Intra-Block Correlation Based Reversible Data Hiding in Encrypted Images Using Parametric Binary Tree Labeling

: In this paper, a high capacity reversible data hiding technique using a parametric binary tree labeling scheme is proposed. The proposed parametric binary tree labeling scheme is used to label a plaintext image’s pixels as two different categories, regular pixels and irregular pixels, through a symmetric or asymmetric process. Regular pixels are only utilized for secret payload embedding whereas irregular pixels are not utilized. The proposed technique efﬁciently exploits intra-block correlation, based on the prediction mean of the block by symmetry or asymmetry. Further, the proposed method utilizes blocks that are selected for their pixel correlation rather than exploiting all the blocks for secret payload embedding. In addition, the proposed scheme enhances the encryption performance by employing standard encryption techniques, unlike other block based reversible data hiding in encrypted images. Experimental results show that the proposed technique maximizes the embedding rate in comparison to state-of-the-art reversible data hiding in encrypted images, while preserving privacy of the original contents.


Introduction
Cloud computing is a great technology for remote sharing and accessing of information across the world. It renders a simplistic model for real-time information sharing, accessing, and/or storing on the cloud server [1] on a pay-per-use basis. Due to its simplicity, today, cloud computing services have millions of subscribers who store their public/private data on cloud servers. The cloud servers possess several data storage devices for storing subscribers' data which can be any multimedia data (such as image, video, audio), text data, program data, etc., in any format. To protect against information leakage and maintain confidentiality, subscriber data is first encrypted and then stored on the cloud servers [2]. To manage the cloud services and data storages, and also to control loading-unloading of data between storages for load balancing, the cloud servers makes use of a cloud administrator which attaches some auxiliary information, such as subscriber name, file name, file type, source information, etc., to subscriber's data for its efficient handling without decoding the subscriber data. The auxiliary information is attached secretly by embedding the same in the encrypted subscriber data so that unauthorized access can be prevented without incurring additional storage cost. Since the auxiliary information is cloud management information, it is embedded in a lossless and reversible manner in the subscriber data. For this, there exist several reversible data hiding (RDH) techniques which have been developed in the past for lossless embedding and recovery of both secret data and subscriber data. Some of the popular RDH techniques are lossless compression based [3][4][5][6], difference expansion-based [7], histogram expansion, and prediction error expansion based [8][9][10][11][12] RDH techniques. However, these techniques are only suitable for plaintext data, but not for encrypted data.
In 2008, Puech et al. [13] unveiled an RDH technique for encrypted images (RDHEI). They first encrypted the original image using Advanced Encryption Standard (AES) and then embedded the secret data bits at random locations in each 4 × 4 by simple substitution. At the receiver end, local standard deviation analysis is performed to reinstate the original image and get back the hidden secret data. After Puech et al.'s technique [9], the RDHEI field has been explored by various researchers .
Based on the analysis of available RDHEI literature, the RDHEI techniques can be classified into three major categories, namely, vacating room after encryption (VRAE) [12,15,21,22], vacating room by encryption (VRBE) [32,34,35], and reserving room before encryption (RRBE) [23,[29][30][31]33]. The VRAE techniques create vacancies for secret data hiding in encrypted data whereas techniques that fall into the VRBE category create vacancies for secret data hiding during encryption. As far as the RRBE category is concerned, first, a room is reserved in the unencrypted media which is then exploited for embedding the secret data after the media's encryption. Among these three approaches, the VRAE approach offers very limited embedding capacity (EC) because encrypted data provides limited room for secret data hiding as encryption destroys the correlations of subscriber data. Therefore, the cloud administrator is unable to produce many vacancies for secret data embedding in encrypted data. In the VRBE approach, specific encryption tactics are applied to subscriber data, which maintain some correlations in encrypted data. Later, the correlations present in the encrypted data are exploited by the cloud administrator for embedding auxiliary information. Still, this approach does not yield a high EC as spatial redundancy existing in the subscriber data is not fully utilized. However, the RRBE approach is an altogether different approach, in which subscriber data in unencrypted form is exploited to reserve vacancies. This means that, later on, the subscriber data can be encrypted and auxiliary information can be embedded in the encrypted data, by exploiting the redundancy of non-encrypted data due to the reserved vacancies. Thus, the RRBE approach renders higher EC than the VRAE and VRBE approaches.
In RDHEI, the encryption of plain-text data is performed by the subscriber using an encryption key K e , who then uploads the encrypted data on the cloud server. Next, the cloud administrator performs embedding of auxiliary information using a secret key K s to transform the encrypted data into marked encrypted data. The marked encrypted data accommodates both subscriber data and auxiliary information in encrypted form, and is stored on the cloud server. At the decoder side, three cases may exist. In the first case, if a user owns both the encryption key K e and the secret key K s , he/she can retrieve both subscriber data and auxiliary information. In case only the encryption key K e or the secret key K s is possessed by the user then only subscriber data or the auxiliary information can be recovered, respectively. A schematic diagram of the RDHEI approach is shown in Figure 1.
In the literature, some RDHEI techniques have been introduced [14][15][16][17][18] which allow retrieval of auxiliary information only after decryption of marked encrypted data. In other words, auxiliary information can be extracted using a secret key K s only after performing the decryption using the encryption key K e . TheseRDHEI techniques are known as non-separable techniques. In [19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35], another variant of RDHEI techniques, i.e., separable RDHEI techniques, was introduced to overcome the limitation of non-separability. These techniques allow separate restoration of subscriber data and extraction of auxiliary information from the marked encrypted information. In other words, an encryption key K e keeper can perform the decryption process separately without being restricted by the auxiliary information extracting process, and similarly a secret key K s keeper can perform the auxiliary information extracting process without being restricted by the decryption process. In this paper, an intra-block correlation based high capacity RDHEI technique using PBTL is proposed. In the proposed technique, the original image is first partitioned into non-overlapping blocks of a predetermined size (e.g., 4 × 4) which are then categorized into smooth, moderately complex, and highly complex blocks. Now, prediction errors and residual errors are calculated for pixels of the smooth blocks and moderately complex blocks. Next, the proposed technique applies a stream encryption method (different from Yi et al.'s technique) to the original host image to improve the security of the encrypted subscriber data (or the encrypted host image). The pixels of the encrypted image are then labeled using the PBTL scheme and the calculated prediction and residual errors. Finally, the labelled pixels are exploited to reversibly embed the secret data. Contributions of the proposed RDHEI technique can be summarized as follows: (1) The proposed work discloses a high capacity RDHEI technique using PBTL. The proposed RDHEI technique first partitions the original image into uniformly sized blocks and then categorizes the image blocks into three categories, i.e., smooth, moderately complex, and highly complex blocks based on the prevalent correlation of each block. This granular classification of the image blocks helps in reserving pixels for efficiently embedding the secret information. (2) The smooth and moderately complex blocks generally possess high and decent pixel correlation, respectively. Thus, both types of blocks are used for embedding the secret information whereas the highly complex blocks are snubbed in the data embedding process as there is no or minimal correlation. (3) Further, the proposed technique uses a stream encryption method for encrypting the original image. The stream cipher provides higher security in comparison to block cipher as it completely destroys the correlation of image pixels. (4) In addition, the proposed technique is a separable RDHEI technique which allows separate recovery and extraction of subscriber data and the secret message in a lossless manner. (5) Experimental results show that the proposed RDHEI technique has superior embedding performance in comparison to related previous RDHEI techniques while ensuring security of the image contents.
The rest of this paper is structured as follows. Section 2 discusses related separable RDHEI techniques. Section 3 introduces the review of parametric binary tree labeling (PBTL) scheme. The proposed RDHEI technique is discussed in Section 4. Section 5 shows the experimental results and their comparative analysis. Lastly, a conclusion as well as the scope of future works has been drawn for the proposed work.

