CN115309928A - Image encryption retrieval method, device and medium capable of hiding data access - Google Patents

Image encryption retrieval method, device and medium capable of hiding data access Download PDF

Info

Publication number
CN115309928A
CN115309928A CN202210738914.2A CN202210738914A CN115309928A CN 115309928 A CN115309928 A CN 115309928A CN 202210738914 A CN202210738914 A CN 202210738914A CN 115309928 A CN115309928 A CN 115309928A
Authority
CN
China
Prior art keywords
encryption
image
data
encrypted
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210738914.2A
Other languages
Chinese (zh)
Inventor
苗银宾
许超
李兴华
马卓
马建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210738914.2A priority Critical patent/CN115309928A/en
Publication of CN115309928A publication Critical patent/CN115309928A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/58Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/583Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Library & Information Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to an image encryption retrieval method capable of hiding data access, which returns all image data with Euclidean distance less than or equal to a threshold T from an encryption query request under a single cloud architecture. The invention firstly carries out calculation and size comparison of Euclidean distance between characteristic vectors in ciphertext space, after a first 0/1 encryption sequence is obtained, index coding is carried out on the sequence, after a data user receives the encryption coding, all target image index sets which accord with a query request are obtained through decryption, and finally the data user executes a private information retrieval protocol according to the index sets and a server to obtain all target image sets which meet query conditions, thereby realizing the hiding of an image data access mode in the image retrieval process. Furthermore, the invention reduces the time overhead of image encryption retrieval by adopting the bloom filter to carry out binary search.

Description

Image encryption retrieval method, device and medium capable of hiding data access
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a method, an apparatus, and a medium for encrypted retrieval of an image with hidden data access.
Background
The journal "EPCBIR" published by Xia et al: an image encryption retrieval scheme based on content for privacy protection under a single cloud architecture is proposed in An effectiveness and privacy-preserving content-based image retrieval in a closed computing.
In the technical scheme, the method comprises the following steps:
firstly, a data user generates a security key set according to a security parameter kappa;
the security key set comprises a vector for storing bits, two reversible matrixes, a local sensitive hash function set, a bucket encrypted security key set and a private key for encrypting an image;
the second step, the data user carries out chaotic encryption on the image set to protect the privacy of the image content;
thirdly, generating an unencrypted dual index structure which comprises a bottom layer and an upper layer, wherein the bottom layer is used for one-to-one mapping of image feature vectors and image labels, and the upper layer is a pre-filtering table constructed based on a locality sensitive hash function;
encrypting the dual index structure, and expanding each feature vector into a new vector, wherein the new vector is formed by the squares of the original vector and the Euclidean norm of the original vector;
expanding the new vector into two random vectors, taking values of the two random vectors according to corresponding bit vectors, and encrypting the two random vectors by using a reversible matrix;
encrypting the values of the buckets one by one;
fourthly, extracting a feature vector of the query image according to the query image, and generating a query trapdoor according to the feature vector;
and fifthly, executing inquiry according to the encryption index, the encrypted image and the inquiry trapdoor to obtain all labels of the similar images, sending the obtained labels of the first plurality of most similar images to a data user, decrypting the encrypted images by the inquiry user to obtain original images, and completing the image encryption inquiry process of the whole privacy protection.
In the scheme, the data owner needs to encrypt the image, generate and encrypt the image index according to the image feature vector, the linear-level matrix operation is involved, more calculation overhead is borne, and the server acquires the label of the target image, so that the leakage of the image data access mode is caused.
Disclosure of Invention
In view of the above prior art, the technical problem to be solved by the present invention is to provide a hiding method for image data access mode in the image retrieval process, and further reduce the operation to a sub-linear level.
In order to solve the technical problems, the technical scheme of the invention is as follows:
in a first aspect, the present invention provides an image encryption retrieval method capable of hiding data access, including the following steps:
extracting a characteristic vector from an image to be matched by a data user;
encrypting each element of the feature vector, the square sum of the elements in the feature vector and a specified encryption threshold value by using a second public key, and sending three results obtained by encryption to a server as query parameters;
the server combines the second public key, the operation key and the data of the data owner, and obtains a first 0/1 encryption sequence by using three query parameters;
the server encrypts the obtained first 0/1 encryption sequence by using an operation key, sends the encrypted first 0/1 encryption sequence to a data user for decryption by using a second private key, and receives a decryption result returned by the data user;
the server carries out index coding based on the first 0/1 encryption sequence and the decryption result, and returns the coding result to the data user;
receiving the coding result by a data user, and decoding the coding result to generate a target index set;
when a data user inputs an index in the target index set, a corresponding encrypted image encrypted by using the first public key is obtained from the server, and the obtained encrypted image is decrypted by using the first private key to obtain an original image.
In the above technical solution, an image retrieval scheme capable of hiding a data access mode in a unit architecture is adopted for solving the problem that the data access mode cannot be efficiently hidden in an image encryption retrieval in the unit architecture. According to the scheme, under the single-cloud image retrieval scheme, all image data with Euclidean distance smaller than or equal to a threshold value T from an encrypted query request (encrypted feature vector) are returned, the privacy of a result image set is guaranteed (the image data are not leaked to a cloud server), and the data access mode is hidden. In the technical scheme, the server compares and matches the searched feature vector and the encrypted feature vector of the original image by combining an encryption threshold value to obtain a first 0/1 encryption sequence. And after the obtained first 0/1 encryption sequence is subjected to index coding, the server returns a coding result to the data user, and the data user decodes the coding result to obtain all target index sets meeting the query request. When the data user inputs the index in the target index set, the encrypted image data can be obtained, thereby realizing the image encryption retrieval scheme for protecting the image data access mode.
In the method, one implementation manner of the first public key and the first private key is generated by a symmetric encryption algorithm; one implementation of the second public key, the second private key, and the operation key is generated by a fully homomorphic encryption algorithm.
In the method, the first 0/1 encryption sequence is used for obtaining the image data set smaller than or equal to the value range T under the condition of ensuring that the result image set is not leaked to the cloud server. One way of obtaining this is as follows:
calculated according to the formula to give E 2 (D′ i ) And updating the encrypted value E of the threshold 2 (T′):
Figure BDA0003715128810000031
Figure BDA0003715128810000032
In the formula: x is a radical of a fluorine atom i,j For the ith image feature vector x i I =1,2, \ 8230, n, n is the number of images; j =0,1, \8230, k-1,k is the dimension of the image feature vector;
Figure BDA0003715128810000033
homomorphic addition and multiplication respectively; e 2 (q j ) For an element q in a feature vector q j Q is a feature vector extracted from the image m to be matched, q = [ q ] 0 ,…,q k-1 ];
Figure BDA0003715128810000034
A cryptographic value that is the sum of squares of the elements in the feature vector q; t is a designated threshold; e 2 (T) is a cryptographic value specifying a threshold; d' i The text is the original text of the encrypted space vector; t' is an encryption threshold original text;
according to the following comparison criteria, based on E 2 (D′ i ) And E 2 (T') obtaining an encrypted sequence of length n in which the element value is 0,1 or 1/2;
Figure BDA0003715128810000035
the obtained encrypted sequence is compared with E 2 (1) And after comparison and matching, carrying out scaling homomorphic operation of multiplying by two to obtain a first 0/1 encryption sequence, wherein the element value in the encryption sequence is 0or 1.
As a further improvement of the invention, in the method, the server establishes the binary search tree by utilizing bloom filters, each bloom filter represents one layer of the binary search tree, the time complexity of CHECK (CHECK) operation of a data user is reduced from a linear level to a secondary linear level, the index coding of the obtained first 0/1 encryption sequence is realized, the coding result is sent to the image data user, and the image data user obtains all index sets meeting the query request after the CHECK operation. Wherein the encoding comprises the steps of:
establishing a bloom filter binary search tree by the server based on the decryption result s; the bloom filter binary search tree is established by the following steps:
the number of images in the image set is denoted as n, and the number of bloom filters t is determined by the following equation:
Figure BDA0003715128810000041
in the formula: symbol
Figure BDA0003715128810000042
Represents rounding up;
establishing t +1 bloom filters with the length of l, wherein:
Figure BDA0003715128810000043
m=max(2s,s+2f p )
in the formula: eta is the number of hash functions; f. of p An upper bound representing the number of false positives resulting from decoding;
the bloom Filter is noted
Figure BDA0003715128810000044
For the kth bloom filter, a hash function set is randomly selected
Figure BDA0003715128810000045
Figure BDA0003715128810000046
The q hash function in the kth bloom filter;
for the k-th bloom filter
Figure BDA0003715128810000047
If it is not
Figure BDA0003715128810000048
Is equal to
Figure BDA0003715128810000049
Will be provided with
Figure BDA00037151288100000410
Is updated to
Figure BDA00037151288100000411
Otherwise, it will
Figure BDA00037151288100000412
Is updated to
Figure BDA00037151288100000413
Thereby obtaining t +1 encrypted bloom filters
Figure BDA00037151288100000414
Wherein v is i For the ith element in the first 0/1 encryption sequence,
Figure BDA00037151288100000415
Figure BDA00037151288100000416
the decoding comprises the following steps:
bloom Filter for t +1 encryptions by data consumers
Figure BDA00037151288100000417
Carrying out decryption;
t empty sets are established as I and I respectively 0 ,…,I t-1 Establishing a set It = {2s };
starting from k = t, k ∈ {1, \8230;, t } for each one, in order of decreasing bloom filter superscript kK, for all I' ∈ I k If j is present, then
Figure BDA00037151288100000418
And the kth bloom filter
Figure BDA00037151288100000419
If greater than 0, the value 2I '-1,2i' is inserted into the set I k-1 In, I is obtained until k =1 0
For I' ∈ I 0 If j is present, make
Figure BDA00037151288100000420
And is provided with
Figure BDA00037151288100000421
If the index is greater than 0, I' is inserted into a set I, and the set I is a target index set.
As a further refinement of the present invention, in the method, the size of the target index set is equal to s + e, where: s is the encrypted number of 1 in the first 0/1 encryption sequence, and e is the number of false positives in the decoding process;
if e > f p If yes, interrupting the current query and re-initiating the query request; otherwise, generate f p -e virtual indices are inserted into the target index set.
As a further improvement of the present invention, in the method, the server obtains a corresponding encrypted image encrypted by using the first public key, and one implementation manner includes the following steps:
generating a second 0/1 encryption sequence based on an input index, sending the second 0/1 encryption sequence to a server, carrying out scalar multiplication on the second 0/1 encryption sequence and an encryption image set one by the server, then carrying out homomorphic summation to obtain a ciphertext corresponding to the index based on encryption of the encryption image, returning the ciphertext to a data user for decryption to obtain a corresponding encryption image, and in the process, the data user obtains the encryption image without leaking the index to the server.
As a further improvement of the present invention, in the method, the data of the data owner is stored on the server to improve the retrieval efficiency and the feedback speed, and the data of the data owner includes:
based on the image set M = { M 1 ,...,m n Image ciphertext set E generated by using first public key 1 (M)={E 1 (m 1 ),...,E 1 (m n )};
Based on the slave image set M = { M = { M = } 1 ,...,m n N k-dimensional feature vectors extracted in the method form a feature vector set X = { X = 1 ,...,x n };
Cipher texts obtained by encrypting each element in n characteristic vectors and the square sum of k elements of each vector by using a second public key
Figure BDA0003715128810000051
And a second public key, an operational key.
As a further improvement of the present invention, in the method, the first private key, the second public key, and the second private key are applied for acquisition by the data owner before the data user initiates an encrypted query request, so as to avoid obtaining or leaking private information through the server.
As a further improvement of the present invention, in the method, another method for obtaining a target index set is provided, and the encoding includes the following steps:
recording the decryption result of the first encrypted 0/1 sequence by the data user as s;
computing, by the server, a sum of powers of the indices based on s performing homomorphic scalar multiplication and homomorphic addition operations
Figure BDA0003715128810000052
Figure BDA0003715128810000053
v i Encrypting the ith element in the sequence for the first 0/1;
encrypting by a serverIndex sum of powers set
Figure BDA0003715128810000054
Sending the data to the data user for decryption, and obtaining the set { w by the data user through decryption by using the second private key 1 ,…,w s According to the set { w } 1 ,…,w s The construction root is { x: polynomial f (x) = a of x ∈ I } s x s +a s-1 x s-1 +…+a 1 x+a 0
Wherein:
Figure BDA0003715128810000061
the target index set I is constructed from all the solutions of the polynomial.
In a second aspect, the present invention provides an image encryption retrieval apparatus capable of hiding data access, which includes a memory and a processor, wherein the memory stores a computer program capable of being loaded by the processor and executing any one of the methods.
In a third aspect, the present invention provides a computer-readable storage medium, characterized in that: a computer program is stored which can be loaded by a processor and which performs any of the methods described above.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1, an interaction diagram in one embodiment;
fig. 2 is a schematic flow chart of a method in one embodiment.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature.
The method of the invention in one embodiment, the implementation subject comprises three, namely a data owner, a cloud server and a data consumer, and the interaction between the three is shown in figure 1. It is obvious that the interaction between the implementation bodies, the following description is to describe the operation mainly performed by each implementation body in units of implementation bodies.
(1) Data owner
The data owner firstly generates a public and private key pair of a cryptographic algorithm through public parameters, and the method comprises the following steps:
(I) Generating a first public and private key pair for image encryption, wherein the first public and private key pair comprises a first public key and a first private key;
and (II) generating a second public and private key pair encrypted by the image feature vector, wherein the second public and private key pair comprises a second public key, a second private key and an operation key.
In the present embodiment, the first public-private key pair is generated using a symmetric cryptographic algorithm, so that the public and private keys are identical, denoted as { sk 1 }. The second public and private key pair is generated by adopting a homomorphic encryption algorithm (CKKS) and is marked as { pk 2 ,evk,sk 2 }, wherein: pk 2 Is a second public key; the evk (evaluation key) is an operation key and is used for the server to perform homomorphic operation on the encrypted data; sk 2 Is the second private key.
(1.1) record the image set of the data owner as M = { M = { M } 1 ,...,m n Using sk 1 Encrypting the image sets one by one to obtain a ciphertext set E 1 (M)={E 1 (m 1 ),...,E 1 (m n ) N is the number of elements in the image set.
(1.2) from the image set M = { M = 1 ,...,m n Extracting n k-dimensional feature vectors to form a feature vector set X = { X = } 1 ,...,x n For each x } i ,x i ={x i1 ,x i2 ,…,x ik },i∈{1,…,n}。
And (1.3) encrypting the elements in the feature vector set one by one, encrypting the square sum of k elements forming each feature vector, and uploading the square sum, the second public key and the operation key to the server. The uploading content is as follows:
Figure BDA0003715128810000071
(2) Server
(2.1) receiving the following content sent by the data owner:
(2.1.1) image ciphertext set: based on the image set M = { M 1 ,...,m n Image ciphertext set E generated using a first key 1 (M)={E 1 (m 1 ),...,E 1 (m n )};
(2.1.2) feature vector ciphertext set: based on the slave image set M = { M = { M = } 1 ,...,m n N k-dimensional feature vectors extracted from the data are used for forming a feature vector set X = { X = X } 1 ,...,x n For each x } i ,x i ={x i1 ,x i2 ,…,x ik Is equal to {1, \ 8230;, n }. Using the second public key pk 2 Encrypting a ciphertext obtained by summing the squares of each element of the n feature vectors and k elements of each vector
Figure BDA0003715128810000072
Figure BDA0003715128810000081
(2.1.3) the second public key and the operation key.
(2.2) receiving the following contents sent by the data user:
extracting a feature vector q, q = [ q ] from a matching image m 0 ,…,q k-1 ]. Using the second public key pk 2 Encrypting the feature vector element by element as an encrypted query request while using the second public key pk 2 The sum of the squares of the elements of the encryption vector, together with the encryption threshold specified by the data consumer, is uploaded to the server, i.e.:
Figure BDA0003715128810000082
(2.3) computing an encrypted query request { E ] in ciphertext space 2 (q 0 ),…,E 2 (q k-1 ) } and feature vector set X = [ X ] 1 ,…,x n ]The encrypted space vector distance E of each feature vector 2 (D′ i ). The calculation formula is as follows:
Figure BDA0003715128810000083
accordingly, calculate and E 2 (D′ i ) Encryption threshold value E of comparison 2 (T′):
Figure BDA0003715128810000084
(2.4) cipher text comparison method under homomorphic encryption, for E 2 (D′ i )、E 2 (T') comparing, the comparison criterion is as follows:
Figure BDA0003715128810000085
for the above comparison criteria, direct comparison cannot be performed because the server cannot know the original text. In one embodiment, the ciphertext provided by the invention has the fully homomorphic characteristic, and the approximation calculation of the approximation polynomial is realized by directly calculating homomorphic multiplication and homomorphic addition through the ciphertext to obtain the ciphertext of a comparison result.
Therefore, by using the scaling operation of the CKKS encryption scheme, T 'and D' can be scaled to be within the interval [0,1], and the size of the interval is set according to the actual situation, so that the encryption sequence with the length of n is obtained
Figure BDA0003715128810000086
Figure BDA0003715128810000087
Figure BDA0003715128810000088
In the formula:
Figure BDA0003715128810000091
similarly, where the left-hand polynomial operation is a polynomial approximation of the right-hand polynomial operation, μ is a real number greater than 0. Function f n The functional expression of (a) is:
Figure BDA0003715128810000092
by adopting the above comparison algorithm, an encrypted sequence with element values of 0, 1/2 and 1 and a length of n is obtained, and the set of elements in the encrypted sequence is written as:
Figure BDA0003715128810000093
index encoding can be facilitated by changing the sequence to the first 0/1 encrypted sequence of length n with element values of 0or1, thereby reducing the time complexity of the data user CHECK (CHECK) operation from a linear level to a sub-linear level. The following operations are performed to convert an encrypted sequence of element values 0, 1/2, 1 into an encrypted sequence of element values 0, 1:
will be provided with
Figure BDA0003715128810000094
And E 2 (1) Making ciphertext comparisons, i.e. E 2 (comp(v i 1)), and then performing a scaling homomorphic operation of multiplying by two, the set can be formed by
Figure BDA0003715128810000095
Is updated to { E 2 (v i )|v i =0or1, i =1, · n, n }, and the sequence of elements in the updated element set is the first 0/1 encryption sequence;
(2.5) index-coding the first 0/1 encryption sequence;
the index coding used in one embodiment of the present invention has four parameters, (n, s, c, f) p ) N is the size of the image set uploaded by the data owner, s is the number of non-zero plaintext in the first 0/1 encryption sequence, c corresponds to the dimension of the output code, f p The upper bound of the number of false positives corresponding to the decoded output is a set value. The false positive is that when the data user decodes, an index which is not in the correct target index set originally is judged to be in the set incorrectly; false negative: and vice versa. A correct index coding scheme allows the presence of few false positives and not false negatives.
The index coding algorithm in the above process is as follows:
the number of bloom filters, t, is determined according to the following equation:
Figure BDA0003715128810000096
in the formula: symbol
Figure BDA0003715128810000097
Indicating rounding up.
The server initializes t +1 encryption bloom filters of length l, wherein:
Figure BDA0003715128810000101
m=max(2s,s+2f p )
in the formula: eta is the number of hash functions; f. of p Represents an upper bound on the number of false positives output by the decoder. The proportion of the number of false positives is calculated by the following formula:
Figure BDA0003715128810000102
as can be seen from the above formula, the proportion of the number of false positives can be adjusted, for example, by increasing the length l of the bloom filter to reduce the proportion of false positives. The bloom filter is noted as:
Figure BDA0003715128810000103
and randomly selecting a set of hash functions for each bloom filter:
Figure BDA0003715128810000104
for each bloom filter, the following operations are performed, for all i e {1, \8230;, n }, q e {1, \8230;, η }, so
Figure BDA0003715128810000105
If it is used
Figure BDA0003715128810000106
Is equal to
Figure BDA0003715128810000107
Make an order
Figure BDA0003715128810000108
Otherwise, it orders
Figure BDA0003715128810000109
Finally outputting t +1 encrypted bloom filters
Figure BDA00037151288100001010
In the current embodiment, the CHECK operation of the bloom filter by the data consumer is reduced to a sub-linear level by building a binary search tree of the bloom filter.
For convenience of explanation, let the first 0/1 encryption sequence be I, and the set number is denoted by a superscript:
Figure BDA00037151288100001011
for I k-1 The method comprises the following steps:
Figure BDA00037151288100001012
assuming that the size of the data owner upload image set is 32, 32=2 5 Therefore, the number of index sets to be constructed is 5. The target index set to be coded is I = {1, 14, 16}, and if the element in I is an index of an image, then there are the following index sets:
I 4 ={1};I 3 ={1,2};I 2 ={1,4};I 1 ={1,7,8};I 0 ={1,14,16}
the cloud server inserts the five index sets into the five bloom filters respectively according to the ascending order of the I superscript k, and the data user decrypts the five bloom filters ciphertext by using the private key corresponding to the second public key and then sequentially performs the CHECK operation according to the descending order of the superscript k, namely: the order of CHECK on the index set is I 4 ,I 3 ,I 2 ,I 1 ,I 0
I 4 ,I 3 ,I 2 ,I 1 ,I 0 The five sets each correspond to a respective bloom filter inserted into the elements of each set, and the data consumer does not know in advance which elements are in each bloom filterAnd (5) element. With I 4 For example, the conditions that a data consumer can obtain a collection element need to satisfy are:
Figure BDA0003715128810000111
and the maximum element value (n) in the I set is 32
Thus can obtain I 4 The specific set conditions that should be met are:
Figure BDA0003715128810000112
according to the relation that the set should satisfy:
Figure BDA0003715128810000113
wherein:
Figure BDA0003715128810000114
is shown as I k All of the elements in (a).
Then I can be obtained 3 Set conditions to be satisfied:
Figure BDA0003715128810000115
the data consumer then only needs to go to bloom filter B 3 Performing 1,2,3,4 CHECK to obtain set I 3 All elements. And by analogy, finally obtaining a target index set I. By this embodiment, the number of times the data consumer performs CHECK can be reduced.
(3) Data consumer
(3.1) the data consumer applies for inquiry and access control permissions to the data owner, who will inquire the permissions { pk 2 }, access control permissions { sk 1 ,sk 2 It is sent to the data user.
(3.2) the data consumer extracts the feature vector q, q = [ q ] from the matching image m 0 ,…,q k-1 ]. Using the public key pk 2 Encrypting the feature vector element by element as an encrypted query request while using the public key pk 2 The square sum of each element of the encryption vector is uploaded to a server together with an encryption threshold value specified by a data user, and the contents to be uploaded are as follows:
Figure BDA0003715128810000116
and (3.3) after the server carries out comparison and matching based on the uploaded content, obtaining a 0/1 encryption sequence, wherein the 0/1 encryption sequence is a first 0/1 encryption sequence. The server performs homomorphic addition on the first 0/1 encryption sequence to obtain a ciphertext
Figure BDA0003715128810000121
The server sends the ciphertext
Figure BDA0003715128810000122
And sending the data to the data user. Receiving cipher text by data user
Figure BDA0003715128810000123
And decrypting and returning a decrypted result s to the server. Wherein, the decryption result s represents the sparsity corresponding to the number of non-zero plaintext in the first 0/1 encryption sequence.
And (3.4) after the server carries out index coding on the first 0/1 encryption sequence based on the decryption result s, the server sends the coding result to the data user. And the data user receives and decodes the coding result, thereby obtaining the target index set. The decoding operation of the data user is specifically as follows:
after the data user decrypts the binary search tree of the bloom filter, firstly, t empty sets are initialized to be I and I respectively 0 ,…,I t-1 Reinitializing a set I t = 2s }; one by one, in order of decreasing superscript k of bloom Filter B, for all I' ∈ I k ,k∈[0,t]。
If there is a hash value for i', corresponding to a single bloomThe j +1 th position in the filter (a hash table), namely:
Figure BDA0003715128810000124
so that
Figure BDA0003715128810000125
If greater than 0, the value 2I '-1,2i' is inserted into the set I k-1 In (1). By analogy, cycling from k = t to k =1 results in set I 0 For I' ∈ I 0 If present, of
Figure BDA0003715128810000126
So that
Figure BDA0003715128810000127
If the index is larger than 0, I' is inserted into the set I, and finally the target index set I is output.
The size of the target index set I is equal to s + e, s is the encrypted number of 1 in the first 0/1 encryption sequence, and e represents the number of false positives in the decoding process. To avoid the server getting other privacy information from the size of I, the data consumer should decide e and f p If e > f p If the data user interrupts the query and re-initiates the query request, otherwise, the data user will generate f p E virtual indices are inserted into the set I, resulting in the final index set I'.
And (3.5) the data user generates a second 0/1 encryption sequence by utilizing the scalar multiplication of a fully homomorphic encryption algorithm and the property of additive homomorphy based on the PIR protocol and based on the index r, wherein r belongs to I' and encrypting by utilizing a BFV scheme. In the second 0/1 encryption sequence, except for the encryption with index position r of 1, the rest are the encryption of 0.
The data consumer sends the second 0/1 encryption sequence to the server. The server has a data set E with a data set size n 1 (M)={E 1 (m 1 ),...,E 1 (m n ) }. The server carries out scalar multiplication on the second 0/1 encryption sequence and the own data set one by one, and homomorphic summation is carried out to obtain ciphertext content E 1 (m i ) The ciphertext of (a) may be encrypted,i.e. E BFV (E 1 (m i )). By adopting the PIR protocol to perform image query, the index position can be prevented from being revealed to the server.
Data consumer acquisition E BFV (E 1 (m i ) First decryption to get E 1 (m i ) Decryption Dec (E) a second time 1 (m i ),sk 1 ) Thereby obtaining original image data m i . Private information retrieval is carried out through a PIR protocol, after a data user inputs an index, the data user can obtain an encrypted image in a server data set, and the index cannot be leaked to a server, so that privacy protection of image data access is realized.
Summarizing the process flow of the above embodiment, in conjunction with fig. 2, the method of the present invention mainly includes the following aspects:
generating two groups of public and private key pairs, one group of encrypted images and a group of feature vectors of the encrypted images by a data owner of the images;
encrypting, by the data owner, the image and the feature vector of the image and sending them to the cloud server;
encrypting the characteristic vector of the image to be queried by a data user as a part of query request parameters, and initiating a query request for encryption to a cloud server;
matching the server with the encrypted image characteristic vector of the data owner based on the query request parameter to obtain a 0/1 encryption sequence, wherein the 0/1 encryption sequence is a first 0/1 encryption sequence;
performing index coding by the server based on the first 0/1 encryption sequence, and sending a coding result to a data user;
decoding by a data user to obtain a target index set;
inputting indexes in a target index set by a data user, and executing a PIR protocol to obtain an encrypted image;
the encrypted image is decrypted by the data consumer to obtain the original image.
In the above embodiment process, for the acquisition of the target index set, in another embodiment, the target index set is obtained by using the application of newton identity in polynomial root.
Homomorphic addition is carried out on the first 0/1 encryption sequence to obtain a ciphertext, the ciphertext is sent to a data user for decryption, and the number of the ciphers of which s is 1 is received as a decryption result;
according to s, homomorphic scalar multiplication and homomorphic addition operation are executed to calculate power sum of index
Figure BDA0003715128810000132
Figure BDA0003715128810000131
v i Encrypting the ith element in the first 0/1 encryption sequence;
aggregating encryption index sums
Figure BDA0003715128810000133
Sending to the data user for decryption, the data user based on the set { w } 1 ,…,w s The construction root is { x: x ∈ I }:
f(x)=a s x s +a s-1 x s-1 +…+a 1 x+a 0
wherein:
Figure BDA0003715128810000141
the complete solution of the polynomial constitutes the target index set I.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present disclosure may be implemented by software plus necessary general hardware, and certainly may also be implemented by special hardware including special integrated circuits, special CPUs, special memories, special components and the like. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions may be various, such as analog circuits, digital circuits, or dedicated circuits. However, more often than not for the purposes of this disclosure, software program implementations are preferred embodiments.

Claims (10)

1. An image encryption retrieval method capable of hiding data access, characterized by comprising the following steps: extracting a characteristic vector from an image to be matched by a data user;
encrypting each element of the feature vector, the square sum of the elements in the feature vector and a specified encryption threshold value by using a second public key, and sending three results obtained by encryption to a server as query parameters;
the server combines the second public key, the operation key and the data of the data owner, and obtains a first 0/1 encryption sequence by using three inquiry parameters;
the server encrypts the obtained first 0/1 encryption sequence by using an operation key, sends the encrypted first 0/1 encryption sequence to a data user for decryption by using a second private key, and receives a decryption result returned by the data user;
the server carries out index coding based on the first 0/1 encryption sequence and the decryption result, and returns the coding result to the data user;
receiving the coding result by a data user, and decoding the coding result to generate a target index set;
when a data user inputs an index in the target index set, a corresponding encrypted image encrypted by using the first public key is obtained from the server, and the obtained encrypted image is decrypted by using the first private key to obtain an original image.
2. The method of claim 1, wherein the first public key and the first private key are generated by a symmetric encryption algorithm; the second public key, the second private key and the operation key are generated through a fully homomorphic encryption algorithm.
3. The method of claim 2, wherein the first 0/1 encryption sequence is obtained by:
calculated according to the formula to give E 2 (D′ i ) And updating the cryptographic value E of the threshold 2 (T′):
Figure FDA0003715128800000011
Figure FDA0003715128800000012
In the formula: x is the number of i,j As the feature vector x of the ith image i I =1,2, \ 8230, n, n is the number of images; j =0,1, \8230, k-1,k is the dimension of the image feature vector;
Figure FDA0003715128800000013
homomorphic addition and multiplication respectively; e 2 (q j ) For the element q in the feature vector q j Q is a feature vector extracted from the image m to be matched, q = [ q ] 0 ,…,q k-1 ];
Figure FDA0003715128800000014
A cryptographic value that is the sum of squares of the elements in the feature vector q; t is a designated threshold; e 2 (T) is a cryptographic value specifying a threshold; d' i The distance is an original text of the encrypted space vector; t' is an encryption threshold original text;
according to the following comparison criterion, based on 2 (D′ i ) And E 2 (T') obtaining an encrypted sequence of length n in which the element values are 0,1 or 1/2;
Figure FDA0003715128800000021
the obtained encrypted sequence is compared with E 2 (1) After comparison and matching, scaling homomorphic operation of multiplying by two is carried out to obtain the first 0A/1 encryption sequence in which the element value is 0or 1.
4. The method of claim 1, wherein the index encoding comprises the steps of:
recording the decryption result of the first 0/1 encryption sequence encrypted by the data user as s;
establishing a bloom filter binary search tree by the server based on the decryption result s;
the establishing steps of the bloom filter binary search tree are as follows:
taking the number of images in the image set as n, the number of bloom filters t is determined by:
Figure FDA0003715128800000022
in the formula: symbol(s)
Figure FDA0003715128800000023
Represents rounding up;
establishing t +1 bloom filters with the length of l, wherein:
Figure FDA0003715128800000024
in the formula: eta is the number of hash functions; f. of p An upper bound representing the number of false positives obtained from decoding;
record the bloom Filter as
Figure FDA0003715128800000025
For the kth bloom filter, a hash function set is randomly selected
Figure FDA0003715128800000026
Figure FDA0003715128800000027
A qth hash function in the kth bloom filter;
for the kth bloom filter
Figure FDA0003715128800000028
If it is not
Figure FDA0003715128800000029
Is equal to
Figure FDA00037151288000000210
Will be provided with
Figure FDA00037151288000000211
Is updated to
Figure FDA00037151288000000212
Otherwise, it will
Figure FDA00037151288000000213
Is updated to
Figure FDA00037151288000000214
Thereby obtaining t +1 encrypted bloom filters
Figure FDA00037151288000000215
Wherein v is i For the ith element in the first 0/1 encryption sequence,
Figure FDA00037151288000000216
Figure FDA00037151288000000217
the index decoding includes the steps of:
bloom Filter for t +1 encryptions by data consumers
Figure FDA0003715128800000031
Carrying out decryption;
t empty sets are established as I and I respectively 0 ,…,I t-1 Establishing a set I t ={2s};
Starting from k = t, k ∈ {1, \8230;, t } in order of decreasing bloom filter superscript k, for each k, all I' ∈ I k If j is present, make
Figure FDA0003715128800000032
And the kth bloom filter
Figure FDA0003715128800000033
If greater than 0, the value 2I '-1,2i' is inserted into the set I k -1 In (1), until k =1 gives I 0
For I' ∈ I 0 If j is present, make
Figure FDA0003715128800000034
And is
Figure FDA0003715128800000035
If the index is greater than 0, I' is inserted into a set I, and the set I is a target index set.
5. The method of claim 4, wherein the target index set has a size equal to s + e, and wherein: s is the encrypted number of 1 in the first 0/1 encryption sequence, and e is the number of false positives in the decoding process;
if e > f p If yes, interrupting the current query and re-initiating the query request; otherwise, generate f p -e virtual indices are inserted into the target index set.
6. The method according to claim 1, wherein the step of obtaining the corresponding encrypted image encrypted by using the first public key from the server comprises the following steps:
and generating a second 0/1 encryption sequence based on the input index, sending the second 0/1 encryption sequence to the server, carrying out scalar multiplication on the second 0/1 encryption sequence and the encryption image set one by the server, then carrying out homomorphic summation to obtain a ciphertext corresponding to the index based on encryption of the encryption image, returning the ciphertext to a data user for decryption to obtain a corresponding encryption image.
7. The method of claim 1, wherein the data of the data owner is stored on a server, the data of the data owner comprising:
based on the image set M = { M 1 ,...,m n Image ciphertext set E generated using a first public key 1 (M)={E 1 (m 1 ),...,E 1 (m n )};
Based on the slave image set M = { M = { M = } 1 ,...,m n N k-dimensional feature vectors extracted in the method form a feature vector set X = { X = 1 ,...,x n };
A ciphertext E obtained by encrypting each element in the n characteristic vectors and the square sum of k elements of each vector by using a second public key 2 (x i )={E 2 (x i,1 ),...,E 2 (x i,k )},
Figure FDA0003715128800000036
And a second public key, an operational key.
8. The method according to claim 1, wherein said encoding comprises the steps of:
recording the decryption result of the first 0/1 encryption sequence encrypted by the data user as s;
computing, by the server, a sum of powers of the indices based on s performing homomorphic scalar multiplication and homomorphic addition operations
Figure FDA0003715128800000041
Figure FDA0003715128800000042
v i Encrypting the ith element in the first 0/1 encryption sequence;
indexing the sum of powers of encryption by the server
Figure FDA0003715128800000043
Sending the data to the data user for decryption, and obtaining the set { w by the data user through decryption by using the second private key 1 ,…,w s According to the set w 1 ,…,w s The construction root is { x: polynomial f (x) = a of x ∈ I } s x s +a s-1 x s-1 +…+a 1 x+a 0
Wherein:
Figure FDA0003715128800000044
the target index set I is constructed from all the solutions of the polynomial.
9. An image encryption retrieval device capable of hiding data access is characterized in that: comprising a memory and a processor, said memory having stored thereon a computer program which can be loaded by the processor and which performs the method of any of claims 1 to 8.
10. A computer-readable storage medium characterized by: a computer program which can be loaded by a processor and which performs the method according to any one of claims 1 to 8.
CN202210738914.2A 2022-06-27 2022-06-27 Image encryption retrieval method, device and medium capable of hiding data access Pending CN115309928A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210738914.2A CN115309928A (en) 2022-06-27 2022-06-27 Image encryption retrieval method, device and medium capable of hiding data access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210738914.2A CN115309928A (en) 2022-06-27 2022-06-27 Image encryption retrieval method, device and medium capable of hiding data access

Publications (1)

Publication Number Publication Date
CN115309928A true CN115309928A (en) 2022-11-08

Family

ID=83855046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210738914.2A Pending CN115309928A (en) 2022-06-27 2022-06-27 Image encryption retrieval method, device and medium capable of hiding data access

Country Status (1)

Country Link
CN (1) CN115309928A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116956354A (en) * 2023-09-21 2023-10-27 恒生电子股份有限公司 Data query method, device, data source equipment, query party equipment and system
CN118036081A (en) * 2024-04-12 2024-05-14 北京电子科技学院 Image processing method based on threshold and homomorphic encryption
CN118171309A (en) * 2024-05-16 2024-06-11 苏州市卫生计生统计信息中心 Medical image encryption retrieval method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116956354A (en) * 2023-09-21 2023-10-27 恒生电子股份有限公司 Data query method, device, data source equipment, query party equipment and system
CN116956354B (en) * 2023-09-21 2024-01-19 恒生电子股份有限公司 Data query method, device, data source equipment, query party equipment and system
CN118036081A (en) * 2024-04-12 2024-05-14 北京电子科技学院 Image processing method based on threshold and homomorphic encryption
CN118171309A (en) * 2024-05-16 2024-06-11 苏州市卫生计生统计信息中心 Medical image encryption retrieval method
CN118171309B (en) * 2024-05-16 2024-09-06 苏州市卫生计生统计信息中心 Medical image encryption retrieval method

Similar Documents

Publication Publication Date Title
Lu et al. Confidentiality-preserving image search: A comparative study between homomorphic encryption and distance-preserving randomization
CN108494768B (en) Ciphertext searching method and system supporting access control
JP6413598B2 (en) Cryptographic processing method, cryptographic processing apparatus, and cryptographic processing program
CN115309928A (en) Image encryption retrieval method, device and medium capable of hiding data access
Liu et al. Intelligent and secure content-based image retrieval for mobile users
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CN108959567B (en) Safe retrieval method suitable for large-scale images in cloud environment
WO2020216875A1 (en) Methods and systems for privacy preserving evaluation of machine learning models
WO2011052056A1 (en) Data processing device
JP2014126865A (en) Device and method for encryption processing
CN110866135B (en) Response length hiding-based k-NN image retrieval method and system
CN106875325B (en) Searchable image encryption algorithm
US20090138698A1 (en) Method of searching encrypted data using inner product operation and terminal and server therefor
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
CN107291861B (en) Encryption graph-oriented approximate shortest distance query method with constraints
CN114826703A (en) Block chain-based data search fine-grained access control method and system
CN112836222B (en) Intelligent recommendation scene oriented safety search method and device
CN114142996A (en) Searchable encryption method based on SM9 cryptographic algorithm
Gai et al. An optimal fully homomorphic encryption scheme
CN116070276A (en) Ciphertext duplicate checking and storing method based on homomorphic encryption and Simhash
CN110727951B (en) Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function
CN115310125A (en) Encrypted data retrieval system, method, computer equipment and storage medium
Tang Secret sharing-based IoT text data outsourcing: A secure and efficient scheme
Jin et al. Efficient blind face recognition in the cloud
CN108920968B (en) File searchable encryption method based on connection keywords

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination