CN111541679B - Image security retrieval method based on secret sharing in cloud environment - Google Patents
Image security retrieval method based on secret sharing in cloud environment Download PDFInfo
- Publication number
- CN111541679B CN111541679B CN202010307335.3A CN202010307335A CN111541679B CN 111541679 B CN111541679 B CN 111541679B CN 202010307335 A CN202010307335 A CN 202010307335A CN 111541679 B CN111541679 B CN 111541679B
- Authority
- CN
- China
- Prior art keywords
- image
- distance
- server
- share
- shares
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/50—Information retrieval; Database structures therefor; File system structures therefor of still image data
- G06F16/51—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/50—Information retrieval; Database structures therefor; File system structures therefor of still image data
- G06F16/58—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
- G06F16/583—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
- G06F16/5838—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content using colour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention aims to provide an image security retrieval scheme based on secret sharing in a cloud environment, and the security retrieval of a cloud image is realized by constructing an index share and a trapdoor share. The data owner generates a ciphertext image and an index share and uploads the ciphertext image and the index share to the cloud end, during query, a user generates a trapdoor share and sends the trapdoor share to the cloud end, and the cloud end can calculate a distance share and return the ciphertext image which is closest to the query image, so that the safety problem of using a uniform key for encryption in the conventional scheme can be solved; in order to prevent an attacker from analyzing the image similarity information to guess the image according to the original Euclidean distance, the distance share is encrypted by using a random number and a safe multiparty calculation method. The security of the scheme depends on a secret sharing technology, the common precision loss problem in image security retrieval is solved, and the retrieval precision is almost consistent with that of the image retrieval in a plain text domain.
Description
Technical Field
The invention belongs to the field of multimedia information security protection, and particularly relates to an image security retrieval method based on a secret sharing technology and a secure multi-party computing technology.
Background
With the popularity of digital cameras, smart phones, the number of images, graphics, and photos is growing at an increasingly rapid rate. Because the cloud computing platform has the advantages of large scale, high reliability, strong universality, strong expandability and low price, more and more image owners choose to outsource the images to the cloud server. However, the data outsourced to the cloud completely gets out of the direct physical control of its owner, and faces the double threats of external network attackers and untrusted cloud Service providers csp (cloud Service provider), and the data stored in the cloud may face the risk of being leaked or abused.
To prevent privacy disclosure, sensitive pictures need to be encrypted locally and uploaded to the cloud. The data owner encrypts the data locally and then outsources the data to the CSP, so that even if an attacker illegally steals the user data in the cloud, the attacker cannot decrypt the user data to obtain plaintext information. However, the encryption operation would make image retrieval techniques applicable to plaintext images no longer available. In the image retrieval in the plain text domain, content-based image retrieval (CBIR) extracts relevant features from images, and determines the similarity between images by comparing the distances between image features, representing the future development trend of image retrieval. The randomness of encryption causes the distance between image features to be difficult to maintain and the retrieval to be difficult, so that the research work of ciphertext domain image retrieval is necessary. At present, in most ciphertext domain image retrieval schemes under the cloud environment, only a single server is considered to provide service, most indexes and images are encrypted by adopting a single secret key, once the secret key is cracked, all the indexes and images are revealed, and the security risk is high. However, the cloud computing environment is a typical distributed processing platform, a plurality of cloud servers are often adopted to store images, and the parallel computing of the plurality of servers can obtain higher computing speed, improve the retrieval efficiency and improve the reliability, the availability and the robustness of the system; in addition, the indexes and the images are stored in a distributed mode and are encrypted respectively, so that the attack difficulty of an attacker is increased, and the whole system has higher safety. But the ciphertext domain retrieval scheme of multiple servers in the cloud environment is less visible. The invention provides a safe and efficient multi-server ciphertext domain image retrieval scheme, and solves the problem of safe retrieval of ciphertext images of multiple servers in a cloud environment.