Related Works
In this section, some of the popular RDHEI techniques are briefly reviewed. In 2012, Zhang discussed a separable RDHEI technique [19]. In the separable RDHEI technique [19], the subscriber data (which is an image) is first encrypted using a standard encryption method and then a room/space is reserved for embedding the secret/auxiliary information by compressing three least significant bits (LSBs) of the encrypted data. However, the generated space is sparse in nature which limits the embedding rate. Xiaotian et al. [17] discussed a separable RDHEI technique which outperforms the earlier technique [19]. Dragoi et al. [21] proposed a new separable RDHEI scheme by creating space after the encryption. The main feature of this scheme is the use of a two-stage data hiding process in which the reference pixel is predicted based on the median context value. As far as performance improvement is concerned, the proposed scheme marginally improves embedding capacity in comparison to erstwhile related schemes. In 2018, Dragoi et al. [22] again came up with a new separable RDHEI scheme with color images, where correlation between RGB color planes of a target pixels and its correlation with neighboring pixels are exploited to embed data in a color image. In 2013, Ma et al. unfolded the first RRBE approach based RDHEI technique [23]. The technique partitions the image to get smooth and complex regions. Next, one or more LSBs of complex regions are embedded into the smooth regions using any of the conventional RDH algorithms such as [5][6][7] to create room in the rough regions. Finally, the reserved room in the encrypted images are filled by auxiliary information. This reservation of space in the complex regions yields a high embedding rate which goes up to 0.5 bit-per-pixel (bpp). Similarly, Zhang et al. reserved room for secret data hiding using the prediction error (PE) based histogram shifting method [18]. In [24], Xu et al. disclosed the calculation of prediction error based on interpolation technique then applied histogram shifting and the difference expansion technique to exploit the prediction error for data hiding. However, only a small improvement in performance was achieved. In [25], Mathew et al. refine the work of Ma et al. [23] by introducing a new pixel intensity variation criterion for classifying image blocks into smooth blocks and rough blocks. However, the work only marginally improves the embedding rate. To further upgrade the embedding rate, Cao et al. [26] discuss a patch-level sparse representation method for RDHEI. The method performs encryption in phases so that the maximum correlation between the image pixels can be maintained in the encrypted image. Additionally, a room is created inside the encrypted image for embedding the secret data. Therefore, the technique archives higher embedding capacity than the erstwhile state-of the art RDHEI techniques. In 2018, Li et al. [27] disclosed a novel RDHEI technique which makes use of combined block permutation and stream cipher for image encryption. Next, prediction errors in nearby pixels are exploited for data hiding. Thus, Li et al.'s technique improves the embedding rate by 0.5 bpp in comparison to the existing related RDHEI techniques, which signifies high embedding capacity.
In literature, it has been observed that a number of techniques [28][29][30][31] have been introduced for MSB prediction and then exploiting the MSB for data hiding. In 2018, one such work is proposed by Puteaux et al. [29] in which a simple but powerful high capacity RDHEI technique was discussed. The technique utilizes the correlation with neighboring pixel to predict the reference pixel value and uses a location binary map for marking the prediction errors. Next, the image is encrypted using stream cipher, and embedding of the secret message is done in the MSBs of the encrypted pixels with the help of location binary map. The location binary map helps the receiver in extracting the secret message and in the complete recovery of the original image. However, the MSB prediction technique can only embed up to one bit of the secret message into an encrypted pixel. To overcome this limitation, Puyang et al. [30] discuss a new RDHEI technique which can replace up to two MSBs of an encrypted pixel to significantly improve the embedding capacity without affecting the reversibility. To further improve the EC, Chen et al. [31] makes use of run length encoding (RLE) to compress the binary sequence of MSB data so that a room can be reserved in the image. For optimal compression, the image is first divided into blocks and then the binary sequence of MSB data is created. Thus, the technique further boosts the embedding rate in comparison to [29,30] without compromising the reversibility.
Yi et al. [32] propounded a headway technique in the separable RDHEI domain using parametric binary tree labeling (PBTL). The host image is first partitioned into blocks of a certain size (either 2 × 2 or 3 × 3 pixels) and then calculates prediction errors in neighboring pixels within the block. Next, the host image is encrypted using a blockbased encryption method. Based on the prediction errors and PBTL scheme, pixels of the encrypted are labeled which are exploited for embedding the secret information later on. The PBTL-RDHEI is extended by Su et al. [33] by combining the PBTL and absolute moment block truncation coding (AMBTC) for efficiently exploiting the correlation of the host image. Yin et al. [26] used the AMBTC technique for data embedding, although not in the RDHEI domain. Further, it has been observed that the AMBTC technique is a popular lossy compression technique which has been widely used in data hiding [14,[36][37][38]. As far as working method of [33] is concerned, Su et al.'s technique first scrambles and then compresses the host image into triplets in a block-wise manner, where each triplet includes two quantization level (high & low) and a bitmap. Next, the triplets are encrypted in such a way that the correlation between the two quantization levels is retained. The retained correlation is then exploited to create a room for embedding the secret information. Therefore, a compressed marked-encrypted image in the form of AMBTC codes is obtained by the receiver. Since the bits required to represent the AMBTC coded image are lesser, the embedding capacity is also lower than that of Yi et al. [32]. It can be easily stated that Su et al.'s case is one of the earliest methods to utilize AMBTC in the RDHEI domain. In the next section, the parametric binary tree labeling scheme is reviewed in the context of the proposed work.

