A Trusted Transaction Method for Remote Sensing Image Data Based on a Homomorphic Encryption Watermark and Blockchain

Abstract

Existing methods for the secure transaction and circulation of remote sensing image data primarily focus on post-event investigation, lacking a reliable mechanism for secure distribution and fair trading of data. To address this issue, this study proposes a trusted transaction method that integrates a watermark based on Paillier homomorphic encryption, blockchain, and smart contract. This method leverages the homomorphic property of the Paillier cryptosystem to imperceptibly embed the ciphertext of the watermark generated from transaction information into encrypted remote sensing image data. The data buyer at the receiving end decrypts the key pair using the private key, thereby decrypting the data to obtain the watermarked plaintext. Simultaneously, transaction records are immutably stored on trusted blockchain nodes via smart contracts. Throughout the entire transaction process, data encryption/decryption and watermark embedding/extraction are symmetric. The experimental results demonstrate that the watermark can be effectively extracted after encryption, thereby supporting transaction verification and traceability. Furthermore, the three smart contracts designed in this study all exhibit strong execution performance. In particular, the smart contract employed for verification demonstrated an average execution latency of only 0.19 s per instance. Through enforcing the retrieval of parameters and storage credentials from the blockchain, the proposed method effectively constrains malicious behavior from both parties, offering a novel technical approach to facilitate consensus and mutual trust.

1. Introduction

In the information age, with the rapid development of cloud computing and the Internet, data elements have become indispensable strategic resources, with their value increasingly recognized. Remote sensing image data, as a representative data resource with broad applications [1], is vulnerable to unauthorized access, tampering, and misuse during circulation. Establishing a secure and trustworthy data transaction and circulation mechanism is essential to fully unlock the value of remote sensing image data [2].

Most existing trustworthy data transaction solutions rely on blockchain technology to design data transaction mechanisms and build corresponding trading platforms [3,4]. Blockchain [5] is a distributed network technology [6]. Leveraging its immutability, it ensures that records of data element circulation cannot be modified or deleted [7]. It has been applied to address challenges such as data sharing, security, and trust [8]. For instance, Li [9] proposed a blockchain-based distributed digital content trading market where individuals can publish, search for, and purchase digital content. Yu [10] proposed a blockchain-based solution for copyright protection and fair image trading. This approach combines location-sensitive hash with searchable symmetric encryption to enable secure image retrieval on the blockchain while ensuring the credibility of the retrieval process. Blockchain technology can further enhance transparency in data distribution and sharing [11,12] and uphold the legitimacy and reliability of transactions [13,14].

However, unlike ordinary digital content, remote sensing imagery data features high resolution and large data volumes [15]. Constrained by node storage capacity limitations, blockchain cannot directly process large-scale, high-dimensional remote sensing imagery data [16]. Additionally, high-precision remote sensing imagery contains sensitive geographic information that cannot be publicly disclosed. If anyone could transparently access its content via blockchain, it would pose severe security risks. Therefore, transaction schemes designed for ordinary digital content cannot be directly applied to remote sensing images. Addressing the need for secure and trustworthy data transactions and circulation for remote sensing images requires establishing a data transaction mechanism featuring off-chain distribution and on-chain evidence storage. While preserving existing off-chain transaction methods, blockchain enables decentralized evidence storage. This provides transaction security protection independent of third parties. The effective application of this on-chain and off-chain collaborative mechanism relies on establishing a strong correlation between off-chain data and on-chain evidence information. This enables ownership verification and liability tracing when infringement occurs.

Digital watermarking offers an effective solution to this problem. It involves embedding copyright, user, timestamp, and other watermark information directly into the original data. It tightly binds the watermark to the content so that it becomes an inseparable part of the data [17]. This technique provides robust technical support for copyright protection by establishing a direct link between the digital data and its copyright information [18,19,20]. The rights confirmation process based on traditional digital watermarking relies on a trusted third party for watermark registration. However, the centralized evidence preservation model is easily constrained by platform boundaries and is vulnerable to collusion and tampering risks. The decentralized nature of blockchain effectively addresses this limitation. Therefore, scholars have successively explored watermark–blockchain fusion schemes [21,22,23]. Storing watermark information on blockchain not only enables permanent on-chain evidence preservation but also facilitates timestamp authentication for digital watermarks [24,25]. For instance, Tong [26] proposed a novel digital watermarking mechanism based on the Ethereum blockchain, smart contracts, and the InterPlanetary File System (IPFS). He employed an enhanced Fast Walsh Hadamard Transform (FWHT) algorithm for watermark embedding and extraction. The proposed scheme aims to address limitations in reliance on third-party platforms by leveraging blockchain’s decentralized nature. Hou [27] proposed a zero-watermarking and blockchain-based remote sensing image transaction certification and copyright protection method using multi-channel pulse-coupled neural networks (PCNNs). He addressed key challenges in trustworthy transactions and copyright protection for remote sensing image data sharing. However, both Tong and Hou did not consider potential issues in real-world transaction scenarios. They did not demonstrate the scheme’s effectiveness against dishonest behavior by either party. Wang [28] proposed a copyright protection method based on digital watermarking and blockchain. He utilized the InterPlanetary File System (IPFS) for storage and distribution. However, anyone possessing the hash code could access data on the IPFS. Additionally, he did not provide a corresponding accountability mechanism, leaving customer rights unaddressed. Deepayan [29] and Chen [30] proposed that sellers construct watermarks stored in distributed systems to achieve copyright protection, eliminating reliance on third-party institutions. This effectively mitigates the risk of collusive tampering. All these approaches explore novel pathways combining digital watermarks with blockchain. However, they merely utilized blockchain as an evidence platform for post-event accountability. They fail to address the leakage or illegal use of non-confidential high-precision remote sensing imagery during off-chain data distribution—specifically, the secure distribution challenge during transactions.

Achieving secure distribution of data off-chain primarily relies on encryption algorithms, which allow data to be distributed in ciphertext form. It can prevent unauthorized access, tampering, theft, and misuse of geographic information [31]. However, the direct integration of digital watermarking and encryption technologies lacks flexibility, potentially damaging encrypted watermarks [32] and increasing the operational burden on data copyright holders. Currently, no existing research has proposed a comprehensive data sharing mechanism that simultaneously integrates digital watermarking, blockchain, and encryption algorithms.

In summary, while existing watermark and blockchain integration schemes provide some level of copyright protection, they lack a credible sharing mechanism for ensuring secure data distribution and fair transactions in practical scenarios. This deficiency hinders the ability to maintain fairness between data copyright holders and purchasers. It also fails to achieve both preemptive protection and post-event accountability.

To address these challenges, this study proposes a trusted transaction model for remote sensing image data that combines the Paillier homomorphic encryption watermark, blockchain, and smart contract. This enables remote sensing image data to be securely transmitted in encrypted form while simultaneously achieving transaction binding and transparent evidence preservation, with the aim of safeguarding fairness and end-to-end security in data transactions. The main contributions are as follows.

We design an identity verification protocol based on blockchain and smart contracts, enabling registration of both parties in the transaction and assigning user key pairs and identity identifiers. Watermark information is generated based on transaction metadata, including the copyright holder’s identity, buyer information, data name, data hash, and timestamp. To address security and fairness in the transaction process, we develop a watermark embedding and data distribution mechanism based on Paillier homomorphic encryption. This approach enables bidirectional binding of transaction and data and enforces the retrieval of relevant parameters from the blockchain to constrain both buyer and seller behavior. By integrating the Ant Open Consortium Chain and IPFS technology, the model ensures the secure deposit of transaction information. Any suspicious data found off-chain can be verified on-chain, allowing for copyright confirmation and traceability of data leaks. The automatic execution of smart contracts guarantees the credibility of the deposit and verification processes.

The remainder of this paper is organized as follows. Section 2 introduces the basic idea of the proposed method. Section 3 details the watermarking algorithm and storage strategy. Section 4 introduces the system model and implementation. Section 5 presents the experimental design and results. Section 6 provides a discussion and comparative analysis. Finally, Section 7 concludes this study.

2. Proposed Method

The core of trusted transactions for remote sensing image data lies in ensuring both fairness in the transaction and the secure distribution of the data. The approach to achieving fair transactions and secure data distribution involves constraining the behavior of both data copyright holders and data purchasers. This prevents either party from having the means to engage in improper actions, such as framing the other party or leaking data. This study replaces the traditional third party with the InterPlanetary File System (IPFS) and the Ant Open Consortium Chain to implement watermark registration and transaction recording. Leveraging the decentralized and transparent nature of blockchain platforms, we utilize smart contracts to automatically execute evidence storage operations, creating immutable, transparent, and secure data records. All operations on the chain are traceable and verifiable through the blockchain structure. If the copyright holder embeds a malicious watermark or the purchaser leaks data off-chain, such actions can be detected and attributed to ensure accountability. To achieve secure data distribution, this study adopts homomorphic encryption watermarking [33,34,35], which integrates cryptographic and watermarking techniques. Homomorphic encryption allows certain mathematical operations to be performed on the ciphertext so that the encryption and watermark embedding will not interfere with each other. Furthermore, encryption parameters must be retrieved from the blockchain, ensuring that only the copyright holder can encrypt the data with a public key and only the authorized buyer can decrypt the data with a private key. Under the dual constraints of blockchain evidence storage and data encryption with embedded watermarks, unauthorized users cannot evade prosecution. Simultaneously, legitimate users will not be falsely accused. This will further deter misconduct during data encryption and watermark embedding processes.

To implement this framework, the study integrates the Paillier homomorphic encryption watermark, blockchain, and smart contract to propose a trusted transaction method for remote sensing image data that enhances credibility and ensures data security. First, the copyright holder and data purchaser authenticate their identities via smart contracts and generate watermark data based on transaction metadata. The copyright holder then encrypts the data using the purchaser’s public key. He imperceptibly embeds the ciphertext of the watermark into the encrypted remote sensing image based on the Paillier homomorphic encryption scheme. Upon receiving the data, the purchaser uses his private key to decrypt and obtain the plaintext image containing the embedded watermark. Finally, transaction records and operation logs are stored immutably on blockchain trusted nodes via smart contracts. This ensures verifiable copyright ownership and traceable transactions. Throughout the entire process of transaction, depository, and verification, data encryption/decryption and watermark embedding/extraction are performed symmetrically. The algorithmic workflow is illustrated in Figure 1.

3. Algorithm and Implementation

3.1. Digital Watermark Embedding Algorithm Based on Paillier Homomorphic Encryption

In this study, we embed a watermark based on Paillier homomorphic encryption for the exchange cipher watermarking method [36]. The watermark is generated by the data copyright holder information, data buyer information, data name, data hash, and time stamp. It is characterized by uniqueness and resistance to forgery. The specific steps for embedding a watermark are shown in Figure 2 below.

3.1.1. Homomorphic Encryption Algorithm

Step 1: Remote Sensing Image Data Blocking and Preprocessing. First, divide the remote sensing image $D$ into blocks. The block size is 8 × 8. Then, we obtain the set of blocks $DArray=\{b_1 ,b_2 ,\dots ,b_L \}$. Here, $L$ represents the number of blocks, and $bi$ denotes the i-th block. Each block contains 64 pixel values. The reorganized arrays of all blocks are combined into the reorganized coding set $RBitArray=\{r{b}_1 ,r{b}_2 ,\dots ,r{b}_L \}$. Here, $r{b}_i$ represents the pixel values after reorganization of the i-th block $i\in \left[0,L\right]$.

Step 2: Hilbert Curve Rearrangement. For each block $b_i$, utilize the Hilbert curve to perform space-filling curve encoding on the pixels within the block, thereby rearranging the pixel order. Given the key $Key$, generate the Hilbert curve $H$. Based on $H$, traverse the pixels within each block $bi$ and reorganize the pixel values into a one-dimensional array $r{b}_i$ according to the Hilbert curve sequence.

Step 3: Paillier Homomorphic Encryption. The Paillier cryptosystem possesses additive homomorphic properties. Encrypted data satisfies $E(m_1)·E(m_2)=E(m_1+m_2)$, where $E(·)$ denotes the encryption operation. The reorganization-encoded set $RBitArray$ is encrypted using the Paillier algorithm to obtain the ciphertext value set $ERBitArray =\{er{b}_1,er{b}_2,\dots .,er{b}_L\}$. The encryption formula is as follows:

$$er{b}_i=E\left(r{b}_i,N,g\right)=g^{r{b}_i}\cdot r^N\mathrm{mod}{N}^2$$

(1)

where $r{b}_i\in RbitArray$, $er{b}_i\in ERBitArray$. $\left(N,g\right)$ is the public key of the algorithm. $N$ is the product of two large prime numbers. $g$ is a generator. $r$ is an integer randomly selected during the encryption process. $\mathrm{mod}\left(\cdot \right)$ is the remainder operation.

After encryption, $ERBitArray$ becomes the ciphertext data, which can be used for subsequent watermark embedding. By reorganizing the key pixel values within the ciphertext set, the encrypted remote sensing image data $ED$ is obtained. The decryption algorithm is the inverse process of the encryption algorithm. Decryption is performed using the private key generated by the Paillier cryptosystem.

3.1.2. Digital Watermark Embedding Algorithm

Leveraging Paillier’s homomorphic properties, the watermark embedding process operates within the ciphertext domain. Let the watermark information be a binary sequence $W=\{w_1,w_2,\dots ,w_T\}$, where $w_t\in \left\{0,1\right\}(t=1,2,\dots ,T)$ and $T\le L$. The watermark embedding targets the ciphertext value set $ED=\{e{v}_1 ,e{v}_2 ,\dots ,e{v}_L \}$. Here, $e{v}_i=er{b}_i$ and $L$ denote the number of blocks. The detailed steps are as follows.

Step 1: Generate and encrypt a random prime number. Generate a prime number $p$ using the Miller–Rabin algorithm. Then, encrypt $p$ using the Paillier encryption algorithm to obtain the encrypted prime number $ep$. The encryption method is as follows:

$$ep=E\left(p_i,N,g\right)=g^p\cdot {r_p}^N\mathrm{mod}{N}^2$$

(2)

Among these, $r_p$ is an integer randomly selected when encrypting $p$.

Step 2: Calculate the ciphertext product. For each ciphertext value $e{v}_i\in ED$, compute the product of $e{v}_i$ and $ep$. This yields the intermediate ciphertext value $em{v}_i$. The calculation method is shown in Formula (3) as follows:

$$em{v}_i=e{v}_i\cdot ep\mathrm{mod}{N}^2$$

(3)

According to the homomorphic property of Paillier, $em{v}_i$ corresponds to the encrypted result after adding the plaintext value, which means $em{v}_i=E\left(v_i+p\right)$.

Step 3: Decrypt to obtain the plaintext sum. Use the Paillier private key $\lambda$ to decrypt $em{v}_i$, yielding the plaintext sum of the two numbers as follows:

$$m{v}_i=D\left(em{v}_i,\lambda \right)=v_i+p$$

(4)

Among these, $D\left(\cdot \right)$ represents Paillier’s decryption operation.

Step 4: Embed the watermark information by modifying the ciphertext value based on the parity principle and the current watermark value. The specific rules are shown in Formula (5) as follows:

$$e{v}_i^{\prime }=\left\{\begin{array}{c}e{v}_i \\ e{v}_i\cdot P\left(1,N,g\right)\end{array}\right. \begin{array}{c}m{v}_i\mathrm{mod}2=w_j\\ m{v}_i\mathrm{mod}2\ne w_j\end{array}$$

(5)

In the formula, $e{v}_i^{\prime }$ represents the ciphertext value after embedding the watermark. $w_j$ represents the value of the watermark to be embedded, which is either 0 or 1.

Step 5: Perform the embedding operation described above on all ciphertext values $e{v}_i(i=1,2,\dots ,L)$ to obtain the embedded watermarked ciphertext set $ED\prime =\{e{v}_1 \prime ,e{v}_2\prime ,\dots ,e{v}_L\prime \}$. This set constitutes the final watermarked ciphertext data.

The overall computational complexity of embedding watermarks based on Paillier homomorphic encryption is $O\left(M\cdot N\right)+O\left(L\cdot k^3\right)$, where $M$ and $N$ represent the length and width of the original remote sensing image data sheet. $L$ denotes the number of blocks. $k$ indicates the key length.

3.2. AntChain Combined with IPFS Depository Solution

The depository process integrating the Ant Open Consortium Chain and the InterPlanetary File System (IPFS) proposed in this paper is illustrated in Figure 3. First, based on transaction metadata, we generate watermark information, including the identities of the data copyright holder and buyer, data name, data hash, and timestamp. Once generated, the watermark is registered via the IPFS [37], replacing traditional third parties. A hash value uniquely corresponding to the file content is generated as the file’s identifier. This hash is computed from the file’s contents. Any alteration to the file will result in a change to the hash value, thereby enabling data integrity verification.

The watermark registration scheme relying on the IPFS utilizes a distributed hash table for efficient storage location retrieval. It allows the watermark to be extracted and directly compared with the registered information. This approach offers several advantages, including strong resistance to data tampering, rapid access, and elimination of single points of failure. It reduces dependence on centralized third parties and enhances the security and efficiency of watermark registration, supporting reliable copyright identification and traceability.

Simultaneously, the Ant Open Consortium Chain serves as the platform for storing transaction information. It adopts a parallel Byzantine Fault Tolerance (PBFT) consensus algorithm to support high-frequency transaction processing. Users must authenticate their identities to join the network, making it suitable for scenarios involving multiple parties’ collaboration and controlled data access. As a result, this system enables user authentication and the traceable verification of remote sensing image data transaction records through the blockchain. Even in the event of node failure, other nodes can continue to validate and execute transactions, ensuring the robustness and security of the depository platform.

Smart contracts [38] are blockchain-based programs capable of executing predefined operations automatically, without a third party’s intervention. This characteristic can eliminate the time delays caused by third parties in traditional transactions, thereby enhancing both efficiency and transparency of the trading process. In this study, the processes of evidence deposition and verification are implemented through interactions between smart contracts and the blockchain. Three core smart contracts are developed using Solidity.

(1) Authentication Contract. The authentication contract encompasses user registration and key distribution. The contract pseudocode is as follows:

Contract 1 User Authentication Contract

Input: username, password, pubKey, userAddr Output: register status, login result, pubKey contract UserAuth {   struct User {     string username;     bytes32 passwordHash;     string pubKey;     bool registered;   }   mapping(address => User) users;   event Registered(address userAddr, string username);   event LoginSuccess(address userAddr);    event PublicKeySet(address userAddr, string pubKey);   function register(string username, string password) public {     users[msg.sender] = User(username, hash(password), getPublicKey(msg.sender), true);     emit Registered(msg.sender, username);   }   function login(string password) public view returns (bool) {     require(users[msg.sender].registered, “Not registered”);     return (users[msg.sender].passwordHash == hash(password));   }   function setPublicKey(string pubKey) public {     require(users[msg.sender].registered, “Not registered”);     users[msg.sender].pubKey = pubKey;     emit PublicKeySet(msg.sender, pubKey);   }   function getPublicKey(address userAddr) public view returns (string) {     require(users[userAddr].registered, “Not registered”);     return users[userAddr].pubKey;   } }

(2) Transaction Evidence Contract. The transaction evidence contract interacts with nodes on the Ant Open Consortium Chain to record transaction information on the blockchain. The pseudocode for the contract is as follows:

Contract 2 Transaction Deposit Contract

Input: receiver, dataHash, ipfsCid Output: transaction record, transaction count contract TransactionStorage {   struct Transaction {     address sender;     address receiver;     string dataHash;     string ipfsCid;     uint256 timestamp;   }   Transaction[] transactions;   event TransactionStored(address sender, address receiver, string dataHash, string ipfsCid, uint256 timestamp);   function storeTransaction(address receiver, string dataHash, string ipfsCid) public {     add new Transaction(msg.sender, receiver, dataHash, ipfsCid, now);     emit TransactionStored(msg.sender, receiver, dataHash, ipfsCid, now);   }   function getTransactionCount() public view returns (uint) {     return transactions.length;   } }

(3) Transaction Verification Contract. The transaction verification contract is responsible for implementing transaction information retrieval on Ant Open Consortium Chain nodes. The contract pseudocode is as follows:

Contract 3 Transaction Verification Contract

Input: dataHash, ipfsCid, sender address Output: verification result, transaction details, transaction count contract TransactionVerifier {   TransactionStorage storageContract;   constructor(address storageAddress) public {     storageContract = TransactionStorage(storageAddress);   }   function verifyTransactionByDataHash(string dataHash) public view     returns (bool exists, address sender, address receiver, string ipfsCid, uint256 timestamp) {     for each transaction in storageContract {       if (hash(transaction.dataHash) == hash(dataHash)) {         return (true, transaction.sender, transaction.receiver, transaction.ipfsCid, transaction.timestamp);       }       end if     }     end for     return (false, null, null, null, 0);   }   function verifyTransactionByIPFSCid(string ipfsCid) public view     returns (bool exists, address sender, address receiver, string dataHash, uint256 timestamp) {     for each transaction in storageContract {       if (hash(transaction.ipfsCid) == hash(ipfsCid)) {         return (true, transaction.sender, transaction.receiver, transaction.dataHash, transaction.timestamp);       }       end if     }     end for     return (false, null, null, null, 0);   }   function countTransactionsBySender(address sender) public view returns (uint count) {     uint matchCount = 0;     for each transaction in storageContract {       if (transaction.sender == sender) {         matchCount++;        }       end if     }     end for     return matchCount;   } }

4. Trusted Transaction Model

4.1. Participants

In order to verify the remote sensing image data ownership information and trace the transaction records, a remote sensing image data transaction authentication method is designed by combining the above homomorphic encrypted watermark embedding, blockchain, and smart contract. The participating parties in the secure transaction model proposed in this study are as follows:

1. TA is responsible for the initialization of the transaction platform and the issuance of attribute keys for users. It is assumed that TA is fully trusted.

2. IPFS is a peer-to-peer distributed file system that enables distributed computing devices to connect to the same file system.

3. Federated blockchain is a blockchain on which secure indexes, file identifier ID, and smart contracts are stored.

4. Data copyright holder refers to the remote sensing image data provider, referred to as the seller.

5. Data buyer refers to the user who spends a certain amount of money to buy data from the data royalty, referred to as the buyer.

The user role symbols and the corresponding symbols are explained in

Table 1. Symbol identification and interpretation.

Symbol	Meaning	Symbol	Meaning
d	Original data	D	Data copyright holder
dD	Encrypted data	U	Data buyer
PubX	X’s public key	TA	Credible node
PriX	X’s private key	IPFS	Interplanetary file system
HX	X’s hash	W	Watermark

4.2. Trading Model

The trusted transaction model for remote sensing image data consists of three parts: an authentication module, a transaction module, and a verification module. The timing flowchart of the trusted transaction model is shown in Figure 4.

4.2.1. Authentication Module

At this stage, data copyright holders and data buyers submit their identity information to the trading platform to log in and agree on transactions. The submitted identity information is verified to confirm whether the user is already registered. If the user has not yet registered, they must fill in their identity information. After successful registration, the user will download the corresponding RSA key pair. At the same time, smart contract 1 will be triggered to upload the user information and $Pu{b}_{\mathrm{U}}$ to the blockchain for verification and return $H_{\mathrm{D}}$/$H_{\mathrm{U}}$, the hash code representing the user’s identity.

4.2.2. Transaction Module

For each transaction, a one-time watermark key pair $K\left(K_{\mathrm{P}},K_S\right)$ is generated by the Paillier homomorphic encryption algorithm. Encrypt $K\left(K_{\mathrm{P}},K_S\right)$ with $Pu{b}_{\mathrm{U}}$ and distribute it to $\mathrm{U}$; encrypt $K_{\mathrm{P}}$ with $Pu{b}_{\mathrm{D}}$ and distribute it to $\mathrm{D}$.

$\mathrm{D}$ decrypts the watermark key pair with $Pr{i}_{\mathrm{D}}$ to obtain $K_{\mathrm{P}}$, which encrypts the original data $d$ to obtain $d_{\mathrm{D}}$ and uploads $d_{\mathrm{D}}$ to the IPFS, returning the IPFS ID. When the owner of the data copyright owns the data of the transaction, it first associates the copyright information of the data with its identity information and stores the information on the IPFS using a smart contract to complete the data copyright registration and authentication. The smart contract is used to store the information on the IPFS to complete the copyright registration and authentication of the data.

In order to accurately locate the transaction corresponding to the leaked information after the transaction is completed, generate watermark data $W$ based on the transaction information. The transaction information consists of the data copyright owner information, the data buyer information, the data name, the data hash, and the timestamp. Then, the system triggers the smart contract to store it on the IPFS. Then, read the ciphertext data stored on the IPFS and perform homomorphic watermark embedding on it. Return the embedded watermarked ciphertext data to $\mathrm{D}$.

$\mathrm{D}$ sends the ciphertext data under the chain to $\mathrm{U}$. $\mathrm{U}$ decrypts the key pair $K\left(K_{\mathrm{P}},K_S\right)$ using $Pr{i}_{\mathrm{U}}$ to obtain $K_{\mathrm{S}}$, which can be used to decrypt the plaintext data embedded with the watermarked information. The Ant Open Consortium Chain, supported by consensus among block nodes, relies on the automatic execution mechanism of smart contracts to record transaction information into blocks. It then returns a unique transaction hash as the retrieval index.

4.2.3. Verification Module

• Watermark Extraction

This scheme exploits the additive property of homomorphic encryption to embed digital watermarks directly in the ciphertext domain, thereby ensuring data privacy and watermark security during the transaction process. Upon completion of the transaction, authorized users are allowed to use the purchased remote sensing image data within the agreed scope. If the copyright holder identifies unauthorized pirated data in an off-chain environment, watermark extraction can be performed on the data, whether in plaintext or ciphertext form, to verify its origin and authorization status.

The watermark extraction process strictly follows the inverse procedure of the homomorphic encryption watermark embedding algorithm described in Section 3.1.2. By applying the corresponding inverse transformation to the potentially infringing remote sensing image data, the extractor is able to recover the original binary watermark sequence for verification.

2.

Transaction Information Verification

In the verification phase, the copyright holder or purchaser can query the corresponding transaction record on the consortium blockchain by inputting the transaction hash. Upon receiving the query request, the smart contract automatically returns key information such as the transaction details, the watermark address, and the transaction timestamp. The verifier can further utilize the IPFS address of the watermark file to retrieve the uniquely corresponding watermark data file via content addressing and download it to the local environment.

Authorized users can utilize the data in accordance with the agreed terms. However, when unauthorized remote sensing image data is discovered off-chain, the extracted watermark information can be used to perform a retrieval query within the consortium blockchain. If $TA$ is able to return the corresponding record, the data can then be compared and confirmed as originating from a specific transaction. This enables copyright ownership confirmation and accountability tracing.

5. Experiment and Analysis

5.1. Introduction of the Experiment

In this section, we validate the feasibility and effectiveness of the proposed trustworthy transaction model for remote sensing imagery data, which integrates Paillier homomorphic encryption watermarking, blockchain, and smart contract technologies. This includes three critical components: data encryption and watermark embedding, transaction notarization, and infringement detection and verification. In addition, we also evaluate the performance of smart contract execution.

The depository platform is built based on Ant Open Consortium Chain and Star File System, and the smart contract is developed based on the Cloud IDE platform. The running environment is i7-11700 @ 2.50 GHz, 16GB RAM, and Windows 10. The code is written in Java and Solidity. The experimental data consists of 2048 × 2048-pixel remote sensing images in TIF format. The pixel depth is 32 bits.

5.2. Experiment Design

5.2.1. Data Encryption and Watermark Embedding Experiment

The watermark information is automatically generated based on the transaction information, including the data buyer, data seller, data information, data hash, and timestamp. The generated watermark information is a binary sequence consisting of “0” and “1” (

Table 2. Watermark plaintext information and encoded information.

Data	Content
Original watermark (plaintext)	Copyright holder: Alice Buyer: Bob Data: RSOD remote sensing images Data HASH: 1001110111010010001110111001000010110010001… Time: 25 September 2025 19:36:05
Original watermark (binary)	… 010000110110111101110000011110010111001001101001 011001110110100001110100001000000110100001101111…

). Then, we encrypt the original remote sensing image data anchored on the Paillier cryptosystem, and the visualization of the results during the embedding of the watermark is shown in

Table 3. Visualization of the results during the embedding of the watermark.

Original data	Data after encryption
Data after embedding the watermark (ciphertext)	Data after embedding the watermark (plaintext)

. The ciphertext presents a disordered state. It is unreadable and does not inform the buyer and seller. It will not be tampered with during the transaction process, thus providing security.

The visualization of the data embedding watermarking process is presented in Table 3. After embedding the watermark in an encrypted state, the resulting data remains an unreadable ciphertext. The total execution time for data encryption and watermark embedding was 42.632 s. Data decryption and watermark extraction took 49.761 s. This efficiency falls below that of conventional single-pass watermark embedding and extraction operations. In the transaction scenario, the data buyer receives the ciphertext and decrypts the data using the private key, which can completely recover the complete information of the original data. The visual effect of the data after decryption is consistent with the original data, proving that the watermark has good invisibility.

In this study, we quantitatively evaluate the invisibility of the watermark by calculating the MSE value and PSNR value of the plaintext image after embedding the watermark with respect to the original data. The MSE denotes the mean square error of the image after embedding the watermark and the original image. The Peak Signal-to-Noise Ratio (PSNR) is a reference image quality evaluation index. Its unit is dB. The larger the value means the smaller the distortion. The PSNR is close to 50 dB, which means that the image after embedding the watermark has only a very small error.

The formulas for calculating the MSE value and the PSNR value are as follows:

$$MSE={\displaystyle \frac{1}{M\times N}}\left({\displaystyle \sum _{i=1}^M{\displaystyle \sum _{j=1}^N{\left[f_w\left(i,j\right)-f\left(i,j\right)\right]}^2}}\right)$$

(6)

$$PSNR\left(f,f_w\right)=10{\log }_{10}{\displaystyle \frac{{255}^2}{MSE}}$$

(7)

where M is the width of the remote sensing image, N is the height of the remote sensing image, f is the original watermarked image, and fw is the plaintext image after embedding the watermark. i denotes the horizontal coordinate and j denotes the vertical coordinate.

The calculation results show that the MSE of the plaintext image after embedding the watermark is 1.967, and the PSNR value is 57.376. This indicates that the decrypted data has only minor errors compared to the original data. This quantitatively proves the invisibility of the watermark, which will not affect the normal use of the data buyer after decryption.

5.2.2. Experiment on the Validity of Transaction Verification

After the watermark is generated, we upload the watermark information to the IPFS to realize watermark registration and return the data file address hash (IPFS CID). The deployed smart contract will execute the storage on-chain. The data information, transaction information, and watermark IPFS file address are stored on the Ant Open Consortium Chain. Then, the contract call operation log is returned, including the index, block number, transaction hash, and other information.

Table 4. Transaction depository process and implementation results.

Process	Result
1. Upload the watermark to the IPFS for registration	QmREzWJKHLhFSnLCTxdaj3oAEU7taSndNxPGBSREksR4Lf
2. Upload transaction information to Ant Open Consortium Chain	“logIndex”: “0x1”, “blockNumber”: “0x18”, “blockHash”: “0x2a6a1845e39d32150583447b217f 1cc71879bbf48e6cb7ccd00f139a7ce397a6”, “transactionHash”: “0xfbb52d570e8674d79e205563 2f913c415ae8570089bb06ac07f00cdd8939a0af”, “transactionIndex”: “0x0”, “address”: “0x93f8dddd876c7dBE3323723500e83E 202A7C96CC”

shows the return results of watermark registration and transaction information deposit in the Section 5.2.1 experiment.

5.2.3. Infringement Detection and Verification Experiment

When pirated data for unauthorized use is found under the chain after the transaction is completed, we extract watermarks on the plaintext data. As shown in

Table 5. Watermark information extraction results.

Data	Content	Hamming Distance
Extracted watermark information (binary)	…010000110110111101110000011110010111001001101001011001110110100001110100001000000110100001101111…	0
Recovered watermark information (plaintext)	Copyright holder: Alice Buyer: Bob Data: RSOD remote sensing images Data HASH: 1001110111010010001110111001000010110010001… Time: 25 September 2025 19:36:05	0

, the extracted watermark data is still a binary sequence and can be recovered as character content. This study quantitatively evaluates the watermark extraction effect by calculating the Hamming distance.

Let the two strings be $A=a_1{a}_2{a}_3\dots a_n$ and $B=b_1{b}_2{b}_3\dots b_n$. The Hamming distance $d(A,B)$ is defined as follows:

$$d(A,B)={\displaystyle \sum _{i=1}^n\delta }(a_i,b_i)$$

(8)

where $\delta (a_i,b_i)$ is the indicator function. It takes 1 when $a_i\ne b_i$ and 0 otherwise. The smaller the Hamming distance, the fewer the number of different values at the same position in the two strings. This indicates that the two strings are more similar.

The result shows that the Hamming distance between the watermark information after extraction and the original watermark information is 0, which means that the original watermarks are identical. It proves that valid transaction information can be extracted from the data.

After extracting the watermark data and decoding the information, we call the deployed smart contract for on-chain information retrieval. If the smart contract can obtain a response, it means that the transaction exists. This returns specific information such as buyer and seller information, data information, watermarked IPFS file address, and transaction timestamps contained on a node of the chain (

Table 6. Transaction verification process and implementation results.

Process	Result
1. Verify the transaction on Ant Open Consortium Chain	bool: exists true, address: sender 0x5B38Da6a701c568545dCfcB03F cB875f56beddC4, address: receiver 0x5B38Da6a701c568545dCfcB03Fc B875f56beddC4, string: dataHash 100111011101001000111011100100 0010110010001…, String:_ipfsCid QmREzWJKHLhFSnLCTxdaj3oAE U7taSndNxPGBSREksR4Lf, uint256: timestamp 1759146466
2. Download the depository watermark from the IPFS	Copyright holder: Alice Buyer: Bob Data: RSOD remote sensing images Data HASH: 1001110111010010001110111001000010110010001… Time: 25 September 2025 19:36:05

). Based on the watermarked IPFS file address, a request is made to download the data locally. It is compared with the extracted watermark data to comprehensively verify the copyright information for rights protection.

5.2.4. Watermark Robustness Test

To validate the robustness of the watermarking algorithm employed in this paper, the experimental data underwent multiple manipulation attacks. The robustness evaluation metric is the normalized correlation coefficient between the extracted watermark and the embedded watermark after attack. A higher coefficient value indicates greater robustness. The formula for calculating the NC value is as follows:

$$NC={\displaystyle \frac{{\displaystyle \sum _{i=1}^M{\displaystyle \sum _{j=1}^{N}f(i,j)f_w(i,j)}}}{{\displaystyle \sum _{i=1}^M{\displaystyle \sum _{j=1}^N{\left[f(i,j)\right]}^2}}}}$$

(9)

As shown in

Table 7. Robustness test results.

Attack Method	Attacked Image	NC	Result
Gaussian Noise (Variance = 0.05)		0.876	Success
Salt and Pepper Noise (Variance = 0.003)		0.993	Success
Crop 1 2048 × 1024		1	Success
Crop 2 1024 × 1024		1	Success
Rotate 1 10°		0.831	Success
Rotate 2 20°		0.704	Partial success

, when the rotation angle reaches 20°, partial watermark information cannot be detected. However, overall, the watermarking algorithm employed in this paper can withstand attacks such as cropping, noise, and rotation. This proves the watermarks possess good robustness, enabling verification against off-chain pirated data.

5.2.5. Smart Contract Execution Performance Test

This study employs Cloud IDE as the development environment for writing three distinct types of smart contracts. Deployment is completed using uniform configurations and Solidity versions to ensure consistency in experimental conditions. For evaluating fuel consumption, the method proposed in Reference [39] is adopted to convert actual gas expenditure into ether, thereby measuring the relative overhead of contract execution. Using the market exchange rate as of 28 September 2025—approximately 1 ether = 4011.61 USD—and setting the gas price at 1 Gwei (10⁻⁹ ether), we analyzed the energy costs incurred during the deployment of different contracts. The specific results are shown in

Table 8. Fuel cost for contract deployment.

Contract	Gas Cost (Gas)	Ether Cost	USD Cost
User Authentication	830,209	0.000830209	3.330
Transaction Deposit	508,109	0.000508109	2.038
Transaction Verification	953,418	0.000953418	3.825

. During deployment, the identity verification contract consumed 830,209 units of gas. Its primary cost stems from user key generation and retrieval mechanisms. The transaction evidence contract exhibited the lowest gas usage at 508,109 units. This stems from its primary task of storing structured data on-chain, which involves relatively low computational intensity. Conversely, the transaction verification contract recorded the highest gas consumption at 953,418 units, attributable to its complex operation requiring the retrieval of on-chain historical records. Correspondingly, the cost of deploying this contract was also higher, amounting to approximately USD 3.825.

During deployment, smart contracts typically incur significant initial fees, often exceeding USD 2 in most scenarios. This is primarily due to the substantial resources required for on-chain storage and verification of the contract code. In contrast, as shown in

Table 9. Fuel cost for contract function execution.

Contract	Function	Gas Cost (Gas)	Ether Cost	USD Cost
User Authentication	register	72,913	0.000072913	0.292
	login	73,215	0.000073215	0.294
	set public key	72,126	0.000072126	0.289
Transaction Deposit	store transaction	143,294	0.000143294	0.575
	obtain transaction count	7310	0.000007310	0.029
Transaction Verification	verify by watermark	132,664	0.000132664	0.532
	verify by hash	32,620	0.000032620	0.131
	obtain transaction count	7741	0.000007741	0.031

, the cost of invoking individual functions within the contract is markedly lower. The overall cost distribution is relatively uniform and falls within an acceptable, reasonable range. In practical applications, once deployed, a contract can be repeatedly invoked. Processing new transactions does not require recompilation or redeployment. Therefore, although initial deployment incurs a certain cost, the low invocation overhead provides economically viable support for the system’s long-term operation and high-frequency usage. This optimizes overall performance and cost-effectiveness at the architectural level. For individual functions within the contract, transaction deposit on-chain and transaction retrieval based on watermark information are the two operations with the most concentrated gas consumption. This is closely related to their computational intensity, involving on-chain state updates and complex data queries. However, the cost per execution for these functions remains controllable within USD 0.6. The cost of a single deposit is still quite reasonable.

Five experiments were conducted on each of the three contracts, authentication, transaction notarization, and transaction verification, to test their execution performance under 10, 20, 50, 100, and 200 processing volumes. Statistical metrics included system throughput (TPS) and average latency during contract execution. This ensured the stability and reliability of the results. The performance test statistics (

Table 10. Results of performance testing of smart contracts.

Contract	Count	TPS	Avg Latency (s)
User Authentication	10	17.976	0.056
	20	19.129	0.052
	50	19.474	0.051
	100	19.199	0.052
	200	19.496	0.051
Transaction Deposit	10	26.497	0.038
	20	27.580	0.036
	50	27.287	0.037
	100	27.544	0.036
	200	28.437	0.035
Transaction Verification	10	4.925	0.203
	20	5.250	0.190
	50	5.294	0.189
	100	5.260	0.190
	200	5.266	0.190

, Figure 5) are presented below.

In terms of throughput and average latency, the three types of contracts exhibit similar characteristics to gas cost. The TPS of the authentication contract stays between 17.976 and 19.496, and the average latency varies between 0.051 and 0.056 s. It shows that it still has good stability in the case of high-frequency authentication. The TPS of the transaction deposit contract is stable between 26.497 and 28.437, with an average delay of only 0.035 to 0.038 s. The TPS of the transaction checking contract is relatively low, only 4.925 to 5.294, with an average latency of 0.189 to 0.203 s. The performance bottleneck mainly comes from the process of chain traversal and matching of the deposited data. Although the TPS of the verification contract is significantly lower than that of the other two types of contracts, it still maintains an average latency of 0.19 s for a single transaction under 200 processes. The automation mechanism of smart contracts can better meet the real-time requirements of remote sensing image transactions.

Overall, the efficient execution of the authentication and transaction verification contract provides support for transaction execution and verification. Although the response efficiency of the transaction checking contract is not as good as the other two types of contracts, it can still realize fast processing by relying on the automatic execution characteristics. Although there are differences in computational complexity, execution efficiency, and load adaptability among the three types of contracts, the overall performance shows good stability. They can meet the practical needs of high-frequency trading scenarios of remote sensing images.

6. Discussion

6.1. Transaction Security in the Proposed Model

The trusted transaction model for remote sensing image data proposed in this study ensures strong security. All data transmitted after watermark embedding is encrypted using $Pu{b}_{\mathrm{D}}$, guaranteeing that only the authorized buyer can decrypt and access the content. Even if an attacker intercepts the ciphertext, they cannot obtain the plaintext without the buyer’s private key. In the process of encrypting remote sensing imagery and embedding digital watermarks, the Paillier cryptosystem is employed with the introduction of the Hilbert secure encoding mechanism, featuring a key length set to 2048 bits. This system possesses an extensive key space, thereby effectively ensuring the overall security strength of the algorithm. Furthermore, each transaction generates a unique, one-time Paillier key pair, which becomes invalid after the transaction ends. This eliminates concerns related to long-term Paillier key management. The security of the model is discussed separately from the perspectives of the data copyright holder and the data buyer.

6.1.1. Security for the Data Copyright Holder

The model provides strong security guarantees for the data copyright holder. If unauthorized data is discovered in an external environment, the copyright holder can extract the watermark embedded in the data to verify its ownership. Because the watermark encodes transaction metadata between the copyright holder and the buyer, the extracted watermark can be matched with immutable transaction records stored on the blockchain to confirm authorship. Additionally, the buyer can be identified and held accountable based on the transaction information embedded in the watermark and stored on the chain.

6.1.2. Security for the Data Buyer

The model also protects the data buyer. The copyright holder cannot forge a watermark using false identity information to frame the buyer, as mutual authentication is required for every transaction. Upon registration, users upload personal identity information and a public key to the blockchain and receive a unique ID, enabling verifiable authentication. If the purchaser decrypts the received data and finds it inconsistent with what was promised, such as copyright holder fraud, the discrepancy can be verified. The encrypted data $d_{\mathrm{D}}$, created by the seller using $K_{\mathrm{P}}$ encryption, is stored on the IPFS and treated as the canonical version of the dataset. During the transaction, the watermark is embedded based on the IPFS-stored data and sent to the buyer. If the copyright holder attempts to swap the dataset afterward, the watermark will no longer match the one registered on the IPFS, thus exposing the fraudulent behavior and making arbitration unavoidable.

6.2. Fairness of the Proposed Model

The model ensures fairness for both the copyright holder and the data buyer. As discussed, any party that violates the terms of the transaction can be identified and held accountable. Key operations, such as identity verification, encryption, decryption, and watermark embedding, are parameterized via the blockchain, preventing either party from executing malicious actions, such as framing or leaking data. The model establishes a bilateral deterrent against misconduct, making honest compliance with the transaction protocol the most beneficial strategy for both parties.

6.3. Comparison with Existing Methods

6.3.1. Comparison with Traditional Databases

Security testing and traceability comparison experiments were conducted on blockchain and traditional databases. By simulating transaction data tampering, the detection capabilities of both platforms were compared. Random queries of transaction histories were used to calculate the average traceability accuracy rate. Based on this, traceability query times were compared. The results in

Table 11. Comparison results between blockchain and traditional databases.

Indicator	Blockchain	Database
Traceability Accuracy Rate	100.0%	100.0%
Average Time to Source	0.195 s	0.023 s
Tamper Detection Capability	100.0%	0.0%

show that blockchain inherently verifies chain integrity to detect any data tampering. Although both traditional databases and blockchain achieve 100.0% traceability accuracy, and the former holds a slight advantage in query speed due to its lack of computational resource requirements for consensus, databases inherently lack integrity verification capabilities. Once data is modified by authorized users or attackers who breach the permission system, databases cannot proactively resist such tampering. Compared to database-based evidence, blockchain fundamentally resolves trust issues.

6.3.2. Comparison with Other Copyright Protection Models

A comparative evaluation between the proposed method and existing methods is presented in

Table 12. Comparison of different methods.

Method	Dencentralized	Confidential	Smart Contract	Storage Off Chain	Efficient	Traceability	Fairness
Wang [19]	N	N	N	Y	Y	N	N
Kumar [40]	Y	N	N	Y	Y	N	N
Zhang [14]	Y	Y	Y	N	N	N	Y
Deepayan [29]	Y	N	N	Y	Y	N	N
Chen [30]	Y	Y	Y	N	Y	N	Y
Proposed method	Y	Y	Y	Y	Y	Y	Y

. “Y” stands for yes. “N” stands for no. The evaluation criteria include decentralization, confidentiality, use of smart contracts, off-chain storage, efficiency, traceability, and fairness. The results demonstrate that only the proposed scheme effectively balances off-chain data confidentiality and reliable on-chain transaction recording. It uniquely supports watermark embedding in ciphertext using homomorphic encryption to ensure data security, while blockchain integration facilitates fair transactions. Furthermore, by leveraging the automatic execution capabilities of smart contracts, the model significantly improves the efficiency of transaction deposition and verification processes.

7. Conclusions

This study proposes a novel trusted transaction model for remote sensing image data that integrates the Paillier homomorphic encryption watermark, blockchain, and smart contract technologies to address the lack of secure distribution and fair transaction mechanisms. Based on the watermark embedding method presented, the extracted watermark after data distribution maintains a Hamming distance of zero, allowing accurate extraction of transaction information to support on-chain retrieval, verification, and traceability. Three types of smart contracts are designed to create transparent, traceable, and tamper-proof records on blockchain nodes. Performance evaluations demonstrate favorable results in terms of throughput and average delay. The proposed model enables transaction participants to quickly confirm copyright and usage rights of data products and effectively restrains malicious behavior. Compared with existing methods, only this model ensures both off-chain data confidentiality and reliable on-chain transaction recording. It offers a novel technical approach to help both parties reach consensus and establish mutual trust, ultimately achieving secure transactions and the sharing of remote sensing image data.

In any field, ensuring trustworthy data transactions and protecting privacy presents a complex challenge. For instance, in the medical domain, the sharing and analysis of medical imaging data are crucial for remote diagnosis, research collaboration, and training artificial intelligence models. Yet, this process also faces severe risks of patient privacy breaches during data sharing. The technical architecture proposed in this paper offers universality and scalability. This suggests that the solution holds application potential in scenarios demanding stringent requirements for data security, privacy, and trustworthy transactions. Future work will focus on exploring adaptive watermarking schemes that integrate diverse data characteristics and optimizing smart contract designs. This will further advance the refinement and universal application of the proposed solution.