Cryptanalysis of Optimal Dierential Energy

Watermarking (DEW) and a Modied Robust

Scheme

Tanmoy Kanti Das1 and Subhamoy Maitra2

1
Computer Vision and Pattern Recognition Unit, Indian Statistical Institute
203, B T Road, Calcutta 700 108, INDIA
das t@isical.ac.in
2
Applied Statistics Unit, Indian Statistical Institute
203, B T Road, Calcutta 700 108, INDIA
subho@isical.ac.in

Abstract. In this paper we provide a cryptanalysis of the well known

Optimal Dierential Energy Watermarking (DEW) scheme. The
DEW scheme divides the image into some disjoint regions (each region
containing two subregions). The watermark is basically a secret binary
string where each individual bit information is inserted in one of the re-
gions by modifying the high frequency DCT (Discrete Cosine Transform)
coecients. This modication creates required energy dierence between
two subregions. We here modify the high frequency components so that
this energy dierence vanishes and in turn extraction of watermark sig-
nal becomes impossible, making the cryptanalysis successful. Moreover,
we modify the DEW scheme by inserting the bit information in low fre-
quency components instead of high frequency components and propose
an oblivious robust watermarking strategy which can trace the buyer too.

Keywords: Cryptanalysis, Digital Watermarking, Discrete Cosine

Transform, Subset Sum.

1 Introduction
Over the last decade watermarking technologies have been developed to a large
extent for protecting copyright of digital media. A lot of watermarking strate-
gies have been proposed in this period. In the mean time, number of bench-
mark attacks have been proposed, which the robust watermarking strategies
should pass. However, no attempt has been made to analyze each of the popular
schemes individually and presenting customized attacks to highlight the weak-
ness of each individual scheme. As it is generally done in cryptology, we here
concentrate on a specic scheme, known as Optimal Dierential Energy Water-
marking (DEW) [7] and present a successful cryptanalysis. Further we provide
necessary corrections to make the scheme robust.
Let us now provide a brief description on images and the watermarking strate-
gies in general. An image I can be interpreted as a two dimensional matrix. If

A. Menezes, P. Sarkar (Eds.): INDOCRYPT 2002, LNCS 2551, pp. 135148, 2002.


c Springer-Verlag Berlin Heidelberg 2002
136 Tanmoy Kanti Das and Subhamoy Maitra

it is a gray scale image, then the integer values stored in each location of the
matrix presents the intensity, which is generally in the range of 0 to 255. Higher
resolutions may also be achieved by increasing this range. Coloured images can
generally be seen as an assorted set of three such matrices, which correspond to
the intensity values of red, green and blue channels. These are called the rep-
resentations in spatial domain. Dierent transform domain representations are
also available, which are Fast Fourier Transform (FFT), Discrete Cosine Trans-
form (DCT) [3], Wavelet Transform etc [8]. These can also be seen as matrices
containing either real or complex values. Thus, the best way to interpret an
image is as a matrix of values.
Note that, if we change the values of this matrix in some range, visually the
image quality may not degrade. Given an image I, let us dene the neighbour-
hood of I, N (I), which contains all the images which are visually indistinguish-
able from I. Even if the image is not in spatial domain, while interpreting the
neighbourhood of the image, we must consider the image in the spatial domain
(that is we need inverse transform to the spatial domain from the transformed
domain) for visual indistinguishability. There are also some measures, e.g., Peak
Signal to Noise Ratio (PSNR) [6, Page 112], which can be used as measure of
visual indistinguishability.
The concept of invisible digital watermarking works as follows. Given an
image I, a signal si is added to I, which produces a watermarked image I (i) =
I + s(i) N (I). The addition means some kind of element wise addition in the
matrix. This image I (i) is given to the i-th buyer. Now the watermark retrieval
algorithm works in two ways.
1. In the non-oblivious schemes (e.g., the CKLS scheme [1]), the original image
is used in the retrieval process. The available image (may be attacked using
image processing or cryptanalytic techniques) I # is compared to the original
image I and a signal s# = I # I is recovered. Finally from s# , the buyer i
is suspected if s(i) possesses some signicant correlation with s# .
2. In the oblivious schemes (e.g., the DEW scheme [7]), the original image is not
used in the retrieval process but some other information related to the image,
generally known as image key, are available. From the available image (may
be attacked using image processing or cryptanalytic techniques) I # and the
image key, a signal s# is recovered. From s# , the buyer i is suspected if s(i)
possesses some signicant correlation with s# .
The robustness of the watermarking strategy depends on how well the proper
buyer is identied (who has intentionally attacked the watermarked image) and
how infrequently an honest buyer is wrongly implicated. By cryptanalysis of
a digital watermarking scheme we mean the following.
Let I (i) be a watermarked copy of I. One has to mount an attack to con-
struct I # from I (i) such that there is no signicant correlation between s#
and s(i) . Thus, the buyer i will not be identied. Moreover, I (i) , I # need to be
visually indistinguishable. To the attacker, only I (i) is available, but I, s(i) are
not known. Thus there is no facility for the attacker to directly test that the
 Cryptanalysis of Optimal Dierential Energy Watermarking (DEW) 137

