Next Article in Journal
Forensic Video Recovery from Multi-Channel Analog DVR Systems: Channel Demultiplexing and Temporal Reconstruction from Interleaved DHAV Streams
Previous Article in Journal
MultiTask-Fish: A Shared Backbone Multitask Counting Method for Complex Fish School Scenes
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Block-Distortion-Free Reversible Data Hiding in Encryption-Then-Compression Images with Fully Flexible Access Privileges

1
Graduate School of Science and Engineering, Chiba University, Chiba 263-8522, Japan
2
Graduate School of Informatics, Chiba University, Chiba 263-8522, Japan
*
Author to whom correspondence should be addressed.
Information 2026, 17(5), 492; https://doi.org/10.3390/info17050492
Submission received: 13 February 2026 / Revised: 9 May 2026 / Accepted: 13 May 2026 / Published: 17 May 2026
(This article belongs to the Section Information Security and Privacy)

Abstract

In this paper, we propose a block-distortion-free reversible data hiding method for encryption-then-compression (EtC) images that supports fully flexible access privileges without constraints on the restoration order. The proposed approach redesigns the pre-processing strategy of previous work to ensure a clear separation of processing roles between the image owner and the data hider. It also introduces a pixel-value modification process that divides the target range into two regions to mitigate the influence of negative–positive inversion during restoration. As a result, block distortion in marked images is eliminated while preserving role separation between the image owner and the data hider. The proposed method offers four key advantages: flexible access privileges, elimination of block distortion, explicit role separation, and competitive hiding capacity comparable to existing methods with flexible restoration capabilities. Experimental results demonstrate that the proposed method achieves a high marked-image quality and competitive hiding capacity while maintaining the compression performance of marked EtC images. Furthermore, security analysis confirms the robustness of the generated EtC images against a representative ciphertext-only attack.

1. Introduction

With the rapid development of social networking services and cloud services, the protection of copyright and privacy in shared images has become increasingly important. Data hiding is widely recognized as an effective technique for image protection. Among data hiding techniques, reversible data hiding (RDH) has attracted considerable attention because the original image can be perfectly restored after the embedded data (hereafter, the payload) is extracted from the marked image [1,2]. A key characteristic of RDH is that no permanent distortion remains after data extraction, which makes this technique particularly suitable for sensitive applications such as medical and satellite imaging. In recent years, reversible data hiding in encrypted images (RDH-EI) has been extensively studied in various contexts [3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21]. In RDH-EI, the image owner first encrypts the original image, and a third party (hereafter, the data hider) embeds auxiliary information such as copyright or authentication data into the encrypted image. Since encryption and data hiding are performed by different entities, the payload can be embedded without revealing the image content to the data hider. RDH-EI has also been extended to high-dynamic-range images in recent studies [22,23,24].
Recently, several RDH-EI methods have been proposed to improve the flexibility of receivers’ access privileges for marked encrypted images [16,17,18,19,20,21]. Figure 1 illustrates the four types of access privileges that can be assigned to marked encrypted images. In this paper, fully flexible access privileges refers to the ability to support all four restoration scenarios shown in Figure 1 without constraints on the processing order. Arai et al. proposed a method that realizes all access privileges shown in Figure 1 by partitioning the bit-planes of the original image into upper and lower regions [19]. In this method, the upper ( 8 α ) bit-planes are encrypted, while the lower α bit-planes are used for data hiding. This design enables flexible restoration regardless of the order of decryption and data extraction. However, the hiding capacity of this method is limited to α bpp. Hereafter, we refer to this method as the RDH-bit-plane-based encrypted-image (RDH-BPEI) method.
Motomura et al. [20] proposed a high-capacity RDH-EI method based on the encryption-then-compression (EtC) system [25,26,27], which allows encrypted images to be efficiently compressed. In this paper, we refer to the encrypted images generated by the EtC system as EtC images and the method in [20] as RDH in EtC images (RDH-EtCI). The RDH-EtCI method supports three access privileges for marked encrypted images: data extraction only, decryption only, and decryption after data extraction, as shown in Figure 1a–c. However, the access privilege for data extraction after decryption, illustrated in Figure 1d, is not supported by this method. In addition, block distortion appears in the decrypted images that still contain embedded data (i.e., marked images) due to the encryption process. In practical RDH-EI systems, marked images are often directly viewed by authorized users. In such cases, block distortion in the images significantly degrades visual quality and reduces practical usability, even if perfect reversibility is guaranteed. Therefore, avoiding block distortion is an important requirement in practical applications.
To overcome this limitation, the authors previously proposed the block-distortion-free RDH-EtCI (BDF-RDH) method, which extends the RDH-EtCI framework [21]. In the method, block distortion is eliminated by performing pre-processing for data hiding prior to encryption. Furthermore, by storing encryption data in EtC images, the BDF-RDH method supports all four access privileges. However, this approach requires the image owner to perform pre-processing and to embed restoration data into the original image before encryption. As a result, the distinction between the roles of the image owner and the data hider becomes less well defined. In contrast to the BDF-RDH method, the proposed approach eliminates block distortion even when pre-processing is performed after encryption while maintaining a clear separation of roles between the image owner and the data hider. Accordingly, the objective of this work is to eliminate block distortion in marked images while preserving the advantages of RDH-EtCI, including its high hiding capacity and VRAE-based structure.
Such requirements arise in practical scenarios. One representative example is a cloud-based image management service for sensitive data such as medical images and surveillance images. In this setting, an image owner encrypts images before uploading them to a cloud server to protect privacy. The cloud service provider, acting as a data hider, may need to embed additional information such as access control data, authentication codes, or metadata into the encrypted images without accessing the original image content. In this scenario, strict role separation between the image owner and the data hider is essential to ensure privacy protection and prevent unauthorized access. The proposed method is well suited to this requirement, as it enables data embedding in encrypted images while maintaining flexible restoration processes.
In this paper, we propose a novel RDH-EI method that further extends the concept of pre-processing in the BDF-RDH method. The proposed method eliminates block distortion in marked images even when pre-processing is performed after encryption, while preserving all access privileges. Moreover, by increasing the number of pixels available for data hiding, the method achieves a hiding capacity comparable to that of the BDF-RDH method. In addition to these technical features, the proposed method is relevant to human factors in cybersecurity. By enabling flexible access control and secure content management, it helps mitigate risks associated with improper handling of sensitive information and unauthorized access. Experimental results demonstrate the effectiveness of the method in terms of hiding capacity and visual quality of marked images. In addition, the robustness of EtC images against ciphertext-only attacks (COAs) is discussed.