Parametric Binary Tree Labeling Scheme
This Parametric binary tree labelling (PBTL) scheme is first postulated by Yi et al. in 2018 for labelling the pixels of the plaintext image so that the auxiliary information can be efficiently embedded. The plaintext image pixels are represented by 8-bit depth; hence, the seven layers are generated in the parametric binary tree as shown in Figure 2. In the PBTL, each layer has 2 n nodes and each node is represented by n binary bits where n ∈ {1, 2, . . . , 7} is the layer number. The details regarding the total number of nodes in each layer of the seven-layered PTBL is provided in Table 1.  The nodes at each layer are distributed into two different sets, namely S 1 and S 2 , based on a tuple parameter (γ 1 , γ 2 ). The first node of eachlayer is assigned into set S 1 and is labeled by n number of zero bits based on the value of γ 1 , where n is the layer number. The number of nodes assigned to set S 2 are determined in accordance to the relation between the tuple parameter γ 1 ∧ γ 2 using Equation (1), defined as follows: where N γ 2 represents the total number of nodes in the set S 2 and the range of values of the tuple parameter is defined as 1 < γ 1 , γ 2 < 7. The specific details regarding the number of nodes in set S 2 for each layer of the PBTL based on the different values of γ 1 ∧ γ 2 are provided in Table 2. As per Table 2, if the value of tuple parameter (γ 1 , γ 2 )is(2, 3), then number of nodes in set S 2 are 6 as per Equation (1), which are labeled as (111 2 ), (110 2 ), (101 2 ), (100 2 ), (011 2 ), and (010 2 ). Basically, the node labelling in the set S 2 is started from the right-most side to the left side of the PBTL (in accordance with Figure 2) until the N γ 2 is not labelled. Further, the first node in set S 1 will be labeled as (000 2 ).

The Proposed EPBTL-RDHEI Technique
The proposed High Capacity RDHEI technique is described in two phases, where the subscriber's data encryption and secret payload embedding is done in the first phase, and subscriber's data decryption and extraction of the secret payload is done in the second phase. Usually, subscribers upload their data which can be image, text, video, audio, etc., in encrypted form on the cloud server and a cloud administrator associates secret payload (which also includes auxiliary information) with the encrypted data. Although the proposed technique is equally applicable to all types of data, for simplicity, the plaintext images are considered as subscriber data. The proposed technique is a separable RDHEI technique which allows separate extraction of the hidden message and recovery of the original image at the receiving end. The RDHEI technique first uses an AMBTC based method for classifying the image regions and then uses a PBTL scheme for labelling the pixels. Figure 3 illustrates a framework of the proposed RDHEI technique.
The first phase of the proposed technique performed in five steps. In the first step, the subscriber's image is uniformly partitioned into non-overlapping blocks of a predetermined size and then each block is categorized into as smooth, moderately complex, and highly complex block based on the difference between high and low quantization levels which are calculated using the AMBTC method. In the second step, prediction errors and residual errors are generated based on the difference between pixel and corresponding block's mean. In the third step, the subscriber's image is encrypted using a stream encryption technique. In the fourth step, pixels of the encrypted image are categorized into regular pixels, irregular pixels, base pixels, and special pixels. Then, regular pixels and irregular pixels are labeled according to the PBTL scheme and thereby labeled encrypted image is obtained. In the final (i.e., fifth) step, the secret payload embedding is done to get the marked encrypted image. The detailed working of each step is discussed in following subsections.

Block Categorization (Step-1)
Initially, the subscriber-provided plaintext image I of size N 1 × N 2 is partitioned into a number of non-overlapping blocks (P) of size n 1 × n 2 pixels where P = [N 1 /n 1 ].[N 2 /n 2 ]. Therefore, each block (B k ) has n 1 × n 2 pixels, such that, {x 1 , x 2 . . . . x n 1 ×n 2 } if scanned in raster scan manner, where k ∈ (1, 2 . . . P). Now, mean (µ) of each block is computed using Equation (2): After computing mean (µ) of each block B k , a bit-plane (b) of size n 1 × n 2 is formed, where every pixel is represented by either bit '0' or '1' as follows.
As per the Equation (3), the pixel x i of block B k is represented by '0' if its value is less than mean (µ) of the block, otherwise represented by '1'. Thus, the bit-plane (b) for B k has n 1 × n 2 bits, meaning every pixel of the block is represented by 1 bit in the bit-plane. Next, two quantization levels, i.e., high quantization level q 0 and low quantization level q 1 , are computed using Equations (4) and (5), respectively.
where b 0 and b 1 represent number of zeros and number of ones, respectively, in b. Thus, the high quantization level (q 0 ) is calculated by taking the mean of the pixels which have a value greater than the mean of the block. Similarly, the low quantization level (q 1 ) is computed by taking the mean of the pixels which have a value lower than the mean of the block. Thus, for each image block, a triplet {q 0 , q 1 , b} is obtained.
Next, the image blocks are categorized into smooth, moderately complex, and highly complex block categories based on the difference between q 0 and q 1 . More specifically, if the difference between q 0 and q 1 of block B is less than the first user-defined threshold T s , then the block B is characterized as a smooth block type; if the difference between q 0 and q 1 is greater than or equal to the threshold T s and less than a second user-defined threshold T c , then the block B is characterized as moderately complex; and, otherwise, the block B is characterized as a highly complex block. In this step, the number of smooth blocks are counted as P s , the number of moderately complex blocks are counted as P m , and the number of high complex blocks are counted as P h . A smooth block indicates that pixels in the block are high correlated and less distributed. A moderately complex block indicates that pixels in the block are less correlated and moderately distributed. A highly complex block indicates that pixels in the block are uncorrelated (or very little correlated) and highly distributed.

Computation of Prediction and Residual Errors (Step-2)
Once all the blocks of the plaintext image I are categorized, then prediction errors and residual errors are computed to reserve room for secret payload embedding as follows: is a smooth block, then it indicates that pixels in the block B k are high correlated and less distributed. Thus, each pixel in smooth block B k can be best predicted by its mean value µ k . Prediction error e i is determined using the difference between the original pixel x i and the mean value µ k of the block (B k ) as per Equation (6). It is to be noted that the original pixel value (x i ) can be recovered by adding the µ k to the corresponding prediction error (e i ) as per Equation (7), at the decoding side.
x i = e i + µ k • If the block (B k ) is a moderately complex block, then it indicates that pixels in B k are less correlated. In case of a moderately complex block, prediction errors (e i ) and residual errors (r i ) need to be calculated using Equations (8) and (9), respectively. It is to be noted that the original pixel value (x i ) can be recovered using Equation (10), at the decoder side.
x i = e i + r i + 2 * µ k (10) • If the block (B k ) is a highly complex block, then it indicates that that pixels in B k are uncorrelated (or very less correlated) and highly distributed. Thus, it requires a greater number of bits to represent the errors, and it is suggested that highly complex blocks are not used for secret payload embedding.

Image Encryption (Step-3)
After calculating the prediction errors and mean values for smooth blocks, and predication errors, residual errors, and mean values for moderately complex blocks, a stream encryption process is performed on the plaintext image I. For this, a pseudo-random matrix Z of size N 1 × N 2 is generated using an encryption key K e . Each pixel x i,j of the image I is converted into an 8-bit binary sequence as (b 8 (11). Similarly, each element z i,j of pseudo-random matrix R is converted into 8-bit binary sequence using Equation (11).
Then, bitwise exclusive-or-operation is performed between plaintext image I and pseudo-random matrix Z using Equation (12) to encrypt the image.
Therefore, an encrypted 8-bit binary sequence for each pixel of the encrypted image is obtained. The binary sequence is converted into decimal form using Equation (13), to obtain an encrypted pixel which in turn helps in getting the encrypted image I e .

Pixel Grouping and Labelling Using PBTL (Step-4)
In this step, pixels of the encrypted image I e are grouped and then labeled using PBTL structure based on tuple parameter (γ 1 , γ 2 ) as described in Section 3. Firstly, the encrypted pixels of I e are grouped into four sets which are special set (x s ), a base set (x b ), a regular set (x r ) and an irregular set (x i ). The special set (x s ) contains special pixels, the base set (x b ) contains base pixels, a regular set (x r ) contains regular pixels, and an irregular set (x i ) contains irregular pixels. Special set (x s ) includes the last pixel xe N 1 ,N 2 and the second last pixel xe N 1 −1, N 2 −1 of the encrypted image I e . However, other locations can also be used in special set (x s ). One of the special pixels is used to indicate block size and other one indicates a tuple parameter (γ 1 , γ 2 ). A base set (x b ) includes all the first encrypted pixel xe 1,1 of each block, where MSB bit-planes of the base pixels (the first encrypted pixel xe 1,1 ) are used to indicate block type that can be smooth, moderately complex, and highly complex. Table 3 illustrates that how the 7th & 8th MSB bit-planes of the encrypted pixel xe 1,1 is being used to identify block type. Pixels in the regular set (x r ) and irregular set (x i ) are determined in accordance to prediction errors (e i,j ) calculated using Equation (5) for smooth block and using Equation (7) for moderately complex block. If prediction errors (e i,j ) of block (B k ) of I meets the condition mentioned in Equation (13), then the pixel (xe i,j ) of the encrypted image I e is grouped into the regular set (x r ), otherwise, it is grouped into the irregular set (x i ). In this step, the number of regular pixels and irregular pixels in smooth blocks are counted as x r s and x i s , respectively, and the number of regular pixels and irregular pixels in moderately complex blocks are counted as x r m and x i m , respectively.
After grouping the pixels into four sets, pixels of sets x r and x i are labeled using the PBTL scheme. Note that the pixels of highly complex blocks are not labeled as they do not participate in the data embedding process. In x i , the γ 1 -LSB bits of all the pixels are labeled as (0...0 2 ) as per the PBTL scheme. In x r , γ 2 -LSB bits of all the pixels are labeled using different binary sequences represented by N γ 2 sub-categories as per the PBTL scheme. Thus processed, the labeled encrypted image I l is obtained.

Secret Payload Embedding (Step-5)
After pixel grouping and pixel labelling process, secret payload embedding process is carried-out in the labeled encrypted image I l . This step outputs a marked encrypted image I m by replacing the (8γ 2 ) bits of pixels of x r by secret payload. The secret payload (S b ) contains two type of data; one is encrypted auxiliary information (A b ) which is provided by cloud administrator and other is overhead (O b ) which is obtained during transforming encrypted image I e into labeled encrypted image I l . To protect the auxiliary information (A b ) from unauthorized access, it is encrypted using a secret key k s . The overhead (O b ) is required for lossless recovery of original image. The length of the overhead (O b ) is calculated as below: (a) 16 bits to represent original pixel values of xe N 1 −1, N 2 −1 and xe N 1 , N 2 . (b) Total bits (equal to P s + 2 * P m + 2 * P h ) of base set to store original bit values which are used in block types indication. (c) Total bits (equal to γ 2 * x i s + γ 2 * x i m ) of irregular set to store original replaced bitplanes. (d) Total bits (equal to 8 * P s ) to store mean value µ k of each smooth block. (e) Total bits (equal to 7 * P m ) to store mean value µ k /2 of each complex block. Now, auxiliary information (A b ) is obtained by reducing overhead (O b ) from the secret payload (S b ) using Equations (15)-(17), and effective embedding rate ER γ 1 , γ 2 is calculated using Equation (18).
The second phase of decryption of the original image and data recovery from the marked encrypted image has two steps. The first step is related to extraction of auxiliary information from the marked encrypted and second step is to restore original image from marked encrypted image. Both these steps are mutually exclusive.

Extraction of Auxiliary Information
At the receiver end, once the marked encrypted image I m is received, the extraction process for auxiliary information is started. Initially, the pixels of x s at locations xe N 1 −1,N 2 −1 and xe N 1 ,N 2 in I m are utilized to determine tuple parameter (γ 1 , γ 2 ) and image block size. Then, I m is divided into number of non-overlapping blocks as per the determined block size. After this, pixels of x b in each image block are utilized to determine the type of the image block i.e. the smooth block, moderately complex block and highly complex block as per Table 3. Now, the tuple parameter (γ 1 , γ 2 ) is utilized to determine pixels x r s of regular set and pixels x i s of irregular set corresponding to smooth blocks, and pixels x r m of regular set and pixels x i m of irregular set corresponding to moderately complex blocks. Then, secret payload is extracted from (8γ 2 ) bit-planes of regular pixels x r s of smooth blocks, and also from (8γ 2 ) bit-planes of regular pixels x r m of moderately complex blocks. Further, residual errors are also extracted from regular pixels x r m of moderately complex blocks. Now, from the secret payload, encrypted auxiliary information is obtained by removing overhead as per Equations (15)- (17). Further, encrypted auxiliary information is decrypted by only authorized user which has secret key k s .

Recovery of Plaintext Image
Now, recovery process for encrypted auxiliary information is discussed. The overhead information is utilized to recover plaintext image I. Initially, 16 bits of overhead corresponding to xe N 1 −1, N 2 −1 and xe N 1 , N 2 . are restored on their predetermined position using x s . Next, original bits (equal to P s + 2 * P m + 2 * P h ) are restored at locations of pixels of base set. Then, subsequent overhead bits equal to length γ 2 * (x i s + x i m ) are utilized to restore γ 2 -bits of irregular pixels. After this, next overhead bits up to 8 * P m are read to determine mean values of smooth blocks and subsequent overhead bits up to 7 * P s are read to determine mean values of moderately complex blocks. Now, the authorized user which has encryption key K e can generate the pseudo-random matrix Z and can obtain the decrypted image using Equations (12) and (13). Now, the user has only original pixel values of first two rows and two columns, which are utilized to recover other pixels of the image. The original pixel values of regular pixels of smooth blocks are obtained by their corresponding mean values stored as 8 * P s overhead bits and prediction errors P e calculated using Equation (7) from PBTL labeled pixels corresponding to γ 2 − bits. Similarly, to get original values of regular pixels of moderately complex blocks, mean values stored in next 7 * P m overhead bits and residual errors P r and prediction errors P e calculated using Equation (10) from PBTL labeled pixels corresponding to γ 2 − bits. Now, remaining overhead bits are related to irregular pixels which are restored at their original location based on PBTL labeled pixels corresponding to γ 1 − bits. Thus, original image is retrieved in lossless manner. Figure 4 shows an illustrative example of proposed RDHEI technique. The tuple parameter is taken as (γ 1 , γ 2 ) = (2, 3) and block size is taken as 4 × 4. Figure 4a shows a part of the baboon image of size 12 × 4. The input image is partitioned into non-overlapping blocks of size 4 × 4. Now, the blocks are categorized into smooth blocks, moderately complex blocks, and highly complex blocks using their corresponding quantization levels and mean values calculated by Equations (3)-(5), considering first threshold parameter T s = 16 and second threshold parameter T c = 32. The absolute difference between quantization levels q 0 − q 1 of the first block is 3, so it is a smooth block. The absolute difference between quantization levels q 0 − q 1 of the second block is 29, so it is a moderately complex block. The absolute difference between quantization levels q 0 − q 1 of the third block is 32, so it is a highly complex block. Highly complex blocks do not participate in secret payload embedding because pixels in the block are uncorrelated or correlated very little. Thus, only smooth blocks and moderately complex blocks are utilized for data embedding. The mean value of the first block is computed as 190 and the mean value of second block is computed as 103 using Equation (3). In Figure 4b,c, prediction errors are shown for each pixel of the block except for highly complex block. Based on the prediction errors, pixels of special set (x s ), base set (x b ), regular set (x r ) and irregular set (x i ) are determined as shown in Figure 4d. Now, input image is encrypted using stream encryption with encryption key K e as shown in Figure 4e. Figure 4f shows an 8-bit binary representation of encrypted image. Using the tuple parameter (2,3), labelling bits for each pixel are determined PBTL structure. Pixels of the encrypted image corresponding to regular set (x r ) and irregular set (x i ) are labeled based on predictor errors. Figure 4h shows number of vacancies created in labeled regular pixels for embedding secret payload.  190-190 192-190 191-190 193-190 189-190 186-190 193-190 194-190 187-190 188-190 192-190 192-190 189-190 191-190 190-190 189-190 47  112  164  239  197  5  55  129  184  207  193  229  235  170  120  159  251  239  2  106  31  56  8  64  156  242  172  84  94  4  221  253  166  2  145  8  70  114  26  75  144  193  165  129  115  160  56  91   00101111  01110000  10100100  11101111  11000101  00000101  00110111  10000001  10111000  11001111  11000001  11100101  11101011  10101010  01111000  10011111  11111011  11101111  00000010  01101010  00011111  00111000  00001000  01000000  10011100  11110010  10101100  01010100  01011110  00000100  11011101  11111101  10100110  00000010  10010001  00001000  01000110  01110010  00011010  01001011  10010000  11000001  10100101  10000001  01110011  10100000  00111000  01011011   00101101  01110111  10100110  11101100  11000100  00000100  00110100  10000000  10111000  11001011  11000111  11100111  11101100  10101110  01111101  10011100  10110111  11101100  00001111  01101000  00011100  00111110  00001000  01000000  10011111  11110000  10101100  01010100  01011100  00000100  11011100  11111100  11100110  00000010  10010001  00001000  01000110  01110010  00011010  01001011  10010000  11000001  10100101  10000001  01110011  10100000  01000100

Experiment Results and Analysis
In this section, experiment results of the proposed RDHEI technique are discussed and compared with state-of-the-art techniques. To evaluate the performance of the proposed technique, we have taken four test images as shown in Figure 5. The test images are Lena, Airplane, Man, and Baboon, each one of size 512 × 512 with 8-bit depth gray values. The proposed technique has been evaluated using encryption performance and embedding rate. Encryption performance is estimated on two quality parameters, PSNR (peak signalto-noise ratio) and SSIM (structural similarity), and one security parameter. Embedding rate (ER) basically represents embedding performance, which is measured in terms of bits per pixel (bpp).

Encryption Performance of Proposed Technique
In this subsection, encryption performance of the proposed technique is examined by computing pixel distributions of the marked encrypted images. Ideally, it should be uniform for the encrypted data as the encryption process completely destroys correlations present in original data to provide robustness. The proposed technique also provides uniform pixel distribution which is evident from Figure 6a  To further show the encryption performance of proposed technique, PSNR and SSIM values for marked encrypted images corresponding to the original test images are calculated and the results are provided in Table 4. The results are taken by considering tuple parameter (γ 1 , γ 2 ) = (4,4) and block size of 4 × 4 pixels. It is to be noted that the experimental results on other tuple parameter values and block size are also similar. From Table 4, it can be clearly seen that PSNR of each encrypted marked image is very small and the SSIM value is also nearly 0, which indicates that encrypted marked image does not provide any information about the original image and secret payload. Thus, it is validated that the proposed technique provides good encryption performance. Figure 7a-f show the outcomes of different stages of image encryption and secret payload embedding for one of the test images. Figure 7a shows an original Lena image and Figure 7b shows an encrypted Lena image which is encrypted using the encrypted key K e by employing a standard stream encryption algorithm. In Figure 7c, an encrypted labeled Lena image is shown and Figure 7d shows a marked encrypted Lena image which includes a secret payload containing the encrypted auxiliary information, encrypted using secret key K s . In Figure 7e, a decrypted Lena image is shown, which is similar to the original Lena image. In Figure 7f, the difference between Figure 7a,e is seen, showing a black image as all the pixel values are zero. Thus, Figure 7e depicts that the original image is fully recovered as it has PSNR → +∞ and SSIM = 1 with respect to the original image.

Embedding Performance of the Proposed Technique
In this subsection, embedding rate (ER) of the proposed technique is discussed in terms of bpp. The embedding rate has been shown for various values of tuple parameters (γ 1 , γ 2 of the PBTL scheme and on different block sizes 4 × 4, 8 × 8, 16 × 16. Further, the thresholds are taken as T s = 5, T c = 25 to categorize image blocks as smooth, moderately complex, and highly complex blocks. Experimental results are provided in Tables 5-8 for test images. From the experimental results, it can be seen that embedding rate is increased, when tuple parameters are also increased up to a limit. Thereafter, embedding rate starts to decrease as tuple parameters are increased. This is because increasing in tuple parameters reduces vacancies for embedding secret data. Further, embedding rate is decreased for parameter γ 2 = 3, 4, 5 when block size is increased and the embedding rate is increased for parameter γ 2 = 1, 2, 6, 7. The negative values of bpp depict that overhead bits are higher than or approximately equal to reserved room for secret data embedding.     [33] technique has also been used to comparatively evaluate the performance. However, the proposed technique is a lossless and fully reversible technique in which both secret payload and original image are retrieved in undistorted form. Additionally, the performance of the proposed technique is evaluated against some of the early high capacity RDHEI techniques, e.g., Li et al. [27], Puteaux et al. [29], Puyang et al. [30], and Chen et al. [31]. Table 9 shows the encryption method of the proposed technique and state-of-art techniques. In comparison to this, Yi et al. [32] retains some pixel correlations in blocks which makes encryption week. For optimal embedding performance, γ 1 = 4 & γ 2 = 4 and a block size of 4 × 4 pixels is considered for the proposed RDHEI technique. The embedding performance is compared with some of the high-capacity state-of-the-art techniques that provide highest embedding rate. Since Yi et al.'s [32] and Chen et al. [33] have optimal performance at γ 1 = 2 & γ 2 = 5 with block size of 3 × 3 pixels and block size of 4 × 4 pixels, respectively. Figure 8 shows the maximal embedding rates of the proposed technique as well as existing RDHEI techniques for all the test images. It clearly shows that proposed technique has highest embedding rate than other techniques. It is also evident from the figure that the proposed scheme provides higher embedding capacity with smooth images like Lena, Airplane, whereas it has lower embedding capacity with complex images such as Baboon.

Conclusions
In this paper, an intra-block correlation based high capacity RDHEI technique using a parametric binary tree labelling scheme has been proposed. In the proposed technique, the cover image was divided into blocks and then the blocks were categorized according to the prevalent correlation through a symmetric or asymmetric process. Next, an adaptive method for reserving the room inside the image was applied, based on the block categories so that a large amount of secret data could be embedded. Further, the proposed RDHEI technique used a stream cipher for encrypting the image contents. Experimental results showed that the proposed RDHEI technique provided the highest embedding rate in comparison to all the aforementioned state-of-the art techniques. Additionally, the proposed method provided a good level of security in encryption process to protect the privacy of the original plaintext image. In future work, compression methods can be explored to further condense the size of prediction errors, and also an improvised AMBTC method may be designed to predict the pixel values more accurately.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: