- Research Article
- Open Access

# How Reed-Solomon Codes Can Improve Steganographic Schemes

- Caroline Fontaine
^{1}Email author and - Fabien Galand
^{1}

**2009**:274845

https://doi.org/10.1155/2009/274845

© C. Fontaine and F. Galand. 2009

**Received:**31 July 2008**Accepted:**6 November 2008**Published:**12 January 2009

## Abstract

The use of syndrome coding in steganographic schemes tends to reduce distortion during embedding. The more complete model comes from the wet papers (J. Fridrich et al., 2005) and allow to lock positions which cannot be modified. Recently, binary BCH codes have been investigated and seem to be good candidates in this context (D. Schönfeld and A. Winkler, 2006). Here, we show that Reed-Solomon codes are twice better with respect to the number of locked positions; in fact, they are optimal. First, a simple and efficient scheme based on Lagrange interpolation is provided to achieve the optimal number of locked positions. We also consider a new and more general problem, mixing wet papers (locked positions) and simple syndrome coding (low number of changes) in order to face not only passive but also active wardens. Using list decoding techniques, we propose an efficient algorithm that enables an adaptive tradeoff between the number of locked positions and the number of changes.

## Keywords

- Linear Code
- Evaluation Code
- Parity Check
- Lagrange Interpolation
- Parity Check Matrix

## 1. Introduction

*Steganography* aims at sending a message through a cover-medium, in an *undetectable* way. *Undetectable* means that nobody, except the intended receiver of the message, should be able to tell if the medium is carrying a message or not [1]. Hence, if we speak about still images as cover-media, the embedding should work with the smallest possible distortion, not being detectable with the quite powerful analysis tools available [2, 3]. A lot of papers have been published on this topic, and it appears that modeling the embedding and detection/extraction processes with an error correcting code point of view, usually called matrix embedding by the steganographic community, may be helpful to achieve these goals [4–15]. The main interest of this approach is that it decreases the number of components modifications during the embedding process. As a side effect, it was remarked in [8] that matrix embedding could be used to provide an effective answer to the adaptive selection channel problem. The sender can embed the messages adaptively with the cover-medium to minimize the distortion, and the receiver can extract the messages without being aware of the sender choices. A typical steganographic application is the perturbed quantization [16]; during quantization process, for example, JPEG compression, real values
have to be rounded between possible quantized values
; when
lies close to the middle of an interval
, one can choose between
and
without adding too much distortion. This allows to embed messages under the condition that the receiver does not need to know which positions were modified.

It has been shown that if random codes may seem interesting for their asymptotic behavior, their use leads to solve really hard problems; syndrome decoding and covering radius computation, which are proved to be NP-complete and -complete, respectively (the complexity class includes the NP class) [17, 18]. Moreover, no efficient decoding algorithm is known, even for a small nontrivial family of codes. From a practical point of view, this implies that the related steganographic schemes are too complex to be considered as acceptable for real-life applications. Hence, it is of great interest to have a deeper look at other kinds of codes, structured codes, which are more accessible and lead to efficient decoding algorithms. In this way, some previous papers studied the Hamming code [4, 6, 9], the Simplex code [11], and binary BCH codes [12]. Here, we focus on this latter paper, that pointed out the interest in using codes with deep algebraic structures. The authors distinguish two cases, as previously introduced in [8]. The first one is classical: the embedder modifies any position of the cover-data (a vector which is extracted from the cover-medium, and processed by the encoding scheme), the only constraint being the maximum number of modifications allowed. In this case, they showed that binary BCH codes behave well, but pointed out that choosing the most appropriate code among the BCH family is quite hard, we do not know good complete syndrome decoding algorithms for BCH codes. In the second case, some positions are locked and cannot be used for embedding; this is due to the fact that modifying these positions leads to a degradation of the cover-medium that is noticeable. Hence, in order to remain undetectable, the sender restricts himself to keep these positions and lock them. This case is more realistic. The authors showed that there is a tradeoff between the number of elements that can be locked and the efficiency of the code.

