Cryptography Reference
In-Depth Information
white pixel of the original image, choose at random either or , assign
it to the ciphertext layer (#1), and assign the complementary empty pixel
to the secret key layer (#2). For each black pixel, pick at random either
or , assign it to the ciphertext layer, and assign the complementary
information pixel to the secret key layer. Overlaying the two layers will
display layer #3, with empty pixels displaying as gray, and information
pixels as black. Intuitively, one can see that even if the two layers are
constructed together from the plaintext, taken separately they reveal no
information whatsoever to an attacker.
Beyond its reliance on the visual system for decryption, the scheme has
interesting advantages: once printed out, the ciphertext can be faxed,
photocopied, scanned, and in general can survive multiple translations
between the digital and the physical domain. Visual cryptography has been
generalized to include grayscale, halftone, and color images, and research-
ers have explored its potential applications to watermarking, secure print-
ing, and voting.
52
Naor and Pinkas have extended the original concept to the problem of
authentication and identification. Remarkably, the resulting protocols do
not depend on any number-theoretic computational assumptions but
rather on assumptions regarding the visual capabilities of human partici-
pants. Indeed, one of the authors' stated goals is to develop a framework
that provides for rigorous security proofs of “protocols in which humans
take an active part.” Such analysis presents new challenges:
It is hard to rigorously analyze processes which involve humans since there is no
easy mathematical model of human behavior. In order to prove the security of such
protocols the human part in the protocol should be explicitly defined. Then it is
possible to isolate the capabilities required from the human participant (e.g., the
ability to verify that a certain image is totally black). The security of the protocol
must be reduced to the assumption that a “normal” person has these capabilities.
This assumption can then be verified through empirical tests.
53
By varying these assumptions, the authors provide proofs for protocols that
rely on “sharp-eyed” and “not so sharp-eyed” humans, and a taxonomy
organized according to design trade-offs between security and the visual
capabilities required of human participants. Although, on the surface, the
resulting proofs resemble the standard fare of the computational complex-
ity framework, they represent a surprising irruption of human bodies into
the usually immaterial world of cryptographic protocols.
