Thumbnail-Preserving Encryption Technology Based on Digital Processing

: In recent years, the security of cloud storage has become a topic attracting significant attention due to a series of features such as large storage space, high availability, and low cost. Although traditional plain text images can withstand external attacks, the usability of images is completely lost. In order to balance the usability and privacy of images, some scholars have proposed the thumbnail-preserving encryption (TPE) scheme. The ideal TPE algorithm can keep the same thumbnail before and after encryption, which reduces the time cost and strengthens the resistance to attacks, but the existing schemes cannot fulfill the above criteria. In this paper, we propose a new TPE scheme that combines bit-transform encryption and improved hierarchical encryption. By constructing a chaotic system, both encryption and decryption times are shortened, while the randomness of the selected cells is enhanced. In addition, the Hamming distance is introduced to classify and scramble the binary encryption units. The experimental results show that when the number of thumbnail chunks is 16 × 16, the encryption and decryption time decreases to 4 s, and the SSIM value after encryption is close to 1, which indicates that the thumbnail before and after satisfying the encryption basically remains the same, and when the number of chunks is gradually increased, the success rate of the face detection tends to be close to 0. In addition, as the number of experimental iterations increases, the encryption effect improves with an increasing ability to resist attacks.


Introduction
With the rapid development and wide application of the Internet and smartphones, people are increasingly relying on these technologies for information exchange.However, the convenience brought from the public transmission also brings a series of security problems, including data leakage, tampering and forgery [1,2].The popularity of terminal devices and the rise of short video forms have brought cloud storage into the public's view, and more and more image data in different fields are stored and disseminated in the cloud due to the fact that storing files in the cloud space can realize the release of cell phone memory, provide a larger storage space, and reduce the characteristics of file damage and loss due to the damage of hardware equipment or improper placement [3][4][5].According to data statistics, more than 1.8 billion photos are shared on social networking platforms every day [6].However, there are some risks associated with storing data in the cloud.Attackers may use illegal tools to steal cloud data, and even secure websites labeled on the web cannot be fully trusted [7][8][9].In 2014, hackers used phishing to trick celebrities into entering their iCloud account credentials into a fake secure website, which resulted in the acquisition of private photos and videos of more than 300 victims and their public dissemination on the web [10][11][12].Since April 2022, the North Korean hacker group Lazarus used NukeSped to install additional console-based information-stealing malware to collect information stored on web browsers.Additionally, insiders may have illegally accessed the data, resulting in a massive personal data breach [13,14].On 18 February 2024, a misconfiguration incident on the cloud storage servers of automotive giant BMW resulted in the exposure of sensitive information such as private keys and internal data.Although timely modifications have been made, much of the information has been seen by many netizens [15].It can be seen that cloud storage, despite its high availability, convenience, and a host of other features, poses certain privacy risks [16][17][18].
The ciphertext image generated by traditional image encryption is usually a noise-like image, which completely loses the details and structural features of the original image.Although it ensures the security of the image in the transmission process, the usability of the image is completely lost [19].The encrypted image is not only inaccessible to the attacker but also makes it impossible for the user to extract useful information, which increases the time and cost of decryption.Therefore, while realizing image encryption to ensure security, a certain degree of usability of the image should be retained.As shown in Figure 1, some scholars proposed the thumbnail-preserving encryption (TPE) for the first time, i.e., the encrypted thumbnail and the original image have the same thumbnail attributes [20].
Figure 1.The left side is the original image uploaded to the cloud, which can be accessed directly by both the user and the outside; the center is the traditional encrypted image uploaded to the cloud, which cannot be accessed by the user or the outside; and the right side is the uploaded to the cloud after the TPE scheme, which can be accessed by the user but not by the outside.

Related Works
In 2015, Wright et al. [21] divided the image into equal blocks and implemented the pixel value substitution operation independently within each block so that only the pixel value position change occurs within the block after the operation, thus achieving encryption, but this approach has a significant drawback in that the encrypted image is easily decrypted.In 2017, Marohn et al. [22] proposed two approximate TPE schemes, namely dynamic range preserving encryption and least significant bit based embedding, but the thumbnail generated from the ciphertext image differs significantly from the thumbnail of the plain text image, which reduces the usability of the ciphertext image.In 2019, Tajik et al. [23] proposed a new scheme for constructing an ideal TPE, and for the first time proposed to transform the encryption unit by a rank function, but the experiment requires calling a large number of pseudo-random functions to enhance the resistance to resistance attacks, which leads to inefficient encryption.In 2022, Zhang et al. [24] proposed the first TPE scheme based on a chaotic system, which not only shortens the encryption and decryption time but also realizes lossless decryption, but the scheme takes the neighboring pixels as the encryption unit during the encryption process.These neighboring pixels lead to insufficient anti-attack ability, and they also need to be encrypted after several rounds to achieve better security.A comparative analysis of the encryption performance metrics for the currently available schemes is presented in Table 1 [25].

Contribution and Motivation
Based on this, we propose a bit-transform encryption scheme combined with the improved RANK encryption algorithm for the following reasons: the encryption scheme needs to introduce enough randomness to resist the attack; the chaotic system has the characteristics of unpredictability, initial value sensitivity, etc., and the one-dimensional chaotic mapping contains fewer parameters and variables; and the capacity of the key space is small, which results in the system being easily cracked and the problem of lower security [26].Multi-dimensional chaotic mapping contains more variables and parameters, more complex structures, and better chaotic performance, but there are problems such as high computational cost and complex performance analysis.Therefore, we choose to construct a two-dimensional chaotic system for testing in the experiments to ensure that the chaotic performance is improved while reducing certain computational costs.Through in-depth analysis of the connection between TPE and the 2D chaotic system, a chaotic random sequence is generated to enhance the randomness of the selected encryption unit.The number of encryption iteration rounds is effectively reduced to ensure the security of the encrypted image; the concept of Hamming distance is introduced, and the encrypted units are divided into two categories by judging the size of the Hamming distance, which are scrambled and encrypted using the above algorithm, respectively.After encryption, it is tested and proved that the scheme can guarantee the security of the ciphertext image and reduce the time cost.
The main contributions of this paper are as follows: (1) Combining a chaotic system and TPE to design a 2D chaotic system, and realizing the random selection of encryption units through chaotic sequences to avoid insufficient resistance to attacks due to the formation of encryption units by neighboring pixels.(2) Proposing the bit transform encryption scheme, introducing the Hamming distance for the first time, classifying the encryption unit by judging the size of the Hamming distance, and realizing the scrambled encryption, respectively.The ciphertext image after encryption has good resistance to attacks, the ciphertext image has the same pixel sum with the plain text image, and the thumbnails before and after encryption are the same, which has good usability.(3) The traditional rank encryption algorithm is improved, and the randomness of the encryption process is enhanced by generating random numbers through chaos to realize the disarrayed encryption, which effectively reduces the number of encryption iterations, decreases the encryption and decryption time, and decrypts the encrypted image without loss.

TPE Description
In order to balance the availability and privacy in cloud images, scholars have researched and implemented TPE schemes, and the ensuing issue to be considered becomes whether the images are secure in cloud storage.
The essence of the TPE scheme is that the encrypted image and the original image share an identical thumbnail.Figure 2 illustrates the fundamental concept of thumbnailpreserving encryption, and its detailed structure is described as follows: The specific operation is as follows: (  The above method shows that the original image is partitioned into blocks, and if the sum of pixel values within each block remains unchanged before and after encryption, the thumbnail will also be consistent with the original thumbnail, and this kind of encryption is a special case of format-preserving encryption (FPE) defined by Bellare et al. [20], which is recorded as the preserve and encrypt method.
Let M represent the plain text space.The function ϕ is defined arbitrarily to retain the attributes of M, resulting in a thumbnail image as the output.When the input picture P is provided, a key K = {0, 1} λ , P ∈ M, ϕ(P) = ϕ(M) is utilized at this time.The encryption algorithm Enc K is represented by Equation ( 1), the decryption algorithm Dec K is represented by Equation ( 2), and the encryption scheme that preserves ϕ is represented by Equation (3).

TPE Construction
In the encryption scheme proposed by Tajik et al., 2019 [23], adjacent pixel points are selected to form the encryption unit, but this scheme needs to call the random function several times to enhance the randomness to ensure that the encryption has a better resistance to attacks.However, calling the function increases the computational cost and leads to long and inefficient encryption time.Based on this, in the experiment, we classify the encryption unit by judging the Hamming distance of the selected encryption unit.We design a two-dimensional chaotic system instead of the random function to enhance the randomness, reduce the number of encryption rounds required in the experiment, and combine the bit self-transform encryption with the sum-preserving encryption algorithm so that the thumbnails are the same before and after the encryption of the image.The specific encryption process is shown in Figure 3.

Chaotic System
One-dimensional chaotic systems exhibit simple chaotic orbits and a small chaos space, making them relatively straightforward to predict.This is in contrast to two-dimensional chaotic systems, which are more complex and difficult to predict [27,28].Based on these observations, one-dimensional chaotic systems can be transformed into two-dimensional chaotic systems through the coupling of logistic mapping and sine mapping.The resulting chaotic system exhibits excellent dynamics characteristics.

Lyapunov Exponent
The Lyapunov exponent is considered to be one of the most important metrics for evaluating the dynamic properties of chaotic systems.It is defined as the average exponential rate of convergence or divergence of neighboring orbits of the system in phase space.A system with a positive Lyapunov exponent is considered to have chaotic properties [29].In Figure 4, the initial values of u 1 = 0.80 and u 2 = 0.95 are set, and the system remains hyperchaotic with a positive Lyapunov exponent for a > 5.7.

Bifurcation Diagram
Bifurcation diagrams illustrate the manner in which the trajectory of a dynamic system varies with the control parameters.The greater the uniformity of the trajectory of the bifurcation diagram, the more stable the chaotic system will be.The distribution of the system's parameters across the bifurcation diagram is presented here.The bifurcation diagram for this chaotic system is depicted in Figure 5.It can be observed that the desired chaotic effect can be achieved when the system is within the parameter range.

NIST SP-800-22 Statistical Tests
In order to further verify the randomness of chaotic sequences generated by chaotic systems, the randomness of chaotic sequences x n+1 and y n+1 is tested using SP800-22 given by NIST, using 100 binary sequences of 500,000 bits to complete 15 sub-items of the test, and it can be considered to pass the test when the value of test result P value is greater than the threshold value a = 0.01.From the test results of x n+1 and y n+1 sequences in Table 2, it can be seen that the randomness of the chaotic sequences generated by the chaotic system meets the requirements, the periodicity is long enough, and the complexity is high enough, which can be applied to image encryption.A set of chaotic random sequences X 1 is generated by coupling the formed twodimensional chaotic system, and the first 10,000 bits of the generated sequences are omitted due to the transient nature of chaotic systems.The generated random sequences are converted into integers between [1, b × b], as shown in Equation (5).The generated X temp is equal in length to b × b, and during subsequent experiments, different encryptions are realized for each pixel block by the generated random decimal y 1 : In addition, the generated chaotic sequence is to ensure the randomness of the selected encryption unit, and its generated chaotic sequence is subject to the initial value and a change.The specific process is shown in Algorithm 1.
Algorithm 1 Chaotic selection of random sequences and random values.