This paper is organized as follows. In Section 2, we review the basic setting of coding theory used in steganography. In Section 3, we recall the syndrome coding paradigm, including wet paper codes and active warden. Section 4 presents the classical Reed-Solomon codes and gives details on the necessary tools to use them with syndrome coding, notably the Guruswami-Sudan list decoding algorithm. Section 5 leads to the core of this paper; in Section 5.1, we describe a simple algorithm to use Reed-Solomon codes in an optimal way for wet paper coding, and inSection 5.2 we describe and analyze our proposed algorithm constructed upon the Guruswami-Sudan decoding algorithm.

Before going deeper in the subject, please note that we made the choice to represent vectors as horizontal vectors. For general references to error correcting codes, we orientate the reader toward [19].

## 2. A Word on Coding Theory

We review here a few concepts relevant to coding theory applications in steganography.

Let
be the finite field with
elements,
being a power of some prime number. We consider
-tuples over
, usually referring to them as *words*. The classical *Hamming weight*
of a word
is the number of coordinates that is different from zero, and the *Hamming distance*
between two words
denotes the weight of their difference, that is, the number of coordinates in which they differ. We denote by
the *ball of radius*
*centered on*
, that is,
. Recall that the volume of a ball, that is, the number of its elements does not depend on the center
, and is equal to
in dimension
.

A *linear code*
is a vector subspace of
for some integer
, called the *length* of the code. The *dimension*
of
corresponds to its dimension as a vector space. Hence, a linear code of dimension
contains
*codewords*. The two main parameters of codes are their *minimal distance* and *covering radius*. The *minimal distance* of
is the minimal Hamming distance between two distinct codewords and, since we restrict ourself to linear codes, it is the minimum weight of a nonzero codeword. The minimum distance is closely related to the *error correction capacity* of the code; a code of minimal distance
corrects any error vector of weight at most
; that is, it is possible to recover the original codeword
from any
, with
. On the other hand, the *covering radius*
is the maximum distance between any word of
and the set of all codewords,
. A linear code of length
, dimension
, minimum distance
and covering radius
is said to be
.

*parity check matrix*. That is, for any linear code , there exists an matrix such that

An important consequence is the notion of *syndrome* of a word, that uniquely identifies the *cosets* of the code. A *coset* of
is a set
. Two remarks have to be pointed out; first, the cosets of
form a partition of the ambient space
; second, for any
, we have
, and each coset can be identified by the value of the *syndrome*
of its elements
denoted here as
.

The two main parameters and have interesting descriptions with respect to syndromes. For any word of weight at most , the coset has a unique word of weight at most . Stated differently, if the equation has a solution of weight , then it is unique. Moreover, is maximal for this property to hold. On the other hand, for element of , the equation always has a solution of weight at most . Again, is extremal with respect to this property; it is the smallest possible value for this to be true.

A *decoding mapping*, denoted by
, associates with a syndrome
a vector
of Hamming weight less than or equal to
, which syndrome is precisely equal to
,
and
. For our purpose, it is not necessary that
returns the vector
of minimum weight. Please, remark that the effective computation of
corresponds to the complete syndrome decoding problem, which is hard.

Finally, we need to construct a smaller code
from a bigger one
. The operation we need is called *shortening*; for a fixed set of coordinates
, it consists in keeping all codewords of
that have zeros for all positions in
and then deleting these positions. Remark that if
has parameters
with
, then the resulting code,
, has length
and dimension
.

## 3. Syndrome Coding

- (1)
a

*cover-medium*is processed to extract a sequence of symbols , sometimes called*cover-data*; - (2)
is modified into to embed the message ; is sometimes called the

*stego-data*; - (3)
modifications on are translated on the cover-medium to obtain the

*stego-medium*.

Here, we assume that the detectability of the embedding increases with the number of symbols that must be changed to go from to (see [6, 20] for some examples of this framework).

Syndrome coding deals with this number of changes. The key idea is to use some syndrome computation to embed the message into the cover-data. In fact, such a scheme uses a linear code , more precisely its cosets, to hide . A word hides the message if lies in a particular coset of , related to . Since cosets are uniquely identified by the so-called syndromes, embedding/hiding consists exactly in searching with syndrome , close enough to .

### 3.1. Simple Syndrome Coding

Equation (2) means that we want to recover the message in all cases; (3) means that we authorize the modification of at most coordinates in the vector .

enables to embed messages of length in a cover-data of length , while modifying at most elements of the cover-data.

