JP2013097351A - Image evaluation method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique which performs image processing such as image evaluation without decrypting encrypted image data.SOLUTION: An image evaluation method includes the steps of: calculating a difference between image feature values of two images encrypted with a first parameter, as a first difference; calculating a difference between image feature values of the two images encrypted with a second parameter, as a second difference; multiplying the first difference and the second difference; decrypting a result of the multiplication; and performing image evaluation by using the decryption result. The encryption is performed by means of a secret sharing scheme.

Description

  The present invention relates to a secret calculation for performing calculation processing while being encrypted, and more particularly to a secret calculation for image data.

  With the widespread use of social networking services and consumer cloud services, services that can store all data on a server via a network are increasing. In particular, with the spread of smartphones, anyone can easily upload image data via a network service, and a large amount of image data is stored on the network. Therefore, in order to ensure the safety of data stored on the network, security protection by encryption is important.

  Until now, a typical example of data to be secured on a network service has been text-based personal information. In the future, it is assumed that there will be a wide variety of data stored on the network. Among them, there will be many image data containing personal information such as face photos and landscape images that can identify the location. The security of the image data stored in is not regarded as a problem.

  In addition, while many data to be protected are stored on the network, cloud services using these data are increasing. When any processing is performed on image data on such a network service, the image data is generally processed in an unencrypted plain text state. When security is ensured by encrypting image data stored on the network on the cloud service, the image data must be decrypted once when attempting to process the image data in plain text as before. There is a problem that data protection by will collapse at that time.

Andrew Chi-Chih Yao, "How to Generate and Exchange Secrets", Foundations of Computer Science, 1986., 27th Annual Symposium on, P. 162-167. Koji Senda, “Proposal of efficient three-party secret function calculation and consideration of its operation model”, IPSJ Research Report. CSEC, [Computer Security] 2010-CSEC-48 (1), 1-7, 2010-02 -twenty five Kensuke Shibata, “Consignment type two-party secret circuit computation system with spreadsheet software as front end”, Proceedings of IPSJ Symposium, 2009, 11, p. 625-630.

  The present invention has been made in view of the above problems. The problem to be solved by the present invention will be described below while describing an approach for security protection for image data.

  1． Image data stored on the network is always encrypted to avoid the risk of information leakage and information loss.

  2． The encrypted data is directly decrypted without being decrypted and directly processed.

  If the above two points can be realized, it is considered that the data on the network can be secured by encryption and image processing can be performed on the network.

  As shown in FIG. 1, in a general encryption communication model using a conventional common key or public key, when data is transmitted / received on a network or stored locally, it is stored on a network communication path or a local storage area. It is assumed that data security is ensured by encrypting the data. And when processing data, it processes after decoding data locally. As described above, this model has a problem that data protection by encryption may be lost.

  Therefore, as shown in FIG. 2, it is considered to adopt an encryption model that performs processing without decrypting data being processed on the network, instead of encryption using a conventional general encryption communication model. Here, there is a secret calculation technique as a technique for processing encrypted data. Secret calculation is an encryption protocol that can perform operations without decrypting encrypted text data such as numerical values and characters. There is a homomorphic encryption or the like as a cipher capable of secret computation.

  If it is possible to implement a secret calculation for the processing on the image data, it is possible to always store the image data in an encrypted state on the cloud and further perform an arithmetic process by the secret calculation.

  The present invention has been made in view of the above points, and an object of the present invention is to provide a technique for performing image processing such as image evaluation without decrypting encrypted image data.

In order to solve the above problems, the present invention is an image evaluation method executed by an image evaluation apparatus that evaluates an image by a secret calculation based on a secret sharing method,
The difference between the image feature amounts of the two images encrypted with the first parameter is calculated as the first difference,
Calculating a difference between the image feature amounts of the two images encrypted with the second parameter as a second difference;
An image evaluation method that multiplies the first difference and the second difference, decrypts the multiplied result, and evaluates an image using the decrypted result, wherein the encryption is a secret sharing It is constituted as an image evaluation method characterized by being made using a method.

  In the image evaluation method, the image feature amount of each encrypted image related to the first difference is obtained by using the first parameter in a vector composed of the image feature amount of the image and a predetermined number of random numbers. A matrix obtained by multiplying the configured matrix, and the image feature quantity of each encrypted image related to the second difference is a vector composed of the image feature quantity of the image and a predetermined number of random numbers Is a matrix obtained by multiplying the matrix configured by using the second parameter, and the matrix which is the first difference when the first difference is multiplied by the second difference. And the transposed matrix of the matrix that is the second difference may be multiplied.

  In the image evaluation method, the image feature amount of each image is a component in the image feature amount vector of the image, and the result obtained by multiplying the first difference and the second difference is added for each component. The result of addition may be decoded, and the image may be evaluated by using the result of the decoding.

  Further, the similarity between the two images may be evaluated by using the decoding result as the sum of squared differences of the image feature vector.

  Further, for example, one of the two images is a query image, and the other image is a search destination image.

  According to the present invention, a technique for performing image processing without decrypting encrypted image data is provided. That is, it is possible to realize secret calculation for image data.

It is a figure for demonstrating a prior art. It is a figure for demonstrating the subject of this invention. It is a figure which shows the concept of a multi party protocol. It is a figure which shows the outline | summary of embodiment of this invention. 1 is a configuration diagram of an image search system according to an embodiment of the present invention. It is a flowchart for demonstrating operation | movement of the image search system which concerns on embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. However, the present invention is not limited to the following embodiments. In describing the present embodiment in detail, first, an outline of the technique according to the present embodiment and the elemental technique used in the present embodiment will be described.

(Outline of embodiment, elemental technology)
In the present embodiment, a secret calculation technique is used as a technique for calculating encrypted data. As described above, the secret calculation is an encryption technique that can perform an operation without decrypting the encrypted text data such as numerical values and characters, and the operation result is reflected in the decrypted plaintext.

  Currently, basic operations such as addition / multiplication, absolute value / size comparison, and sorting are realized. In a certain cipher, if a function used for the encryption can have homomorphism in a certain operation, the cipher can perform a secret calculation in the operation. Elgamal, RSA, and secret sharing methods are known as ciphers having homomorphism. In particular, an algorithm that uses the secret sharing method to keep the information held by each of the users secret and share only the calculation result of each other as shown in FIG. 3 is called a multi-party protocol. In FIG. 3, x, y, and z are confidential information of the users A, B, and C, respectively. Details of the secret sharing method and the multi-party protocol will be described later.

  Conventionally, there is an application example in which the secret calculation technique is applied to operations on numerical values and text data. However, in the present embodiment, a secret calculation technique for image processing that has not been conventionally achieved is realized.

  That is, in the present embodiment, a security system that can withstand actual operations by applying a secret calculation to image data on a network service and providing an algorithm that can securely perform media processing such as image search in an encryption area. Is realized. In this embodiment, image search is performed as media processing, but the technique of the present invention is not limited to image search. For example, image compression and video editing can be performed by secret calculation.

  In addition, in order to ensure data safety, data loss due to corruption must also be considered. Therefore, in order to avoid the risk of losing data on the network and to consider improving the security of the data by distributing the data to be stored, the data is encrypted and encrypted with a cipher capable of secret computation. It is desirable to be dispersed. Therefore, in this embodiment, the secret sharing method is used as a cipher capable of secret calculation in order to realize two points of robust storage and calculation of data encryption area.

  In general, image processing is often performed by extracting characteristic components and properties of an image. For example, in the image, a statistical feature of a pixel is extracted and processed in a feature amount space. Therefore, in the present embodiment, feature amounts (image feature amounts) are extracted from plaintext in a state where the image is not encrypted, and secret calculation processing is performed in the feature amount space.

  FIG. 4 shows an outline of the present embodiment. As shown in FIG. 4, the image search in the present embodiment is performed by calculating the distance of the feature amount between the query image and the search destination image by the secret calculation using the query as an image, so that many search destinations An image having a high similarity to the query image is output from the images. That is, feature amounts are extracted from each of the search destination image and the query image, and these are secret-shared encrypted, and the feature amount distance is calculated in the encryption area. In this way, by performing all of the computation processing related to the search in the encryption area, it is possible to store highly secure data such as video content while encrypting it, and the user can simply use the desired video as a query. By sending a simple image and retrieving it, the output result can be known without anyone knowing its contents.

  Next, the contents of the elemental technology used in the present embodiment will be described.

[Secret sharing method]
As described above, this embodiment uses a secret sharing method that can protect against data loss by robust storage as a cipher capable of secret computation. The secret sharing method is an encryption algorithm that distributes and encrypts a plurality of data, and it is necessary to collect a certain number of pieces of shared information for decryption. If it is less than a certain number, it cannot be decoded theoretically. That is, as long as a certain number of shared information is not collected, plaintext information is not leaked at all with insufficient shared information. Due to its nature, it can maintain strong security against information loss and is used to distribute risk when storing highly confidential information such as a secret key used for public key cryptography. In addition, when originally plain texts are encrypted with the same parameters due to the nature of encryption, a multi-party protocol can be realized by calculating encrypted shared information.

  There are several algorithms in the secret sharing method. In this embodiment, Shamir's secret sharing method is used as an example. In addition, a multi-party protocol is used as a basic secret calculation using a secret sharing method. The following describes Shamir's secret sharing method and multi-party protocol. The secret sharing method applicable to the present invention is not limited to Shamir's secret sharing method.

[Shamir's secret sharing algorithm]
The following parameters are given as preparation.

encryption
S: Plain text
k: Threshold required for decryption
n: Number of distributions
r: Random number
x _i : Natural number (parameter) x _i ≠ x _j (i ≠ j)
p: Prime number
w _i : Distributed ciphertext Next, the following matrix X is defined.

この行列の行列式はVandermondeの行列式と呼ばれ、その値は必ず0にならないことが知られているので、必ず逆行列を持つ。

The determinant of this matrix is called Vandermonde's determinant, and since it is known that its value is not always 0, it always has an inverse matrix.

  The plaintext S is distributed and encrypted to n by the following matrix operation.

復号
k個以上の分散暗号文を集め、さらにパラメータから逆行列を生成すると平文Sを復号できる。

Decryption
The plaintext S can be decrypted by collecting k or more distributed ciphertexts and generating an inverse matrix from the parameters.

[マルチパーティプロトコル]
マルチパーティプロトコルは、秘密分散法を利用した秘密計算のプロトコルであり、各ユーザの秘匿情報を互いに知られること無く、計算が可能である。平文での計算結果のみを互いに共有することがきる。一般にマルチパーティプロトコルでは、以下の手順により、平文での演算結果が共有される。

[Multi-party protocol]
The multi-party protocol is a secret calculation protocol using a secret sharing method, and can calculate the secret information of each user without knowing each other. Only the calculation results in plain text can be shared with each other. In general, in a multi-party protocol, an operation result in plain text is shared by the following procedure.

  Step 1) Each piece of information to be kept secret is encrypted.

  Step 2) Share the encrypted information.

  Step 3) Output the calculation result of each plaintext by secret calculation from the shared ciphertext.

Also, the secret sharing method maintains homomorphism in addition. Therefore, an addition multi-party protocol can be realized by the following calculation. Here, an algorithm for obtaining the addition of _two plaintexts S ₁ and S ₂ is shown. In the following equation, when a value that is distributed and encrypted by homomorphism is added, the result of the operation is converted into a decrypted value.

上記の式（４）は、式（３）と同様に逆行列を左から掛けることで、復号可能であるので、S₁+S₂を求めることができる。

Since Equation (4) above can be decoded by multiplying the inverse matrix from the left as in Equation (3), S ₁ + S ₂ can be obtained.

  As will be described later, in the present embodiment, the algorithm is capable of calculating the sum of squares of differences using a multi-party protocol based on Shamir's secret sharing scheme. By using the sum of squares of the differences for distance calculation, it is possible to calculate the distance between encrypted feature quantities.

[Image search]
In the present embodiment, an image search is performed as an example of processing in the feature amount space. In the image search in the present embodiment, an image having a high similarity in image features is output from a large number of search destination images using a query as an image. By encrypting all this processing, it is possible to save highly secure data such as video content while encrypting it, and the user can send a simple image as a query and search for the desired video, The output result can be known without anyone knowing the contents.

  Specifically, there is a method of extracting the statistical feature components of the pixels of the query image and the search destination image and matching their similarities. In the present embodiment, a statistical feature quantity vector is extracted as a feature quantity from a query image and a search destination image, the positions of the mutual feature vector images are matched, the vector distance is calculated, and an image with a small distance is calculated. Output as a result. Therefore, in order to perform image search processing on encrypted data, it is necessary to perform all the following steps in the encryption area.

Step 11) Extracting statistical feature values from the search destination image Step 12) Extracting statistical feature values from the query image Step 13) Matching feature values of the query image and the search destination image Step 14) Calculating the distance between the feature amounts Step 15 ) Output search target image with short distance In this embodiment, the process of extracting the statistical feature amount from the image in step 11, which is the most complicated in calculation, is performed before encrypting both the query image and the search destination image. The feature amount and the plaintext image are encrypted and stored. The first step can be performed in the encryption area by encrypting the calculation for obtaining the similarity and separately storing the original data.

  In the search according to the present embodiment, the plane space in which the feature amount is in the original image is also taken into consideration. Therefore, an image in which similar pixel components have a high similarity and the similar pixel components are at coordinates close to the coordinates on the query image is output as a result. In this embodiment, the distance between feature quantity vectors is calculated in the encryption area, and the decrypted value is used as the similarity. Specifically, the distance is the total sum of the squares of the differences between the components of the mutual feature vector. In addition, as the difference in the average value of neighboring pixels is larger, the distance is preferentially calculated as a characteristic pixel, and the calculation of the feature amount having a lower priority may be omitted, thereby improving the search efficiency. As a result, the search efficiency can be improved.

(Detailed description of embodiment)
[System configuration]
Hereinafter, embodiments of the present invention will be described more specifically. FIG. 5 shows a configuration diagram of the image search system 10 according to the present embodiment.

  As shown in FIG. 5, the image search system 10 has a query image information secret sharing storage unit 11, a search destination image information secret sharing storage unit 12, and an image search unit 13, which can communicate with each other via a communication network. It is configured. A client terminal 20 is connected to the image search system 10 via a communication network.

  The query image information secret sharing storage unit 11 is a storage unit that stores encrypted feature amounts of query images in a distributed manner. For example, a plurality of servers are connected to a network. The search destination image information secret distribution storage unit 12 is a storage unit that distributes and stores an encrypted search destination image and an encrypted feature amount of the search destination image. For example, a plurality of servers are connected to a network. It is configured. In the example of FIG. 5, the query image information secret sharing storage unit 11 and the search destination image information secret sharing storage unit 12 are shown separately, but they may be configured integrally.

  The image retrieval unit 13 retrieves an encrypted image similar to the query image designated from the client terminal 20 from the retrieval destination image information secret sharing storage unit 12 by performing an operation described later, and sends it to the client terminal 20. It is a function part to transmit. The image search unit 13 is realized by a server (computer), for example. The image search unit 13 includes a CPU that executes processing, and storage means such as a memory and a hard disk, and the storage means stores data and parameters used for calculation by the CPU. The image search unit 13 may be called an image evaluation apparatus because it is an apparatus that evaluates an image by a secret calculation.

  The client terminal 20 extracts a feature amount from the query image, secretly encrypts the feature amount, stores the encrypted data in the query image information secret sharing storage unit 11, and sends the query image to the image search unit 13. A function of designating and instructing a search and a function of decrypting an encrypted image received from the image search unit 13 are provided. Further, the client terminal 20 has a function of extracting a feature amount from an image serving as a search destination image and storing the encrypted image and the encrypted feature amount in the search destination image information secret sharing storage unit 12. Good. Furthermore, the client terminal 20 may have the function of the image search unit 13.

  The above-described “encryption” is encryption by a secret sharing method as described later. In FIG. 5, only one client terminal 20 is shown, but in reality, many client terminals are connected.

  Further, the system configuration of the present embodiment shown in FIG. 5 is merely an example. A configuration other than the system configuration shown in FIG. 5 may be used as long as the system configuration can realize the processing contents according to the present invention.

[System operation]
Next, an outline of the operation of the image search system 10 will be described with reference to the flowchart of FIG. In the following operation example, the encrypted data of the search destination image and the encrypted data of the feature amount are created by each client terminal and stored in the search destination image information secret sharing storage unit 12, but this is an example. However, the encrypted data of the search destination image and the encrypted data of the feature amount may be created and stored by a device other than the client terminal.

  Step 101) The feature vector of the search destination image is calculated at each client terminal. It is assumed that the feature quantity vectors are sorted in descending order of features.

  Step 102) The component of the image feature quantity of the search destination image is encrypted by the secret sharing method at each client terminal. The search destination image is also encrypted by the secret sharing method. The encrypted component of the image feature amount and the encrypted search destination image are stored in the search destination image information secret sharing storage unit 12. Note that it is possible to identify which search destination image data the encrypted feature amount data is by adding identification information for identifying the search destination image to the encrypted feature amount data, for example. Suppose that

  Step 103) The client terminal 20 calculates the feature vector of the query image, encrypts the component of the feature vector, and stores the encrypted data in the query image information secret sharing unit 11. Note that it is possible to identify which query image data the encrypted feature amount data is, for example, by adding identification information for identifying the query image to the encrypted feature amount data. Shall. In step 103, the client terminal 20 further instructs the image search unit 13 to search for an image similar to the query image by specifying the query image (specifying identification information).

  Step 104) Upon receiving the search instruction, the image search unit 13 refers to the query image information secret sharing storage unit 11 and the search destination image information secret sharing storage unit 12, thereby encrypting the feature amount of the query image. And the feature amount of the search destination image, and the square sum of these differences is calculated in the encryption area.

  Step 105) The image search unit 13 decrypts the distance (sum of squared differences) obtained in the encryption area, and sets the value as the similarity. Details of the calculation contents of steps 104 and 105 will be described later.

  Step 106) Steps 104 and 105 are performed for each search destination image, and the similarity to the query image for each search destination image is calculated. The image search unit 13 sorts the calculated similarities, and as a result of the sorting, obtains encrypted images from the search destination image information secret sharing storage unit 12 in order from the ones with similarities (from those with the smallest distance). To the client terminal 20. For example, encrypted images from the highest similarity to the top Nth (N is a predetermined natural number) are sent to the client terminal 20.

The image search unit 13 may transmit image identification information to the client terminal 20, and the client terminal 20 may acquire the encrypted image from the search destination image information secret sharing storage unit 12.
Step 107) The client terminal 20 decrypts the acquired encrypted image and displays the decrypted image.

  As described above, according to the present embodiment, it is possible to execute processing in a state where an image and a feature amount are encrypted on the network.

[Operation details]
Hereinafter, the encryption of the feature amount of the image and the calculation of the sum of squares of differences by the multi-party protocol will be described in detail. In the present embodiment, the encryption of the image feature amount is executed by each client terminal, and the calculation of the sum of squared differences is executed by the image search unit 13.

First, the feature vector of the query image
S = (s ₁ , s ₂ , ....., s _m ) (5)
And the feature vector of the search destination image
T = (t ₁ , t ₂ , ......, t _m ) (6)
far.

  The distance between the two vectors is obtained as the distance between the feature vectors. Therefore, the following equation (7), which is the sum of the squares of the differences between both vectors, is the similarity of each image used for the search in this embodiment.

本実施の形態では、この値を各成分を暗号化した状態で求めている。具体的には、以下で説明するように、Shamirの秘密分散法によるマルチパーティプロトコルを差分の自乗を求めるための形式に拡張することにより求める。以下に暗号化のプロセスと差分の自乗を求めるアルゴリズムについて説明する。このアルゴリズムは、例えばプログラムとして実現でき、コンピュータである画像検索部１３により実行される。

In the present embodiment, this value is obtained with each component encrypted. Specifically, as will be described below, the multiparty protocol based on Shamir's secret sharing method is obtained by extending it to a format for finding the square of the difference. The following describes the encryption process and the algorithm for calculating the square of the difference. This algorithm can be realized as a program, for example, and is executed by the image search unit 13 which is a computer.

First, in this embodiment, since it is desired to process the feature vector of the search destination image and the query image in the encryption area, the vector components s _i and t _i are obtained by the secret sharing method using the following parameters: Encrypt.

s _i : Plain text
t _i : Plain text
k: Threshold required for decryption
n: Number of distributions
r: Random number
x _j : Natural number (parameter) x _j ≠ x _h (j ≠ h)
y _j : Natural number (parameter) y _j ≠ y _h (j ≠ h)
w _j : distributed ciphertext Here, x _j and y _j are treated as secret keys. That is, in the present embodiment, image feature amounts are encrypted with two types of parameters at each client terminal, and each is stored in the secret sharing storage unit.

  In this way, those who have collected more than k pieces of information can only perform operations using the multi-party protocol, and only those who have the encrypted operation results and the private key generate the inverse matrix necessary for decryption. As a result, the calculation result can be decoded. In the present embodiment, this “person having an encrypted calculation result and a secret key” is the image search unit 13.

  Next, the difference is the same as the addition of equation (4), and the ciphertext is as follows.

ただし、Δd_i = s_i − t_i 、Δr_j = r_j − r'_jである。

However, Δd _i = s _i −t _i and Δr _j = r _j −r ′ _j .

Next, a difference is also prepared for encrypted data obtained by secret sharing encryption using parameter y _i as follows. The following matrix Y has the same configuration as, for example, X in equation (1), but uses y _i instead of x _i as a parameter.

次にこの暗号文を転置したベクトルを算出する。

Next, a vector obtained by transposing the ciphertext is calculated.

このベクトルの右側の行列Y^Tはパラメータ行列を転置したものであるが、転置行列は行列式の値が変化しないので、この行列についても逆行列が存在する。次に、以下のように、元の暗号文（式（８））と転置した暗号文（式（１０））を掛ける。

The matrix Y ^T on the right side of this vector is a transposed parameter matrix, but since the transposed matrix does not change the value of the determinant, an inverse matrix also exists for this matrix. Next, the original ciphertext (formula (8)) and the transposed ciphertext (formula (10)) are multiplied as follows.

こうすることによって(1, 1)成分が

By doing this, the (1, 1) component becomes

となる。さらにこの行列(１１)は加算の準同型性を持つので、特徴量の各成分について同様に暗号化した差分の自乗を演算した結果同士を加算すると、(1, 1) 成分が特徴量ベクトルの差分の自乗の総和となる。これでマルチパーティプロトコルによる差分の自乗の総和が暗号領域で算出される。最後にX-¹を行列（１１）の左から掛け、(Y^T)^-1 を右から掛け、(1, 1) 成分を取り出すことで復号が完了し以下の定義した距離を求めることができる。

It becomes. Furthermore, since this matrix (11) has homomorphism of addition, adding the results of calculating the squares of the encrypted differences in the same way for each component of the feature value, the (1, 1) component becomes the feature vector. The sum of the squares of the differences. Thus, the sum of the squares of the differences according to the multi-party protocol is calculated in the encryption area. Finally, X- ¹ is multiplied from the left of the matrix (11), (Y ^T ) ^-1 is multiplied from the right, and the (1, 1) component is extracted to complete the decoding and the following defined distance can be obtained. .

画像検索部１３は、このような演算を検索先画像毎に行い、距離を評価して、類似度を判断し、類似すると判断された暗号化画像をクライアント端末２０に送信する。

The image search unit 13 performs such calculation for each search destination image, evaluates the distance, determines the similarity, and transmits the encrypted image determined to be similar to the client terminal 20.

(Summary of embodiment)
As described above, according to the present embodiment, an algorithm that enables image search in the encryption area is realized. In the image search according to the present embodiment, in order to find a similar image from a plurality of images using a query as an image, a statistical characteristic of a pixel value of the image is extracted as a local feature vector, and the local feature vector of the query Are calculated, and images with close distances are selected as similar images.

  Since it is difficult to perform all these operations in the encryption area, in this embodiment, feature vectors are extracted from plain text images that are not encrypted, and feature vectors are encrypted. . Then, the distance calculation is performed by a multi-party protocol without decoding.

  On the actual service, for example, a result of searching by a feature amount of a query image encrypted by a user having a decryption key by placing both an encrypted feature amount vector and a separately encrypted image on the network. Similar images can be acquired and decoded.

  That is, conventionally, there has been a secret calculation for encrypted numerical data, but a secret calculation for image data has not been realized. Therefore, in the present embodiment, by using the secret sharing method having the homomorphic property of addition, the difference square sum of the encrypted image feature quantities is calculated in the encryption area, and decrypted. The difference square sum in plaintext is extracted to evaluate the similarity between images.

  In addition, the technology of the present embodiment is not a technology that simply changes the calculation target of the conventional technology from numerical data to image data, but uses a highly versatile multi-party protocol based on Shamir's secret sharing method. There is no feature that is not subject to restrictions, and the conventional technology that realized product operation by a multi-party protocol with a simple method and found the product of transposed matrix and made secret operation product operation possible Has characteristics.

  The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.

DESCRIPTION OF SYMBOLS 10 Image search system 11 Query image information secret sharing storage part 12 Search destination image information secret sharing storage part 13 Image searching part 20 Client terminal

Claims (5)

An image evaluation method executed by an image evaluation apparatus that evaluates an image by a secret calculation based on a secret sharing method,
The difference between the image feature amounts of the two images encrypted with the first parameter is calculated as the first difference,
Calculating a difference between the image feature amounts of the two images encrypted with the second parameter as a second difference;
An image evaluation method that multiplies the first difference and the second difference, decodes the multiplied result, and evaluates the image using the decoding result,
The image evaluation method, wherein the encryption is performed using a secret sharing method. The image feature amount of each encrypted image related to the first difference is multiplied by a matrix formed using the first parameter to a vector composed of the image feature amount of the image and a predetermined number of random numbers. The image feature amount of each encrypted image related to the second difference is obtained by adding the second parameter to a vector composed of the image feature amount of the image and a predetermined number of random numbers. Is a matrix obtained by multiplying the matrix constructed using
The image according to claim 1, wherein when the first difference and the second difference are multiplied, the matrix that is the first difference and the transposed matrix of the matrix that is the second difference are multiplied. Evaluation method. The image feature amount of each image is a component in the image feature amount vector of the image,
The result obtained by multiplying the first difference and the second difference is added for each component, the added result is decoded, and the image is evaluated by using the decoding result. 2. The image evaluation method according to 2. The image evaluation method according to claim 3, wherein the similarity between the two images is evaluated by using the decoding result as a sum of squared differences of image feature amount vectors. The image evaluation method according to claim 1, wherein one of the two images is a query image, and the other image is a search destination image.

Images