A survey paper on secret image sharing schemes

Abstract

With the speedy progress of network technology and internet applications, protection of digitized data against unauthorized access and modification has become a paramount issue. In order to face this challenge, numerous secret image sharing schemes have been introduced. Secret image sharing scheme is a method used for safeguarding the sensitive digitized image against illegal copying and tempering. The secret image is divided into many random shares in such a way that each share does not reveal any information to the intruders. In this paper, we present a comprehensive survey from over 100 papers which explains the new approaches and challenges. This paper also provides a comparative analysis of different methods based on different properties.

1 Introduction

Today, in computerized age, the development of internet technology has been increasing rapidly. Dissemination of important information such as medical images, art images, military images, and financial reports through the internet is at high risk. A huge amount of data is available in image form. High security is needed to protect such sensitive information from intruders or hackers against unauthorized access and modification. According to Alharthi et al. [1], there are many situations, where the owners of companies want to keep their reports, images, and information secure from their counterparts. For example, automobile manufacturers want to hide the images of new designs from competitors. In a similar case, a pharmaceutical company intends to conceal the images used for recording medical formulas or drug experiments. There must be no problems if the employees are faithful to the organization. Otherwise, dishonest employees may handover the information that they have about the organization to a rival company in exchange for money as soon as they leave the organization. Techniques such as watermarking and image hiding [2] improve the security of the sensitive information. However, there is a pitfall as the information is controlled by a single information carrier. In case, if an intruder destroys the information carrier or it (information carrier) is lost, then the sensitive information might disappear. In order to prevent such situations, [1, 2], Shamir [3] and Blakely [4] introduced the threshold secret sharing scheme independently in 1979. Secret sharing is a method to divide the secret into many parts, distributing each part to the authorized participants. Reconstruction of the secret image can be done only when these authorized participants submit their shares. In (p, n) threshold scheme, at least p participants have to combine their respective shares to recover the secret. Reconstruction is not possible if the number of participants is less than p. Figure 1 shows the Shamir’s (3, n) threshold scheme. The secret S is split into n shares \((S_1, S_2 \ldots S_n)\). At least three shares are needed to reconstruct the secret image S. In 2002, Thein and Lin [5] developed the first secret image sharing scheme based on Shamir’s threshold scheme as the image contains lots of information in the form of pixels.

Fig. 1

Shamir’s (3, n) threshold scheme

There are many real-life applications of secret sharing. It is utilized in E-Voting system for making the voting protocol robust against authority coercion [6]. In E-Voting, each vote has to be taken as a secret and voters identity must be safeguarded. Each castes vote is split into various shares and distributed them randomly to many parties. Each party cannot get even a single bit of information about the casted vote. And the casted vote can be reconstructed only when the designated number of parties allied together. Secret sharing is also employed in the bank. In order to open the safe or the locker, two keys are required. One of the keys has to be kept by the customer, and the other is with the bank. It is used in multi-party computation such as database computation. Various companies or agencies have to pull their database together to do some joint computation without disclosing more data than required.

The rest of the paper is arranged as follows: In Sect. 2, a literature review is discussed on various secret image sharing schemes based on different techniques and mathematical operations. Sections 3 and 4 provide the major challenges and summary of current trends, respectively. In Sect. 5, the conclusion part is presented.

2 Literature reviews

In this section, we review the procedure of various existing secret image sharing schemes based on steganography, visual cryptography, watermarking, discrete wavelet transform, discrete cosine transform, threshold schemes, and few other schemes, respectively, in the following subsections.

2.1 Steganography

The steganography is derived from the Greek words steganos meaning “covered, concealed, or protected” and graphein meaning “writing.” Steganography is the method of hiding the sensitive information such as files or images within ordinary files or images so that the suspicion of the existence of such information can be avoided from intruders. Figure 2 shows the basic steganography process.

Fig. 2

Steganography process

Lin and Tsai [7] proposed a new secret image sharing scheme with additional capabilities of steganography and authentication based on Shamir’s k, n threshold scheme. At least k shares are required to reconstruct the original secret image. Parity-bit checking was used to perform authentication by “embedding fragile watermark signals into the camouflage images.” Shamir’s scheme is used to calculate the shares of each participant. The secret data \(s_i\) are assumed to be a pixel value from \(m \times m\) secret image S. Secret image S is divided and distributed to n participants. They assume n ordinary camouflage images for a group of n participants. Each image has the size of \(2m \times 2m\) which is divided into \(2 \times 2\) blocks denoted as \(B_i\). \(X_i, W_i, V_i, U_i\) denote the four pixels in each block \(B_i\). The binary values of the four pixels are denoted by \(x_i, w_i, v_i, u_i\), respectively. Using eqn. 1, share is generated.

$$\begin{aligned} F(x_i) = (s_i + a_1x^1+ \cdots a_{k-1}x^{k-1} )\bmod 251, \end{aligned}$$

(1)

where \(s_i\) is data secretly selected from the secret image and \(x_i\) is selected as a pixel value from camouflage images. To be able to make interpolation, the prime number should be chosen in such a way that it should be greater than a and k. Hence, 251 is selected in Eq. (1). Figure 3 shows the storage of fragile watermark in the third LSB bit of \(W_i\). \(b_i\) is the fragile watermark bit. Figure 4 illustrates Lin and Tsai’s result of authentication.

Fig. 3

Lin and Tsai cover block after embedding secret pixel and authentication bit (fragile watermark); authentication bit is parity check

Fig. 4

a The stego-image in which fragile watermark signals are embedded. b The image with modifications added to a. c The result of authentication (Lin and Tsai [7])

Lin and Tsai’s [7] scheme has four weaknesses. The first one is the problem of handling the dishonest participant. The second one is the problem of controlling the quality of images. The third one is the problem of recovering the secret images losslessly. The fourth one is that the camouflage image is expanded four times the original secret image.

In 2007, Yang et al.’s [8] scheme made an improvement over Lin–Tsais [7]. The first problem of [7] is overcome by using a hash function with secret key K, \(H_k(.)\), block index \(B_{id}\). Stego-image identification \(I_{id}\) is utilized to calculate the hash bit \(b_i\) for each stego-block \(B_i\). Using Eq. (2), the one-bit keyed-hash message authentication code \((\hbox {HMAC}) b_i\) can be calculated as

$$\begin{aligned} b_i = \hbox {XOR} \{ H_k[({B_i}'-w_{i3})||B_{id}||I_{id} \}, \end{aligned}$$

(2)

where \(({B_i}'-w_{i3})\) are 31 bits.

The second problem is solved by rearranging the nine bits into the 262 sized square blocks. Yang et al. [8] divide the secret shares \(F_i\) and hash bits and embedded them equally in each block \(B_i\). Also, the eight bits \({(x_{i8} x_{i7} x_{i6} x_{i5} x_{i4} x_{i3})}_2\) and \({(v_{i4} v_{i3})}_2\) are to be united to make integer values \(x_i\) , where \( 1 \le i \le m \times m\). Use Eq. (3) to calculate the integer values \(x_i\).

$$\begin{aligned} x_i= & {} \left[ {(x_{i8}x_{i7}x_{i6}x_{i5}x_{i4}x_{i3}x_{i2}x_{i1})}_2) \hbox {AND} {11111100}_{(2)}\right] \nonumber \\&\quad + [{(v_{i8}v_{i7}v_{i6}v_{i5}v_{i4}v_{i3}v_{i2}v_{i1})}_2 \hbox {AND} {00001100}_{(2)}]/2^2 \nonumber \\= & {} {(x_{i8}x_{i7}x_{i6}x_{i5}x_{i4}x_{i3}v_{i4}v_{i3})}_2. \end{aligned}$$

(3)

The third one is solved by using the power of two Galois Field GF\((2^8)\) in place of GF (251). Therefore, the enhanced \((k-1)\) degree polynomial is expressed as \(F(x_i) = (s_i + {a_1x_1}_1 + \cdots + a_{k-1}{x_{k-1}}^{k-1})\bmod \hbox {GF}(2^8)\) where \(s_i\) is a secret data selected from the secret image, \(x_i\) is a value selected from camouflage images, and \(a_1, \ldots a_{k-1}\) are randomly chosen numbers. \(x_i, si,\) and \(a_1,\ldots a_{k-1}\) are the values chosen from 0 to 255. Yang et al. [8] have still one weakness which is the fourth problem of [7], i.e., the expansion of camouflage image to four times the size of the original secret image.

Wu et al. [9] enhanced the Lin–Tsai’s [7] and Yang et al.’s [8] scheme by reducing the enlargement size of the stego and camouflage images to 3.5 which was earlier four times of the secret image according to Lin and Tsai’s [7] and Yang et al.’s [8] scheme. They divide the secret image S into n camouflage images for n participants. Two-secret-image integer pixel value is shared from the secret image into \(1\times 7\) blocks at the same time. Hence, the size of camouflage images is reduced to 7/ 2 = 3.5. Table 1 shows the comparison of image size of the schemes [7,8,9].

Table 1 Comparison of image size in (2,4) threshold (unit: kB)

Wu et al.’s [9] scheme has one drawback. The stego-images do not have the capabilities to reconstruct the original images state.

In 2008, Chang et al. [10] employed four authentication bits in a stego-block to increase the authentication ability. But, Lin–Tsai’s [7] and Yang et al.’s [8] schemes utilized only one authentication bit. Chang et al.  [10] calculated four authentication bits and merged them with watermark bits to generate four parity bits \((p_1, p_2, p_3, p_4). X', V', W',\) and \(Z'\) are the modified pixels, and they are shown in Eq. (4).

$$\begin{aligned} {\left\{ \begin{array}{ll} X'= ({x_1}', {x_2}', \ldots , {x_8}') = (x_1, x_2, \ldots , x_5, s_1, s_2, p_1),\\ V'= ({v_1}', {v_2}', \ldots , {v_8}') = (v_1, v_2, \ldots , v_5, s_3, s_4, p_2),\\ W'= ({w_1}', {w_2}', \ldots , {w_8}') = (w_1, w_2, \ldots , w_5, s_5, s_6, p_3),\\ Z'= ({z_1}', {z_2}', \ldots , {z_8}') = (x_1, z_2, \ldots , z_5, s_7, s_8, p_4),\\ \end{array}\right. } \end{aligned}$$

(4)

where \(s_1, \ldots s_8\) are the eight-bit tuples. Chang et al. have one drawback. Though it increases authentication ability, the image quality is decreased.

Eslami et al. [11] used cellular automata (CA) to devise a new (k, n) image sharing scheme with the properties of steganography. In polynomial-based (k, n) steganography authentication scheme, k secret pixels are shared at each iteration. One authentication bit is calculated in [7, 8] and four authentication bits in [10]. In CA-based (k, n) scheme, \((k-1)\) secret pixels are combined and shared at one time. For each stego-block, CA-based secret sharing inserts k eight-bit tuples into eight bits \((s)(s_1, \ldots s_8)\). \(X', V', W',\) and \(Z' \) are the modified pixels, and they are shown in Eq. (5).

$$\begin{aligned} {\left\{ \begin{array}{ll} X'= ({x_1}', {x_2}', \ldots , {x_8}') = (x_1, x_2, \ldots , x_6, s_1, s_2),\\ V'= ({v_1}', {v_2}', \ldots , {v_8}') = (v_1, v_2, \ldots , v_6, s_3, s_4),\\ W'= ({w_1}', {w_2}', \ldots , {w_8}') = (w_1, w_2, \ldots , w_6, s_5, s_6),\\ Z'= ({z_1}', {z_2}', \ldots , {z_8}') = (x_1, z_2, \ldots , z_6, s_7, s_8).\\ \end{array}\right. } \end{aligned}$$

(5)

Authentication information and information bits are included in these eight bits \((s_1, \ldots s_8)\). Furthermore, the signature and corresponding public key are inserted into the stego-image for authentication. Thus, double authentication is provided by [11]. Eslami et al.’s [11] scheme has one limitation. Their scheme cannot identify the exact location of the modified stego-blocks \((X', V', W',\) and \(Z')\). Yang et al.  [12] developed a steganography and authenticated image sharing scheme (SAIS) with respect to bivariate polynomials. Their scheme does not need parity bits for authentication. Compared with others SAIS schemes, their scheme improves the visual quality of stego-images and has higher authentication power (DR). Figure 5 shows the authentication power of the schemes [8, 10, 12].

Fig. 5

Authentication results: a a fake stego-image, b authentication of [12], c authentication of Yang et al. [8], d authentication of Chang et al. [10]

Singh et al. [13] introduced another scheme for symmetric steganography. Their scheme employs ASCII code manipulation to encode the message that needs to be sent. After the encryption process, a key is generated as a random string for the message. This key is used to upgrade the security of message to another level. For the decryption, three things are required the key, the message, and the random string. Then, the peak signal-to-noise ratio (PSNR) and root mean square error (RMSE) are computed to check the similarity between the input image and the target image (containing hidden text). The PSNR value is found to be 99.4191, and RMSE value is 0 (zero). The novelty of this scheme is that it can recover a high-quality image.

Girdhar and Kaur [14] proposed a secret image scheme of steganography which is based on discrete wavelet transform. They developed an algorithm to conceal the secret data in the transform domain. Discrete wavelet transform is employed to insert the secret data into the cover image, and inverse transform is used to get back the original secret. The beauty of their scheme is that it increases the quality of an image and enhances the authentication ability of the secret image. But the limitation of this scheme is that it cannot tell the hiding capacity of data into the transform domain.

Bal et al. [15] designed a compressed video steganographic scheme. This scheme shows that the quantization process outperforms other steganography methods such as LSB substitution, small shadow, and secret sharing in terms of producing a high-quality image (high PSNR value). Table 2 shows the PSNR values produced by different steganography methods.

Table 2 Comparison of PSNR values

Metri and Desai [16] used Shamirs secret sharing algorithm to put forward a secret image sharing algorithm for gray scale and color images in different formats [11]. The purpose of this scheme is to show that the computational time of a scheme depends on the type and size of a secret image. They employ (t, n) threshold algorithm to share the secret image. Parity-bit check policy is also employed to detect any modifications in the image. The cover image has to be divided into blocks of \(2 \times 2\). Each pixel value must be chosen from a secret image. Lagrange polynomial is then used to produce a pair of a share (x, F(x)). Secret images pixel values must be concealed into the cover image by applying LSB substitution method. The original image is reconstructed with the help of polynomial interpolation.

Sehgal et al. [17] discussed the general methodology to hide the data and the evaluation tools. Their method has three stages:

1. 1.

   secret sharing stage,

2. 2.

   steganography stage, and

3. 3.

   data extraction stage.

The first and second stages are put to use for encrypting the secret message. The secret message must be decrypted and revealed in the last (3rd) stage. They described the advantages and disadvantages of the various processes used by different researchers. As a result, the idea of implementing multi-scale resolution wavelet transform for image steganography is introduced.

Liu et al. [18] exploited matrix encoding to compose a secret image sharing with deep steganography and two-stage authentication. Firstly, a secret image is processed into n shadows using Wang and Sus sharing scheme. In order to produce n stego-images, matrix encoding has to be used to insert n shadows into the chosen cover images. The scheme increases secret data security and improves the stego-image quality. Furthermore, it presents a two-stage authentication that enhances authentication ability. The comparison of Liu et al.’s [18] scheme with some of the existing schemes in terms of image quality is given in Table 3.

Table 3 Comparison of images quality of some of the existing schemes in terms of PSNR values

Wang et al. [19] initiated an innovative scheme, namely the scalable secret image sharing scheme, for sharing an image among n participants such that the clarity of the reconstructed image (i.e., the amount of information therein) scales in proportion with the number of the participants. They have defined three secret image sharing modes:

1. 1.

   multi-secret,

2. 2.

   priority, and

3. 3.

   progressive.

Hence, this scheme provides an opportunity to use secret sharing in a more flexible manner. Reconstruction of images can be done according to the priorities of the authorized participants.

Lee et al. [20] designed a new blind authentication method based on the secret sharing technique with a data repair capability for grayscale document images via the use of the portable network graphics (PNG) image. If there is any unwanted visibility effect in the stego-image which is caused by inserting partial shares, then it can be removed by mapping the values of the share into a range of alpha channel values. During the authentication of the image block, a modified block can be detected only when the calculated authenticated signal does not match with the inserted partial shares. In order to repair the modified block, reverse Shamir scheme is used to get the original content of the block with the help of any two unmodified shares. This scheme enhances the security of the data too.

Tulasidasu et al. [21] used block division technique to build a steganography-based secret image sharing scheme. They use least significant bit (LSB) especially for picture steganography to upgrade the security of sensitive data. This scheme does not allow anyone to get the information from the stego-image without stego-key. Simulation result shows that this scheme outperforms another scheme in terms of image quality. Table 4 shows the comparison between some secret image sharing schemes based on the following properties

• Average PSNR,

• Remedy ability,

• Algorithm that is employed for making share values,

• Embedding method.

Table 4 Comparison between some steganography authentication secret image sharing schemes

2.2 Visual cryptography

Visual cryptography was first developed by Naor and Shamir [22] in 1994. Visual cryptography is the mechanism used to encrypt information (text, pictures, etc.) in such a way that the receiver can decode the message without using a computer. Figure 6 shows the basic mechanism of visual cryptography.

Kandar et al. [23] presented visual cryptographic scheme for color images. Most of the visual cryptography schemes used OR operation for decryption. However, there is a drawback of using OR operation. If a person is able to get k shares, then he can recover the secret image easily. So, there is a security issue. The novelties of this scheme are as follows:

• A random number is used, thereby making the sharing process simple.

• Innocent and unsuspicious covers are used for enveloping the shares.

Anandhi et al. [24] evaluated the performance of various visual cryptography scheme based on the following four properties:

• Number of secret images,

• Pixel expansion,

• Image format,

• Type of share generated.

Using an international data encryption algorithm (IDEA) increases the security of the scheme. However, the encoded images can be sent to the intended person only in the format of PNG and GIF, while other formats are not allowed.

Sharma [25] presented the study of the fundamental scheme of visual cryptography technique and proposed a novel method to remove the noise from the images recovered after decryption process. After removing the noise, the proposed scheme produces a final image whose quality is almost similar to that of the original one. The algorithm is designed in such a way that it is applicable to all types of images such as grayscale, color, and binary. The noisy images give suspicion to the intruders. So, they used steganography for enveloping the noisy shares within innocent covers to avoid illicit attacks. Figures 7, 8, and 9 show the experimental results of [25] performed on binary, grayscale, and color images, respectively.

Fig. 6

Mechanism of visual cryptography

Fig. 7

Algorithm of [25] applied on binary image

Fig. 8

Algorithm of [25] applied on grayscale image

Fig. 9

Algorithm of [25] applied on color image

Bharanivendhan et al. [26] designed a visual cryptography scheme for secret image sharing. The proposed scheme uses two algorithms, i.e., general access structure (GAS) and stamping in the first and second phases, respectively. The GAS algorithm is employed to produce four shares. The stamping algorithm is used for embedding the shares into cover images. The password is authenticated at both the sender and receiver side, thereby increasing the security of the scheme. The scheme lessens the pixel expansion problem by increasing the number of shares and enhances the security and resolution of the secret image. For comparing the image quality, embedded visual cryptography scheme (EVCS) and GAS algorithm are used. The size of the memory using EVCS and GAS algorithm is given in Table 5.

Thorat et al. [27] also uses stamping algorithm for color images to embed the shares of the secret in other images.

Table 5 Comparison of memory size using EVCS and GAS algorithm

Padiya et al. [28] provided a formulation of encryption for multiple secret images. They have used a genetic algorithm in encryption technique. They suggested that visual secret sharing scheme should be introduced because it is more robust and better algorithm for image encryption. The proposed scheme used halftone technology too.

In a different paper, Shetty and Abraham [29] and Bhadran [30] presented a visual cryptographic technique for color images in which the generated shares are again encrypted. The difference is that Shetty and Abraham [29] make use of Rivesh, Shamir, Adi (RSA) algorithm and Bhadran [30] utilizes XOR operation to double the security of the documents, handwritten text, images, etc. Therefore, there is no way for the intruders to get the information of the secret.

Karolin and Meyyapan [31] put forward an RGB-based secret sharing scheme. The proposed scheme uses (2, 2) XOR operation in order to generate shares. For enhancing the security purposes, they used dithering technology and create a 16-color code mechanism to protect the secret shares. The algorithm tightens the security by producing a large number of colors to produce the shares. Figure 10 illustrates the experimental results of [31].

Fig. 10

Experimental result of scheme [31]: a secret image, b dithered image, c share-1, d share-2, e recovered image

Samson et al. [32] proposed a multiple image sharing scheme (MISS) to generate numerous share images for multiple secret images. The proposed scheme consists of n levels. Production of the compound image takes place in the first level from a secret image and key image. For the generation of the second share, the secret image and the first share must be collected. Then, the first and the second shares are combined together to form the second image that will act as an input to the second level. These procedures are carried on repeatedly for n levels. Input images can be obtained from share images at various levels. The proposed scheme is more secure, so it can be employed in defense, military, and commercial applications [32].

Ching et al. [33] developed a new two-in-one image secret sharing scheme (TiOISSS). They make use of two schemes that are (i) visual cryptography scheme (VCS) and (ii) polynomial-based image secret sharing scheme (PISSS). Their scheme is different from Lin et al. TiOISSS [34]. Lin et al. employed the combination of VCS and PISSS in the m-sub-pixel block to act as the output value of PISSS, whereas Ching et al. [33] inserted the value into gray subpixel VCS to develop their TiOISSS. Experimental result shows that their scheme reduces the shadow size, and it is shown in Fig. 11.

Fig. 11

Experimental results of scheme [33]

Rezvan et al. [35] utilized only two shares to transmit two secret images over the network. The first secret image is recovered by combining two shares. The second secret image is obtained by placing one share perpendicular to another share. Thus, they overcome the problem associated with Noar and Shamir by reducing the size of the shares.

2.3 Watermarking

Watermarking is the practice of concealing information into multimedia content. Watermarking is mostly employed to verify the ownership or copyright of the digital content. Watermarking is inserted to the primary image in frequency domain based on discrete wavelet transform.

Surekha and Swamy [36] proposed a spatial domain image watermarking technique based on visual secret sharing (VSS) and unique statistical properties. The proposed scheme has two stages that are watermark hiding stage and watermark revelation stage. A random image is created at each stage. The random image created at revelation stage is joined with existing one to get back the original one. This scheme has three advantages compared with the existing schemes.

1. 1.

   In order to improve the security, unique cover images are employed to decrease the probability of false positives.

2. 2.

   As they used multi-pixel VSS, it is easy to store the shares.