Pixel Self-Transforming Encryption Scheme
Tajik et al. [23] proposed a perfect TPE scheme in their paper, in which the core of their scheme is to realize the sum-preserving encryption operation through a pair of encryption and decryption functions rank(•) and rank −1 (•), but the scheme only replaces the neighboring pixels, which is computationally expensive and inefficient, and it is poorly resistant to resisting attacks.Based on these issues, for the first time, it is proposed to group the randomly selected pixel units by using the Hamming distance in experiments, and the pixels are grouped through pixel grouping for multiple rounds of encryption of different pixel units.The following is the pixel bit transform encryption scheme: (1) Input size is w * h image P; first, determine the size of the thumbnail block as b * b; then, according to the random sequence X temp generated by X 1 , randomly select points within the pixel block of b * b; the selected pixel pairs are denoted as each pixel pair is denoted as an encrypted unit − → e ; and the selected pixel points are denoted as (p 1 , p 2 ).
(2) The selected pixels can be expanded into 8-bit binary numbers, of which the order from left to right is a 7 -a 0 , i.e., the highest valid bit to the lowest valid bit.The Hamming distance between the encryption units is recorded as d (p 1 ,p 2 ) after the expansion.(3) When d (p 1 ,p 2 ) ≥ 2, judge whether the highest different bit and the second highest different bit are equal; when the two are not the same, the highest bit and the second highest bit will be self-swapped to ensure that the sum of pixel values before and after the swap is unchanged.The encryption process is shown in Figure 6.
The encryption algorithm is subject to the constraints of the encryption unit − → e cor- responding to the generation of the Hamming distance d (p 1 ,p 2 ) .In both encryption and decryption processes, it is necessary to satisfy the two conditions of d (p 1 ,p 2 ) ≥ 2, and the highest bit of the second-highest bit is different, and its encryption algorithm flow is shown in Algorithm 2.

Improved Rank Encryption Scheme
On this basis, this algorithm combines TPE with a 2D chaotic system, and it introduces the improved rank encryption algorithm when the Hamming distance d (p 1 ,p 2 ) ≤ 2 or the highest sub-high bit is the same.The encryption scheme is shown in Figure 7.
(2) Define the rank(•) function, which corresponds to the output k 0 when the encryption unit − → e is input.
(3) k e is encrypted by k 0 .
(4) Define the function rank −1 (•) as the inverse function of rank(•), and input the generated k e value to generate the corresponding encryption unit.The Ω sum(s) is calculated as (6) 7: The output k 0 can be obtained by (7) 8: k e can be further derived using (8) 9: rank −1 (k e ) generated through (9) 10: end for 12: end for 13: return Outputs

Experiment
In order to compare the performance metrics of the proposed scheme with the existing schemes, a series of experiments such as image quality analysis before and after encryption, expansion rate analysis, adjacent pixel correlation, histogram analysis, and resistance to attacks of the encrypted image are selected to evaluate the proposed scheme, and the images selected for the experiments are uniformly PNG images with a pixel size of 512 × 512.

Image Quality Analysis
In order to evaluate the quality of the images before and after encryption and decryption, the experiments utilize structural similarity (SSIM) to assess the encrypted image and the peak signal-to-noise ratio (PSNR) to evaluate the decrypted image for distortion.A larger SSIM value and PSNR value indicate a smaller degree of image distortion.The algorithm generates the same thumbnail image before and after encryption with an SSIM value close to 1, which is an ideal state.In contrast, although the encryption values of LSB-TPE and HF-TPE are greater than 0.94, the decrypted images are distorted.Since the scheme is lossless decryption, the PSNR value of the decrypted image is infinite, as shown in Figure 8 below.

Image Size Expansion
Encrypted image size is very important for image storage in the cloud; when the encrypted image occupies too much space, it will affect the image transmission and preview time.In this section, we measure the degree of expansion by the ratio of the encrypted image size to the original image size.If the value is 1, it means the encrypted image is not expanded.The expansion rate of this scheme is between 1.8 and 1.9, which effectively reduces the expansion rate of the image compared to the currently existing schemes.Since the scheme is lossless decryption, no expansion occurs in the decrypted image, i.e., the expansion rate is always 1, as shown in Figure 9.

Correlation Analysis
The adjacent pixel correlation method was employed to assess the correlation between neighboring pixels in an image.For this analysis, a 512 × 512 image containing a 16 × 16 pixel thumbnail block was selected.From this image, 5000 pairs of adjacent pixels were randomly chosen for correlation analysis in three directions: horizontal, vertical, and diagonal.As illustrated in Figure 10, the R, G and B channels of the plain text image exhibit a high degree of correlation in all three directions with pixel pairs closely clustered along a line.In contrast, the pixel pairs in the encrypted image are widely dispersed, leading to a significant reduction in correlation coefficients in each direction.This effectively mitigates the risk of statistical attacks.
The calculation process of the correlation coefficient is shown in Formula (10).In the traditional encryption process, the correlation coefficients in the three directions after encryption should be close to 0 [30], while in the process of preserving thumbnail encryption, a certain correlation should be retained between the encrypted image pixels [31], as shown in Table 3. where cov(x, y) and D(x) represent the covariance and variance of pixel values, respectively.

Histogram Analysis
The histogram is a fundamental metric utilized to analyze the statistical properties of an image, and it has the objective of estimating the resistance of the image to a statistical analysis attack.This relates to the ability of the password to statistically break the statistical patterns of the cipher text and plain text.The experiment analyzes the histograms of the cipher text image and the plain text image, demonstrating how the distribution of each gray value in the image is visualized.The histogram of the plain text image exhibits a discernible statistical pattern and an uneven distribution across each channel.Upon statistical analysis of the intercepted cipher text image, the attacker identifies and compares the statistical patterns among them with those of the plain text.This process enables the extraction of a transformational relationship between the plain text image and the cipher text image, which is then leveraged to attack the encryption scheme and achieve the attack objective.This mode is known to not only make the histogram of a cipher text image in each channel gradually become uniform but also ensure a significant difference still exists between the cipher text and the plain text image.In order to analyze the resistance of the encryption scheme to an attack based on statistical analysis, the iterative graph variance must be considered.The histogram of the image after encryption must be as uniform as possible for statistical analysis attacks.The variance of a histogram can be employed to assess the resilience of an encryption algorithm to statistical analysis attacks.A lower variance indicates a more uniform distribution of pixels, which in turn implies reduced statistical information content in the image.This represents a more robust improvement in the secure image scheme encryption.During the experiments, we tested on a test set that included an image file with a pixel value size of 512 × 512.This is demonstrated in Figure 11, which presents the histograms of the distribution of the original image in R, G and B after both ten and one hundred iterations.The TPE technique is a balance between availability and privacy, but the security of the images stored in the cloud is still a concern.In Figure 12, we encrypt the original images in different block sizes, and the images gradually lose their availability as the number of blocks increases.In our experiments, we select the first 500 images in the HELEN face dataset [32], use the face detection API algorithm in the Face++ platform to experiment on them, and compare them with the HF-TPE [24], TPE2 [33] scheme.The results of the experiments are shown in Figure 13, from which it can be concluded that the encryption scheme proposed in this paper has similar results to the above schemes, and with the increase in the chunks of the image, the success rate of the face detection decreases continuously, and when the image chunks are 32 × 32, the detection success rate tends to be close to 0.

Robustness Analysis
Due to the inevitable influence of various factors during transmission, including noise, distortion, and those caused by noisy communication, degradation, and pollution, the encrypted images are subject to alteration.Consequently, the image encryption algorithm must be sufficiently robust to withstand attacks in real-world scenarios.In this experiment, the encrypted image was subjected to a loss of pixels at random with the percentage of loss ranging from 2% to 32%.The results are presented in Figure 14.The image demonstrates that the attacked TPE image and the decrypted image are darkened overall.However, the information contained in the image prior to the attack is still discernible, indicating that the scheme exhibits robust resilience.

Time Cost
The efficiency of image encryption in terms of time is a crucial metric, and this section will address it.We compare the results with those of Tajik [23] et al., the HF-TPE proposed by Zhang [24,34] et al., and the scheme of Zhu [35] et al., as they use the same encryption algorithm that was proposed in this paper, which uses two pixel points as a unit to achieve disambiguation encryption.Table 4 gives the time taken by the scheme proposed in this paper and the other schemes, and the test metrics contain four metrics: average time, maximum time taken, minimum time taken, and standard deviation.After comparison, the encryption time increases slightly as the number of chunks increases, and the encryption time is stable.The decryption time is not listed for any of the above schemes because the decryption time is approximately the same as the encryption time.

Conclusions
In this paper, a novel scheme that combines bit-transform encryption with improved back-rank encryption is proposed.The encryption core of the scheme is to realize the sum-preserving encryption by scrambling code and to design a two-dimensional chaotic system to reduce the encryption cost.In comparison to the outcomes of existing research, this scheme demonstrates that the encryption can generate the same thumbnail as the plain text image and achieve lossless decryption.Furthermore, the encrypted image expansion rate is reduced to within 1.9, effectively preventing the encrypted image from occupying the space of the cloud.The experiments have demonstrated that the three channels can be considered as three distinct parts, each of which can be encrypted independently.In future work, the three channels will be considered as a single entity, and the encryption will be further encrypted by vertical scrambling to break the correlation between the channels and realize cross-plane encryption.

1 )
An RGB image of size I 1 × I 2 is selected and divided into three channels, each containing a two-dimensional matrix composed of pixel values [0, d](d ≤ 255), which has a size of I 1 × I 2 .(2) A two-dimensional matrix of size I 1 × I 2 is divided into blocks of size b × b, where I 1 and I 2 are divisible by b.Each channel contains I 1 b × I 2 b blocks.(3) Calculate the average value within each pixel block denoted as − → v 1 , − → v 2 . . .− − → v b×b .The encrypted thumbnail contains only I 1 b × I 2 b .pixel values, and the pixel values in each block are replaced by the average value.

Figure 2 .
Figure 2. Core program for the generation of thumbnail images.

Figure 3 .
Figure 3.A scheme diagram for preserving thumbnail encryption.

Figure 4 .
Figure 4. Lyapunov exponent map of chaotic systems before and after coupling.

( 1 )
When d (p 1 ,p 2 ) ≤ 2 or the highest bit of the next highest bit is the same, the selected pixel pair constitutes the encryption unit − → e = (p 1 , p 2 ); |Ω sum(s) | denotes the number of encryption units with the same pixel sum.The formula is shown in Equation (6), in which |Ω sum(s) | and (p 1 , p 2 ) ̸ = (p 2 , p 1 ) indicate that the encryption unit is ordered.

Figure 7 .Algorithm 3 3 : 5 :
Figure 7. Rank encryption scheme after Hamming distance segmentation.The improved rank encryption algorithm effectively combines the two-dimensional chaotic system.It generates random encryption units and determines their Hamming distance in step 1, defines the encryption process of the rank function in step 2, achieves different encryption in different blocks by combining the random values generated by the chaotic system in step 3, and iterates through all the pixel points in the pixel blocks during the encryption process.The encryption algorithm flow is shown in Algorithm 3. The image decryption operation is similar but opposite to the encryption operation.

Figure 8 .
Figure 8. Image quality analysis before and after encryption and decryption.

Figure 9 .
Figure 9. Analysis of image expansion rate before and after encryption and decryption.

RFigure 10 .
Figure 10.Correlation distribution of encrypted images with different number of rounds.

Figure 11 .
Figure 11.Histogram analysis of R,G and B channels with different number of rounds 4.5.Face Detection

Figure 12 .
Figure 12. Analysis of availability and privacy after encryption with different block sizes.

Figure 13 .
Figure 13.The success rate of face detection.

Figure 14 .
Figure 14.The example image of data loss.

Table 1 .
An analysis of the advantages and disadvantages of existing programs is warranted.

Table 2 .
NIST statistical test results for sequence x and sequence y.

Table 4 .
Different methods of time cost.