Reversible data hiding in encrypted images with private-key homomorphism and public-key homomorphism

https://doi.org/10.1016/j.jvcir.2018.11.017Get rights and content

Highlights

  • Two novel homomorphism based RDH-EI schemes are proposed.

  • The two proposed schemes provide lossless recovery of directly decrypted image.

  • The private-key version of homomorphism based RDH-EI scheme is first presented.

  • Optimal image quality and improved embedding rate are obtained.

Abstract

This paper proposes two reversible data hiding schemes in encrypted images that provide lossless recovery of directly decrypted images. The modified homomorphic encryption is introduced to encrypt the original image so that the private-key homomorphism and public-key homomorphism are both available. To embed secret message into encrypted image, a part of encrypted pixels are replaced with new ciphertexts by homomorphic property. Finally, the original image and embedded secret message can be restored by direct decryption. Optimal visual quality is obtained by the proposed schemes, since the directly decrypted pixel value is equal to the original pixel value. And the embedding rate is further improved. In addition, the proposed schemes are suitable for compressed multimedia, which extends the application scenarios. Experimental results are presented to demonstrate the effectiveness and superiority of the proposed schemes.

Introduction

Reversible data hiding (RDH) is a technique that ensures perfect reconstruction of the cover after the extraction of the embedded data. Since first introduced for image authentication in 1997 [1], RDH has attracted much attention in information hiding community. In the past two decades, many RDH methods have been proposed, e.g., the methods based on lossless compression [2], difference expansion [3], [4], and histogram shifting [5], [6].

In general, RDH embeds data into images that are visible to the data hider (also called service provider). As the need for images confidentiality protection, content owner is unwilling to show the images to data hider, especially the images containing privacy information. Encryption is an efficient and popular technique to protect the privacy of the image, which converts the meaningful image into meaningless image so that it is illegible to any unauthorized user. Therefore, reversible data hiding in encrypted images (RDH-EI) is required. RDH-EI is a useful technique that can be applied to cloud storage, medical system and secure remote sensing. An application of cloud storage by RDH-EI is shown in Fig. 1. The content owner would like to store an image in the cloud with privacy-preservation by encrypting the image before uploading it to the cloud. For management or verification, the cloud service provider would embed some additional information within the encrypted image without accessing the content. While on receiver side, the authorized receiver can perfectly reconstruct the original image after decryption.

The RDH-EI was first introduced in [7], where the encrypted image is divided into blocks and one message bit is embedded into an encrypted block. Data extraction and image recovery are implemented by analyzing the local standard deviation. Pixel flipping based method is another important work, in which the three least significant bits of each encrypted pixels are utilized to embed data [8]. Inspired by the studies in [7], [8], other studies on RDH-EI such as reducing extracted-bit error rate [9], [10], providing separable data extraction and image recovery [11], [12], [13], [14], [15], embedding data in encrypted compressed images [16], [17], [18], [19], and reserving room before encryption [20], [21], were proposed. However, the aforementioned methods are lossy recovery of the directly decrypted image. Most of them have low embedding rate [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20] and even have security problem [12], [13].

To deal with these problems, recently, RDH-EI methods with homomorphism were proposed [22], [23], [24], [25], [26], [27], [28]. Favorable properties such as security, good image quality and high embedding rate, are achieved. Different from stream cipher based RDH-EI [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], the homomorphism based RDH-EI can directly process encrypted data, which is more powerful in secure signal processing applications. For instance, statistical analysis of data can be obtained without decrypting encrypted data. Moreover, the homomorphism based RDH-EI is applicable to one-to-multiple and multiple-to-one applications, that is, multiple content owners and data hiders are permitted, while the stream cipher based RDH-EI can only be applied to one-to-one applications. Due to the probabilistic property of homomorphic encryption, the homomorphism based RDH-EI encrypts different messages using the same key. The key in the stream cipher based RDH-EI cannot be reused to encrypt messages, which is difficult in key management. Chen et al. [22] firstly proposed public-key homomorphism based RDH-EI with Paillier encryption [29], where one message bit can be embedded into a pixel pair. Thus the maximum embedding rate is up to 0.5 bits per pixel (bpp), which is significantly outperforms the previous works. However, the embedding procedure may cause pixel overflow problem. To avoid pixel overflow, Shiu et al. [23] combined Paillier encryption and difference expansion based RDH with location map to construct RDH-EI scheme. In [24], the mirroring ciphertext groups is used to avoid pixel overflow. Besides, with the aid of Paillier homomorphic encryption, other RDH-EI methods combined with histogram shifting [25] and interpolation-error expansion [26] were also proposed. As a result, the embedding rate and image visual quality are further improved. However, the directly decrypted image in these literatures [22], [23], [24], [25], [26] is still lossy. Fortunately, by adopting wet paper coding and exploiting self-blinding technique, two public-key RDH-EI approaches with lossless recovery of directly decrypted image are proposed [27], [28], respectively. But method [27] requires extra preprocessing, in which the data hider and receiver use a shared stego key to generate a pseudorandom binary matrix. In a word, almost all homomorphism based RDH-EI methods utilizes Paillier public-key encryption to encrypt the original image. To the best of our knowledge, there is no private-key based RDH-EI approach with lossless recovery of the directly decrypted image. Clearly, there still exist many restrictions in existing RDH-EI algorithms with lossless recovery of directly decrypted image. It is essential to conduct further RDH-EI studies in the field.

In this paper, a private-key homomorphism based and a public-key homomorphism based RDH-EI schemes are presented. The major contributions of this paper are summarized as follows.

  • Optimal visual quality of directly decrypted image is obtained. Although a part of encrypted data is replaced for data hiding, the data hiding procedure does not affect the decryption of the original image. Thus the directly decrypted image is the same as the original one.

  • Embedding rate is improved. The maximum embedding rate is up to 1 bpp, since each encrypted pixel can be embedded with one bit.

  • No preprocessing is required. The existing RDH-EI method with lossless recovery of directly decrypted image requires extra preprocessing [27], which will bring heavy burden to participants. In this paper, preprocessing can be avoided.

  • Real reversibility is achieved. That is, no error happens in data extraction and image recovery procedure.

The reminder of this paper is organized as follows. A homomorphic encryption proposed by Dijk, Gentry, Halevi and Vaikuntanathan (DGHV) is described in Section 2, as well as some definitions. A private-key homomorphism based RDH-EI scheme with lossless recovery of directly decrypted image is first proposed in Section 3. Section 4 presents a novel public-key homomorphism based RDH-EI scheme with lossless recovery of directly decrypted image. Experimental results and discussions are illustrated in Section 5. Finally, Section 6 draws our conclusions.

Section snippets

Definitions

In this paper, private-key and public-key encryption with homomorphic property are used to construct RDH-EI scheme, respectively. Hence, definitions such as homomorphic private-key encryption and homomorphic public-key encryption are briefly described. Usually, an encryption scheme is comprised of three algorithms: key-generation Gen, encryption Enc and decryption Dec. We denote the key-generation with the security parameter λ by Gen(λ), the encryption of the plaintext m using the key k by Enck(

RDH-EI with private-key homomorphism

In this section, a private-key homomorphism based RDH-EI with lossless recovery of directly decrypted image is first proposed. The proposed homomorphic private-key RDH-EI is composed of three phases: image encryption phase, data hiding phase, and data extraction and image recovery phase. There are three corresponding participants: content owner, data hider and receiver. The flowchart of the proposed RDH-EI scheme based on homomorphic private-key encryption is depicted in Fig. 2. In image

RDH-EI with public-key homomorphism

In this section, we present a novel public-key homomorphism based RDH-EI scheme with lossless recovery of directly decrypted image. The proposed homomorphic public-key RDH-EI is composed of four phases: key-generation phase, image encryption phase, data hiding phase and data extraction and image recovery phase. The flowchart of the proposed RDH-EI scheme based on homomorphic public-key encryption is illustrated in Fig. 3. In key-generation phase, the receiver generates a pair of secret and

Measurements

Embedding rate and visual quality of directly decrypted image are two major measurements for performance analysis in RDH-EI field. The embedding rate (bpp) is the average message bits carried by each pixel, as computed byEmbedding rate=Total embedded bitsTotal image pixels.It is expected to be as large as possible so that more data can be embedded into the encrypted image. Peak signal-to-noise ratio (PSNR) is employed to evaluate the visual quality of image, as calculated byPSNR=10log1025521M1N1

Conclusions

In this paper, two RDH-EI schemes with lossless recovery of directly decrypted image are proposed by homomorphic private-key encryption and homomorphic public-key encryption, respectively. The DGHV homomorphic encryption is modified to encrypt original image, which provides the private-key homomorphism and public-key homomorphism. The secret message can be embedded into encrypted image in a lossless manner. Therefore, the image recovery can be realized by direct decryption as well as data

Acknowledgment

This work was partially supported by National Natural Science Foundation of China (Grant No. 61602211), Science and Technology Program of Guangzhou, China (Grant No. 201707010259), Fundamental Research Funds for the Central Universities.

References (32)

  • J. Tian

    Reversible data embedding using a difference expansion

    IEEE Trans. Circ. Syst. Video Technol.

    (2003)
  • I.C. Dragoi et al.

    On local prediction based reversible watermarking

    IEEE Trans. Image Process.

    (2015)
  • Z. Ni et al.

    Reversible data hiding

    IEEE Trans. Circ. Syst. Video Technol.

    (2006)
  • X. Li et al.

    General framework to histogram-shifting-based reversible data hiding

    IEEE Trans. Image Process.

    (2013)
  • W. Puech, M. Chaumont and O. Strauss, A reversible data hiding method for encrypted images, in: Proc. SPIE, Electronic...
  • X. Zhang

    Reversible data hiding in encrypted image

    IEEE Signal Process. Lett.

    (2011)
  • Cited by (0)

    This paper has been recommended for acceptance by Zicheng Liu.

    View full text