Definitions

# Digital watermarking

Digital watermarking is the process of embedding information into a digital signal. The signal may be audio, pictures or video, for example. If the signal is copied, then the information is also carried in the copy.

In visible watermarking, the information is visible in the picture or video. Typically, the information is text or a logo which identifies the owner of the media. The image on the right has a visible watermark. When a television broadcaster adds its logo to the corner of transmitted video, this is also a visible watermark.

In invisible watermarking, information is added as digital data to audio, picture or video, but it cannot be perceived as such. An important application of invisible watermarking is to copyright protection systems, which are intended to prevent or deter unauthorized copying of digital media. Steganography is an application of digital watermarking, where two parties communicate a secret message embedded in the digital signal. Annotation of digital photographs with descriptive information is another application of invisible watermarking. While some file formats for digital media can contain additional information called metadata, digital watermarking is distinct in that the data is carried in the signal itself.

The use of the word of watermarking is derived from the much older notion of placing a visible watermark on paper.

## Instance of a Digital Watermarking Scheme

A general watermarking scheme is defined as:

$Omega^* = left\left(E,D,R,M,p_E,p_D,p_Rright\right)$

where E defines the embedding function, D detecting function, R retrieval function and M the message. Furthermore, the embedding parameters $p_E inmathcal\left\{P\right\}_E$ defines the parameter set used for watermark embedding, $p_D inmathcal\left\{P\right\}_D$ defines the detection parameters and $p_R inmathcal\left\{P\right\}_R$ retrieval parameters. Hence, each watermarking scheme $Omega$ may have different instances according to the values that these parameters may adopt. An instance $Omega^*$ of the watermarking scheme $Omega$ for a particular value of the parameter vectors.

## Watermarking Life-Cycle Phases

In general, the usage of digital watermarking can be simplified as follows. An unmarked (mostly original) signal ($S$, with $Sinmathbb\left\{S\right\}$) is the source signal, where the watermark ($w$) is embedded by using an embedding function $E$. The result is the marked signal $S_E$. It can be defined, that this process is done in a secure environment. The following step could be, for example, the distribution of $S_E$ over the Internet or storage of it to provide authenticity or integrity checks. These processes can be seen as an insecure part, where attacks ($A_\left\{i,j\right\}inmathbb\left\{A\right\}$) occur on $S_E$. After distribution of $S_E$, the signal is defined as $S_\left\{EA\right\}$ because potential attacks could have destroyed the watermark. A detecting function $D$ tries to detect the watermark $w$ or a retrieval function $R$ tries to retrieve the embedded message $m\text{'}$. The detection/retrieval can be done in a secure or insecure environment, depending on the used application of the watermarking algorithm.

The complete scenario is defined as life cycle of a watermark, because it begins with embedding and ends with detection/retrieval. This is shown in the following figure with expected secure and insecure parts.

The information to be embedded is called a digital watermark, although in some contexts the phrase digital watermark means the difference between the watermarked signal and the cover signal. The signal where the watermark is to be embedded is called the host signal. A watermarking system is usually divided into three distinct steps, embedding, attack and detection. In embedding, an algorithm accepts the host and the data to be embedded and produces a watermarked signal.

The watermarked signal is then transmitted or stored, usually transmitted to another person. If this person makes a modification, this is called an attack. While the modification may not be malicious, the term attack arises from copyright protection application, where pirates attempt to remove the digital watermark through modification. There are many possible modifications, for example, lossy compression of the data, cropping an image or video, or intentionally adding noise.

Detection (often called extraction) is an algorithm which is applied to the attacked signal to attempt to extract the watermark from it. If the signal was unmodified during transmission, then the watermark is still present and it can be extracted. In robust watermarking applications, the extraction algorithm should be able to correctly produce the watermark, even if the modifications were strong. In fragile watermarking, the extraction algorithm should fail if any change is made to the signal.

## Watermark Parameters

In general, the fundamental watermarking parameters are classifies into the 7 watermarking properties capacity, complexity, invertibility, transparency, robustness, security and verification (alphabetic order):

### Capacity

The Capacity is in general divided into embedding and retrieval capacity.

#### Embedding Capacity

The embedding capacity $text\left\{cap\right\}_E$ of a watermarking scheme is defined as the amount of information that is (seems to be) embedded into the cover object to obtain the marked object. A simple definition for a capacity measure $text\left\{cap\right\}_E$ would be related to the size of the embedded message, i.e. $text\left\{cap\right\}_E\left(Omega^*,S\right)=text\left\{size\left(M\right)\right\}=|M|$. In addition, capacity is often given relative to the size of the cover object:

$\left\{text\left\{cap\right\}_E\right\}_text\left\{rel\right\}\left(Omega^*,S\right)=frac\left\{text\left\{cap\right\}_E\right\}\left\{text\left\{size\right\}\left(S\right)\right\}.$

Note that such measure only takes into account the information embedded, but not the information that is retrieved. Note, also, that this measure does not consider the possibility of repeat coding, in which the mark is replicated as many times as needed prior to its insertion. All these issues are related to the retrieval capacity which is defined in the retrieval function.

#### Retrieval Capacity

The definition of retrieval capacity defines the capacity with respect to the retrieved message $m\text{'}$. First of all, zero-bit watermarking schemes do not transmit any message, since the watermark $w$ is just detected but a message $m\text{'}$ is not retrieved. In such a case, the retrieval capacity of these schemes is zero.

For non zero-bit watermarking schemes the retrieval capacity is considered after data extraction. The following retrieval capacity function is defined: $\left\{text\left\{cap\right\}_R\right\}_text\left\{rel\right\}\left(Omega^*,S_\left\{EA\right\}\right)=|m| - sum_\left\{i=1\right\}^$

m_ioplus m'_i, > where $m=m_1 m_2 dots m_$
>, $m\text{'}=m\text{'}_1 m\text{'}_2 dots m\text{'}_$
> and $oplus$ depicts the exclusive or operation. This equation counts the number of correctly transmitted bits (those which are equal on both sides of the communication channel) and it is assumed that $m$ and $m\text{'}$ have exactly the same length (otherwise $m$ or $m\text{'}$ should be padded or cut in some manner).

In case of repeat coding, the retrieved message is several times longer than the embedded message: $m\text{'}=m\text{'}_\left\{11\right\} m\text{'}_\left\{12\right\} dots m\text{'}_\left\{1|m m\text{'}_\left\{21\right\} m\text{'}_\left\{22\right\} dots m\text{'}_\left\{2|m dots dots m\text{'}_\left\{p_\left\{max\right\}|m$. In such a situation, the retrieval capacity should consider all the repetitions as follows $\left\{text\left\{cap\right\}^*_R\right\}_text\left\{rel\right\}\left(Omega^*,S_\left\{EA\right\}\right)=sum_\left\{j=1\right\}^\left\{p_\left\{max\right\}\right\}left\left[|m| - sum_\left\{i=1\right\}^$

m_i oplus m'_{ji}right], > where $p_\left\{max\right\}$ is the counted number of maximal retrieved $m\text{'}$. In the sequel, no repeat coding is assumed for notational simplicity, but all the formulae can be easily extended to that case. If the watermark is not embedded multiple times, then $p_\left\{max\right\}=1$.

There are two relevant comments about this definition of relative capacity. The first is that usually this kind of measure is given in terms of the size of the cover object $S$: $\left\{text\left\{cap\right\}_R\right\}_text\left\{rel\right\}\left(Omega^*,S_\left\{EA\right\}\right)=frac\left\{\left\{text\left\{cap\right\}^*_R\right\}_text\left\{rel\right\}\left(Omega^*,S_\left\{EA\right\}\right)\right\}\left\{text\left\{size\right\}\left(S_\left\{EA\right\}\right)\right\}$ and it is assumed that the sizes of $S$, and $S_\left\{EA\right\}$ are, at least, similar. This second definition provides measures such as bits per second or in bits of transmitted information per bit of the marked object. If the latter is used, a value in the interval $\left[0,1\right]$ is obtained, where 1 means that all the transmitted bits are used for the message, which is the best case as capacity is concerned. The second comment is that $\left\{text\left\{cap\right\}_R\right\}_text\left\{rel\right\}$ is relative to a given pair $S_\left\{EA\right\}$ and $S$. An absolute measure is provided below.

Another capacity measure can be defined in terms of the ratio of correctly recovered bits normalized by $p_\left\{max\right\}$. If $p_\left\{max\right\}$ is unknown, the measure of $\left\{text\left\{cap\right\}^\left\{\right\}_R\right\}_text\left\{rel\right\}$ can also be used, but would result in highest, not normalized values.: $\left\{text\left\{cap\right\}^\left\{\right\}_R\right\}_text\left\{rel\right\}\left(Omega^*,S_\left\{EA\right\}\right)=frac\left\{\left\{text\left\{cap\right\}^*_R\right\}_text\left\{rel\right\}\left(Omega^*,S_\left\{EA\right\}\right)\right\}$

### Complexity

Given a function $F$, the complexity of it can be measured. Thereby the effort or investment needed to embed or attack or detect and retrieve the watermark is defined with complexity. A measuring function $C$ is defined as $C\left(F\right)$ to measure the complexity of $F$. If it is adapted to, for example, the embedding function of $Omega$, then the embedding complexity can be computed $C\left(E,S\right)$. Depending on $C$, for example the computation cost of time, needed memory or IO operations, lines of code, etc. could be measured. The relative complexity of a watermarking scheme $Omega^*$ and a particular object $S$ is defines as: $C\left(E,S\right)rightarrowtext\left\{com\right\}^*_text\left\{rel\right\}\left(Omega^*,S\right)$ However, this definition of complexity depends on the signal $S$. Thereby, a normalization is needed to provide results independent on $S$. The normalization can be done with the signal and it length (or size) or with the embedded capacity. If the length (or size) of the signal is used for normalization, then the length can be time or size needed for streaming or file size on the storage. Which exactly is defined with the function $mathrm\left\{size\right\}\left(S\right)$. The normalization done by the embedding capacity measures the needed effort to embed one single bit. Note, that this normalization is only usable for n-bit watermarking schemes. In the following both normalizations are formalized. $text\left\{com\right\}^S_text\left\{rel\right\}\left(Omega^*,S\right)=frac\left\{text\left\{com\right\}^*_text\left\{rel\right\}\right\}\left\{mathrm\left\{size\right\}\left(S\right)\right\}=frac\left\{C\left(E,S\right)\right\}\left\{mathrm\left\{size\right\}\left(S\right)\right\}$ Note, that in this case a linear complexity depending on the length of $S$ is assumed. If it is non-linear, then this function cannot be used to measure the complexity. Then, the normalization depending on, for example, the embedding capacity, introduced in the following can be used. $text\left\{com\right\}^C_text\left\{rel\right\}\left(Omega^*,S\right)=frac\left\{text\left\{com\right\}^*_text\left\{rel\right\}\right\}\left\{text\left\{cap\right\}^*_E\right\}=frac\left\{C\left(E,S\right)\right\}\left\{text\left\{cap\right\}^*_E\right\}$ Both definitions of complexity are related to a particular object $S$. Similar to other watermark properties, a definition of absolute values applies any of the following definitions:

• Average complexity based on signal and capacity normalization: $text\left\{com\right\}^S_text\left\{av\right\}\left(Omega^*\right)=frac\left\{1\right\}$
{sum_{S inmathbb{S}}text{com}^S_text{rel}(Omega^*,S)}> $text\left\{com\right\}^C_text\left\{av\right\}\left(Omega^*\right)=frac\left\{1\right\}$
{sum_{S inmathbb{S}}text{com}^C_text{rel}(Omega^*,S)}>
• Maximum complexity for audio signal and capacity normalization: $text\left\{com\right\}^S_text\left\{mx\right\}\left(Omega^*\right)=max_\left\{S inmathbb\left\{S\right\}\right\}left\left\{text\left\{com\right\}^S_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}$ $text\left\{com\right\}^C_text\left\{mx\right\}\left(Omega^*\right)=max_\left\{S inmathbb\left\{S\right\}\right\}left\left\{text\left\{com\right\}^C_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}$
• Minimum complexity for audio signal and capacity normalization: $text\left\{com\right\}^S_text\left\{mn\right\}\left(Omega^*\right) = min_\left\{S inmathbb\left\{S\right\}\right\}left\left\{text\left\{com\right\}^S_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}$ $text\left\{com\right\}^C_text\left\{mn\right\}\left(Omega^*\right)=min_\left\{S inmathbb\left\{S\right\}\right\}left\left\{text\left\{com\right\}^C_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}$
• ### Invertibility

Refers to the property of a watermarking scheme which has the possibility to remove the watermark $w$ from the marked signal $S_E$ completely to receive signal $S\text{'}$ and if $Omega$ is invertible, then $S=S\text{'}$. To provide this feature, the watermarking algorithms must provide special embedding techniques. Furthermore, secret keys are mostly used to protect the original content from unauthorized access. The measured value of invertibility for a watermarking scheme $Omega^*$ is a boolean value. If this value is $0$, then $Omega^*$ cannot remove $w$ from the marked object. If $Omega$ can remove $w$ completely and $S=S\text{'}$, then $1$ is returned. $text\left\{inv\right\}\left(Omega^*,S_E\right)= begin\left\{cases\right\} 0 & \left(\left(Omega^*,S_E\right) rightarrow S\text{'}\right) wedge \left(Snot =S\text{'}\right) = text\left\{true\right\} 1 & \left(\left(Omega^*,S_E\right) rightarrow S\text{'}\right) wedge \left(S= S\text{'}\right) = text\left\{true\right\} end\left\{cases\right\}$

### Robustness

In this section, the robustness of a digital watermarking scheme is described. To introduce the robustness itself, the detection success is needed and introduced as first.

#### Detection Success

To measure the overall success of a detection or retrieval function, the detection success function is introduced. Therefore, the connection to zero-bit an n-bit watermarking scheme are introduced as follows. For zero-bit watermarking schemes, $text\left\{det\right\}_D$D returns $0$, if the watermark could not be successful detected and $1$ if the detection function was able to detect the watermark, see the following equation: $text\left\{det\right\}_D\left(Omega^*,S_\left\{EA\right\}\right)= begin\left\{cases\right\} 0, text\left\{no successful detection \left(negative\right)\right\}, 1, text\left\{positive successful detection \left(positive\right).\right\} end\left\{cases\right\}$ To measure the successfully embedding rate over a test set $mathbb\left\{S\right\}$, the average of $text\left\{det\right\}_D$ can be computed as follows: $\left\{text\left\{det\right\}_D\right\}_text\left\{av\right\}\left(Omega^*\right)=frac\left\{1\right\}$
sum_{Sinmathbb{S}}text{det}_D > For n-bit watermarking schemes, it is important to know, if the watermark was successfully detected at least once (in case of multiple embedding). If, for example, a watermark scheme embeds the message $m$ multiple times $left\left(p_\left\{max\right\}right\right)$, and the retrieval function $\left\{text\left\{cap\right\}^*_R\right\}_text\left\{rel\right\}$ returns, that 10% are positive retrievable, then it is unknown, which $m_i$ are affected. Therefore, it is useful to define a successful detection, if at least one embedded message could be retrieved positively, which is introduced in the following equation. $text\left\{det\right\}_R\left(Omega^*,S_\left\{EA\right\}\right)= begin\left\{cases\right\} 1, exists j indisplaystyleleft\left\{1,dots,p_\left\{max\right\}right\right\}: sum_\left\{i=1\right\}^$
m'_{ji} oplus m_{ji} = 0, 0, text{otherwise}. end{cases} > Note that this is not the only possible definition of the detection function in case of repeat coding. For example, another definition could be the following: $text\left\{det\right\}_\left\{Rtau\right\}\left(Omega^*,S_\left\{EA\right\}\right)= begin\left\{cases\right\} 1, text\left\{if \right\}\left\{text\left\{cap\right\}^\left\{\right\}_\left\{R\right\}\right\}_text\left\{rel\right\}\left(Omega^*,tilde S\right) geq tau, 0, text\left\{otherwise\right\}. end\left\{cases\right\}$ i.e. detection is reported if the ratio of correctly recovered bits is above some threshold $tau$ (which is equal to or close to 1).

#### Watermark Robustness

The robustness measure $text\left\{rob\right\}_text\left\{rel\right\}$ of a watermarking scheme is a value in the closed interval $\left[0,1\right]$, where 0 is the worst possible value (the scheme is not robust for the signal S) and 1 is the best possible value (the method is robust for the signal S). There is a difference, for example, depending on whether the bit error rate (BER) or byte error rate (BYR) is used to measure the robustness. If the robustness is measured based on the byte error rate $text\left\{rob\right\}^\left\{byte\right\}$, then a given watermarking scheme is classified as robust if the bytes of the embedded massage (characters) are correctly retrieved. This measurement is similar to the Levenstein distance, which works and measured a distance between two given strings. It is useful in applications scenarios that need to determine how similar two strings are. Another robustness measure function based on the bit error rate $text\left\{rob\right\}^\left\{bit\right\}$ returns the percentage robustness of the watermarking scheme measured over the whole attacking and test set and is based on the bit changes within the retrieved message. This measurement is similar to the Hamming distance based on bit-strings. Hence, a watermarking scheme is classified as not robust, if more than $nu$ numbers of retrieved bits are destroyed and the transparency of the attacks if higher than $tau$. For zero-bit watermarking schemes no retrieval function exists and no classification based on bit or byte error rates are possible. To simplify matters, the robustness measure for zero-bit watermarking schemes is always classified to $text\left\{rob\right\}^\left\{byte\right\}$.

The following example motivates the distinction between the robustness measure based on bit and byte error rate. If the message $m$="123", with 3 bytes and 3*8=24 bits, is embedded and after attacking, the last 6 bits are destroyed and incorrectly retrieved, then the byte error rate returns, that 2 bytes are correct (the first two) and one is false (the last), which has a value of $frac\left\{1\right\}\left\{3\right\}=0.3overline\left\{3\right\}$. The bit error rate returns, that 18~bits are correct (the first) and 6 bits are false (the last), which has a value of $frac\left\{6\right\}\left\{24\right\}=0.25$. If now the 1., 2., 8., 9., 16. and 17. bit are destroyed, then the byte error rate returns, that all bytes (characters) are false and the result has a value of $frac\left\{3\right\}\left\{3\right\}=1.0$ and this shows, that 100% of the bytes are destroyed. In contrast, the bit error rate returns, that 18 bits are correct retrieved and 6 bits are wrong, which has a value of $frac\left\{6\right\}\left\{24\right\}=0.25$. Although the bit error rate does not change to the first example, differences are apparent in the byte error rater. Therefore, the following equations introduce the robustness for n-bit watermarking schemes divided into $text\left\{rob\right\}^\left\{byte\right\}$ and $text\left\{rob\right\}^\left\{bit\right\}$ and for zero-bit watermarking schemes only for $text\left\{rob\right\}^\left\{byte\right\}$. The two robustness measures $text\left\{rob\right\}^\left\{byte\right\}$ and $text\left\{rob\right\}^\left\{bit\right\}$ returns completely different robustness values. It is introduced to show, that different approaches are possible and depending on test goals, choices are to be made to select the measure function. It is noted, that different measure methods are available to measure the robustness, i.e. based on $text\left\{det\right\}_R$ in relation to attacking transparency.

The following function relates robustness based on the byte error rate to transparency for a zero-bit and n-bit watermarking scheme as follows, given $S_\left\{EA\right\}=A_\left\{i,j\right\}\left(S_E\right)$: $text\left\{rob\right\}^\left\{byte\right\}_text\left\{rel\right\}\left(Omega^*,S_E\right)= 1 - max_\left\{A_\left\{i,j\right\} inmathcal\left\{A\right\}\right\} left\left\{Tleft\left(S_E,S_\left\{EA\right\}right\right): text\left\{det\right\}_Dleft\left(S_\left\{EA\right\},p_E^mathrm\left\{opt\right\},p_D^mathrm\left\{opt\right\},p_\left\{mathrm\left\{cod\right\}\right\},\left[S,m\right]right\right)=0right\right\}$ and for a n-bit watermarking scheme: $text\left\{rob\right\}^\left\{byte\right\}_text\left\{rel\right\}\left(Omega^*,S_E\right)= 1 - max_\left\{A_\left\{i,j\right\} inmathcal\left\{A\right\}\right\} left\left\{Tleft\left(S_E,S_\left\{EA\right\}right\right): text\left\{det\right\}_Rleft\left(S_\left\{EA\right\},p_E^mathrm\left\{opt\right\},p_D^mathrm\left\{opt\right\},p_\left\{mathrm\left\{cod\right\}\right\},\left[S,m\right]right\right)=0right\right\}$

And the robustness based on the bit error rate related to the transparency for n-bit watermarking schemes is given as: $text\left\{rob\right\}^\left\{bit\right\}_text\left\{av\right\}\left(Omega^*\right)= frac\left\{1\right\}$

 mathbb{A}
sum_{Sinmathbb{S}}sum_{A_{i,j}inmathbb{A}} begin{cases} 1, & left({text{cap}^\$_R}_text{rel} >< tau right) wedge left({text{tra}_A}_text{rel} > nuright) 0, & text{otherwise} end{cases} That is, given a marked object $S_E$ and all the attacks which attack the watermark, even for optimal embedding and detection parameters ($p_E^mathrm\left\{opt\right\}, p_D^mathrm\left\{opt\right\}$), the one which produces less distortion in the marked object $S_E$ determines how robust the scheme is. If none of the attacks in the family $mathbb\left\{A\right\}$ erases the embedded mark, then this measure is (by definition) equal to 1 (the best possible value).

The functions measure robustness in a worst case sense. When the security of a system is to be assessed, it is usually considered that a given system is as weak as the weakest of its components. Similarly, the equation establishes that the worst possible attack (in the sense that the mark is erased but the attacked signal preserves good quality) in a given family determines how robust the watermarking scheme $Omega$ is. If the best (maximum) transparency amongst all the attacks which destroy the mark is $0.23$, then the robustness of the method as given by is $1-0.23=0.77$.

However, the functions of the equation introduced above are textit{relative} to a given object $S_\left\{EA\right\}$ (hence the use of the subindex "rel") but usually to define the robustness of a watermarking scheme as an inherent property not related to any particular object, but to a family or collection of objects. This may be referred to as the absolute robustness ($text\left\{rob\right\}^\left\{byte\right\}_\left\{text\left\{rel\right\}\right\}$) which can be defined in several ways. Given a family $mathbb\left\{S\right\}$ of cover objects, and their corresponding marked objects $S_E$ obtained by means of the embedding, the absolute robustness based on bit and byte error rate can be defined according to different criteria, for example:

• Average robustness based on byte error rate: $text\left\{rob\right\}^\left\{byte\right\}_text\left\{av\right\}\left(Omega^*\right)=frac\left\{1\right\}${sum_{S inmathbb{S}}text{rob}^{byte}_text{rel}(Omega^*,S_E)}. > * Minimum robustness (worst case approach) based on byte error rate: $text\left\{rob\right\}^\left\{byte\right\}_text\left\{mn\right\}\left(Omega^*\right)=min_\left\{S inmathbb\left\{S\right\}\right\}text\left\{rob\right\}^\left\{byte\right\}_text\left\{rel\right\}\left(Omega^*,S_E\right).$
• Probabilistic approach based on byte error rate:
• ### Security

Described the security of the embedded watermark against specific security attacks. After defining all required security measurements $mathcal\left\{L\right\}$ (like collusion or subspace security), the relative total security $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{rel\right\}$ can be computed for a particular cover signal. $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{rel\right\}\left(Omega^*,S\right)=frac\left\{1\right\}$
sum_{text{sec}^*_text{rel}inmathcal{L}}text{sec}^*_text{rel}(Omega^*,S)> Whereby $text\left\{sec\right\}^*_text\left\{rel\right\}$ defines each relative security measurement provided by $mathcal\left\{L\right\}$, for example, subspace security $text\left\{sec\right\}^text\left\{sub\right\}_text\left\{rel\right\}$ or collusion security $text\left\{sec\right\}^text\left\{col\right\}_text\left\{rel\right\}$ and all other security measurements defined in the security set $mathcal\left\{L\right\}$. If the average total security $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{av\right\}$, maximum $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{mx\right\}$ and minimum $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{mn\right\}$ are measured, then the following definition are used.

• Average total security: $text\left\{se\right\}c^text\left\{tot\right\}_text\left\{av\right\}\left(Omega^*\right)=frac\left\{1\right\}$
sum_{Sinmathbb{S}}sum_{text{sec}^*_text{av}inmathcal{L}}text{sec}^*_text{av}(Omega^*,S) >
• Maximum total security: $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{mx\right\}\left(Omega^*\right)=text\left\{max\right\}_\left\{S inmathbb\left\{S\right\}\right\}left\left\{max_\left\{text\left\{sec\right\}^*_text\left\{mx\right\}\right\}left\left\{text\left\{sec\right\}^*_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}right\right\}$
• Minimum total security: $text\left\{sec\right\}^text\left\{tot\right\}_text\left\{mn\right\}\left(Omega^*\right)=min_\left\{S inmathbb\left\{S\right\}\right\}left\left\{min_\left\{text\left\{sec\right\}^*_text\left\{mn\right\}\right\}left\left\{text\left\{sec\right\}^*_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}right\right\}$
• ### Transparency

Given a reference object $S_text\left\{ref\right\}$ and a test object $S_text\left\{test\right\}$ the transparency function T provides a measure of the perceptible distortion between $S_text\left\{ref\right\}$ and $S_text\left\{test\right\}$. Without loss of generality, such a function may take values in the closed interval [0,1] where 0 provides the worst case (the signals $S_text\left\{ref\right\}$ and $S_text\left\{test\right\}$ are so different that $S_text\left\{test\right\}$ cannot be recognized as a version of $S_text\left\{ref\right\}$) and 1 is the best case (an observer does not perceive any significant difference between $S_text\left\{ref\right\}$ and $S_text\left\{test\right\}$):
$T\left(S_text\left\{ref\right\},S_text\left\{test\right\}\right) rightarrow \left[0,1\right]$
The relative transparency for a watermarking scheme $Omega^*$ and a particular object S is defined as:
$T\left(S_text\left\{ref\right\},S_text\left\{test\right\}\right)rightarrow\left\{mathrm\left\{tra\right\}\right\}_mathrm\left\{rel\right\}\left(Omega^*,S\right)$
This definition of transparency is related to a particular object $S$. It is usually better to provide some absolute value of transparency which is not related to a particular object $S$. A definition of "absolute" transparency is related to a family $/mathbb\left\{S\right\}$ of objects to be marked, which applies any of the following definitions: * Average transparency:

$\left\{text\left\{tra\right\}\right\}_text\left\{av\right\}\left(Omega^*\right)=frac\left\{1\right\}$

 mathcal{L}
>sum_{Sinmathbb{S}}{text{tra}}_text{rel}(Omega^*,S),

• Maximum transparency:

$\left\{text\left\{tra\right\}\right\}_text\left\{mx\right\}\left(Omega^*\right)=text\left\{max\right\}_\left\{S inmathbb\left\{S\right\}\right\}left_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}.$

• Minimum transparency:

$\left\{text\left\{tra\right\}\right\}_text\left\{mn\right\}\left(Omega^*\right)=text\left\{min\right\}_\left\{S inmathbb\left\{S\right\}\right\}left_text\left\{rel\right\}\left(Omega^*,S\right)right\right\}.$

### Verification

Described the type of the detection/retrieval function $D,R$ which requires information. Therefore three classifications are available:

Non-blind: If the watermarking scheme requires the cover object $S$, then it is associated as non-blind watermarking scheme. Often, this type of watermark scheme is referred as informed watermarking scheme. Mostly, the watermark detector/retriever is only usable from a defined group of people, which hides the watermark detector and the required original signal $S$.

Informed: If the watermarking scheme requires the embedded message $m$, the embedding parameters $p_E$ or other additional information (except the original signal $S$) for detection or retrieval, then the watermarking scheme is associated to this group. Often, watermarking schemes where the embedding function creates a data file needed for detection/retrieval, are associated to this type of verification.

Blind: If the watermarking scheme does not require the original signal nor additional information (e.g. $m$ or $p_E$), then the watermarking scheme is associated to this group. The verification ($text\left\{ver\right\}$) is defined as list $\left\{0, 0.5,1\right\}$, whereby the $1$ is associated with non-blind, a $0.5$ with informed and a $0$ with blind. The formalization is introduced in the following equation. $text\left\{ver\right\}\left(Omega^*,S\right)= begin\left\{cases\right\} 0 & \left(Omega^*,S\right)quad text\left\{is non-blind\right\} 0.5 & \left(Omega^*,S\right)quad text\left\{is informed\right\} 1 & \left(Omega^*,S\right)quad text\left\{is blind\right\} end\left\{cases\right\}$

## Classification

A digital watermark is called robust with respect to a class of transformations T if the embedded information can reliably be detected from the marked signal even if degraded by any transformation in T. Typical image degradations are JPEG compression, rotation, cropping, additive noise and quantization. For video content temporal modifications and MPEG compression are often added to this list. A watermark is called imperceptible if the cover signal and marked signal are indistinguishable with respect to an appropriate perceptual metric. In general it is easy to create robust watermarks or imperceptible watermarks, but the creation of robust and imperceptible watermarks has proven to be quite challenging . Robust imperceptible watermarks have been proposed as tool for the protection of digital content, for example as an embedded 'no-copy-allowed' flag in professional video content .

Digital watermarking techniques can be classified in several ways.

### Robustness

A watermark is called fragile if it fails to be detected after the slightest modification. Fragile watermarks are commonly used for tamper detection (integrity proof). Modification to an original work that are clearly noticeable are commonly not referred to as watermarks, but referred to as generalized barcodes.

A watermark is called semi-fragile if it resist benign transformations but fails detection after malignant transformations. Semi-fragile watermarks are commonly used to detect malignant transformations.

A watermark is called robust if it resists a designated class of transformations. Robust watermarks are commonly used in copyright applications (to carry ownership or forensic information) and copy protection applications (to carry copy and access control information).

### Perceptibility

A watermark is called imperceptible if the original cover signal and the marked signal are (close to) perceptually indistinguishable.

A watermark is called perceptible if its presence in the marked signal is noticeable, but non-intrusive.

### Capacity

The length of the embedded message $|m|$ determines two different main classes of watermarking schemes:

• $|m|=0$: The message $m$ is conceptually zero-bit long and the system is designed in order to detect the presence or the absence of the watermark $w$ in the marked object $S_E$. This kind of watermarking schemes is usually referred to as Italic zero-bit or Italic presence watermarking schemes. Sometimes, this type of watermarking scheme is called 1-bit watermark, because a 1 denotes the presence and a 0the absence of a watermark.
• $|m|=n>0$: The message $m$ is a n-bit long stream ($m=m_1ldots m_n,; ninN$, with $n=|m|$) or $M=\left\{0,1\right\}^n$ and is modulated in $w$. This kind of schemes is usually referred to as multiple bit watermarking or non zero-bit watermarking schemes.

### Embedding method

A watermarking method is referred to as spread-spectrum if the marked signal is obtained by an additive modification. Spread-spectrum watermarks are known to be modestly robust, but also to have a low information capacity due to host interference.

A watermarking method is referred to be of quantization type if the marked signal is obtained by quantization. Quantization watermarks suffer from low robustness, but have a high information capacity due to rejection of host interference.

A watermarking method is referred to as amplitude modulation if the marked signal is embedded by additive modification method which it similar to spread spectrum method but this method is especially embedded in spatial domain.

## Applications

Digital Watermarking can be used for a wide range of applications such as:

• Fingerprinting (Different recipients get differently watermarked content).
• Broadcast Monitoring (Television news often contains watermarked video from international agencies).
• Covert Communication (steganography).

## Evaluation / Benchmarking

The evaluation of digital watermarking schemes can provide detailed information for watermark designer or end users. Therefore, different evaluation strategies exists. Often used from watermark designer is the evaluation of single properties to show, for example, an improvement. End users, are mostly not interested in detailed information. They want to know, if a given digital watermarking algorithm can be used for their application scenario, and if yes, which parameter sets seems to be the best.