watermarking signal has been removed. However, the attacker need to be con-
vinced indirectly that the watermark is erased, i.e., the correlation between s(i)
and s# has been removed.
It is already known that existing correlation based watermarking techniques
are susceptible to collusion attacks under a generalized framework [2]. This re-
quires a sucient number of watermarked
copies. In particular, if the eective
document length is n, then at most O( n/ ln n) copies are required to defeat
the watermarking scheme. Note that for an image of size 256 256 or 512 512,
for a successful collusion attack, a large number of watermarked images may be
required depending on the size of the key information. This may not be practi-
cal. On the other hand, we here concentrate on cryptanalytic attack based on
a single watermarked copy.
Before going for further details, let us highlight why such a cryptanalytic
attack is important.
1. The watermarking strategies should survive some standard image trans-
formations. These are cropping, rotation, resizing, JPEG compression [13],
wavelet compression [8] etc. Note that most of the current schemes can eas-
ily survive these transformations. The existing methods can also survive the
attacks related to insertion of random noise in the image, some ltering at-
tacks [5, 6] or nonlinear geometric attacks such as Stirmark [10, 11]. It is
clear that once an attack, based on some image processing technique, is pro-
posed then it is expected that there will be some (inverse) image processing
methodology to resist such kinds of attack. Thus single copy attacks, based
on image processing techniques, should not survive in a long run.
2. The existing watermarking models have never been analyzed using cryptan-
alytic techniques as it is done in case of any standard cryptographic schemes.
We here look into the watermarking scheme as a cryptographic model and
provide a very strong attack which can even be considered as a cipher text
only attack (for dierent kinds of cryptanalytic attacks, see [9]). Here we
mount the attack on the DEW scheme [7] and provide successful results by
removing the watermark. It is important to analyze each of the well known
watermarking schemes in detail and it seems that the existing schemes are
not robust with respect to customized cryptanalytic attacks on each of the
schemes.
3. Further, the cryptanalytic attack motivates us to remove the weakness of
the scheme and we propose a modication of the DEW scheme which re-
sists such cryptanalysis. The DEW scheme itself is an oblivious scheme and
what we propose after the modication is also an oblivious one. However,
it is important to note that in the DEW scheme, the watermark was image
specic and it was same for all the buyers. That means the identication of
the watermark can only prove the copyright, but it can not trace the buyer
who has violated the copyright agreement. In our scheme we present buyer
specic watermark, so that it is possible to identify the malicious buyer.
In [12, Page 122], a statistical removal attack has been pointed out. The at-
tack was based on a large number of rewatermarks on the watermarked image
138 Tanmoy Kanti Das and Subhamoy Maitra

and then trying to remove each of the rewatermarks using some image transfor-
mations. First of all, putting a lot of rewatermarks degrades the visual quality of
the image. In the DEW scheme [7], with the standard experimental parameters,
we have checked that putting consecutive watermarks degrades the quality of
the image. Moreover, the exact image transformations that are required to re-
move the rewatermarks have not been discussed in [12]. In this paper we present
a concrete watermark removal strategy on a specic scheme.
We describe the DEW scheme in Subsection 1.1. In Section 2 we present
the attack. We rst present the basic attack in Subsection 2.1 and then modify
its limitation to mount a stronger attack which is described in Subsection 2.2.
Next we modify the DEW scheme in Section 3 to present a robust watermarking
strategy.