Disclosure of Invention
The invention aims to provide an image security retrieval scheme based on secret sharing, which realizes the security retrieval of a cloud image by constructing an index share and a trapdoor share. The data owner generates a ciphertext image and an index share and uploads the ciphertext image and the index share to the cloud end, during query, a user generates a trapdoor share and sends the trapdoor share to the cloud end, and the cloud end can calculate a distance share and return the ciphertext image closest to the query image, so that the safety problem existing in the existing scheme that a unified secret key is used for encryption can be solved.
The solution of the scheme is as follows: in the off-line stage, the image owner extracts image features, generates index shares by a secret sharing principle, achieves the effect of protecting the index safety, and respectively sends the index shares to the three servers for storage. For an attacker, the attacker needs to attack all cloud servers and obtain all secret index shares to reconstruct the original index, which greatly increases the difficulty of the attacker in breaking the index on the cloud. Because the generation of the index share does not depend on a fixed key, even if an attacker obtains a part of indexes and corresponding index shares, other indexes cannot be reconstructed, the statistical attack invalidity of the scheme on a single cloud server is ensured, and the safety of the indexes on the cloud is further improved. And in the query stage, a user extracts the characteristics of the query image, generates a trapdoor share by using a secret sharing principle, is used for protecting the security of the query trapdoor, and respectively sends the trapdoor share to the three servers. The three servers calculate the distance shares according to the index shares and the trapdoor shares, in order to prevent an attacker from analyzing the image similarity information to speculate the image according to the original Euclidean distance, the distance shares are encrypted by using a random number and a secure multiparty calculation method and are sent to one server, the server decrypts the encrypted distance shares to generate the sum of the distance shares and the random number, and then the distance is reconstructed according to a secret shared Lagrange interpolation formula. Because the security of the scheme depends on the secret sharing technology, the common precision loss problem in image security retrieval is solved, and the retrieval precision is almost consistent with the image retrieval in the plain text domain.
The invention provides a secret sharing-based image security retrieval method in a cloud environment, which comprises the following steps:
step 1, an image owner extracts image features, generates an index share, and uploads the index share and an encrypted image to a cloud:
step 2, the user sends a query request to the image owner, acquires a decryption key, extracts query image features, generates trapdoor shares and uploads the trapdoor shares to the cloud respectively:
step 3, the server respectively constructs distance shares according to the index shares and the trapdoor shares, generates encryption keys of the distance shares and encrypts the distance shares:
and 4, the server decrypts the encrypted distance shares and generates the sum of the distance shares and the random number, reconstructs the distance shares, performs similarity sequencing according to the reconstructed distance, and returns an encrypted query result:
and 5, the user decrypts the ciphertext image by using the decryption key to obtain the original image.
Further, the specific implementation manner of step 1 is as follows,
step 1.1, constructing an index: extracting color features to generate indexes for all images of the image owner, wherein the y-th image feature is expressed asn represents the dimension of the feature point descriptor;
step 1.2, index share is constructed: generating a string of random numbers a ═ a1,...,an) For image feature hyAn index share is generated, for m 1, 2.
Index share hy(1) To the Server 1, index the shares hy(2) To the server 2, index the share hy(3) To the server 3;
step 1.3, using AES encryption algorithm and key K pairEncrypting an original image I to obtain a ciphertext image IeAnd uploaded to the server 3.
Further, the specific implementation manner of step 2 is as follows,
step 2.1, constructing a trapdoor: user extraction of query image IqIs expressed as q ═ q (q)1,...,qn) N represents the dimension of the feature point descriptor;
step 2.2, constructing a trapdoor share: generating a string of random numbers b ═ b1,b2,…,bn) A trapdoor share is generated for image q, and for m 1,2, n:
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
trapdoor share q (1) is sent to server 1, trapdoor share q (2) is sent to server 2, and trapdoor share q (3) is sent to server 3.
Further, the specific implementation manner of step 3 is as follows,
step 3.1, constructing distance shares: according to the secret sharing principle, a quadratic polynomial is constructed from index shares and trapdoor shares, the constant term of which is
Server sxCalculating distance sharesFor m 1, 2.., n, the mth dimension, which generates the distance share, is
Step 3.2, generating an encryption key of the distance share: randomly selecting two prime numbers p and q to enable q to divide p-1 evenly, and then generating a random number h belonging to Zp,ZpRepresenting loop Z/pZ, Z representing the integer field, g being calculated1And g2;
g1=h(p-1)/q mod p s.t g1≠1mod p (11)
Wherein mod represents the remainder;
server sxSelecting a random numberComputingAnd sent to the server sx+1Thus, server sxGenerating a secret key Rx;
Step 3.3, encrypting the distance shares: to prevent an attacker from analyzing the image similarity information to infer the image according to the original Euclidean distance, the server s is queried every time1And s2Respectively selecting a string of random numbers ran1m=(ran11,...,ran1m,...,ran1n) And ran2m=(ran21,...,ran2m,...,ran2n) For m 1,2, n, yield
Using a secret key RxEncryptionConstructing an encryption distance share; the server 1 encrypts the distance sharesSent to the server 3, the server 2 encrypts the distance shareIs sent to the server 3 and,
further, the specific implementation manner of step 4 is as follows,
step 4.1, decrypt the encrypted distance shares and generate the sum of the distance shares and the random number: according to the principle of secure multiparty computation, the product of encrypted data is converted into the sum of data, which can be obtained without exposing the original data, the server 3 computes the product of encrypted distance shares and finds the distance shares and the randomSum of numbers Denoted by dist';
dist′=(Cm-1)/P (19)
step 4.2, according to secret sharing, utilizing Lagrange interpolation formula to share distance Reconstructing a quadratic polynomialThe constant term of the polynomial is the square of the difference of the single dimensional index and the trapdoor;
Summing the results of n dimensions, calculating an index hyEuclidean distance (h) from trapdoor qy-q)2;
4.3, calculating the Euclidean distance of the order preservation; for each of the queries, the query is,is constant, prevents the original Euclidean distance from being stolen by the server, and the server 3 calculates the index hyAnd the sequence preserving Euclidean distance Dist of the trapdoor q, and a query result IeReturning to the user;
compared with other methods, the method has the advantages that: the invention provides an image security retrieval method based on secret sharing, which utilizes a Shamir secret sharing principle to construct three index shares and store the index shares in three different cloud servers, different indexes are encrypted by using different keys, difficulty of an attacker in cracking index information is greatly improved, statistical attack of a single server can be resisted, and the privacy protection problem of image indexing is solved. In the query phase, the query image features of the user also generate three trapdoor shares, preventing the cloud server from knowing the query information of the user. The secure multi-party computing technology is utilized to realize the secure distance reconstruction, ensure the security of distance sequencing and greatly improve the system security. Meanwhile, the scheme is based on the secret sharing technology, so that precision loss is almost avoided, and the retrieval precision is basically consistent with that of the plaintext image retrieval.
Drawings
Fig. 1 is a general schematic diagram of a secure retrieval method according to an embodiment of the present invention.
Detailed Description
As shown in fig. 1, an image security retrieval method based on secret sharing in a cloud environment provided by an embodiment of the present invention includes:
step 1, an image owner extracts image features, generates an index share, and uploads the index share and an encrypted image to a cloud:
step 1.1, constructing an index: extracting color features to generate indexes for all images of the image owner, wherein the y-th image feature is expressed asn represents the dimension of the feature point descriptor;
step 1.2, index share is constructed: generating a string of random numbers a ═ a1,...,an) For image hyIndex shares are generated. For m 1,2, n:
index share hy(1) To the Server 1, index the shares hy(2) To the server 2, index the share hy(3) To the server 3;
step 1.3, encrypting the yth original image I in the database of the data owner by using an AES encryption algorithm and a secret key K to obtain a ciphertext image IeAnd uploaded to the server 3.
