CN111541679B - Image security retrieval method based on secret sharing in cloud environment - Google Patents

Image security retrieval method based on secret sharing in cloud environment Download PDF

Info

Publication number
CN111541679B
CN111541679B CN202010307335.3A CN202010307335A CN111541679B CN 111541679 B CN111541679 B CN 111541679B CN 202010307335 A CN202010307335 A CN 202010307335A CN 111541679 B CN111541679 B CN 111541679B
Authority
CN
China
Prior art keywords
image
distance
server
share
shares
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010307335.3A
Other languages
Chinese (zh)
Other versions
CN111541679A (en
Inventor
徐彦彦
张逸然
闫悦菁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202010307335.3A priority Critical patent/CN111541679B/en
Publication of CN111541679A publication Critical patent/CN111541679A/en
Application granted granted Critical
Publication of CN111541679B publication Critical patent/CN111541679B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/51Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/58Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/583Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
    • G06F16/5838Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content using colour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention aims to provide an image security retrieval scheme based on secret sharing in a cloud environment, and the security retrieval of a cloud image is realized by constructing an index share and a trapdoor share. The data owner generates a ciphertext image and an index share and uploads the ciphertext image and the index share to the cloud end, during query, a user generates a trapdoor share and sends the trapdoor share to the cloud end, and the cloud end can calculate a distance share and return the ciphertext image which is closest to the query image, so that the safety problem of using a uniform key for encryption in the conventional scheme can be solved; in order to prevent an attacker from analyzing the image similarity information to guess the image according to the original Euclidean distance, the distance share is encrypted by using a random number and a safe multiparty calculation method. The security of the scheme depends on a secret sharing technology, the common precision loss problem in image security retrieval is solved, and the retrieval precision is almost consistent with that of the image retrieval in a plain text domain.