1.1 DEW Scheme

Optimal Dierential Energy Watermarking (DEW) scheme [7] introduces the
watermark in the DCT (Discrete Cosine Transform) domain. The scheme works
on JPEG compressed image, and hence it is natural to interpret the image as
a set of small blocks having size 8 8. In the DEW scheme, each block is
interpreted as a collection of 64 re/pre quantized DCT coecients. The set is
then divided into dierent groups, each containing n blocks. Each such group is
termed as lc-region. Now considering a particular lc-region, it can be divided
into two lc-subregions A, B. The rst (respectively last) n2 blocks of lc-region
constitute the lc-subregion A (respectively B).
Let us now describe how to calculate the high frequency energy EA or EB
corresponding to the lc-subregions A or B. We normally calculate energy over the
subset S(c) of the 64 values of DCT coecients (indexed in the zigzag manner)
of a particular 8 8 block b. This subset is determined by the cuto index c and
given by
S(c) = { i {0, 1, . . . , 63} | i > c}.
Now the energy EA , EB can be expressed as
 n2 1 
EA (c, n, Qjpeg ) = b=0 ([i,b ]Qjpeg )2 ,
n1 iS(c)
EB (c, n, Qjpeg ) = b= n iS(c) ([i,b ]Qjpeg )2 , where [i,b ]Qjpeg is the value
2
of DCT coecient of block b in lc-subregion either A or B, corresponding to
frequency i which is quantized using standard JPEG quantization procedure,
setting the quality as Qjpeg . When the parameter values c, n, Qjpeg are obvious,
then EA (c, n, Qjpeg ) is represented by EA only. The value of energy dierence D
is given by
D(c, n, Qjpeg ) = EA EB .
The watermark information is represented by an l length string of bits known
as the label bit string L. The embedding of a label bit Lj (j = 0, 1, . . . , l 1) is
executed as follows.
We concentrate on the j th lc-region. If Lj = 0, then all the DCT coecient
value after cuto index c is set to zero for the blocks in lc-subregion B, i.e., EB
 Cryptanalysis of Optimal Dierential Energy Watermarking (DEW) 139

becomes 0. So the value of energy dierence D becomes

D(c, n, Qjpeg ) = EA EB = EA .
If Lj = 1, then all the DCT coecient value after cuto index c is set to zero for
the blocks in lc-subregion A, i.e., EA becomes 0. So the value of energy dierence
D becomes
D(c, n, Qjpeg ) = EA EB = EB .
Thus each label bit is related to one lc-region consisting of n distinct 8 8
DCT blocks. A bit is encoded by introducing energy dierence D between rst
n n
2 DCT blocks (known as lc-subregion A) and next 2 DCT blocks (known as
lc-subregion B) in an lc-region. Energy dierence is created by removing high
frequency coecient in either of the lc-subregion B or A depending on whether
to embed 0 or 1.
Now the value of D directly inuence the perceptual quality of watermarked
image. Larger the value of D smaller the value of c, so more and more high
frequency DCT coecients get removed. As a result image quality degrades. So,
cuto index c must be greater than certain minimum cuto index cmin .
At this point let us describe the cuto index c in terms of D. The cuto
index c is the largest index of the DCT coecients for which both EA and EB
are greater than the required energy dierence Dreq . Let us describe the DEW
watermark insertion scheme in algorithmic form.
Algorithm 1
1. Randomly arrange the 8 8 DCT blocks of the JPEG image using a pseudo
random generator with an initial random seed S and group them in dierent
lc-regions.
2. FOR j = 0 to l 1 DO
(a) Select j th lc-region consisting of n blocks.
(b) FOR cctr = cmin + 1 to 63 DO
i. calculate EA (cctr ).
ii. calculate EB (cctr ).
(c) c = max(cT ) where
cT = {cctr {cmin + 1, 63} | EA (cctr ) > Dreq , EB (cctr ) > Dreq }.
(d) IF (Lj = 0) discard coecients after c in all blocks of lc-subregion B.
(e) IF (Lj = 1) discard coecients after c in all blocks of lc-subregion A.
3. Arrange back the DCT blocks to its original position.
Thus the seed of the pseudorandom generator S and the bit string L are the
secret parameters. To extract a bit from a lc-region one have to nd the value of c
used in time of embedding. To do this we calculate EA (cctr ) for all possible values
of cuto index cctr such that EA < D (the value of D can be taken as equal
to D) for blocks in lc-subregion A. Now among all the candidate cuto indices,
we take the minimum one as the cuto index cA for lc-subregion A. Similarly we
calculate cB . Now actual cuto index c = max(cA , cB ). If (cA < cB ) then label bit
is 1 else if (cA > cB ) label bit is 0. If (cA = cB ) then we recalculate EA (c), EB (c).
If EA (c) < EB (c) then the label bit is 1 else label bit is 0. Extraction procedure
is described in detail below.
140 Tanmoy Kanti Das and Subhamoy Maitra

Algorithm 2
1. Arrange the 8 8 DCT blocks of the JPEG image as done in watermark
insertion stage and use the same grouping of lc-regions available using the
same pseudorandom generator and the same seed S in the Algorithm 1.
2. FOR j = 0 to l 1 DO
(a) Select j th lc-region consisting of n blocks
(b) FOR cctr = cmin + 1 to 63 DO
i. calculate EA (cctr ).
ii. calculate EB (cctr ).
(c) cA = min(cT ) where cT = {cctr {cmin + 1, 63}|(EA (ctr) < D )}
(d) cB = min(cT ) where cT = {cctr {cmin + 1, 63}|(EB (ctr) < D )}
(e) Lj = 0
(f ) IF (cA < cB ) Lj = 1
(g) IF ((cA = cB ) & (EA (cA ) < EB (cB ))) Lj = 1;

2 Attacks On DEW Scheme

Though the DEW scheme performs satisfactorily against known attacks as ex-
perimented in [7], it fails against the cryptanalytic attacks specially designed for
it. In this section we will describe two strategies to defeat the DEW scheme. The
second one is rened version of the rst one.

2.1 Basic Attack

As in the DEW scheme we also use re/pre quantized DCT coecients which are
available from each of the 8 8 blocks of watermarked image. For a particular
block it is expected that some of the high frequency DCT coecients are absent
due to two reasons. One is for the JPEG compression itself and another is for the
watermark embedding by DEW algorithm. From the nature of the DEW scheme,
it should be noted that if it is possible to compensate the removed coecients
then the DEW scheme will fail. Thus our aim is to compensate the removed
coecients (either for JPEG compression or for DEW algorithm) in each of the
blocks. The basic algorithm is as follows.

Algorithm 3
1. FOR each of the 8 8 block DO
(a) Read re/pre quantized zigzag scanned DCT coecients j (j = 0, . . . , 63).
(b) Sort j (j = 1, . . . , 63) to get j (j = 1, . . . , 63) (not considering the DC
value) and index vector V such that j = V j .
(c) Fit a polynomial P of degree d over  with the following points.
i. Take the points (j, j ) for which j = 0.
ii. Let s be the largest and t be the smallest values such that s = t = 0.
Let k =
s+t
2 . Take the point (k, k ).

 
(d) IF j = 0 THEN j = P (j) (j = 1, . . . , 63)
 Cryptanalysis of Optimal Dierential Energy Watermarking (DEW) 141

Table 1. Bit error after cryptanalysis

Image WPS QJ P EG = 100% QJ P EG = 75% QJ P EG = 50% QJ P EG = 25%

Lena WPS 1 50.7% 42.1% 42.3% 44%
Lena WPS 2 47.1% 38.2% 27.1% 16.8%

(e) j = V j (j = 1, . . . , 63).
(f ) Write back as the DCT values of the block.
2. Write back the image at 100% JPEG quality.

We are actually extrapolating the eliminated values using the polynomial

tting. These values, which are extrapolated, may be very small in some cases,
thus they may get eliminated due to quantization while saving as the JPEG
image. This is the reason we save the attacked image at 100% quality.

Experimental Results We now present the experimental results using similar

setup that of [7] using the 512 512 Lena image. First we take the watermarking
parameters D = 40, cmin = 3, QJP EG = 75%, and n = 16. We call this Water-
marking Parameter Set 1 (WPS 1). Next we use the watermarking parameter
set D = 500, cmin = 3, QJP EG = 25%, n = 64, which we call WPS 2. Here the
label bit pattern L is of size l = 256. The results of the cryptanalysis is given in
the Table 2.1. The degree d of polynomial P used to be 3 in cryptanalysis. Note
that the bit error is almost close to 50% when after cryptanalysis the image is
saved at JPEG quality 100%. Thus the attack works successfully.
Though in the cryptanalysis we suggest saving the image at 100%, the water-
mark detector may again like to save the attacked image at some JPEG quality
which is used while embedding the watermark. To elaborate the experiment,
we change the last step of cryptanalysis and save the attacked images at JPEG
quality factors 100%, 75%, 50% and 25%. We nd that at lower quality fac-
tor, for WPS 2, the bit error is much less than 50%, which means the attack is
not successful. This can be explained from the fact that due to quantization at
lower JPEG quality, the coecients extrapolated by polynomial tting during
cryptanalysis, get removed. Thus extraction procedure performs better. From
experimental results it is clear the proposed technique needs modication. We
are going to present a modied version next.

2.2 Improved Cryptanalysis

Now we modify the previous strategy. So we have to show that after the crypt-
analysis, even if the image is saved at any JPEG quality, the bit error should be
close to 50%. Thus our motivation is to create such a situation, so that for any
lc-region, the energy dierence between EA and EB is minimized (very close to
zero). Hence from the attacked image, extraction of label bit (the watermarking
signal) is not possible. Towards this, we will select a global cut-o frequency fc
142 Tanmoy Kanti Das and Subhamoy Maitra

for the complete image. In the DCT domain of any 8 8 block of the image, we
will remove all the frequency components which are greater than fc . Moreover,
if some frequency components, having frequency fc are already zero (either
due to JPEG compression or due to the watermark), we will try to extrapolate
those values.
Thus the DEW algorithm is attacked at two levels. At rst level we remove
some frequency components and at the second level we add some. We inten-
tionally remove some high frequency coecients, so that the blocks, which are
unaected by DEW algorithm, get aected in a similar fashion as the blocks
which are aected by the algorithm itself. Note that, if removing some of the
high frequency coecients from one set of blocks by DEW algorithm does not
degrade the image quality, then it is expected that removing high frequency co-
ecients from other set of blocks will not degrade the image too. Importantly,
it will reduce the energy dierence created by DEW algorithm and hence the
watermark signal can not be extracted. The detailed algorithm is as follows.

Algorithm 4
1. Set the value of fc .
2. FOR each of the block of the image DO
(a) Read the zigzag scanned DCT coecients in j (j = 0, . . . , 63).
(b) Set j = 0 for j > fc .
(c) IF fc = 0
i. Find f  such that k = 0 for all k, f  < k fc .
ii. Sort j , j = 1 . . . f  to get j , j = 1 . . . f  and maintain an index
vector V such that j = V j .
iii. Fit a polynomial P of degree d using the data points (k, k ) for k =
1, . . . , f  and (fc , fc ).
iv. j = P (j) for j = f  + 1, . . . , fc .
v. j = V j for j = f  + 1, . . . , fc .
(d) Write back .

It is to be noted that selection of fc is very important, as setting the value

very small will degrade the image quality. On the other hand, if we set the value
very high that may reduce the strength of the attack.
As a hypothetical case, consider the situation when all the watermarking
information are known for the watermark embedding process. Then for each
lc-region, some cut-o c is selected in step 2c of Algorithm 1. It is the best to
take fc = c for that lc-region. In that case, the energy dierence created in that
lc-region will be vanished.
Since, the organization of the lc-regions are secret parameter, it is not pos-
sible to know the groups and hence, it is not possible to get c as in step 2c of
Algorithm 1. Thus we have to estimate that and we estimate that globally for
the complete image as follows. We select a random arrangement lc-regions and
for each of the lc-region j, we calculate c and call it cj . Then we take the average
of those cj s and set fc slightly less than that average.
 Cryptanalysis of Optimal Dierential Energy Watermarking (DEW) 143

Experimental Results Here also we use same experimental setup as in Subsec-

tion 2.1. The results are presented below. The watermarking parameter sets are
also same as those in Subsection 2.1, which were identied by WPS 1 and WPS
2. Note that all the images are of size 512 512. The values of fc are presented
in the Table 2.2. The degree d of polynomial P used to be 3 in cryptanalysis.
The result in the table shows that in all the cases the bit error rate is close
to 50%. Thus, the attack is successful. We present the images in Figure 1. Note
that the attacked images are visually indistinguishable from the original or wa-
termarked images.

Fig. 1. Attack on DEW scheme. Top-left : original image. Top-right : water-

marked image at 75% JPEG quality. Bottom-left : Attacked image saved at 75%
JPEG quality. Bottom-right : Attacked image saved at 25% JPEG quality
144 Tanmoy Kanti Das and Subhamoy Maitra

Table 2. Bit error after modied cryptanalysis

Image WPS fc QJ P EG QJ P EG QJ P EG QJ P EG
fc = 100% = 75% = 50% = 25%
Lena WPS 1 23 51% 46% 49% 47%
Baboon WPS 1 23 57% 50% 52% 51%
Pentagon WPS 1 50 55% 48% 48% 48%
Lena WPS 2 21 50% 47% 46% 49%
Baboon WPS 2 19 54% 47% 51% 53%
Pentagon WPS 2 35 48% 48% 48% 47%

3 Modied DEW Scheme

The vulnerability of DEW scheme comes from the fact that it eectively in-
troduces the watermark at high frequency DCT coecients. So they can be
completely removed without loss of delity. On the other hand, if one can in-
troduce the watermark at low frequency region then it is not possible to remove
the coecients and hence it will be very hard to erase or tamper with the wa-
termark. Introduction of watermark at low frequency involves some other issues.
For instance how to create energy dierence within a lc-region using the low fre-
quency components, because one can not remove the low frequency components
without visual degradation of host image. If one decides to reduce the energy of
low frequency components by a small percentage rather than removing them to
create the energy dierence, then that may not fetch the intended result. Con-
sider a scenario where low frequency energy of lc-subregion A is much greater
than low frequency energy of lc-subregion B, but one needs to enforce an energy
dierence in such way that low frequency energy of lc-subregion B has to be
greater than that of A. One can not achieve that with small percentage change
of low frequency components. So what we need is a proper reorganization of
blocks within a lc-region in such manner that energy of lc-subregion A and that
of B are close. In such a situation, required energy dierence can be enforced
with small percentage change of individual low frequency DCT coecients. Let
us now formalize the scheme.

3.1 Watermark Embedding

We are presenting two major modications of the DEW scheme here. One, energy
dierence is created by changes in low frequency DCT coecients. Another is
random permutation of blocks such that in any lc-region low frequency energy of
lc-subregion A and that of B dier by less than some small quantity . Energy of
a block b is the sum of absolute values of q many low frequency DCT coecients
 Cryptanalysis of Optimal Dierential Energy Watermarking (DEW) 145

excluding the DC coecient. Thus the energy of lc-subregion A, B is given by

n
2 1
q
 n1
 q

EA (q, n) = |j,b |, EB (q, n) = |j,b |
b=0 j=1 b= n
2
j=1

respectively. We are not at all interested about the JPEG quality, since the low
frequency components are not seriously disturbed by the JPEG compression.
We consider the organization of lc-subregions A, B in such a manner such
that |EA EB | < , i.e., EA EB . If we incorporate a bit 0 (respectively

1) in that region, then we want that EA (EA after the modication) becomes

substantially greater (respectively smaller) than EB (EB after the modication).
Let be the fractional change required to enforce the required energy dierence,
E
EB

i.e., after the modication we need | EA
A +EB
| . The exact scheme is presented
below. Note that the l length binary pattern L is dierent for each buyer and
hence at the extraction phase, from the recovered bit pattern it is possible to
identify the copyright infringer.

