Thumbnail Secret Image Sharing in Cloud Storage

Abstract

In recent years, the amount of data has increased explosively, which has spawned the large-scale development of cloud storage. Increasingly, individuals and enterprises store images in cloud space. The storage security of the cloud is generally guaranteed by encryption, but this can no longer meet the needs of image management and protection. In order to realize the management and loss tolerance of images, this paper proposes a thumbnail secret image sharing method. The proposed scheme combines the advantages of thumbnail-preserving encryption (TPE) and secret image sharing (SIS) with different meaningful shadows. Thumbnails can realize the visual management of stored images, and secret image sharing can realize the perfect security of stored images. The proposed scheme realizes the confidentiality, integrity, and availability of images, which are three elements of information security. Compared with TPE, our scheme not only realizes the visual management of images but also achieves loss tolerance and perfect security. Compared with SIS with different meaningful shadows, our scheme will greatly improve the sharing efficiency and reduce the consumption of computing resources. In this paper, the theoretical analysis and security proof of the proposed scheme are presented. In addition, we also conduct sufficient experiments and comparative explanations.

1. Introduction

Currently, with the rapid development of the internet and the wide application of intelligent devices, people are increasingly fond of sharing their lives on social media and networks [1]. There is no doubt that images are the main way to show the state of a person’s life and their understanding of the real world [2]. According to statistics, 136,000 photos are uploaded to Facebook every minute, which is equivalent to 195 million images per day, while this number was only 2.7 million in 2010 [3,4]. Photos uploaded to social platforms are only part of the volume of images taken. In June 2021, Rise Above Research, a consulting firm that provides market research for the digital imaging industry, estimated the number of global images was 1.12 trillion in 2020 and predicts that the number of global images will grow to 1.4 trillion images in 2021 [5]. Faced with such a large and growing amount of images, local storage in the traditional sense will become difficult to deal with. If these images are all stored in a local storage device, it will take up a great deal of resources and space from the user and cause inconvenience in management.

Uploading images to the cloud space for storage and management has overturned the traditional image storage and management methods and has become the current development trend [6,7]. Many internet companies and major mobile phone manufacturers now provide general cloud storage services, such as Dropbox, OneDrive, Google Drive, and iCloud. The development and popularity of cloud storage services make cloud storage space larger and cheaper. Therefore, more users will be attracted to use cloud storage services, and increasing numbers of images will be uploaded to the cloud space. Among the massive images, there are some high-value images containing personal privacy and trade secret information that need to be protected, which are called secret images. The large increase of secret images has forced them to be uploaded to the cloud space to alleviate the lack of local resources [8,9]. However, in the 2020 Cloud Security Report from Check Point [10], nine main cloud security issues and threats were listed in 2021: misconfiguration, unauthorized access, insecure interfaces/APIs, hijacking of accounts, lack of visibility, external sharing of data, malicious insiders, cyberattacks, and denial of service attacks. Although many users have no choice but to decide to upload sensitive data and secret images to the cloud space, these threats have caused great concerns among users [11,12]. These concerns mainly include data loss/leakage and data privacy/confidentiality. The status of cloud storage is shown in Figure 1.

1.1. Related Work

To protect secret images stored in cloud space, a series of works have been proposed. Information security is often assessed by CIA (confidentiality, integrity, availability) [13,14], which are three elements of information security. For the security of secret images, secret images cannot be uploaded directly to the cloud space but must be processed. Currently, the most common way is to encrypt [15,16,17] the secret image and upload cipher images to the cloud space. Traditional image encryption algorithms with a confusion and diffusion structure are commonly used to encrypt secret images. Although these schemes can protect the confidentiality of secret images, there are still many problems after uploading encrypted images to the cloud. For example, users cannot directly browse cipher images through the cloud, so they are prohibited from organizing and managing images through visual content [18,19,20]. Users can only understand the content of the image after downloading and decrypting the cipher image, which violates the principle of availability in cloud space. Regarding the problem of cipher images management, some scholars have combined the research results of visual memory in visual psychology to propose a concept of image encryption based on prior knowledge, that is, thumbnail-preserving encryption (TPE) [21,22,23]. The basic idea of TPE is that the cipher image retains the thumbnail of the original image. Legal users with prior knowledge can combine the visual information of the cipher image with prior knowledge to infer the specific content of the image, while illegal users without prior knowledge cannot infer from the rough visual information of the cipher image, as shown in Figure 2.

