Lossless Thumbnail Preservation Encryption Based on Reversible Information Hiding

Abstract

With the proliferation of multi-camera smartphones, image generation has proliferated and cloud storage services have become the primary tool for storing and sharing photos. However, this also poses privacy and security risks. Traditional image encryption techniques, while protecting privacy, also lead to loss of image availability in the cloud. To balance security and availability, TPE (Thumbnail Preserving Encryption) is proposed. However, the decryption effect of the existing schemes is generally unsatisfactory, and many existing schemes are unable to achieve perfect restoration in practical applications. Meanwhile, a few fully reversible schemes are limited by the proposed algorithms, which makes it difficult to be extended to a wider range of applications. To solve this contradiction, this paper proposes a TPE scheme based on reversible information hiding. Specifically, the scheme preserves the DC coefficients of the image during the encryption process and encrypts the AC coefficients to enhance the security of the image, thus obtaining the intermediate encrypted image. Then, the intermediate encrypted image is pre-decrypted, and the subtle error between the original image and the intermediate encrypted image is used as the compensation information. In order to achieve lossless decryption, we introduce the reversible information hiding technique to embed the compensation information into the intermediate image, and we finally obtain the encrypted image. This is also applicable to other high-quality TPE schemes and can provide ideas for their optimization direction. The experimental results show that this scheme not only achieves lossless decryption but also outperforms other TPE schemes in terms of visual effect, while the file extension size is kept at a low level. The research in this paper provides new ideas for balancing image privacy protection and usability, which has important theoretical and practical significance.

1. Introduction

Today, with the widespread availability of smartphones with multiple cameras, having a mobile phone is almost the same as having a camera. In addition, people use a variety of image capture devices such as drones, tablets, pinhole cameras, and webcams to take high-resolution images anytime, anywhere. Around 1.4 trillion images were taken in 2023, and this number is growing rapidly every year. Cloud services have become the primary tool for storing and sharing photos because they offer many advantages over earlier methods, including low cost, global availability, built-in redundancy to handle hardware or network failures, and virtually unlimited storage capacity. These images often document people’s daily lives, and they also include a large amount of personal information [1,2]. At the same time, cloud services will automatically synchronize the images on the local device, making it easier for users to organize, preview, and control their images. They no longer have to worry about accidentally damaging images and can view and download them from any internet-connected device. However, once images are stored in the cloud, users lose complete control over them. This undoubtedly makes it more difficult for users to protect the privacy of their images. Users must trust the operators of the cloud infrastructure to protect their data from malicious outsiders looking to steal confidential information, such as the 2014 Apple iCloud account leak [3,4], in which private images from hundreds of Hollywood stars were leaked by hackers. In 2019, Facebook was exposed for using users’ images to train its own AI models for automatic image recognition [5], and this is not the first time Facebook has been accused of stealing users’ images [6,7]. Users must also trust that the cloud service itself (or its employees) will not abuse their access for their own purposes. A survey found that all 112 respondents believed that their images contained various types of private personal information [8]. Although traditional image encryption techniques can solve the problem of image privacy, traditional image encryption algorithms [9,10,11] with confusion structures are a common method for protecting image privacy. However, this usually makes images unusable and invisible in the cloud environment. Users cannot preview, select, organize, or manage images in the cloud, and all operations can only be performed after the entire image has been downloaded and decrypted, which obviously does not meet the actual needs of users. Traditional image encryption techniques deprive images of content-based usability, which is crucial for users of cloud storage. To be successful for users, mechanisms for protecting image privacy should not come in the form of sacrificing the usability of cloud services. Some research in visual psychology about image degradation (i.e., low-resolution versions or visually inferior versions of the original image) and visual memory has made it possible to protect privacy while maintaining some usability of encrypted images.

