CN112054900A - Ciphertext domain reversible information hiding method and software and hardware application system - Google Patents

Ciphertext domain reversible information hiding method and software and hardware application system Download PDF

Info

Publication number
CN112054900A
CN112054900A CN202010900949.2A CN202010900949A CN112054900A CN 112054900 A CN112054900 A CN 112054900A CN 202010900949 A CN202010900949 A CN 202010900949A CN 112054900 A CN112054900 A CN 112054900A
Authority
CN
China
Prior art keywords
ciphertext
information
domain
plaintext
carrying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010900949.2A
Other languages
Chinese (zh)
Inventor
张敏情
柯彦
刘佳
苏婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Priority to CN202010900949.2A priority Critical patent/CN112054900A/en
Publication of CN112054900A publication Critical patent/CN112054900A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a ciphertext domain reversible information hiding method, which comprises the following steps: (1) preprocessing and encrypting a plaintext to obtain a ciphertext; (2) embedding the encrypted additional information into the ciphertext to obtain a first ciphertext; (3) embedding cipher text LSB information based on key replacement into the first cipher text for the second time to finally obtain the cipher text; cipher text LSB information based on key replacement is data obtained by encrypting extra information; (4) carrying out LSB extraction on the secret-carrying text, and extracting secondary embedded additional information; and processing the secret-carrying text through ciphertext domain information extraction and carrier recovery or plaintext domain information extraction and carrier recovery to obtain an original plaintext and first-time embedded additional information. The invention also discloses a ciphertext domain reversible information hiding system, computer equipment and a readable storage medium, which ensure the high-efficiency and large-capacity embedding of data and the reversible recovery of carrier data on the premise of meeting the requirement of separable ciphertext domain reversible information hiding.

Description

Ciphertext domain reversible information hiding method and software and hardware application system
Technical Field
The invention relates to information hiding, information encryption and ciphertext domain data processing technologies, in particular to a reversible information hiding method for a ciphertext domain and a software and hardware application system.
Background
Since the birth of the 90 s of the 20 th century, information hiding has increasingly played a role in the field of information security. However, most steganographic algorithms permanently damage the data in the original carrier signal while embedding the stego information, and introduce some distortion. However, these distortions are unacceptable in some applications where the requirements for data authentication are high and the original carrier needs to be recovered without distortion, such as remote medical diagnosis, encrypted data labeling in cloud environment, military and legal affairs, etc. In the fields of military affairs, medicine and the like, not only the secret information has extremely high value, but also the original carrier signal is indispensable. For example, any modification of a medical picture may become a key in medical accident litigation, and only if the original picture can be restored without loss after secret information is extracted, unnecessary troubles caused can be avoided; for military images, the meaning of reversible information hiding technology is more obvious, for example, remote sensing images have high value in the military field, and if in the process of embedding information, the original images are damaged to cause important information loss, the caused result is difficult to estimate. The method has good development prospect in the judicial field and the multi-level management field of user permission. In order to ensure that the carrier signal can be recovered without loss, the concept of reversible information hiding is proposed, which requires that the original carrier can be recovered error-free after the hidden information is extracted.
Reversible information Hiding is divided into a ciphertext Domain and a non-ciphertext Domain according to whether a carrier is Encrypted, wherein ciphertext Domain Reversible information Hiding (RDH-ED) refers to a technology for enabling a carrier image to be embedded to be Encrypted and still be decrypted without errors after information is embedded. Encryption is one of the important means for ensuring privacy and information safety at present, information is encrypted into a ciphertext which presents a chaotic, disordered and meaningless state, and an unauthorized person can only see random noise signals but cannot acquire real information of a plaintext. There is now an increasing need to be able to manage encrypted data directly. For example, digital images stored in a remote cloud are usually stored in an encrypted manner for privacy protection, and the information hiding technology can conveniently manage the ciphertext by embedding additional information, such as user information, copyright information and the like, in a host; in the medical image, the image is encrypted to protect the privacy of a patient, and meanwhile, the medical record or personal information of the patient can be embedded in the ciphertext image for managing archival data; while maintaining the integrity of the encrypted image, a hash value, Cyclic Redundancy Check (CRC) or other error correction information of the encrypted image is calculated and embedded directly into the encrypted image. Therefore, the reversible steganography of the ciphertext domain can play a role in double insurance for important information in the cloud environment, and the reversible information hiding of the ciphertext domain is taken as the combination of encryption signal processing and steganography technology, and is one of the research hotspots for protecting privacy data in the current cloud environment.
In the existing ciphertext domain reversible information hiding method, separable reversible information hiding emphasizes the separability of two processes of user hidden information extraction and reversible carrier data recovery, and the method has great practical significance for privacy protection of users and information safety and data management in cloud environment. However, on the premise of realizing separable steganography, the existing ciphertext domain reversible information hiding technology effectively ensures that the aspects of large-capacity data embedding, reversible carrier data recovery, non-detectability and the like have a plurality of difficulties and problems, because the modern encryption algorithm requires that the minimum change of a plaintext is also spread to the whole ciphertext space, and the design of the reversible algorithm is usually independent of the encryption algorithm, the more encrypted data is modified in the embedding process, and the greater the distortion of a decryption result is.
Disclosure of Invention
The invention aims to provide a reversible information hiding method of a cryptograph domain and a software and hardware application system, which can effectively ensure high-efficiency and large-capacity embedding of data and reversible recovery of carrier data on the premise of meeting the requirement of reversible information hiding of a separable cryptograph domain.
The invention is realized by the following technical scheme:
a ciphertext domain reversible information hiding method comprises the following steps:
(1) preprocessing and encrypting a plaintext to obtain a ciphertext;
(2) embedding the encrypted primary additional information into the ciphertext to obtain a first ciphertext;
(3) embedding cipher text LSB information based on key replacement into the first cipher text for the second time to finally obtain the cipher text; cipher text LSB information based on key replacement is data obtained by encrypting secondary extra information;
(4) the following three treatments are performed on the secret carrying text:
the first method is LSB extraction, and secondary embedded secondary extra information is extracted;
secondly, extracting the information of the ciphertext domain and recovering the carrier to obtain the original plaintext and primary additional information which is embedded once;
and the third method is plaintext domain information extraction and carrier recovery to obtain the original plaintext and primary embedded additional information.
Further, in the step (1), the plaintext is an image, and the preprocessing step is as follows:
1.1, in order to sort the images to obtain the sorted images as I ', dividing I' into non-overlapping pixel pairs (X, Y), wherein X is more than or equal to 0, and Y is less than or equal to 255;
1.2, calculating a difference value h and a mean value l of the pixels, wherein the difference value h is a difference value of X and Y;
l is the mean value of X and Y and is rounded;
1.3, performing anti-overflow constraint and fidelity constraint on the pixel pair to obtain the pixel pair meeting the constraint condition;
conditions of anti-overflow constraint: the difference h satisfies the constraints of equations (1) - (2);
|h|≤min(2(255-l),2l+1) (1)
|2·h+bs|≤min(2(255-l),2l+1)(bs=0,1) (2)
the fidelity constraint is specifically: setting a threshold h for the difference of a pixel pairfidAnd constraining the value range of the difference value to satisfy the formula (3):
h≤hfid (3)
further, in the step (1), the encrypting specifically includes: carrying out bitwise encryption on each bit of (h, l) to obtain an encrypted ciphertext
Figure BDA0002659770180000031
And
Figure BDA0002659770180000032
wherein the content of the first and second substances,
Figure BDA0002659770180000033
a new public key is used for each encryption.
Further, the step (2) comprises the following steps:
2.1, left-shifting the ciphertext sequence by one unit, using the spare position ctemp0Is filled in, wherein ctemp0Enc (0), and then derive the ciphertext of the extended difference h:
Figure BDA0002659770180000041
2.2, additional information bsEncrypting to obtain encrypted additional information CbsMixing C withbsSubstitution ctemp0To obtain the ciphertext of the difference h' after the DE is embedded
Figure BDA0002659770180000042
I.e., the first secret carrying cipher text.
Further, the step (3) specifically comprises the following steps:
3.1, additional information bsCarrying out XOR encryption with the hidden key k to obtain a sequence b to be embeddedr
Figure BDA0002659770180000043
Wherein b isr∈brCarrying the ciphertext vector in the ciphertext
Figure BDA0002659770180000044
Is marked as cLH1The LSB of the element is replaced by bit br
3.2 if br=LSB(cLH1) Then maintain
Figure BDA0002659770180000045
The change is not changed; if b isr≠LSB(cLH1) Then pair
Figure BDA0002659770180000046
Performing a key replacement refresh until LSB (c)LH1)=brAnd obtaining the embedded secret carrying text:
Figure BDA0002659770180000047
and
Figure BDA0002659770180000048
Figure BDA0002659770180000049
further, in the step (4), the ciphertext domain information extraction and the carrier recovery comprise ciphertext domain DE recovery and ciphertext domain DE extraction;
and the ciphertext domain DE is used for recovering a recovered ciphertext from the ciphertext carrying text, the recovered ciphertext is decrypted by using a private key to obtain an original difference value h and an average value l, and the original difference value h and the average value l are substituted into the formulas (5) to (6) to recover an original pixel pair (X, Y):
Figure BDA00026597701800000410
Figure BDA00026597701800000411
the difference h is the difference between X and Y, and l is the mean value of X and Y;
the extraction of the ciphertext domain DE specifically comprises the following steps: extracting extra information b using hidden key ks
br=LSB(cLH1) (7)
Figure BDA00026597701800000412
Further, the information extraction and the carrier recovery of the plaintext domain are specifically as follows: decrypting the secret carrying text by using a private key s to obtain secret carrying plaintext h' and l;
extracting additional information from h';
recovering the difference h according to the h',
Figure BDA0002659770180000051
substituting h and l into the following formula to calculate a pixel pair (X, Y);
Figure BDA0002659770180000052
Figure BDA0002659770180000053
the difference h is the difference between X and Y; l is the mean of X and Y.
The invention also discloses a ciphertext domain reversible information hiding system, which comprises an encryption module, a management module and a decryption module; the management module comprises an embedding module, an LSB extraction module and a ciphertext domain information extraction and carrier recovery module; the decryption module comprises a plaintext domain information extraction and carrier recovery module and a ciphertext domain decryption module; the encryption module and the decryption module are used by a user side, and the management module is used by a service side;
the encryption module is used for preprocessing and encrypting the plaintext to obtain a ciphertext;
the embedding module is used for embedding the extra information twice into the ciphertext provided by the encryption module to obtain a ciphertext;
the LSB extraction module is used for carrying out LSB extraction on the secret carrying text and extracting secondary embedded additional information;
the ciphertext domain information extraction and carrier recovery module is used for performing ciphertext domain DE recovery and ciphertext domain DE extraction on the ciphertext carrying text, recovering the ciphertext through the ciphertext domain DE to obtain a recovered ciphertext, and extracting the extra information ciphertext through the ciphertext domain DE;
the plaintext domain information extraction and carrier recovery module is used for decrypting the secret-carrying text processed by the embedding module to obtain a secret-carrying plaintext, then recovering the secret-carrying plaintext through DE to obtain an original plaintext, and simultaneously extracting through DE to obtain additional information embedded for the first time;
and the ciphertext domain decryption module is used for decrypting the recovered ciphertext and the extra information ciphertext obtained by the ciphertext domain information extraction and carrier recovery module processing to obtain the original plaintext and the extra information embedded for the first time.
The invention also discloses a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method when executing the computer program.
The invention also discloses a computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention discloses a reversible information hiding method of a cryptograph domain, which hides reversible information based on an LWE encryption algorithm which is a typical single-bit public key encryption algorithm, when the ciphertext data is embedded, firstly, based on the characteristics of a single-bit encryption technology, Differential Expansion (DE) is used for embedding in a ciphertext domain, after the DE is embedded in the ciphertext domain, a secret-carrying ciphertext can be obtained after one-time embedding, then cipher text LSB embedding based on key replacement technology is used, KS-LSB embedding is secondary embedding carried out in the cipher text obtained in the last embedding, the decryption result is not influenced, namely, the secret carrying text is directly decrypted to obtain the secret carrying plaintext, the information extraction and lossless recovery operation can be carried out on the secret carrying plaintext, meanwhile, the secret-carrying text embedded by the KS-LSB supports direct extraction of information from the ciphertext, so that the separability of the algorithm is ensured. Firstly, a ciphertext domain difference value expansion method constructed based on the characteristics of a single-bit encryption technology has the characteristics of safety and high efficiency, and embedded information can be carried in a plaintext corresponding to an embedded ciphertext; in order to ensure that the information can be extracted under the condition that the secret-carrying text is not decrypted, a KS-LSB embedding method is used, and KS-LSB secondary embedding is carried out after the secret-carrying text domain difference value is expanded and embedded. The LSB of the cipher text carrying the cipher text after the secondary embedding carries extra information, supports the direct extraction of the information under the condition of no decryption, and simultaneously does not influence the decryption result of the cipher text domain difference value expansion embedding, namely the decrypted cipher text carrying the difference value expansion embedding information.
Furthermore, by introducing a pixel value ordering technology, the number of ciphertexts supporting the difference value expansion of the cipher text domain is effectively increased, and high cipher text embedding amount is ensured; by performing anti-overflow constraint and fidelity constraint on the pixel pairs, the pixel pairs of constraint conditions are increased, and applicable pixel pairs for DE embedding are increased, so that the embedding amount of the ciphertext domain DE embedding is increased.
Drawings
FIG. 1 is an algorithm framework in an example of the invention.
Fig. 2 is an algorithm flow chart.
Fig. 3 shows 6 test images.
Detailed Description
The present invention will now be described in further detail with reference to specific examples, which are intended to be illustrative, but not limiting, of the invention.
Aiming at the problems in the prior art, the invention provides the reversible information hiding method of the ciphertext domain, which can effectively ensure the high-efficiency and large-capacity embedding of data and the reversible recovery of carrier data on the premise of meeting the requirement of the reversible information hiding of the separable ciphertext domain. The LWE encryption algorithm is a typical single-bit public key encryption algorithm, and firstly, based on the characteristics of a single-bit encryption technology, Differential Expansion (DE) is used for embedding in a ciphertext domain when ciphertext data is embedded, a secret carrying text can be obtained after the ciphertext domain DE is embedded, the secret carrying text is directly decrypted to obtain a secret carrying plaintext, and information extraction and lossless recovery operations can be carried out on the secret carrying plaintext. Cipher text LSB embedding (KS-LSB) based on a Key replacement technology is used, KS-LSB embedding is secondary embedding implemented in cipher text obtained in last embedding, a decryption result is not influenced, and the cipher text embedded by the KS-LSB supports information extraction from the cipher text directly.
As shown in fig. 1, the invention discloses a reversible information hiding method for a ciphertext domain, which comprises the following steps:
(1) preprocessing and encrypting a plaintext to obtain a ciphertext;
(2) embedding the encrypted primary additional information into the ciphertext to obtain a first ciphertext;
(3) and embedding the LSB information of the cipher text based on the key replacement into the first cipher text for the second time to finally obtain the cipher text. The secret carrying text is used for storing, transmitting and subsequent decrypting and information extracting operations, and then the secret carrying text which is embedded for the first time or the second time is not distinguished any more, and only the secret carrying text which is embedded for the second time is used.
And the cipher text LSB information based on the key replacement is data obtained by encrypting the secondary extra information.
(4) The following three treatments are performed on the secret carrying text:
the first method comprises the following steps: LSB extraction is carried out on the secret-carrying text, and secondary embedded additional information can be extracted;
the second is ciphertext domain information extraction and carrier recovery; and the third method comprises the steps of extracting plaintext domain information and recovering a carrier, and processing and decrypting the secret-carrying text in the two modes to obtain the original plaintext and the first-time embedded additional information.
The invention carries out the embedding of a ciphertext domain DE based on single-bit encryption, supports the information extraction after decryption, uses the single-bit encryption technology which is also suitable for KS-LSB embedding in order to directly extract information from the ciphertext, and selects secondary embedding to ensure that the information is directly extracted from the ciphertext because the extra information of the two times of embedding is the same or different.
The embedded information is usually some remark information, which is used for assisting in realizing management of the ciphertext and can directly extract information to realize management on the premise of ensuring that the plaintext content of the user is not decrypted.
The following are the symbols and meanings of the variables used in the present invention, as shown in table 1:
TABLE 1 variable symbols and meanings
Figure BDA0002659770180000081
The following are parameter settings and function uses used in the present invention:
encryption parameters: the bit length of the private key is n; the modulus is a prime number q, q is an element (n)2,2n2) (ii) a Dimension d, d ≧ 1+ (1+ n) log of public key matrix2q,1>>0,
Figure BDA0002659770180000091
Noise obeying distribution x introduced in the invention, distribution of noise
Figure BDA0002659770180000092
Wherein
Figure BDA0002659770180000093
"qx" denotes the standard deviation of the noise distribution, rounded to qx
Figure BDA0002659770180000094
In addition, the following 6 functions are used in the algorithm:
1. private key generation function: s-SKGenn,q(.)
The output is a private key
Figure BDA0002659770180000095
The private key is composed of s ═ 1, t, where the vector is
Figure BDA0002659770180000096
Obey the distribution χ.
2. Public key generation function: a ═ PKGen(d,n),q(s);
First, a uniformly distributed matrix is generated in the function
Figure BDA0002659770180000097
With a vector obeying a χ distribution
Figure BDA0002659770180000098
Then calculating the vector from W and e
Figure BDA0002659770180000099
b=Wt+2e。
Finally, a public key A can be output, and the matrix A belongs to Zd×nColumn (1) is vector b and the next n-1 column is-W, i.e., a is (b, -W).
3. Encryption function: c ═ EncA(p);
Output as ciphertext vector
Figure BDA00026597701800000910
The inputs are plaintext bits p ∈ {0,1} and public key A. First construct the vector
Figure BDA00026597701800000911
Generating randomly evenly distributed vectors
Figure BDA00026597701800000912
And finally, outputting a ciphertext c: c is m + ATar
4. The bit separation function BitDe (x),
Figure BDA00026597701800000913
the input is an integer vector x; outputting a vector composed of bits of each layer of x
Figure BDA00026597701800000914
Figure BDA00026597701800000915
5. A decryption function: p ═ Decs(c)=[[<c,s>]q]2
The output is the plaintext bit p ∈ {0,1} obtained by decryption. The input is the ciphertext c and the private key s. The input quantity, process quantity, output quantity and operation type in the decryption function are decimal operation, if the process quantity and operation are twoIn the binary form, such a function is called a circuit having the function, and the function design of the decryption circuit is written as: decS(C) The input ciphertext and the private key are respectively expanded by corresponding bit, C-bitde (C), and S-bitde (S).
6. Alternative matrix generation function: b ═ SwitchKGen(s)1,s2) The key replacement is mainly used for embedding KS-LSB, and the replacement matrix is from BLSB:BLSBSwitchKGen (s, s), wherein
Figure BDA0002659770180000101
The key generation and distribution used in the present invention is as follows:
key assignments are shown in table 2, where the random sequence k is xor encrypted before being used for KS-KSB embedding.
Table 2 key distribution
Figure BDA0002659770180000102
Pretreatment:
(one) pixel value ordering
Plain text is a gray scale image I of 512 × 512. For all pixels in a row, the pixels are denoted as a sequence of pixels (p)1,p2,…,pl) And l is 512. The pixel sequence is rearranged in ascending order to obtain a new sequence pσ(1),pσ(2),…,pσ(l)When i is }>When j is, pσ(i)≤pσ(j)Wherein σ: {1,2, …, l } → {1,2, …, l } is a single map, the output is the position of the original pixel, and the sorted image is denoted as I'. The mapping sigma is embedded in the ciphertext as side information and transmitted to the recipient.
(II) anti-overflow constraint and fidelity constraint
And dividing I' into non-overlapping pixel pairs (X, Y), wherein X is more than or equal to 0, and Y is less than or equal to 255. A pair of available pixels can be loaded with 1 bit of extra information bsE {0,1 }. In order to prevent pixel value overflow after embedding, the pixel difference value h is required to satisfy about equations (1) to (2)Bundling:
|h|≤min(2(255-l),2l+1) (1)
|2·h+bs|≤min(2(255-l),2l+1)(bs=0,1) (2)
the fidelity constraint means that under the condition that the available pixel pairs are not fully embedded, the pixel pairs with smaller difference values are preferentially selected, and the difference values of the pixel pairs are set with a threshold value hfidAnd restricting the value range of the difference value:
h≤hfid (3)
pairs of pixels satisfying the above constraints can be used for DE embedding using an index matrix Mava∈{0,1}512×512To mark the position of the available pixel pairs: the position marked "1" indicates the position in the image of the pixel of the available pair of pixels with the larger value, and the remaining positions are marked "0". MavaAnd the information is subjected to lossless compression and then is used as auxiliary side information of a ciphertext and is transmitted along with carrier data.
Data encryption and ciphertext domain DE embedding
Data encryption
For the pixel pair (X, Y) satisfying the constraint condition, the difference value h and the mean value l of the pixel are first calculated, and each bit of (h, l) is encrypted bit by bit:
Figure BDA0002659770180000111
each encryption requires the use of a new public key.
(II) ciphertext domain DE embedding
1) The ciphertext is
Figure BDA0002659770180000112
And
Figure BDA0002659770180000113
calculation of ctemp0Enc (0). As shown in fig. 2, the ciphertext sequence is left shifted by one unit, and the spare position uses ctemp0And filling to obtain the expanded ciphertext of the difference value h:
Figure BDA0002659770180000114
2) will add extra informationEncrypting to replace the cipher text with the c filled in the previous steptemp0And obtaining a ciphertext of the difference value h' after the DE is embedded:
Figure BDA0002659770180000121
cipher text LSB information embedding based on key replacement
1) Additional information bsCarrying out XOR encryption with the hidden key k to obtain a sequence b to be embeddedr
Figure BDA0002659770180000122
Wherein b isr∈br. Carrying cipher text vector in cipher text
Figure BDA0002659770180000123
Is marked as cLH1The LSB of the element is replaced by bit br
2) If b isr=LSB(cLH1) Then maintain
Figure BDA0002659770180000124
The change is not changed; if b isr≠LSB(cLH1) Then pair
Figure BDA0002659770180000125
And (3) carrying out key replacement refreshing:
Figure BDA0002659770180000126
3) repeating the previous step 2) until LSB is obtained (c)LH1)=br
At this time, a secret-carrying text in which embedding is completed is obtained:
Figure BDA0002659770180000127
and
Figure BDA0002659770180000128
ciphertext domain information extraction and carrier recovery
For ciphertext, the service side can extract the extra information b by using the hidden key k without decrypting the plaintexts
br=LSB(cLH1) (5)
Figure BDA0002659770180000129
The ciphertext domain carrier recovery is to obtain a new ciphertext, and the decryption result is the original plaintext.
Calculation of ctemp0Right-shift the ciphertext sequence by one unit, using c as a spare position (0)temp0And (6) filling. The resulting recovered ciphertext is:
Figure BDA00026597701800001210
and
Figure BDA00026597701800001211
and returning the recovered ciphertext to the user, and decrypting by using a private key to obtain the original difference value h and the average value l. The original pixel pairs are restored by substituting equations (7) to (8):
Figure BDA00026597701800001212
Figure BDA00026597701800001213
plaintext field information extraction and carrier recovery
For the secret-carrying text, the user can decrypt the secret-carrying text by using a private key s to obtain secret-carrying plaintexts h' and l:
Figure BDA0002659770180000131
Figure BDA0002659770180000132
the extra information can be extracted from h':
bs=LSB(h') (9)
the LSB (.) is used to obtain the least significant bits of the input integer.
The original pixel pair can be restored by the restoration process of the DE algorithm, first restoring the difference h:
Figure BDA0002659770180000133
the pixel pair (X, Y) is calculated by substituting h and l into equations (8) to (9).
The following is the correctness analysis of the results of the present invention:
(one) plaintext recovery accuracy
In the algorithm of this chapter, the plaintext recovery is divided into two cases: a) the user directly decrypts the encryption carrying ciphertext to obtain the encryption carrying plaintext, and calculates a Peak Signal to Noise Ratio (PSNR) of the encryption carrying plaintext obtained at the moment, which is recorded as PSNR 1. Then, DE recovery is carried out on the encryption-carrying plaintext to obtain the plaintext, and PSNR of the recovered plaintext is calculated and recorded as PSNR 2; b) and the third party server performs ciphertext domain carrier recovery operation on the ciphertext carrying party to obtain a new ciphertext. And the user receives and decrypts the new ciphertext to obtain a plaintext, and the PSNR of the plaintext is calculated and recorded as PSNR 3.
Since the algorithm performs Pixel Value Ordering (PVO) processing on 6 images shown in FIG. 3 before encryption to make the images tend to be smooth, more Pixel pairs satisfying the constraint conditions in equations (1) - (3) are added, and applicable Pixel pairs available for DE embedding are added, so that the embedding amount of the DE embedding in the ciphertext domain is increased, and the maximum embedding amount of the algorithm is related to the number of available Pixel pairs. The PSNR1-3 results at maximum embedding are shown in Table 3. It can be seen from the results of PSNR1 that there is distortion in the ciphertext. PSNR2 and PSNR3 are both "∞" indicating that the recovered plaintext is not distorted. In Table 3, the maximum embedding rate in plaintext is close to 0.500bpp, indicating that almost all pixel pairs can satisfy the constraint for embedding.
By adjusting hfidThe value of (a) is selected,the analysis continues for PSNR1 for the carry-plaintext image for different amounts of embedding. The smaller the difference between two pixels in a pixel pair, the smaller the modification of the embedded pixel. Thus hfidThe smaller the value, the less distortion of the carry-over plaintext, but the fewer pixel pairs that are available. Experiment tests hfidPSNR1 carrying plaintext, ciphertext embedding amount and corresponding PSNR1 for different values are shown in table 4.
(II) information extraction accuracy
There are three cases of data extraction in the algorithm: a) the server side directly extracts information from the LSB carrying the secret cipher text; b) the user decrypts the secret-carrying text to obtain a secret-carrying plaintext, and then uses a DE extraction algorithm to obtain embedded data; c) the server side executes the ciphertext domain DE to extract the ciphertext carrying the ciphertext to obtain the ciphertext of the extra information, and the user can decrypt the ciphertext to obtain the embedded data. In experiment pair 105The bit extra information is embedded and extracted, and the accuracy of the extracted information is compared bit by bit, and the result shows that the accuracy of the information extraction under the three conditions is 100%.
TABLE 3 PSNR1-3 at maximum embedding amount and plaintext embedding rate
Test image Maximum capacity/bit Maximum embedding rate/bpp PSNR1/dB PSNR2/dB PSNR3/dB
Lena 131072 0.500 50.9706
Baboon 131048 0.499 51.1409
Crowd 129529 0.494 50.1606
Tank 131072 0.500 51.5168
Peppers 131064 0.500 50.4753
Plane 131069 0.500 45.3539
Average 130809 0.499 41.3525
TABLE 4 different hfidEmbedding quantity/embedding rate and PSNR1 of values
Figure BDA0002659770180000141
Figure BDA0002659770180000151
Security analysis
The safety of RDH-ED mainly includes two aspects: firstly, the data embedding does not weaken the encryption security and does not leave any potential risk of password cracking; and secondly, under the condition of no hidden key, the embedded information cannot be directly obtained from the ciphertext.
The embedding process of the algorithm in the chapter does not decrypt or modify the ciphertext, so that the encryption strength of the original encryption algorithm is maintained. The embedding operation is mainly to perform adjustment on the sequence of the ciphertext encrypted by single bit and fill in the redundant ciphertext. The embedding process does not reveal private or clear information. And the KS-LSB embedding process is mainly based on a publicly issued public key for operation, and no private key information is revealed.
The extra information is encrypted by LWE in the embedding process, and the object of the embedding operation of the ciphertext domain DE is the ciphertext, so that the content of the extra information cannot be directly exposed. Before embedding KS-LSB, the third party server firstly uses sequence encryption to process extra information and then embeds the extra information, thereby ensuring that the data carried on the cipher text LSB can not reveal the content of the extra information. Because the encryption process introduces temporary random quantity, the same plaintext is encrypted for multiple times by using the same public key, and the obtained ciphertexts are irrelevant to each other. In conclusion, the algorithm can keep the security of the LWE encryption, and the private key and the plaintext information cannot be leaked in the embedding process. Under the condition of unknown private keys or hidden keys, the additional information can ensure the content to be kept secret in the process of transmitting and storing the secret-carrying ciphertext.
According to the analysis and experiment results, the embedding rate of the invention is mainly related to the number of pixel pairs meeting the constraint condition, and because the complexity of the content of the plaintext image is different, the maximum embedding rates of different images are different, when h isfidWhen the number is 10, the plaintext embedding rate of an experimental image is the maximum, and basically the plaintext embedding rate can reach 0.5 bpp; when h is generatedfidAt 0, the embedding rate of the image is minimum, but still can reach above 0.3443 bpp.
The invention provides a high-efficiency high-capacity ciphertext domain reversible information hiding method which can effectively ensure high-capacity data embedding and reversible carrier data recovery on the premise of meeting the requirement of separable RDH-ED. The invention carries out ciphertext domain DE embedding and KS-LSB embedding on ciphertext data based on an LWE single-bit encryption algorithm. After the information is embedded, the embedded information can be directly extracted from the ciphertext by using the hidden key, the encryption carrying text can be decrypted by using the decryption key so as to obtain the encryption carrying plaintext, the embedded information can be extracted from the encryption carrying plaintext and the original plaintext can be recovered, so that the separability of the algorithm is ensured.
The invention also discloses a ciphertext domain reversible information hiding system, which comprises an encryption module, a management module and a decryption module; the management module comprises an embedding module, an LSB extraction module and a ciphertext domain information extraction and carrier recovery module; the decryption module comprises a plaintext domain information extraction and carrier recovery module and a ciphertext domain decryption module; the encryption module and the decryption module are used by a user side, and the management module is used by a service side;
the encryption module is used for preprocessing and encrypting the plaintext to obtain a ciphertext;
the embedded module is used for carrying out encryption processing twice on the ciphertext provided by the encryption module to obtain a ciphertext carrying message;
the LSB extraction module is used for carrying out LSB extraction on the secret carrying text and extracting secondary embedded additional information;
the ciphertext domain information extraction and carrier recovery module is used for performing ciphertext domain DE recovery and ciphertext domain DE extraction on the ciphertext carrying text, recovering the ciphertext through the ciphertext domain DE to obtain a recovered ciphertext, and extracting the extra information ciphertext through the ciphertext domain DE;
the plaintext domain information extraction and carrier recovery module is used for decrypting the secret-carrying text processed by the embedding module to obtain a secret-carrying plaintext, then recovering the secret-carrying plaintext through DE to obtain an original plaintext, and simultaneously extracting through DE to obtain primary additional information embedded for the first time;
and the ciphertext domain decryption module is used for decrypting the recovered ciphertext and the extra information ciphertext obtained by the ciphertext domain information extraction and carrier recovery module processing to obtain the original plaintext and the first-time embedded extra information.
The reversible information hiding method of the cryptograph domain disclosed by the invention can be stored in a computer readable storage medium if the reversible information hiding method is realized in the form of a software functional unit and is sold or used as an independent product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. Computer-readable storage media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
In an exemplary embodiment, a computer readable storage medium is also provided, which stores a computer program that, when executed by a processor, implements the steps of the ciphertext domain invertible information hiding method. The computer storage medium may be any available medium or data storage device that can be accessed by a computer, including but not limited to magnetic memory (e.g., floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical memory (e.g., CD, DVD, BD, HVD, etc.), and semiconductor memory (e.g., ROM, EPROM, EEPROM, nonvolatile memory (NANDFLASH), Solid State Disk (SSD)), etc.
In an exemplary embodiment, there is also provided a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the ciphertext domain invertible information hiding method when executing the computer program. The processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc.

Claims (10)

1. A ciphertext domain reversible information hiding method is characterized by comprising the following steps:
(1) preprocessing and encrypting a plaintext to obtain a ciphertext;
(2) embedding the encrypted primary additional information into the ciphertext to obtain a first ciphertext;
(3) embedding cipher text LSB information based on key replacement into the first cipher text for the second time to finally obtain the cipher text; cipher text LSB information based on key replacement is data obtained by encrypting secondary extra information;
(4) the following three treatments are performed on the secret carrying text:
the first method is LSB extraction, and secondary embedded secondary extra information is extracted;
secondly, extracting the information of the ciphertext domain and recovering the carrier to obtain the original plaintext and primary additional information which is embedded once;
and the third method is plaintext domain information extraction and carrier recovery to obtain the original plaintext and primary embedded additional information.
2. The reversible information hiding method in ciphertext domain according to claim 1, wherein in the step (1), the plaintext is an image, and the preprocessing step is:
1.1, in order to sort the images to obtain the sorted images as I ', dividing I' into non-overlapping pixel pairs (X, Y), wherein X is more than or equal to 0, and Y is less than or equal to 255;
1.2, calculating a difference value h and a mean value l of the pixels, wherein the difference value h is a difference value of X and Y;
l is the mean value of X and Y and is rounded;
1.3, performing anti-overflow constraint and fidelity constraint on the pixel pair to obtain the pixel pair meeting the constraint condition;
conditions of anti-overflow constraint: the difference h satisfies the constraints of equations (1) - (2);
|h|≤min(2(255-l),2l+1) (1)
|2·h+bs|≤min(2(255-l),2l+1)(bs=0,1) (2)
the fidelity constraint is specifically: setting a threshold h for the difference of a pixel pairfidAnd constraining the value range of the difference value to satisfy the formula (3):
h≤hfid (3)。
3. the ciphertext domain reversible information hiding method according to claim 2, wherein in the step (1), the encrypting specifically comprises: respective ratio to (h, l)Bit-by-bit encryption is carried out to obtain encrypted ciphertext
Figure FDA0002659770170000021
And
Figure FDA0002659770170000022
wherein the content of the first and second substances,
Figure FDA0002659770170000023
a new public key is used for each encryption.
4. The ciphertext domain reversible information hiding method according to claim 1, wherein the step (2) comprises the steps of:
2.1, left-shifting the ciphertext sequence by one unit, using the spare position ctemp0Is filled in, wherein ctemp0Enc (0), and then derive the ciphertext of the extended difference h:
Figure FDA0002659770170000024
2.2, additional information bsEncrypting to obtain encrypted additional information CbsMixing C withbsSubstitution ctemp0To obtain the ciphertext of the difference h' after the DE is embedded
Figure FDA0002659770170000025
I.e., the first secret carrying cipher text.
5. The ciphertext domain reversible information hiding method according to claim 1, wherein the step (3) specifically comprises the following steps:
3.1, additional information bsCarrying out XOR encryption with the hidden key k to obtain a sequence b to be embeddedrAs in equation (4):
Figure FDA0002659770170000026
wherein b isr∈brCarrying the ciphertext vector in the ciphertext
Figure FDA0002659770170000027
Is marked as cLH1The LSB of the element is replaced by bit br
3.2 if br=LSB(cLH1) Then maintain
Figure FDA0002659770170000028
The change is not changed; if b isr≠LSB(cLH1) Then pair
Figure FDA0002659770170000029
Performing a key replacement refresh until LSB (c)LH1)=brAnd obtaining the embedded secret carrying text:
Figure FDA00026597701700000210
and
Figure FDA00026597701700000211
Figure FDA00026597701700000212
6. the reversible information hiding method in ciphertext domain according to claim 1, wherein in the step (4), the ciphertext domain information extraction and the carrier recovery comprise ciphertext domain DE recovery and ciphertext domain DE extraction;
and the ciphertext domain DE is used for recovering a recovered ciphertext from the ciphertext carrying text, the recovered ciphertext is decrypted by using a private key to obtain an original difference value h and an average value l, and the original difference value h and the average value l are substituted into the formulas (5) to (6) to recover an original pixel pair (X, Y):
Figure FDA0002659770170000031
Figure FDA0002659770170000032
the difference h is the difference between X and Y, and l is the mean value of X and Y;
the extraction of the ciphertext domain DE specifically comprises the following steps: extracting extra information b using hidden key ksAs shown in formulas (7) to (8):
br=LSB(cLH1) (7)
Figure FDA0002659770170000033
7. the reversible information hiding method in ciphertext domain according to claim 1, wherein the plaintext domain information extraction and the carrier recovery specifically comprise: decrypting the secret carrying text by using a private key s to obtain secret carrying plaintext h' and l;
extracting additional information from h';
recovering the difference h according to the h',
Figure FDA0002659770170000034
substituting h and l into the following formula to calculate a pixel pair (X, Y);
Figure FDA0002659770170000035
Figure FDA0002659770170000036
the difference h is the difference between X and Y; l is the mean of X and Y.
8. A ciphertext domain reversible information hiding system is characterized by comprising an encryption module, a management module and a decryption module; the management module comprises an embedding module, an LSB extraction module and a ciphertext domain information extraction and carrier recovery module; the decryption module comprises a plaintext domain information extraction and carrier recovery module and a ciphertext domain decryption module; the encryption module and the decryption module are used by a user side, and the management module is used by a service side;
the encryption module is used for preprocessing and encrypting the plaintext to obtain a ciphertext;
the embedding module is used for embedding the extra information twice into the ciphertext provided by the encryption module to obtain a ciphertext;
the LSB extraction module is used for carrying out LSB extraction on the secret carrying text and extracting secondary embedded additional information;
the ciphertext domain information extraction and carrier recovery module is used for performing ciphertext domain DE recovery and ciphertext domain DE extraction on the ciphertext carrying text, recovering the ciphertext through the ciphertext domain DE to obtain a recovered ciphertext, and extracting the extra information ciphertext through the ciphertext domain DE;
the plaintext domain information extraction and carrier recovery module is used for decrypting the secret-carrying text processed by the embedding module to obtain a secret-carrying plaintext, then recovering the secret-carrying plaintext through DE to obtain an original plaintext, and simultaneously extracting through DE to obtain additional information embedded for the first time;
and the ciphertext domain decryption module is used for decrypting the recovered ciphertext and the extra information ciphertext obtained by the ciphertext domain information extraction and carrier recovery module processing to obtain the original plaintext and the extra information embedded for the first time.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
CN202010900949.2A 2020-08-31 2020-08-31 Ciphertext domain reversible information hiding method and software and hardware application system Pending CN112054900A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010900949.2A CN112054900A (en) 2020-08-31 2020-08-31 Ciphertext domain reversible information hiding method and software and hardware application system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010900949.2A CN112054900A (en) 2020-08-31 2020-08-31 Ciphertext domain reversible information hiding method and software and hardware application system

Publications (1)

Publication Number Publication Date
CN112054900A true CN112054900A (en) 2020-12-08

Family

ID=73608106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010900949.2A Pending CN112054900A (en) 2020-08-31 2020-08-31 Ciphertext domain reversible information hiding method and software and hardware application system

Country Status (1)

Country Link
CN (1) CN112054900A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113190807A (en) * 2021-05-31 2021-07-30 中国人民武装警察部队工程大学 Ciphertext domain reversible information hiding method based on image secret sharing
CN114756880A (en) * 2022-04-14 2022-07-15 电子科技大学 Information hiding method and system based on FPGA
CN115225320A (en) * 2022-06-10 2022-10-21 北卡科技有限公司 Data transmission encryption and decryption method
CN115242414A (en) * 2021-04-15 2022-10-25 华晨宝马汽车有限公司 Steganography method, system, medium, and program based on industrial real-time data

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105634732A (en) * 2016-01-21 2016-06-01 中国人民武装警察部队工程大学 Ciphertext domain multi-bit reversible information hiding method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105634732A (en) * 2016-01-21 2016-06-01 中国人民武装警察部队工程大学 Ciphertext domain multi-bit reversible information hiding method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YAN KE等: "Fully Homomorphic Encryption Encapsulated Difference Expansion for Reversible Data Hiding in Encrypted Domain", 《IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS FOR VIDEO TECHNOLOGY》 *
孔咏骏等: "基于低有效位数值排序的密文域 可逆信息隐藏", 科学技术与工 程 *
***等: ":基于排序码分多址的密文域可逆信息隐藏", 科学技术与工程 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242414A (en) * 2021-04-15 2022-10-25 华晨宝马汽车有限公司 Steganography method, system, medium, and program based on industrial real-time data
CN113190807A (en) * 2021-05-31 2021-07-30 中国人民武装警察部队工程大学 Ciphertext domain reversible information hiding method based on image secret sharing
CN113190807B (en) * 2021-05-31 2023-05-12 中国人民武装警察部队工程大学 Ciphertext domain reversible information hiding method based on image secret sharing
CN114756880A (en) * 2022-04-14 2022-07-15 电子科技大学 Information hiding method and system based on FPGA
CN114756880B (en) * 2022-04-14 2023-03-14 电子科技大学 Information hiding method and system based on FPGA
CN115225320A (en) * 2022-06-10 2022-10-21 北卡科技有限公司 Data transmission encryption and decryption method
CN115225320B (en) * 2022-06-10 2023-06-09 北卡科技有限公司 Encryption and decryption method for data transmission

Similar Documents

Publication Publication Date Title
Xiao et al. Separable reversible data hiding in encrypted image based on pixel value ordering and additive homomorphism
CN112054900A (en) Ciphertext domain reversible information hiding method and software and hardware application system
Al-Haj Providing integrity, authenticity, and confidentiality for header and pixel data of DICOM images
CN109800585B (en) Image interpolation space completely reversible separable ciphertext domain information hiding algorithm
CN107392970B (en) Digital image encryption method based on bit plane and high-dimensional chaotic system
CN105634732A (en) Ciphertext domain multi-bit reversible information hiding method
Pavithra et al. A survey on the techniques of medical image encryption
CN104881838B (en) One kind is based on GF (23) (K, N) significant point deposited without expansion image and reconstructing method
Yan et al. Robust secret image sharing resistant to noise in shares
CN112040086A (en) Image encryption and decryption method and device, equipment and readable storage medium
Ahmed et al. A secure image steganography using LSB and double XOR operations
CN112635009A (en) Medical data encryption method based on block chain
Al-Haj et al. An efficient watermarking algorithm for medical images
Xiong et al. Reversible data hiding in shared images based on syndrome decoding and homomorphism
Vinoth Kumar et al. Encrypted separable reversible watermarking with authentication and error correction
Cao et al. Low-complexity reversible data hiding in encrypted image via MSB hierarchical coding and LSB compression
Wu et al. A novel image encryption scheme with adaptive Fourier decomposition
Navamani et al. Secure transmission of DICOM images by comparing different cryptographic algorithms
CN112614557A (en) Electronic medical record encryption archiving method
Fathimal et al. K out of N secret sharing scheme with steganography and authentication
Liu et al. Reversible data hiding in encrypted images based on bit-plane rearrangement and Huffman coding
Ramadhan et al. Data security using low bit encoding algorithm and rsa algorithm
Yadav et al. A hybrid approach to metamorphic cryptography using KIMLA and DNA concept
Xiong et al. Reversible Data Hiding in Shared Images With Separate Cover Image Reconstruction and Secret Extraction
Rajput et al. An improved cryptographic technique to encrypt images using extended hill cipher

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201208

RJ01 Rejection of invention patent application after publication