Algorithm 5
1. Randomly arrange the 8 8 DCT blocks of the JPEG image using some
pseudo random generator and group them in various lc-regions. Each lc-
region should be divided in two lc-subregions such that EA EB . Store this
group information which we call the image key K.
2. FOR j = 0 to l 1 DO
(a) Select the j th lc-region consisting of n blocks.
(b) Let 2 = 1 + 2
(c) IF (Lj = 0) THEN
i. j,b = j,b (1 + 1 ) for b = 1, . . . , n2 1, and j = 1, . . . , q.
ii. j,b = j,b (1 2 ) for b = n2 , . . . , n 1, and j = 1, . . . , q.
(d) ELSE IF(Lj = 1) THEN
i. j,b = j,b (1 1 ) for b = 1, . . . , n2 1, and j = 1, . . . , q.
ii. j,b = j,b (1 + 2 ) for b = n2 , . . . , n 1, and j = 1, . . . , q.
3. Arrange back the DCT blocks to their original positions and write the image.

Note that the most important part of this algorithm is as described in the
step 1 of Algorithm 5. We rst need to group dierent blocks to get dierent lc-
regions. However, just getting the lc-regions does not suce. In fact, we further
need to divide each lc-region into two lc-subregions A, B such that |EA EB | < ,
i.e., EA EB . Getting such a grouping by itself is an NP-complete problem
(basically subset sum problem) and hard to nd. Thus there are two issues.

1. Given a lc-region, to get two lc-subregions A, B such that EA and EB dier

by a very small amount.
2. Moreover, if such lc-subregions are not found, then we need to randomly
rearrange the 8 8 DCT blocks of the JPEG image once again to group
them in lc-regions of a dierent conguration.
146 Tanmoy Kanti Das and Subhamoy Maitra

However, in the experiments, we always succeeded in getting the lc-subregions

with required closeness.
qThis is expected for the image data since the energy of
the individual blocks j=1 |j,b | are in some specic range. Moreover, in one lc-
region there are collection of blocks, where the energies of the blocks in each col-
lection are very close to each other. The easy availability of such groupings make
the watermark embedding procedure very fast even if the underlying problem
is hard. Another extremely important advantage of plentiness of such grouping
is that the image key space becomes very large. In step 1 of Algorithm 5, we
store the group information and use that as image key K. Thus, the observation
that almost any rearrangement of lc-regions provide lc-subregions with required
closeness of EA , EB values, makes the choice of key K from an exponential space
and keeps the system secure.

3.2 Watermark Extraction

Extraction of watermark does not require the original image. It is only dependent
on the image key K. Once image key is known then one can reorganize the blocks
of the watermarked image in the manner that was used at the time of watermark
embedding. Now one can calculate EA , EB and if EA > EB then label bit = 0
else it is 1. Note that the binary patterns for each buyer can be selected from
error correcting codes so that the malicious buyer can be identied even if there
are some bit errors in the extraction process.

3.3 Experimental Results

We present a summarized result to highlight the robustness of our scheme. See
Figure 2, where the images show that original and watermarked copies are vi-
sually indistinguishable. The watermarking parameters used in the experiments
are as follows : = .05, 1 = 0, 2 = 2 = 0.1, q = 5, n = 64, l = 64. In [7],
re-encoding attack has been mentioned. Re-encoding attack basically means sav-
ing the image in dierent JPEG quality. It has been found [7] that the DEW
scheme does not survive if the image is saved at very low JPEG quality. This is
due to the fact that the watermark information in the DEW scheme has been
incorporated using the high frequency DCT coecients which can be easily dis-
turbed at low quality JPEG compression. However, in our modied scheme, we
propose incorporating the watermark signal in the low frequency components,
which are least disturbed by JPEG compression. We have taken three images,
Lena, Baboon and Pentagon, each of size 512 512 pixels. We incorporated 64
bit watermark (each lc-region contains 64 blocks of size 8 8) and saved the
watermarked image at JPEG quality 100%. Then to simulate the re-encoding
attack, we have saved the image at JPEG quality 90% to 10% at an interval of
10% and then extracted the watermark from the low JPEG quality images. We
found no bit error at as low as 20% JPEG quality. At 10% we found a single bit
error out of the 64 bits, which is < 2%. Thus our scheme is robust in this aspect.
Refer to Figure 2 for the re-encoding attacked image saved at 10% JPEG quality.
 Cryptanalysis of Optimal Dierential Energy Watermarking (DEW) 147