Step 2, extracting query image features by a user, generating trapdoor shares and uploading the trapdoor shares to the cloud respectively:
step 2.1, constructing a trapdoor: user extraction of query image IqIs expressed as q ═ q (q)1,...,qn) N represents the dimension of the feature point descriptor;
step 2.2, constructing a trapdoor share: generating a string of random numbers b ═ b1,b2,...,bn) A trapdoor share is generated for image q. For m 1,2, n:
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
trapdoor share q (1) is sent to server 1, trapdoor share q (2) is sent to server 2, and trapdoor share q (3) is sent to server 3.
Step 3, the server respectively constructs distance shares and encrypts the distance shares by using safe multi-party calculation:
step 3.1, constructing distance shares: according to the secret sharing principle, a quadratic polynomial is constructed from index shares and trapdoor shares, the constant term of which is
Server sxCalculating distance sharesFor m 1, 2.., n, the mth dimension, which generates the distance share, is
Step 3.2, generating an encryption key of the distance share: randomly selecting two prime numbers p and q toQ is able to divide p-1. ZpRepresenting the loop Z/pZ, Z representing the integer field, and then generating a random number h ∈ ZpCalculate g1And g2;
g1=h(p-1)/q mod p s.t g1≠1mod p (11)
Wherein mod represents the remainder;
server sxSelecting a random numberComputingAnd sent to the server sx+1. Thus, the server sxA key R can be generatedx;
Step 3.3, encrypting the distance shares: to prevent an attacker from analyzing the image similarity information to infer the image according to the original Euclidean distance, the server s is queried every time1And s2Respectively selecting a string of random numbers ran1m=(ran11,...,ran1m,...,ran1n) And ran2m=(ran21,…,ran2m,…,ran2n). For m 1,2, n, yield
Using a secret key RxEncryptionAn encryption distance share is constructed. The server 1 encrypts the distance sharesSent to the server 3, the server 2 encrypts the distance shareTo the server 3.
Step 4, distance reconstruction, similarity sequencing and returning an encrypted query result:
step 4.1, decrypt the encrypted distance shares and generate the sum of the distance shares and the random number: according to the principle of secure multiparty computation, the product of encrypted data is converted into the sum of data, which can be obtained without exposing the original data, the server 3 computes the product of encrypted distance shares and finds the sum of the distance shares and the random number Denoted by dist';
dist′=(Cm-1)/p (19)
step 4.2, according to secret sharing, utilizing Lagrange interpolation formula to share distance Reconstructing a quadratic polynomialThe constant term of the polynomial is the square of the difference of the single dimensional index and the trapdoor;
Summing the results of n dimensions, calculating an index hyThe Euclidean distance from the trapdoor q;
4.3, calculating the Euclidean distance of the order preservation; for each of the queries, the query is,is constant, prevents the original Euclidean distance from being stolen by the server, and the server 3 calculates the index hyAnd the sequence preserving Euclidean distance Dist of the trapdoor q, and a query result IeReturning to the user;
The implementation steps of the present invention are described in detail with reference to fig. 1 by taking a corel1000 database as an example:
processing of image owner side
Step 1 a: firstly, generating an index, and extracting the color characteristic of each image in a training database, wherein the characteristic is called the index hyThe index dimension is n;
step 1b, establishing index shares, extracting the index of each image in the image library according to the step 1a, generating three index shares for each database image, and uploading the index shares to three servers respectively;
wherein a ismIs a random number generated for the index of the m-th dimension;
step 1c, encrypting the original image I by using an AES encryption algorithm and a key K to obtain a ciphertext imageAnd uploaded to the server 3.
Secondly, user side query processing:
step 2 a: the user sends a query request to the image owner to obtain a decryption key K2And the like;
and step 2 b: generating a trapdoor, and extracting color characteristics of a query image, wherein the characteristics become a query trapdoor q, and the dimension of the trapdoor is n;
and step 2 c: constructing a trapdoor index, generating three trapdoor shares according to the trapdoor of each image in the query images extracted in the step 2b, generating three trapdoor shares by one query image, uploading the three trapdoor shares to three servers respectively, and requesting to query the images;
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
wherein b ismIs a random number generated for the index of the m-th dimension.
Thirdly, processing of the cloud server side:
step 3 a: an encryption key of distance shares is generated, and two prime numbers p, q are randomly selected so that p-1 can be divided by q. ZpRepresenting the loop Z/pZ, Z representing the integer field, and then generating a random number h ∈ ZpCalculate g1And g2The three servers respectively select a random numberComputingAnd sent to the server sx+1. Thus, the server sxA key R can be generatedi;
g1=h(p-1)/q mod p s.t g1≠1mod p (7)
And step 3 b: constructing distance shares, and after receiving the trapdoor shares sent by the user, generating the distance shares by the three servers according to the trapdoor shares and the index shares respectively
And step 3 c: the server 1 and the server 2 respectively generate a string of n-dimensional random numbers, and then the three servers respectively generate parameters
Step 3d, encrypting by using the key generated in step 3aGenerating an encrypted distance share, and the server 1 and the service period 2 respectively transmitting the generated encrypted distance share to the server 3;
step 3 e: according to the secure multiparty computation principle, the server 3 computes the product of the encrypted distance shares and generates the sum dist' of the distance shares and all random numbers;
dist′=(Cm-1)/P (18)
and step 3 f: the server 3 finds the index h according to the secret sharing principleyAnd ordering the distances with the sequence-preserving Euclidean distance Dist of the trapdoor q, wherein the shorter the distance is, the more similar the distance is, the query result I iseBack to the user
Fourthly, processing of the user side:
after receiving the encrypted image, the user uses the AES algorithm and the key K to pair the ciphertext image IeAnd decrypting to obtain a plaintext image I.
The foregoing is a more detailed description of the invention, taken in conjunction with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments disclosed. It will be understood by those skilled in the art that various changes in detail may be effected therein without departing from the scope of the invention as defined by the appended claims.
Claims (5)
1. An image security retrieval method based on secret sharing in a cloud environment is characterized by comprising the following steps:
step 1, an image owner extracts image features, generates an index share, and uploads the index share and an encrypted image to three servers:
step 2, the user sends a query request to the image owner, acquires a decryption key, extracts the features of the query image, generates trapdoor shares and uploads the trapdoor shares to three servers respectively:
and 3, respectively constructing distance shares by the three servers according to the index shares and the trapdoor shares, generating encryption keys of the distance shares to encrypt the distance shares, and sending the distance shares to one of the servers:
and 4, the server decrypts the encrypted distance shares and generates the sum of the distance shares and the random number, reconstructs the distance shares, performs similarity sequencing according to the reconstructed distance, and returns an encrypted query result:
and 5, the user decrypts the ciphertext image by using the decryption key to obtain the original image.
2. The image security retrieval method based on secret sharing in the cloud environment as claimed in claim 1, wherein: the specific implementation of step 1 is as follows,
step 1.1, constructing an index: extracting color features to generate indexes for all images of the image owner, wherein the y-th image feature is expressed asn represents the dimension of the feature point descriptor;
step 1.2, index share is constructed: generating a string of random numbers a ═ a1,...,an) For image feature hyAn index share is generated, for m 1, 2.
Index share hy(1) To the Server 1, index the shares hy(2) To the server 2, index the share hy(3) To the server 3;
step 1.3, encrypting the original image I by using an AES encryption algorithm and a secret key K to obtain a ciphertext image IeAnd uploaded to the server 3.
3. The image security retrieval method based on secret sharing in the cloud environment as claimed in claim 2, wherein: the specific implementation of step 2 is as follows,
step 2.1, constructing a trapdoor: user extraction of query image IqIs expressed as q ═ q (q)1,...,qn) N represents the dimension of the feature point descriptor;
step 2.2, constructing a trapdoor share: generating a string of random numbers b ═ b1,b2,...,bn) A trapdoor share is generated for image q, and for m 1,2, n:
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
trapdoor share q (1) is sent to server 1, trapdoor share q (2) is sent to server 2, and trapdoor share q (3) is sent to server 3.
4. The image security retrieval method based on secret sharing in the cloud environment as claimed in claim 3, wherein: the specific implementation of step 3 is as follows,
step 3.1, constructing distance shares: according to the secret sharing principle, a quadratic polynomial is constructed from index shares and trapdoor shares, the constant term of which is
ServiceDevice x calculates distance sharesFor m 1, 2.., n, the mth dimension, which generates the distance share, is
Step 3.2, generating an encryption key of the distance share: randomly selecting two prime numbers p,So thatCan divide p-1 evenly and then generate a random number h epsilon Zp,ZpRepresenting loop Z/pZ, Z representing the integer field, g being calculated1And g2;
Wherein mod represents the remainder;
server x selects a random numberComputingAnd sends it to server x +1, x is 1,2, 3, when x is 3, server 3 selects a random numberComputingAnd sent to the server 1, thus the server sxGenerating a secret key Rx;
Step 3.3, encrypting the distance shares: in order to prevent an attacker from analyzing the image similarity information to guess the image according to the original Euclidean distance, a string of random numbers ran1 is respectively selected for each inquiry of the server 1 and the server 2m=(ran11,...,ran1m,...,ran1n) And ran2m=(ran21,...,ran2m,...,ran2n) For m 1,2, n, yield
Using a secret key RxEncryptionConstructing an encryption distance share; the server 1 encrypts the distance sharesSent to the server 3, the server 2 encrypts the distance shareIs sent to the server 3 and,
5. the image security retrieval method based on secret sharing in the cloud environment as claimed in claim 4, wherein: the specific implementation of step 4 is as follows,
step 4.1, decrypt the encrypted distance shares and generate the sum of the distance shares and the random number: according to the principle of secure multiparty computation, the product of encrypted data is converted into the sum of data, which can be obtained without exposing the original data, the server 3 computes the product of encrypted distance shares and finds the sum of the distance shares and the random numberDenoted by dist';
dist′=(Cm-1)/P (19)
step 4.2, according to secret sharing, utilizing Lagrange interpolation formula to share distance Reconstructing a quadratic polynomialThe constant term of the polynomial is the square of the difference of the single dimensional index and the trapdoor;
Summing the results of n dimensions, calculating an index hyEuclidean distance (h) from trapdoor qy-q)2;
4.3, calculating the Euclidean distance of the order preservation; for each of the queries, the query is,is constant, prevents the original Euclidean distance from being stolen by the server, and the server 3 calculates the index hyAnd the sequence preserving Euclidean distance Dist of the trapdoor q, and a query result IeIs returned to useA household;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010307335.3A CN111541679B (en) | 2020-04-17 | 2020-04-17 | Image security retrieval method based on secret sharing in cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010307335.3A CN111541679B (en) | 2020-04-17 | 2020-04-17 | Image security retrieval method based on secret sharing in cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111541679A CN111541679A (en) | 2020-08-14 |
CN111541679B true CN111541679B (en) | 2021-04-16 |
Family
ID=71978748
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010307335.3A Active CN111541679B (en) | 2020-04-17 | 2020-04-17 | Image security retrieval method based on secret sharing in cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111541679B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112328640A (en) * | 2020-11-10 | 2021-02-05 | 杭州趣链科技有限公司 | Data query method, device and system and data set processing method |
CN112528064B (en) * | 2020-12-10 | 2022-12-13 | 西安电子科技大学 | Privacy-protecting encrypted image retrieval method and system |
CN113139534B (en) * | 2021-05-06 | 2022-07-15 | 上海交通大学 | Two-stage safe multi-party calculation image text positioning and identifying method |
CN114189351B (en) * | 2021-10-25 | 2024-02-23 | 山东师范大学 | Dense state image retrieval method and system based on CNN and signature technology |