3. 3.

   Though the scheme is implemented in the spatial domain, its robustness has been increased as the selected feature vector on spatial correlation of pixels.

Dharwadkar et al. [37] proposed a new secure watermarking scheme for a color image. They employ both (2, 2)—threshold visual cryptography scheme (VCS) and adaptive order dithering technique to divide the watermark into two shares. One of the shares must be incorporated in a highly textured sub-band of luminance channel of the color image. The other share can only be handled by the super user as a key. Experimental results illustrate that their scheme has the power to stand against many attacks. Also, the scheme can be designed for multi-users employing (k, n) threshold scheme where k is the threshold and n is the number of users. Figure 12 shows the basic watermarking algorithm of [37].

Fig. 12

Watermarking process of scheme [37]

Rani et al. [38] put forward a zero-watermarking-based copyright protection scheme. They proposed two schemes. In the first scheme, the host image is split into overlapping sub-images or blocks of \(4 \times 4\). They applied discrete wavelet transform and singular value decomposition consecutively on each block to divide further to another level. In the second scheme, first discrete wavelet transform is applied to the host image and the approximation part of it is further divided into overlapping sub-images or blocks of \(4 \times 4\). The beauty of this scheme is that it can stand against cropping attack.

2.4 Discrete wavelet transform

Kong et al. [39] presented a scalable secure scheme for sharing and hiding the secret image. Their scheme consists of six steps. In the first step, the secret image must be split into various non-overlapping blocks. The discrete wavelet transform is applied to each block to transform into wavelet frequency. In the second step, wavelet coefficients must be quantized into 256 gray levels. In the third step, there is a reordering of the gray value information of the quantized image with the help of a bit-plane scanning method. In the fourth step, multiple thresholds are utilized to share the reorganized image into n shadows. In the fifth step, each shadow must be hidden in the R, G, and B channels of the cover image. In the sixth step, it is shown that if more number of shadows is used, then better quality image is obtained. Experimental results show that the proposed method is better than the traditional methods in terms of visual quality and invisibility of stego-images.

Hashim et al.  [40] developed a new scheme based on wavelet transform to perform packet secret image sharing in the case when the secret image is a color image with enough sharing control features and as minimum as possible shares sizes. With the help of signal decomposition attribute of the transform, the secret image is split into many independent shares and each individual share is encoded separately. A linear system is used for dividing the secret image into many shares. A variable length key is utilized to increase the robustness and security of the scheme. Experimental results demonstrate that the shadow size is much smaller than the original secret image. The security of the proposed scheme is tightened by the following factors.

• Reconstruction of the secret image is made impossible for an attacker as each share requires its own secret coefficient.

• Permutation key is used with a time stamp to encrypt the secret image wavelet coefficient. This makes hard for decryption.

• Localization problem is avoided with the help of diffusers.

Huang and Li [41] utilized a wavelet transform to produce highly packed shadows for progressive transmission and Shamirs (r, n)—threshold scheme to partition the resulting transform coefficient into n shadows for sharing and reconstructs the original secret image by stacking at least r shadows. Experimental results show the reduction in shadow size and the power of progressive transmission.

2.5 Discrete cosine transform

The discrete cosine transform is the method operated in the frequency domain. It is utilized to compress (reduce) the secret image size before dividing into many shares.

Fang et al. [42] presented a novel secret image sharing method which can control the quality of shares. The proposed method allows the users to set several thresholds according to different situations. No information about the secret is disclosed to the intruders if the smallest threshold is more than the number of shares. If the smallest threshold is less than the number of gathered shares, then the poor-quality image is disclosed. The more the number of collected shares, the better will be the quality of the reconstructed secret image.

Koikara et al. [43] proposed a block DCT-based secret image sharing scheme. Block DCT is applied on grayscale images to divide them into many shares. For sharing the secret image and reconstruction of the original image losslessly, the proposed scheme uses operation over the \(\hbox {GF}(2^8)\). As the algorithm is implemented in the frequency domain, the security of the scheme is increased. They have improved the image quality compared with Koikara et al. scheme [44] by increasing the PSNR value from 6 to 8 dB.

2.6 Threshold

(k, n) threshold scheme was first introduced by Shamir [3] and Blakley [4] independently in 1979. The idea behind this scheme is to divide the secret into many shares and then distribute them to the authorized participants so that at least k (threshold value) shares are required to reconstruct the secret. Less than k shares cannot reveal a single bit of information about the secret. Shamirs (k, n) threshold scheme [3] is described below. Let \((x_1,y_1), (x_2,y_2), \ldots ,(x_k,y_k)\) be k points in the two-dimensional plane and S be the secret which is to be divided into n shares using Eq. (6).

$$\begin{aligned} q(x) = (S + a_1x^1+ \cdots a_{k-1}x^{k-1} )\bmod p, \end{aligned}$$

(6)

where p is a prime number and \(a_1, a_2, \ldots , a_{k-1}\) are \(k-1\) randomly selected integers from [0, p). Al least \(k-1\) shares are required to cover the secret. Lagrange interpolation polynomial is used to calculate the coefficients of q(x) and q(0) is the secret S.

A secret image sharing scheme was first introduced by Thien and Lin [5] in 2002 using Shamirs (k, n) threshold scheme. Unlike Shamirs scheme, the coefficients are not random integers but they are the pixels from a secret image. The range of pixel values in grayscale is from 0 to 255, and so p is assigned as 251 as it is the largest prime number between 0 and 255. Each share can be computed using Eq. (7).

$$\begin{aligned} q(x) = (a_0 + a_1x^1+ \cdots a_{k-1}x^{k-1} )\bmod 251, \end{aligned}$$

(7)

where \(a_1, a_2, \ldots , a_{k-1}\) are the pixel values of the secret image, which have not been used yet. Each share has the size of 1 / k of the secret image. Lagrange’s interpolation is used for the recovery of the secret image, and it is given in Eq. (8).

$$\begin{aligned} f(x) = \sum _{i=1}^{k}Y_i \prod \limits _{i=1, i\ne j}^{k} \frac{x-x_j}{x_i-x_j}\bmod p, \end{aligned}$$

(8)

where \(Y_i = q(x)\) the share value of each participant. The limitation of their scheme is that it is not a lossless method as the range of the grayscale value is 0.250. Therefore, some information is lost.

Nag et al. [45] introduced a new (k, n) verifiable secret image sharing scheme (VSISS). In order to prevent cheating, the proposed scheme uses third-order linear feedback shift register (LFSR)-based public key cryptosystem. Non-overlapping blocks of k pixels are obtained by decomposing the secret image. The proposed scheme makes use of each k pixel to get \(m= [k/4]+1\) pixels of an encoded share. As this is one of the threshold schemes, recovering the secret image can be done by collecting k or more encoded shared images. This scheme can identify the cheaters and has the capability to resist against brute force and collision attack.

Nag et al. [46] presented another secret image sharing scheme based on a Boolean operation. They make use of (k, n) threshold secret image sharing scheme to preserve fault tolerance property for grayscale images as well as color images. The time complexity for the recovery of the secret image is because of using Boolean operation. So, this scheme takes less computational time compared with the existing schemes.

Wu [47] used a new (r, n) threshold scheme, especially for light images. Not only reducing the distortion rate of images, the secret image is also encrypted and divided into n noise-like shadow images. Like all the existing threshold schemes, this scheme is also required to collect at least r shares to reconstruct the original secret image. Figure 13 shows the experimental result of scheme [47]. It can be applied to light images. Wu et al. [48] developed an efficient secret image sharing scheme by using the same threshold scheme used in [47].

Fig. 13

Experimental result of the scheme [47]

Tompa et al. [49] demonstrated the drawback of Shamir’s scheme. They say that Shamir’s scheme cannot handle cheating properly. His scheme must be modified slightly to secure against cheating. Fang [50] developed a method to increase the security of secret image. It is shown that the assumption of all pixels is uncorrelated, which may not always be true. This method has overcome the drawback present in the existing schemes by not allowing the dealer to place coefficient in the sharing process and by not disclosing the position of each pixel to the dealer before gathering enough shares. The proposed method reduces the share size and improves security and fault tolerance. This method is more secure than other traditional one as AES (advanced encryption standard) is being used for encryption.

Lukac et al. [51] introduced a new scheme that has the ability to protect image data coded with B-bits per pixel. (k, n)-threshold sharing scheme is also used to produce B-bit shares by collaborating with bit-level decomposition. This method can be used for the encryption of binary, grayscale, and color images.

Fang and Lin [52] used a bit-level sharing technique to transmit images over a network. The proposed method generates small-size shares, thereby reducing the transmission time and storage space. Chang et al. [53] proposed a method to safeguard multiple images. It is an (r, n) threshold technique where r is a threshold and n is the number of digital images. At least r images are required to recover the whole images, but \((r-1)\) images are unable to reveal the whole images. Experimental results show the following properties of this method.

• It maintains the quality of watermarked images.

• Even if some watermarked images are modified or lost, authentication or cross-recovery can be performed.

• Recovered damaged images do not lose their visual quality.

• It can be used for multi-image transmission.

Hiroki and Etsuyo [54] introduced a new threshold visual secret sharing scheme (PBVSSS). In this paper, it is shown that black pixels which are present in secret black–white images can be recovered fully when t arbitrary shares are combined. They have illustrated that set of homogeneous polynomials which produce basic matrices becomes a set of lattice points in an \((n-t+1)\)-dimensional linear space. With the help of this method, they created optimal basis matrices of the (t, n)-PBVSSS. It is shown that their optimal basis matrices are equivalent to the basis matrices established by Blundo et al. [55] for all \(n\ge t \ge 2\).

Wang et al. [56] created a multi-secret sharing scheme with respect to matrix projection method. The proposed scheme uses matrix projection method to renew the shares regularly in the light of considerably increasing the security. A unique characteristic of this scheme lies in the increment of threshold range which is different from others existing schemes.

Adachi et al. [57] developed a new multi-secret sharing scheme with many keys based on Hermite interpolation. In this paper, a new (t, n) threshold technique is utilized satisfying the condition that \(p\le t\) where p is the number of keys and t is the threshold. Hermite interpolation has one advantage over Lagrange’s interpolation in terms of getting higher precision analysis. It has one disadvantage, that is, it has higher computational complexity than Lagrange’s interpolation. This is the demerit of this scheme.

Feng et al. [58] described a new system of distributing multiple secrets with respect to the proactive characteristic. It is exhibited that multiple secrets must be distributed to many participants followed by updating the shares (shadows) periodically without affecting the original secrets. Compared with [59], this method has the capability to share multiple secrets at a time. Also, it has the power to verify the participants during the reconstruction phase.

Harn et al. [60] introduced a first multi-secret sharing scheme based on bivariate polynomial. This method has two novelties with respect to the existing multi-secret sharing schemes. That is,

• Shares produced by the dealer can be exploited to recover multiple secrets.

• Exchange information during the recovery phase is properly protected.

Mahmoud et al. [61] designed an optimal visual secret sharing scheme with respect to codebook and transpose matrices. Recently, they have overcome the problems of Naor and Shamir scheme that is the problems of pixel expansion and lossy recovery. Furthermore, this paper enhances the security of information considerably.

Fereshte et al. [62] used matrix multiplication for sharing multiple secret images. Here, participants can disclose the false shadows to others as intruders cannot get any information of the secret images. The real shares are not revealed to others. The shareholders must use only one portion of the secret image for sharing multiple images, so the computation time and distributing time of shares for multiple images are saved. They use a generator function to increase the speed and security of their scheme. The drawback of this scheme is that it has high computational time.

Aarti et al. [63] shared multiple images with the help of gray-level mixing and extended visual cryptography scheme (EVCS). They also designed another scheme to share m secret images into n rectangular gray-level share images. EVCS is used to create shares that can be handled easily and also to divert the attention of the intruders over the communication channel. The new codebook is not required to design again and again for sharing multiple images as it can employ the earlier codebook developed for extended visual cryptography.

Chen et al. [64] proposed an expandable essential secret image sharing structure. The structure is divided in such a way that some shares are considered as essential ones, while the remaining are considered as nonessential ones. But the essential ones are required for reconstructing the original secret images. It showed that a new expanded secret image sharing scheme is created only when the proposed structure includes other secret image sharing scheme with multiple functions. Figure 14 demonstrates the experimental result of Chen et al. scheme [64].

Fig. 14

Experimental result of scheme [64]: a original image Baboon, b, c two essential shared images, d–f three nonessential shared images, g the disturbed image R, h recovered image from c to f, i recovered image from b to e

Chang et al. [65] adopted sudoku to produce relevant shadow images. In this paper, \(16 \times 16\) sudoku grid must be partitioned into \(4\times 4\) blocks. In this way, \(4 \times (t-1)\) secret bit is fitted into each pixel pair of the secret image where t is the threshold. It is exhibited that the quality of camouflaged shadow images is quite good so the shadows cannot attract the attention of intruders. Patel [66] employed bit reverse function instead of Bitshift function of Chen and Wu [83] to enhance the randomness of shares and to reduce the computational load. This method can be applied to gray images as well as color images.

Zhao et al. [67] developed an upgraded image sharing scheme with respect to the discrete fractional random transform (DFRNT). Here, the size of the generated shadow is similar to the secret image. As a result, storage space, as well as transmission time, can be saved. Because of the random nature of DFRNT, high security can be maintained successfully. Jani et al. [68] introduced a verifiable multi-secret sharing scheme for 3D models. (t, n)-threshold scheme is exploited to distribute the shares of 3D secrets among the authorized shareholders where t is the threshold and n is the number of shareholders. Secrets can be reconstructed without any loss. This method allows both the participants and the dealer to detect the duplicate shares. The size of the shares is reduced by using the Huffman coding.

Mohamed et al. [69] proposed a new secret sharing scheme for secure transmission of color images. The proposed scheme allows any users to take part in the group without affecting the shares of existing users. In addition to this, shares can be updated periodically. It is also freed from pixel expansion problem as the size of the shares is same as the size of the original secret image. Participants can be detected from cheating, and periodic renewal of the shares is allowed. The computational time of this scheme is low as it uses simple Boolean operation as compared to the existing techniques.

Lin et al. [70] developed a method that has the capability to distribute shares of multiple visual secret images with no pixel expansion. This method is the first method to share two secret images without pixel expansion. With the help of separation and camouflaging processes, the two share images do not leak any information of the secret images. Thus, security of this method is maintained properly. Reconstruction can be done by stacking the two share images without using any other devices. The limitation of this scheme is that it can share only two secret images but it is impossible for sharing more than two secret images. Shyu et al. [71] created a weighted threshold secret image sharing scheme with respect to Chinese remainder theorem. According to the importance of positions or ranks, the dealer must distribute different sized shadows to shareholders.

Table 6 Comparison between Wang et al. [78] and Kumar and Kumar [77]

Rosemary et al. [72] used Chinese remainder theorem (CRT) to build a multi-level threshold secret sharing scheme. Different shareholders must be categorized into different levels. And also recovering of original secret depends on the shares submitted by various participants in different levels. No levels have the same threshold value. The threshold value is given in such a way that higher level will get a smaller value than the lower level. Reconstruction of secret can be done only when the available shares in each level are more than or equal to the threshold of that particular level. In order to achieve this, the proposed scheme makes use of CRT and Asmuth–Bloom’s scheme. The disadvantage of this scheme is that the dealer has to keep a number of public information, thereby increasing the communication payload.

Lin et al. [73] developed a fast weighted sharing technique. A weight is assigned to each shadow to know the importance or priority of each of them. Secret image can be reconstructed only when the total weights of received shadows are greater than or equal to t (threshold). In order to increase the sharing speed, this paper exploits the properties of GF (2r). Experimental results show that the execution time of this scheme is better than that of Thein and Lin [5].

Chien et al. [74] solved the secret image sharing problem present in Blakely scheme. The protected image must be divided into non-overlapping sets of k pixels where k is the threshold value. Each point in k-dimensional space is formed by each set of k pixels. Each share represents one hyperplane intersecting at this point. At least k shared images must be used to recover the secret image. The unique feature of this scheme is that it does not require maintaining an arrangement key.

Yang et al. [75] used Shamirs secret sharing to propose a new multi-secret sharing scheme. They employ \((n + p-t+1)\) or \((n + 1)\) public values, \(2(t-1)\) or \(2(p-1)\) storages where n is the number of participants, p is the number of secrets, and t is the threshold. Lagrange interpolation polynomial is used to share p secrets. This scheme is a multi-use one, and it requires less number of public values.

Naskar et al. [76] proposed a key-based secure threshold cryptography for secret image. Encryption of secret is done by key. After this, both key and secret are distributed to n shareholders (participants). This paper has two phases that are distribution phase and reconstruction phase. In distribution phase, selection of secret byte is totally dependent on the key. The missing byte of each share must be provided by a set of k shares. In the reconstruction phase, reconstruction can be done only when authorized shares are pooled (stacked) together. This scheme reduces the transmission bandwidth.

Kumar and Kumar [77] used bitwise XOR operation to develop a secret image sharing technique. They use a probabilistic (2, n) scheme for binary images and a deterministic (n, n) scheme for grayscale images. To implement the two mentioned schemes, the Boolean operation is employed. Both the proposed schemes do not have pixel expansion. The (2, n) scheme is exploited to enhance the contrast of image, while (n, n) scheme is used for recovering the secret image. The comparison between this scheme and Wang et al.’s scheme [78] based on some essential properties is given in Table 6.

Patil et al.  [79] developed a verifiable (2, 2) secret sharing scheme for binary images. The created shadows must be embedded in cover images for enhancing the security of the images. This paper demonstrates the usefulness of a low computational complexity in verifying visual secret sharing scheme. Experimental results confirm that this method is secure, verifiable, and with low computational complexity.

Bai et al. [80] proposed an image secret sharing method. This paper makes use of Shamirs scheme and matrix projection scheme. The secret image is divided into n shares and distributed to all the eligible participants. The original secret image is reconstructed only when at least k (threshold) is submitted by the authorized participants. The size of the shares is less than the secret image, so it is convenient for transmission and storage. One advantage is this method can be applied to real time. Bai [81] used the same method [45] for color images.

Chen and Wu [82] used XOR operation to produce n shares from \(n-1\) secret images. The reason of using XOR operation is to reduce the time complexity of the scheme. The scheme has two drawbacks. The first one is its sharing capacity is low as it can share \(n-1\) secret images instead of n secret images, i.e., \((n-1)/n\). The second one is having a low security level as it cannot generate fully randomized shares. Figure 15 shows the result of XORed of two secret images.

Fig. 15

XOR calculation results for two secret images: a airplane, b Barbara, and c XOR result

Chen and Wu [83] improved the previous work [82] by increasing the sharing capacity to n/n and by producing fully randomized shares using circular Bitshift functions. However, still the scheme has two problems. The first one is its problem of randomization of shares. The second one is that it reveals some information through the sequential XORed of two shares. Figure 16 illustrates the result of XORed of two shares.

Fig. 16

XOR calculation results for two sequential shared images: a shared image 1, b shared image 2, and c XOR result

Table 7 Comparison of the schemes that use XOR and additive modulo

Yang et al. [84] overcame the two problems related to Chen and Wu’s scheme. Yang et al.’s scheme has two techniques: randomness and sharing methods. In order to randomize secret image, the randomness technique employs Torus automorphism. The sharing technique is a refinement of Chen and Wu’s scheme [83] to create shared secret images. Due to the use of Torus automorphism, the scheme takes a high amount of computational time.

Mohit et al. [85] utilized additive modulo operation to build a secure multi-secret image sharing (MSIS) scheme. This scheme generates \(n+1\) shares from n secret images, that is, the number of shares is more than the number of secret images. Hence, it occupies more storage space and has a large amount of computational time. It is more secure than the schemes [82,83,84] using Boolean XOR operation. Table 7 shows the comparison of the schemes [83,84,85] based on some properties.

Guo et al. [86] introduced a new multi-threshold secret image sharing scheme. With respect to the access structure, corresponding secret values are generated. Then, the secret values must be inserted into the cover images to generate shadow images employing quantization operation. Each participant is allowed to hold only one shadow image. The associated secret image can be obtained by an authorized subset of participants according to the access structure. The merit of this scheme is that the quality of the recovered images is satisfactory.

Nag et al. [87] proposed an improved version of image secret sharing in stego-images. It is shown that the proposed method decreases the size of the stego-image to \(\frac{4(2n-t)}{n^2}\) times of the secret image where t is the threshold and n is the number of cover images. As the shares sizes are small, there is convenient in transmission and storage. Authentication ability is enhanced by implementing SHA1. Chen et al. [88] developed a new secret image sharing scheme to identify the cheaters on shared images or secret keys. The scheme is based on exponent and modulus. Participants are allowed to choose their secret key. After calculating the modulus of each secret shared image, dishonest participants (cheaters) of a secret shared image can be indentified.

Lin et al. [89] developed a multiple secret images sharing scheme based on two-variable one-way hash function. The capability of reducing the cost of computation in this scheme is better than Shyu and Chen’s scheme  [90] and Lee and Juan’s scheme [91]. This scheme can be applied to both thresholds and general access structure. It was the best multi-use scheme till that time (2010).

Meghrajani et al. [92] used universal share to share multiple secrets. Recently, they have overcome the computational complexity issues present in the conventional secret sharing schemes. In this paper, n secret images should be encrypted into a general share and n unintelligible shares. Two schemes have been proposed. The first one can be applied to eight images. The second modified one can be applied to any number of images. Since the Boolean operation is used as hiding method, the scheme can reconstruct the secret images losslessly with low computational complexity.

Deshmukh et al. [93] introduced an efficient and secure (n, n) multi-secret image sharing (MSIS) scheme. They have initiated three techniques for the proposed scheme. In first and second techniques, XOR and reverse bit operation are employed to enhance randomness of shared images of color and grayscale images. The shares have the same size as that of secret images. In the third technique, additive inverse and reverse bit operation are exploited for grayscale and color images. Due to the exploitation of modular arithmetic, it takes less computational load compared with employing XOR operation. Experimental results confirm that its performance is better than the existing schemes.

Anbarasi et al. [94] adopted deoxyribonucleic acid (DNA) encoding to initiate a multi-secret image sharing scheme. Initially, DNA encoding should be performed on multiple images. In the second stage, DNA scramble matrices must be divided into many shares by the (t, n) scheme along with Lagrange interpolation polynomial. In the third stage, the generated shares from the second stage are inserted with the help of a modular operation. Ultimately, at least t shares are stacked together to rebuild the scrambled matrices. Several secrets can be reassembled after decrypting the DNA scrambled matrices.

Guo et al. [95] used Tassa’s hierarchical secret sharing to assemble a hierarchical threshold secret image sharing. The shadow images must be generated by the dealer after the secret data are inserted into the cover images. Then, the shadow images are divided into various levels. The threshold access structure is decided according to the necessities of thresholds. The secret image can be reassembled by the shadow images which fulfill the threshold requirements. After the experiment, it is shown that this scheme achieves the hierarchical threshold property. However, there are some limitations in this paper. They are listed as follows:

• The cover image cannot be reconstructed without any distortion.

• Unable to get the better visual quality of the shadow images and better embedding capacity [95].

Shyu and Chen [96] extended the Mignotte’s scheme [97] to coin a threshold secret image sharing scheme. They use Chinese remainder theorem and follow the same principle of (r, n) threshold technique of conventional schemes.

Chang et al. [98] used both Chinese remainder theorem and Lagrange interpolation polynomial to devise a multi-image sharing scheme. The uniqueness of the proposed scheme is its potential to get any secret image without rebuilding all the other secret images. Their scheme is quite efficient and lessens the computation cost if it requires reconstructing only one secret image from the available shares.

Hu et al. [99] exploited chaotic map and the Chinese remainder theorem for transmitting the images securely over the network. It follows the protocol of conventional threshold scheme for generation of shares and rebuilding of secret images. It is a kind of universal scheme which is applicable to all images. It is also free of pixel expansion. This scheme has the capability of fault tolerance as it can reconstruct the secret image even when some shares are lost or damaged.

Shyu et al. [100] created a threshold secret image scheme to produce shadows with unequal sizes. Shares are divided according to n predetermined prime modules. Chinese remainder theorem is used to encrypt the image into n shadows which are shared to n legal shareholders. At least r participants are required to corporate together to get back the original image by employing their shadows and modules.

Chang et al. [101] proposed a (2, 2) verifiable secret sharing (VSS) scheme. By adopting error diffusion and image clustering techniques, the participants have to validate the recovered image in the reconstruction phase for all types of images such as binary, grayscale, and color images. This scheme uses only two shadows. Halftone logo is used for verification of reconstructed image. It has low computational complexity. Experimental results show that it gives high image quality with a PSNR ranging from 32.63 to 34.37 irrespective of whether images are color or grayscale. For the binary images, size of the shares is similar to that of the original secret image. Binary images can be reconstructed without any distortion. However, for color and grayscale images, size of the shares is one-eighth of the secret image and recovered the image with slight distortion. Participants do not need to verify every shadow, and they have to verify whether the recovered secret image is correct or not. Figures 17 and 18 show the shadow images and reconstructed images of the scheme [101], respectively.

Fig. 17

Shadow images of the scheme [101]

Fig. 18

Reconstructed images of the scheme [101]

Chen et al. [102] invented a new multi-secret image sharing scheme based on Boolean operations and hash function. This scheme uses different sized secret images. Thus, the scheme overcomes the limitation associated with the existing Boolean-based schemes which can use only the same size secret images. The comparison of this scheme and others existing schemes is given in Table 8.

Table 8 Comparison of the different multi-secret image sharing schemes

Liu et al. [103] introduced a secret image scheme. An secret image is divided into S number of essential shadows and \((N-S)\) normal shadows where N is the number of secret shadows. T is a set which requires at least K essential shadows to recover the secret image partially. In order to reconstruct the whole secret image, all the S essential shadows are required. This schemes can obtain the smallest size of shadows as compared to the related schemes that use the essential shadows.

Singh et al. [104] used singular value decomposition (SVD) and fractional Fourier transform (FrFt) to propose a secret image scheme. SVD and FrFT are used to provide a high security to the multimedia present in cloud servers. It exploits Shamir’s scheme to generate random looking-like shares. A sensitive information is embedded into these randomized shares to protect the ownership at the receiver end. This scheme can resist various attacks.

Deshmukh et al. [105] developed a new multi-secret image based on Chinese remainder theorem (CRT) and XOR operation. It is a n, n threshold scheme where n is the threshold as well as the number of secret images. All the n authorized users have to submit their shares to reconstruct the secret images. Sequential XORed of two secret shares reveals some information. So, this scheme uses XOR in combination with CRT to increase the randomness of the shares. Hence, the security level of the scheme is increased.

Bhattacharjee et al. [106] coined a hierarchical secret image sharing scheme in compressed sensing (CS). This is a single secret sharing scheme as it can handle only one secret image. The purpose of this scheme is to generate flexible shadows size which is suitable to the existing bandwidth transmission. The secret image is divided into two groups of shares. One group consists of a single mandatory share, and another consists of p number of general shares. This scheme is a combination of CS and Shamir’s (t, p) threshold scheme. A mandatory share and at least t general shares are needed to recover the secret image. The number of CS measurement keeps on changing which results in providing the flexible shares size.

2.7 Others

In this subsection, we put those secret image sharing schemes which employ some other methods besides the described methods in the previous subsections. Yang et al. [107] used maximum distance separable codes to construct a secret image sharing scheme. In the existing polynomial-based (k, n) secret image sharing scheme, the pixels of the secret image have to undergo the process of permutation to get the randomness of shadow images; otherwise, there will be a problem of remaining secret image on shadows. In this proposal, the secret image does not need to go through the permutation process as the authors used Reed–Solomon (RS) code, a maximum distance separable (MDS) code. Thus, the framework solved the problem of remaining secret image on shadows. Also, the shadow size is decreased to 1/k of secret image size where k is the threshold.

Chang et al. [108] invented a new visual secret sharing scheme for grayscale images. Firstly, the proposed scheme fulfills the general condition of visual secret sharing system that is security, accuracy, small shadow size, and low computational cost. Secondly, a lossless secret image can be recovered. Lastly, the scheme [108] has a lower computational cost of decrypting when compared with other existing schemes. Thus, it is appropriate for real-time applications.

Chen et al. [109] composed a weighted modulated secret image sharing method. Histogram modulation scheme is formulated to modify the truncated pixel to preclude the truncation distortion which is the burning issues (problems) of all the conventional secret image sharing methods. In a double-layer secret image sharing scheme, the partakers in the first layer must be grouped together and assigned them different weights in the second layer. By merging the presented modulated scheme with the two mentioned weighted schemes, the formulated method reduces considerably the truncation distortion.

Chan et al. [110] proposed a role-balance-based multi-secret images sharing scheme. In this framework, the shadow images must be associated with secret images in a circular way. Each shadow image has the capacity to associate only two secret images so that only two secret images cannot be rebuilt in case a partaker denies cooperating with other partakers. If it is not related to circular way, then several secret images cannot be recovered if the partaker who possesses a meaningful shadow image declines to corporate with other partakers [111] .

This scheme made an improvement over Chen and Wu’s scheme [82]. Chen and Wu’s scheme has three drawbacks. They are given as follows:

• Generated shadow images are not given equal weight.

• Different strategies are used for odd and even images.

• Sharing capacity is low.

This scheme overcame the first drawback by modifying the relationship between the shadow images and secret images in a circular way. The second drawback is solved by using a consistent strategy no matter whether the number state is odd or even. The third drawback is eliminated by increasing the sharing capacity to n / n which is \(n/(n+1)\) in Chen and Wu’s scheme.

3 Major challenges

The common problems associated with the secret image sharing schemes based on steganography are given as follows:

1. 1.

   Unable to maintain the quality of images.

2. 2.

   The secret images cannot be recovered losslessly.

3. 3.

   The size of the camouflage image is four times larger than of the original secret images.

4. 4.

   Encrypting only a single secret image at a time

Secret image sharing scheme based on visual cryptography has three drawbacks. They are listed as follows:

1. 1.

   There is a pixel expansion problem.

2. 2.

   Security level is low.

3. 3.

   Capability to encode only one secret image.

Steganography and visual cryptography are mainly used for encryption and decryption of a single secret image. There are a sender and a receiver. If an attacker happens to know the key, he can decrypt the whole image. Thus, a problem of single point of failure arises. Cellular automata can provide double authentication, but it cannot identify the exact area where the modified stego-blocks are located. LSB embedding mechanism does not have a strong resistance against attacks. As a result, researchers have started applying LSB embedding mechanism in the frequency domain using DWT. But, it has one limitation, that is, it cannot give the hiding capacity of the data into the frequency domain (transform domain). One disadvantage of visual secret images is that it cannot share more than two secret images. Visual cryptography scheme that uses international data encryption algorithm (IDEA) has a high-security level, but it can be applied only to the PNG and GIF format of the encrypted images.

Shamir’s (k, n) threshold scheme does not have the capability to handle cheating properly. Moreover, the quality of the reconstructed image is satisfactory only when the number of shares is much more than k. Schemes using Hermite interpolation has high computational complexity. Schemes using Boolean XOR operation can reconstruct the secret images losslessly as well as achieve low computational complexity. But, they fail to generate fully randomized shares and the secret images should have the same dimension. Hence, the security of the schemes has been reduced as some information is leaked to intruders.

Most of the researchers cannot develop secret image sharing schemes which can share images of different dimensions. This problem is due to the use of XOR operation as XOR operation can be applied to images having similar sizes. Another problem is the revelation of information of the secret images. Sequential XORed of two consecutive shares reveals some information. The shares are not fully randomized. Hackers can get some information through these shares. Hence, many existing schemes fail to generate fully randomized shares. To overcome this problem, some schemes use torus automorphisms, additive modulo operation, secure hash function, etc. along with the XOR operation. However, these schemes take a large amount of computational time as well as storage space. Besides, some schemes cannot preserve the threshold property, that is, shares less than the threshold number can be used to reconstruct the secret images.

Some schemes still have pixel expansion problems as the shares’ sizes are larger than that of the secret images. Some of them cannot be applied to color images as well as unable to recover the images exactly similar to the original secret images. Some schemes are operated in the frequency domain using SVD, FrFT, and compress sensing. They have a high-security level but cannot share multiple secret images at a time. In addition to this, schemes that can withstand noise attack are very rare. Noise is present everywhere. So, secret images can be corrupted easily by noise. If so, then the information present in the secret images will be destroyed. Those schemes which use XOR operation along with some functions are not robust against noise. Hence, the PSNR values of the recovered images are very low, while the root mean square value is very high. Reconstruction of high-quality images is impossible.

Hence, researchers need to come up with the methods that can stand against several noise attacks such as a Gaussian noise attack and salt and pepper noise attack. The method should also take less computational time as well as preserve the threshold property.

4 Summary of current trends

Parity bits are commonly used to increase the authentication ability of the schemes based on steganography. Cellular automata provide double authentication ability. Schemes using bivariate polynomials do not need parity bits for authentication. These schemes increase the authentication power as well as the visual quality of the stego-images. DWT is employed to hide the secret information in the frequency domain. Inverse DWT is utilized to reconstruct the actual secret images. Schemes based on DWT enhance the quality of the recovered images. Matrix encoding is used to embed n shadow images into the selected cover images. The scheme using matrix encoding improves the security and stego-image quality.

Table 9 Comparisons of different schemes

OR operation is used for decryption by some visual cryptography schemes. But, the security level of these schemes is low. So, some schemes use OR operation along with LSB replacement digital watermarking to add the security level. IDEA is used to improve the security of a scheme. General access structure (GAS) is exploited to generate secret shares, and stamping algorithm is used to embed the secret shares into the selected cover images. Schemes based on GAS and stamping algorithm reduce the pixel expansion problem and improve the security. Genetic algorithm is exploited for encrypting multiple images. It is much better than other existing image encryption algorithm. Dithering technology is used to tighten the security of the schemes that use color images. Sixteen-color code mechanism is created to safeguard the secret shares. Schemes that use both polynomial-based PISSS and VCS can generate small-size shares, thereby decreasing the storage space.

Watermarking is mostly used to verify the ownership of the digital content. DWT is utilized to insert the watermark in the transform domain (frequency domain) of the secret image. The scheme that has both watermarking stage and water recycling stage tightens the security. The scheme using both (2, 2)-threshold visual cryptography scheme (VCS) and adaptive order dithering technique divides the watermark into two secret shares. One share is embedded in a sub-band of the Luminous channel of the color secret image. Another share is used as a key by the superuser. This scheme can withstand many attacks. The scheme that uses zero watermarking combines two methods. In the first method, the secret image is divided into blocks of \(4 \times 4.\) DWT and SVD are applied sequentially on each block to break down further to another level. In the second method, DWT is applied directly to the secret image and the approximation part is again split into overlapping blocks of \(4 \times 4\). This scheme is robust against cropping attack.

The scalable secure scheme that uses DWT tightens the security of the scheme by the following factors

1. 1.

   An intruder cannot reconstruct the secret image as he does not know the secret coefficient of each share.

2. 2.

   Decryption is impossible as permutation key has its own timestamp to encode the secret image wavelet coefficient.

3. 3.

   Using diffusers, the localization problem is avoided.

Some schemes use DWT to generate packed shadows. These shadows are used for progressive transmission. Shamir’s (k, n) scheme is exploited to divide the transform coefficient into n secret shadows. These schemes reduce the shadow, thereby reducing the storage space and time for progressive transmission over the network. Block DCT-based scheme applies the DCT to grayscale secret images to divide the images into many shares. Here, the operations are carried out GF \((2^8)\). Hence, there is no loss of information and the secret image can be reconstructed losslessly. As the information are embedded into the DCT coefficients of the secret image not into the pixels of the secret image, security of the scheme increases a lot.

In order to solve the single point failure problem associated with the schemes based on steganography and visual cryptography, researchers have started developing secret sharing schemes for sharing a single secret image. In a single secret sharing scheme, there are many shares and authorized shareholders (participants). So, an intruder cannot reconstruct the whole image even if he knows a share of the secret image. Hence, the security level is increased.

However, there arises a need of sharing multiple images simultaneously. Recently, many multi-secret schemes have been developed for sharing multiple images. Some are based on Shamir’s (k, n) threshold scheme where k is the threshold and n is the number of participants. Currently, most of the popular multi-secret schemes are based on (n, n) threshold scheme and bitwise XOR operation. Here, all the n shares of all the n participants are required to reconstruct all the secret images. Bitwise XOR operation is used to have low computational time as well as to share the secret images to all the participants. Most of the secret images used in these schemes have the same dimensions.

Besides the application of secret sharing schemes mentioned in “Introduction” section, secret image sharing schemes can be used in medical imaging for the protection of patients’ diagnostic information. These schemes are also using in cloud computing for the protection of the data present in cloud servers. They can be used for sharing of videos. Table 9 shows the comparison of some important secret image sharing schemes.

5 Conclusion

In this survey, we have covered the major research directions in secret image sharing with respect to steganography, visual cryptography, watermarking, discrete wavelet transform, discrete cosine transform, threshold scheme, and few other schemes. Current research is exploring how to solve the following major challenges: (1) How to maintain image quality; (2) How to increase authentication ability; (3) How to recover the secret image without loss; (4) How to optimize the size of the camouflage image; (5) How to preserve the threshold property; (6) How to increase the randomization of secret shares; (7) How to enhance the security level (8) How to get rid of pixel expansion problem; (9) How to achieve low computational time; (10) How to verify the honesty of participants during the reconstruction phase; and (11) How to encode and share more than one secret image at a time.