2. Related Works

In this section, we first review existing studies on RDH-EI to provide a general background. We then focus on representative RDH-EI methods that offer flexible access privileges, including the RDH-BPEI [19], RDH-EtCI [20], and BDF-RDH [21] methods. To improve readability, the main abbreviations and terms used in this paper are summarized in Table 1.

2.1. Reversible Data Hiding in Encrypted Images

While RDH is a technique for embedding payloads into plain images, RDH-EI methods have also been extensively investigated in previous studies [3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21]. The objective of RDH-EI is to protect the confidentiality of image content against third parties other than the image owner and the receiver. In RDH-EI, the image owner first encrypts the original image, and the data hider subsequently embeds arbitrary data into the encrypted image. The embedded payload typically includes information such as copyright, authentication, and timestamps.
RDH-EI methods can be classified into two categories according to the order of encryption and reservation of the embedding space: reserving room before encryption (RRBE) and vacating room after encryption (VRAE). In RRBE, the image owner first reserves embedding space in the original image and then encrypts the pre-processed image before transmitting it to the data hider. The data hider embeds the payload into the encrypted image to generate the marked encrypted image. Because this framework performs pre-processing on the original image, it generally achieves a higher hiding capacity than VRAE-based methods.
Zhang et al. proposed an RRBE-based method using asymmetric coding and block compression, which achieved a hiding capacity of 4.17 bpp [7]. In this method, the original image is divided into non-overlapping blocks, and the bit-planes of prediction errors are compressed using asymmetric coding. Zhang et al. further proposed another method achieving a hiding capacity of 4.25 bpp by using a novel multi-directional gradient predictor to compress prediction errors in selected regions [8].
In contrast, in VRAE, the image owner only encrypts the original image. The data hider vacates the embedding space and embeds the payload into the encrypted image. Therefore, the image owner does not need to perform pre-processing, and the data hider can conceal the embedding space from the image owner. For these reasons, VRAE-based methods are generally considered more practical than RRBE-based methods. To improve the hiding capacity in VRAE, block-wise encryption has often been adopted.
For example, Chen et al. proposed a method achieving a hiding capacity of 3.00 bpp, in which the upper bit-planes of the encrypted image are replaced with a payload derived from prediction errors [9]. Moreover, Xiao et al. introduced two coding methods applied to prediction errors within each encrypted block [10]. By adaptively selecting the more efficient coding method for each block, they achieved a hiding capacity of 4.04 bpp.
More recently, VRAE-based RDH-EI methods have been extensively studied and further extended to improve embedding efficiency and reconstruction performance. These methods preserve the fundamental VRAE framework, in which the embedding space is generated after encryption, while introducing various techniques to enhance performance. For example, pixel-shifting-based embedding strategies have been introduced to increase embedding capacity while maintaining reversibility [11]. In addition, key-controlled entropy coding schemes, such as variants of Huffman coding, have been used to enhance both security and coding efficiency [12]. Furthermore, advanced prediction models, including adaptive and learning-based predictors, have been developed to improve prediction accuracy and reduce embedding distortion [13]. Recent studies have also explored prediction-error modification combined with block compression [14] and learning-based data fusion strategies [15] to further improve embedding performance and robustness.
However, most existing VRAE-based methods impose constraints on the restoration order, and do not support flexible access privileges. Consequently, the restoration order is constrained, which limits all access privileges for marked encrypted images.

2.2. RDH-EI Methods with Flexible Access Privileges

The methods reviewed in Section 2.1 cannot support two access privileges for marked encrypted images: decryption only (Figure 1b) and data extraction after decryption (Figure 1d). To address this limitation, recent studies have investigated RDH-EI methods that provide enhanced flexibility in access privileges [16,17,18,19,20,21].
Arai et al. proposed the RDH-BPEI method, which realizes all access privileges by dividing the bit-planes of the original image into encryption and embedding spaces [19]. However, the RDH-BPEI method follows the RRBE framework and thus requires the image owner to perform pre-processing on the original image before encryption. In addition, the hiding capacity is limited to α bpp, where α denotes the number of bit-planes allocated to the embedding space.
Motomura et al. [20] proposed the RDH-EtCI method, which targets EtC images and embeds the payload by applying an extended algorithm based on prediction error expansion and histogram shifting (PEE-HS) [28]. Although the VRAE framework generally imposes strict constraints on the restoration order, the RDH-EtCI method supports three access privileges: data extraction only, decryption only, and decryption after data extraction.
Furthermore, we previously proposed the BDF-RDH method, which extends the RDH-EtCI method [21]. In the BDF-RDH method, encryption data are embedded into each block of the EtC image, which enables direct data extraction from the marked image. Although the BDF-RDH method is based on the VRAE framework, it supports all four access privileges illustrated in Figure 1. In addition, block distortion in the marked image is eliminated by modifying pixel values prior to encryption. The BDF-RDH method, however, requires the image owner to perform pre-processing for data hiding. This requirement leads to a less well-defined separation of processing roles between the image owner and the data hider, so the method can hardly be regarded as a fully VRAE-based framework.
Table 2 summarizes the characteristics of representative RDH-EI methods for EtC images. RDH-BPEI supports full access privileges but suffers from a limited hiding capacity due to its RRBE framework. RDH-EtCI achieves a high hiding capacity; however, it does not support all access privileges and may cause block distortion. The BDF-RDH method eliminates block distortion and supports full access privileges but requires pre-processing by the image owner before encryption, which weakens role separation. In contrast, the proposed method achieves both elimination of block distortion and full access privileges while allowing pre-processing after encryption, thereby maintaining a clear separation of roles.
On the basis of these observations and the comparison shown in Table 2, the next section proposes a novel method that addresses the above issues while maintaining a hiding capacity and marked-image quality comparable to those of conventional RDH-EtCI-based methods. It should be noted that RDH-EI methods for EtC images are generally designed under the assumption of lossless compression, including JPEG 2000 and JPEG-LS, in order to guarantee perfect reconstruction. When lossy compression schemes, e.g., JPEG, are applied, the reversibility of embedded data and the exact recovery of the original image cannot be guaranteed. This limitation also applies to the proposed method. Therefore, compatibility with practical lossy compression pipelines remains a limitation of current EtC-based RDH-EI methods.