The parameter
represents the (worst) *embedding efficiency*, that is, the number of embedded symbols per embedding changes in the worst case. In a similar way, one defines the *average embedding efficiency*
, where
is the average weight of the output of
for uniformly distributed inputs. Here, both efficiencies are defined with respect to symbols and not bits. Linking symbols with bits is not simple, as naive solutions lead to bad results in terms of efficiency. For example, if elements of
are viewed as blocks of
bits, modifying a symbol roughly leads to
bit flips on average and
for the worst case.

### 3.2. Syndrome Coding with Locked Elements

performs syndrome coding without disturbing the positions in . But, it is worth noting that for some sets , the mapping cannot be defined for all possible values of because the equation has no solution. This always happens when , since has dimension , but can also happen for smaller sets.

### 3.3. Syndrome Coding for an Active Warden

The previous setting focuses on distortion minimization to avoid detection by the entity inspecting the communication channel, the warden. This supposes the warden keeps a passive role, only looking at the channel. But, the warden can, in a preventive way, modify the data exchanged over the channel. To deal with this possibility, we consider that the stego-data may be modified by the warden, who can change up to of its coordinates. (In fact, we suppose that the action of the warden on the stego-medium translates onto the stego-data in such a way that at most coordinates are changed.)

This case has been addressed independently with different strategies by [21, 22]. To address it with syndrome coding, we want
with
. This requires that the balls
are disjoint for different messages
. In fact, the requirements on
lead to a known generalization of error correcting codes, called *centered error correcting codes* (CEC codes). They are defined by an encoding mapping
such that
and the balls
do not intersect;
is precisely what we need for
in the active warden setting. A decoding mapping for this centered code plays the role of
.

Hence, we can choose , where is a solution of , with .

### 3.4. A Synthetic View of Syndrome Coding for Steganography

The classical problem of syndrome coding presented in Section 3.1 can be extended in several directions, as presented in Sections 3.2 and 3.3. It is possible to merge both in one to get at the same time reduced distortion and active warden resistance. This has some impact on the parity check matrices we have to consider.

Starting from the setting of the active warden, the problem becomes to find solutions of , with the additional restriction that for . This means that we have to solve a particular instance of syndrome coding with locked elements, the syndrome has a special shape .

## 4. What Reed-Solomon Codes Are, and Why They May Be Interesting

*Reed-Solomon codes* over the finite field
are optimal linear codes. The *narrow-sense RS codes* have length
and can be defined as a particular subfamily of the BCH codes. But, we prefer the alternative, and larger, definition as an evaluation code, which leads to the *generalized Reed-Solomon codes* (GRS *codes*) .

### 4.1. Reed-Solomon Codes as Evaluation Codes

This definition, *a priori*, depends on the choice of the
and the order of evaluation; but, as the code properties do not depend on this choice, we will only focus here on the number
of
and will consider an arbitrary set
and order. Remark that when
with
a primitive element of
and
, we obtain the *narrow-sense Reed-Solomon codes* .

As we said, GRS codes are optimal since they are maximum distance separable (MDS); the minimal distance of is , which is the largest possible. On the other hand, the covering radius of is known and equal to .

Concerning the evaluation function, recall that if we consider elements of , then it is known that there is a unique polynomial of degree at most taking particular values on these elements. This means that for every in , one can find a polynomial with , such that ; moreover, is unique. With a slight abuse of notation, we write . Of course, is a linear mapping, for any polynomials and field elements .

is precisely the coefficients vector of the monomials of degree at least in . In fact, is the transpose of a parity check matrix of , since a vector is an element of the code if and only if we have . So, instead of , we write , as it is usually done.

### 4.2. A Polynomial View of Cosets

Now, let us look at the cosets of . A coset is a set of the type , with not in . As usual with linear codes, a coset is uniquely identified by the vector , syndrome of . In the case of GRS codes, this vector consists of the coefficients of monomials of degree at least .

### 4.3. Decoding Reed-Solomon Codes

#### 4.3.1. General Case

- (i)
a single polynomial , if it exists, such that the vector is at distance at most from (remark that if such a exists, it is unique), and nothing otherwise;

(i i) a list of all polynomials such that the vectors are at distance at most from , being an input parameter.

The second case corresponds to the so-called list decoding; an efficient algorithm for GRS codes was initially provided by [23], and was improved by [24], leading to the Guruswami-Sudan (GS) algorithm.

We just set here the outline of the GS algorithm, providing more details in the appendix. The Guruswami-Sudan algorithm uses a parameter called the interpolation multiplicity . For an input vector , the algorithm computes a special bivariate polynomial such that each couple is a root of with multiplicity . The second and last step is to compute the list of factors of , of the form , with . For a fixed , the list contains all the polynomials which are at distance at most . The maximum decoding radius is, thus, . Moreover, the overall algorithm can be performed in less than arithmetic operations over .

#### 4.3.2. Shortened GRS Case

The Guruswami-Sudan algorithm can be used for decoding shortened GRS codes. For a fixed set of indices, we are looking for polynomials such that , for and for as many as possible. Such can be written as with . Hence, decoding the shortened code reduces to obtain such that and for as many as possible. Stated differently, it reduces to decode in , which can be done by the GS algorithm.

## 5. What Can Reed-Solomon Codes Do?

Our problem is the following. We have a vector of symbols of , extracted from the cover-medium, and a message . We want to modify into such that is embedded in , changing at most coordinates in .

The basic principle is to use syndrome coding with a GRS code. We use the cosets of a GRS code to embed the message, finding a vector in the proper coset, close enough to . Thus, we suppose that we have fixed , constructed the matrix whose th row is , and inverted it. In particular, we denote by the last columns of , and therefore, according to Section 4.1, is a parity-check matrix. Recall that a word embeds the message if .

To construct , we need a word such that its syndrome is ; thus, we can set , which leads to . Moreover, the Hamming weight of is precisely the number of changes we apply to go from to ; so, we need .

When is equal to the covering radius of the code corresponding to , such a vector always exists. But, explicit computation of such a vector , known as the bounded syndrome decoding problem, is proved to be NP-hard for general linear codes. Even for families of deeply structured codes, we usually do not have polynomial time (in the length ) algorithms to solve the bounded syndrome decoding problem up to the covering radius. This is precisely the problem faced by [12].

GRS codes overcome this problem in a nice fashion. It is easy to find a vector with syndrome . Let us consider the polynomial that has coefficient for the monomial , ; according to the previous section, we have . Now, finding can be done by computing a polynomial of degree less than such that for at least elements we have . With such a , the vector has at least coordinates equal to zero, and the correct syndrome value. Hence, and the challenge lies in the construction of .

It is noteworthy to remark that locking the position , that is, requiring , is equivalent to require and, thus, to ask for .

### 5.1. A Simple Construction of *P*

#### 5.1.1. Using Lagrange Interpolation

The polynomial
we obtain by this way clearly satisfies
for any
and, thus, can match
. As pointed out earlier, since, for
, we have
, we also have
, *that is,* positions in
are locked.

The above proposed solution has a nice feature; by choosing , we can choose the coordinates on which and are equal, and this does not require any loss in computational complexity or embedding efficiency. This means that we can perform the syndrome decoding directly with the additional requirement of wet papers keeping unchanged the coordinates whose modifications are detectable.

#### 5.1.2. Optimal Management of Locked Positions

We can embed
elements of
, changing not more than
coordinates, so the embedding efficiency
is equal to
in the worst case. But, we can lock *any*
positions to embed our information.

This is to be compared with [12], where binary BCH codes are used. In [12], the maximal number of locked positions, without failing to embed the message , is experimentally estimated to be . To be able to lock up to positions, it is necessary to allow a nonzero probability of nonembedding. It is also noteworthy that the average embedding efficiency decreases fast.

In fact, embedding symbols while locking symbols amongst is optimal. We said in Section 3 that locking the positions in leads to an equation , where has dimension . So, when , there exist some values for which there is no solution. On the other hand, let us suppose we have a code with parity check matrix such that for any of size , and any , this equation has a solution, that is, is invertible. This means that any submatrix of is invertible. But, it is known that this is equivalent to require the code to be MDS (see, e.g., [19, Corollary 1.4.14]), which is the case of GRS codes. Hence, GRS codes are optimal in the sense that we can lock as many positions as possible, that is, up to for a message length of .

### 5.2. A More Efficient Construction of *P*

If the number of locked positions is less than , Lagrange interpolation is not optimal since it changes positions, almost always. Unfortunately, Lagrange interpolation is unable to use the additional freedom brought by fewer locked positions.

A possible way to address this problem is to use a decoding algorithm in order to construct , that is, we try to decode . Locked positions can be dealt with as explained in Section 3.2. If it succeeds, we get a in the ball centered on of radius , where is the decoding radius of the decoding algorithm. Here, the Guruswami-Sudan algorithm helps; it provides a large , that is, greater chances of success, and outputs a list of which allows to choose the best one with respect to some additional constraints on undetectability. In case of a decoding failure, we can add a new locked position and retry. If we already have locked positions, we fall back on Lagrange interpolation.

#### 5.2.1. Algorithm Description

for at least values , where is the decoding radius of the GS algorithm, which depends on and . If the decoding is successful, then has zeros on positions in and is equal to for at least positions . Pick up such that the distortion induced by is as low as possible. Remark that here is equal to .

- (i)
the procedure outputs a polynomial such that for all and ;

(ii) the procedure refers to the Guruswami-Sudan list decoding (Section 4.3.1). For the sake of simplicity, we just write for the output list of the GS decoding of , with respect to . So, this procedure returns a good approximation of , on the evaluation set, of degree less than ;

(iii) the procedure returns an integer from the set given as a parameter. This procedure is used to choose the new position to lock before retrying list decoding.

Lines 1 to 5 of the algorithm depicted in Algorithm 1 simply do the setup for the while loop. The while loop, Lines 6 to 12, tries to use list decoding to construct a good solution, as described above. Remark that if all GS decodings fail, we have with is equal to polynomial of Section 5.1, that is, we just fall back on Lagrange interpolation. Lines 13 to 16 use the result of the while loop in case of a decoding success, according to the details given above.

Correctness of this algorithm follows from the fact that through the whole algorithm we have and for . Termination is clear since each iteration of the Loop 6-12 increases .

#### 5.2.2. Algorithm Analysis

The most important property of embedding algorithms is the number of changes introduced during the embedding. Let be the average number of such changes when GRS is used and positions are locked. For our algorithm, this quantity depends on two parameters related to the Guruswami-Sudan algorithm:

**Algorithm 1:** Algorithm for embedding with locked positions using a
code (
fixed). It embeds
symbols with up to
locked positions and at most
changes.

**Inputs:**
, the cover-data

, symbols to hide

, set of coordinates to remain unchanged,

**Output:**
, the stego-data

( ; , ; )

- (1)
- (2)
- (3)
- (4)
- (5)
- (6)
**while**and**do** - (7)
- (8)
- (9)

(10)

(11)

(12) **end while**

(1 3) **if**
**then**

(14)

(15)

(16) **end if**

(17)

(18) **return**

- (i)
the probability that the list decoding of a word in outputs a nonempty list of codewords in GRS ;

- (ii)
the average distance between the closest codewords in the (nonempty) list and the word to decode.

We denote by the probability of an empty list and for conciseness let , . Thus, the probability that the first list decodings fail and the th succeeds can be written as with and . Remark that in this case, coordinates are changed on average.

- (a)
Estimating and

where
is the volume of a ball of radius
. This would be the correct value if GRS codes were *random* codes over
of length
, with
codewords uniformly drawn from
. That is, we estimate
as if GRS codes were random codes. Thus, we use
to upper estimate
.

- (b)
Estimating The Average Number of Changes

Using our previous estimations for and , we plotted in Figure 1 ( ), Figure 2 ( ), Figure 3 ( ). For each figure, we set and plotted for several values of .

is large. A second criterion to estimate the performance is the slope of the plotted curves, the slighter, the better.

With this in mind, looking at Figure 1, we can see that provides good performances; , which means that list decoding avoids up to of the changes required by Lagrange interpolation, and on the other hand, the slope is nearly when . For higher embedding rate, all values of less than have .

## 6. Conclusion

We have shown in this paper that Reed-Solomon codes are good candidates for designing efficient steganographic schemes. They enable to mix wet papers (locked positions) and simple syndrome coding (small number of changes) in order to face not only passive but also active wardens. If we compare them to the previous studied codes, as binary BCH codes, Reed-Solomon codes improve the management of locked positions during embedding, hence ensuring a better management of the distortion; they are able to lock twice the number of positions. Moreover, they are optimal in the sense that they enable to lock the maximal number of positions. We first provide an efficient way to do it through Lagrange interpolation. We then propose a new algorithm based on Guruswami-Sudan list decoding, which is slower but provides an adaptive tradeoff between the number of locked positions and the average number of changes.

In order to use them in real applications, several issues still have to be addressed. First, we need to choose an appropriate measure to properly estimate the distortion induced at the medium level when modifying the symbols at the data level. Second, we need to use a nonbinary, and preferably large, alphabet. A straightforward way to deal with this would be to simply regroup bits to obtain symbols of our alphabet and consider that a symbol should be locked if it contains a bit that should be. Unfortunately, it would lead to a large number of locked symbols (e.g., of locked bits leads to up to of locked symbols if we use ). A better way would be to use grid coloring [26], keeping a -to- ratio. But, the price to this -to- ratio would be a cut in payload. We think a good solution has yet to be figured out. Nevertheless, in some settings, a large alphabet arises naturally; for example, in [14], a (binary) wet paper code is used on the syndromes of a Hamming code, some of these syndromes being locked; here, since whole syndromes are locked, we can view syndromes as elements of the larger field and use our proposal. Third, no efficient implementation of the Guruswami-Sudan list decoding algorithm is available. And, as the involved mathematical problems are really tricky, only a specialist can perform a real efficient one. Today, these three issues remain open.

## Declarations

### Acknowledgments

Dr. C. Fontaine is supported (in part) by the European Commission through the IST Programme under Contract IST-2002-507932 ECRYPT and by the French National Agency for Research under Contract ANR-RIAM ESTIVALE. The authors are in debt to Daniel Augot for numerous comments on this work, in particular for pointing out the adaptation of the Guruswami-Sudan algorithm to shortened GRS used in the embedding algorithm.

## Authors’ Affiliations

## References

- Simmons GJ: The prisoners' problem and the subliminal channel. In
*Advances in Cryptology*. Plenum Press, New York, NY, USA; 1984:51-67.View ArticleGoogle Scholar - Böhme R, Westfeld A: Exploiting preserved statistics for steganalysis. In
*Proceedings of the 6th International Workshop on Information Hiding (IH '04), May 2004, Toronto, Canada, Lecture Notes in Computer Science*.*Volume 3200*. Springer; 82-96.View ArticleGoogle Scholar - Franz E: Steganography preserving statistical properties.
*Proceedings of the 5th International Workshop on Information Hiding (IH '02), October 2002, Noordwijkerhout, The Netherlands, Lecture Notes in Computer Science*2578: 278-294.View ArticleMATHGoogle Scholar - Crandall RSome notes on steganography. Posted on steganography mailing list, 1998, http://os.inf.tu-dresden.de/~westfeld/crandall.pdf
- Bierbrauer JOn Crandall's problem. Personal communication, 1998, http://www.ws.binghamton.edu/fridrich/covcodes.pdf
- Westfeld A: F5—a steganographic algorithm: high capacity despite better steganalysis.
*Proceedings of the 4th International Workshop on Information Hiding (IH '01), April 2001, Pittsburgh, Pa, USA, Lecture Notes in Computer Science*2137: 289-302.View ArticleMATHGoogle Scholar - Galand F, Kabatiansky G: Information hiding by coverings.
*Proceedings of IEEE Information Theory Workshop (ITW '03), March-April 2003, Paris, France*151-154.Google Scholar - Fridrich J, Goljan M, Lisonek P, Soukal D: Writing on wet paper.
*IEEE Transactions on Signal Processing*2005, 53(10, part 2):3923-3935.MathSciNetView ArticleGoogle Scholar - Fridrich J, Goljan M, Soukal D: Efficient wet paper codes.
*Proceedings of the 7th International Workshop on Information Hiding (IH '05), June 2005, Barcelona, Spain, Lecture Notes in Computer Science*3727: 204-218.View ArticleGoogle Scholar - Fridrich J, Goljan M, Soukal D: Wet paper codes with improved embedding efficiency.
*IEEE Transactions on Information Forensics and Security*2006, 1(1):102-110. 10.1109/TIFS.2005.863487View ArticleGoogle Scholar - Fridrich J, Soukal D: Matrix embedding for large payloads.
*IEEE Transactions on Information Forensics and Security*2006, 1(3):390-395. 10.1109/TIFS.2006.879281View ArticleGoogle Scholar - Schönfeld D, Winkler A: Embedding with syndrome coding based on BCH codes. In
*Proceedings of the 8th Workshop on Multimedia and Security (MM&Sec '06), September 2006, Geneva, Switzerland*. ACM; 214-223.View ArticleGoogle Scholar - Schönfeld D, Winkler A: Reducing the complexity of syndrome coding for embedding. In
*Proceedings of the 9th International Workshop on Information Hiding (IH '07), June 2007, Saint Malo, France, Lecture Notes in Computer Science*.*Volume 4567*. Springer; 145-158.Google Scholar - Zhang W, Zhang X, Wang S: Maximizing steganographic embedding efficiency by combining Hamming codes and wet paper codes.
*Proceedings of the 10th International Workshop on Information Hiding (IH '08), May 2008, Santa Barbara, Calif, USA, Lecture Notes in Computer Science*5284: 60-71.View ArticleGoogle Scholar - Bierbrauer J, Fridrich J: Constructing good covering codes for applications in steganography. In
*Transactions on Data Hiding and Multimedia Security III, Lecture Notes in Computer Science*.*Volume 4920*. Springer, Berlin, Germany; 2008:1-22. 10.1007/978-3-540-69019-1_1View ArticleGoogle Scholar - Fridrich J, Goljan M, Soukal D: Perturbed quantization steganography.
*ACM Multimedia and Security Journal*2005, 11(2):98-107. 10.1007/s00530-005-0194-3View ArticleGoogle Scholar - Vardy A: The intractability of computing the minimum distance of a code.
*IEEE Transactions on Information Theory*1997, 43(6):1757-1766. 10.1109/18.641542MathSciNetView ArticleMATHGoogle Scholar - McLoughlin A: The complexity of computing the covering radius of a code.
*IEEE Transactions on Information Theory*1984, 30(6):800-804. 10.1109/TIT.1984.1056978MathSciNetView ArticleGoogle Scholar - Huffman WC, Pless V:
*Fundamentals of Error-Correcting Codes*. Cambridge University Press, Cambridge, UK; 2003.View ArticleMATHGoogle Scholar - Kim Y, Duric Z, Richards D: Modified matrix encoding technique for minimal distortion steganography. In
*Proceedings of the 8th International Workshop on Information Hiding (IH '06), June 2006, Alexandria, Va, USA, Lecture Notes in Computer Science*.*Volume 4437*. Springe; 314-327.Google Scholar - Galand F, Kabatiansky G: Steganography via covering codes.
*Proceedings of the IEEE International Symposium on Information Theory (ISIT '03), June-July 2003, Yokohama, Japan*192.Google Scholar - Zhang X, Wang S: Stego-encoding with error correction capability.
*IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences*2005, E88-A(12):3663-3667. 10.1093/ietfec/e88-a.12.3663View ArticleGoogle Scholar - Sudan M: Decoding of Reed Solomon codes beyond the error-correction bound.
*Journal of Complexity*1997, 13(1):180-193. 10.1006/jcom.1997.0439MathSciNetView ArticleMATHGoogle Scholar - Guruswami V, Sudan M: Improved decoding of Reed-Solomon and algebraic-geometry codes.
*IEEE Transactions on Information Theory*1999, 45(6):1757-1767. 10.1109/18.782097MathSciNetView ArticleMATHGoogle Scholar - McEliece RJ: The Guruswami-Sudan decoding algorithm for Reed-Solomon codes. In
*IPN Progress Report*. 42-153 California Institute of Technology, Pasadena, Calif, USA; 2003.http://tmo.jpl.nasa.gov/progress_report/42-153/153F.pdfGoogle Scholar - Fridrich J, Lisonek P: Grid colorings in steganography.
*IEEE Transactions on Information Theory*2007, 53(4):1547-1549.MathSciNetView ArticleMATHGoogle Scholar - von zur Gathen J, Gerhard J:
*Modern Computer Algebra*. 2nd edition. Cambridge University Press, Cambridge, UK; 2003.MATHGoogle Scholar

## Copyright

This article is published under license to BioMed Central Ltd. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.