부산대학교 도서관

Redundant space transfer (RST) encryption can effectively enhance the security and embedding capacity of reversible data hiding in encrypted images. To demonstrate the security risks of RST encryption in the cloud environment, according to the known plaintext image and marked encrypted image(MEI) pairs, this paper proposes a known plaintext attack (KPA) based on hamming-weight of bit block. The proposed KPA method includes two stages. The first stage is to find the correct ciphertext image. For possible block sizes, all possible ciphertext images of MEI are reconstructed by deleting the embedded secret data. The Hamming weight image (HWI) of plaintext and all possible ciphertext images is calculated in m×8n domain (m, n is the image size). When the histogram distance between the plaintext HWI and a possible ciphertext HWI is the minimum, the correct ciphertext image is found. The second stage is to estimate the permutation keys. The bit block characteristic matrix (BBCM) is defined by using that the bit values of plaintext and ciphertext remain unchanged in the process of RST encryption. Based on the intersection of BBCM’s index set, the block permutation key is directly estimated. Then, the bit plane permutation key in each image block is further estimated. Experimental results show that for RST encryption, when the block size is not less than 3 × 3, the block permutation and bit plane permutation key can be estimated in less than 3 min by using one pair of plain–ciphertext. The estimation accuracy of block permutation key is more than 50%, and the estimation accuracy of bit plane permutation key is 10% for Qin’s RST algorithm, most of the content information of the ciphertext image is leaked.