The first TPE scheme was designed by Wright et al. [21], and then many scholars made improvements to further the recognition and organization of cipher images [24,25,26]. Zhao et al. [27] improved the original scheme [25,26] and further optimized the practicability and efficiency of TPE, but their scheme still did not solve the problem of image integrity. Therefore, we carried out further design and optimization.

1.2. Discussion

Organizations and individuals use the cloud to store their data and applications and trust it to be safe and reliable. However, the cloud is not perfect, and even the most reliable cloud provider will suffer data loss, which is inevitable. Cyberattacks or equipment failures are important reasons for data loss. Similarly, human error, such as simply an incorrect instruction, may lead to data loss. However, none of the above schemes can deal with data loss well, which is the main concern of users.

The traditional encryption scheme protects the privacy of secret images, but it brings about the problems of the difficult management of cipher images and data loss, leading to data unavailability. Although TPE solves the management problem of cipher images, it cannot prevent data loss and data damage, which seriously affects the integrity of data. In order to further improve the security of cloud storage and increase users’ trust in cloud storage, we adopt the idea of SS to perform encryption. The image is encrypted into multiple cipher images by secret image sharing (SIS) [28,29,30] and then stored in different cloud spaces by distributed storage. SIS has the property of loss tolerance, so it can prevent data loss and data damage [29,31]. The traditional SIS cipher image and encrypted image are noise images [32].

The current work cannot meet the security and management needs of images in the cloud, so we use the knowledge of secret sharing (SS) [33,34] and thumbnails to realize the perfect protection and convenient management of images. Proposed scheme mainly uses approximate thumbnails and control sharing models. Approximate thumbnails are mainly used to solve the usability problem of encrypted images. Controlling secret sharing is performed to ensure the integrity of the secret and change the situation that the original shared cipher image is noise, which is based on approximate thumbnail sharing. We specifically describe the contributions of the proposed scheme in the CIA of information security below.

• Confidentiality: This paper uses the method of SS to encrypt the secret image to realize the protection of image privacy.
• Integrity: Compared with previous schemes, our scheme has the characteristics of loss tolerance, which is critical for the complete recovery and utilization of secrets, greatly improving the security of cloud storage.
• Availability: The cipher image generated by the proposed scheme is visually identifiable and achieves the management of the cipher image. Compared with meaningful SIS, our scheme greatly improves the efficiency of sharing.

The rest of the paper is organized as follows. Section 2 introduces the basic concepts and related knowledge needed in this paper. The proposed scheme is introduced in Section 3, including the general overview of the scheme, the design of the scheme and algorithm, and the security analysis. Section 4 gives the experimental result and data. Finally, Section 5 concludes this paper.

2. Preliminary

In this section, we introduced the basic definitions and preliminaries used in this paper, including secret sharing, polynomial-based SIS, and thumbnail-preserving.

2.1. Secret Sharing

SS [33,34] encrypts the secret information into several shares and secretly distributes them to a number of participants. At the same time, it requires that the authorized subset of participants can be combined to recover the secret information by using the shares held. Other unauthorized subsets cannot recover secret information by shares.

An SS scheme can be described as a six-tuple $\{\mathcal{P},{\mathsf{\Gamma }}_Q,\mathcal{K},\mathcal{S},\mathcal{E},\mathcal{D}\}$, where