3. Proposed Method

We propose an improved method based on the BDF-RDH method [21]. The proposed method prevents block distortion in marked images even when pre-processing is performed after encryption. Additionally, by increasing the number of pixels available for data hiding, the method maintains a hiding capacity comparable to that of conventional methods. As with the BDF-RDH method, the method further supports all four access privileges in the VRAE framework. The following sections provide a detailed description of the method. For clarity, the main variables and parameters used in the proposed method are summarized in Table 3.

3.1. Marked EtC Image Derivation

The marked EtC images are generated through four steps: encryption using the EtC system, pre-processing, data hiding, and encryption-data storage. Figure 2 illustrates the overall procedure for deriving marked EtC images. Each step is described in detail below.

3.1.1. Encryption Using EtC System

As with the BDF-RDH method, the encryption process in the proposed method uses an EtC system composed of main blocks and sub-blocks. Hereafter, data required for encryption-related processing are referred to as encryption data. This block-based structure reduces the amount of encryption data that must be stored in subsequent processing. First, an original image of size H × W pixels is divided into main blocks of size B m × B m pixels. Each main block is then further divided into sub-blocks of size B s × B s pixels. Thus, the total numbers of main blocks N m and sub-blocks per main block N s are given by H B m × W B m and ( B m B s ) 2 , respectively. Next, block scrambling, rotation/flip, and negative–positive inversion (hereafter, NP inversion) are applied to the sub-blocks within each main block. Finally, the main blocks are permuted to generate the EtC image.
The EtC system used in this paper is based on the standard framework proposed in previous studies [25,26,27], and we adopt an extended framework [29] derived from them. Regarding the attacker model, we assume a COA, which is commonly adopted in EtC-based image encryption. Detailed definitions and analyses of the EtC system, including the block structure, NP inversion behavior, and attacker model, can be found in the original references.

3.1.2. Pre-Processing

The overall procedure of the pre-processing step is illustrated in Figure 3. To prevent overflow (OF) and underflow (UF) in pixel values during data hiding, the proposed method modifies the pixel-value histogram of EtC images. Specifically, the range of pixel values to be modified is divided into two parts using 128 as the boundary. By allocating these two parts to avoid OF and UF, respectively, the method prevents block distortion in the marked image. In addition, this design eliminates the influence of NP inversion when decryption is performed without data extraction, thereby preventing block distortion in the marked image.
First, UF is avoided through the following steps:
Step 1-1: 
Identify the smallest pixel value Z P l with zero frequency in the range [ 0 , 127 ] .
Step 1-2: 
Add 1 to all pixels whose values are smaller than Z P l .
Step 1-3: 
While there exist pixels in the range [ 0 , L 1 ] , repeat Steps 1-1 and 1-2.
Similarly, OF is avoided as follows:
Step 2-1: 
Identify the largest pixel value Z P r with zero frequency in the range [ 128 , 255 ] .
Step 2-2: 
Subtract 1 from all pixels whose values are larger than Z P r .
Step 2-3: 
While there exist pixels in the range [ 256 L , 255 ] , repeat Steps 2-1 and 2-2.
If no zero-frequency pixel exists in the target range during Step 1-1 or 2-1, a pair of adjacent bins with the minimum sum of frequencies is identified. The larger pixel value is assigned to Z P l in Step 1-1, whereas the smaller pixel value is assigned to Z P r in Step 2-1. To distinguish the merged pixel values, the positions of pixels whose original values are Z P l 1 , Z P l , Z P r , and Z P r + 1 are recorded in a location map and embedded as restoration data.

3.1.3. Data Hiding

In the data-hiding process, arbitrary data and restoration data are embedded into each sub-block of the EtC image. By additionally using the four corner pixels of each sub-block as embedding targets, the proposed method achieves a hiding capacity comparable to that of the BDF-RDH method. This process consists of prediction-value calculation based on the median edge detection (MED) method and data hiding using PEE-HS, following the RDH-EtCI method [20]. Figure 4 illustrates the prediction-value calculation for each pixel in a sub-block when B s = 6 . The detailed procedure is described as follows.
Step 3-1: 
For each pixel p i , j , where 0 i B s 1 and 0 j B s 1 , calculate the prediction value p r e d i , j using a modified MED predictor. The prediction rule is selected according to the pixel position within the sub-block, as defined in Equation (1):
p r e d i , j = p 1 , 1 , if ( i , j ) { ( 0 , 1 ) , ( 1 , 0 ) } p i 1 , j , if ( i , j ) { ( i , 0 ) 2 i B s 2 } { ( B s 1 , 1 ) } p i , j 1 , if ( i , j ) { ( 0 , j ) 2 j B s 2 } { ( 1 , B s 1 ) } M E D ( p 0 , 1 , p 1 , 0 , p 1 , 1 ) , if ( i , j ) = ( 0 , 0 ) M E D ( p 0 , B s 2 , p 1 , B s 1 , p 1 , B s 2 ) , if ( i , j ) = ( 0 , B s 1 ) M E D ( p B s 1 , 1 , p B s 2 , 0 , p B s 2 , 1 ) , if ( i , j ) = ( B s 1 , 0 ) M E D ( p i , j 1 , p i 1 , j , p i 1 , j 1 ) , otherwise .
Here, M E D ( a , b , c ) is a derivation function based on the MED method, defined as follows:
M E D ( a , b , c ) = min ( a , b ) , if c max ( a , b ) max ( a , b ) , if c min ( a , b ) a + b c , otherwise .
Note that the pixel p 1 , 1 , which is used solely as a reference-only pixel, is excluded from the prediction-error calculation.
Step 3-2: 
Derive the prediction error between p i , j and p r e d i , j , and assemble a prediction error histogram.
Step 3-3: 
Set the numbers of embedding iterations L 1 and L 2 such that the condition L 1 + L 2 = L is satisfied.
Step 3-4: 
Perform the embedding process using PEE-HS L 1 times on all pixels except for the reference-only pixel, following a raster-scan order.
Step 3-5: 
Perform the embedding process L 2 times on all pixels except for the reference-only pixel and the four corner pixels.
Step 3-6: 
Overwrite the least significant bits (LSBs) of the reference-only pixel with L 1 , L 2 , and the bin values used in the L iterations of PEE-HS.
Note that different types of restoration data are embedded in Step 3-4 and 3-5 in addition to the arbitrary data. Specifically, in Step 3-4, Z P l , Z P r , the location map, and the original LSBs of the reference-only pixel are embedded. In contrast, in Step 3-5, the bits of pixel values that are later replaced by encryption data are embedded.
After PEE-HS, the lower bits of the four corner pixels in each sub-block are replaced with encryption data, following the procedure of the BDF-RDH method. The encryption data consists of two components: block numbers and sub-block data. The block numbers are used to determine the processing order of the main and sub-blocks, while the sub-block data are used to identify the pixel scanning order and the application of NP inversion.

3.2. Image Restoration

One of the main advantages of the proposed method is that all access privileges for the marked EtC image are supported. This allows all restoration processes. Figure 5 illustrates the two possible restoration procedures provided by the proposed method.
Figure 5a shows the restoration process, in which decryption is performed after data extraction. First, the parameters L 1 and L 2 , together with the bin values used in PEE-HS, are extracted from the LSBs of the reference-only pixels. Next, on the basis of this information, the bits that were replaced by encryption data are recovered from all pixels in each sub-block, excluding the reference-only pixel and the four corner pixels. As a result, the four corner pixels are restored to their values prior to the replacement by encryption data. Finally, the arbitrary data and restoration data are extracted from all pixels excluding the reference-only pixel, and the original image is perfectly reconstructed by applying pixel-value modification and decryption.
On the other hand, Figure 5b illustrates the restoration process in which data extraction is performed after decryption. In this case, the marked EtC image is first decrypted to obtain the marked image. The encryption data embedded in the four corner pixels of each sub-block are then extracted to identify the block processing order, the pixel scanning order, and the application of NP inversion. Subsequently, following the same procedure as described above, the original image is obtained by extracting the payload and restoring each pixel value.
Finally, we clarify why the proposed method guarantees distortion-free recovery. The key idea is that pixel-value modification in the pre-processing stage is strictly controlled to avoid OF and UF by restricting the modification range. Specifically, the modification range is divided into two regions, [0, 127] and [128, 255], such that the influence of NP inversion is eliminated during restoration and consistent pixel-value relationships are preserved. In addition, all modifications applied during data hiding, including histogram shifting and bit replacement, are recorded as restoration data (e.g., location maps and parameters), which are fully embedded into the marked EtC image. Therefore, every transformation applied in the embedding process is exactly invertible, and the original image can be perfectly reconstructed without any distortion regardless of the restoration order. In particular, the two-region design consistently controls the effect of NP inversion, ensuring that no block distortion occurs even when decryption is performed prior to data extraction.

3.3. Advantages of Proposed Method

As summarized in Table 2, the proposed method simultaneously satisfies several desirable properties that are not jointly achieved by existing methods, including full access privileges, elimination of block distortion, and a VRAE-based framework with clear role separation. Based on these properties, the main advantages of the proposed method are described as follows.
First, the proposed method supports all four access privileges for a marked EtC image. This advantage is identical to that of the BDF-RDH method; both direct decryption of a marked EtC image and data extraction after decryption are possible, thereby demonstrating superiority over other RDH-EI methods. Such flexibility is beneficial from a human-centric security perspective because it reduces the risk of misuse or unintended information leakage in multi-user environments.
Second, the proposed method successfully avoids block distortion in marked images while maintaining a clear separation of processing roles between the image owner and the data hider. In general, when pre-processing is performed after encryption, pixel-value differences between blocks with and without NP inversion tend to be amplified during decryption, which causes block distortion in the marked image. To address this issue, the BDF-RDH method eliminates block distortion by performing pre-processing prior to encryption. However, this approach requires the image owner to perform additional processing beyond encryption. This makes it difficult to clearly separate the responsibilities of the image owner and the data hider. In contrast, the proposed method prevents block distortion even when pre-processing is conducted after encryption. This is achieved by restricting the range of pixel values modified during pre-processing. Specifically, to eliminate the influence of NP inversion, the pixel-value range modified by pre-processing is divided into two regions, [ 0 , 127 ] and [ 128 , 255 ] . As a result, block distortion in the marked image is eliminated without requiring pre-processing by the image owner. A detailed evaluation of the marked-image quality is discussed in Section 4.1.
Third, the proposed method maintains a hiding capacity comparable to that of the RDH-EtCI method, which is known to achieve the highest hiding capacity among RDH-EI methods that offer all access privileges. This feature is particularly important because preserving a high hiding capacity while providing all access privileges is a key challenge in this research field. To achieve this, the proposed method increases the number of pixels available for data hiding. In the BDF-RDH method, the four corner pixels of each sub-block are exclusively used for encryption-data storage and are therefore excluded from the embedding targets. In contrast, the proposed method first performs the embedding process L 1 times while including the four corner pixels. Subsequently, during the next L 2 iterations, the lower bits of the four corner pixels that are replaced by encryption data are embedded into all pixels except for the four corner pixels and the reference-only pixel. As a result, the proposed method preserves the hiding capacity for arbitrary data even though the amount of restoration data increases. Quantitative results are provided in Section 4.2, where we confirm that the proposed method achieves a hiding capacity comparable to that of the RDH-EtCI method.
Finally, the proposed method can be regarded as a fully VRAE-based framework since all pre-processing and data-hiding operations are performed by the data hider after encryption. This feature ensures a clear separation of processing responsibilities between the image owner and the data hider, which enhances the practicality of the proposed method in real-world applications.