Gregory’s research [12] showed that subjects were able to recognize degraded versions of images they had previously viewed, which was particularly pronounced in portrait images. In addition, Snodgrass’s research [13] further shows that if the image is created by the subject themselves (photographed or painted), the recognition ability is even stronger. This information obtained by the subject by browsing the original image is called prior knowledge. Denning et al.’s research [14] shows that subjects can recognize degraded versions of images based on their prior knowledge. The above studies show that image recognition not only depends on people’s visual input but is also strongly influenced by prior knowledge. In other words, image recognition is an inference process based on a mixture of human visual input and prior knowledge, as demonstrated by Peter et al. [15]. Rousselet et al. [16] showed that the human visual system can process multiple images in parallel and remember visual information (i.e., prior knowledge) by simply browsing images. In general, people can distinguish between images after seeing one of them, even if it is distorted or blurred, and this ability is further enhanced, especially when the image is self-made or taken.

Therefore, as shown in Figure 1, when the pictures uploaded to the cloud are all in plaintext, they can not only be viewed by the user but also potentially obtained by an illegal third party. When encrypted using a traditional encryption scheme, although it can prevent an illegal third party from learning the privacy of the picture, the user cannot learn the information either. If the TPE scheme is used to encrypt the picture to prevent an illegal third party from learning the privacy of the picture, the user can also determine the information in the picture based on prior knowledge by previewing the encrypted picture. TPE cleverly uses a new dimension to achieve a tunable balance between image privacy and usability. Its excellent characteristics have attracted the attention of more and more researchers in recent years. Wright et al. [17] first proposed a new image encryption concept, namely thumbnail-preserving encryption (TPE). This scheme includes the BS and RBS methods, and the ciphertext image and the downgraded version of the original image (i.e., the thumbnail) are very similar. However, in the encrypted image generated by this scheme, the exact thumbnail is retained based on only permutation operations. Many studies [18,19,20,21] have shown that only permutation encryption is not resistant to statistical attacks.

Subsequently, Marohn et al. [22] proposed a format-preserving encryption scheme based on permutation operations, which can achieve the effect of thumbnail preservation. However, permutation alone does not change the pixel values, image privacy is not well protected, security is low, and the permutation operation makes image compression difficult. Tajik et al. [23] proposed preservation encryption between two pixels within an encryption block. Although this scheme can achieve lossless decryption and maintain high thumbnail quality, the Markov chain has poor connectivity. To address this problem, Zhao et al. [24] conducted a more in-depth study of the TPE scheme, increasing the number of pixels designed for saturation encryption, and they proposed using effective substitution encryption to enhance the connectivity of the Markov chain. The image is encrypted in groups of three pixels, but due to the large number of iterations and the use of random numbers, the complexity of the scheme is high. In order to reduce the computational complexity, Zhang et al. [25] proposed an approximate TPE, but the decrypted image and thumbnail may not exactly match the original version. In addition, Chai et al. [26] proposed a TPE scheme based on genetic algorithms. Zhang et al. [27] combined chaotic systems with substitution–permutation encryption. Since Zhang et al.’s permutation encryption is vulnerable to attacks, Zhao et al. [28] advocated a permutation–substitution framework. References [29,30,31,32] all implement lossless decryption based on approximate TPE. Although this scheme achieves a small file size expansion, DC coefficients may overflow and it is poorly resistant to attacks. In addition, An et al. [33] achieved a balance between usability and privacy by removing texture and color from the original image through cross-plane thumbnail protection while retaining necessary semantic information. Ma et al. [34] proposed a average DC coefficient (ADCC) method, which achieves thumbnail preservation by replacing the values of all DC coefficients in the encrypted block with the average value. The auxiliary information used to recover the DC information directly replaces the last two AC coefficients, and loss of the last two AC coefficients prevents lossless decryption. Wang et al. [35] proposed an efficient scheme for generating images with preserved thumbnails with high visual naturalness while ensuring the reversibility of the process. Yuan et al. [36], based on ADCC, achieved lossless decryption by performing reversible permutations and mappings on the DC difference and AC coefficients.

In summary, the existing TPE algorithms are facing performance defects such as insufficient security, poor retention of ciphertext image thumbnails, poor decrypted image quality, high ciphertext file expansion rate, poor format compatibility, the inability of lossless decryption, etc. It is urgent for new design algorithms to solve these problems in order to expand the scope of application and practicality of TPE. From

Table 1. Comparison between the proposed program and existing programs.

Schemes	BS [17]	RBS [17]	DRPE [23]	ADCC [34]	JPEG-TPE [36]	Proposed
Frequency domain	×	×	×	✓	✓	✓
Decryption quality	×	×	×	++	+++	+++
Visual quality	++	++	++	++	++	+++
File size expansion	+	+	+	++	+++	++
Format compatibility	×	×	×	++	++	+++
Security	+	+	×	++	+++	++

,where × stands for very poor or negative, ✓ means positive, and the number of + indicates how good or bad the effect is. It can be seen that the proposed scheme has obvious advantages in visual effect, decryption effect, and format compatibility compared to other schemes.

The main contributions of the work in this paper are as follows:

(1)

This TPE scheme is based on the DCT transform, which preserves its DC coefficients and encrypts its AC coefficients. The retained DC coefficients are the average values of pixels within an image block, which can satisfy the core points of thumbnail images: pixels within a block and invariant. Compared with the traditional TPE scheme that performs an encryption operation in the null domain and transforms the image to the frequency domain, it is more secure.

(2)

A compensated information embedding scheme based on reversible information hiding is proposed. By calculating the gap between the pre-decrypted image and the original image, the final encrypted image is obtained by compressing it and embedding it into the intermediate image with reversible information hiding. After downloading the encrypted image from the cloud, the compensation information is extracted and used for restoration, then lossless decryption can be achieved.

(3)

The compensation information embedding scheme has better generality than other lossless decryption schemes. Theoretically, other high-fidelity TPE schemes can optimize the algorithm through the idea of compensation information embedding to achieve the effect of lossless decryption.

This paper is structured as follows:

(1)

Section 1: The background and research significance of the topic of TPE and our contribution are given.

(2)

Section 2: The encryption process, core algorithms, and techniques of the proposed scheme are introduced.

(3)

Section 3: The design objectives of the scheme are introduced, as well as the experiments and analysis based on it.

(4)

Section 4: Summary and Outlook. This chapter summarizes the main research work of the thesis and the superiority of the scheme.

2. Proposed TPE Scheme

The encryption object of this scheme is a color image, including three channels, Y, U, and V. The same encryption method is used to encrypt the three channels, respectively. We take one channel as an example to introduce the specific process of encryption. We parse the image, divide it into 8 × 8 image blocks, convert it to the frequency domain via DCT transform, and obtain DC coefficients and AC coefficients.

As shown in Figure 2, the proposed TPE scheme includes AC coefficient encryption to form intermediate encrypted images, pre-recovery to compute the compensation information, and embedding the compensation information to obtain the final encrypted image.

2.1. Encryption Key Generation

In order to balance the resources and security of encryption key management, a common approach involves generating an adaptive encryption key by hashing and inputting the initial encryption key $\mathit{Key}$ (the key used should be a 512-bit value in order to resist brute force attacks) and the content of the image. Therefore, an adaptive encryption key is used in this paper. Specifically, when the encryption block size is u, the encryption key $Ke{y}_{dn}$ is generated as follows:

$$Ke{y}_{dn}=\mathrm{SHA}(a_1\parallel a_2\dots \parallel a_{u\ast u-1})\oplus \mathit{Key}$$

(1)

In Equation (1), where $\mathit{a}$ represents the AC coefficients in the TPE block. $\mathrm{SHA}$ denotes SHA3-512.

Due to its longer output and higher security, we choose SHA3-512, which is especially effective in resisting collision attacks and pre-image front attacks.

2.2. DCT Transform Encryption

The DCT is a mathematical tool widely used in signal processing and image compression. The standardization and popularization of the DCT is attributed to N. Ahmed, T. Natarajan, and K. R. Rao [37], who systematically described the DCT.

The formula for DCT transformation is as follows:

$$Y(u,v)={\displaystyle \frac{2}{\sqrt{MN}}}C\left(u\right)C\left(v\right)\sum _{m=0}^{M-1}\sum _{n=0}^{N-1}X(m,n)\cos {\displaystyle \frac{(2m+1)u\pi }{2M}}\cos {\displaystyle \frac{(2n+1)\nu }{2N}}$$

(2)

In Equation (2), where $u=0,1,\dots ,N-1$; $v=0,1,\dots ,M-1$;

$$C\left(u\right)=\left\{\begin{array}{c}{\displaystyle \frac{1}{\sqrt{2}}},u=0\\ 1,u\ne 0\end{array}\right.$$

(3)

$$C\left(v\right)=\left\{\begin{array}{c}{\displaystyle \frac{1}{\sqrt{2}}},v=0\\ 1,v\ne 0\end{array}\right.$$

(4)

For example, we perform 8 × 8 chunking of the image and perform DCT transform on it. Then, according to Equations (2)–(4), the DCT change Equation (5) is given as follows:

$$\mathrm{Y}(\mathrm{u},\mathrm{v})={\displaystyle \frac{1}{4}}\mathrm{C}\left(u\right)\mathrm{C}\left(v\right)\sum _{\mathrm{m}=0}^7\sum _{\mathrm{n}=0}^7\mathrm{X}( \mathrm{m},\mathrm{n})\cos {\displaystyle \frac{(2 \mathrm{m}+1)u\pi }{16}}\cos {\displaystyle \frac{(2\mathrm{n}+1)v}{16}}$$

(5)

2.2.1. Direct Current Coefficient

It is a common and effective method to divide the image into 8 × 8 blocks, and this division provides a structured basis for subsequent signal processing. The first of these coefficients is the DC coefficient. This coefficient is the most important; it provides information about the average brightness of the image block and its overall low frequency characteristics, which is essential for realizing thumbnail encryption. And, the AC coefficients are opposite to the DC coefficients and are mainly used to characterize the details and variations of the image. By performing a series of encryption processes on these AC coefficients, we are actually blurring the details and variations of the image. This blurring not only effectively protects the image content but also safeguards the user’s privacy to a certain extent and ensures that sensitive information is not easily recognized. At the same time, this processing also maintains the usability of the image so that the corresponding visual information can still be accessed when needed. Therefore, by cleverly combining the processing of DC and AC coefficients, we are able to achieve a balance between privacy protection and information availability in thumbnail encryption for the purpose of optimizing image security.

2.2.2. Alternating Current Coefficient

There are many ways to encrypt the AC coefficients, such as substitution encryption, XOR encryption, adding random noise, or exchanging coefficients between different blocks. We performed many experiments on it and finally used the replacement encryption.

It is worth noting that the random seed assigned to each block is unique, which leads to a different order of AC coefficient upset for each block. This differentiated encryption not only enhances the privacy protection but also increases the difficulty for attackers to crack the data. Using this method, we are able to effectively prevent unauthorized access to the data, thus safeguarding the user’s privacy to a large extent.

The experimental results are shown in Figure 3, where the visual visibility of the data is maintained after using disambiguation encryption. This property makes our encryption scheme well suited to the goal of thumbnail encryption.

2.3. Computation and Compression of Compensation Information

After the above operation, we successfully obtained the intermediate encrypted image $f_w$. This process is a key step in image encryption technology, which ensures the security and privacy of the data. However, through experimental analysis, we found that the rounding operation has a significant effect on the frequency domain coefficients, which is the main source of the decrypted image distortion. This means that during the conversion process, certain subtle image information may be lost due to rounding, which leads to differences between the final decrypted image and the original image.

In order to minimize this distortion, we perform a pre-decryption operation on the rounded intermediate encrypted image $f_w$ to generate the pre-decrypted image $f^{\prime }$. This operation not only helps to recover some of the details of the image but also creates conditions for subsequent lossless decryption. In this process, we need to introduce the concept of distortion measure, using D to represent the degree of distortion between the pre-decrypted image $f^{\prime }$ and the original image f. By accurately calculating this distortion value, we are able to better understand the effectiveness of the pre-decryption process and compensate for possible errors. The Equation (6) for calculating the compensation information is as follows:

$$D=\left(f-f^{\prime }\right)$$

(6)

Obviously, the amount of information generated by the simple computation of the difference is so huge that the recovery information cannot be reversibly embedded into the intermediate encrypted image $f_w$. In our study, after careful experimentation and analysis, we found that the error introduced due to the rounding process was not really significant. Specifically, the difference in most of the pixels was calculated to be zero, and only a small number of pixels had their values changed, but the effect of this error on the overall image was minimal. Therefore, we believe that the method of block compression is a relatively appropriate choice. This method not only effectively reduces data redundancy but also achieves secure embedding of information while maintaining image quality.

Block compression records the block number where non-zero elements exist, then compresses these blocks. As shown in Figure 4, the row number, column number, and corresponding value of the non-zero elements in the block are recorded.

2.4. Reversible Embedding of Compensation Information

Consider the difference between neighboring pixels rather than simple pixel values [38] to propose an efficient extension of the histogram modification technique. And, an auxiliary binary tree is proposed: suppose the number of peak points for embedding a message is $2^L$, then L is the level of its binary tree. The tree predetermines the multiple peak points used to embed the message.

2.4.1. Embedding Process

For an N-pixel 8-bit grayscale image h with pixel value $x_i$, where $x_i$ denotes the grayscale value of the ith pixel, $0\le i\le N-1, x_i\in \mathbf{Z}, x_i\in 0, 255$.

2.4.2. Extraction Process

This process extracts the information and payload from the watermarked image and recovers the original image non-destructively. Let L be the level of the binary tree.

For an n-pixel 8-bit watermark map W with pixel value $y_i$, where $y_i$ denotes the gray value of ith pixel, $0\le i\le N-1, y_i\in \mathbf{Z}, y_i\in 0, 255$.

2.5. Thumbnail Generation

After delivering an image to the cloud for saving, the cloud usually generates thumbnails for users to quickly preview it online because of its small file size and transfer speed block. The original image is divided into $\mu \times \mu$ sizes, and the average pixel value in the block is represented by a pixel in the thumbnail $S_{\varsigma }$. The Equation (7) is as follows:

$$S_{\varsigma }={\displaystyle \frac{{\displaystyle \sum _{{\chi }_1=1}^{\mu }}{\displaystyle \sum _{{\chi }_2=1}^{\mu }}{E}_{\varsigma }\left({\chi }_1,{\chi }_2\right)}{\mu \times \mu }}$$

(7)

where $\varsigma \left(1\le \varsigma \le {\displaystyle \frac{n}{\mu \times \mu }}\right)$ denotes the one-dimensional location of the thumbnail, and $E_{\varsigma }$ denotes the pixel block of size $\mu \times \mu$ generated from the original image E.

2.6. Encryption Process

We have given the core technique of the encryption process. Based on this, the specific encryption process of the scheme is as follows:

• The original image is transformed by DCT, the AC coefficients are encrypted by substitution according to the key generated by Equation (1), and the intermediate encrypted image is obtained.
• Pre-decryption: according to the key, the AC coefficients are reduced to obtain the pre-decrypted image.
• According to Equation (6), the compensation information is obtained by making a difference between the original image and the pre-decrypted image.
• Compensation information is compressed by using block compression.
• According to Algorithm 1, the compensation information is embedded into the intermediate encrypted image to get its final encrypted image.

Algorithm 1 Embedding Process

Input: Greyscale image h, binary tree level L, watermark bitstream b Output: Watermarked image $h^{\prime }$   1: Histogram Shifting: Shift histogram by $2^L$ units on both sides Record shifted pixel ranges as auxiliary data   2: Reverse Image Scanning:   3: for $i=N-1$ downto 1 do   4:       Calculate pixel difference $d_i=x_i-x_{i-1}$   5: Watermark Generation:   6: for $i=N-1$ downto 0 do   7:       if $d_i\ge 2^L$ then   8:            if $i=0$ then   9:         $y_i\leftarrow x_i$ 10:            else 11:         if $x_i<x_{i-1}$ then 12:              $y_i\leftarrow x_i-2^L$ 13:         else 14:              $y_i\leftarrow x_i+2^L$ 15:       else 16:            if $x_i<x_{i-1}$ then 17:         $y_i\leftarrow x_i-(d_i+b_i)$ 18:            else 19:         $y_i\leftarrow x_i+(d_i+b_i)$ 20:       Update $h^{\prime }$ with $y_i$ 21: return $h^{\prime }$

2.7. Lossless Image Decryption

In the decryption stage, since the methods of the encryption process are all fully reversible, the encryption steps can be followed in reverse and reconstructed into the original image according to the key. The decryption steps are as follows:

• The received encrypted image is labeled as f, and the compensation information is extracted from the received image f according to Algorithm 2. From this, the intermediate encrypted image $f_w$ can be isolated.
• The DCT transform is performed on $f_w$, the key-generated disambiguation sequence is used to restore the alignment of the AC coefficients, and an inverse DCT transform is performed to obtain the pre-decrypted image $f^{\prime }$.
• By adding the compensation information D to the pre-decrypted image $f^{\prime }$, a lossless restore to the original image is obtained.

Algorithm 2 Extraction Process

Input: Watermarked image $h^{\prime }$, binary tree level L Output: Original image h, watermark bitstream b   1: Move histogram and record transfer information:   2: a. Shift histogram $2^L$ units on both sides   3: b. Record shifted pixel range as auxiliary data   4: Reverse scan image:   5: for $i=N-1$ down to 1 do   6:       if $|y_i-x_{i-1}|<2^{L+1}$ then   7:             if $y_i<x_{i-1}$ then   8:               $x_i\leftarrow y_i+⌈{\displaystyle \frac{\left|y_i-x_{i-1}\right|}{2}}⌉$   9:             else if $y_i>x_{i-1}$ then 10:               $x_i\leftarrow y_i-⌈{\displaystyle \frac{\left|y_i-x_{i-1}\right|}{2}}⌉$ 11:             else 12:               $x_i\leftarrow y_i$ 13:             if $y_i-x_{i-1}$ is even then 14:               $b_i\leftarrow 1$ 15:             else 16:               $b_i\leftarrow 0$ 17:       else 18:             if $y_i<x_{i-1}$ then 19:               $x_i\leftarrow y_i+2^L$ 20:             else if $y_i>x_{i-1}$ then 21:               $x_i\leftarrow y_i-2^L$ 22:             else 23:               $x_i\leftarrow y_i$ 24:       if overhead information marked as 1 then 25:             Shift $x_i$ by $2^L$ units 26: return $h,b$

3. Experimental Results and Analysis

3.1. Design Objective

The goals of our proposed scheme include:

• Visualization: Ciphertext images need to retain a certain amount of visual information. Therefore, the thumbnail generated from a cipher image should be similar or identical to the thumbnail of the original image, which is important to maintain usability.
• Lossless Decryption: Lossless decryption ensures that the original image information is not lost throughout the encryption and decryption process, thus preserving the integrity of the original data. Even if the loss is minimal with each encryption, the overall image quality can be significantly degraded after multiple encryption and decryption processes. Data integrity ensures that in IoT devices containing critical information and control commands, data can be evaluated correctly and commands can be executed efficiently. Lossless decryption ensures that the image is accurate and thus the instructions given are reliable, avoiding the unforeseen consequences of even the smallest error.
• Privacy security: In the TPE field, the focus is on the balance between privacy and usability of the image, not confidentiality. Images should not reveal any details beyond the thumbnail.
• Low File Extension: Ciphertext images cannot generate too large a file extension. In application areas where excessive information may be generated by uploading a large number of images at the same time, a small file extension size can result in a huge difference in storage space.
• Compatibility: The proposed TPE solution has good compatibility, which means that it can seamlessly work in harmony with all kinds of cloud storage services that are widely used in the market today. Users can easily utilize this solution without having to make any kind of modifications or adjustments to their existing cloud systems.

Based on this, this section will demonstrate the superiority and effectiveness of the proposed scheme in terms of the following: 1. visual quality, 2. decryption effect, 3. security analysis, 4. user evaluation, 5. file extension, 6. format compatibility, etc. The test image dataset is the Inria Holidays dataset (a total of 1491 images), and all the images are resized to 512 × 512. Comparison schemes are BS and RBS [17], DRPE [23], ADCC [34], and JPEG-TPE [36].

3.2. Visual Quality

• Encrypted image quality:
  In this paper, we generate TPE encryption maps with different accuracies based on different encryption fast sizes. As shown in Figure 5, for different encryption block sizes from 4 to 128, as the encryption block size increases, the visibility decreases, the privacy becomes higher, and the usable information that can be obtained from the image becomes less and less. Specifically, when the encryption block is 4, the encrypted image is extremely similar to the original image, while when the encryption block reaches 64 and 128, the encrypted image usability has been reduced to such a low level that no usable information can be obtained from image analysis.
• Quantitative analysis of encrypted images:
  In order to better illustrate the encryption effect of this algorithm, the Peak Signal to Noise Ratio (PSNR) and Structural Similarity (SSIM) will be used to qualitatively assess the effectiveness of the abbreviated encryption.
  Figure 6 and Figure 7 show the encryption results tested on the Inria Holidays dataset. The experimental results show that the PSNR of this scheme is higher than all other schemes, and SSIM also performs better when the encryption blocks are from 2 to 16, and it is only countered by the DRPE scheme when the encryption blocks are greater than or equal to 32. Note that this TPE scheme is not a guarantee that illegal third parties cannot obtain any information from the ciphertext image. In fact, the scheme can expose less unimportant information to gain some usability, so that illegal third parties cannot learn more information from the encrypted thumbnail image. The specific encryption effect can be chosen according to different encryption block sizes.
• Encrypted thumbnail image quality:
  It is more reasonable to compare the quality of thumbnails generated from encrypted images with the quality of the original image because the thumbnails provide the user with a quick preview to recognize the original image content. We have taken the thumbnails generated from encrypted images based on different encryption block sizes and reduced them to 512 × 512, as shown in Figure 8. The experimental results show that as the encryption block size increases, the thumbnail contains less and less meaningful content and the original image becomes more and more difficult to recognize. And, when the proper encryption block is chosen, the difference between the thumbnail of the encrypted image and the thumbnail of the original image is not very big, and the legitimate users are able to utilize the visibility to distinguish the images they need.
• Quantitative analysis of encrypted thumbnails:
  The thumbnail generated from the encrypted image is compared with the thumbnail generated from the original image, which is more in line with the practical application scenarios, as shown in Figure 9 and Figure 10. The PSNR and SSIM values of this scheme are higher than other schemes, indicating that it is more in line with practical application requirements. Legitimate users are able to browse quickly in the cloud to recognize the desired image. The higher PSNR and SSIM values indicate that the thumbnail images have high preservation capability.

3.3. Decryption Effects

The PSNR and SSIM values of the decrypted images are listed as shown in

Table 2. Average PSNR of decrypted images.

Dataset	µ	PSNR
		Proposed	ADCC	DRPE	BS	RBS	JPEG-TPE
Inria Holiday	2	Inf	68.14	22.68	39.76	40.32	Inf
	4	Inf	68.14	22.29	39.24	40.32	Inf
	8	Inf	68.14	26.05	38.82	40.32	Inf
	16	Inf	68.14	29.97	38.47	40.32	Inf
	32	Inf	68.14	31.38	38.42	40.32	Inf

and

Table 3. Average SSIM of decrypted images.

Dataset	µ	SSIM
		Proposed	ADCC	DRPE	BS	RBS	JPEG-TPE
Inria Holiday	2	1	0.99	0.73	0.92	0.94	1
	4	1	0.99	0.82	0.90	0.94	1
	8	1	0.99	0.89	0.87	0.94	1
	16	1	0.99	0.93	0.85	0.94	1
	32	1	0.99	0.92	0.85	0.94	1

, where $\mu$ is the encrypted block size. For the ADCC scheme, the quality of the decrypted image does not vary with the block size due to the fixed sacrifice of the last two ACs to embed the DC information. In the DRPE scheme, there may bean inconsistent dynamic range of DC coefficients in the TPE block during the decryption process; the larger the block, the more limited the dynamic range and the better the quality of the decrypted image. In the BS and RBS schemes, since the encryption involves YUV before compression, there is some loss of image data during compression. In addition, the sub-block size of RBS is 88, and the substitution does not change the value of the data in the block, so the PSNR and SSIM remain unchanged for different encrypted block sizes. Although the JPEG-TPE scheme proposed by Yuan also realizes lossless restoration, it is based on their algorithms only, and it has a low reference.

3.4. Security Analysis

• Information entropy:
  Information entropy can be used to measure the uncertainty of the image information; the closer the information entropy of the image is to 8, the greater the uncertainty and the more effective the algorithm is.

  Table 4. Information entropy.

  	Original	Proposed
  R	7.27	7.37
  G	7.58	7.69
  B	7.00	7.38

  shows the information entropy of the original and encrypted images, where the information entropy of all channels increases and is closer to 8.
• Correlation coefficient analysis:
  5000 pairs of neighboring pixels are randomly selected from the horizontal, vertical, and diagonal directions of the image, and the correlation coefficients between these pixels are calculated. The correlation coefficients obtained are shown in

  Table 5. Correlation coefficients.

  	Original Image				Encrypted Image
  	Horizontal	Vertical	Diagonal		Horizontal	Vertical	Diagonal
  R	0.9769	0.9870	0.9637		0.4993	0.4679	0.4540
  G	0.9786	0.9902	0.9676		0.4856	0.4914	0.4721
  B	0.9531	0.9776	0.9307		0.4732	0.4728	0.4707

  and Figure 11, where red, green, and blue represent the horizontal, vertical, and diagonal random selection, respectively; the x-axis and y-axis denote the gray values; and the dots represent the relationship of gray values between a pair of neighboring pixels. The results show that this scheme can greatly reduce the correlation between pixels.

3.5. User Evaluation

We selected multiple photos of Jay Chou and various strangers from Visual China, and we encrypted these photos with encryption blocks of different sizes in the proposed encryption scheme, as shown in Figure 12. Then, 100 random participants in universities and shopping malls were tested by selecting Jay Chou out of nine random encrypted person images, as shown in Figure 13. Compared with other schemes, the usability of this scheme is better while guaranteeing privacy, which indicates that it will provide a better experience for users in real application scenarios.

3.6. Document Extension

Any encryption operation inevitably leads to an increase in file size. This phenomenon is fully verified in Figure 14, which is experimentally tested based on the Inria Holidays dataset. The experiments show that as the encryption block size increases and the quality factor decreases, the average expansion of the image shows a certain increasing trend. However, although the encryption operation leads to an increase in file size, this increase is always maintained at a relatively low level, which is manifested in the following: when different sizes of encryption blocks are used, the magnitude of the change in the expansion rate is more limited, and in the process of adjusting the quality factor to a lower value, the overall effect is still maintained in an acceptable range, although the compression efficiency is affected to a certain extent. More importantly, this degree of file size growth does not significantly affect the actual user experience, and the negative impact is at a negligible level, both from the perspective of visual perception and data transfer efficiency.

3.7. Format Compatibility

In this scenario, the performance of the AC (alternating current) and DC (direct current) coefficients has been analyzed in detail, and the results show good format compatibility between them. This compatibility is one of the key factors in ensuring efficient and accurate data processing. It is worth noting that the DC coefficients remain constant throughout the process, and this stability allows the data to maintain consistency during conversion and transmission without any loss or distortion of information due to changes.

Meanwhile, the AC coefficients are processed using substitution encryption. This approach not only enhances the security of the data but also ensures that the operation is within the valid range and avoids possible overflow problems. This design concept makes the processing of AC and DC coefficients applicable regardless of the image format, ensuring broad compatibility with different types of image files. This flexibility and reliability make this solution more advantageous in practical applications, meeting the needs of various application scenarios and providing users with a safer and more efficient data processing solution. With this design, users can confidently process data without worrying about problems caused by incompatible formats.

4. Conclusions

We propose a visual privacy preserving scheme, LD-TPE, which aims to balance usability and privacy of user images in cloud usage scenarios. Our proposed scheme achieves this goal without losing image information, and its solution can provide a reference for other high-quality decryption schemes with high applicability. All the coefficients are adjusted within the effective range without overflow, which ensures the format compatibility. The experimental results show that the solution not only achieves lossless decryption but also outperforms other TPE solutions in terms of visual effect while the file extension size is kept at a low level.