• $\mathcal{P}$ is the finite set of secret sharing participants, and $\mathcal{P}=\{P_1,\dots ,P_n\}$, where n is the number of participants, namely $n=\left|\mathcal{P}\right|$;
• ${\mathsf{\Gamma }}_Q$ is an access structure, which is composed of participant authorization subsets;
• $\mathcal{K}$ is a finite set of possible secret values, and the number of elements in the secret value space is defined as $\eta =\left|\mathcal{K}\right|$;
• $\mathcal{S}$ is a finite set of possible shared values. Since each shared value may have a different value space, let $\mathcal{S}=\{S_1,\dots ,S_n\}$;
• The sharing function $\mathcal{E}$ is a probabilistic algorithm, denoted as $\{{\beta }_1,\dots ,{\beta }_n\}\leftarrow \mathcal{E}(\mathcal{P},{\mathsf{\Gamma }}_Q,\alpha )$. Among them, the secret value $\alpha \in \mathcal{K}$; the output is n shared values, and ${\beta }_i\in {\mathcal{S}}_i(1\le i\le n)$;
• The recovery function $\mathcal{D}$ is a deterministic algorithm, denoted as ${\alpha }^{\prime }\leftarrow \mathcal{D}\left(\mathcal{A}\right)$. Assuming that e participates in recovery, $\mathcal{A}$ is the set of shared values participating in secret recovery, $\mathcal{A}=\{{\beta }_{t_1},\dots ,{\beta }_{t_e}\}=\mathcal{E}(\mathcal{P},{\mathsf{\Gamma }}_Q,\alpha )\left[\mathcal{P}\right]$, and $\mathcal{P}=\{{\mathcal{P}}_{t_1},\dots ,{\mathcal{P}}_{t_e}\}\subseteq 2^{\mathcal{P}}$.

SS has the advantages of unconditional security, loss tolerance, and access control. Considering that SS has many advantages, the technology is widely used in the field of security, such as key management, password sharing, electronic voting, group signature authentication, and secure multi-party calculation, etc.

2.2. Polynomial-Based SIS

In 1979, Shamir proposed the polynomial-based SS. The sharing algorithm of the scheme is shown in Algorithm 1, and its recovery algorithm can be realized by Lagrangian interpolation. The core of polynomial-based SIS is $k-1$ order sharing polynomial $f\left(x\right)=a+a_{1}x+\dots +a_{k-1}{x}^{k-1}modp$, where the value space is a finite field $\mathcal{K}=Z_p$, the modulus p is a prime power, the secret value $a\in \mathcal{K}$, and the random factors $a_1,\dots ,a_{k_1}\in \mathcal{K}$. Since the sharing and recovery algorithms are simple and efficient and there are few public parameters, the polynomial-based SIS is widely used and is often used as the basic algorithm for security protocol design [35,36,37].

Algorithm 1 The polynomial-based SS

Input:$a,k,n.$ Output: n cipher images ${\beta }_n$ Step 1: Select n different non-zero elements in the finite field $Z_p$, denoted as $x_i$, $1\le xi\le p-1$$(p\ge n+1$ and p is a prime number). $x_i$ can be made public. Step 2: Randomly and independently select $k-1$ elements in the finite space $Z_p$, denoted as $a_1,\dots ,a_{k-1}$. Step 3: Calculate ${\beta }_i=f\left(x_i\right),(1\le i\le n)$ respectively, where $f\left(x\right)=a+{\sum }_{j=1}^{k-1}{a}_j{x}^{j}modp$. Step 4: The shared value ${\beta }_i$ is secretly sent to the corresponding participant $P_i$, $(1\le i\le n)$.

Thien and Lin [38] introduced SS into the image field in 2002. The difference between SIS and SS is as follows:

• $a_i$ is the $i_{th}$ pixel value of each group in each SS process.
• p is selected as 251, and the pixels above 250 are treated as 250.

Thien–Lin’s scheme shares a cipher image whose size is only $1/k$ of the original image, but in some cases, the cipher image will leak information about the original secret image. In order to avoid the security problem of Thien–Lin’s scheme, our paper uses the original polynomial-based SIS scheme, that is, only $a_0$ is embedded with a pixel. In order to avoid the loss and distortion of secret pixels, this paper chooses $p=257$. However, the maximum storage pixel of an image is 256, which means that if ${\beta }_i=256$ occurs, it must be re-shared in the same way. The encryption scheme of SIS can effectively protect the privacy of secret images and can also protect against the loss of secrets. However, the cipher images generated by SIS are noise images, which is not convenient for management and use, and the efficiency is also very low. These are the factors that this article needs to improve and upgrade.

2.3. Thumbnail-Preserving Encryption

Wright et al. [21] proposed the concept of thumbnail-preserving encryption, that is, the cipher image presents the same visual content as the low-resolution version of the original image. The algorithm is shown in Algorithm 2.

Algorithm 2 Thumbnail-preserving encryption

Input: Secret image of size $M\times N,K,B$. Output: Cipher image. Step 1: Use the passphrase to derive a secret symmetric key K using a password based key derivation function. Step 2: Color space transformation. Step 3: Divide the secret image into blocks of $B\times B$ pixels and encrypt the pixels in each block by first permuting the order in which they appear.

The goal of TPE is to encrypt each block such that the cipher image reveals the average pixel value in the block but nothing more. This allows an untrusted third party who does not possess the key to reconstruct an accurate $M/B\times N/B$ pixel thumbnail, where each block in the cipher image corresponds to a single pixel in the thumbnail. The legal owner of the image has prior knowledge of the original image’s visual characteristics, so the image owner can accurately identify and preview the image based on these low-resolution encrypted images [39,40].

TPE can not only protect the privacy of cloud-stored images but also can easily use today’s cloud services to achieve a satisfactory balance between image privacy and usability. It is worth noting that the existing TPE scheme cannot resist information loss, which is worth promoting.

3. The Proposed Scheme

Our scheme fully considers the three elements of information security and realizes the full protection of secret images. Legitimate users can use our scheme to encrypt the secret image into meaningful cipher images. These cipher images have the characteristics of loss tolerance, which means that the loss of $n-k$ cipher images will not affect the recovery of the secret image, and fully protect the availability of the secret image. Even if a malicious user obtains up to $k-1$ cipher images, the malicious user does not obtain any information of the secret image through visual information or computation and does not have any impact on the confidentiality of the secret image. The legitimate user can easily manage cipher images through visual features, and when at least k cipher images are obtained, the legitimate user can restore the secret image losslessly, ensuring the integrity of the secret. The detailed process can be referred to Figure 3 and Figure 4.

Our scheme is suitable for most high-value digital images, such as gray-scale images and color images. These images are composed of one or more channels, and each channel is a two-dimensional matrix array. Since the structure and value range of channels are the same, this paper mainly focuses on the single-channel image, that is, a gray-scale image. The range of gray image pixels is 0–255, that is, eight bits (one byte), which means that any data that can be represented by the binary stream are converted into a gray image. Therefore, through simple coding, any valuable binary data stream can be shared using the scheme presented in this paper.

The symbol description of the proposed scheme is shown in

Table 1. Nomenclature.

Symbol	Description
P	Plain image
C	Secret image
M	Meaningful image carrier
$i,j$	The pixel values of i-th row and j-th column in the image
$r,c$	The number of rows and columns of the image
$k,n$	Threshold of the control sharing models
X	The serial number of the control sharing models
$S{C}_X$	Cipher image

.

3.1. Description of the Proposed Scheme

The scheme proposed in this paper mainly uses the knowledge of SS and thumbnails to realize the highly secure storage of secrets, which means that the confidentiality and integrity protection of secret images can be realized. Our proposed scheme mainly uses approximate thumbnails and control sharing models. Approximate thumbnails are mainly used to solve the usability problem of encrypted images. Unlike previous TPEs, the accuracy of our TPE images can be controlled on the premise that legitimate users with prior knowledge can be identified, and the overall pixel quality of the TPE image is lower than that of the original thumbnail. Controlling secret sharing is performed to solve the integrity of the secret and change the situation that the original shared cipher image is noise, which is based on approximate thumbnail sharing.

3.2. Approximate Thumbnails

Approximate thumbnails and thumbnails are visually similar, but the pixel accuracy is less than that of the original image.

In order to accurately describe the quality of approximate thumbnails, we introduce the following definitions.

Definition 1.

Thumbnail ratio: The thumbnail ratio ℜ refers to the ratio of the length (width) of the secret image to the length (width) of the original image. General thumbnails do not change the aspect ratio (the ratio of length to width) of the original image, so the usual thumbnail ratio is $\Re =C_r/P_r=C_c/P_c$.

Definition 2.

Identification points: The identification point [$A:(i^{\prime },j^{\prime })$] is the position of the pixel in the encrypted or shared cipher image that is similar to the meaningful image. The identification points can be calculated by Formula (1).

$$A_{(i^{\prime },j^{\prime })}=\left\{\begin{array}{c}{i}^{\prime }=⌊P_i\times \Re ⌋\\ j^{\prime }=⌊P_j\times \Re ⌋\end{array}\right.$$

(1)

Corresponding to the identification points are the unidentification points ($\overline{A}:(i^{\prime },j^{\prime })$). Through the definition and formula, it can be concluded that the identification point is only a part of the cipher image, and the cipher image is composed of identification points and unidentification points. That is, $C_{(i,j)}=A:(i^{\prime },j^{\prime })+\overline{A}:(i^{\prime },j^{\prime })$.

Definition 3.

High-level same bit number: The high-level same bit number is the maximum equal bit number of two integers from high to low in the binary representation of the same bit number, and its calculation formula is denoted as $\mathsf{\Omega }(a,b)$.

Definition 4.

Accuracy: Precision is the numerical similarity between the cipher image and the carrier image. The higher the precision is, the clearer the cipher image is, and vice versa. Precision only represents the numerical accuracy of the cipher image and the meaningful image, which can reflect the visual characteristics to a certain extent and can be obtained by Formula (2).

$$\mathsf{\Phi }={\Re }^2\times (1-\frac{{\sum }_{g=1}^{\mathsf{\Omega }(C_A,M_A)}{2}^{8-g}}{2^8})$$

(2)

The algorithm for approximate thumbnails is shown in Algorithm 3:

Algorithm 3 Approximate thumbnails

Input: $\Re ,\mathsf{\Omega }(C_A,M_A),M$ Output: Approximate thumbnails R. Step 1: Determine the identifiable point A according to $Re$ and Formula (1). Step 2: Read the pixels value $M(i^{\prime },j^{\prime })$ of the carrier image according to the identifiable point. Step 3: According to $M(i^{\prime },j^{\prime })$, $\mathsf{\Omega }(C_A,M_A)$ determine the range $R_1$. The binary representation of $M(i^{\prime },j^{\prime })$ is $m_0{m}_1\dots m_7$. The lower limit of $R_1$ is Formula (3), $${\sum }_{g=1}^{\mathsf{\Omega }(C_A,M_A)}{m}_{g-1}\times 2^{8-g}$$ (3)     and the upper limit of $R_1$ is Formula (4) $$2^{\mathsf{\Omega }(C_A,M_A)}+{\sum }_{g=1}^{\mathsf{\Omega }(C_A,M_A)}{m}_g\times 2^{8-g}$$ (4) Step 4: The range of pixel values of non-identifiable point is $R_2\subseteq [0,255]$. Step 5:R is obtained according to $R_1$ and $R_2$, shown as Formula (5). $$R\left\{\begin{array}{cc}\begin{array}{c}{R}_1=[{\sum }_{g=1}^{\mathsf{\Omega }(C_A,M_A)}{m}_{g-1}\times 2^{8-g},\hfill \\ 2^{\mathsf{\Omega }(C_A,M_A)}+{\sum }_{g=1}^{\mathsf{\Omega }(C_A,M_A)}{m}_g\times 2^{8-g})\hfill \end{array}& M(i^{\prime },j^{\prime })\\ R_2=[0,255]& \overline{M}(i^{\prime },j^{\prime })\end{array}\right.$$ (5)

3.3. Control Sharing Models

There are a large number of available random numbers in the multiple sharing of SS. Using these variable random numbers can make the range of sharing pixel values meet the expected requirements, which is often used in SIS with meaningful shadows.

Different from the SIS with meaningful shadows [41,42], controlling secret sharing only needs to control the value range of location pixels, and the sharing of non-location pixels can be uncontrolled. This controllable secret sharing is more operable and flexible than the original SIS.

The specific steps of controlling the sharing model are shown in Algorithm 4.

3.4. Security Analysis

SS has the perfect security feature of one secret at a time. When the number of shadows is less than k, no one can recover the secret, which has been proved in many works [43,44]. The main point of this scheme is the security equivalence of SS. However, the meaningful screening of pixels may have a certain impact on the security of the solution. Therefore, we conduct security analysis from the following two aspects.

Algorithm 4 Control sharing models

Input: $k,n,X$, Secret image, Approximate thumbnail Output: n identifiable cipher images. Step 1: Share each pixel in the secret image P. Step 2: Judge whether $(i,j)$ is the identifiable point. Step 3: If $(i,j)$ is a identifiable point, randomly adjust the value of $a_i$ until the value range of $f\left(x\right)$ is C; if it is not a identifiable point, just generate it directly. And its basic principle is Formula (6). $$\begin{array}{c}f\left(x\right)\in R\hfill \\ \left\{\begin{array}{c}f\left(x\right)=M(i^{\prime },j^{\prime })+{\sum }_{j=1}^{k-1}{a}_j{x}^{j}modp\\ a_j\in Z_p,a_j\in [0,p)\\ x\in Z_p\end{array}\right.\hfill \end{array}$$ (6) Step 4: Repeat 1, 2, 3 until all pixels of the secret image are encrypted.

3.4.1. Security of Single Pixel

Suppose $k-1$ participants try to recover the master secret value $\alpha$. According to the security conditions of threshold secret sharing, since there are only $k-1$ shared values, participants cannot obtain any secret value-related information. If the participant tries to guess the value of the $k-th$ shared value ${\beta }_{i_k}$, ${\beta }_{i_k}$ has a total of $\eta$ values, and the $n-element$ sharing sequence composed of known shared values corresponds to $\eta$ possible secret values, that is, the recovered secret value obeys uniformity on a $\mathcal{K}$ distribution.

3.4.2. Security of Cipher Image

Due to the strong correlation between adjacent or close pixels of the secret image, even if the secret value is difficult to recover accurately, the special probability distribution characteristics of the shared sequence may leak visual information, such as texture features and contour information, posing certain security risks.

Theorem 1.

The hidden danger of visual information leakage increases with the increase of accuracy.

Proof. 

Accuracy is determined by the high-level same bit number and the thumbnail ratio. The greater the high-level same bit number, the smaller the $a_i$ space that meets the conditions. The larger the thumbnail ratio, the more positioning points, and the corresponding conditions to be met also increase, which means that the matching $a_i$ space is reduced. When the value space of $a_i$ becomes smaller, we believe that there is a security risk in a certain sense. □

In fact, without k shadows in the recovery stage, it is also impossible to recover the secret image. In this paper, by selecting the identifiable point, the correlation between the adjacent pixels of the secret image is destroyed to a certain extent, and the definition is further reduced. Compared with the original meaningful secret sharing, the proposed scheme has higher security.

3.5. Efficiency Analysis

Our scheme only needs to control the sharing process of $(M\times \Re )times(N\times \Re )$ pixels. Therefore, compared with the SIS with meaningful shadows, our scheme can effectively improve the efficiency of sharing. Assuming that the time for sharing a meaningful pixel is $t_1$, the total time for traditional meaningful sharing is shown in Formula (7), and T refers to the time used by other modules.

$$T_O=M\ast N\ast t_1+T$$

(7)

The time required for our scheme is shown in Formula (8).

$$T_N=(M\times \Re )\times (N\times \Re )\times t_1+T$$

(8)

The time efficiency of improvement is shown in Formula (9). When T is negligible relative to $M\ast N\ast t_1$, ≈ holds. In fact, this is the case in most cases.

$$\frac{T_O}{T_N}=\frac{M\ast N\ast t_1+T}{(M\times \Re )\times (N\times \Re )\times t_1+T}\approx \frac{1}{{\Re }^2}$$

(9)

This is a comparison of theoretical efficiency, and we also give a comparison of the actual time efficiency in the experiment.

4. Experiments

In this section, the experimental data and results prove that the proposed scheme can achieve the expected effect and realize the effective protection of secret images. The experiment part includes four parts—thumbnail secret sharing, parametric analysis, efficiency comparison, and the thumbnail secret sharing of color images—that prove our scheme from different angles. As a single-channel image, a gray-scale image is the basis of the image and has strong scalability. Therefore, our experiment includes most gray-scale images and a few color images. For the impact of parameters, we also give the relevant data and analysis. In order to compare with the original meaningful secret sharing, we carried out the experimental comparison on the basis of theoretical analysis.

The relevant images used in this paper are shown in Figure 5a–g.

Our implementation is written in Python, and we use the NumPy library for both 64 bit integer and float-point computations. We conduct our experiments on a desktop computer equipped with a 16-core Intel i7-10 CPU and 16 Gb RAM.

4.1. Thumbnail Secret Sharing

In order to verify the universality of the scheme, we select two groups of thumbnail sharing experimental results with different thresholds, high-level same bit number, and image size.

The secret image is Figure 6a, the size is $128\times 128$, the thumbnail ratio ℜ is 0.5, the high-level same bit number $\mathsf{\Omega }(S,S{C}_i)$ is 2, the sharing threshold is $(2,3)$, the value of the serial number is $[103,145,177]$, and the shared cipher images are shown in Figure 6b–d.

The secret image is Figure 7a, the size is $256\times 256$, the thumbnail ratio ℜ is 0.5, the high-level same bit number $\mathsf{\Omega }(S,S{C}_i)$ is 1, the sharing threshold is $(3,4)$, the value of the serial number is $[103,145,177,197]$, and the shared cipher images are shown in Figure 7b–e. Any three of the cipher images can be selected to restore the secret image in Figure 7a.

The secret image is Figure 8a, the size is $512\times 512$, the thumbnail ratio ℜ is 0.5, the high-level same bit number $\mathsf{\Omega }(S,S{C}_i)$ is 3, the sharing threshold is $(3,3)$, the value of the serial number is $[103,145,177]$, and the shared cipher images are shown in Figure 8b–d. All cipher images can restore the secret image in Figure 8a.

We adjust the thumbnail ratio ℜ and high-level same bit number $\mathsf{\Omega }(a,b)$ through the algorithm so that the accuracy of the cipher image is $\mathsf{\Phi }$. It is very easy for legitimate users with prior knowledge to identify the cipher images by adjusting the accuracy.

Experiments show that the visual characteristics of the cipher images can quickly identify the thumbnails corresponding to different serial numbers, and at the same time, the secret can be recovered when one of them is lost, which realizes the management of the cipher images and loss tolerance.

4.2. Thumbnail Secret Sharing of Color Images

To verify the availability of the scheme for color images (multi-channel images), we performed this experiment. The experimental results are similar to those of a single channel, which proves that our scheme can be applied to most digital images. The secret image is Figure 9a, the size is $512\times 512$, the thumbnail ratio ℜ is 0.5, the high-level same bit number $\mathsf{\Omega }(S,S{C}_i)$ is 1, the sharing threshold is $(3,3)$, the value of the serial number is $[103,145,177]$, and the shared cipher images are shown in Figure 9b–d.

The color image is composed of RGB three channels, and its basic principle is similar to that of a single channel image. Therefore, our scheme is suitable for the protection of most digital images, which is well proved in this experiment.

4.3. Parametric Analysis

According to Formula (2), we draw the relationship between the high-level same bit number and accuracy in Figure 10a, with the relationship between compression rate and accuracy in Figure 10b. By analyzing the visual quality of relation graphs and cipher images, we obtain the following conclusions and suggestions. Compared with the high-level same bit number, the thumbnail rate has a greater impact on accuracy and visual quality. When the thumbnail ratio is greater than $0.33$, the accuracy will decrease rapidly as the compression ratio decreases, and the recognition rate will drop rapidly.

We obtain the following parameter relationship:

• When the thumbnail rate is greater than $0.33$, the high-level same bit number can be appropriately reduced.
• When the thumbnail rate is below $0.33$, the high-level same bit number should be appropriately increased.

We analyze the relationship among the high-level same bit number, thumbnail ratio, and accuracy and obtain the regular characteristics between them. According to our conclusion, users can choose parameters flexibly according to their needs.

4.4. Comparison

4.4.1. Efficiency Comparison

The theoretical efficiency is analyzed in our paper. In this section, through the comparison of the time used in the listed experiments, it can be proved that our scheme can effectively improve efficiency. We select the classic SIS with meaningful shadows for comparison, which are used in multiple schemes [41,42]. We compare several dimensions, including threshold, compression ratio ℜ, and the highest bit number $\mathsf{\Omega }(a,b)$, and obtain the running time ($T_N,T_O$) and efficiency comparison ($T_N/T_0$). It can be seen from

Table 2. Time comparison.

Threshold	ℜ	$\mathsf{\Omega }(a,b)$	$T_O\left(s\right)$	$T_N\left(s\right)$	$T_N/T_0(\%)$
(2,3)	0.5	1	11.41	4.16	36.46
(3,4)	0.5	1	23.61	7.51	31.81
(2,3)	0.25	1	11.67	2.54	21.77
(3,4)	0.25	1	23.22	3.18	13.69
(2,3)	0.5	2	92.80	25.10	27.05
(3,4)	0.5	2	367.13	94.64	25.78
(2,3)	0.25	2	90.83	7.41	8.16
(3,4)	0.25	2	362.51	25.44	7.02
(2,2)	0.5	3	82.92	22.76	27.45
(3,3)	0.5	3	690.28	181.46	26.28
(3,3)	0.25	3	759.38	51.80	6.82
The image size is $256\times 256$
Threshold	ℜ	$\mathsf{\Omega }(a,b)$	$T_O\left(s\right)$	$T_N\left(s\right)$	$T_N/T_O(\%)$
(3,3)	0.5	1	44.06	16.58	37.63
(3,4)	0.5	1	92.96	28.88	31.07
(3,4)	0.25	1	93.11	12.56	13.49
(3,4)	0.25	2	1445.35	100.24	6.94
(3,3)	0.5	2	339.13	91.22	26.90
(3,3)	0.5	3	35,723.44	693.56	1.94
(3,4)	0.25	3	124,172.21	1576.81	1.27
The image size is $512\times 512$

that the efficiency comparison($T_N/T_0$) of our scheme is better than that of the SIS with meaningful shadows, and the efficiency improvement of some experimental results is very obvious, which fully shows the efficiency of the proposed scheme.

4.4.2. Functional Comparison

Our scheme has the complete functions and the fastest efficiency among all the current schemes. The comparison of specific functions is shown in

Table 3. Functional comparison.

Scheme	Confidentiality	Management	Loss Tolerance
Upload directly	No	Yes	No
Direct encryption	Yes	No	No
TPE	Yes	Yes	No
SIS	Yes	No	Yes
SIS with meaningful shadows	Yes	Yes	Yes
Our scheme	Yes	Yes	Yes

.

Confidentiality refers to the encryption of the image, which is the basic requirement of image security. In addition to uploading directly, other schemes are encrypted. Management is performed to manage images in the cloud through uploaded images. Directly encryption and SIS are noise images that cannot be directly managed; while uploaded directly, TPE and SIS with meaningful shadows and our scheme are all visually distinguishable images, showing that the management of images is possible. Loss tolerance refers to the ability to restore the secret image without loss after the uploaded image is lost. Uploading directly, direct encryption, and TPE have only one uploaded image, and the secret image cannot be restored after the file is lost. Only the functions of our scheme and SIS with meaningful shadows are the most comprehensive. In combination with the efficiency comparison in Table 2, we find that our scheme is the best at present.

5. Conclusions

Aiming at resolving the problem of secret image management and loss in cloud space, this paper proposes a thumbnail secret sharing scheme based on thumbnail encryption and secret sharing, which mainly includes approximate thumbnails and control sharing models. The cipher image of the proposed scheme has the characteristics of visual recognition and loss tolerance. Visual recognition solves the management problem of cipher images and improves the availability of cipher images. Loss tolerance ensures the integrity and availability of important confidential images. The security and efficiency of the proposed scheme are analyzed and discussed. In addition, experiments and comparisons show that the proposed scheme has good visual characteristics and loss tolerance, and the efficiency of the scheme is significantly improved, which greatly improves the secret availability and security. In the future, reducing data redundancy and communication overheads are problems that need to be solved.