4. Experimental Results

In the experiments, the effectiveness of the proposed method was evaluated from three perspectives corresponding to its main advantages. We used the Kodak Lossless True Color Image Suite [30] and IHC Standard Images [31] as grayscale test images. The former was resized to 512 × 768 or 768 × 512 pixels, and the latter was resized to 1536 × 1152 pixels using bicubic interpolation. The combination of main and sub-block sizes, ( B m , B s ) , was set to (32, 16) for Kodak and (64, 32) for IHC. These parameters were selected according to the image size. In general, larger block sizes increase hiding capacity due to higher inter-pixel correlation within blocks while potentially reducing robustness against attacks, resulting in a trade-off. Therefore, appropriate block sizes should be selected by balancing hiding capacity and robustness. In addition, the numbers of embedding iterations L 1 and L 2 were determined to satisfy the following condition: L 2 = max 1 , L 1 9 .
Here, we explain the rationale for determining the embedding iteration parameters L 1 and L 2 . In the proposed method, the first L 1 iterations are primarily used to embed restoration data generated during pre-processing together with arbitrary payload data, while the subsequent L 2 iterations are used to preserve the original bit sequences replaced by encryption data. Increasing L 1 improves hiding capacity but reduces L 2 , which may lead to insufficient space for preserving these original bit sequences and thus violate reversibility. To balance this trade-off, we adopt the condition L 2 = max 1 , L 1 9 , which ensures reliable reconstruction while maintaining a high hiding capacity. This parameter setting is consistently used in all experiments unless otherwise stated. This design also enables the proposed method to preserve the original bit sequences replaced by encryption data while maintaining a hiding capacity comparable to that of conventional methods.
Prior to the performance evaluation, we verified the reversibility of the marked EtC images. For all test images, regardless of the order of decryption and data extraction, the PSNR and SSIM between the restored and original images were ∞ and 1.0 , respectively. This confirms perfect reconstruction. Furthermore, the embedded payload was accurately extracted in all cases.
The proposed method was evaluated in terms of marked-image quality, hiding capacity, and EtC image security. In the evaluations of marked-image quality and hiding capacity, the proposed method was compared with the RDH-BPEI [19], RDH-EtCI [20], and BDF-RDH [21] methods, which offer flexible access privileges.

4.1. Marked-Image Quality

The quality of marked images was evaluated using PSNR and SSIM. For the RDH-BPEI method, the number of bit-planes α assigned to the embedding space was set to 1, 2, and 3, and each configuration was evaluated independently. Figure 6 shows marked-image examples with a payload of 1.0 bpp obtained by each method. The RDH-EtCI method introduces noticeable block distortion in both examples (see Figure 6c,h). This degradation originates from amplified pixel-value differences between blocks with and without NP inversion during decryption. In contrast, our method refines the conventional pre-processing by explicitly accounting for the influence of NP inversion. As a result, block distortion is eliminated, which leads to the highest PSNR and SSIM among the compared methods (see Figure 6e,j).
Figure 7 shows the relationship between hiding capacity and marked-image quality averaged over the datasets for Kodak and IHC. For Kodak, our method achieved a higher PSNR and SSIM than the RDH-BPEI and BDF-RDH methods. In contrast, it showed slightly lower values than the RDH-EtCI method across all hiding capacities. This is because the RDH-EtCI method does not need to preserve auxiliary information related to encryption data, allowing more payload bits to be embedded, and because block distortion does not necessarily appear in all images for the conventional methods. Therefore, when the results are averaged over the entire datasets, the proposed method does not surpass the RDH-EtCI method but achieves comparable performance, as shown in Figure 7. Nevertheless, the proposed approach provides a key advantage by enabling full access privileges through the use of encryption data.
On the other hand, for IHC, the proposed method showed the highest PSNR trend up to around 1.75 bpp, while for SSIM, it showed a trend slightly below that of the BDF-RDH method. This is attributed to the fact that IHC images have a larger size than Kodak images. As a result, the amount of restoration data for pre-processing in the BDF-RDH method becomes relatively smaller compared with that in the proposed method and the RDH-EtCI method.

4.2. Hiding Capacity

Table 4 summarizes the average hiding capacity achieved by each method. The proposed method achieved 3.12 bpp for Kodak and 2.97 bpp for IHC, which significantly exceeded that of the RDH-BPEI method. Although the hiding capacity was slightly lower than that of the RDH-EtCI method and the BDF-RDH method, the difference was marginal, and the difference was consistently small across the test images.
The difference in hiding capacity is mainly due to the increased amount of restoration data required in our framework. In contrast to the RDH-EtCI method, the proposed method preserves auxiliary bits replaced by encryption data. Moreover, our method performs pre-processing directly on EtC images, which inevitably increases restoration overhead.
Despite this slight reduction, the proposed method removes the limitations on access privileges observed in the RDH-EtCI method and avoids the need for pre-processing prior to encryption required by the BDF-RDH method. Therefore, our approach provides a balanced trade-off between hiding capacity, flexibility of access privileges, and practical deployment. These results indicate that our method maintains competitive hiding capacity while enabling full access privileges.
Furthermore, to compare the effect of image size on the same image, Table 5 compares the hiding capacities for kodim04 at sizes of 512 × 768 and 1024 × 1536 pixels. Note that for the 1024 × 1536 -pixel image, the block sizes were set to B m = 64 and B s = 32 . As shown in the table, the hiding capacity increases with larger image sizes due to a higher inter-pixel correlation.

4.3. Security Analysis

We evaluated the robustness of EtC images against COAs. In this experiment, we used the extended jigsaw puzzle solver (EJPS) attack [26], which is regarded as one of the most challenging threats to EtC images. The EJPS attack first calculates boundary compatibilities among all blocks within an EtC image. Subsequently, an estimated image is assembled by applying rotation/flip operations, NP inversion, and block scrambling.
In the proposed method, EtC images incorporate both main and sub-blocks to reduce the amount of encryption data and mitigate the impact on marked-image quality. While the robustness of EtC images consisting solely of main blocks has already been proven in [27], it is necessary to evaluate the robustness of EtC images generated by the proposed method due to this modified block structure.
Figure 8 presents the results of the EJPS attack against EtC images generated by our method. Figure 8b,e show EtC images composed of 384 main blocks and 1536 sub-blocks, whereas Figure 8c,f illustrate the corresponding estimated images reconstructed by the EJPS attack. As observed from these results, visually identifying the original image from the estimated image remains extremely difficult.
Similar tendencies were confirmed across the other images, where successful reconstruction of the original images was not achieved. These results indicate that the EtC images generated by the proposed method maintain sufficient robustness against the EJPS attack. Although robustness against other COAs is also recognized as an important aspect, the present study focuses on evaluation using the EJPS attack. Investigation of robustness against additional COAs will be pursued as part of future work.
In addition to the above discussion, we further clarify the security assumptions of the proposed method with respect to different attack models. For known-plaintext attacks (KPAs), the proposed method adopts a one-time key policy in which a unique and independent secret key is assigned to each image. Since encryption keys are not reused, information obtained from known plaintext–ciphertext pairs cannot be exploited to analyze other encrypted images. For chosen-plaintext attacks (CPAs), the proposed method uses a symmetric-key encryption scheme, and the encryption process is not publicly accessible. Because the encryption keys are strictly managed by the image owner, the conditions required for CPA are not assumed in the considered system model.
Furthermore, while the current evaluation focuses on the EJPS attack as a representative COA, robustness against other COA variants and more advanced attack strategies remains an important topic for further investigation.

5. Conclusions

In this paper, we proposed a block-distortion-free reversible data hiding method for EtC images that supports all access privileges within the VRAE framework. By redesigning the pre-processing strategy of previous work, the proposed approach eliminates block distortion even when pre-processing is conducted after encryption. This design also preserves a clear separation of processing roles between the image owner and the data hider. The proposed method introduces a pixel-value modification process that divides the target range into two regions to mitigate the influence of NP inversion during restoration. In addition, by incorporating the four corner pixels of each sub-block into the embedding targets, the method maintains hiding capacity despite the increased amount of restoration data. Experimental results demonstrated that the proposed method achieves a high marked-image quality and competitive hiding capacity of 3.12 bpp while enabling all access privileges. Security analysis further confirmed that EtC images generated by the proposed method exhibit strong robustness against the EJPS attack. However, the current study still has several limitations. The method was mainly evaluated on grayscale images, so its direct application to color images may introduce challenges such as inter-channel distortion. In addition, the increased amount of restoration data may impose constraints on hiding capacity under certain conditions. Furthermore, the security evaluation has been limited to the EJPS attack; thus, the robustness against other COA variants and learning-based attacks remains to be further investigated. In addition, several directions for future work can be considered. First, extending the proposed method to color images is an important issue, where inter-channel correlations and potential color distortion should be carefully addressed. Second, the extension to video data is also a promising direction, in which temporal consistency across frames must be taken into account. Finally, extending the proposed framework to other encryption schemes and improving computational efficiency for practical applications are also important topics for future research.

Author Contributions

Conceptualization, Y.K. and S.I.; methodology, Y.K.; software, Y.K.; validation, Y.K. and S.I.; investigation, Y.K.; writing—original draft preparation, Y.K.; writing—review and editing, S.I.; supervision, S.I.; project administration, S.I. All authors have read and agreed to the published version of the manuscript.

Funding

This work was partially supported by JSPS KAKENHI Grant Number JP25K07733.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The original data presented in the study are openly available in GitHub at https://github.com/Kato83yasashi83/data_embedding, accessed on 20 March 2026.

Conflicts of Interest

Author Yusaku Kato is currently employed by JR East Information Systems Company. The remaining authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

