CN116346996A - LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud - Google Patents

LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud Download PDF

Info

Publication number
CN116346996A
CN116346996A CN202310265133.0A CN202310265133A CN116346996A CN 116346996 A CN116346996 A CN 116346996A CN 202310265133 A CN202310265133 A CN 202310265133A CN 116346996 A CN116346996 A CN 116346996A
Authority
CN
China
Prior art keywords
image
processing
key
lsb
self
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310265133.0A
Other languages
Chinese (zh)
Inventor
吴旻荣
段文奇
杨龙雨
刘治军
马振华
宋文龙
马静
王蓉蓉
徐涛
朱冬梅
刘宏岭
牛斐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shizuishan Power Supply Co Of State Grid Ningxia Electric Power Co ltd
Original Assignee
Shizuishan Power Supply Co Of State Grid Ningxia Electric Power Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shizuishan Power Supply Co Of State Grid Ningxia Electric Power Co ltd filed Critical Shizuishan Power Supply Co Of State Grid Ningxia Electric Power Co ltd
Priority to CN202310265133.0A priority Critical patent/CN116346996A/en
Publication of CN116346996A publication Critical patent/CN116346996A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device, e.g. between a still-image camera and its memory or between a still-image camera and a printer device
    • H04N1/32101Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N1/32144Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title embedded in the image data, i.e. enclosed or integrated in the image, e.g. watermark, super-imposed logo or stamp
    • H04N1/32149Methods relating to embedding, encoding, decoding, detection or retrieval operations
    • H04N1/32267Methods relating to embedding, encoding, decoding, detection or retrieval operations combined with processing of the image
    • H04N1/32272Encryption or ciphering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Image Processing (AREA)

Abstract

The invention provides a method and a system for encrypting and decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization, and belongs to the technical field of image encryption and decryption. The encryption method comprises the following steps: based on the initial image, the first key and the second key, obtaining a first key stream, a second key stream and a disturbance value through image quantization processing and chaotic system processing; and performing LSB embedded self-adaptive replacement pixel value processing, pixel position self-adaptive arrangement scrambling processing and diffusion processing on the initial image by using the first key stream, the second key stream and the disturbance value to generate an encrypted image. The decryption method comprises the following steps: generating a second key stream by using the second key, and performing diffusion processing inverse processing according to the second key stream and the encrypted image to be decrypted to obtain a diffusion inverse processing image; and utilizing the first key to perform inverse processing and LSB extraction processing on the diffusion inverse processing image based on pixel position self-adaptive arrangement scrambling processing to obtain an embedded disturbance value, a first key stream and a decrypted image.

Description

LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud
Technical Field
The invention relates to the technical field of image encryption and decryption, in particular to a method and a system for encrypting and decrypting a plaintext related image in a zero trust cloud based on LSB (least significant bit) self-quantization.
Background
The increasing availability of personal data such as images, video and text has prompted people to use cloud storage services. Recently, in order to make cloud services more secure [1] Zero Trust (ZT) principles are presented. The purpose of this principle is to address various potential security threats, including interception, modification, and interruption throughout the life of the data [2,3] . Thus, scholars have studied on certain aspects of the ZT principle [4-7] Where encryption is still the basic technique to protect data confidentiality. Encryption technology in ZT scheme uses conventional AES, ECC and other cryptosystems [4-6] Or constructing a new ZT asymmetric cryptographic system [7] . However, neither conventional symmetric cryptosystems nor asymmetric cryptosystems are suitable for encrypting images. The reason for this finding is that the image has a large data size, a strong correlation between adjacent pixels,High redundancy and the like. If the encryption system is directly used for encrypting the image pixels, not only the encryption complexity is increased, but also the quality of the encrypted image is reduced, and the image is easy to be subjected to statistical attack [8,9] . As a sequence, in ZT image cloud storage scenarios, appropriate image encryption techniques are required. For the image encryption technology, fridrich first proposed an arrangement diffusion structure (PDS) with a chaotic system, which has become image encryption [10] Is a basic model of (a). Shannon believes that a secure encryption algorithm must contain permutation locations and diffusion values [11] . Subsequently, various innovations have been presented in PDS-based cryptography, such as improved pixel-level encryption [12-16] Bit-level encryption [17-18] And DNA coding [19] . However, most of these innovations have been analyzed by selective plaintext attack (CPA) encryption, including a round of PDS [20-23] One round of PDS variants [24-26] And two-wheeled PDS [27-29] . CPA reveals that PDSs have a natural security weakness in that (1) key streams result in a fixed one-to-one mapping between plaintext and ciphertext, which is easily recovered; (2) Special input images, such as all 0 images, will bypass the alignment process and due to its linear execution, a single round of diffusion will only cause an avalanche effect for some pixels; (3) The increase in the number of executions improves the security but reduces the efficiency.
To improve anti-CPA performance and efficiency of PDS-based image encryption, scholars have proposed a PDS-based plaintext-dependent encryption scheme [30-39] . The schemes rely on plaintext to generate key stream, can effectively resist CPA, reduce encryption round number and improve efficiency [29,31] . Existing plaintext dependent encryption mechanisms are implemented by setting additional plaintext dependent keys, updating parameters of the keystream when processing pixels, and replacing or adding pixel values to store plaintext dependent values. However, the performance of these three mechanisms is impractical, i.e., the key overhead of different plaintext increases, compared to PDS-based image encryption schemes [30-35] Ciphertext overhead increase [39] Resulting in decryption failure under cut and noise attacks [36-38]
Furthermore, if the above-mentioned figureLike encryption schemes are applied to ZT cloud storage, then it is not compatible with ZT requirements. In particular, there is a need to meet two requirements, (1) increase the implementation overhead and efficiency of image encryption. Literature [40,41] Studies indicate that implementing ZT requires balancing the benefits and performance degradation of implementing ZT. (2) Potential attacks on image encryption must be considered, including cryptanalysis attacks and cut or noise attacks. Since ZT principle assumes that all participating entities are not secure [3,5,7] Thus confidentiality of the ciphertext may be compromised even in decryption. For both requirements, the above-described image encryption scheme is incompatible.
Therefore, the current image encryption has the defects of high cost for realizing image encryption, insufficient anti-attack capability and incompatible image encryption scheme when being applied to ZT cloud storage.
Disclosure of Invention
In view of the above, the invention provides a method and a system for encrypting and decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization, which can reduce the implementation cost, improve the anti-attack capability and be better applied to ZT cloud storage.
The technical scheme adopted by the embodiment of the invention for solving the technical problems is as follows:
in a first aspect, an embodiment of the present invention provides a method for encrypting a plaintext related image in a zero trust cloud based on LSB self-quantization, including:
based on the initial image, the first key and the second key, obtaining a first key stream, a second key stream and a disturbance value through image quantization processing and chaotic system processing;
and performing LSB embedded self-adaptive replacement pixel value processing, pixel position self-adaptive arrangement scrambling processing and diffusion processing on the initial image by using the first key stream, the second key stream and the disturbance value to generate an encrypted image.
In a second aspect, an embodiment of the present invention provides a method for decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization, including:
Generating a second key stream by using a second key, and performing inverse diffusion processing according to the second key stream and the encrypted image to be decrypted to obtain a diffusion inverse processing image;
and obtaining an embedded disturbance value, a first key stream and a decrypted image by using the first key and performing inverse processing and LSB extraction processing on the diffusion inverse processing image based on pixel position self-adaptive arrangement scrambling processing, wherein the LSB extraction processing is inverse processing of LSB embedded self-adaptive replacement pixel value processing.
In a third aspect, an embodiment of the present invention provides an image cryptographic system, including: an encoding end and a decoding end; the coding end adopts the encryption method of plaintext related images in the zero trust cloud based on LSB self-quantization in the first aspect to encrypt the images; and the decoding end adopts the LSB self-quantization-based method for decrypting the plaintext related image in the zero trust cloud to decrypt the image.
According to the technical scheme, the encryption and decryption method and the encryption and decryption system for the plaintext related images in the zero trust cloud based on LSB self-quantization provided by the embodiment of the invention. The encryption process is that based on an initial image, a first key and a second key, a first key stream, a second key stream and a disturbance value are obtained through image quantization processing and chaotic system processing; performing LSB embedded self-adaptive replacement pixel value processing, pixel position self-adaptive arrangement scrambling processing and diffusion processing on the initial image by using the first key stream, the second key stream and the disturbance value to generate an encrypted image; the decryption process is that a second key stream is generated by using a second key, and the diffusion processing is performed according to the second key stream and the encrypted image to be decrypted to obtain a diffusion processing image; and utilizing the first key to perform inverse processing and LSB extraction processing on the diffusion inverse processing image based on pixel position self-adaptive arrangement scrambling processing to obtain an embedded disturbance value, a first key stream and a decrypted image. In the scheme provided by the embodiment of the invention, the Least Significant Bit (LSB) is embedded in the pixel, so that the self-adaptive process of LSB self-quantization driving is provided, and a new plaintext related encryption and decryption scheme is formed in a given ZT model. And defining repeated embedding and extracting operations of the LSB by using the weak visual effect of the LSB, and obtaining pixel attributes in the self-adaptive process so as to enable the encryption and decryption process to be related to a plaintext. With these attributes, a key stream associated with plaintext is generated to encrypt pixel locations and pixel values, and the perturbation values thereof are spontaneously extracted from the LSBs for decryption. Therefore, the scheme provided herein needs only one round of execution, does not need additional keys and ciphertext, can reduce the cost, can resist multiple cryptoanalysis, and ensures decryption under a cut or noise attack. Further simulation results show that the scheme has good anti-attack capability, can reduce implementation cost and is better applied to ZT cloud storage.
Drawings
Fig. 1 is a schematic flow chart of a plaintext related image encryption method in a zero trust cloud based on LSB self-quantization according to an embodiment of the present invention;
FIG. 2 shows an example of LSB repetition embedding and LSB extraction provided by an embodiment of the present invention;
fig. 3 is a specific flowchart of a plaintext related image encryption method in a zero trust cloud based on LSB self-quantization according to an embodiment of the present invention;
FIG. 4 is an exemplary diagram of single pixel replaced embedding and its inverse according to an embodiment of the present invention;
FIG. 5 is an exemplary diagram of a pixel arrangement and LSB distribution thereof according to an embodiment of the present invention;
fig. 6 is a schematic flow chart of a method for decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization according to an embodiment of the present invention;
fig. 7 is a specific flowchart of a method for decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of an image cryptographic system according to an embodiment of the present invention;
fig. 9 is a schematic diagram of an image cryptographic system for image cloud storage according to ZT principle;
FIG. 10 is a bar graph of the results of an experiment in accordance with an embodiment of the present invention;
FIG. 11 shows the distribution results of adjacent pixels in an experiment according to an embodiment of the present invention;
FIG. 12 shows the results of the minimum invariant portion test in an experiment according to an embodiment of the present invention; wherein fig. 12 (a) shows a hit by a clamp and fig. 12 (b) shows a noise attack;
FIG. 13 is a graph showing the results of robustness against clipping attacks in an experiment according to an embodiment of the present invention; wherein fig. 13 shows (a) an encrypted image with 5% data loss; fig. 13 (b) shows an encrypted image with 60% data loss; FIG. 13 shows (c) an encrypted image with 70% data loss; fig. 13 (d) shows a decrypted image with 5% data loss; fig. 13 (e) shows a decrypted image with 60% data loss; fig. 13 (f) shows a decrypted image with 70% data loss;
FIG. 14 is a graph showing the robustness against noise attacks in an experiment according to an embodiment of the present invention; wherein fig. 14 (a) shows an encrypted image with a data loss of 5%; fig. 14 (b) shows an encrypted image, data lost 40%; FIG. 14 (c) shows that the encrypted image has 70% data loss; fig. 14 (d) shows a decrypted image with a data loss of 5%; fig. 14 (e) shows 40% data loss of the decrypted image; fig. 14 (f) shows a decrypted image with a data loss of 70%;
FIG. 15 is a graph comparing 50% clip attacks in an experiment of an embodiment of the present invention; wherein fig. 15 (a) shows a decrypted image in the present scheme; FIG. 15 (b) shows the decrypted image in Ref [12 ]; FIG. 15 (c) shows the decrypted image in Ref [37 ];
FIG. 16 is a comparison of 30% data loss compared to noise attack in an experiment of an embodiment of the present invention; wherein fig. 16 (a) shows a decrypted image in the present scheme; FIG. 16 (b) shows the image decrypted in reference [12 ]; fig. 16 (c) shows the image decrypted in reference [37 ].
Detailed Description
The technical scheme and technical effects of the present invention are further elaborated below in conjunction with the drawings of the present invention.
The invention provides a method and a system for encrypting and decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization.
1. To facilitate an understanding of the embodiments of the present invention, some description will be given of limitations of related technologies, such as PDS-based encryption and plaintext-related encryption.
PDS-based encryptionThe scheme is as follows: as described in the foregoing background, the image encryption scheme using PDS has the advantage of reducing the correlation of pixel positions and ensuring the avalanche effect of pixel values. Many PDS-based image encryption schemes have been proposed [13-20,27] . For single round PDS, the format employs a new permutation and diffusion algorithm [13,17,20] . For a round of variant PDSs, the various PDSs of these schemes are added to a conversion process [14,18,19] For example linear conversion [14] DNA conversion [18] Bit conversion [19] . For two-wheeled PDS, some schemes apply this architecture [15,16,27] . However, CPA performs a cryptographic analysis on these schemes, e.g., converting the original scheme to an equivalent scheme, or building a system of linear equations in which its equivalent keystream is recovered [20-29]
From the above-mentioned cryptanalysis effort, PDSs are vulnerable to CPA attacks, which reveal the equivalent keystream without retrieving the key. In particular, the alignment stage may be at the pixel level, bit level or DNA level. This process changes the position of the processing element and can be summarized as formula (1):
Figure SMS_1
wherein K1 represents an arrangement key stream, per (·) represents a generation method of an index V, P i Is the common unit of position i, C j Is the cryptographic unit corresponding to position j. The diffusion phase also includes bit, pixel or DNA levels, changing the values of the processing elements, which can be summarized as:
Figure SMS_2
where K2 represents the diffusion key stream, dif (·) is the process of non-linearly modifying the pixel values, P i Is a common unit, C i Is the output cipher unit, C pre Is the previous cryptographic unit. The security vulnerability of PDS can be explained according to formulas (1) and (2) as follows:
(1) Secret keyThe key stream is fixed. In the formula (1) and the formula (2), P V(i) →C i And P i →C i A one-to-one position map and a value map, respectively, are generated by K1 and K2, respectively. But K1 and K2 are unchanged when encrypting different plaintext. In the CPA model, P can be reconstructed by constructing a series of special plaintext, such as {0, …,0}, {0,1,0, …,0} and {1,0, …,0}, for example V(i) →C i And P i →C i . All cryptanalysis work benefits from the weakness of a fixed key stream.
(2) If a special value is input in the previous encryption stage, the output is bad. In formula (1), if P i All the input values of (2) are the same, the permutation effect is not valid. In the formula (2), if P i If the value of (c) is changed, then only the output value of the subsequent unit is changed, not all units. Literature [20,21,24,26,28] The cryptanalysis effort in (c) benefits from this security vulnerability.
(3) After multiple rounds of encryption, encryption efficiency decreases. Since the two-round PDS encryption scheme described above is successfully broken, it is suggested to increase the number of encryption rounds to enhance security. However, the computational complexity is higher, which works in cryptanalysis [28] There are mentioned.
Plaintext-dependent image encryption scheme: in order to improve the anti-CPA performance and efficiency of PDS-based image encryption, various PDS-based plaintext encryption schemes have been proposed. These schemes design a plaintext-related interference mechanism that can rely on both the plaintext image and the key to generate an equivalent keystream. This mechanism not only makes it difficult for the CPA to reconstruct the equivalent key stream, thereby improving security, but also improves avalanche effect, thereby improving efficiency [25,27] . These schemes can be divided into three categories based on the design of these mechanisms and are described herein.
Scheme one [30-35] : unlike PDS-based image cryptographic systems that use fixed keys, this scheme uses additional dynamic keys. In their encryption, entropy is used [30] For each image [31] Assigning different keys and summing [32] Hash function [33-35] The method of equalization, will be initialThe image is quantized to a perturbation key, thereby generating a keystream associated with plaintext. However, since the disturbance value is included, it is used only for the corresponding image [26,36]
Scheme II [36,37] : the scheme updates plaintext related parameters of the keystream during operation. They do not need to set additional values for the different images compared to scheme 1. However, if the value of the cryptographic pixel is lost, the plaintext-dependent keystream used for decryption may be inaccurate, as described in detail below.
At the position of [36] In the scheme, one perturbation value is quantized by all units of the initial image, and then the mask matrix, which is controlled to be scrambled, is affected by this perturbation value. However, missing pixel values, even a single pixel, can produce incorrect quantized values, and thus fail to completely decrypt the scrambled result. Also in [37] In the scheme, a chaos sequence related to a pure text is generated by using the first half part of the pure pixel, and the second half part of the pixel is encrypted. Then, the same encryption is performed on the first half using the encryption result of the second half. However, if one half of the pixels are changed, the other half of the plaintext-related keystream is subject to errors, and thus the encrypted image cannot be completely decrypted.
Scheme III [38,39] : pixel values are replaced or added to store the plaintext dependent perturbation values. Compared with the scheme II, the method improves the resistance to noise attack and shearing attack under the condition of not increasing the secret key. However, they may lead to some performance limitations, as shown in detail below.
In the scheme [38] The normal pixels are replaced with decimal perturbation values calculated from all the plaintext pixels, and then the encryption of each pixel is disturbed by this perturbation value. Since only one original pixel is replaced, the decrypted image can still remain visible. However, if the replaced pixels are lost, the decrypted image cannot be fully recovered. That is, the solution is still vulnerable to shearing and noise at any location. Scheme for the production of a semiconductor device [39] Consisting of two rounds of PDS, the parity result is repeated a number of times and then inserted to the end of the intermediate result of the encryption process. However, inserting pixels increases the complexity of pixel encryption. Moreover, the storage space of the final encrypted image will exceed the storage space of the original image.
In summary, the above image encryption scheme has a performance problem that overhead and attack resistance cannot be balanced. Furthermore, if these schemes are applied to ZT cloud storage [3,40] The performance problems are described as follows:
two in-wheel PDS [12-19] : inside all participants and the ciphertext transmission channels, the original image may be corrupted.
Scheme one [30-35] : the encryption end and the decryption end share in real time, the negotiation key needs to be frequently updated, and the key cost is obviously increased.
Scheme II [36,37] And protocol [38] : in a malicious cloud or transmission process, the corrupted ciphertext causes decryption failure.
Scheme III [39] : in cloud storage and ciphertext transmission channels, ciphertext expansion may increase storage overhead.
In order to solve the above problems, the embodiment of the invention provides a method for encrypting and decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization, and further provides an image password system by the proposed encrypting and decrypting method.
It should be noted that, the execution body of the encryption or decryption method provided by the embodiment of the present invention may be a device, and the corresponding device may be operated in the electronic device. The corresponding electronic device may be a server or a terminal device, which is not limited to this.
2. In order to facilitate understanding of the embodiments of the present invention, techniques such as Least Significant Bit (LSB) and chaotic system will be briefly described.
For the human visual system (HSV), the LSB contributes very poorly to vision, while the higher bits play a major role in the visualization of the image. Due to the visualization of images, LSB embedding and extraction techniques are widely used in the field of information hiding. The pixels of the gray-scale image are 8-bit values, denoted as formula (3):
P=b 7 2 7 +b 6 2 6 +b 5 2 5 +b 4 2 4 +b 3 2 3 +b 2 2 2 +b 1 2 1 +b 0 2 0 (3)
Where b represents the bit (0 or 1) of the pixel P, and the subscript of b represents the bit index from the most significant bit to the LSB. If b 0 Modified to "1" or "0", the bit may be recorded in the LSB.
In view of the features of the LSB embedding and extraction technique, embodiments of the present invention record information using the LSB embedding and extraction technique.
Logic diagram (LM) is a popular one-dimensional chaotic system defined as equation (4):
x n =μx n-1 (1-x n-1 ) (4)
wherein x is n E (0, 1), μ is a system parameter. Different μ values will produce different output distribution ranges. When mu epsilon (3.573815,4), the output of the system is in a chaotic state. When μ=4, the output sequences are randomly distributed over the unit interval (0, 1).
The piecewise linear chaotic map (PWLCM) has a uniform constant distribution over the unit interval (0, 1). PWLCM is defined as formula (5):
Figure SMS_3
wherein x is n E (0, 1), when the control parameter eta e (0, 0.5), the output is randomly distributed on the unit interval (0, 1).
The LM implementation is simple in structure and highly sensitive to modification of the initial value. However, only μ=4 can make the output of LM fully traversable in the (0, 1) range. In contrast, PWLCM can provide a larger range of parameter choices to achieve full traversal, but with slightly less execution efficiency than LM [45] . Considering the ergodic performance and efficiency of the LM and PWLCM algorithms, the embodiment of the present invention uses the LM and PWLCM algorithms to generate random sequences.
3. The novel disturbance mechanism related to plaintext employed for encoding and decoding embodiments of the present invention is collectively described herein to clarify the main inventive concepts of embodiments of the present invention.
The embodiment of the invention defines the LSB self-quantization operation in the image encryption for the first time. Driven by this operation, embodiments of the present invention develop and analyze adaptive processes for encryption and decryption.
LSB self-quantization operation:
the LSB self-quantization operation includes LSB repetition embedding for encryption and LSB extraction for decryption. The definition of these two operations is as follows:
(1) LSB repeated embedding: for a gray image I of size mxn, it is assumed that a pixel in LSB plane I of I is required LSB A decimal value D is embedded in the matrix, wherein the binary form of D is expressed as D binary (i) I=1, 2,..r, wherein r<m, the embedding method is to replace all elements in the ith row with D binary (i) An embedded region is obtained. The above execution is expressed as:
I LSB (i,1:n)=D binary (i),i=1,2,...,r (6)
wherein I (I, 1 to n) represents all elements of the I-th row.
(2) LSB extraction: even if the pixel value of I is lost under a clipping or noise attack, a fetch operation is required to accurately extract the pixel value from I LSB Extraction of D from binary . This operation is expressed by expression (7) or expression (8), where num (x, y) represents the number of y values in array x.
Figure SMS_4
Or (b)
Figure SMS_5
Maintaining D extraction from I in the event of a shearing or noise attack binary The precondition for the accuracy of (a) must satisfy the formula (9):
Figure SMS_6
as shown in FIG. 2 for example, embedding and extracting binary sequence D on an image of size 8×6 is illustrated binary Process=10101. Wherein S is binary A pixel value distribution representing an original image; embedding repetitive code the repetition code used for LSB embedding; row represents a Row; original lsb represents Original lsb; lsb afterprocessing shows lsb after the embedding process; extraction represents LSB extraction. It can be seen that each row of the original LSB is replaced with a corresponding value after the LSB embedding process.
The self-adaption process comprises the following steps:
the encryption and decryption process adopts an adaptive process driven by the formula (6) and an adaptive inverse process driven by the formula (7) or the formula (8). In these processes, the pixel values and pixel locations will be encrypted by a key stream associated with the plaintext, which may be automatically generated during decryption. The specific content and feasibility analysis are as follows:
the embodiment of the invention divides the self-adaptive process into two stages: masking pixel values and replacing pixel locations. In the previous stage, pixel I (I, j) uses K t (i, j) performing XORed (i.e., XOR operation), K t (i, j) is converted from the first key stream, wherein D is derived from equation (6), and the stages are described by equations (10) and (11). In the latter stage, the pixel positions are horizontally arranged by the position index p converted by the second key stream, as shown in formula (12).
Figure SMS_7
S LSB (i,j)=D binary (i),i=1,2,...,r,j=1,2,...,n (11)
S1(i,p)=S(i,j),i=1,2,...,m,j=1,2,...,n,p∈{1,n} (12)
For the design of the above work, the following two properties can be deduced.
(1) The elements output from the formulas (10 to 11) are input to the inverse process of the formula (10), and the pixels which are visually indistinguishable from the I (I, j) corresponding to the formula (10) are output. From the binary point of view of formulas (10-11), the elements are inputI(i,j)、K t (i, j) and D binary (i) The binary forms of (a) are respectively noted as:
[I(i,j)] 2 =(a 8 ,a 7 ,a 6 ,a 5 ,a 4 ,a 3 ,a 2 ,a 1 ),[K t (i,j)] 2 =(b 8 ,b 7 ,b 6 ,b 5 ,b 4 ,b 3 ,b 2 ,b 1 ) And e. The corresponding output S (i, j) can be represented by equation (13). Notably, if the inverse process control S (i, j) of equation (10) is K t (I, j) is XORed, then this corresponding output I' (I, j), denoted as equation (14), satisfies equation (15). Thus, I '(I, j) and I (I, j) may differ only in LSB, i.e., pixel I' (I, j) is visually indistinguishable from original pixel I (I, j).
Figure SMS_8
Figure SMS_9
Figure SMS_10
(2) The horizontal distribution of the embedded bits of the pixel position non-change type (6) arranged by the formula (12), that is, the relation of S and S1 satisfies the formula (16).
num(S LSB (i,:),D binary (i))=num(S1 LSB (i,:),D binary (i)),i∈(1,r) (16)
According to these two properties, the embodiment of the present invention defines the decryption process corresponding to S1. First, D is extracted from S1 by using the formula (7) or the formula (8) binary The inverse of equations (10) and (12) is then performed with the shared first and second keys K1 and K2, denoted as equation (17:18). In this way, the output image I' will be visually indistinguishable from the initial image I.
S(i,j)=S1(i,p),i=1,2,...,m,j=1,2,...,n,p∈{1,n} (17)
Figure SMS_11
For keystream generation in the above process, all pixels of I are further quantized to a value of D binary For perturbing K1 and K2. The generated plaintext-related keystream will then control the execution of the equations (10:12), forming an adaptive encryption process. Accordingly, the decryption process may automatically extract D by equation (7) or equation (8) binary To generate these key streams. Equation (17: 18) can be performed. Thus, the inverse of the adaptation process may be structured for decryption.
The mechanism encrypts pixel values and positions through a key stream associated with plaintext, enhancing anti-CPA capability. At the same time, this key stream for decryption is spontaneously generated, without the need for additional keys and additional ciphertext. In addition, the complete encryption and decryption algorithm benefits from the mechanism, and the anti-noise attack and the shearing attack are ensured.
On the basis, the embodiment scheme of the invention is specifically described.
In a first aspect, as shown in fig. 1, an embodiment of the present invention provides a method for encrypting a plaintext related image in a zero trust cloud based on LSB self-quantization, which may include the following steps A1 to A2:
A1, obtaining a first key stream, a second key stream and a disturbance value by utilizing an initial image, a first key and a second key through image quantization processing and chaotic system processing, wherein the first key and the second key comprise four sub-keys; here, the first key and the second key are acquired;
and A2, performing LSB embedded self-adaptive replacement pixel value processing, pixel position self-adaptive arrangement scrambling processing and diffusion processing on the initial image by using the first key stream, the second key stream and the disturbance value to generate an encrypted image.
The method for encrypting the plaintext related image in the zero trust cloud based on LSB self-quantization is specifically described below with reference to FIG. 3. In fig. 3, plain image represents a normal image, which is referred to herein as an initial image; quantizingplain image it showsQuantizing the normal image; disturbance value the disturbance value; modifying initial parameter, modifying the initial parameters; key (key) 1 Representing a first key; key (key) 2 Representing a second key; the Logistic system represents LM; PWLCM-CML system represents PWLCM; the chaos sequence represents a chaos sequence; self-adaptive substitution with LSB embedding represents adaptive replacement of LSB embedding; xor operation means an Xor operation; LSB repetitive embedding LSB repeated embedding; self-adaptive permutation represents an adaptive arrangement; first sub-process represents a First sub-process; second subprocess the second sub-flow; diffuse represents Diffusion; cipher image represents an encrypted image;
The steps are described below.
In an alternative implementation manner, the first key stream, the second key stream and the disturbance value are obtained through image quantization processing and chaotic system processing based on the initial image and the first key and the second key, and the method comprises five steps of A1-1, A1-2, A1-3, A1-4 and A1-5, and the content of the part can be understood from the part above the dotted line frame in FIG. 3. In the embodiment of the present invention, the first key is (x) 00 ) Wherein the two parameters represent the initial value and the control parameter of the LM, respectively. The second key is (z 00 ) Wherein z is 0 And eta 0 The initial value and the control parameter of the PWLCM are indicated, respectively. Thus, the key of the embodiment of the present invention consists of four fixed sub-keys (x 00 ) And (z) 00 ) Composition is prepared.
A1-1, using a second key (z 00 ) Generating a chaotic sequence Z as a second key stream through a chaotic system PWLCM;
the step is to generate a random sequence Z through PWLCM, and specifically comprises the following steps:
according to formula (4), the second key (z 00 ) As input, t is performed on PWLCM 0 Performing pre-iteration for avoiding transient effects, and performing (m+n+mn) iterations on the transient effects to generate a chaotic sequence Z serving as a second key stream; wherein, Z= { Z (1), Z (2), Z (3), Z(m+n+mn)},z 0 ∈[0,1],η 0 ∈[0,0.5]The method comprises the steps of carrying out a first treatment on the surface of the m and n represent the width and length of the original image, t 0 M and n are natural numbers greater than 0, t 0 And selecting according to the requirement.
A1-2, performing image quantization of the initial image by using a second key stream and an image quantization formula to obtain a sequence d 1
Specifically, let the initial image (also referred to as the aforementioned normal image) be I, which is quantized by the chaotic sequence Z to obtain the sequence d 1 As shown in formula (19):
Figure SMS_12
wherein mu 1 Representation mu 0 Is the initial value of (2); i (I) represents the I-th pixel of I.
A1-3, firstly setting an LM initial value in a chaotic system LM as a sequence d 1 Obtaining a disturbance value D based on LM iteration;
the method comprises setting LM initial value in LM as sequence d 1 Performing 100 iterations on the LM to obtain a chaotic sequence d= { d 1 ,d 2 ,d 3 ,...,d 100 -a }; then, the last element d in the chaotic sequence d is processed by using a disturbance value generation formula 100 Obtaining a disturbance value D.
Wherein, the initial value in the chaotic system LM is set as a sequence d 1 According to formula (4). The disturbance value generation formula is shown in formula (20).
D=round((d 100 -floor(d 100 )×2 32 )) (20)
A1-4, based on the perturbation value D and the first key (x 00 ) Reconstructing an initial value of LM to obtain a reconstructed initial value x for LM 0 The method comprises the steps of carrying out a first treatment on the surface of the The initial values after LM reconstruction were constructed as:
Figure SMS_13
in the formula (21), x on the left side of the equal sign in the lower expression 0 Is the initial value after reconstruction, x on the right side of the equal sign 0 The initial value is derived from the first key.
A1-5, let LM adopt reconstructed initial value (21), t to LM 0 A pre-iteration is performed to avoid transient effects, generating a chaotic sequence X as a first key stream, wherein x= { X (1), X (2), X (3), X (m+n+mn) }.
From the above, it can be seen from the foregoing that the perturbation value and the key stream (also referred to as the key stream) of the embodiment of the present invention are generated by combining the PWLCM, LM and the initial image (normal image). The initial value generated by equation (19) is sensitive to variations in pixel values in plaintext I and satisfies unpredictability; mu (mu) 1 =4 satisfies full traversal; whereas D from iteration 100 of LM satisfies a high sensitivity to the initial value. Therefore, the disturbance value D cannot be maliciously constructed by an attacker. Therefore, an attacker cannot maliciously construct the disturbance value D, which depends on knowledge of the initial image (normal image). Furthermore, each element in the generated X may be highly sensitive to a change in the value of D, and X and Z will be used as a key stream to ensure sensitivity of the key and the original image (normal image).
For A2, in an alternative implementation manner, LSB embedded adaptive replacement pixel value processing, pixel position adaptive arrangement scrambling processing and diffusion processing are performed on an initial image by using a first key stream, a second key stream and a disturbance value, so as to generate an encrypted image, which includes four steps of A2-1, A2-2, A2-3 and A2-4:
A2-1, performing an XOR operation on the pixels in the initial image (common image) and the mask value obtained by converting the first key stream to modify the pixel value, and embedding a disturbance value D to realize LSB embedded self-adaptive replacement pixel value processing; the LSB embedding adaptive replacement pixel value process is understood with reference to the portion corresponding to the first dashed box in fig. 3. This part is also called LSB embedded adaptive replacement.
According to equations (10) and (11), LSB embedded adaptive substitution is designed for modifying pixel values and embedded perturbation values. The algorithm is described as algorithm 1.
Fig. 4 gives an example of replacing a single pixel with LSB embedding and its inverse. On the left side of fig. 4, the plaintext i=135 is xored with the mask value k=212 to obtain s=83, and then a bit "0" is embedded in S to obtain the final output pixel. Correspondingly, the right part of fig. 4 depicts the inverse of the left part, S can be restored to I'. This procedure therefore indicates that the first property described above can be satisfied for decryption.
A2-2, embedding LSB into the image pixel position obtained by the self-adaptive replacement pixel value processing, and horizontally arranging the image pixel position by using a position index p obtained by converting a second key stream to realize the self-adaptive arrangement scrambling processing of the pixel position;
The pixel location adaptive arrangement scrambling process is understood with reference to the portion of fig. 3 corresponding to the second dashed box.
The adaptive arrangement is designed based on equation (12), scrambling all pixel locations, algorithm 2 describes this permutation process.
Fig. 5 gives an example of the pixel arrangement and its LSB distribution. In this figure, a matrix P of size 3×3 represents an input, and each bin represents one pixel and its corresponding embedded bit. Due to the plaintext related perturbation mechanism of the embodiments of the present invention, all pixel locations and their LSBs are arranged from (a) to (e), while the LSBs of each row remain unchanged from (a) to (c). And, before performing the inverse of (a: c), the extraction operation may be performed on (c). Thus, the second attribute described above may be used for decryption.
Also, please refer to table 1, which shows the chi-square result of the initial image (normal image) and the corresponding password image.
TABLE 1
Figure SMS_14
A2-3, obtaining a diffusion input sequence Z2 through a second key stream, wherein Z2= { Z (m+n+1), Z (m+n+2), Z (m+n+3), Z (m+n+mn) };
a2-4, generating an encrypted image by using a diffusion input sequence Z2 and a diffusion processing formula for the image obtained by the pixel position self-adaptive arrangement scrambling processing.
Here, the Diffusion process is understood by referring to the Diffusion section following the two dashed boxes in fig. 3.
Specifically, encryption requires a round of diffusion, and a bitwise-XOR and a modular operation are combined, so that the distribution of pixel values and embedded information can be masked. The image obtained by the scrambling processing of the input Z2 and the pixel position self-adaptive arrangement is marked as T and is output as a final encrypted image C. This stage is described by formula (22) and formula (23):
K=mod(round((Z2(1:mn)-floor(Z2(1:mn)))×10 14 ),256) (22)
Figure SMS_15
where K represents the mask value.
According to the encryption method for the plaintext related image in the zero trust cloud based on the LSB self-quantization, which is provided by the embodiment of the invention, two key streams and a disturbance value are obtained through two keys and image quantization and chaotic system processing, and the two key streams and the disturbance value are utilized to perform LSB embedded self-adaptive replacement pixel value processing, pixel position self-adaptive arrangement scrambling processing and diffusion processing on the image, so that a password image is generated. The process utilizes the weak visual effect of LSB, and proposes an adaptive process driven by LSB self-quantization by embedding the least significant bit LSB in the pixel, a new encryption method related to plaintext is formed in a given ZT model, and the pixel value and the position are encrypted through a key stream related to the plaintext, so that no additional key and no additional ciphertext are needed, the cost can be reduced, and the noise attack and the shearing attack can be guaranteed.
In a second aspect, corresponding to the encryption method of the plaintext related images in the LSB self-quantization-based zero trust cloud provided in the aspect, an embodiment of the present invention further provides a decryption method of the plaintext related images in the LSB self-quantization-based zero trust cloud, as shown in fig. 6, where the decryption method includes:
b1, generating a second key stream by using a second key, and performing inverse diffusion processing according to the second key stream and an encrypted image to be decrypted to obtain a diffusion inverse processing image;
and B2, utilizing a first key to obtain an embedded disturbance value, a first key stream and a decrypted image for the diffusion inverse processing image based on the inverse processing of the pixel position self-adaptive arrangement scrambling processing and the LSB extraction processing, wherein the LSB extraction processing is the inverse processing of the LSB embedded self-adaptive replacement pixel value processing.
The LSB extraction process is the inverse process of the LSB embedded adaptive replacement pixel value process.
Unlike the conventional decryption process, which is simply the inverse of the encryption process, the embodiment of the present invention decrypts according to equation (17:18), and extracts by equation (7) or equation (8), as will be understood with reference to fig. 7. In fig. 7, inverse diffusion represents back diffusion; reverse self-adaptive permutation represents an inverse adaptive arrangement; LSB extraction represents LSB extraction; reverse self-adaptive substitution represents an inverse adaptive substitution.
The following is a detailed description.
In an alternative embodiment for B1, this step includes three steps, B1-1 through B1-3:
b1-1, using a second key (z 00 ) Generating a second key stream by a chaotic system PWLCM, the second key stream being represented as z= { Z (1), Z (2), Z (3), Z (m+n+mn) }; during decryption, four subkeys (x 00 ,z 00 ) It is known that the number of the cells to be processed,
b1-2, obtaining a diffusion input sequence Z2 through a second keystream, wherein z2= { Z (m+n+1), Z (m+n+2), Z (m+n+3), Z (m+n+mn) };
according to the way the encryption process is handled, according to the second key (z 00 ) A second keystream Z may be generated. The specific generation process is referred to in the foregoing related content, and will not be described herein.
B1-3, performing diffusion inverse processing on the encrypted image according to the diffusion input sequence Z2 and the diffusion processing formula to obtain a diffusion inverse processing image.
The inverse of equations (22) and (23) can be performed by inputting the encrypted image C and the diffusion input sequence Z2, to obtain a diffusion inverse-processed image, that is, an image tbutput.
In an alternative embodiment for B2, this step includes three steps of B2-1, B2-2 and B2-3:
b2-1, obtaining a chaotic sequence Z1 through a second key stream, wherein z1= { Z (1), Z (2), Z (3), Z (mn) };
B2-2, performing inverse processing of pixel position self-adaptive arrangement scrambling processing on the diffusion inverse processing image according to the chaotic sequence Z1 to obtain a first processing image; where Z1 is used to perform the inputs of the 10 th and 15 th lines of algorithm 2, T is the inverse process of the 16 th line, then the 12 th line of the inverse execution algorithm 2 is input, and the first processed image, i.e., image S2, is output.
B2-3, extracting a disturbance value D from the first processed image by utilizing an LSB extraction formula;
specifically, according to the expression (17) and the extraction operation defined as the expression (7) or the expression (8), the image S2 is first inputted, and the D generated in the expression (20) is extracted binary
B2-4, using the perturbation value D and the first key (x 00 ) Reconstructing an LM initial value, and generating a first key stream according to the reconstructed initial value, the first key stream being represented as x= { X (1), X (2), X (3),., X (m+n+mn) };
b2-5, obtaining a chaotic sequence X1 and a chaotic sequence X2 through a first key stream, wherein x1= { X (1), X (2), X (3),. X (mn) }, x2= { X (mn+1), X (mn+2),. X (m+n+mn) };
b2-6, performing inverse processing of pixel position self-adaptive arrangement scrambling processing on the diffusion inverse processing image according to the chaotic sequence X2;
and B2-7, performing LSB extraction processing on the image obtained by the inverse processing of the pixel position self-adaptive arrangement scrambling processing by using the chaotic sequence X1 to obtain a decrypted image.
Specifically, according to the relevant steps of the foregoing encryption process, a keystream x= { X (1), X (2), X (3),... Finally, lines 2 and 7 of algorithm 2 may be performed by inputting x2= { X (mn+1), X (mn+2),..x (m+n+mn) }, then inputting image T, performing the inverse of line 8, and then performing line 4 of algorithm 2 in reverse, image S being output.
Then, according to the formula (18), by inputting x1= { X (1), X (2), X (3),., X (mn) }, and the image S, the inverse process of the 12 th and 13 th lines in the algorithm 1 can be performed, obtaining a decrypted image.
In the LSB self-quantization-based method for decrypting the plaintext related image in the zero trust cloud, which is provided by the embodiment of the invention, a second key stream is generated based on four owned subkeys, and the inverse processing of diffusion processing is performed according to the second key stream and the encrypted image; and obtaining an embedded disturbance value, a first key stream and a decrypted image by carrying out inverse processing and LSB extraction processing on the diffusion inverse processing image based on pixel position self-adaptive arrangement scrambling processing. In the process, the key stream for decryption is spontaneously generated, and an additional key and an additional ciphertext are not needed, so that the cost can be reduced, and the noise resistance and the shearing resistance are ensured.
In a third aspect, on the basis of the encryption and decryption method of the plaintext related images in the zero trust cloud based on LSB self-quantization provided in the previous aspect, an embodiment of the present invention provides an image cryptographic system, as shown in fig. 8.
An encoding end and a decoding end; the coding end adopts the encryption method of plaintext related images in the zero trust cloud based on LSB self-quantization in the first aspect to encrypt the images; the decoding end adopts the LSB self-quantization-based plaintext related image decryption method in the zero trust cloud to decrypt the image.
Through the LSB self-quantization operation mechanism, the encryption method of the plaintext related image in the zero trust cloud based on LSB self-quantization, which is provided by the embodiment of the invention, is different from the existing image encryption scheme. As in the previous fig. 3, the proposed encryption process is described. First, in the upper half of fig. 3, a normal image is quantized into a disturbance value. And then key is used 1 And key 2 Respectively input to the LM and PWLCM to generate a key stream. Secondly, the original image encryption is divided into three stages of LSB embedding, substitution and diffusion. Finally, a password image is generated. Accordingly, the proposed decryption algorithm is shown in fig. 7. This process is the inverse of the encryption process, while a slight difference is observed in the inverse permutation stage. At this stage, an extraction operation is required The disturbance value is used as an initial condition of the LM to generate a key stream required by subsequent decryption.
For specific encryption and decryption methods, please refer to the relevant content above, and detailed description is omitted here.
In a ZT image cloud storage system model, the inventors focused only on the image cryptographic system applied in the model, as shown in fig. 9. Fig. 9 is an image cryptographic system for image cloud storage based on ZT principle according to an embodiment of the present invention. Wherein verify policy; cloudrovider represents a cloud provider; public orprivate cloud storage represents public or private cloud storage; headquarter enterprise represents a headquarter business; image wner represents the image owner; image receiver represents the image recipient; proposed image cryptosystem shows an image cryptographic system according to an embodiment of the present invention; image data represents image data; the cipher image represents a password image; secret key represents a key; policy management platform represents a policy management platform; identity authentication identity verification; dynamic access control dynamic access control; continuous trust assessment, continuous trust evaluation.
The model is based on [3,42] The enterprise-level ZT principle described in (a) has three participating entity clouds, headquarter enterprises and partner enterprises. In addition to the image cryptographic system of the model, verification policies include identity management and authentication, dynamic access control and continuous trust assessment, as well as cryptographic image distribution and key agreement [43] And secret sharing protocols. Embodiments of the present invention assume that these policies and protocols are secure, which is not an important aspect of embodiments of the present invention. Under the support of these policies and protocols, encryption and decryption functions may be performed.
As described above, this model of the embodiment of the present invention is different from the conventional cloud storage model. The conventional mode may have internal security of the entity, and the application of existing image encryption to the entity may lead to poor performance problems. Therefore, the proposed image cryptographic system is applied to the model on the premise that ZT policies can improve internal security.
An attacker model according to an embodiment of the present invention is described below.
In the attacker model, the emphasis of the embodiment of the invention is on the potential attack of the image encryption technology performed in the system model. Since ZT principle assumes that both external and internal entities are unsafe [1] It is therefore necessary to introduce attacks in the attacker model in the encryption of the following images:
Cryptanalytical attack: such attacks can break the image confidentiality guaranteed by encryption. Potential adversaries include external adversaries in the communication process, and internal adversaries in the cloud and enterprise. If the attacker obtains the ciphertext and even has encryption rights, the attacker can implement the attacks such as statistical attack, brute force attack, differential attack, plaintext attack and the like.
Shear or noise attack: decryption may fail if the encrypted image is corrupted by such an attack. These attacks are typically performed by malicious adversaries in the cloud, businesses, ciphertext transmission channels, and also have non-malicious behavior such as damaging storage devices or channel noise.
According to the system model and the attacker model, the research objective of the embodiment of the invention is to design an image encryption and decryption algorithm related to plaintext, improve efficiency, avoid extra key cost and extra ciphertext cost, resist the attack, and further make the image password system more suitable for ZT image cloud storage scenes.
The zero-trust principle, which indicates that confidentiality of data is guaranteed by encryption methods, is a very promising approach to securing cloud storage data. However, in ZT image cloud storage scenarios, conventional symmetric cryptosystems and arrangement-diffusion structure based image encryption schemes cannot balance efficiency and security. Existing plaintext-related image encryption schemes improve these problems, but result in additional key overhead for different plaintext, and additional ciphertext overhead can result in decryption failure under cut and noise attacks. Therefore, these encryption schemes do not meet ZT requirements in terms of both overhead reduction and resistance to multiple attacks.
The embodiment of the invention provides an adaptive process of LSB self-quantization driving by embedding Least Significant Bits (LSB) in pixels, and forms a new plaintext-related encryption scheme in a given ZT model. In the analysis of the embodiments of the present invention, two pixel level attributes may be obtained by LSB repetition embedding, LSB extraction, bit exclusive or, and cyclic shift operations. With these attributes, a key stream associated with plaintext is generated to encrypt pixel locations and pixel values, and the perturbation values thereof are spontaneously extracted from the LSBs for decryption. Therefore, the proposal provided by the embodiment of the invention only needs to be executed for one round, does not need additional secret keys and ciphertext, can resist multiple times of cryptanalysis and ensures decryption under the condition of shearing or noise attack. Further simulation results show that the scheme has good anti-attack capability and good application potential in a ZT image cloud storage scene.
Table 2 below shows a comparison of the performance of an existing image encryption scheme with an embodiment of the present invention.
TABLE 2
Figure SMS_16
Wherein Scheme represents a Scheme, wherein PDS within two rounds represents two-round PDS; scheme I represents Scheme one; scheme II represents Scheme two; schemeIII represents scheme three; our schema represents an embodiment of the present invention. Resist CPA for the first row indicates Resist CPA; no additional key overhead no additional key overhead; resist clipping and noise attacks is resistant to shearing and noise attacks; no additional ciphertext overhead, no additional ciphertext overhead. Wherein the different schemes are followed by relevant literature labels, and whether each scheme has relevant performance is represented by ∈x.
In summary, an adaptive process of LSB self-quantization driving is proposed by using the concept of embedding the pixels into the Least Significant Bit (LSB), and an improved plaintext related image cryptosystem is formed. The contribution of the embodiment of the invention is as follows:
(1) LSB self-quantization operations involving repeated embedding and extraction are proposed for the first time in image encryption schemes, recording plaintext information as pure pixels.
(2) The self-adaptive process driven by LSB self-quantization is developed and analyzed, and a new plaintext related encryption and decryption interference mechanism is formed.
(3) Experiments have shown that the proposed scheme only needs to be performed for one round. The scheme can resist CPA attack, statistical attack, differential attack, shearing attack and noise attack on the premise of avoiding additional keys and ciphertext.
According to the system model described in the third aspect, the effectiveness of the encryption and decryption method is evaluated in a simple simulated ZT cloud storage scene.
Simply realize the simulation scene: first, hardware is prepared. The experiment uses three core i5-4200m 2.50 CPUs and 4GB RAM to initialize headquarter enterprise clients, partner enterprise clients and cloud server notebook computers. Second, the experiment simulates a ZT authentication and cryptosystem setup. Based on the simple ZT principle used for image sharing, windows user login function and local area network access function are used to ensure that both internal and external authentication can be obtained. After these authentications, MATLAB is applied for encryption, decryption, and various tests. Third, a transmission channel is provided. It is assumed that the cloud server can provide an upload or download function, and that a shared key between the headquarter enterprise and the partner enterprise is secure. Thus, windows 10 mimics FTP functionality on both cloud and headquarter enterprises, the authority of the former being limited to being readable by the partner enterprise, and the authority of the latter being limited to being readable and writable.
Proposed input conditions for the cryptosystem: the initial bars asx 0= 0.166889706987028, μ0= 3.995124127822219, z0= 0.9030976092895, η0= 0.275093096440724, which are randomly selected from LM and PWLCM, are denoted as (x 00 ) And (z) 00 ) I.e. as described above (x 00 ) And (z) 00 ). The test image is extracted from the SIPI library image dataset.
In experiments, two rounds of PDS-based protocols [12] Scheme 1[35 ]]Scheme 2[37 ]]And scheme 3[39 ]]Is a comparison scheme.
1. Cryptanalytical attack:
TABLE 3 NPCR and UACI results for different algorithms
Figure SMS_17
Experiment preparation: according to the attack model, the embodiment of the invention sets the opponent as the cloud server, and carries out the password analysis test on the simulated cloud. First, user login and local area network access are performed for a simulated headquarter enterprise. Secondly, the test image is encrypted in MATLAB of the enterprise and then uploaded to the cloud. Finally, statistical attack, differential attack, brute force attack, ciphertext attack and plaintext attack are adopted to test at the cloud.
Secondly, the test image is encrypted in MATLAB of the enterprise and then uploaded to the cloud. Finally, statistical attack, differential attack, brute force attack, ciphertext attack and plaintext attack are adopted to test at the cloud.
Table 4 encrypted NPCR results in minor modifications to each subkey adversary
Figure SMS_18
Table 5 decrypted NPCR resulted in minor modification of each subkey adversary
Figure SMS_19
1.1 statistical attack
Because of the special structure of the digital image, information is easy to leak according to the data distribution characteristics of the digital image. To combat statistical attacks, some analytical methods are used to test the randomness of the images.
a) Histogram analysis: the histogram statistics is the number of pixels corresponding to each gray level in the image, and represents the distribution attribute of the pixel values. Referring to fig. 10, fig. 10 shows the results of a histogram in an experiment according to an embodiment of the present invention, in which the images are sequentially from left to right: original image, original image histogram, password image histogram. Fig. 10 depicts histograms of a normal image and a corresponding password image. It can be seen directly that the histogram values of the cryptographic image are uniformly distributed over the interval 0,255, unlike the normal image. Furthermore, the chi-square test can quantitatively verify whether the pixels are uniformly distributed [46], as shown in equation (24):
Figure SMS_20
wherein K is gray level, p i And
Figure SMS_21
the actual event and the expected event within the same pixel gray level, respectively. In the case of a significance level of 0.05, when +.>
Figure SMS_22
In the case of non-repudiation of the threshold value +. >
Figure SMS_23
And the histogram is the same original assumption. Table 1 shows the chi-square test results for different images, wherein the deviation is 293 minus +.>
Figure SMS_24
As a result of (a). Notably, +.about.all encrypted images>
Figure SMS_25
Are less than the critical value. Thus, the null hypothesis may be accepted such that an attacker cannot obtain useful clues through histogram analysis.
b) Correlation analysis: typically, in meaningful images, adjacent pixels have a high correlation. Therefore, for a password image with good fitting effect, the correlation between adjacent pixels in each of the vertical, horizontal, diagonal directions should be reduced as much as possible. The correlation coefficients of adjacent pixels are derived from equation (25:27).
Figure SMS_26
Figure SMS_27
Figure SMS_28
Wherein x is i And y i Representing two adjacent pixels, N is the number of samples, r xy ∈[-1,1],r xy The closer to 0, the lower the pixel correlation.
To reflect the correlation between pixels directly, 20000 pairs of pixels were randomly chosen from Lena, as shown in fig. 11. Fig. 11 shows the distribution of adjacent pixels, the first line displaying a normal image and the second line displaying a password image. (a) horizontal direction. (b) vertical direction. (c) diagonal direction. The first row represents the correlation diagram of Lena in three directions and the second row represents the correlation diagram of the corresponding encrypted image in three directions. As can be seen from the figure, all points are randomly distributed throughout the ciphertext image histogram. Table 6 further gives the correlation coefficients of the normal image and the password image. As can be seen from the table, the correlation coefficient of the encrypted image is greatly reduced compared with the normal image. The result of our scheme is closer to 0 than other schemes, which means that our scheme performs better in eliminating the strong correlation between the original pixels.
Table 6 correlation coefficient comparisons for different algorithms
Figure SMS_29
c) Global entropy: the randomness of the encrypted image is typically evaluated by entropy. Entropy H is defined as formula (28):
Figure SMS_30
wherein s represents an image, n and P (sn) Representing the bit length and probability of the pixel sn, respectively. If the entropy of the image is close to 8,all pixels are uniformly distributed at random. As can be seen from table 7, the inventive example scheme is close to the theoretical value and slightly better than the comparative scheme.
Table 7 entropy comparison of different algorithms
Figure SMS_31
From the above analysis, it can be seen that the statistics of the password image are not revealed during storage and transmission. Therefore, the proposed scheme is well resistant to statistical attacks by potential adversaries in ZT cloud scenarios.
1.2 differential attack
In order to resist differential attacks, the encryption algorithm needs to have good image sensitivity. Even if one bit is changed on one normal image pixel, a large avalanche effect should be generated in the encrypted output. The pixel count rate of change (NPCR) and the unified mean change intensity (UACI) reflect the difference between the two images. Can be calculated from equation (29:31).
Figure SMS_32
Figure SMS_33
Figure SMS_34
Wherein C is 1 And C 2 Representing two images; f is the maximum allowed pixel value (f=255); m and N are the height and width of the password image, respectively. For images of sizes 256×256, 512×512, and 1024×1024, the thresholds of NPCR and UACI are calculated at a significance level of 0.05. The expected values for NPCR and UACI were 99.6094% and 33.4635%, respectively. In addition, calculate C 1 And C 2 The ratio of the different numbers of bits of (a) is taken as an avalanche criterion, and the expected value is equal to about 50%.
In the test, a pixel is randomly selected from the common image, and the LSB of the pixel is turned over to obtain a modified image. The two images are then encrypted to obtain the NPCR and UACI between the two encrypted images. Each image was tested 100 times and the minimum, maximum and average values are recorded in table 3. NPCR and UACI threshold evaluation of the test images at a significance level of 0.05 is shown in table 8. The result shows that compared with the algorithms in [12], [37] and [39], the average value of the scheme of the embodiment of the invention is closest to the ideal values of NPCR and UACI, and the scheme of the embodiment of the invention has good image sensitivity and higher differential attack resistance. The reason may be that the chaotic system is highly sensitive to disturbances related to plaintext, while the critical flow related to plaintext achieves a good avalanche effect.
TABLE 8 evaluation test chart of NPCR and UACI threshold at 0.05 significance level
Figure SMS_35
1.3 brute force attack
a) Key space: the key of the proposed scheme is the initial condition (x 00 ,z 00 ). From the IEEE754 floating-point number, it can be assumed that the calculation accuracy of the double-precision floating-point number is 10 15 . Due to 49 <log2(10 15 )=49.82892…<At 50, these floating point numbers will be saved by using 49 or 50 significant digits, where the 50-digit binary digits cannot be converted beyond 15 decimal significant digits. In this scheme, x 0 ,z 0 ∈[0,1],μ 0 ∈(3.89,4],η 0 ∈[0,0.5]Thus the key space is
Figure SMS_36
It can be seen that the key size guarantees that 195 valid bits are contained, which is greater than both 128 bits of DES and 192 bits of AES. Therefore, the scheme meets the safety requirement of resisting violent cracking.
b) Key sensitivity: key sensitivity is a key component required to evaluate the validity of key cryptanalysis. Technically, the test requires that small changes in the key can produce statistically significant differences for the same image, which is reflected in both the encryption result and the decryption result.
(1) In the encryption test, a difference in encryption result caused by a minute change in each portion of the key is tested. First, a 100-group key K (i) = (x) is arbitrarily generated 0 (i),μ 0 (i),z 0 (i),η 0 (i) (i=1, 2,3, …, 100) to encrypt a normal image. A total of 100 ciphertext images Cm1 (i), (i=1, 2,3, …, 100) are obtained. Next, a corresponding comparison key K' (i) = (x) is obtained 0 (i)±10 -14 ,μ 0 (i),z 0 (i),η 0 (i) (i=1, 2,3, …, 100) to encrypt the normal image. A total of 100 ciphertext images Cm2 (i), (i=1, 2,3, …, 100) are obtained. Finally, NPCR (Cm 1 (i), cm2 (i)) and (i=1, 2,3, …, 100) given by the formula (29) were calculated, and an average value of these 100 NPCR values was obtained. Similarly, with x 0 Test mu in the same manner 0 ,z 0 And eta 0 . In addition, different common images were tested in the same way. The results are shown in Table 4.
(2) At decryption time, the wrong key is tested to obtain a decrypted image. The experimental method is the same as the encryption test. Table 8 shows the values of (x) for 100 sets K 0 ,μ 0 ,z 0 ,η 0 ) NPCR between decrypted image and correctly decrypted image.
Experimental results indicate that the proposed protocol passes NPCR test of corresponding size at a significant level of 0.05. These results indicate that the method has a high sensitivity to minor key changes. The reason for this may be that the proposed scheme combines LM and PWLCM.
1.4 known plaintext attacks and select plaintext attacks
Plaintext Attack (KPA) and selective plaintext attack (CPA) are known to be the most commonly used and effective image encryption methods at present. In light of the security vulnerabilities of PDS described above, the cryptographic system proposed by embodiments of the present invention resists such attacks from three aspects.
(1) The weakness of a fixed equivalent key stream is avoided. In particular, the proposed replacement and permutation phase converts the plaintext-dependent keystream into an equivalent keystream, thereby masking the pixel locations and pixel values. To illustrate that the proposed solution can avoid this weakness, embodiments of the present invention calculate equivalent critical flows for both phases. For the replacement phase, its equivalent key stream is obtained from either line 5 or line 12 of algorithm 1. For the permutation stage, a 256-sized sequence matrix (1, 2,3, …,256×256) is input into algorithm 2, resulting in the result (index (1), index (2), index (3), …, index (256×256)), which may represent the final permutation index for each pixel location, which is also the equivalent key stream for this stage. Thus, attack images, including an image of 0 (0, …, 0), images of a non-0 (1, 0, …, 0) and 255 (255, …, 255) are selected, as well as their sizes. The NPCR between the normal image and these attacked images is calculated from equation (29). As can be seen from table 9, the protocol herein passed the NPCR test of corresponding size at a significant level of 0.05, except for the results of the pepper image and zero image alignment stage. This is acceptable because it is close to ideal and the attacker cannot bypass the replacement phase.
Algorithm 1
LSB embedded adaptive replacement:
Figure SMS_37
algorithm 2
Self-adaptive arrangement:
Figure SMS_38
thus, the proposed mechanism makes the encryption process sensitive to changes in the normal pixels. This approach avoids the security vulnerability of the fixed equivalent key stream compared to PDS-based encryption ([ 12-19 ]).
(1) Avoiding the input-output vulnerability of displacement diffusion. As shown in table 9, the global pixel values and pixel locations achieve nonlinear dynamic changes due to the control of the permutation stage and the plaintext-related equivalent key stream of the permutation stage. In addition, when input to the diffusion stage, arbitrarily constructed pixels become unpredictable, which makes the output unpredictable as well. Thus, the input attack image cannot bypass the alignment phase and the linear avalanche effect of the diffusion operation is avoided when modifying the pixel values.
TABLE 9 NPCR of equivalent key streams between normal image and different attack images
Figure SMS_39
(2) Preventing leakage of embedded information under KPA and CPA. The arrangement stage and the diffusion stage obtained by the formulas (22 to 23) mask the information embedded in the encrypted image. Even with equations (14-15), the information embedded on the decryption result can be masked again. Thus, leakage of embedded information can be prevented under KPA and CPA.
2. Efficiency of
Experiment preparation: the test tool for encryption time is MATLAB in a simulation environment of a headquarter enterprise. Image encryption schemes [ 12-37 ] and [39] were compared. The embodiment of the invention tests a 512 x 512 Lena image and records the average time required to encrypt the image 50 times using different encryption algorithms in the same operating environment.
TABLE 10 encryption efficiency [12,37] And [39] is a comparison of (2)
Figure SMS_40
Efficiency is analyzed by the number of execution rounds, algorithm operating frequency and execution time. Table 10 provides a detailed comparison of the efficiencies. It can be inferred from the table that after introducing the LSB self-quantization operation, the operation frequency of the algorithm is higher in the diffusion stage than in [13] and [38], and lower in the permutation stage. But the number of rounds is reduced to 1 round and the operation time is lower. This finding also shows that the additional LSB embedding operation consumes only a small portion of the entire encryption scheme. Therefore, the scheme provided by the embodiment of the invention is effective in a ZT cloud storage client scene.
3. Noise and shear attack analysis
Experiment preparation: according to the attack model, it is assumed that the adversary is a cloud server. Therefore, in the simulation environment, the headquarter enterprise is first logged in to encrypt the image and upload it to the cloud. Secondly, the login cloud carries out noise or shearing attack on the received password image. And finally, downloading the secret key and the password image from the headquarter company and the cloud end respectively for testing. The effectiveness of the LSB extraction operation was tested and the proposed scheme was then compared to the decryption availability of [12] and [37], as follows:
a) Validity of LSB self-quantization operation: since the decryption process requires LSB extraction operations, this experiment was intended to test the validity of the operation. The correctness of the execution of the formulas (7) and (8) depends on whether the formula (9) is satisfied after being attacked. Thus, the inventive examples tested the extent of effect of equation (9) on S2 under both attacks. As shown in fig. 12 (a), the horizontal axis represents the percentage of the shearing area, and the shearing position was randomly selected. The vertical axis represents the smallest unchanged bit proportion in the LSB plane. Minimum { D true The calculation is performed according to equation (9).
The experimental results of the noise attack are shown in fig. 12 (b). The horizontal axis represents the percentage of noise attacks; the vertical axis represents the smallest unchanged bit proportion in the LSB plane.
As can be seen from fig. 12, when the two attack degrees are in the range of 1% to 70%, the proportion of the unchanged bits in the decryption process is always greater than 0.5, which indicates that the formula (9) can maintain the validity. Therefore, the LSB extraction operation is also effective when attacked by less than 70% clipping or noise.
b) Availability of decryption results: the decryption results have a low degree of propagation of pixel loss for the encrypted image. The test image was 512 x 512Lena. As can be seen from fig. 13 and 14, different shearing attacks or noise attacks can make the decrypted image retain visual information even if the attack level reaches 70%. As can be seen from fig. 15 and 16, under the same attack, the decrypted image of the scheme has better visual effect than the decrypted images of the other two schemes. This finding also confirms that the encryption mechanism used in [12] and [37] can cause greater error propagation in the decryption results.
The proposed solution may be resistant to potential clipping or noise attacks by adversaries. Therefore, the scheme ensures good decryption availability in the cloud storage ZT scene.
In summary, based on the self-adaptive process driven by LSB self-quantization, the embodiment of the invention provides a new plaintext related encryption scheme which has good compatibility between reducing part of realization cost and resisting various attacks. In the proposal, the repeated embedding and extracting operation of the LSB is defined by utilizing the weak visual effect of the LSB, and the pixel attribute in the self-adaptive process is obtained, so that the encryption and decryption process is related to the plaintext. The experiments were performed in a simulated ZT cloud environment. The result shows that the proposed scheme has good resistance to statistical attacks, differential attacks, KPA attacks and CPA attacks, and only needs one round of execution. Thus, this scheme is efficient compared to conventional two-round PDS-based encryption schemes. More importantly, the decryption availability experiment shows that the LSB extraction operation is effective under 70% clipping or noise attack, and the decrypted image can still keep the visual information of the plaintext image. The result further proves that the scheme solves the problem of performance compatibility of the existing plaintext related encryption, avoids extra key cost and extra ciphertext cost, and improves decryption performance. Therefore, the scheme is suitable for encryption under the ZT image cloud storage scene.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.
The following are references referred to herein:
[1]Herardian R.The soft underbelly of cloud security.IEEE Security&Privacy 2019;17(3):90–3.https://doi.org/10.1109/msec.2019.2904112.
[2]Hassan R,et al.A Novel Approach to Data Encryption Based on Matrix Computations.CMC-COMPUTERS MATERIALS&CONTINUA 2021;66(2):1139–53.https://doi.org/10.32604/cmc.2020.013104.
[3]TeeraKanoKS,et al.Migrating to Zero Trust Architecture:Reviews and Challenges.Security and Communication NetworKs 2021:2021.https://doi.org/10.1155/2021/9947347.
[4]Sultana M,et al.Towards developing a secure medical image sharing system based on zero trust principles and blocKchain technology.BMC Medical Informatics and Decision MaKing2020;20(1):1–10.https://doi.org/10.1186/s12911-020-01275-y.
[5]Lin C,et al.OBFP:Optimized BlocKchain-Based Fair Payment for OutsourcingComputations in Cloud Computing.IEEE Transactions on Information Forensics and Security2021;16:3241–53.https://doi.org/10.1109/tifs.2021.3073818.
[6]Shah SW,et al.LCDA:Lightweight Continuous Device-to-Device Authentication for aZero Trust Architecture(ZTA).Computers&Security 2021:102351.https://doi.org/10.1016/j.cose.2021.102351.
[7]Hao X,et al.Asymmetric cryptographic functions based on generative adversarial neuralnetworKs for Internet of Things.Future Generation Computer Systems 2021.https://doi.org/10.1016/j.future.2021.05.030.
[8]LaKshmi C,et al.Neural-assisted image-dependent encryption scheme for medical imagecloud storage.Neural Computing and Applications 2020:1–14.https://doi.org/10.1007/s00521-020-05447-9.
[9]Rayappan D,Pandiyan M.Lightweight Feistel structure based hybrid-crypto model formultimedia data security over uncertain cloud environment.Wireless NetworKs 2021;27(2):981–99.https://doi.org/10.1007/s11276-020-02486-x.
[10]Fridrich J.Symmetric ciphers based on two-dimensional chaotic maps.InternationalJournal of Bifurcation and chaos 1998;8(06):1259–84.https://doi.org/10.1142/s021812749800098x.
[11]Shannon CE.Communication theory of secrecy systems.The Bell system technicaljournal 1949;28(4):656–715.https://doi.org/10.1002/j.1538-7305.1949.tb00928.x.
[12]Cao W,et al.Designing a 2D infinite collapse map for image encryption.SignalProcessing 2020;171:107457.https://doi.org/10.1016/j.sigpro.2020.107457.
[13]Yosefnezhad Irani B,et al.Digital image scrambling based on a new one-dimensionalcoupled Sine map.Nonlinear Dynamics 2019;97(4):2693–721.https://doi.org/10.1007/s11071-019-05157-5.
[14]PaKC,Huang L.Anew color image encryption using combination ofthe 1D chaotic map.Signal Processing 2017;138:129–37.https://doi.org/10.1016/j.sigpro.2017.03.011.
[15]Chen J-x,et al.An efficient image encryption scheme using looKup table-based confusionand diffusion.Nonlinear Dynamics 2015;81(3):1151–66.https://doi.org/10.1007/s11071-015-2057-6.
[16]Hua Z,et al.Medical image encryption using high-speed scrambling and pixel adaptivediffusion.Signal Processing 2018;144:134–44.https://doi.org/10.1016/j.sigpro.2017.10.004.
[17]Zhang W,et al.Image encryption based on three-dimensional bit matrix permutation.Signal Processing 2016;118:36–50.https://doi.org/10.1016/j.sigpro.2015.06.008.
[18]PaKC,et al.A novel bit-level color image encryption using improved 1D chaotic map.Multimedia Tools and Applications 2019;78(9):12027–42.https://doi.org/10.1007/s11042-018-6739-1.
[19]Wu J,et al.Image encryption using 2D H′enon-Sine map and DNA approach.SignalProcessing 2018;153:11–23.https://doi.org/10.1016/j.sigpro.2018.06.008.
[20]Wu J,et al.Cryptanalysis and enhancements of image encryption based on three-dimensional bit matrix permutation.Signal Processing 2018;142:292–300.https://doi.org/10.1016/j.sigpro.2017.06.014.
[21]Li M,et al.Cryptanalysis of a chaotic image encryption scheme based onpermutation-diffusion structure.Signal Processing:Image Communication 2018;62:164–72.https://doi.org/10.1016/j.image.2018.01.002.
[22]Zhang LY,et al.On the security ofa class ofdiffusion mechanisms for image encryption.IEEE transactions on cybernetics 2017;48(4):1163–75.https://doi.org/10.1109/tcyb.2017.2682561.
[23]Liu Y,et al.Cryptanalysis and enhancement of an image encryption scheme based on a1-D coupled Sine map.Nonlinear Dynamics 2020;100(3):2917–31.https://doi.org/10.1007/s11071-020-05654-y.
[24]Wang H,et al.Cryptanalysis and enhancements ofimage encryption using combination ofthe 1D chaotic map.Signal Processing 2018;144:444–52.https://doi.org/10.1016/j.sigpro.2017.11.005.
[25]Hu Y,et al.On the Cryptanalysis of a Bit-Level Image Chaotic Encryption Algorithm.Mathematical Problems in Engineering 2020:1–15.https://doi.org/10.1155/2020/5747082.2020.
[26]Chen J,et al.Cryptanalysis of a DNA-based image encryption scheme.InformationSciences 2020;520:130–41.https://doi.org/10.1016/j.ins.2020.02.024.
[27]Hu G,et al.Cryptanalysis of a chaotic image cipher using Latin square-based confusionand diffusion.Nonlinear Dynamics 2017;88(2):1305–16.https://doi.org/10.1007/s11071-016-3311-2.
[28]Li M,et al.Cryptanalysis and improvement in a chaotic image cipher using two-roundpermutation and diffusion.Nonlinear Dynamics 2019;96(1):31–47.https://doi.org/10.1007/s11071-019-04771-7.
[29]Chen Y,et al.Cryptanalysis and improvement of medical image encryption usinghigh-speed scrambling and pixel adaptive diffusion.Signal Processing 2020;167.https://doi.org/10.1016/j.sigpro.2019.107286.
[30]Wu X,et al.Lossless chaotic color image cryptosystem based on DNA encryption andentropy.Nonlinear Dynamics 2017;90(2):855–75.https://doi.org/10.1007/s11071-017-3698-4.
[31]Chuman T,et al.Encryption-then-compression systems using grayscale-based imageencryption for jpeg images.IEEE Transactions on Information Forensics and Security2018;14(6):1515–25.https://doi.org/10.1109/tifs.2018.2881677.
[32]Gayathri J,Subashini S.An efficient spatiotemporal chaotic image cipher with animproved scrambling algorithm driven by dynamic diffusion phase.Information Sciences2019;489:227–54.https://doi.org/10.1016/j.ins.2019.01.082.
[33]Chen C,et al.An improved image encryption algorithm with finite computing precision.Signal Processing 2020;168:107340.https://doi.org/10.1016/j.sigpro.2019.107340.
[34]He J,et al.JPEG image encryption with improved format compatibility and file sizepreservation.IEEE transactions on multimedia 2018;20(10):2645–58.https://doi.org/10.1109/tmm.2018.2817065.
[35]Zhou M,Wang C.A novel image encryption scheme based on conservative hyperchaoticsystem and closed-loop diffusion between blocKs.Signal Processing 2020:171.https://doi.org/10.1016/j.sigpro.2020.107484.
[36]Chen J,et al.Exploiting self-adaptive permutation–diffusion and DNA random encodingfor secure and efficient image encryption.Signal Processing 2018;142:340–53.https://doi.org/10.1016/j.sigpro.2017.07.034.
[37]Alawida M,et al.A new hybrid digital chaotic system with applications in imageencryption.Signal Processing 2019;160:45–58.https://doi.org/10.1016/j.sigpro.2019.02.016.
[38]Huang L,et al.On symmetric color image encryption system with permutation-diffusionsimultaneous operation.Optics and Lasers in Engineering 2019;115:7–20.https://doi.org/10.1016/j.optlaseng.2018.11.015.
[39]Ma S,et al.A New Plaintext-Related Image Encryption Scheme Based on ChaoticSequence.IEEE Access 2019;7:30344–60.https://doi.org/10.1109/access.2019.2901302.
[40]HataKeyamaK,et al.Zero Trust Federation:Sharing Context under User Control towardsZero Trust in Identity Federation.In:2021 IEEE International Conference on Pervasive Computingand Communications WorKshops and other Affiliated Events(PerCom WorKshops).IEEE;2021.https://doi.org/10.1109/percomworKshops51409.2021.9431116.
[41]Collier ZA,SarKis J.The zero trust supply chain:Managing supply chain risKin theabsence of trust.International Journal of Production Research 2021:1–16.https://doi.org/10.1080/00207543.2021.1884311.
[42]Guofeng H.Application protection in 5G cloud networKusing zero trust architecture.Telecommunications Science 2021;36(12):123.https://doi.org/10.11959/j.issn.1000-0801.2020325.
[43]Antonioli D,et al.Key negotiation downgrade attacKs on bluetooth and bluetooth lowenergy.ACM Transactions on Privacy and Security(TOPS)2020;23(3):1–28.https://doi.org/10.1145/3394497.
[44]Kalaichelvi V,et al.A stable image steganography:a novel approach based on modifiedRSA algorithm and 2–4 least significant bit(LSB)technique.Journal ofAmbient Intelligence andHumanized Computing 2020:1–9.https://doi.org/10.1007/s12652-020-02398-w.
[45]PatroKAK,et al.Multiple grayscale image encryption using cross-coupled chaotic maps.Journal of Information Security and Applications 2020;52:102470.https://doi.org/10.1016/j.jisa.2020.102470.
[46]KwoKH,Tang WK.A fast image encryption system based on chaotic maps with finiteprecision representation.Chaos,Solitons&Fractals 2007;32(4):1518–29.https://doi.org/10.1016/j.chaos.2005.11.090。

Claims (10)

1. the encryption method for the plaintext related images in the zero trust cloud based on LSB self-quantization is characterized by comprising the following steps:
based on the initial image, the first key and the second key, obtaining a first key stream, a second key stream and a disturbance value through image quantization processing and chaotic system processing;
and performing LSB embedded self-adaptive replacement pixel value processing, pixel position self-adaptive arrangement scrambling processing and diffusion processing on the initial image by using the first key stream, the second key stream and the disturbance value to generate an encrypted image.
2. The LSB self-quantization based encryption method for plaintext related images in a zero trust cloud according to claim 1, wherein the obtaining a first key stream, a second key stream and a perturbation value based on an initial image and a first key and a second key through image quantization processing and chaotic system processing comprises:
Using said second key (z 00 ) Generating a chaotic sequence Z as the second key stream through a chaotic system PWLCM, wherein Z is as follows 0 Represents the PWLCM initial value, eta 0 Representing PWLCM control parameters;
performing image quantization of the initial image by using the second key stream and an image quantization formula to obtain a sequence d 1
Firstly, setting an LM initial value in a chaotic system LM as the sequence d 1 Obtaining the disturbance value D based on the LM iteration;
using the perturbation value D and the first key (x 00 ) Reconstructing the LM initial value, and generating a chaotic sequence X related to a plaintext as the first key stream according to the reconstructed initial value, wherein X is as follows 0 Represents the LM initial value, mu 0 Representing LM control parameters.
3. LSB self-quantization based encryption party for plaintext related images in zero trust cloud according to claim 2The method is characterized in that the second key (z 00 ) Generating a chaotic sequence Z as the second key stream through a chaotic system PWLCM, wherein the chaotic sequence Z comprises the following steps:
using said second key (z 00 ) As input, t is performed on the PWLCM 0 And (m+n+mn) iterations after the pre-iterations, generating the chaotic sequence Z, wherein z= { Z (1), Z (2), Z (3),., Z (m+n+mn) }, Z 0 ∈[0,1],η 0 ∈[0,0.5]M and n represent the width and length of the initial image, respectively.
4. The LSB self-quantization based encryption method for plaintext related images in a zero trust cloud according to claim 3, wherein the initial value in the chaotic system LM is set as the sequence d 1 Obtaining the disturbance value D based on the LM iteration includes:
setting an LM initial value in the LM as the sequence d 1 Performing 100 iterations on the LM to obtain a chaotic sequence d= { d 1 ,d 2 ,d 3 ,...,d 100 -a }; processing the last element d in the chaotic sequence d by using a disturbance value generation formula 100 And obtaining the disturbance value D.
5. The LSB self-quantization based encryption method of plaintext image in a zero trust cloud according to claim 4, wherein the scrambling value D and the first key (x 00 ) Reconstructing the LM initial value, and generating a chaotic sequence X related to a plaintext as the first key stream according to the reconstructed initial value includes: based on the perturbation value D and the first key (x 00 ) Reconstructing an initial value of the LM, resulting in the reconstructed initial value for the LM:
Figure FDA0004132859600000021
wherein x is 0 In the expression of (2), the left side of the equal signx 0 Is the initial value after reconstruction, x on the right side of the equal sign 0 An initial value from the first key;
the LM adopts the reconstructed initial value to carry out t on the LM 0 A pre-iteration is performed to avoid transient effects, generating a chaotic sequence X as the first key stream, wherein x= { X (1), X (2), X (3), X (m+n+mn) }.
6. The LSB self-quantization based encryption method of plaintext image in a zero trust cloud according to claim 5, wherein the LSB embedded adaptive replacement pixel value process, pixel location adaptive arrangement scrambling process, and diffusion process for the initial image using the first keystream, the second keystream, and the perturbation value, the generating the encrypted image comprising:
performing an XOR operation on the pixels in the initial image and the mask value obtained by converting the first key stream to modify pixel values, and embedding the disturbance value D to realize LSB embedded self-adaptive replacement pixel value processing;
embedding the LSB into the image pixel position obtained by the self-adaptive replacement pixel value processing, and horizontally arranging the image pixel position by using a position index p obtained by converting the second key stream to realize the self-adaptive arrangement scrambling processing of the pixel position;
obtaining a diffusion input sequence Z2 through the second keystream, wherein z2= { Z (m+n+1), Z (m+n+2), Z (m+n+3), Z (m+n+mn) };
And generating the encrypted image by using the diffusion input sequence Z2 and a diffusion processing formula for the image obtained by the pixel position self-adaptive arrangement scrambling processing.
7. A method for decrypting a plaintext related image in a zero trust cloud based on LSB self-quantization is characterized by comprising the following steps:
generating a second key stream by using a second key, and performing inverse diffusion processing according to the second key stream and the encrypted image to be decrypted to obtain a diffusion inverse processing image;
and obtaining an embedded disturbance value, a first key stream and a decrypted image by using the first key and performing inverse processing and LSB extraction processing on the diffusion inverse processing image based on pixel position self-adaptive arrangement scrambling processing, wherein the LSB extraction processing is inverse processing of LSB embedded self-adaptive replacement pixel value processing.
8. The LSB self quantization based method for decrypting a plaintext image in a zero trust cloud according to claim 7, wherein the generating a second keystream using a second key and performing a diffusion process inverse to the generated keystream and the encrypted image to be decrypted, the obtaining a diffusion inverse processed image comprises:
using said second key (z 00 ) Generating the second key stream by a chaotic system PWLCM, the second key stream being represented as z= { Z (1), Z (2), Z (3), Z (m+n+mn) };
Obtaining a diffusion input sequence Z2 through the second keystream, wherein z2= { Z (m+n+1), Z (m+n+2), Z (m+n+3), Z (m+n+mn) };
and performing diffusion inverse processing on the encrypted image according to the diffusion input sequence Z2 and a diffusion processing formula to obtain a diffusion inverse processing image.
9. The LSB self-quantization based method for decrypting a plaintext image in a zero trust cloud according to claim 8, wherein the obtaining an embedded perturbation value, a first key stream, and a decrypted image from the inverse processing and LSB extraction processing of the diffuse inverse processing image based on pixel position adaptive permutation scrambling processing using the first key comprises:
obtaining a chaotic sequence Z1 through the second key stream, wherein z1= { Z (1), Z (2), Z (3), Z (mn) };
performing inverse processing of pixel position self-adaptive arrangement scrambling processing on the diffusion inverse processing image according to the chaotic sequence Z1 to obtain a first processing image;
extracting a disturbance value D from the first processed image by using an LSB extraction formula;
using the perturbation value D and the first key (x 00 ) Reconstructing the LM initial value, and generating the first key stream according to the reconstructed initial value, the first key stream being represented as x= { X (1), X (2), X (3),., X (m+n+mn) };
Obtaining a chaotic sequence X1 and a chaotic sequence X2 through the first key stream, wherein x1= { X (1), X (2), X (3),..x (mn) }, x2= { X (mn+1), X (mn+2),..;
performing inverse processing of pixel position adaptive arrangement scrambling processing on the diffusion inverse processing image according to the chaotic sequence X2;
and performing LSB extraction processing on the image obtained by the inverse processing of the pixel position self-adaptive arrangement scrambling processing by using the chaotic sequence X1 to obtain a decrypted image.
10. An image cryptographic system, comprising; an encoding end and a decoding end; the coding end adopts the LSB self-quantization-based encryption method for the plaintext related images in the zero trust cloud to encrypt the images; the decoding end adopts the LSB self-quantization-based plaintext related image decryption method in the zero trust cloud to decrypt images.
CN202310265133.0A 2023-03-17 2023-03-17 LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud Pending CN116346996A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310265133.0A CN116346996A (en) 2023-03-17 2023-03-17 LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310265133.0A CN116346996A (en) 2023-03-17 2023-03-17 LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud

Publications (1)

Publication Number Publication Date
CN116346996A true CN116346996A (en) 2023-06-27

Family

ID=86892405

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310265133.0A Pending CN116346996A (en) 2023-03-17 2023-03-17 LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud

Country Status (1)

Country Link
CN (1) CN116346996A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060126829A1 (en) * 2004-11-24 2006-06-15 Binbin Lai Image encryption method
CN112134688A (en) * 2020-09-22 2020-12-25 广东海洋大学 Asymmetric image encryption method based on quantum chaotic mapping and SHA-3
CN113225449A (en) * 2021-05-27 2021-08-06 郑州轻工业大学 Image encryption method based on chaos sequence and DNA coding
CN114418823A (en) * 2022-01-25 2022-04-29 安徽大学 Large-key space bit scrambling chaotic image encryption method based on logistic

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060126829A1 (en) * 2004-11-24 2006-06-15 Binbin Lai Image encryption method
CN112134688A (en) * 2020-09-22 2020-12-25 广东海洋大学 Asymmetric image encryption method based on quantum chaotic mapping and SHA-3
CN113225449A (en) * 2021-05-27 2021-08-06 郑州轻工业大学 Image encryption method based on chaos sequence and DNA coding
CN114418823A (en) * 2022-01-25 2022-04-29 安徽大学 Large-key space bit scrambling chaotic image encryption method based on logistic

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LIU, S ET AL.: "《Exploiting LSB Self-quantization for Plaintext-related Image Encryption in the Zero-trust Cloud》", 《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》》, pages 4 - 6 *

Similar Documents

Publication Publication Date Title
Bakhshandeh et al. An authenticated image encryption scheme based on chaotic maps and memory cellular automata
Souyah et al. An image encryption scheme combining chaos-memory cellular automata and weighted histogram
Liu et al. Cryptanalyzing a RGB image encryption algorithm based on DNA encoding and chaos map
Ye et al. An effective framework for chaotic image encryption based on 3D logistic map
Mandal et al. Symmetric key image encryption using chaotic Rossler system
Gnanajeyaraman et al. Audio encryption using higher dimensional chaotic map
Yi et al. Parametric reversible data hiding in encrypted images using adaptive bit-level data embedding and checkerboard based prediction
Rajput et al. Towards the growth of image encryption and authentication schemes
Gao et al. A novel quantum image encryption technique based on improved controlled alternated quantum walks and hyperchaotic system
Yap et al. On the effective subkey space of some image encryption algorithms using external key
Jiang et al. Encrypted images-based reversible data hiding in Paillier cryptosystem
Liu et al. Exploiting lsb self-quantization for plaintext-related image encryption in the zero-trust cloud
Ren et al. Separable reversible data hiding in homomorphic encrypted domain using POB number system
Soomro et al. Review and open issues of cryptographic algorithms in cyber security
Bhat et al. Fuzzy extractor and chaos enhanced elliptic curve cryptography for image encryption and authentication
Hadj Brahim et al. An image encryption scheme based on a modified AES algorithm by using a variable S-box
Pareek et al. A symmetric encryption scheme for colour BMP images
SaberiKamarposhti et al. A comprehensive survey on image encryption: Taxonomy, challenges, and future directions
Saha et al. White-box cryptography based data encryption-decryption scheme for iot environment
CN116346996A (en) LSB (least significant bit) self-quantization-based encryption and decryption method and system for plaintext related images in zero trust cloud
Gunasekaran et al. Encrypting and decrypting image using computer visualization techniques
Al-Attab et al. Lightweight effective encryption algorithm for securing data in cloud computing
Mantri et al. A Novel Encryption Scheme Using Hybrid Cellular Automata
Hua et al. Secure reversible data hiding in encrypted images using cipher-feedback secret sharing
Yu et al. Image encryption algorithm based on self-adaptive symmetrical-coupled toggle cellular automata

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination