Homomorphic encryption can protect user’s privacy when operating on user’s data in cloud computing. But it is not practical for wide using as the data and services types in cloud computing are diverse. Among these data types, digital image is an important personal data for users. There are also many image processing services in cloud computing. To protect user’s privacy in these services, this paper proposed a scheme using homomorphic encryption in image processing. Firstly, a secret key homomorphic encryption (IGHE) was constructed for encrypting image. IGHE can operate on encrypted floating numbers efficiently to adapt to the image processing service. Then, by translating the traditional image processing methods into the operations on encrypted pixels, the encrypted image can be processed homomorphically. That is, service can process the encrypted image directly, and the result after decryption is the same as processing the plain image. To illustrate our scheme, three common image processing instances were given in this paper. The experiments show that our scheme is secure, correct, and efficient enough to be used in practical image processing applications.
Along with the arrival of the cloud computing fever, there emerge a lot of service outsourcing applications based on cloud computing platform (such as SaaS). Users who request the service just need to upload their data to the service and wait for the result. This brings users great benefits, but also the risk of privacy disclosure, because the service provider (SP) can access users’ plain sensitive information arbitrarily. To balance the privacy with usability of data in cloud computing, many computable encryption technologies are proposed, such as homomorphic encryptions [
“Enc” represents the encryption process, and “Dec” represents the decryption process. For a function
According to (
Homomorphic encryption seems a good way to protect privacy in service outsourcing applications, especially when handling the integer data type. But as the data types in cloud computing are diverse, how to use homomorphic encryption in other types is still a challenging problem. For example, with the popularization of photograph equipment, a large amount of digital images are generated every day. It has become one of the most popular forms of personal data for users. Consequently, the online image processing services are widely used for users to edit their images. But the image may also contain privacy that the user does not want SP to see. To protect the privacy in this data type, we proposed a scheme using homomorphic encryption in image processing services.
In broad terms, image processing includes all kinds of operations on the image. But it is hard to handle the privacy issues in all kinds of image processing using one scheme. So in this paper, the image processing mainly refers to the processes based on pixels. That is, the new color of pixel is computed according to the old ones. The operations on plain pixels can be seen as a function
Unfortunately, there are no appropriate homomorphic encryptions which can be used in image encryption yet. UnpaddedRSA [
Through the above analysis, we need an efficient homomorphic encryption which can support both addition and multiplication operations on floating numbers. Then we can use it to encrypt the image and process the encrypted image directly. It seems that no existing work has ever proposed any solution for this problem. Our contributions are as follows:
We propose an encrypted image processing model based on homomorphic encryption.
We improve Gentry’s homomorphic encryption to propose an efficient secret key homomorphic encryption which can support addition and multiplication operations on floating numbers (IGHE).
We use IGHE in image encryption and give the instances of processing encrypted image.
The rest of this paper is organized as follows. Section
First of all, we construct an encrypted image processing model based on homomorphic encryption; see Figure
The encrypted image processing model.
Image processing service model
Encrypted image processing service model
Figure
To realize the model, constructing an efficient homomorphic cryptosystem which supports both addition and multiplication operations on floating numbers is the key problem. We will discuss this in the next section. For clear description, the important notations used in this paper are summarized in Notations.
Gentry denoted his initial scheme as
Gentry proved that scheme
But
Our simplified scheme is denoted as
For any
Besides, there is an algorithm denoted as Eval which operates on ciphertext.
Now let us consider the correctness of
For
In
That is,
The security of
Fix
Suppose that there is an algorithm
The challenger sends
If
If
Overall,
The ICP asks one to decide whether
When
For
This scheme is denoted as
For an integer
Obviously
As
Above all, we have
Now we need to expand the plaintext space into floats. To encrypt a floating number
If
See the proof in Appendix
Finally, our homomorphic encryption (IGHE) is described as follows.
According to Lemmas
We have proved that
So far, we have introduced our homomorphic encryption IGHE which is simplified and improved from Gentry’s homomorphic encryption. The differences between IGHE and Gentry’s scheme are as follows:
IGHE is a symmetric encryption, while Gentry is a public key encryption. The purpose of public key is for service to use the public key to operate on the encrypted data. We omitted the public key encryption part, because we have another way to let service operate on the encrypted data without using key (see Section
Gentry’s scheme is universal and fully homomorphic; it takes each bit as the plaintext. As the image processing can also be presented as a batch of operations of bit, theoretically the scheme can be used for encrypted image processing. But considering the complexity, it is hard to implement. While our scheme takes the byte as plaintext, and, after inducing the homomorphic addition and multiplication operations on floats, we can easily realize the encryption image processing.
The values of colors are less than 256, and it usually has only one multiplication in image processing. By choosing an appropriate value of
An image with
For a given image, there are
In decryption algorithm, each
As the color must be an integer in
We concentrate on the processing method which is based on addition and multiplication operations on the pixels. In these processes, the new color
As shown in Figure
In the image processing, we may like to change the color of the image, add a watermark (or photo frame) on the image, or change the size of the image. To illustrate our scheme, we use these three common kinds of image processing as instances.
The original color transformation is based on the color matrix [
In the instance, DO wants to change the color of his image, such as grayness and binarization. But he does not know the value of
DO uploads the ciphertext
As SP knows
Give two images
In one instance, IO gives SP two encrypted images
In another instance, IO gives SP one encrypted image
As SP knows
Image scaling is also common image processing. Here we discuss the quadratic linear interpolation method. The size of original image
In the instance, IO asks SP to scale the encrypted image
We run some experiments to test the performance of our scheme. All the experiments are carried out on a computer equipped with two processors, each with 3.1 GHz clock speed, and the computer has 4 GB RAM.
Now we analyze the statistical security of the encrypted image.
In our scheme, the ciphertext
The histogram of the original and encrypted image.
The original image
Histogram of the original image
The encrypted image (partly)
Histogram of the encrypted image
Figure
We do the same type of processing both on the original image
If
As the floating numbers are accurate to
We fix
The correctness with different value of

Error rate (%)  Max. error  Average error  

None  CT  Add.  Scal.  CT  Add.  Scal.  CT  Add.  Scal.  
1  0  28.1  99.3  54.4  17  13  26  2.34  5.46  5.45 
2  0  15.5  0  37.6  3  0  3  0.26  0  0.54 
3  0  0  0  8.4  0  0  1  0  0  0.08 
4  0  0  0  0  0  0  0  0  0  0 
In Table
In “Add.”, the transparency is a number with two decimals, so when
Figure
The result of
No processing
Color Trans. (grayness)
Color Trans. (randomly)
Image addition
The two images in each figure look the same. According to Table
Above all, the image can be processed in encrypted form. After decryption, user will get the same image as processing directly on plain image. Thus, our scheme is correct.
Figure
The runtime of IGHE and Gentry’s scheme.
We can see, when, in the same value of
Encryption and decryption will cost extra running time. Besides, processing encrypted image is slower than processing plain image. We test the efficiency of ImgEnc, ImgDec, and the three encrypted image processing algorithms (CT, Add., and Scal.). We choose different values of
The running time of each algorithm.
From Figure
After encryption, the size of encrypted image is enlarged. By setting different value of
The size of key and image in different value of

Key (byte)  Width (pixel)  Height (pixel)  .PNG (Kb) 

Plain  —  256  256  192 
8  128  768  2048  6K 
16  256  768  4096  12K 
32  512  768  8192  24K 
As described in Section
Figure
Runtime of CT and encrypted picture size with different original picture size.
For
In this paper, we improve Gentry’s homomorphic encryption to propose an efficient, simplified secret key homomorphic encryption (IGHE). We use it in the image encryption, so that the image can be processed in encrypted form to protect the privacy. Any image processing that consists of addition and multiplication operations on single pixel can be translated into the encryptedformed process. We give the color transformation, image addition, and image scaling as the examples.
By using our scheme, the image can be processed in the server in encrypted form; after decryption in client, user can get the correct processed image that is the same as processing the plain image. So our scheme can protect privacy in online image processing. Our scheme is secure, but it enlarges the running time of process and the space for storing encrypted image. So our scheme is not proper for processing large size of image yet.
As the value of color is less than 256, when translating into vector, most elements of the vector are zero. To use these elements, we will research on translating batch colors in one vector to decrease the running time and the size of encrypted image.
Suppose
Thus,
We fix
Then,
Suppose
We have
And
Then,
Besides,
Suppose
As
Thus,
Furthermore, as
The commutative ring
The bold lowercase letter represents the element of
The ideal lattice in
The circulant matrix generated by
The multiplication in ring
The value of
The modular addition operations.
The authors declare that they have no conflicts of interest.
This work was supported in part by NSFC under Grant no. 61472316, Research Fund for the Doctoral Program of Higher Education of China under Grant no. 20120201110013, Scientific and Technological Project in Shaanxi Province under Grants no. 2016ZDJC05 and no. 2014JQ8322, Basic Science Research Fund in Xi’an Jiaotong University (no. XJJ2014049 and no. XKJC2014008), and Shaanxi Science and Technology Innovation Project (2013SZS16Z01/P01/K01).