Fig. 2. Modied DEW scheme. Top-left : original image. Top-right : water-

marked image. Bottom-left : watermarked image saved at 10% JPEG quality.
Bottom-right : stirmark 3 attack on the watermarked image

Even with that low quality image, our scheme can extract the watermark and
identify the malicious buyer.
We checked the standard image processing attacks like ltering, cropping,
addition of noise etc. The scheme survives all such attacks. However, we have
checked that in case of rotation or when the pixel positions change, it may not be
possible to extract the watermark. This is natural since the scheme is oblivious.
However, if we consider that the original image is available during the extraction
process (i.e., the scheme becomes non-oblivious), then we can use the original
image to properly rotate back the attacked watermarked image. In that case
one can successfully recover the watermark. In case of Stirmark attacks [10, 11],
if the original image is available, then we can use the block based strategy [4]
148 Tanmoy Kanti Das and Subhamoy Maitra

to recover the watermark properly. In Figure 2, the image after the Stirmark 3
attack has been presented. We could successfully recover the watermark using
block based strategy when the original image is available. It is a challenging
question to successfully extract the watermark in the oblivious scheme, i.e., when
the original image is not available.

References
[1] I. J. Cox, J. Kilian, T. Leighton and T. Shamoon. Secure Spread Spec-
trum Watermarking for Multimedia. IEEE Transactions on Image Processing,
6(12):16731687, 1997. 136
[2] F. Ergun, J. Kilian and R. Kumar. A note on the limits of collusion-resistant
watermarks. In Eurocrypt 1999, no 1592 in LNCS, pages 140149, Springer
Verlag, 1999. 137
[3] R. C. Gonzalez and P. Wintz. Digital Image Processing. Addison-Wesley Pub-
lishing (MA, USA), 1988. 136
[4] F. Hartung, J. K. Su and B. Girod. Spread Spectrum Watermarking : Malicious
Attacks and Counterattacks. Proceedings of SPIE, Volume 3657 : Security and
Watermarking of Multimedia Contents, January 1999. 147
[5] N. F. Johnson, Z. Duric and S. Jajodia. Information Hiding: Steganography and
Watermarking Attacks and Countermeasures. Kluwer Academic Publishers,
USA, 2000. 137
[6] S. Katzenbeisser, F. A. P. Petitcolas (edited). Information Hiding Techniques for
Steganography and Digital Watermarking. Artech House, USA, 2000. 136, 137
[7] G. C. Langelaar and R. L. Lagendijk. Optimal Dierential Energy Watermarking
of DCT Encoded Images and Video. IEEE Transactions on Image Processing,
10(1):148158, 2001. 135, 136, 137, 138, 140, 141, 146
[8] S. G. Mallet. A theory of multi resolution signal decomposition : the Wavelet
representation. IEEE Transactions on PAMI, 11:674693, 1989. 136, 137
[9] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied
Cryptography. CRC Press, 1997. 137
[10] F. A. P. Petitcolas, R. J. Anderson, M. G. Kuhn and D. Aucsmith. Attacks on
Copyright Marking Systems. In 2nd Workshop on Information Hiding, pages
218238 in volume 1525 of Lecture Notes in Computer Science. Springer Verlag,
1998. 137, 147
[11] F. A. P. Petitcolas and R. J. Anderson. Evaluation of Copyright Marking Sys-
tems. In IEEE Multimedia Systems, Florence, Italy, June 1999. 137, 147
[12] J. O. Ruanaidh, H. Petersen, A. Herrigel, S. Pereira and T. Pun. Cryptographic
copyright protection for digital images based on watermarking techniques. The-
oretical Computer Science 226:117142, 1999. 137, 138
[13] G. K. Wallace. The JPEG still picture compression standard. Communication
of the ACM, April 1991. 137