1 Introduction

Digital data have become essential to modern telecommunications, especially where vast images are stored and transferred. This increased the awareness of privacy and information security, and made protecting digital images a very important requirement. As a result, research efforts increased in the information security fields such as cryptography, information hiding, and secret sharing (SS) [1].

SS is a relatively new idea introduced by Shamir in 1979, where a secret number is sent to a group of participants as n shares of the secret in a meaningless form [2]. Each share alone does not give any information about the secret number, while a group of k or more shares can reveal the secret, where \(k \leq n\). The idea was based on polynomial interpolation, and it is useful when the recipients are mutually suspicious or must cooperate. It is also used in cloud computing and distributed storage [1].

The idea of SS was improved to work for images in 1995 by Naor and Shamir, who introduced Visual Secret Sharing (VSS) [3]. In VSS, the recovery process is as easy as stacking the shares to recover the secret image using the human visual system. Stacking images is equivalent to the boolean OR operation between the images [4]. More secure systems were needed, which led to the introduction of Secret Image Sharing (SIS) by Thien and Lin in 2002 [5]. They used polynomial interpolation with shares of size 1/k of the secret image, but it needed more computation power compared to VSS.

The need for acceleration and easily integrating encryption into existing systems led to the use of field programmable gate arrays (FPGAs) as pivotal tools in the realms of both cryptographic operations and VSS. Their distinctive ability to be customized for specific tasks, coupled with their prowess in parallel processing, has propelled them to the forefront of secure data processing [6]. Security applications often favor FPGAs over general-purpose computers because of their low power consumption, high throughput, design adaptability, cost-effectiveness in development per unit, rapid processing speed, resilience to noise, and elevated security levels [7, 8].

This work presents a VSS system as a main block for SIS to ensure fast recovery. Then, two new lossless (nn)-SIS systems are introduced for sharing binary, grayscale, or color images using the VSS system as the backbone. The first SIS system uses the Lorenz chaotic system as a source of randomness, utilizes the generalized Arnold transform to perform permutations, and has a long and sensitive system key. The second SIS system further enhances security and robustness using SHA-256 and RSA public-key cryptosystem. Software implementations and FPGA realizations, including all the used modules, are presented for the three systems. Security analysis is performed between the secret image and shares, and validated hardware results are presented. The experimental results show the systems’ effectiveness when deployed on FPGAs, exhibiting real-time processing capabilities and minimal resource utilization. Performance analysis and comparisons with recent approaches are also presented. The results demonstrate that the proposed enhanced system is a secure, robust and efficient SIS system.

The next section of this paper briefly reviews the recent related approaches of secret sharing. Section 3 describes the background needed for the proposed systems. Section 4 describes the VSS system, and Sect. 5 describes how the VSS system is modified to create the first SIS system. Section 6 describes the second SIS system. Section 7 describes the hardware implementations for the three systems. Section 8 gives the results and comparisons, and Sect. 9 briefly gives the conclusions and future work.

2 Related work

Most VSS systems use halftoning to convert all types of images into binary images and process them. Halftoning represents the image as dots, which affects the quality of the images [9]. Due to data loss when OR is used in recovery, XOR is used in recent literature to provide better quality for the recovered images [10]. There are different types of VSS introduced for different purposes, such as weighted VSS, which gives different weights for shares, and the total weight available in the recovery process defines the quality of the recovered image [11]. Another type is the tagged shares, which adds information in each share to differentiate between shares by folding the share, for example, to show the tag [12]. Others added features like meaningful shares [13] or sharing multiple images [14].

As previuosly mentioned, the recovered image quality in VSS increases when using XOR. Hence, it is the primary recovery method for recently proposed systems. A lossless system was introduced for binary and grayscale images by converting the image into a bitstream and sharing it using pixel vectorization [15]. Another proposed system prioritized different shares, giving high importance to some shares that can be used in recovery and give better quality, but this system was lossy [16]. Another system requires some essential shares to be present in the recovery process to recover the secret, and it can not be recovered without including those essential shares [17]. While VSS is simple, it is not robust to noise and lacks good quality for the recovered images in most systems.

On the other hand, the common techniques used in SIS systems are the Chinese Remainder Theorem (CRT) and polynomial interpolation, where the size of the shares can be a portion of the secret size or with fixed size [18]. Some features are also added to SIS, such as meaningful shares [19] and sharing multiple secrets [20]. A system for grayscale images was proposed that produced fixed size shares of \(23\times 23\) [18]. Other systems used CRT to have smaller shares with size 1/k of the secret image size [21]. Another system prioritized participants, where high priority shares recover the secret with higher quality [22]. Quick Response (QR) codes are also used to conceal shares and make them less suspicious[23]. Another system used CRT, XOR and a modification of Shamir’s secret sharing to share different types of images [24].

3 Background

This section describes the background needed for the proposed systems, including the Lorenz chaotic system which is used as a source of randomness, the generalized Arnold transform which is a permutation algorithm, SHA-256 which is a hash function, and the evaluation criteria used to test the proposed systems.

3.1 The Lorenz chaotic system

The Lorenz system is used as a Pseudo Random Number Generator (PRNG) of the proposed systems, and it has the following equation [25]:

$$\begin{aligned} \frac{dx}{dt}= \sigma (y-x),\quad \frac{dy}{dt}= x(\rho -z),\quad \frac{dz}{dt}= xy-\beta z, \end{aligned}$$
(1)

where \(\sigma ,\rho ,\) and \(\beta\) are the system’s parameters. The system is solved by Euler method using the following formulae [26]:

$$\begin{aligned} x_{t+1}&= x_t + h (\sigma (y_t-x_t)), \end{aligned}$$
(2a)
$$\begin{aligned} y_{t+1}&= y_t + h (x_t(\rho -z_t)),\end{aligned}$$
(2b)
$$\begin{aligned} z_{t+1}&= z_t + h (x_t y_t-\beta z_t), \end{aligned}$$
(2c)

where \(h=2^{-7}\) is the time step, and \(x_0,y_0\) and \(z_0\) are the initial conditions.

The step h is chosen as a negative power of 2 to be used in the hardware implementation as shifting instead of multiplication [27].

The following equation is used to extract l bits from x:

$$\begin{aligned} \lfloor x_t\times sf \rfloor \mod 2^l, \end{aligned}$$
(3)

where sf is a scaling factor chosen to ensure randomness, \(\lfloor \cdot \rfloor\) is the floor function, and similar equations are used for y and z.

To generate the initial conditions and parameters for the Lorenz system, a system key is used with a size of 256 bits to resist brute force attacks. Figure 1 illustrates how to extract the initial conditions and parameters, with the ranges required for the chaotic operation of the Lorenz system.

The same extraction process is performed in the generation and recovery schemes, using the same system key, to guarantee the correct operation of both sides of the sharing system. The randomness test results for the Lorenz chaotic system are provided in the supplementary file.

Fig. 1
figure 1

Subkeys generation

Full size image

3.2 Generalized Arnold transform

Arnold transform is used to permute the pixels of an image, where a pixel in the position (xy) is transformed to the new position (\(x',y')\) [28]. The generalized Arnold transform has the following equation:

$$\begin{aligned} \begin{bmatrix} x'\\ y' \end{bmatrix} = \begin{bmatrix} 1&{}\gamma \\ \zeta &{}\gamma \zeta +1 \end{bmatrix} \begin{bmatrix} x\\ y \end{bmatrix} \mod N, \end{aligned}$$
(4)

where \(\gamma\) and \(\zeta\) are the parameters for the transformation, and N is the dimension of a square image. The inverse transformation is given by

$$\begin{aligned} \begin{bmatrix} x\\ y \end{bmatrix}= \begin{bmatrix} \gamma \zeta +1&{}-\gamma \\ -\zeta &{}1 \end{bmatrix} \begin{bmatrix} x'\\ y' \end{bmatrix} \mod N, \end{aligned}$$
(5)