References

  1. Shi, Y.Q.; Li, X.; Zhang, X.; Wu, H.T.; Ma, B. Reversible data hiding: Advances in the past two decades. IEEE Access 2016, 4, 3210–3237. [Google Scholar] [CrossRef]
  2. Wu, H.T.; Dugelay, J.L.; Shi, Y.Q. Reversible image data hiding with contrast enhancement. IEEE Signal Process. Lett. 2014, 22, 81–85. [Google Scholar] [CrossRef]
  3. Puteaux, P.; Ong, S.; Wong, K.; Puech, W. A survey of reversible data hiding in encrypted images-The first 12 years. J. Vis. Commun. Image Represent. 2021, 77, 103085. [Google Scholar] [CrossRef]
  4. Asiri, G.; Masmoudi, A. A Survey of Reversible Data Hiding in Encrypted Images. Int. J. Adv. Comput. Sci. Appl. 2024, 15, 1316–1326. [Google Scholar] [CrossRef]
  5. Wang, Y.; Xiong, G.; He, W. High-capacity reversible data hiding in encrypted images based on pixel-value-ordering and histogram shifting. Expert Syst. Appl. 2023, 211, 118600. [Google Scholar] [CrossRef]
  6. Sui, L.; Li, H.; Liu, J.; Xiao, Z.; Tian, A. Reversible Data Hiding in Encrypted Images Based on Hybrid Prediction and Huffman Coding. Symmetry 2023, 15, 1222. [Google Scholar] [CrossRef]
  7. Zhang, X.; He, F.; Yu, C.; Zhang, X.; Yang, C.N.; Tang, Z. Reversible data hiding in encrypted images with asymmetric coding and bit-plane block compression. IEEE Trans. Multimed. 2024, 26, 10174–10188. [Google Scholar] [CrossRef]
  8. Zhang, X.; Zhang, X.; Yu, C.; Yang, J.; Tang, Z. Multidirectional Gradient Predictor for Region-Based Reversible Data Hiding in Encrypted Images. IEEE Internet Things J. 2024, 11, 35596–35609. [Google Scholar] [CrossRef]
  9. Chen, S.; Chang, C.C. Reversible data hiding in encrypted images using block-based adaptive MSBs prediction. J. Inf. Secur. Appl. 2022, 69, 103297. [Google Scholar] [CrossRef]
  10. Xiao, F.; Xiong, G.; He, W. High-capacity reversible data hiding in encrypted images based on adaptive block coding selection. J. Vis. Commun. Image Represent. 2024, 104, 104291. [Google Scholar] [CrossRef]
  11. Kim, C.; Yang, C.N.; Lu, Y.Q. Reversible data hiding in encrypted images using Pixel Shifting Approach (PSA). J. Inf. Secur. Appl. 2024, 87, 103909. [Google Scholar] [CrossRef]
  12. Yang, Y.; Chen, F.; Tai, H.M.; He, H.; Qu, L. Reversible data hiding in encrypted image based on key-controlled balanced Huffman coding. Expert Syst. Appl. 2024, 84, 103833. [Google Scholar] [CrossRef]
  13. Ping, P.; Huo, J.; Guo, B. Novel asymmetric CNN-based and adaptive mean predictors for reversible data hiding in encrypted images. J. Inf. Secur. Appl. 2024, 246, 123270. [Google Scholar] [CrossRef]
  14. Zhang, X.; Zhang, X.; Yu, C.; Li, G.; Tang, Z. Reversible data hiding in encrypted images using prediction error modification and basic block compression. Signal Process. 2025, 231, 109896. [Google Scholar] [CrossRef]
  15. Jiang, X.; Xie, Y.; Zhang, Y.; Ye, Y.; Xu, F.; Li, L.; Su, Y.; Chen, Z. Reversible Data Hiding in Encrypted Images Using Reservoir Computing-Based Data Fusion Strategy. IEEE Trans. Circuits Syst. Video Technol. 2025, 35, 684–697. [Google Scholar] [CrossRef]
  16. Yang, C.H.; Weng, C.Y.; Chen, J.Y. High-fidelity reversible data hiding in encrypted image based on difference-preserving encryption. Soft Comput. 2022, 26, 1727–1742. [Google Scholar] [CrossRef]
  17. Weng, C.Y.; Lin, T.W.; Weng, H.Y.; Huang, C.T. Enhanced reversible data hiding in encrypted images via median preserving pixel value ordering and block-wise difference preservation. Signal Image Video Process. 2025, 19, 424. [Google Scholar] [CrossRef]
  18. Wu, H.T.; Yang, Z.; Cheung, Y.M.; Xu, L.; Tang, S. High-capacity reversible data hiding in encrypted images by bit plane partition and MSB prediction. IEEE Access 2019, 7, 62361–62371. [Google Scholar] [CrossRef]
  19. Arai, E.; Imaizumi, S. High-Capacity Reversible Data Hiding in Encrypted Images with Flexible Restoration. J. Imaging 2022, 8, 176. [Google Scholar] [CrossRef]
  20. Motomura, R.; Imaizumi, S.; Kiya, H. Reversible Data Hiding in Compressible Encrypted Images with Capacity Enhancement. APSIPA Trans. Signal Inf. Process. 2023, 26, 1–23. [Google Scholar] [CrossRef]
  21. Kato, Y.; Imaizumi, S. Reversible Data Hiding in EtC Images with Flexible Access Privileges. In Proceedings of the 2025 Asia Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), Singapore, 22–24 October 2025; pp. 2134–2139. [Google Scholar]
  22. Tsai, Y.Y.; Liu, H.L.; Kuo, P.L.; Chan, C.S. Extending multi-MSB prediction and huffman coding for reversible data hiding in encrypted HDR images. IEEE Access 2022, 10, 49347–49358. [Google Scholar] [CrossRef]
  23. Kikuchi, N.; Imaizumi, S. Reversible Data Hiding for OpenEXR Images in Compressible Encrypted Domain. Bull. Soc. Photogr. Imaging Jpn. 2024, 34, 1–8. [Google Scholar]
  24. Lin, A.; Lin, Y.T.; Jao, W.T.; Tsai, Y.Y. High-capacity reversible data hiding in encrypted HDR images with multiple data hiders. Pattern Anal. Appl. 2025, 28, 159. [Google Scholar] [CrossRef]
  25. Kurihara, K.; Kikuchi, M.; Imaizumi, S.; Shiota, S.; Kiya, H. An encryption-then-compression system for JPEG/Motion JPEG standard. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 2015, 98, 2238–2245. [Google Scholar] [CrossRef]
  26. Chuman, T.; Kurihara, K.; Kiya, H. Security evaluation for block scrambling-based ETC systems against extended jigsaw puzzle solver attacks. In Proceedings of the IEEE International Conference on Multimedia and Expo (ICME), Hong Kong, China, 10–14 July 2017; pp. 229–234. [Google Scholar]
  27. Chuman, T.; Kurihara, K.; Kiya, H. On the Security of Block Scrambling-Based EtC Systems against Extended Jigsaw Puzzle Solver Attacks. IEICE Trans. Inf. Syst. 2018, 101, 37–44. [Google Scholar] [CrossRef]
  28. Thodi, D.M.; Rodriguez, J.J. Expansion embedding techniques for reversible watermarking. IEEE Trans. Image Process. 2007, 16, 721–730. [Google Scholar] [CrossRef]
  29. Lin, H.; Imaizumi, S.; Kiya, H. Privacy-preserving ConvMixer without any accuracy degradation using compressible encrypted images. Information 2024, 15, 723. [Google Scholar] [CrossRef]
  30. Kodak Lossless True Color Image Suite. Available online: http://www.r0k.us/graphics/kodak/ (accessed on 8 February 2026).
  31. IHC Evaluation Resources. Available online: https://www.ieice.org/iss/emm/ihc/ (accessed on 11 April 2026).
Figure 1. Access privileges in RDH-EI.
Figure 1. Access privileges in RDH-EI.
Information 17 00492 g001
Figure 2. Block diagram of proposed method for generating marked EtC images.
Figure 2. Block diagram of proposed method for generating marked EtC images.
Information 17 00492 g002
Figure 3. Flowchart of pre-processing procedure.
Figure 3. Flowchart of pre-processing procedure.
Information 17 00492 g003
Figure 4. Prediction-value calculation for each pixel in sub-block ( B s = 6 ).
Figure 4. Prediction-value calculation for each pixel in sub-block ( B s = 6 ).
Information 17 00492 g004
Figure 5. Restoration process of proposed method.
Figure 5. Restoration process of proposed method.
Information 17 00492 g005
Figure 6. Marked-image examples with payload of 1.0 bpp.
Figure 6. Marked-image examples with payload of 1.0 bpp.
Information 17 00492 g006
Figure 7. Relationship between hiding capacity and marked-image quality.
Figure 7. Relationship between hiding capacity and marked-image quality.
Information 17 00492 g007aInformation 17 00492 g007b
Figure 8. Results of EJPS attack against EtC images.
Figure 8. Results of EJPS attack against EtC images.
Information 17 00492 g008
Table 1. Summary of main abbreviations and terms.
Table 1. Summary of main abbreviations and terms.
Abbreviation/TermMeaningDescription
RDH-EIReversible data hiding in encrypted imagesFramework enabling data embedding in encrypted images
RDH-BPEIRDH in bit-plane-based encrypted imagesRDH-EI method that divides bit-planes into encryption and embedding spaces
EtCEncryption-then-compressionImage encryption scheme preserving compression compatibility
RDH-EtCIRDH in EtC imagesRDH-EI method specifically designed for EtC images
BDF-RDHBlock-distortion-free RDHRDH-EI method based on RDH-EtCI that eliminates block distortion
RRBEReserving room before encryptionEmbedding space is reserved before encryption
VRAEVacating room after encryptionEmbedding space is created after encryption
Access privilegesTypes of restoring operations allowed (e.g., decryption, extraction)
PayloadEmbedded data in image [bpp]
Table 2. Comparison of representative RDH-EI methods for EtC images.
Table 2. Comparison of representative RDH-EI methods for EtC images.
MethodFormatAccess PrivilegesHiding CapacityBlock DistortionPre-Processing TimingRole Separation
RDH-BPEI [19]RRBEFullLimitedNoneBefore encryptionNo
RDH-EtCI [20]VRAEPartialHighExistsAfter encryptionYes
BDF-RDH [21]VRAEFullModerateEliminatedBefore encryptionNo
ProposedVRAEFullComparableEliminatedAfter encryptionYes
Table 3. Summary of main variables and parameters.
Table 3. Summary of main variables and parameters.
SymbolDefinition
B m Size of main blocks in EtC image
B s Size of sub-blocks
Z P l Smallest pixel value with zero frequency
Z P r Largest pixel value with zero frequency
LSum of embedding iteration parameters L 1 and L 2
L 1 Embedding iteration parameter targeting all pixels except reference-only pixels
L 2 Embedding iteration parameter targeting all pixels except reference-only pixels and four corner pixels
p i , j Original pixel value
p r e d i , j Predicted pixel value
Table 4. Average hiding capacity (bpp) achieved by each method.
Table 4. Average hiding capacity (bpp) achieved by each method.
DatasetsRDH-BPEI [19]RDH-EtCI [20]BDF-RDH [21]Proposed
Kodak2.513.173.133.12
IHC2.202.992.992.97
Table 5. Comparison of hiding capacity (bpp) by image size for kodim04.
Table 5. Comparison of hiding capacity (bpp) by image size for kodim04.
Image Size [Pixels]RDH-BPEI [19]RDH-EtCI [20]BDF-RDH [21]Proposed
512 × 768 2.563.363.253.31
1024 × 1536 2.743.703.693.70
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kato, Y.; Imaizumi, S. Block-Distortion-Free Reversible Data Hiding in Encryption-Then-Compression Images with Fully Flexible Access Privileges. Information 2026, 17, 492. https://doi.org/10.3390/info17050492

AMA Style

Kato Y, Imaizumi S. Block-Distortion-Free Reversible Data Hiding in Encryption-Then-Compression Images with Fully Flexible Access Privileges. Information. 2026; 17(5):492. https://doi.org/10.3390/info17050492

Chicago/Turabian Style

Kato, Yusaku, and Shoko Imaizumi. 2026. "Block-Distortion-Free Reversible Data Hiding in Encryption-Then-Compression Images with Fully Flexible Access Privileges" Information 17, no. 5: 492. https://doi.org/10.3390/info17050492

APA Style

Kato, Y., & Imaizumi, S. (2026). Block-Distortion-Free Reversible Data Hiding in Encryption-Then-Compression Images with Fully Flexible Access Privileges. Information, 17(5), 492. https://doi.org/10.3390/info17050492

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop