel labeling using PBTL
Since the pixel positions of and are predefined, they must be easy to distinguish. We only need to label the pixels in and using PBTL scheme. Given two parameters and , all pixels in are labeled by the same bits of ’0…0’, and the remaining bits are kept unmodified. For , all pixels are classified into different sub-categories according to the different value of prediction error, pixels in the same sub-category are labeled with the same -bit binary code, and pixels in different sub-categories are labeled with different -bit binary codes. What should be noticed is that because of the spatial correlation of the original image, the prediction error values and labels of the adjacent pixels are likely to be the same, which may reveal the original image content. To avoid this situation, the last few bits of each pixel are adopted instead of the first few bits for labeling, that is, for and , we arrange the 8-bit binary of each pixel in reverse order before pixel labeling using PBTL.
Iii-B Generation of Marked Encrypted Image
The parameters and are first stored in , Since , is sufficient to store them by bit replacement, the original 8 bits of pixel in are stored as auxiliary information. In addition, for all pixels in , the replaced original bits of each pixel need to be recorded as auxiliary information. Thus, the auxiliary information contains two parts: the original 8 bits of pixel in and the replaced original bits of each pixel in . The payload consists of auxiliary information and the secret data.
Each pixel in are labeled with -bit binary code during pixel labeling, then the remaining (8-) bits are reserved to embed payload bits by bit replacement. Therefore, totally bits of the payload can be successfully embedded, including bits of the auxiliary information and bits of the secret data, for data security, the secret data is first encrypted by using the data hiding key before the embedding operation. In this way, the marked encrypted image is generated.
The effective embedding rate under different settings of parameters and can be calculated as follows:
In practice, we further obtain the maximum embedding rate (bpp) as
The example of the pixel labeling and payload embedding when and is described in Fig. 8. Fig. 8(a) is the labeling bits selection of and . ’00’ is adopted to label each pixel in , ’111’, ’110’, ’101’, ’100’, ’011’ and ’010’ are applied to label pixels in when the predicted error equal to 2, 1, 0, -1, -2 and -3, respectively. Fig. 8(b) is the 8-bit binary sequence of Fig. 6(d). Fig. 8(c) is the reverse order of each pixel in and . Fig. 8(d) shows pixel bits after pixel labeling. Fig. 8(e) is the encrypted image with labels and Fig. 8(f) is the marked encrypted image after payload embedding. As can be seen, the pixels in remain unchanged, the first 4 bits of are utilized to store and the last 4 bits of are utilized to store . Each pixel in are labeled with ’00’ and each pixel in are labeled with 3-bit binary code according to different predicted error. ’—–’ represents the bits that have been embedded payload. It is observed that the payload contains the auxiliary information of ’00000001’,’00’,’10’ and ’01’.
Iii-C Data Extraction and Image Recovery
At the receiver end, the secret information must be extracted without error from the marked encrypted image with only the data-hiding key , the original image must be restored losslessly with only the encryption key . According to different permissions, one can obtain the original image, secret information or both.
Iii-C1 Data extraction
After obtaining the marked encrypted image. Firstly, we remain the pixels in unmodiﬁed and extract the parameters and from . Secondly, for the rest pixels, we check the labels of their or bits in the 8-bit binary value in reverse order and classify them into sets and . Next, we extract bits of the payload from the pixel in sequentially and obtain the encrypted secret data. Finally, the plaintext secret data can be obtained by decrypting using the data-hiding key .
Iii-C2 Image recovery
On the other hand, the replaced bits of each pixel in and 8 bits of the pixel in can be restored using the auxiliary information from the extracted payload, the original values of and must be obtained by decrypting using the encryption key . The original value of must be obtained by decrypting directly using the encryption key as the pixels in remain unmodiﬁed. For each pixel in , according to its labeling bits, we obtain the corresponding predicted error, then the original value of each pixel in can be obtained with the corresponding predicted error and the restored pixels in . By now the original content of the image is fully recovered.
Due to the invertibility of each step above, the secret information must be extracted without error using data-hiding key and the original content of the image must be restored losslessly using the encryption key . The process of data extraction and image restoration is independent and separable.
Iv experimental results and analysis
Several experiments are performed to evaluate the performance of the proposed IPBTL-RDHEI method. Five common 8-bit depth images are used, as shown in Fig. 9. Moreover, in order to reduce the influence caused by the random selection of test images, three datasets including UCID , BOSSBase , and BOWS-2 
are also tested, respectively, for an average result. We use two metrics with PSNR (peak signal-to-noise ratio) and SSIM (structural similarity) to evaluate the similarity between images. The embedding rate (ER) is expressed in bpp and is expected to be as large as possible to hide the maximal amount of information.
Iv-a Performance and Security Analysis
We perform the proposed IPBTL-RDHEI method on the test images separately to evaluate the performance, Tables I-III show the maximal embedding rates of test images , , , and when = 2 to 4 and = 1 to 7. From the results, we can observe that when is set to small values, e.g., = 1 or 2, it indicates that the encrypted image with labels cannot or can only embed few secret data, ’/’ int the tables I-III represents the auxiliary information is larger than the reserved room, so no secret data can be embedded. As shown in tables I-III, different images should choose different parameters set to achieve the maximal embedding rate. In addition, the effect of image texture complexity on embedding capacity is significant, a smooth image can obtain a larger maximal embedding rate, this is because smooth images have more pixels belong to . For example, image can reach the maximal embedding rate of 3.0589 bpp when and .
Fig. 10 takes as an example to show different images in different phases generated by the proposed IPBTL-RDHEI method. Fig. 10(a) shows the original image. Fig. 10(b) shows the encrypted image obtained by the encryption key . Encrypted Image with labels is shown in Fig. 10(c). Fig. 10(d) presents the marked encrypted image. Fig. 10(e) gives the recovered image, which is completely the same as the original image in Fig. 10(a). Fig. 10(f) is the difference between Fig. 10(a) and Fig. 10(e), where all pixels are 0. The images shown in Fig. 7(b), (c) and (d) are noise-like images, it is difficult to detect the content of the plaintext image from its encrypted versions, which means they have a high perceptual security level.
Table IV-VI perform the encrypted version images’ PSNR and SSIM with each original image to test the security of our method. As shown in the tables, the PSNR of each encrypted version image is very low and SSIM of each encrypted version image is almost 0, so no information can be obtained from the encrypted version images, which means the proposed IPBTL-RDHEI method securely protects the privacy of the original image and can be applied to the RDH in the encryption domain.
Iv-B Comparisons with Related Methods and Analysis
In this subsection, we compare the maximal embedding rate of the proposed IPBTL-RDHEI method with several state-of-the-art methods, the parameters and in IPBTL-RDHEI are set to 5 and 2. In order to achieve a better performance, we set the length of fixed-length codewords to 3 and block size to in . In  the block size is set to , and are also set to 5 and 2.
Fig. 11 shows the maximal embedding rate of test images, and results are compared with four competitors , ,  and . As can be seen, the proposed IPBTL-RDHEI method achieves higher embedding rate and outperforms the competitors.
Moreover, in order to reduce the influence caused by the random selection of test images, the detailed embedding rates of IPBTL-RDHEI on the three datasets is shown in Table VII. For the best cases, the embedding rates are 2.9759 bpp, 2.9883 bpp and 2.9883 bpp, respectively. Since is set to 5, that is, each pixel in is labeled with 5 bits and the remaining 3 bits can be embeded payload bits by bit replacement, so the best embedding rates approache 3. In UCID dataset, the worst embedding rate is 0, which means that the auxiliary information is larger than the reserved room, so no secret information can be embedded when and . and in table VII indicate each image can be recovered without any error.
Fig. 12 compares the average embedding rate of the three datasets between the proposed IPBTL-RDHEI method and these four state-of-the-art methods. The average embedding rate of the EPE-HCRDH method in  is close to 1 bpp but no more than 1 bpp in the three datasets. The method of two-MSB planes substitution in  has a better performance than . In addition, the average embedding rate of Chen ’s method  is higher, reaching 1.8768 bpp in the UCID dataset, 2.3226 bpp in the BOSSBase dataset and 2.2447 bpp in the BOWS-2 dataset. Both Yi ’s method  and our method are based on PBTL, the results in Fig. 12 show that the proposed IPBTL-RDHEI method signiﬁcantly improves the embedding rate compared with Yi ’s method , there are two reasons for this. First, the proposed IPBTL-RDHEI method reserves room in the plaintext images before encryption, which can take full advantage of the redundancy of images. Second, we take advantage of the spatial correlation in the entire original images not in small image blocks to reserve room for embedding data, which reduces the number of reference pixels , that results in less ancillary information. Through the above analysis, it is verified that the proposed IPBTL-RDHEI method has better performance.
|Datasets||Indicators||Best case||Worst case||Average|
In this paper, we propose an efficient method of reversible data hiding in encrypted images using parametric binary tree labeling, which is an improved method based on Yi ’s works . A higher embedding rate can be achieved and during the decoding phase, the secret information must be extracted without error using data-hiding key and the original content of the image must be restored losslessly using the encryption key. The process of data extraction and image restoration is independent and separable. In addition, we see that the proposed IPBTL-RDHEI method provides a good level of security that can be used to protect the confidentiality of the original image content while providing authenticity or integrity checks.
In the future, we also will try to modify and improve the proposed method, in order to have a much higher embedded capacity. In future research, we will test other error predictors in order to reduce the value of prediction errors, then more pixels can be utilized to embed secret data.
-  Piyu Tsai, YuChen Hu, and Hsiu Lien Yeh. Reversible image hiding scheme using predictive coding and histogram shifting. Signal Processing, 89(6):1129–1143, 2009.
-  Xianyi Chen, Xingming Sun, Huiyu Sun, Zhili Zhou, and Jianjun Zhang. Reversible watermarking method based on asymmetric-histogram shifting of prediction errors. The Journal of Systems and Software, 86(10):2620–2626, 2013.
-  Xinpeng Zhang. Reversible data hiding with optimal value transfer. IEEE Transactions on Multimedia, 15(2):316–325, 2013.
-  Xiaolong Li, Weiming Zhang, Xinlu Gui, and Bin Yang. Efficient reversible data hiding based on multiple histograms modification. IEEE Transactions on Information Forensics and Security, 10(9):2016–2027, 2015.
-  Jessica Fridrich, Miroslav Goljan, and Rui Du. Lossless data embedding: New paradigm in digital watermarking. EURASIP J. Appl. Signal Process, 2002(2):185–196, 2002.
-  Mehmet Utku Celik, Gaurav Sharma, Ahmet Murat Tekalp, and Eli Saber. Lossless generalized-lsb data embedding. IEEE Transactions on Image Processing, 14(2):253–266, 2005.
-  Adnan M Alattar. Reversible watermark using the difference expansion of a generalized integer transform. IEEE Transactions on Image Processing, 13(8):1147–1156, 2004.
-  Diljith M Thodi and Jeffrey J Rodríguez. Expansion embedding techniques for reversible watermarking. IEEE Transactions on Image Processing, 16(3):721–730, 2007.
-  Vasiliy Sachnev, Hyoung Joong Kim, Jeho Nam, Sundaram Suresh, and Yunqing Shi. Reversible watermarking algorithm using sorting and prediction. IEEE Transactions on Circuits and Systems for Video Technology, 19(7):989–999, 2009.
Lixin Luo, Zhenyong Chen, Ming Chen, Xiao Zeng, and Zhang Xiong.
Reversible image watermarking using interpolation technique.IEEE Transactions on Information Forensics and Security, 5(1):187–193, 2010.
-  Xiaolong Li, Weiming Zhang, Xinlu Gui, and Bin Yang. A novel reversible data hiding scheme based on two-dimensional difference-histogram modification. IEEE Transactions on Information Forensics and Security, 8(7):1091–1100, 2013.
-  William Puech, Marc Chaumont, and Olivier Strauss. A reversible data hiding method for encrypted images. In Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, volume 6819, page 68191E. International Society for Optics and Photonics, 2008.
-  Jiantao Zhou, Weiwei Sun, Li Dong, Xianming Liu, Oscar C. Au, and Yuanyang Tang. Secure reversible image data hiding over encrypted domain via key modulation. IEEE Transactions on Circuits and Systems for Video Technology, 26(3):441–452, 2016.
-  Zhenxing Qian, Xinpeng Zhang, and Shuozhong Wang. Reversible data hiding in encrypted jpeg bitstream. IEEE Transactions on Multimedia, 16(5):1486–1491, 2014.
-  Kede Ma, Weiming Zhang, Xianfeng Zhao, Nenghai Yu, and Fenghua Li. Reversible data hiding in encrypted images by reserving room before encryption. IEEE Transactions on Information Forensics and Security, 8(3):553–562, 2013.
Xin Liao, Kaide Li, and Jiaojiao Yin.
Separable data hiding in encrypted image based on compressive sensing and discrete fourier transform.Multimedia Tools and Applications, 76(20):20739–20753, 2017.
-  Xinpeng Zhang. Separable reversible data hiding in encrypted image. IEEE Transactions on Information Forensics and Security, 7(2):826–832, 2012.
-  Shuang Yi and Yicong Zhou. Separable and reversible data hiding in encrypted images using parametric binary tree labeling. IEEE Transactions on Multimedia, 21(1):51–64, 2019.
-  Pauline Puteaux and William Puech. An efficient msb prediction-based method for high-capacity reversible data hiding in encrypted images. IEEE Transactions on Information Forensics and Security, 13(7):1670–1681, 2018.
-  Yi Puyang, Zhaoxia Yin, and Zhenxing Qian. Reversible data hiding in encrypted images with two-msb prediction. In 2018 IEEE International Workshop on Information Forensics and Security (WIFS), pages 1–7. IEEE, 2018.
-  Kaimeng Chen and ChinChen Chang. High-capacity reversible data hiding in encrypted images based on extended run-length coding and block-based msb plane rearrangement. Journal of Visual Communication and Image Representation, 58(2019):334–344, 2019.
-  Gerald Schaefer and Michal Stich. Ucid: An uncompressed color image database. In Storage and Retrieval Methods and Applications for Multimedia 2004, volume 5307, pages 472–481. International Society for Optics and Photonics, 2003.
-  Patrick Bas, Tomáš Filler, and Tomáš Pevnỳ. Break our steganographic system: the ins and outs of organizing boss. In International workshop on information hiding, pages 59–70. Springer, 2011.
-  P. Bas and T. Furon. Image database of bows-2. http://bows2.ec-lille.fr/, 2017.