3.3 Secure hash algorithm: SHA-256

The SHA-256 is a well-known hash function that takes an input of size \(<2^{64}\) bits and maps it into a 256-bit digest [29]. The SHA-256 has a word size of 32-bit, where all the operations are performed on words. First, the functions used in the algorithm are given as follows:

$$\begin{aligned} Ch(x,y,z)&= (x\wedge y)\oplus (\lnot x \wedge z), \end{aligned}$$
(6a)
$$\begin{aligned} Maj(x,y,z)&= (x\wedge y)\oplus (x\wedge z) \oplus (y\wedge z), \end{aligned}$$
(6b)
$$\begin{aligned} \varOmega _0(x)&= ROTR^2(x) \oplus ROTR^{13}(x) \oplus ROTR^{22}(x),\end{aligned}$$
(6c)
$$\begin{aligned} \varOmega _1(x)&= ROTR^6(x) \oplus ROTR^{11}(x) \oplus ROTR^{25}(x),\end{aligned}$$
(6d)
$$\begin{aligned} \omega _0(x)&= ROTR^7(x) \oplus ROTR^{18}(x) \oplus SHR^{3}(x),\end{aligned}$$
(6e)
$$\begin{aligned} \omega _1(x)&= ROTR^{17}(x) \oplus ROTR^{19}(x) \oplus SHR^{10}(x), \end{aligned}$$
(6f)

where \(ROTR^n\) is circular right shift n positions and \(SHR^n\) is right shift n positions.

The SHA-256 starts with initializing two types of constants [29], the first type is a set of 64 constant words, \(K_0, K_1, \cdots , K_{63}\). They come from the first 64 prime numbers, where 32 bits of the fractional parts of cube roots are used. The second type of constants is the set of initial hash values, \(H_0,H_1,\cdots ,H_7\), which consists of 8 words obtained from the square root of the first 8 prime numbers, where the first 32 bits of the fractional part are used.

After initializing the constants, two steps of preprocessing are done on the input. The first step is padding the message to be able to parse it into equal 512-bit blocks. For a message of size l, one bit "1" is appended to the end of the message followed by k zero bits, where k is the smallest positive solution for the equation:

$$\begin{aligned} l+1+k\equiv 448\mod 512. \end{aligned}$$
(7)

Then, append the binary value of l in 64 bits, to have a padded message whose size is a multiple of 512. Afterward, the padded message is parsed into 512-bit blocks. Each message block, M, consists of 16 words, \(M_0\), \(M_1\), \(\cdots\), \(M_{15}\), and is processed as follows, where the operations are performed on the blocks consecutively to get the final hash and all additions are \(\mod 2^{32}\):

  1. 1.

    Prepare W:

    $$\begin{aligned} W_t={\left\{ \begin{array}{ll} M_t, &{} 0\le t \le 15 \\ \omega _1(W_{t-2})+ W_{t-7}+ &{} 16\le t \le 63\\ \omega _0(W_{t-15}) + W_{t-16}, &{}\\ \end{array}\right. } \end{aligned}$$
    (8)
  2. 2.

    Initialize variables for current hash:

    $$\begin{aligned} a&=H_0, \quad b=H_1, \quad c=H_2, \quad d=H_3, \end{aligned}$$
    (9a)
    $$\begin{aligned} e&=H_4, \quad f=H_5, \quad g=H_6, \quad h=H_7. \end{aligned}$$
    (9b)
  3. 3.

    For each word in W, \(t=0\) to 63:

    $$\begin{aligned} T_1&= h+\varOmega _1(e)+Ch(e,f,g)+K_t+W_t, \end{aligned}$$
    (10a)
    $$\begin{aligned} T_2&= \varOmega _0(a)+Maj(a,b,c), \end{aligned}$$
    (10b)
    $$\begin{aligned} h&= g, \quad g = f, \quad f = e, \quad e = d+T_1 \end{aligned}$$
    (10c)
    $$\begin{aligned} d&= c, \quad c = b, \quad b = a, \quad a = T_1+T_2. \end{aligned}$$
    (10d)
  4. 4.

    Compute the new hash values after the block:

    $$\begin{aligned} H_0&= a + H_0,\quad H_1 = b + H_1,\quad H_2 = c + H_2, \end{aligned}$$
    (11a)
    $$\begin{aligned} H_3&= d + H_3,\quad H_4 = e + H_4,\quad H_5 = f + H_5, \end{aligned}$$
    (11b)
    $$\begin{aligned} H_6&= g + H_6,\quad H_7 = h + H_7. \end{aligned}$$
    (11c)

After repeating the above steps for all the blocks, the final digest is formed by concatenating the final binary hash values using:

$$\begin{aligned} H_0\parallel H_1\parallel H_2\parallel H_3\parallel H_4\parallel H_5\parallel H_6\parallel H_7, \end{aligned}$$
(12)

where \(\parallel\) is the concatenation operation.

3.4 Evaluation criteria

The statistical security criteria and robustness of the proposed systems against different attacks are evaluated, where the tests and the attacks are described in Table 1 with the description, formula, ranges, and optimal values.

Table 1 Evaluation criteria
Full size table

4 The VSS system

The VSS generation scheme is shown in Fig. 2a, generating n shares from the input image using the Lorenz chaotic system. First, a random number Rand in the range [1,  n] is generated from Lorenz using:

$$\begin{aligned} Rand=(\lfloor x_t\times sf \rfloor \mod n)+1, \end{aligned}$$
(13)

where \(sf = 2^{40}\).

Then, for each pixel \(P_S\) in the secret image I, \((n-1)\) random pixels are generated from the Lorenz chaotic system.

Each random pixel \(P_i\) is generated using:

$$\begin{aligned} P_i\{R,G,B\} = \lfloor \{x_{t},y_{t} ,z_{t}\}\times sf\rfloor \mod 2^8, \end{aligned}$$
(14)

where the three outputs of the Lorenz chaotic system are first scaled by sf to access the fractional parts. Then, the 8 least significant bits (LSBs) are extracted using the mod operation to obtain three 8-bit random numbers that represent the R, G, and B channels of a random pixel, \(P_i\).

Using \(P_S\) and the generated random pixels \(P_i\), the \(n^{th}\) pixel \(P_{Rand}\) is calculated as

$$\begin{aligned} P_{Rand} = P_S \oplus \bigoplus _{i=1}^{n-1} P_i, \end{aligned}$$
(15)

where \(\bigoplus _i^n x_i\) represents an XOR of many terms.

The \((n-1)\) random pixels and \(P_{Rand}\) are distributed into the n shares according to the value of Rand using the distributing table shown in Fig. 2a, where \(P_{Rand}\) is assigned to the share \(S_{Rand}\), and the random pixels \(P_i\) are consecutively placed in the other shares. The recovery scheme is simple, as shown in Fig. 2b, where the shares are XORed to recover the secret.

Fig. 2
figure 2

Block diagrams of the proposed (a) VSS generation, (b) VSS recovery, (c) SIS-I generation, (d) SIS-I recovery, (e) SIS-II generation, and (f) SIS-II recovery

Full size image

The statistical analysis results are given in [31], where the system passes all statistical tests. The robustness analysis results are shown in Table 2, where the system does not pass the crop and differential attack tests. Key sensitivity is not applicable, because no key is used in decryption. Modifications to the system will be introduced in the following sections to pass the aforementioned tests.

Table 2 Results of different attacks
Full size table

5 The first SIS system

The generation scheme of the first proposed SIS system, SIS-I, is shown in Fig. 2c, where it consists of substitution and permutation phases followed by the VSS system. The substitution and permutation phases enhance the system’s security by incorporating the confusion and diffusion properties as defined by Shannon [32]. The permutation stage also enables the system to resist crop attacks.

The system starts by performing an XOR between the secret image, I, and a random image, L, generated from the Lorenz system. Eight bits are extracted from the xy,  and z states for each pixel to encrypt the RG,  and B channels, respectively. The image E is generated from this substitution stage.

The permutation stage uses the generalized Arnold transform, where the parameters \(\gamma\) and \(\zeta\) are extracted from the Lorenz system as \(\log _2{N}\) bits from x and y, respectively. Hence, the image E is permuted to generate the image H. Finally, the image H is shared as n shares using the previously described VSS system.

The recovery scheme for SIS-I is shown in Fig. 2d. First, the n shares are XORed to recover the image H as in the VSS recovery system. Then, the Lorenz system is used to generate the random image L, and extract \(\gamma\) and \(\zeta\). The inverse generalized Arnold transform is used to recover the unscrambled image, E. Finally, inverse substitution is applied by performing an XOR between L and E, to recover the secret, R.

Because SIS-I has substitution and permutation stages in addition to the VSS system, it passes all statistical tests. The robustness results are shown in Table 2, where the system passes all the tests except differential attacks, because there is no dependency on the input image. Modification of the system will be introduced in the following section to pass this test.

6 The second SIS system

A dependency on the input image pixels must be present in the second SIS system, SIS-II, to resist differential attacks. This dependency is created by passing the secret image as input to SHA-256 to produce 256 bits digest [33]. The digest is then XORred with the system key to produce a modified key for the Lorenz system. The block diagram of SIS-II generation scehme is shown in Fig. 2e, depicting the addition of SHA-256 to SIS-I.

The digest must be sent to the receiver to generate the same chaotic sequence from Lorenz system. RSA, which is a well-known secured public key cryptosystem, is used to transmit this small digest of 256 bits [34]. It should be noted that RSA is not suitable for encrypting large data, such as images, due to its complexity.

The recovery scheme of SIS-II, as shown in Fig. 2f, is the same as that of SIS-I but with the utilization of the digest as obtained from RSA. The robustness results are shown in Table 2, where the system passes all the tests, giving a secure and robust SIS system.

7 Hardware implementation

The hardware architectures for the three proposed systems are designed and implemented on an FPGA from Xilinix: Genesys2 XC7K325TFFG900-2 [35]. To validate the results and performance, a high-definition multimedia interface (HDMI) display was utilized. In all implementations, 16 bits address busses were used to interface with 65536 depth memories that are suitable for image sizes of \(256\times 256\). It is worth mentioning that, to the best of the authors’ knowledge, there is no hardware validation in the literature for such SIS systems.

7.1 Main building blocks

7.1.1 Lorenz chaotic system

The architecture of Lorenz chaotic system is shown in Fig. 3a, where it takes the outputs from the Subkeys Generation to generate xy and z. This block takes \(x_0, y_0\) and \(z_0\) as inputs in the first clock cycle, then the outputs xy and z are used as the new inputs every new clock cycle. This scheme uses 55-bit fixed point arithmetic, with 1 sign bit, 12 bits for the integer part and 42 bits for the fractional part, which are enough to represent the chaotic system output. The output from each multiplication operation has the size of 110 bits. Only bits 96 down to 42 are taken to keep the integrity of the used 55 fixed point operations. Figure 4a shows oscilloscope projection of 12 bits integer part of Lorenz x-z and Fig. 4b shows x-time projection.

Fig. 3
figure 3

Hardware architecture of: (a) Lorenz system, (b) shares generation, and (c) generalized Arnold transform

Full size image
Fig. 4
figure 4

Lorenz on oscilloscope: (a) X–Z projection, (b) X-time

Full size image

7.1.2 Shares generation

In Fig. 3b, the 8 LSBs of the fractional parts of xy and z are transmitted between three registers each clock cycle to be saved. The 8 bits xy and z of each cycle are concatenated to generate the random pixels \(P_1, P_2\) and \(P_3\), where: \(P_1 = [x_{t-2}, y_{t-2}, z_{t-2}],\) \(P_2 = [x_{t-1}, y_{t-1}, z_{t-1}]\) and \(P_3 = [x_t, y_t, z_t]\). After that, the input image pixel \(P_S\) is XORed with \(P_1, P_2\) and \(P_3\) to generate \(P_{Rand}\). The 2 LSBs of \(x_{t-2}\) are extracted to select the output of each of the four multiplexers, which deliver to the four shares.

7.1.3 Generalized Arnold transform

In generalized Arnold transform, demonstrated in Fig. 3c, the 16 bits pixel memory address is transformed to a new memory address. Arnold parameters, \(\gamma\) and \(\zeta\), are taken from the previously mentioned Lorenz block at a specific clock cycle giving the system extra security. The memory address is initially transformed to the (xy) coordinates on the screen. Then, \(\gamma\) and \(\zeta\) are used with simple XOR and addition operations to output \((x',y')\) and, hence, a new memory address. Examples of generalized Arnold transform with different \(\gamma\) and \(\zeta\) values are given in Fig. 5.

Fig. 5
figure 5

Generalized Arnold example: (a) original image, (b) \(\gamma =1,~\zeta =1\), and (c) \(\gamma =35,~\zeta =9\)

Full size image

7.1.4 SHA-256 pre-processing

In Fig. 6, SHA-256 is utilized to generate a 256 bits hash. A memory, distinct in both depth, width and address buss from other memories in the system, houses the secret image and yields a 512-bit stream. This stream undergoes restructuring in another smaller memory as shown in the figure. Zero padding is performed to complete the memory vacancy. Then, an iterative process starts to modify the values of these zeros starting from \(i=16\). After this data preparation, starting from \(j=0\), each word is employed to update the values of [a, b, c, d, e, f, g, h] passing through straightforward rotation and XOR operations. Finally, the hash is updated with these values as \(H_0 = H_0 + a\) through \(H_7 = H_7 + h\).

Fig. 6
figure 6

Hardware architecture of SHA-256

Full size image

7.2 Implementation of the VSS system

The generation scheme of the VSS system is mainly based on the Lorenz and shares generation blocks. Lorenz delivers the current x,  y and z in each cycle to the shares generation. The process of the shares generation and distribution ends with constructing the four shares of the secret image. The recovery scheme of the VSS system is a straightforward XORing between the four shares to reconstruct the secret image.

Figure 7 shows the secret image and one of the generated shares on a screen as a result from implementing the VSS system. The utilization in Table 3 shows the employment of the FPGA resources. Generation and recovery schemes utilize a large percentage of Block RAMs (BRAMs) as each generated share is stored in addition to the secret and random images. One Mixed-Mode Clock Manager (MMCM) was utilized to generate the system clock. The employed Inputs and Outputs (IO) are mainly for the HDMI module in addition to a number of switches and LEDs for system interface. Lookup tables (LUTs), Flip Flops (FF) and Digital Signal Processors (DSP) percentages are relatively small.

Fig. 7
figure 7

VSS hardware results of the Genesys2 FPGA implementation showing (a) secret image I and (b) \(S_1\)

Full size image
Table 3 Hardware utilization
Full size table

7.3 Implementation of SIS-I

Leveraging the Lorenz, shares generation and Arnold blocks, three consequent stages are needed for SIS-I generation. In the first stage, the Lorenz block initiates a random generation process to form the random image ’L’ mirroring the dimensions of the secret image. A bitwise XOR operation is then employed on ’L’ and the secret image to produce the ’E’ image. In the second stage, Lorenz transmits the current 8 LSBs of ’x’ and ’y’ values to the Arnold block, serving as ’\(\gamma\)’ and ’\(\zeta\)’ parameters. Arnold subsequently transforms the memory address, generating a new writing address for the image ’H’. In the third stage, the ’H’ image undergoes the same process as in the VSS system going through bitwise XORing with the random pixels to finally generate the four shares.

The recovery scheme of SIS-I starts with XORing the four shares to get the ’H’ image in parallel with operating Lorenz to build the ’L’ image. Afterward, the inverse Arnold transform takes its parameters from Lorenz to reconstruct the image ’E’ from the ’H’ image. The ’L’ image stage must come before the inverse Arnold stage to match the same \(\gamma\) and \(\zeta\) of the generation scheme. Finally, ’L’ and ’E’ images are XORed to recover the secret image.

The experimental results of SIS-I look similar to those given in Fig. 7. As shown in Table 3, the system utilizes more BRAMs in its generation and recovery schemes than the VSS system due to the addition of the random images ’H’, ’E’ and ’L’. In the generation process, however, ’L’ does not need to be stored in a memory as it is XORed with the original image directly to generate and store the ’E’ image. In the recovery process, this cannot be done as the XOR operation is the final step.

7.4 Implementation of SIS-II

As depicted in Fig. 8a, the generation process of SIS-II uses the four main building blocks. The initial stage involves pre-processing, wherein the system key undergoes modification using the SHA-256 block. The resultant 256-bit digest is then XORed with the system key to yield the modified key. Then, Lorenz starts with the new modified key, and the generation process continues as in SIS-I.

Fig. 8
figure 8

Architecture diagram of SIS-II: (a) generation scheme and (b) recovery scheme

Full size image

In SIS-II, the recovery scheme shown in Fig. 8b is almost identical to that of SIS-I except for the initial modification of the system key. The original system key is XORed with the SHA-256 digest to get the same modified system key used in the generation scheme.

The utilization of SIS-II given in Table 3 shows that BRAM and LUT utilization in the generation scheme are more than the previous system due to the addition of SHA-256 pre-processing. The recovery utilization is exactly as in SIS-I, where the only difference between them is the starting system key.

8 Results and comparisons

The images used in evaluating the three systems are from the USC-SIPI image database as shown in Table 4 with their names, descriptions, and sizes [36]. The Tree image is used to show the software and hardware results of the three systems in detail when \(n=4\). Additional detailed results for all the images of Table 4 are provided in the supplementary document with different n values and similar good results.

Table 4 Used images from USC-SIPI database [36]
Full size table

The histograms of the secret I and the first share \(S_1\), from SIS-II hardware, are given in Fig. 9, where all the shares in the three systems give similar uniform histograms indicating good encryption.

Fig. 9
figure 9

Histograms of (a)–(c) Tree, and (d)–(f) \(S_1\) from SIS-II hardware when \(n=4\)

Full size image

Table 5 shows the average security analysis results of the software and hardware for Tree when \(n=4\) for the three proposed systems, where the detailed results are given in the supplementary document.

Even though the software implementation uses floating-point arithmetic and the hardware implementation uses fixed-point arithmetic, the table demonstrates that both implementations provide good and comparable security measures. The values of the hardware and software results are too close to each other but different due to the different implementations. More detailed results for the different channels are given in the supplementary file.

The entropy results in the produced shares for the three systems are close to 8, indicating good randomness. The RMSE and correlation values between the secret image and the shares in the three systems give high RMSE and low correlation values, indicating good encryption. The correlation results between the adjacent pixels in the shares are low in the horizontal, vertical, and diagonal directions in the three systems. Also, the adjacent pixels scatter diagrams in the vertical direction of the secret and the first share for SIS-II are shown in Fig. 10, where all the shares in the three systems in different directions give similar no correlation diagrams indicating good encryption.

Table 5 Security analysis results for software and hardware of Tree when \(n=4\)
Full size table
Fig. 10
figure 10

Scatter diagrams between adjacent pixels in the vertical direction of (a)–(c) Tree, and (d)–(f) \(S_1\) for SIS-II hardware when \(n=4\)

Full size image

NIST test results of \(S_1\) for SIS-II are given in Table 6 with \(\alpha =0.001\), where all the shares of the three systems give similar passing results. A secret image of size \(1024\times 1024\) is used to satisfy the NIST requirement of at least one million numbers.

Table 6 NIST results of \(S_1\) for SIS-II
Full size table

The key sensitivity tests were conducted on the different parts of the system key by changing the LSB of each part separately, and the results for SIS-I and SIS-II were calculated since VSS does not use the key in the recovery stage. The results of the RMSE are given in Table 2, showing good key sensitivity results. These results also show that different shares can be produced for the same image if the key changes.

The BER is also measured between the original image and the recovered image when one bit is changed in different locations of the key [37]. Figure 11 shows BER results near 0.5, which is the desired value, demonstrating good key sensitivity and that no partial information can be revealed about the original image [38].

Fig. 11
figure 11

BER between the original and recovered images using different keys with a modified bit in different locations

Full size image

Noise attack results are the same for the three systems, as shown in Table 2, where salt and pepper noise with intensity \(25\%\) was added to the first share. The resulting PSNR values indicate good resistance to noise attacks.

Crop attack results are better for SIS-I and SIS-II because of the presence of the permutation stage, which plays an important role in passing crop attacks. The software crop attack results for the three systems are shown in Table 2, while the recovered images from the hardware are given in Fig. 12. Although the PSNR values are the same in the three systems, because the amount of data lost is the same, the VSS system does not pass the test visually.

Fig. 12
figure 12

Recovered images from hardware after 25% crop attack: (a) VSS, (b) SIS-I, and (c) SIS-II

Full size image

Only SIS-II resists differential attacks due to the presence of SHA-256, which builds the dependency on the input image. Table 2 shows the results, where SIS-II gives the optimal values for UACI and NPCR.

Runtime is measured for the three systems with different numbers of shares and images of size \(512\times 512\). The average of fifty runs is given in Table 7, where the number of shares slightly affects the recovery time. In generation, the modifications on the VSS only add one second of runtime for SIS-I and SIS-II systems, while maintaining the fast recovery. The used setup is (Windows 11 Pro, Intel(R) Core(TM) i7-8750 H CPU @ 2.20 GHz, 15.8 GB RAM) using Python programming language on JupyterLab IDE.

Table 7 Runtime, in seconds, for color images of size \(512\times 512\) and different numbers of shares, n
Full size table

To compare the proposed SIS-II with previous techniques, it was adopted for grayscale images and compared with the system in [24], for the used grayscale Mandrill image. The comparison is given in Table 8, where the results are good.

Table 8 Comparison with previous scheme using grayscale Mandrill with \(n=4\)
Full size table

9 Conclusions

Three systems were proposed for sharing any type of image, starting with the VSS system as the basic module to ensure a fast recovery process. Then, SIS-I used the Lorenz chaotic system as the source of randomness, and the generalized Arnold transform as a permutation module. Finally, SIS-II added extra levels of security by utilizing SHA-256 and RSA. Moreover, FPGA architectures were designed and implemented to boost computational efficiency and enable seamless real-time processing. The experimental results validated the effectiveness and practicality of these implementations with minimal resource utilization. Security analysis and comparisons with related literature were presented with good results including statistical tests, differential attack measures, robustness tests against noise and crop attacks, key sensitivity tests, and performance analysis. Other permutation algorithms, chaotic systems, and VSS systems can be further investigated to find the best combination for creating SIS systems.