Noninteractive Lightweight Privacy-Preserving Auditing on Images in Mobile Crowdsourcing Networks

. To determine whether images on the crowdsourcing server meet the mobile user’s requirement, an auditing protocol is desired to check these images. However, before paying for images, the mobile user typically cannot download them for checking. Moreover, since mobiles are usually low-power devices and the crowdsourcing server has to handle a large number of mobile users, the auditing protocol should be lightweight. To address the above security and eﬃciency issues, we propose a novel noninteractive lightweight privacy-preserving auditing protocol on images in mobile crowdsourcing networks, called NLPAS. Since NLPAS allows the mobile user to check images on the crowdsourcing server without downloading them, the newly designed protocol can provide privacy protection for these images. At the same time, NLPAS uses the binary convolutional neural network for extracting features from images and designs a novel privacy-preserving Hamming distance computation algorithm for determining whether these images on the crowdsourcing server meet the mobile user’s requirement. Since these two techniques are both lightweight, NLPAS can audit images on the crowdsourcing server in a privacy-preserving manner while still enjoying high eﬃciency. Experimental results show that NLPAS is feasible for real-world applications.


Introduction
Recently, mobile crowdsourcing systems have been widely deployed all over the world, which collect and process data through widely available mobile devices [1]. As discussed in [2], since data typically originate from third parties, falsified data may be reported to the crowdsourcing server. erefore, to ensure data trust, it is important to check whether the data collected by workers meet the mobile user's requirement before using it [2]. We call this sort of protocol the auditing protocol. At the same time, to avoid economic loss, mobile users may not be allowed to download images before paying for them. erefore, to check images before downloading them, the auditing protocol should have the noninteractive feature. Moreover, as shown in [2], data uploaded by participants may contain their private and sensitive information.
erefore, the auditing protocol should have the privacy-preserving feature. Finally, due to limited resources of mobile users, the auditing protocol should be quite efficient. erefore, a noninteractive lightweight privacy-preserving auditing scheme is needed for the mobile user to check images before downloading them.
Regardless of the technology implemented, a typical "noninteractive lightweight privacy-preserving auditing system (NLPAS)" includes three entities: the "crowdsourcing server (CS)" which stores images, the "mobile user (MU)" who audits images stored on the crowdsourcing server before downloading them, and the worker who collects images and uploads them to the CS. In practice, these entities are involved in two processes (i.e., the uploading process and the auditing process). During the uploading process, the worker collects images and uploads them to the CS. During the auditing process, the MU audits images stored on the CS and then determines whether to download them. Security has vital significance for NLPAS. To avoid economic loss, the CS is not willing to transport images to the MU before the latter pays for them. On the other hand, the MU is not willing to pay for images before he/she can make sure that these images really meet the requirement. To handle this dilemma, it is reasonable to design a privacypreserving auditing protocol, which allows the MU to check whether these images meet the requirement before downloading them. Unfortunately, the current security protocols for crowdsourcing systems (i.e., ) only consider how the CS checks images uploaded by workers. is leads to two issues. First, to earn more money, the CS is not willing to check images and provide true information to the MU. Second, the requirements of multiple MUs may vary, and the CS may not know them. For example, one MU may be interested in the hill in the image, while another MU may be interested in the lion in the image. In this case, it is impossible for the CS to know the requirements of multiple MUs. So, to make sure the images on the CS meet the requirements of the MU, it is desired to design a privacypreserving auditing protocol for mobile crowdsourcing systems.
Efficiency is another serious concern for NLPAS. Due to limited resources of mobile devices, the MU is seriously concerned about the high computation cost arising from running the auditing protocol. At the same time, the CS will have to handle a lot of auditing requests from multiple MUs, and it is seriously concerned about the computation cost too. So, the newly designed auditing protocol should be lightweight. Taking both security and efficiency into account, we aim to design a noninteractive privacy-preserving lightweight auditing protocol on images in the mobile crowdsourcing system, which extracts features from images and then determines whether these features meet the MU's requirement. An auditing protocol for the mobile crowdsourcing system should fulfill the following requirements: (1) Privacy Preserving. When auditing images on the CS, the MU must be ensured that his/her requirement is not leaked to the CS or a third-party adversary. Otherwise, the CS may forge wrong information to pass the auditing, resulting in economic loss of the MU. At the same time, the CS must be ensured that the features of images are not leaked to the MU or a third-party adversary too. Otherwise, it will result in economic loss of the CS.  Obviously, designing an auditing protocol for NLPAS is a nontrivial task, as the MU has to determine whether the images stored on the CS meet the requirement without downloading them. Recently, security protocols for mobile crowdsourcing systems have focused on image-checking techniques run by the CS. However, there is no protocol considering the image-checking technique established by the MU. Moreover, when focusing on this topic, we notice that there is no security scheme which can be directly used for satisfying all the above requirements. We will present the detailed analysis for arriving at this conclusion in the next section. is becomes a more serious issue, since more and more mobile crowdsourcing systems are being deployed. Motivated by this observation, in this paper, we mainly make three contributions: (1) We present a comprehensive set of requirements for auditing protocols in mobile crowdsourcing systems and show some security and efficiency problems of current data checking protocols in mobile crowdsourcing systems.
(2) We propose a novel auditing protocol called NLPAS, which can check whether the images stored on the CS meet the MU's requirement. However, different from current data checking protocols for mobile crowdsourcing systems, NLPAS allows the MU instead of the CS to check images in a privacy-preserving manner. By doing so, the MU can determine whether the images meet the requirement before paying for them. At the same time, the CS can make sure that those images will not be leaked. To fulfill all these requirements, we will first introduce the "binary convolutional neural network (BCNN)" technique [41] to the newly designed auditing protocol for extracting features of images, and then we will design a novel privacy-preserving Hamming distance computation [42] technique for determining whether the images meet the MU's requirements. Since these two techniques are quite lightweight, the computation cost of NLPAS can be reduced significantly.
(3) We analyze the security of NLPAS, showing it satisfies requirements (1), (2), and (3) in Section 1. And, we evaluate the efficiency of NLPAS, showing it satisfies requirements (4) and (5) in Section 1. We organize the remainder of this paper as follows. First, we investigate the related work in Section 2. Second, we describe the NLPAS protocol in Section 3, followed by security analysis and efficiency evaluation in Sections 4 and 5, respectively. Finally, in Section 6, we draw our conclusions.

Data Trust.
Data trust is an essential security problem in mobile crowdsourcing systems. Due to openness, workers in mobile crowdsourcing systems may have different security abilities, resulting in low data trust [3]. Recently, a lot of papers have been published, focusing on data trust in crowdsourcing systems, as illustrated below.

Voting-Based Data Checking.
is sort of scheme takes observed results with the most observers as the true data [4][5][6]. For example, in [4], the authors allowed a number of observers to report their evaluation results on data and took the one as true data if most of the evaluation results were positive. Similarly, the authors in [5] aimed to find conflicts of data obtained from multiple workers, which could be seen as a variation of the voting-based data checking scheme.

Context Information-Based Data Checking.
is sort of scheme uses context information such as location information to determine whether the data are true or not. For example, in [7], the authors required workers to upload location information together with data, while the CS used location information to determine whether the data were true or not. Similarly, the authors in [8,9] used the worker's trajectory for determining whether the data were true or not.

Statistics-Based Data Checking.
is sort of scheme [10][11][12][13] uses statistic methods for evaluating whether the data are true or not. For example, the authors in [10] used maximum likelihood estimation for checking data. And, the authors in [11] used maximum a posteriori (MAP) estimation for determining whether the data were true or not.

Gold Data Set-Based Data Checking.
is sort of scheme uses a gold data set for checking data uploaded by workers [14,15]. For example, in [15], the authors assigned fully trusted workers with a gold data set for checking data uploaded from other workers.

Data Redundancy Checking.
is sort of scheme aims to address data redundancy issues [16,17]. For example, in [16], the authors designed a scheme to find redundancy data from multiple workers and used redundancy data for estimating missing values.
From the above analysis, it can be seen that the existing schemes mainly focus on data checking performed by the CS and workers. And, they mainly consider whether the data are correct. However, existing schemes did not allow the mobile users to check data before downloading it. Moreover, existing schemes only focus on the correctness of data and do not consider whether the data match the MU's requirement since requirements from multiple mobile users may vary. is leads to a serious issue: e mobile user may waste money on nonmatched data. erefore, an auditing scheme performed by the MU before data downloading is desired.

Data Privacy.
Data privacy is another important problem in mobile crowdsourcing systems. First, if the data uploaded by workers are leaked, the CS and workers may lose money. More importantly, if the leaked data contain privacy of workers, the adversary may cause them harm. Second, if the data of mobile users are leaked, the adversary may deduce valuable information about mobile users [3]. erefore, data privacy is a serious concern in crowdsourcing systems. Papers about data privacy in mobile crowdsourcing systems are illustrated below.

Encryption.
is sort of scheme aims to encrypt data before uploading them [18][19][20][21]. For example, in [18], a homomorphic identity-based encryption algorithm was designed for protecting data uploaded by workers.

Differential Privacy.
is sort of scheme adds perturbation to data [22][23][24][25]. For example, in [25], the authors added random perturbation to data uploaded by workers.

Personal Information Privacy.
is sort of scheme aims to protect personal information of workers and mobile users [32][33][34][35]. For example, in [35], the authors defined multiple privacy level of personal information.
Recently, several new techniques such as blockchain and fog computing have been introduced to mobile crowdsourcing networks [36][37][38][39][40]. For example, in [36], the authors used blockchain for user authorization. And, in [38], the authors used fog computing for data aggregation and task allocation. Finally, the features of existing schemes are listed in Table 1.
From Table 1, it can be seen that the existing schemes can provide data trust and privacy protection in various ways. However, most schemes only consider one feature, either data trust or privacy preserving. And, no scheme provides both features. Moreover, all existing schemes do not support the noninteractive feature. is leads to a dilemma: on the one hand, to provide privacy protection, the MU cannot get data before paying for it; on the other hand, the MU has to check data before paying for it, to determine whether the data meet the requirement.
Furthermore, for images, this dilemma becomes more serious since the data volume of images is much larger than that of traditional texts. To handle this dilemma, it is desired to design a noninteractive lightweight privacy-preserving auditing protocol on images in mobile crowdsourcing networks, which allows the MU to efficiently determine whether the images meet the requirements without knowing anything about these images. Security and Communication Networks 3

Binary Convolutional Neural Networks.
A convolutional neural network [41] is a kind of neural networks whose forward propagation operation can be expressed as where Y is the output tensor of the operation, f(·) is a nonlinear function, W and X are the weight tensor and the activation tensor generated by the previous neural network layer, and ⊗ is the convolution operation. A binary convolutional neural network is a kind of convolutional neural networks, whose weights w ∈ W and activations x ∈ X are 1 bit instead of the floating point. And, the forward propagation operation can be expressed as , where m and n are integers, and each b W ∈ B W is computed from the corresponding w ∈ W as follows: Similarly, each b X ∈ B X is computed from the corresponding x ∈ X as follows: For bitwise b W and b X , the B W ⊗ B X operation can be efficiently computed using the XNOR-bitcount algorithm defined in [43].
Moreover, since the sgn function is not differentiable during backward propagation, Bengio et al. used the clip function instead of sgn as follows: clip(·) � max(− 1, min(1, ·)) [44]. By using the clip function, the binary convolutional neural network can use the same gradient descent algorithm as that of traditional neural networks to update parameters during training.
Given two n-bit binary vectors a ⇀ � a 1 , a 2 , · · · , a n and b e above definition shows that the Hamming distance is the total number of different bits between a ⇀ and b ⇀ . In other words, to compute the Hamming distance, we need to count the different bits between a ⇀ and b ⇀ .

System
Model. e main purpose of NLPAS is to determine whether the image on the CS meets the requirement of the MU in a privacy-preserving manner.
e main idea of NLPAS can be divided into two parts, namely, the feature extracting part and the Hamming distance computation part. For the feature extracting part, the MU first defines a binary convolutional neural network and trains it using a data set according to the user's requirement. en, the MU extracts a binary vector (a ⇀ ) from a template image using this binary convolutional neural network, which is used as the requirement feature. Finally, the MU sends the trained binary convolutional neural network to the CS, and the latter extracts a binary vector (b ⇀ ) from the image to be audited using this trained network, which is used as the auditing feature. Since the binary convolutional neural network is quite lightweight, NLPAS can achieve high efficiency.
For the Hamming distance computation part, the MU and the CS hide the two input vectors (a ⇀ and b ⇀ ) in a carrier number, respectively. And then, all operations for counting different bits between these two vectors are based on five basic mathematical operations, namely, addition, subtraction, multiplication, division, and modulo operations. Since these five basic mathematical operations are quite lightweight, our scheme can achieve high efficiency.
Based on the feature extracting and Hamming distance computation techniques, the MU compares the Hamming distance of a ⇀ and b ⇀ with a threshold to determine whether the interested image on the CS meets the requirement.
e system model of NLPAS is shown in Figure 1, which includes three phases as described below. And, the notations are listed in Table 2.
SK A , PK A ⟵Init(n, l). is algorithm is run by the MU for generating system parameters for NLPAS. It takes as input the length of input vectors (i.e., n) and the security strength of NLPAS (i.e., l-bit) and outputs the set of private and public cryptographic parameters (i.e., SK A and PK A ).
The initialization phase The hiding phase The extracting phase PK A , mode  Public parameters of NLPAS a ⇀ � a 1 , · · · , a i , · · · , a n Feature vector of the MU b ⇀ � b 1 , · · · , b i , · · · , b n Feature vector of the CS n Length of the two binary vectors a ⇀ and b ⇀ l Security strength of NLPAS cipher A � C, D { } Ciphertexts generated by the MU C � c 1 , c 2 , · · · , c n e first set of random numbers that a ⇀ is hidden in D � d 1 , d 2 , · · · , d n e second set of random numbers that a ⇀ is hidden in Hamming distance of a ⇀ and b ⇀ e i , i � 1, 2, · · · , n e first set of random numbers that d(a is hidden in f i , i � 1, 2, · · · , n e second set of random numbers that d(a Prime number used as a carrier P � p 1 , p 2 , · · · , p n e first set of random numbers for hiding g Q � q 1 , q 2 , · · · , q n e second set of random numbers for hiding g S � s 1 , s 2 , · · · , s n e third set of random numbers for hiding g T � t 1 , t 2 , · · · , t n e fourth set of random numbers for hiding g V � v i � p i + q i g, i � 1, 2, · · · , n e first set of bases for hiding vectors cipher is algorithm is run by the CS for injecting the binary vector b ⇀ into cipher A. It takes as inputs the CS's binary vector (i.e., b ⇀ ), the MU's ciphertext (i.e., cipher A), and the MU's public parameter (i.e., PK A ) and outputs the updated ciphertext (i.e., cipher B).
After the hiding phase, the MU gets cipher B, and the Hamming distance of a ⇀ and b ⇀ is hidden in cipher B for being extracted in the following extracting phase.

3.2.3.
e Extracting Phase. After receiving the updated ciphertext (i.e., cipher B) from the CS, the MU extracts the Hamming distance from cipher B using the Extra algorithm, which is described below. In the above system model, the MU's vector a ⇀ is hidden in cipher A using the Hiding A algorithm, which cannot be known by the CS. At the same time, the CS's vector b ⇀ is hidden in cipher B using the Injecting B algorithm, which cannot be known by the MU. erefore, NLPAS can achieve the privacy-preserving goal described in Section 1.
In the above system model, the CS's vector b ⇀ is hidden in cipher B using the Injecting B algorithm, which cannot be known by the MU. erefore, the MU only knows the Hamming distance between a ⇀ and b ⇀ and does not know b ⇀ and the corresponding interested image. erefore, NLPAS can achieve the content privacy goal described in Section 1. (Init, Hiding A, Injecting B, Extra) of probabilistic polynomial time algorithms as shown in Figure 2, and the details are defined below. SK A , PK A ⟵Init(n, l). e MU runs this algorithm for generating system parameters for NLPAS as follows. First, the MU generates a l-bit prime number w for counting different bits. Second, the MU generates a large prime number g with the length 2l + 2 + log 2 n as the carrier of NLPAS.
cipher A ⟵Hiding A(a ⇀ , SK A , PK A ). e MU runs this algorithm for hiding the binary vector a ⇀ � a 1 , · · · , a i , · · · , a n into a ciphertext as follows. e MU en, the MU gets e MU runs this algorithm for extracting the Hamming distance from the updated ciphertext (i.e., cipher B) as follows. First, the MU computes J � E mod g and K � Fmodg. Second, the MU computes X � J − (Jmod(w 2 ))/w 2 and Y � K − (Kmod(w 2 ))/w 2 .
ird, the MU computes d(a In the above construction, NLPAS uses only a few simple mathematical operations (i.e., addition, subtraction, multiplication, division, and modulo operations) instead of timeconsuming cryptographic operations such as modular exponentiation. erefore, it enjoys high efficiency. We will further evaluate the efficiency of NLPAS in Section 5.

Security Analysis
In this section, we first show that NLPAS is correct and then analyze the security of NLPAS according to the security requirements described in Section 1 (i.e., privacy preserving, content privacy, and auditing).

Correctness.
In the construction in Section 3.3, we use X for counting the bits where a i � 1 and b i � 0. Similarly, we use Y for counting the bits where a i � 0 and b i � 1.

erefore, the Hamming distance of a
In this section, we shall show that X can really be used for counting the bits where a i � 1 and b i � 0. And, the meaning of Y can be analyzed in a similar way.
We start analyzing the meaning of X from the variable e i as follows. First, according to the Injecting B algorithm, e i can be written as Second, taking the value of c i in the Hiding A algorithm into consideration, e i can be further written as ird, taking the value of v i in the Init algorithm into consideration, e i can be written as Fourth, considering all the four conditions (i.e., Fifth, since the length of w is l-bit, the length of ( (a i �1,b i �0) 1)w 2 should be no more than log 2 n + 2l. Since n i�1 p i < (w − n)/2, the length of ( (a i �1,b i �1) 1 + b i �0 p i )w should be no more than 2l − 1, and the length of (a i �0,b i �1) p i should be no more than l − 1.
erefore, the length of at is to say, Sixth, since the length of ( (a i �1,b i �1) 1 + b i �0 p i )w is no more than 2l − 1 and the length of (a i �0,b i �1) p i is no more than l − 1, the length of ( (a i �1,b i �1) 1 at is to say, The initialization phase The hiding phase The extracting phase Procedure init algorithm Input: vector length (n), security strength (l). Output: public parameter (PK A ), private parameter (SK A ).
Step 1: MU generates two primes w and д.
Step Procedure extra algorithm Input: ciphertext (cipher B), parameters (PK A and SK A ). Output: d(a, b).
Step 1: MU computes J = E mod д and K = F mod д.
Step 3: MU computes d (a, b) = X + Y. end procedure Extra algorithm Finally, we get is is really the total number of bits where a i � 1 and b i � 0. Similarly, we can learn that Y is the total number of bits where a i � 0 and b i � 1. erefore, the Hamming distance of a ⇀ and b From the above discussion, we can see that the main idea of privacy-preserving Hamming distance computation includes two points. First, we hide the information of a ⇀ and b ⇀ in a big prime g. Second, the different bits (e.g., a i � 1 and b i � 0) are counted in an independent part of E, e.g., ( (a i �1,b i �0) 1)w 2 , which can be extracted using several modulo operations.

Privacy
Preserving. e privacy-preserving requirement is to ensure that the adversary cannot extract a ⇀ or b ⇀ transmitted in the hiding phase. We first consider the privacy-preserving requirement for a ⇀ , where the adversary can be anybody who is able to get cipher A including the CS.
From the Hiding A algorithm defined in Section 3.3, it can be seen that a i ∈ a ⇀ is hidden in c i and d i . Since p i , q i , s i , t i , and g are random numbers known only by the MU, c i and d i are random numbers too.
Moreover, since the length of g is much longer than p i , s i , and w, the lengths of c i and d i are determined by q i g and t i g. Since q i and t i are random numbers, the lengths of c i and d i are randomly determined by q i and t i , regardless of the value of a i (i.e., 0 or 1). erefore, for a i � 1 (i.e., and a j � 0 (i.e., c j � v j � p j + q j g), it may be c i < c j . Similarly, for a i � 1 and a j � 0, it may be d i > d j . at is to say, the set of c i and d i including w may or may not be bigger than the set of c i and d i without w. So, the adversary cannot get the value of a i from c i and d i by determining that a bigger random c i represents 1, or a smaller random d i represents 1. In other words, without knowing the set of random secrets (p i , q i , s i , t i , g), the adversary can extract a i from c i or d i only with a negligible probability.
Furthermore, if the length of a ⇀ is n, the probability that the adversary can get a ⇀ is (1/2) n .
We then consider the privacy-preserving requirement for b ⇀ , where the adversary can be anybody who is able to get cipher B including the MU.
From the Injecting B algorithm defined in Section 3.3, it can be seen that b i is hidden in E and F using the addition operations. Knowing the result of addition, the adversary can extract b i only with a negligible probability. erefore, the privacy of b ⇀ is ensured by the addition operation. Moreover, assuming the MU is the adversary who wants to extract b Since the MU knows (p i , q i , s i , t i , g, w), these two equations can be treated as two linear equations with n unknown numbers (i.e., (b 1 , · · · , b n )). erefore, when n > 2, there are a number of solutions for them. In addition, for n-bit b ⇀ , the number of solutions is (1/2) n . at is to say, the probability that the MU can extract b ⇀ from cipher B � (E, F) is (1/2) n . From the above discussion, it can be seen that the adversary cannot extract a ⇀ or b ⇀ transmitted in the hiding phase. erefore, NLPAS can achieve the privacy-preserving goal.

Content Privacy.
e content privacy requirement is to ensure that the adversary cannot extract content of the interested image stored on the CS from cipher B. e content of the interested image is included in b ⇀ . Since the adversary cannot extract b ⇀ from cipher B as shown in the previous subsection, the content of the interested image stored on the CS cannot be extracted. erefore, NLPAS can achieve the content privacy goal.

Auditing.
e auditing requirement is to ensure that the MU can determine whether the content in the image stored on the CS meets the MU's requirement. is is ensured by the Hamming distance. If the Hamming distance of a ⇀ and b ⇀ is smaller than the threshold, the MU can determine that the content in the image is the one he/she needs. Otherwise, the content in the image is not needed by the MU. Moreover, the correctness of Hamming distance computation is ensured in Section 4.1.

Efficiency Evaluation
As shown in Section 3, NLPAS includes two parts: feature extracting using the binary convolutional neural network and similarity computation using the privacy-preserving Hamming distance. erefore, we mainly evaluate the computation costs consumed in these two parts. Moreover, for the feature extracting part, we will evaluate the accuracy of the trained model (i.e., mode).

Accuracy.
To provide a benchmark of efficiency evaluation, we used the MNIST data set [45] and LeNet [46] for comparing the accuracy of the binary convolutional neural network with that of the full-precision convolutional neural network.
MNIST [45] is a data set of handwritten digits, which contains a training set of 60,000 examples and a test set of 10,000 examples. And, all examples in the training and test data sets are 28 × 28 binary images.
LeNet [46] is a convolutional neural network with three convolutional layers, two subsampling layers, two full connection layers, an input layer, and an output layer.
For implementation, we used the BMXnet [47], which provided basic binarization operations for convolutional neural networks. After experimentation, we got the results as shown in Table 3.
From Table 3, it can be seen that (1) e accuracy of the binary LeNet is slightly lower than that of the full-precision LeNet. e accuracy reduced by using the binary LeNet is around 0.99 − 0.97/0.99 ≈ 2%.
(2) e model size of the binary LeNet is much lower than that of the full-precision LeNet. e memory saved by binary LeNet is around 4.6 − 0.2/4.6 ≈ 95.7%.
In other words, by using the binary convolutional neural network instead of the traditional full-precision convolutional neural network, the accuracy is only slightly reduced, but the memory is largely saved. erefore, the binary convolutional neural network is quite suitable for the mobile crowdsourcing network, where mobile devices are with limited storage resources. e above evaluation shows that NLPAS fulfills the fifth requirement listed in Section 1 (i.e., the accuracy requirement).

Computation Costs.
e computation cost of NLPAS includes the time cost consumed by the binary LeNet model and those consumed by mathematical operations. To test these time costs, we conducted our experiment on a laptop with an Intel i7-4770hq processor and an ubuntu-18.04 operating system. en, we used OPENSSL [48] as the cryptographic library.
For the binary LeNet, we take the features extracted by the last full-connection layer as the input vectors (i.e., a ⇀ and b ⇀ ). erefore, the vector length is n � 84 [46]. To provide a basic security level, we set l � 256, and the length of g is log 2 n + 2l + 2 � 521. To make sure n i�1 p i < (w − n)/2 and n i�1 s i < (w − n)/2, we set the lengths of p i and s i to be 500 bit. en, we set the lengths of q i and t i to be 683 bit, so that the lengths of v i and u i are around 1024 bit.
After the initial settings, we can count the mathematical operations in the hiding and extracting phases as listed in Table 4. From Table 4, it can be seen that all mathematical operations are run over 1024 bit and 512 bit fields. en, we tested the time costs consumed by these mathematical operations on the above laptop, and the average results of running them for 1,000,000 times are shown in Table 5. From Table 5, it can be seen that the time costs of mathematical operations are at the μs level.
Taking the results in Table 5 into Table 4, we can get the computation costs of algorithms in NLPAS, as shown in Table 6. From Table 6, it can be seen that the computation cost of mathematical operations on the MU (i.e., time costs of Hiding A and Extra) is much lower than that on the CS (i.e., Injecting B). erefore, NLPAS is suitable for mobile crowdsourcing networks, where MU is with limited computation resources. e time costs of the binary LeNet and the full-precision LeNet are shown in Table 7, where the results are average values of running the feature extracting process for 1,000,000 times. From Table 7, it can be seen that the computation cost of feature extracting in NLPAS can be largely reduced by using the binary convolutional neural network instead of the full-precision convolutional neural network. e above evaluation shows that NLPAS fulfills the fourth requirement listed in Section 1 (i.e., the computation cost requirement).

Implementation of NLPAS.
To make sure that NLPAS can work well, we implemented it. In our experimental environment, there were one laptop and one computer. e laptop acts as the MU, and the computer acts as the CS. e result shows that the total running time in the auditing protocol is approximately 0.3 ms. erefore, NLPAS is feasible for being deployed in the real world.

Conclusions
In this paper, we have proposed a noninteractive lightweight privacy-preserving auditing protocol on images in mobile crowdsourcing networks called NLPAS. NLPAS allows the     mobile user to audit images stored on the crowdsourcing server without downloading them. Moreover, to achieve high efficiency, this paper introduced the binary convolutional neural network technique to the newly proposed auditing protocol and designed a novel privacy-preserving Hamming distance computation algorithm using basic mathematical operations. Experimental results show that NLPAS is feasible for real-world applications.
In this paper, we mainly focused on the privacy-preserving issue of the newly designed auditing protocol for mobile crowdsourcing networks. However, several more issues are to be addressed in the future. First, NLPAS does not consider the integrity of transmitted messages. erefore, a new security protocol is needed to prevent these messages from being tampered by adversaries. Second, NLPAS used the binary convolutional neural network for extracting a binary vector from images. However, in many scenarios, feature vectors may be extracted using full-precision neural networks, which are not binarized. erefore, a new technique is needed to convert the full-precision feature vector to a binarized one. To address these issues, future works are needed.

Data Availability
e data used to support the findings of this study are available at http://yann.lecun.com/exdb/mnist/.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.