Description

Image security retrieval method based on secret sharing in cloud environment
Technical Field
The invention belongs to the field of multimedia information security protection, and particularly relates to an image security retrieval method based on a secret sharing technology and a secure multi-party computing technology.
Background
With the popularity of digital cameras, smart phones, the number of images, graphics, and photos is growing at an increasingly rapid rate. Because the cloud computing platform has the advantages of large scale, high reliability, strong universality, strong expandability and low price, more and more image owners choose to outsource the images to the cloud server. However, the data outsourced to the cloud completely gets out of the direct physical control of its owner, and faces the double threats of external network attackers and untrusted cloud Service providers csp (cloud Service provider), and the data stored in the cloud may face the risk of being leaked or abused.
To prevent privacy disclosure, sensitive pictures need to be encrypted locally and uploaded to the cloud. The data owner encrypts the data locally and then outsources the data to the CSP, so that even if an attacker illegally steals the user data in the cloud, the attacker cannot decrypt the user data to obtain plaintext information. However, the encryption operation would make image retrieval techniques applicable to plaintext images no longer available. In the image retrieval in the plain text domain, content-based image retrieval (CBIR) extracts relevant features from images, and determines the similarity between images by comparing the distances between image features, representing the future development trend of image retrieval. The randomness of encryption causes the distance between image features to be difficult to maintain and the retrieval to be difficult, so that the research work of ciphertext domain image retrieval is necessary. At present, in most ciphertext domain image retrieval schemes under the cloud environment, only a single server is considered to provide service, most indexes and images are encrypted by adopting a single secret key, once the secret key is cracked, all the indexes and images are revealed, and the security risk is high. However, the cloud computing environment is a typical distributed processing platform, a plurality of cloud servers are often adopted to store images, and the parallel computing of the plurality of servers can obtain higher computing speed, improve the retrieval efficiency and improve the reliability, the availability and the robustness of the system; in addition, the indexes and the images are stored in a distributed mode and are encrypted respectively, so that the attack difficulty of an attacker is increased, and the whole system has higher safety. But the ciphertext domain retrieval scheme of multiple servers in the cloud environment is less visible. The invention provides a safe and efficient multi-server ciphertext domain image retrieval scheme, and solves the problem of safe retrieval of ciphertext images of multiple servers in a cloud environment.
Disclosure of Invention
The invention aims to provide an image security retrieval scheme based on secret sharing, which realizes the security retrieval of a cloud image by constructing an index share and a trapdoor share. The data owner generates a ciphertext image and an index share and uploads the ciphertext image and the index share to the cloud end, during query, a user generates a trapdoor share and sends the trapdoor share to the cloud end, and the cloud end can calculate a distance share and return the ciphertext image closest to the query image, so that the safety problem existing in the existing scheme that a unified secret key is used for encryption can be solved.
The solution of the scheme is as follows: in the off-line stage, the image owner extracts image features, generates index shares by a secret sharing principle, achieves the effect of protecting the index safety, and respectively sends the index shares to the three servers for storage. For an attacker, the attacker needs to attack all cloud servers and obtain all secret index shares to reconstruct the original index, which greatly increases the difficulty of the attacker in breaking the index on the cloud. Because the generation of the index share does not depend on a fixed key, even if an attacker obtains a part of indexes and corresponding index shares, other indexes cannot be reconstructed, the statistical attack invalidity of the scheme on a single cloud server is ensured, and the safety of the indexes on the cloud is further improved. And in the query stage, a user extracts the characteristics of the query image, generates a trapdoor share by using a secret sharing principle, is used for protecting the security of the query trapdoor, and respectively sends the trapdoor share to the three servers. The three servers calculate the distance shares according to the index shares and the trapdoor shares, in order to prevent an attacker from analyzing the image similarity information to speculate the image according to the original Euclidean distance, the distance shares are encrypted by using a random number and a secure multiparty calculation method and are sent to one server, the server decrypts the encrypted distance shares to generate the sum of the distance shares and the random number, and then the distance is reconstructed according to a secret shared Lagrange interpolation formula. Because the security of the scheme depends on the secret sharing technology, the common precision loss problem in image security retrieval is solved, and the retrieval precision is almost consistent with the image retrieval in the plain text domain.
The invention provides a secret sharing-based image security retrieval method in a cloud environment, which comprises the following steps:
step 1, an image owner extracts image features, generates an index share, and uploads the index share and an encrypted image to a cloud:
step 2, the user sends a query request to the image owner, acquires a decryption key, extracts query image features, generates trapdoor shares and uploads the trapdoor shares to the cloud respectively:
step 3, the server respectively constructs distance shares according to the index shares and the trapdoor shares, generates encryption keys of the distance shares and encrypts the distance shares:
and 4, the server decrypts the encrypted distance shares and generates the sum of the distance shares and the random number, reconstructs the distance shares, performs similarity sequencing according to the reconstructed distance, and returns an encrypted query result:
and 5, the user decrypts the ciphertext image by using the decryption key to obtain the original image.
Further, the specific implementation manner of step 1 is as follows,
step 1.1, constructing an index: extracting color features to generate indexes for all images of the image owner, wherein the y-th image feature is expressed as
Figure BDA0002456236830000021
n represents the dimension of the feature point descriptor;
step 1.2, index share is constructed: generating a string of random numbers a ═ a1,...,an) For image feature hyAn index share is generated, for m 1, 2.
Figure BDA0002456236830000022
Figure BDA0002456236830000023
Figure BDA0002456236830000024
Index share hy(1) To the Server 1, index the shares hy(2) To the server 2, index the share hy(3) To the server 3;
step 1.3, using AES encryption algorithm and key K pairEncrypting an original image I to obtain a ciphertext image IeAnd uploaded to the server 3.
Further, the specific implementation manner of step 2 is as follows,
step 2.1, constructing a trapdoor: user extraction of query image IqIs expressed as q ═ q (q)1,...,qn) N represents the dimension of the feature point descriptor;
step 2.2, constructing a trapdoor share: generating a string of random numbers b ═ b1,b2,…,bn) A trapdoor share is generated for image q, and for m 1,2, n:
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
trapdoor share q (1) is sent to server 1, trapdoor share q (2) is sent to server 2, and trapdoor share q (3) is sent to server 3.
Further, the specific implementation manner of step 3 is as follows,
step 3.1, constructing distance shares: according to the secret sharing principle, a quadratic polynomial is constructed from index shares and trapdoor shares, the constant term of which is
Figure BDA0002456236830000031
Figure BDA0002456236830000032
Server sxCalculating distance shares
Figure BDA0002456236830000033
For m 1, 2.., n, the mth dimension, which generates the distance share, is
Figure BDA0002456236830000034
Figure BDA0002456236830000035
Figure BDA0002456236830000036
Figure BDA0002456236830000037
Step 3.2, generating an encryption key of the distance share: randomly selecting two prime numbers p and q to enable q to divide p-1 evenly, and then generating a random number h belonging to Zp,ZpRepresenting loop Z/pZ, Z representing the integer field, g being calculated1And g2
g1=h(p-1)/q mod p s.t g1≠1mod p (11)
Figure BDA0002456236830000038
Wherein mod represents the remainder;
server sxSelecting a random number
Figure BDA00024562368300000310
Computing
Figure BDA0002456236830000039
And sent to the server sx+1Thus, server sxGenerating a secret key Rx
Figure BDA0002456236830000041
Step 3.3, encrypting the distance shares: to prevent an attacker from analyzing the image similarity information to infer the image according to the original Euclidean distance, the server s is queried every time1And s2Respectively selecting a string of random numbers ran1m=(ran11,...,ran1m,...,ran1n) And ran2m=(ran21,...,ran2m,...,ran2n) For m 1,2, n, yield
Figure BDA0002456236830000042
Figure BDA0002456236830000043
Figure BDA0002456236830000044
Figure BDA0002456236830000045
Using a secret key RxEncryption
Figure BDA0002456236830000046
Constructing an encryption distance share; the server 1 encrypts the distance shares
Figure BDA0002456236830000047
Sent to the server 3, the server 2 encrypts the distance share
Figure BDA0002456236830000048
Is sent to the server 3 and,
Figure BDA0002456236830000049
further, the specific implementation manner of step 4 is as follows,
step 4.1, decrypt the encrypted distance shares and generate the sum of the distance shares and the random number: according to the principle of secure multiparty computation, the product of encrypted data is converted into the sum of data, which can be obtained without exposing the original data, the server 3 computes the product of encrypted distance shares and finds the distance shares and the randomSum of numbers
Figure BDA00024562368300000410
Figure BDA00024562368300000411
Denoted by dist';
Figure BDA00024562368300000412
dist′=(Cm-1)/P (19)
step 4.2, according to secret sharing, utilizing Lagrange interpolation formula to share distance
Figure BDA00024562368300000413
Figure BDA00024562368300000414
Reconstructing a quadratic polynomial
Figure BDA00024562368300000415
The constant term of the polynomial is the square of the difference of the single dimensional index and the trapdoor;
Figure BDA00024562368300000416
obtaining constant item secret according to the reconstructed polynomial, and calculating
Figure BDA00024562368300000417
Figure BDA0002456236830000051
Summing the results of n dimensions, calculating an index hyEuclidean distance (h) from trapdoor qy-q)2
Figure BDA0002456236830000052
4.3, calculating the Euclidean distance of the order preservation; for each of the queries, the query is,
Figure BDA0002456236830000053
is constant, prevents the original Euclidean distance from being stolen by the server, and the server 3 calculates the index hyAnd the sequence preserving Euclidean distance Dist of the trapdoor q, and a query result IeReturning to the user;
Figure BDA0002456236830000054
compared with other methods, the method has the advantages that: the invention provides an image security retrieval method based on secret sharing, which utilizes a Shamir secret sharing principle to construct three index shares and store the index shares in three different cloud servers, different indexes are encrypted by using different keys, difficulty of an attacker in cracking index information is greatly improved, statistical attack of a single server can be resisted, and the privacy protection problem of image indexing is solved. In the query phase, the query image features of the user also generate three trapdoor shares, preventing the cloud server from knowing the query information of the user. The secure multi-party computing technology is utilized to realize the secure distance reconstruction, ensure the security of distance sequencing and greatly improve the system security. Meanwhile, the scheme is based on the secret sharing technology, so that precision loss is almost avoided, and the retrieval precision is basically consistent with that of the plaintext image retrieval.
Drawings
Fig. 1 is a general schematic diagram of a secure retrieval method according to an embodiment of the present invention.
Detailed Description
As shown in fig. 1, an image security retrieval method based on secret sharing in a cloud environment provided by an embodiment of the present invention includes:
step 1, an image owner extracts image features, generates an index share, and uploads the index share and an encrypted image to a cloud:
step 1.1, constructing an index: extracting color features to generate indexes for all images of the image owner, wherein the y-th image feature is expressed as
Figure BDA0002456236830000061
n represents the dimension of the feature point descriptor;
step 1.2, index share is constructed: generating a string of random numbers a ═ a1,...,an) For image hyIndex shares are generated. For m 1,2, n:
Figure BDA0002456236830000062
Figure BDA0002456236830000063
Figure BDA0002456236830000064
index share hy(1) To the Server 1, index the shares hy(2) To the server 2, index the share hy(3) To the server 3;
step 1.3, encrypting the yth original image I in the database of the data owner by using an AES encryption algorithm and a secret key K to obtain a ciphertext image IeAnd uploaded to the server 3.
Step 2, extracting query image features by a user, generating trapdoor shares and uploading the trapdoor shares to the cloud respectively:
step 2.1, constructing a trapdoor: user extraction of query image IqIs expressed as q ═ q (q)1,...,qn) N represents the dimension of the feature point descriptor;
step 2.2, constructing a trapdoor share: generating a string of random numbers b ═ b1,b2,...,bn) A trapdoor share is generated for image q. For m 1,2, n:
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
trapdoor share q (1) is sent to server 1, trapdoor share q (2) is sent to server 2, and trapdoor share q (3) is sent to server 3.
Step 3, the server respectively constructs distance shares and encrypts the distance shares by using safe multi-party calculation:
step 3.1, constructing distance shares: according to the secret sharing principle, a quadratic polynomial is constructed from index shares and trapdoor shares, the constant term of which is
Figure BDA0002456236830000065
Figure BDA0002456236830000066
Server sxCalculating distance shares
Figure BDA0002456236830000067
For m 1, 2.., n, the mth dimension, which generates the distance share, is
Figure BDA0002456236830000068
Figure BDA0002456236830000069
Figure BDA00024562368300000610
Figure BDA00024562368300000611
Step 3.2, generating an encryption key of the distance share: randomly selecting two prime numbers p and q toQ is able to divide p-1. ZpRepresenting the loop Z/pZ, Z representing the integer field, and then generating a random number h ∈ ZpCalculate g1And g2
g1=h(p-1)/q mod p s.t g1≠1mod p (11)
Figure BDA0002456236830000071
Wherein mod represents the remainder;
server sxSelecting a random number
Figure BDA00024562368300000719
Computing
Figure BDA00024562368300000718
And sent to the server sx+1. Thus, the server sxA key R can be generatedx
Figure BDA0002456236830000072
Step 3.3, encrypting the distance shares: to prevent an attacker from analyzing the image similarity information to infer the image according to the original Euclidean distance, the server s is queried every time1And s2Respectively selecting a string of random numbers ran1m=(ran11,...,ran1m,...,ran1n) And ran2m=(ran21,…,ran2m,…,ran2n). For m 1,2, n, yield
Figure BDA0002456236830000073
Figure BDA0002456236830000074
Figure BDA0002456236830000075
Figure BDA0002456236830000076
Using a secret key RxEncryption
Figure BDA0002456236830000077
An encryption distance share is constructed. The server 1 encrypts the distance shares
Figure BDA0002456236830000078
Sent to the server 3, the server 2 encrypts the distance share
Figure BDA0002456236830000079
To the server 3.
Figure BDA00024562368300000710
Step 4, distance reconstruction, similarity sequencing and returning an encrypted query result:
step 4.1, decrypt the encrypted distance shares and generate the sum of the distance shares and the random number: according to the principle of secure multiparty computation, the product of encrypted data is converted into the sum of data, which can be obtained without exposing the original data, the server 3 computes the product of encrypted distance shares and finds the sum of the distance shares and the random number
Figure BDA00024562368300000711
Figure BDA00024562368300000712
Denoted by dist';
Figure BDA00024562368300000713
dist′=(Cm-1)/p (19)
step 4.2, according to secret sharing, utilizing Lagrange interpolation formula to share distance
Figure BDA00024562368300000714
Figure BDA00024562368300000715
Reconstructing a quadratic polynomial
Figure BDA00024562368300000716
The constant term of the polynomial is the square of the difference of the single dimensional index and the trapdoor;
Figure BDA0002456236830000081
obtaining constant item secret according to the reconstructed polynomial, and calculating
Figure BDA0002456236830000082
Figure BDA0002456236830000083
Summing the results of n dimensions, calculating an index hyThe Euclidean distance from the trapdoor q;
Figure BDA0002456236830000084
4.3, calculating the Euclidean distance of the order preservation; for each of the queries, the query is,
Figure BDA0002456236830000085
is constant, prevents the original Euclidean distance from being stolen by the server, and the server 3 calculates the index hyAnd the sequence preserving Euclidean distance Dist of the trapdoor q, and a query result IeReturning to the user;
Figure BDA0002456236830000086
step 5, the user uses the decryption key K2For ciphertext image IeAnd decrypting to obtain the original image I.
The implementation steps of the present invention are described in detail with reference to fig. 1 by taking a corel1000 database as an example:
processing of image owner side
Step 1 a: firstly, generating an index, and extracting the color characteristic of each image in a training database, wherein the characteristic is called the index hyThe index dimension is n;
step 1b, establishing index shares, extracting the index of each image in the image library according to the step 1a, generating three index shares for each database image, and uploading the index shares to three servers respectively;
Figure BDA0002456236830000091
Figure BDA0002456236830000092
Figure BDA0002456236830000093
wherein a ismIs a random number generated for the index of the m-th dimension;
step 1c, encrypting the original image I by using an AES encryption algorithm and a key K to obtain a ciphertext image
Figure BDA00024562368300000911
And uploaded to the server 3.
Secondly, user side query processing:
step 2 a: the user sends a query request to the image owner to obtain a decryption key K2And the like;
and step 2 b: generating a trapdoor, and extracting color characteristics of a query image, wherein the characteristics become a query trapdoor q, and the dimension of the trapdoor is n;
and step 2 c: constructing a trapdoor index, generating three trapdoor shares according to the trapdoor of each image in the query images extracted in the step 2b, generating three trapdoor shares by one query image, uploading the three trapdoor shares to three servers respectively, and requesting to query the images;
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
wherein b ismIs a random number generated for the index of the m-th dimension.
Thirdly, processing of the cloud server side:
step 3 a: an encryption key of distance shares is generated, and two prime numbers p, q are randomly selected so that p-1 can be divided by q. ZpRepresenting the loop Z/pZ, Z representing the integer field, and then generating a random number h ∈ ZpCalculate g1And g2The three servers respectively select a random number
Figure BDA0002456236830000094
Computing
Figure BDA0002456236830000095
And sent to the server sx+1. Thus, the server sxA key R can be generatedi
g1=h(p-1)/q mod p s.t g1≠1mod p (7)
Figure BDA0002456236830000096
Figure BDA0002456236830000097
And step 3 b: constructing distance shares, and after receiving the trapdoor shares sent by the user, generating the distance shares by the three servers according to the trapdoor shares and the index shares respectively
Figure BDA0002456236830000098
Figure BDA0002456236830000099
Figure BDA00024562368300000910
And step 3 c: the server 1 and the server 2 respectively generate a string of n-dimensional random numbers, and then the three servers respectively generate parameters
Figure BDA0002456236830000101
Figure BDA0002456236830000102
Figure BDA0002456236830000103
Figure BDA0002456236830000104
Step 3d, encrypting by using the key generated in step 3a
Figure BDA0002456236830000105
Generating an encrypted distance share, and the server 1 and the service period 2 respectively transmitting the generated encrypted distance share to the server 3;
Figure BDA0002456236830000106
step 3 e: according to the secure multiparty computation principle, the server 3 computes the product of the encrypted distance shares and generates the sum dist' of the distance shares and all random numbers;
Figure BDA0002456236830000107
dist′=(Cm-1)/P (18)
and step 3 f: the server 3 finds the index h according to the secret sharing principleyAnd ordering the distances with the sequence-preserving Euclidean distance Dist of the trapdoor q, wherein the shorter the distance is, the more similar the distance is, the query result I iseBack to the user
Figure BDA0002456236830000108
Fourthly, processing of the user side:
after receiving the encrypted image, the user uses the AES algorithm and the key K to pair the ciphertext image IeAnd decrypting to obtain a plaintext image I.
The foregoing is a more detailed description of the invention, taken in conjunction with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments disclosed. It will be understood by those skilled in the art that various changes in detail may be effected therein without departing from the scope of the invention as defined by the appended claims.

Claims (5)

1. An image security retrieval method based on secret sharing in a cloud environment is characterized by comprising the following steps:
step 1, an image owner extracts image features, generates an index share, and uploads the index share and an encrypted image to three servers:
step 2, the user sends a query request to the image owner, acquires a decryption key, extracts the features of the query image, generates trapdoor shares and uploads the trapdoor shares to three servers respectively:
and 3, respectively constructing distance shares by the three servers according to the index shares and the trapdoor shares, generating encryption keys of the distance shares to encrypt the distance shares, and sending the distance shares to one of the servers:
and 4, the server decrypts the encrypted distance shares and generates the sum of the distance shares and the random number, reconstructs the distance shares, performs similarity sequencing according to the reconstructed distance, and returns an encrypted query result:
and 5, the user decrypts the ciphertext image by using the decryption key to obtain the original image.
2. The image security retrieval method based on secret sharing in the cloud environment as claimed in claim 1, wherein: the specific implementation of step 1 is as follows,
step 1.1, constructing an index: extracting color features to generate indexes for all images of the image owner, wherein the y-th image feature is expressed as
Figure FDA0002890139260000011
n represents the dimension of the feature point descriptor;
step 1.2, index share is constructed: generating a string of random numbers a ═ a1,...,an) For image feature hyAn index share is generated, for m 1, 2.
Figure FDA0002890139260000012
Figure FDA0002890139260000013
Figure FDA0002890139260000014
Index share hy(1) To the Server 1, index the shares hy(2) To the server 2, index the share hy(3) To the server 3;
step 1.3, encrypting the original image I by using an AES encryption algorithm and a secret key K to obtain a ciphertext image IeAnd uploaded to the server 3.
3. The image security retrieval method based on secret sharing in the cloud environment as claimed in claim 2, wherein: the specific implementation of step 2 is as follows,
step 2.1, constructing a trapdoor: user extraction of query image IqIs expressed as q ═ q (q)1,...,qn) N represents the dimension of the feature point descriptor;
step 2.2, constructing a trapdoor share: generating a string of random numbers b ═ b1,b2,...,bn) A trapdoor share is generated for image q, and for m 1,2, n:
qm(1)=bm*1+qm (4)
qm(2)=bm*2+qm (5)
qm(3)=bm*3+qm (6)
trapdoor share q (1) is sent to server 1, trapdoor share q (2) is sent to server 2, and trapdoor share q (3) is sent to server 3.
4. The image security retrieval method based on secret sharing in the cloud environment as claimed in claim 3, wherein: the specific implementation of step 3 is as follows,
step 3.1, constructing distance shares: according to the secret sharing principle, a quadratic polynomial is constructed from index shares and trapdoor shares, the constant term of which is
Figure FDA0002890139260000021
Figure FDA0002890139260000022
ServiceDevice x calculates distance shares
Figure FDA0002890139260000023
For m 1, 2.., n, the mth dimension, which generates the distance share, is
Figure FDA0002890139260000024
Figure FDA0002890139260000025
Figure FDA0002890139260000026
Figure FDA0002890139260000027
Step 3.2, generating an encryption key of the distance share: randomly selecting two prime numbers p,
Figure FDA0002890139260000028
So that
Figure FDA0002890139260000029
Can divide p-1 evenly and then generate a random number h epsilon Zp,ZpRepresenting loop Z/pZ, Z representing the integer field, g being calculated1And g2
Figure FDA00028901392600000210
Figure FDA00028901392600000211
Wherein mod represents the remainder;
server x selects a random number
Figure FDA00028901392600000214
Computing
Figure FDA00028901392600000212
And sends it to server x +1, x is 1,2, 3, when x is 3, server 3 selects a random number
Figure FDA00028901392600000215
Computing
Figure FDA00028901392600000213
And sent to the server 1, thus the server sxGenerating a secret key Rx
Figure FDA0002890139260000031
Step 3.3, encrypting the distance shares: in order to prevent an attacker from analyzing the image similarity information to guess the image according to the original Euclidean distance, a string of random numbers ran1 is respectively selected for each inquiry of the server 1 and the server 2m=(ran11,...,ran1m,...,ran1n) And ran2m=(ran21,...,ran2m,...,ran2n) For m 1,2, n, yield
Figure FDA0002890139260000032
Figure FDA0002890139260000033
Figure FDA0002890139260000034
Figure FDA0002890139260000035
Using a secret key RxEncryption
Figure FDA0002890139260000036
Constructing an encryption distance share; the server 1 encrypts the distance shares
Figure FDA0002890139260000037
Sent to the server 3, the server 2 encrypts the distance share
Figure FDA0002890139260000038
Is sent to the server 3 and,
Figure FDA0002890139260000039
5. the image security retrieval method based on secret sharing in the cloud environment as claimed in claim 4, wherein: the specific implementation of step 4 is as follows,
step 4.1, decrypt the encrypted distance shares and generate the sum of the distance shares and the random number: according to the principle of secure multiparty computation, the product of encrypted data is converted into the sum of data, which can be obtained without exposing the original data, the server 3 computes the product of encrypted distance shares and finds the sum of the distance shares and the random number
Figure FDA00028901392600000310
Denoted by dist';
Figure FDA00028901392600000311
dist′=(Cm-1)/P (19)
step 4.2, according to secret sharing, utilizing Lagrange interpolation formula to share distance
Figure FDA00028901392600000312
Figure FDA00028901392600000313
Reconstructing a quadratic polynomial
Figure FDA00028901392600000314
The constant term of the polynomial is the square of the difference of the single dimensional index and the trapdoor;
Figure FDA0002890139260000041
obtaining constant item secret according to the reconstructed polynomial, and calculating
Figure FDA0002890139260000042
Figure FDA0002890139260000043
Summing the results of n dimensions, calculating an index hyEuclidean distance (h) from trapdoor qy-q)2
Figure FDA0002890139260000044
4.3, calculating the Euclidean distance of the order preservation; for each of the queries, the query is,
Figure FDA0002890139260000045
is constant, prevents the original Euclidean distance from being stolen by the server, and the server 3 calculates the index hyAnd the sequence preserving Euclidean distance Dist of the trapdoor q, and a query result IeIs returned to useA household;
Figure FDA0002890139260000046
CN202010307335.3A 2020-04-17 2020-04-17 Image security retrieval method based on secret sharing in cloud environment Active CN111541679B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010307335.3A CN111541679B (en) 2020-04-17 2020-04-17 Image security retrieval method based on secret sharing in cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010307335.3A CN111541679B (en) 2020-04-17 2020-04-17 Image security retrieval method based on secret sharing in cloud environment

Publications (2)

Publication Number Publication Date
CN111541679A CN111541679A (en) 2020-08-14
CN111541679B true CN111541679B (en) 2021-04-16

Family

ID=71978748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010307335.3A Active CN111541679B (en) 2020-04-17 2020-04-17 Image security retrieval method based on secret sharing in cloud environment

Country Status (1)

Country Link
CN (1) CN111541679B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112328640A (en) * 2020-11-10 2021-02-05 杭州趣链科技有限公司 Data query method, device and system and data set processing method
CN112528064B (en) * 2020-12-10 2022-12-13 西安电子科技大学 Privacy-protecting encrypted image retrieval method and system
CN113139534B (en) * 2021-05-06 2022-07-15 上海交通大学 Two-stage safe multi-party calculation image text positioning and identifying method
CN114189351B (en) * 2021-10-25 2024-02-23 山东师范大学 Dense state image retrieval method and system based on CNN and signature technology
CN114048341B (en) * 2021-11-03 2023-04-07 北京中知智慧科技有限公司 Safety retrieval method, system, client and server for appearance design product
CN115455488B (en) * 2022-11-15 2023-03-28 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Secret database query method and device based on secret copy sharing

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599311A (en) * 2016-12-29 2017-04-26 广州市奥威亚电子科技有限公司 Cloud computation-based internet education platform resource library image retrieval method
CN108256031A (en) * 2018-01-11 2018-07-06 北京理工大学 A kind of multi-source encrypted image search method for supporting secret protection
CN109543061A (en) * 2018-11-16 2019-03-29 西安电子科技大学 A kind of encrypted image search method for supporting multi-key cipher

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599311A (en) * 2016-12-29 2017-04-26 广州市奥威亚电子科技有限公司 Cloud computation-based internet education platform resource library image retrieval method
CN108256031A (en) * 2018-01-11 2018-07-06 北京理工大学 A kind of multi-source encrypted image search method for supporting secret protection
CN109543061A (en) * 2018-11-16 2019-03-29 西安电子科技大学 A kind of encrypted image search method for supporting multi-key cipher

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Collusion-Tolerable Privacy-Preserving Sum and Product Calculation without Secure Channel;Taeho Jung 等;《IEEE Transactions on Dependable and Secure Computing》;20150201;全文 *
隐私保护的图像内容检索技术研究综述;吴颖;《网络与信息安全学报》;20190831;第5卷(第4期);全文 *

Also Published As

Publication number Publication date
CN111541679A (en) 2020-08-14

Similar Documents

Publication Publication Date Title
CN111541679B (en) Image security retrieval method based on secret sharing in cloud environment
US11381398B2 (en) Method for re-keying an encrypted data file
Zhang et al. Pop: Privacy-preserving outsourced photo sharing and searching for mobile devices
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
EP2680488B1 (en) Similarity calculation system, similarity calculation device, computer program, and similarity calculation method
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
CN108959567B (en) Safe retrieval method suitable for large-scale images in cloud environment
Wang et al. SecHOG: Privacy-preserving outsourcing computation of histogram of oriented gradients in the cloud
CN112270006A (en) Searchable encryption method for hiding search mode and access mode in e-commerce platform
CN108400970B (en) Similar data message locking, encrypting and de-duplicating method in cloud environment and cloud storage system
CN110866135B (en) Response length hiding-based k-NN image retrieval method and system
CN111522973B (en) Privacy protection image retrieval method fusing compressed sensing
CN115269938B (en) Homomorphic encryption-based keyword track hiding query method, system and related device
CN112685753B (en) Method and equipment for storing encrypted data
CN108595554B (en) Multi-attribute range query method based on cloud environment
CN113037753A (en) Encrypted data sharing method with privacy protection based on block chain
Cui et al. Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices
CN114142996B (en) Searchable encryption method based on SM9 cryptographic algorithm
Kamal et al. Searchable encryption using secret sharing scheme that realizes direct search of encrypted documents and disjunctive search of multiple keywords
KR101140576B1 (en) Multi?user search system and method of encrypted document
CN111552988B (en) Forward safe k neighbor retrieval method and system based on Monte Carlo sampling
CN109409111B (en) Encrypted image-oriented fuzzy search method
CN108920968B (en) File searchable encryption method based on connection keywords
Baliga et al. Securing textual and image data on cloud using searchable encryption
CN113259317A (en) Cloud storage data deduplication method based on identity agent re-encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant