Reversible data hiding in encrypted images with private-key homomorphism and public-key homomorphism☆
Introduction
Reversible data hiding (RDH) is a technique that ensures perfect reconstruction of the cover after the extraction of the embedded data. Since first introduced for image authentication in 1997 [1], RDH has attracted much attention in information hiding community. In the past two decades, many RDH methods have been proposed, e.g., the methods based on lossless compression [2], difference expansion [3], [4], and histogram shifting [5], [6].
In general, RDH embeds data into images that are visible to the data hider (also called service provider). As the need for images confidentiality protection, content owner is unwilling to show the images to data hider, especially the images containing privacy information. Encryption is an efficient and popular technique to protect the privacy of the image, which converts the meaningful image into meaningless image so that it is illegible to any unauthorized user. Therefore, reversible data hiding in encrypted images (RDH-EI) is required. RDH-EI is a useful technique that can be applied to cloud storage, medical system and secure remote sensing. An application of cloud storage by RDH-EI is shown in Fig. 1. The content owner would like to store an image in the cloud with privacy-preservation by encrypting the image before uploading it to the cloud. For management or verification, the cloud service provider would embed some additional information within the encrypted image without accessing the content. While on receiver side, the authorized receiver can perfectly reconstruct the original image after decryption.
The RDH-EI was first introduced in [7], where the encrypted image is divided into blocks and one message bit is embedded into an encrypted block. Data extraction and image recovery are implemented by analyzing the local standard deviation. Pixel flipping based method is another important work, in which the three least significant bits of each encrypted pixels are utilized to embed data [8]. Inspired by the studies in [7], [8], other studies on RDH-EI such as reducing extracted-bit error rate [9], [10], providing separable data extraction and image recovery [11], [12], [13], [14], [15], embedding data in encrypted compressed images [16], [17], [18], [19], and reserving room before encryption [20], [21], were proposed. However, the aforementioned methods are lossy recovery of the directly decrypted image. Most of them have low embedding rate [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20] and even have security problem [12], [13].
To deal with these problems, recently, RDH-EI methods with homomorphism were proposed [22], [23], [24], [25], [26], [27], [28]. Favorable properties such as security, good image quality and high embedding rate, are achieved. Different from stream cipher based RDH-EI [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], the homomorphism based RDH-EI can directly process encrypted data, which is more powerful in secure signal processing applications. For instance, statistical analysis of data can be obtained without decrypting encrypted data. Moreover, the homomorphism based RDH-EI is applicable to one-to-multiple and multiple-to-one applications, that is, multiple content owners and data hiders are permitted, while the stream cipher based RDH-EI can only be applied to one-to-one applications. Due to the probabilistic property of homomorphic encryption, the homomorphism based RDH-EI encrypts different messages using the same key. The key in the stream cipher based RDH-EI cannot be reused to encrypt messages, which is difficult in key management. Chen et al. [22] firstly proposed public-key homomorphism based RDH-EI with Paillier encryption [29], where one message bit can be embedded into a pixel pair. Thus the maximum embedding rate is up to 0.5 bits per pixel (bpp), which is significantly outperforms the previous works. However, the embedding procedure may cause pixel overflow problem. To avoid pixel overflow, Shiu et al. [23] combined Paillier encryption and difference expansion based RDH with location map to construct RDH-EI scheme. In [24], the mirroring ciphertext groups is used to avoid pixel overflow. Besides, with the aid of Paillier homomorphic encryption, other RDH-EI methods combined with histogram shifting [25] and interpolation-error expansion [26] were also proposed. As a result, the embedding rate and image visual quality are further improved. However, the directly decrypted image in these literatures [22], [23], [24], [25], [26] is still lossy. Fortunately, by adopting wet paper coding and exploiting self-blinding technique, two public-key RDH-EI approaches with lossless recovery of directly decrypted image are proposed [27], [28], respectively. But method [27] requires extra preprocessing, in which the data hider and receiver use a shared stego key to generate a pseudorandom binary matrix. In a word, almost all homomorphism based RDH-EI methods utilizes Paillier public-key encryption to encrypt the original image. To the best of our knowledge, there is no private-key based RDH-EI approach with lossless recovery of the directly decrypted image. Clearly, there still exist many restrictions in existing RDH-EI algorithms with lossless recovery of directly decrypted image. It is essential to conduct further RDH-EI studies in the field.
In this paper, a private-key homomorphism based and a public-key homomorphism based RDH-EI schemes are presented. The major contributions of this paper are summarized as follows.
- •
Optimal visual quality of directly decrypted image is obtained. Although a part of encrypted data is replaced for data hiding, the data hiding procedure does not affect the decryption of the original image. Thus the directly decrypted image is the same as the original one.
- •
Embedding rate is improved. The maximum embedding rate is up to 1 bpp, since each encrypted pixel can be embedded with one bit.
- •
No preprocessing is required. The existing RDH-EI method with lossless recovery of directly decrypted image requires extra preprocessing [27], which will bring heavy burden to participants. In this paper, preprocessing can be avoided.
- •
Real reversibility is achieved. That is, no error happens in data extraction and image recovery procedure.
The reminder of this paper is organized as follows. A homomorphic encryption proposed by Dijk, Gentry, Halevi and Vaikuntanathan (DGHV) is described in Section 2, as well as some definitions. A private-key homomorphism based RDH-EI scheme with lossless recovery of directly decrypted image is first proposed in Section 3. Section 4 presents a novel public-key homomorphism based RDH-EI scheme with lossless recovery of directly decrypted image. Experimental results and discussions are illustrated in Section 5. Finally, Section 6 draws our conclusions.
Section snippets
Definitions
In this paper, private-key and public-key encryption with homomorphic property are used to construct RDH-EI scheme, respectively. Hence, definitions such as homomorphic private-key encryption and homomorphic public-key encryption are briefly described. Usually, an encryption scheme is comprised of three algorithms: key-generation Gen, encryption Enc and decryption Dec. We denote the key-generation with the security parameter by , the encryption of the plaintext m using the key k by
RDH-EI with private-key homomorphism
In this section, a private-key homomorphism based RDH-EI with lossless recovery of directly decrypted image is first proposed. The proposed homomorphic private-key RDH-EI is composed of three phases: image encryption phase, data hiding phase, and data extraction and image recovery phase. There are three corresponding participants: content owner, data hider and receiver. The flowchart of the proposed RDH-EI scheme based on homomorphic private-key encryption is depicted in Fig. 2. In image
RDH-EI with public-key homomorphism
In this section, we present a novel public-key homomorphism based RDH-EI scheme with lossless recovery of directly decrypted image. The proposed homomorphic public-key RDH-EI is composed of four phases: key-generation phase, image encryption phase, data hiding phase and data extraction and image recovery phase. The flowchart of the proposed RDH-EI scheme based on homomorphic public-key encryption is illustrated in Fig. 3. In key-generation phase, the receiver generates a pair of secret and
Measurements
Embedding rate and visual quality of directly decrypted image are two major measurements for performance analysis in RDH-EI field. The embedding rate (bpp) is the average message bits carried by each pixel, as computed byIt is expected to be as large as possible so that more data can be embedded into the encrypted image. Peak signal-to-noise ratio (PSNR) is employed to evaluate the visual quality of image, as calculated by
Conclusions
In this paper, two RDH-EI schemes with lossless recovery of directly decrypted image are proposed by homomorphic private-key encryption and homomorphic public-key encryption, respectively. The DGHV homomorphic encryption is modified to encrypt original image, which provides the private-key homomorphism and public-key homomorphism. The secret message can be embedded into encrypted image in a lossless manner. Therefore, the image recovery can be realized by direct decryption as well as data
Acknowledgment
This work was partially supported by National Natural Science Foundation of China (Grant No. 61602211), Science and Technology Program of Guangzhou, China (Grant No. 201707010259), Fundamental Research Funds for the Central Universities.
References (32)
- et al.
Reversible data hiding in encrypted images based on absolute mean difference of multiple neighboring pixels
J. Vis. Commun. Image Represent.
(2015) - et al.
Separable and error-free reversible data hiding in encrypted images
Signal Process.
(2016) - et al.
A separable reversible data hiding scheme for encrypted jpeg bitstreams
Signal Process.
(2017) - et al.
Reversibility improved data hiding in encrypted images
Signal Process.
(2014) - et al.
Encrypted signal-based reversible data hiding with public key cryptosystem
J. Vis. Commun. Image Represent.
(2014) - et al.
Encrypted image-based reversible data hiding with public key cryptography from difference expansion
Signal Process. Image Commun.
(2015) - et al.
Histogram shifting in encrypted images with public key cryptosystem for reversible data hiding
Signal Process.
(2017) - et al.
Reversible data hiding in paillier cryptosystem
J. Vis. Commun. Image Represent.
(2016) - J.M. Barton, Method and apparatus for embedding authentication information within digital data, US Patent 5,646,997,...
- et al.
Lossless generalized-lsb data embedding
IEEE Trans. Image Process.
(2005)
Reversible data embedding using a difference expansion
IEEE Trans. Circ. Syst. Video Technol.
On local prediction based reversible watermarking
IEEE Trans. Image Process.
Reversible data hiding
IEEE Trans. Circ. Syst. Video Technol.
General framework to histogram-shifting-based reversible data hiding
IEEE Trans. Image Process.
Reversible data hiding in encrypted image
IEEE Signal Process. Lett.
Cited by (0)
- ☆
This paper has been recommended for acceptance by Zicheng Liu.