CN114048341B (en) * | 2021-11-03 | 2023-04-07 | 北京中知智慧科技有限公司 | Safety retrieval method, system, client and server for appearance design product |
CN115455488B (en) * | 2022-11-15 | 2023-03-28 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Secret database query method and device based on secret copy sharing |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106599311A (en) * | 2016-12-29 | 2017-04-26 | 广州市奥威亚电子科技有限公司 | Cloud computation-based internet education platform resource library image retrieval method |
CN108256031A (en) * | 2018-01-11 | 2018-07-06 | 北京理工大学 | A kind of multi-source encrypted image search method for supporting secret protection |
CN109543061A (en) * | 2018-11-16 | 2019-03-29 | 西安电子科技大学 | A kind of encrypted image search method for supporting multi-key cipher |
-
2020
- 2020-04-17 CN CN202010307335.3A patent/CN111541679B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106599311A (en) * | 2016-12-29 | 2017-04-26 | 广州市奥威亚电子科技有限公司 | Cloud computation-based internet education platform resource library image retrieval method |
CN108256031A (en) * | 2018-01-11 | 2018-07-06 | 北京理工大学 | A kind of multi-source encrypted image search method for supporting secret protection |
CN109543061A (en) * | 2018-11-16 | 2019-03-29 | 西安电子科技大学 | A kind of encrypted image search method for supporting multi-key cipher |
Non-Patent Citations (2)
Title |
---|
Collusion-Tolerable Privacy-Preserving Sum and Product Calculation without Secure Channel;Taeho Jung 等;《IEEE Transactions on Dependable and Secure Computing》;20150201;全文 * |
隐私保护的图像内容检索技术研究综述;吴颖;《网络与信息安全学报》;20190831;第5卷(第4期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111541679A (en) | 2020-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111541679B (en) | Image security retrieval method based on secret sharing in cloud environment | |
US11381398B2 (en) | Method for re-keying an encrypted data file | |
Zhang et al. | Pop: Privacy-preserving outsourced photo sharing and searching for mobile devices | |
JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
EP2680488B1 (en) | Similarity calculation system, similarity calculation device, computer program, and similarity calculation method | |
CN108768951B (en) | Data encryption and retrieval method for protecting file privacy in cloud environment | |
CN108959567B (en) | Safe retrieval method suitable for large-scale images in cloud environment | |
Wang et al. | SecHOG: Privacy-preserving outsourcing computation of histogram of oriented gradients in the cloud | |
CN112270006A (en) | Searchable encryption method for hiding search mode and access mode in e-commerce platform | |
CN108400970B (en) | Similar data message locking, encrypting and de-duplicating method in cloud environment and cloud storage system | |
CN110866135B (en) | Response length hiding-based k-NN image retrieval method and system | |
CN111522973B (en) | Privacy protection image retrieval method fusing compressed sensing | |
CN115269938B (en) | Homomorphic encryption-based keyword track hiding query method, system and related device | |
CN112685753B (en) | Method and equipment for storing encrypted data | |
CN108595554B (en) | Multi-attribute range query method based on cloud environment | |
CN113037753A (en) | Encrypted data sharing method with privacy protection based on block chain | |
Cui et al. | Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices | |
CN114142996B (en) | Searchable encryption method based on SM9 cryptographic algorithm | |
Kamal et al. | Searchable encryption using secret sharing scheme that realizes direct search of encrypted documents and disjunctive search of multiple keywords | |
KR101140576B1 (en) | Multi?user search system and method of encrypted document | |
CN111552988B (en) | Forward safe k neighbor retrieval method and system based on Monte Carlo sampling | |
CN109409111B (en) | Encrypted image-oriented fuzzy search method | |
CN108920968B (en) | File searchable encryption method based on connection keywords | |
Baliga et al. | Securing textual and image data on cloud using searchable encryption | |
CN113259317A (en) | Cloud storage data deduplication method based on identity agent re-encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |