AAJS: An Anti-Malicious Attack Graphic Similarity Judgment System in Cloud Computing Environments

Abstract

With the rapid development of cloud computing and other modern technologies, collaborative computing between data is increasing, and privacy protection and secure multi-party computation are also attracting more attention. The emergence of cloud computing provides new options for data holders to perform complex computing problems and to store images; however, data privacy issues cannot be ignored. If a graphic is encrypted and stored in the cloud, the cloud server will perform confidential similar matching when the user searches. At present, most research on searchable encryption is focused on text search, with few schemes researched on how to finish the graphic search. To solve this problem, this paper proposes a secure search protocol based on graph shape under the semi-honest model. Using the cut-choose method and zero-knowledge proof, further designs of the anti-malicious attack graphic similarity judgment system (AAJS) based on the Paillier encryption algorithm, can achieve the secure search and matching of the graph while resisting malicious adversary attacks. The proposed protocol’s security is proved by the real/ideal model paradigm. This paper conducts performance analysis and experimental simulation on the existing scheme and the experiments demonstrate that the system achieves high execution efficiency.

1. Introduction

Cloud computing (CC) is a system composed of many computing resources with strong computing power [1]. Network search engines, map navigation, and e-commerce widely use CC for powerful information processing.

To illustrate, CC contains a search engine with powerful information processing ability. It will collect and sort information from various websites on the Internet to establish a database. After the user enters the query keywords, the search engine will retrieve and arrange the matching records from the index database and feedback the query results to the user. Moreover, imagine a scenario where the user has only a thumbnail and wants to upload the thumbnail to the elastic compute service (ECS) for search to obtain a clearer original image. This situation can be demonstrative of the powerful computing power of the ECS to perform graphic matching calculation, that is, judge whether two graphics are identical or similar, and return the comparison results to users.

CC provides convenience for users but also brings security threats of privacy information disclosure [2]. An immense hidden danger of information disclosure exists when users communicate and trade information on CC platforms. For example, some malicious participants may invade CC by illegal means to steal, tamper with, and conduct illegal transactions on the data, causing users to suffer losses [3,4]. When using images for search, users’ private information is often attacked by untrustworthy management operations or malicious intruders. For example, a design company wants to test whether its new design is innovative. It uses its design graphics to search whether there are similar designs on search engines; however, if maliciously attacked, the user’s design graphics will be leaked, which may cause unpredictable losses. Therefore, secure image search is crucial. To prevent frequent attacks in graphic retrieval under CC environments and enable users to perform secure retrieval, this paper proposes the anti-malicious attack graphic similarity judgment system (AAJS) to address this issue. Secure multi-party computation (MPC) can realize data collaborative computing while protecting the private data of all parties. MPC—proposed by Professor Yao [5]—can ensure the correctness of calculations and the confidentiality of private data. It is an important means to achieve privacy protection [6,7,8,9,10,11] and is widely used in scientific computing [12,13,14], confidential data mining [15,16], secure geometric computing [17,18], and other scenarios. Among them, secure geometric computing is widely used in image processing, very large-scale integration (VLSI) design, and other aspects. MPC mainly studies algorithms to solve geometric problems while protecting private information and was first proposed by Professor Du [19].

If the user’s sensitive information is included in the graphic search, the internal attacks of the ECS and external attacks such as malicious adversaries will threaten the security of the data [20]. Therefore, the research on secure image search schemes is of great practical value. In most image retrieval schemes, the shape, color, texture, and other features of the image are used for recognition. This paper mainly studies the search method based on the shape of the image, that is, the graph.

Reference [20] proposes a graph search encryption scheme (GSSE) that protects privacy under the public key system, but it cannot resist malicious adversaries. Reference [21] proposes a Tversky index image retrieval technology based on black hole entropy fuzzy clustering. After feature extraction and encryption of the queried image, the Tversky index is applied to detect the similarity between images, but the deployment is complex, difficult to implement, and cannot resist malicious enemy attacks. Reference [22] proposes a secure similar image-matching protocol in the encryption domain, but it is not efficient and cannot resist malicious adversaries. Reference [23] studies the problem of location determination to protect privacy, proposes a protocol to determine whether the data is proportional, and applies it to triangle similarity determination, but it is different from the application background of this paper. Based on the matrix and vector equality protocol, reference [24] designed the MPC protocol to judge the similarity and isomorphism of graphics, but it cannot be applied in the malicious model. Under the malicious model, reference [25] studies the solution to the problem of socialist millionaires, which is different from the background studied in this paper.

At present, most research on secure search is focused on the field of text search, and the anti-malicious adversary MPC protocol is more in line with reality. Therefore, given how to perform a secure search on graphics shapes in CC, this paper designs an anti-malicious attack search-matching protocol based on the Paillier encryption algorithm. The contributions are as follows:

• First, invoke the scalar product protocol [26] and the protocol to determine whether two sets of data correspond to each other [23], a secure search matching protocol (marked as Protocol 1) based on the shape of a graph is proposed. In addition, the possible malicious behaviors of some participants are analyzed.
• Given the possible malicious behaviors under Protocol 1, the corresponding preventive measures are taken. Using the Paillier algorithm, the methods of zero-knowledge proof and cut-choose, a protocol of the anti-malicious attack graphic similarity judgment system is proposed. This protocol has high practical value.
• Using the real/ideal model paradigm, the protocol’s security is proved. The AAJS is the first proposed graphic search similarity matching scheme that anti-malicious attacks in the background of CC and is more efficient than other existing protocols.

The remainder of this paper is organized as follows: Section 2 discusses the transformation rules, scalar product algorithm, and other relevant knowledge used in this paper. Section 3 proposes the MPC protocol for graph shape similarity determination. Section 4 designs the MPC protocol of the anti-malicious attack graphic similarity judgment system based on Section 3. Section 5 analyses the proposed protocol’s efficiency. Section 6 concludes this paper and future work.

2. Preliminary Knowledge

2.1. The Semi-Honest Model and the Malicious Model

When executing the MPC protocol, each participant can be divided into two categories: semi-honest participants and malicious participants.

• Semi-honest participants fully follow the requirements when executing the agreement. He will derive data information from other participants based on his own input, output, and intermediate results, but will not disclose the data information he holds.
• During the execution of the protocol, malicious participants may not follow the protocol steps to obtain the private information of other participants. In addition, according to the attacker’s intentions, he may change his input, forge output, or terminate the protocol at any time.

The Semi-honest Model: All participants in the protocol are semi-honest or honest, and this model can be called a semi-honest model. The parties adhere to the agreement and strictly follow the protocol steps, but they will record all intermediate values generated by the protocol operation, attempting to infer the input of other participants based on this.

The Malicious Model: A model with malicious participants is called a malicious model. Under this model, the input and output of the protocol are not trusted and the protocol may be terminated at any time, but it is more in line with the actual protocol execution situation. If theoretical security can be guaranteed under this model, then the security of the protocol can also be guaranteed in the real environment based on this.

2.2. Problem Description and Transformation Rule

Problem description: Assume that Alice owns the graphic $G$ and the cloud platform stores the graphic $H$, and they judge whether the graphics of both parties are similar and match on the premise that the graphics information of each party is confidential. According to the transformation rule [27], convert the graphics into vectors, judge whether the vectors held by both sides are proportional (as shown in Figure 1), then judge whether the two graphics are similar. When the elements in the two groups of vectors are proportional, the two groups of vectors can be expressed linearly, which is shown in the geometric graphic that the two vectors must be collinear, that is, calculate the angle between the two vectors $\cos \theta =\frac{\langle X,Y\rangle }{\begin{array}{cc}\left|X\right|& \left|Y\right|\end{array}}$ ($\theta$ is the angle between vector $X$ and vector $Y$), when $\cos \theta =\pm 1$, $\theta$ is 0 or $\pi$, that is, the two vectors are collinear, then the two vectors are proportional, and the graphic is similar; otherwise, $G$ and $H$ are not similar, and the cloud platform continues to retrieve other graphics.

Transformation rule: Both parties establish a coordinate system on their private graphics according to the rectangular coordinate system establishment rule [27]. According to the method shown in Figure 1, Alice can obtain vectors $A_1=(a_1,a_2,\dots ,a_k)$ and $A_2=(a_k,\dots ,a_1)$, and Bob can obtain vector $B_{}=(b_1,b_2,\dots ,b_k)$. If $(\cos <A_1,B>=\pm 1)\vee (\cos <A_2,B>=\pm 1)$, then $G$ and $H$ are similar.

In this paper, function $F$ is defined as follows:

$$F(G,H)=\{\begin{array}{c}0,\\ 1,\end{array}\begin{array}{c}\mathrm{similar};\\ \mathrm{dissimilar}.\end{array}$$

(1)

2.3. Paillier Encryption Algorithm

In 1999, a probabilistic encryption algorithm with additive homomorphism [28] was proposed by Paillier, which is described as follows:

• Key generation: Randomly select two large prime numbers $p$ and $q$ of equal length (make $gcd(pq,(p-1)(q-1))=1$ valid), calculate $N=pq$ and $\lambda (N)=lcm(p-1,q-1)$, $S_N=\{\mu <N^2|\mu \equiv 1\mathrm{mod}N\}$, and define function $L(\mu )=\frac{\mu -1}{N}(\forall \mu \in S_N)$. The public and private keys are $(N,g)$$(g\in Z_{N^2}^{\ast })$ and $\lambda$, respectively. In the above description, the function $gcd(x,y)$ is defined as the greatest common divisor of $x$ and $y$, and the function $lcm(x,y)$ is defined as the least common multiple of $x$ and $y$.
• Encryption: For plaintext $m\in Z_N$, $r<N$ is randomly chosen to encrypt to obtain $c=E(m)=g^m{r}^N\mathrm{mod}{N}^2$.
• Decryption: For any ciphertext $c$ that satisfies $c<N^2$, the private key $\lambda$ is used to decrypt the plaintext $m=\frac{L(c^{\lambda }\mathrm{mod}{N}^2)}{L(g^{\lambda }\mathrm{mod}{N}^2)}\mathrm{mod}N$.
• Additive homomorphism: If $E(m_1)=g^{m_1}{r}^N\mathrm{mod}{N}^2,E(m_2)=g^{m_2}{r}^N\mathrm{mod}{N}^2$, then $E(m_1)E(m_2)=g^{m_1}{r}^N\mathrm{mod}{N}^2\cdot g^{m_2}{r}^N\mathrm{mod}{N}^2=g^{m_1+m_2}{r}^N\mathrm{mod}{N}^2=E(m_1+m_2)$.

2.4. Scalar Product Algorithm

The scalar product problem is the basic tool in MPC. It was first proposed by Atallah et al. [29], then different scalar product protocols were given in [26,30,31,32]. Among them, Vaidya et al. proposed the scalar product protocol without any public key encryption algorithm [32], which achieves information theory security. Reference [26] has explained and summarized the protocol in Reference [32] to make it more readable, hence this paper uses the scalar product protocol in Reference [26].

By invoking Algorithm 1, this paper proposes a protocol based on shape similarity in CC. If similar, the two graphics match and the cloud platform returns the retrieval results to the user. For the convenience of description, the cloud platform is marked as Bob. The algorithm is as follows:

Algorithm 1 Computing the scalar product

Input: Alice has $A=(a_1,a_2,\dots ,a_n)$; Bob has $B_{}=(b_1,b_2,\dots ,b_n)$. Output: Scalar product $[A,B]=a_1{b}_1+a_2{b}_2+\dots +a_n{b}_n$. Start: Both parties jointly determine a random $n\times n/2$ matrix $C$. 1. A random vector $R$ of cardinality $n/2$ generates by Alice $(R=R_1,\dots ,R_{n/2})$; 2. Then, she computes the $n\times 1$ addition matrix $A^{\prime }$: $A^{\prime }=C\times R$; 3. Alice generates $A^{″}=A+A^{\prime }$ and sends $A^{″}$ to Bob. 4. Bob generates the scalar product $S^{\prime }$: $S^{\prime }={\displaystyle {\sum }_{i=1}^n{a_i}^{″}}\times b_i$ and the $n\times 1$ matrix $B^{\prime }=C^T\times B$; 5. Bob sends both $S^{\prime }$ and $B^{\prime }$ to Alice. 6. Alice generates the subtraction factor $S^{″}={\displaystyle {\sum }_{i=1}^n{B_i}^{\prime }}\times R_i$; 7. Alice generates the required scalar product $S=S^{\prime }-S^{″}$ and sends $S$ to Bob.

2.5. Zero-Knowledge Proof

Data security verification problems [33] often rely on zero-knowledge proof (ZKP) to solve. If the prover does not disclose any private information and makes the verifier confident that a certain assertion is correct, to prove that he knows the certain message, it is said that the prover has completed ZKP. In this paper, the ZKP is used to verify the correctness of the received information, and to prevent malicious deception.

If Alice wants to prove ${\log }_g\alpha ={\log }_h\beta$, do not disclose $x$ to Bob. Assume the following: ① $G$ is a cyclic group of order $m$ but $m$ is unknown. ② $g$ is a generating element of $G$. ③ $h$ is an element in $G$. ④ $\alpha =g^x,\beta =h^x$. ZKP is as follows:

• Bob randomly selects $w\in G$ and calculates $X=g^w,Y=h^w,e=Hash(g,h,\alpha ,\beta ,X,Y)$ and sends $w$ to Alice.
• Alice calculates $t=w+e\times x,g^t,h^t$ and will send $g^t,h^t$ to Bob.
• The verifier Bob needs to verify is $Hash(g,h,\alpha ,\beta ,g^t/{\alpha }^e,h^t/{\beta }^e)=e$ and whether it is valid or not, if so, it can be considered that Alice knows $x$.

2.6. Security of the Malicious Model

Under the malicious model, Goldreich proposed a definition of security for MPC protocols [34]. $F:{\{0,1\}}^{*}\times {\{0,1\}}^{*}\to {\{0,1\}}^{*}\times {\{0,1\}}^{*}$ is defined as a probabilistic polynomial time (PPT) function (${\{0,1\}}^{*}$ represents a binary sequence composed of 0 and 1 of any length, which can be considered as an information string of any length). When the auxiliary input is $z$, the output generated by the interaction between $A_1(y,z)$ and $A_2(y,z)$ is marked as $REA{L}_{\mathrm{\Pi },\stackrel{—}{A}(z)}(x,y)$ during the implementation of protocol $\mathrm{\Pi }$ with strategy $\overline{A}$. $\stackrel{—}{A}=(A_1,A_2)$ represents the PPT algorithm constructed in the real model. The private information owned by both parties is $x$ and $y$, respectively.

Definition 1.

If any acceptable $\stackrel{—}{A}=(A_1,A_2)$ of the real protocol can find an acceptable $\stackrel{—}{B}=(B_1,B_2)$ of the ideal protocol and satisfy ${\{IDEA{L}_{F,\stackrel{—}{B}(z)}(x,y)\}}_{x,y,z}\stackrel{c}{\equiv }{\{REA{L}_{\mathrm{\Pi },\stackrel{—}{A}(z)}(x,y)\}}_{x,y,z}$, then the protocol $\mathrm{\Pi }$ securely calculates the function $F$.

3. The MPC Protocol of Graph Shape Similarity Determination under the Semi-Honest Model

In Protocol 1, private information is converted into a hash value and it is difficult for both parties to calculate plaintext data. Therefore, Protocol 1 is secure for semi-honest participants.

Protocol 1 Protocol of graph shape similarity determination under the semi-honest model.

Input: Alice converts graph $G$ into vectors $A_1=(a_1,a_2,\dots ,a_k)$ and $A_2=(a_k,\dots ,a_1)$; Bob converts the graph $H$ to vector $B_{}=(b_1,b_2,\dots ,b_k)$. Output: $F(G,H)$. 1. Alice invokes Algorithm 1 to obtain $\langle A_1,B\rangle$ and $\langle A_2,B\rangle$, and calculates $\frac{\langle A_1,B\rangle }{\left|A_1\right|}$ and $\frac{\langle A_2,B\rangle }{\left|A_2\right|}$. Furthermore, Alice calculates $Hash(\frac{\langle A_1,B\rangle }{\left|A_1\right|})=H_1$ and $Hash(\frac{\langle A_2,B\rangle }{\left|A_2\right|})={H_1}^{\prime }$. 2. Bob calculates the module length $\left|B\right|$ of his vector then calculates $Hash(\left|B\right|)=H_2$. 3. Bob sends $H_2$ to Alice, who compares whether $H_1$ and $H_2$ are equal. If $H_1=H_2$, then $\frac{\langle A_1,B\rangle }{\left|A_1\right|}=\left|B\right|$, at this time $\cos \theta =\frac{\langle A_1,B\rangle }{\begin{array}{cc}\left|A_1\right|& \left|B\right|\end{array}}=1$. That is, the angle between vector $A_1$ and vector $B$ is 0 or $\pi$, and the two vectors are collinear so that $A_1$ and $B$ are proportional. Alice outputs $F(G,H)=0$ according to the judgment rule. Otherwise, go to the next step. 4. Alice compares whether ${H_1}^{\prime }$ and $H_2$ are equal. If ${H_1}^{\prime }=H_2$, then $\cos \theta =\frac{\langle A_2,B\rangle }{\begin{array}{cc}\left|A_2\right|& \left|B\right|\end{array}}=1$, Alice outputs $F(G,H)=0$. Otherwise, Alice outputs $F(G,H)=1$. The Protocol ends.

However, if there is a malicious participant in Protocol 1, the security of the protocol will not be guaranteed. In the virtual environment of ECS, attacks from inside and outside will occur, ergo, we must design solutions to resist malicious adversary attacks.

4. The MPC Protocol of Anti-Malicious Attack Graphic Similarity Judgment System

Solution: To design the MPC protocol of anti-malicious attack graphic similarity judgment system (AAJS), it is assumed that one party in Protocol 1 is a malicious participant, and its possible behavior needs to be analyzed. The corresponding solutions for specific behaviors are proposed, which makes the malicious participants unable to implement the attack or be discovered once implemented. In the ideal protocol, three behaviors are unavoidable [34], hence they are not considered in the designed protocol. (1) Provide false input; (2) either party no longer participates in the protocol; (3) either party terminates the protocol after receiving the required information. Possible malicious behavior in Protocol 1 (as shown in Figure 2):

• In Protocol 1, Alice compares the data. It is unfair to Bob that he can only obtain the calculation results from Alice.
• In step 3 of Protocol 1, the wrong $H_2$ may be sent by Bob to the other party, but doing so is equivalent to providing false inputs and Bob cannot obtain the correct conclusion, hence this situation will not be considered.
• Alice gains the final result in steps 3–4 of Protocol 1, but Bob may gain a wrong result from Alice, and the deception will succeed.

To avoid the above malicious behaviors, based on Algorithm 1 and the Paillier algorithm, and using ZKP and cut-choose, this paper designs the AAJS protocol for the anti-malicious attack graphic similarity judgment.

4.1. Specific Protocol

Under the malicious model, this paper designs Protocol 2, as follows:

Protocol 2 Protocol of similarity determination based on graph shape under the malicious model.

Input: Alice has $G$ and Bob has $H$. Output: $F(G,H)$. Preparation Stage: Both parties generate public keys, $(g_a,N_a)$ and $(g_b,N_b)$, and private keys, ${\lambda }_a$ and ${\lambda }_b$, of their own Paillier cryptosystem, respectively, then calculate $u=g_a{}^{{\lambda }_a}\mathrm{mod}{N}_a^2$ and $v=g_b{}^{{\lambda }_b}\mathrm{mod}{N}_b^2$, and publish $(g_a,N_a,u)$ and $(g_b,N_b,v)$. Begin: 1. According to the transformation rules, Alice and Bob measure their graphics. Alice obtains $A_1=(a_1,a_2,\dots ,a_k)$ and its reverse vector $A_2=(a_k,\dots ,a_1)$; Bob obtains $B=(b_1,b_2,\dots ,b_k)$. 2. Alice calls Algorithm 1 to obtain $\langle A_1,B\rangle$ and $\langle A_2,B\rangle$, and calculates $\frac{\langle A_1,B\rangle }{\left|A_1\right|}$ and $\frac{\langle A_2,B\rangle }{\left|A_2\right|}$. Furthermore, Alice calculates $Hash(\frac{\langle A_1,B\rangle }{\left|A_1\right|})=H_1$ and $Hash(\frac{\langle A_2,B\rangle }{\left|A_2\right|})={H_1}^{\prime }$. Bob calculates the module length $\left|B\right|$ of vector $B$ then calculates $Hash(\left|B\right|)=H_2$. 3. Alice and Bob hold $H_1$ and $H_2$, respectively. $m$ random numbers $s_i,t_i(i=1,\cdots ,m)$ are chosen by each party, $(C_{1a}^i,C_{2a}^i)=(g_a^{s_i{H}_1}\mathrm{mod}{N}_a^2,g_a^{s_i}\mathrm{mod}{N}_a^2)$ and $(C_{1b}^i,C_{2b}^i)=$ $(g_b^{t_i{H}_2}\mathrm{mod}{N}_b^2,g_b^{t_i}\mathrm{mod}{N}_b^2)$ are calculated, respectively. Alice and Bob exchange $(C_{1a}^i,C_{2a}^i)$ and $(C_{1b}^i,C_{2b}^i)$. 4. According to the cut-choose method, Alice randomly chooses $m/2$ groups $(C_{1b}^i,C_{2b}^i)$ from $m$ groups $(C_{1b}^i,C_{2b}^i)$ and requires Bob to publish $t_i{H}_2$. Then, Alice verifies that $(t_i{H}_2<N_b/2)\wedge (g_b^{t_i{H}_2}\mathrm{mod}{N}_b^2=C_{1b}^i)$. If the verification passes, continue to execute Protocol 2, otherwise terminate Protocol 2. 5. Bob randomly chooses $m/2$ groups $(C_{1a}^i,C_{2a}^i)$ from $m$ groups $(C_{1a}^i,C_{2a}^i)$ and requires Alice to publish $s_i{H}_1$. Then, Bob verifies that $(s_i{H}_1<N_a/2)\wedge (g_a^{s_i{H}_1}\mathrm{mod}{N}_a^2=C_{1a}^i)$. 6. One group, $(C_{1b}^j,C_{2b}^j)$ and $(C_{1a}^i,C_{2a}^i)$, from the rest, $(C_{1b}^i,C_{2b}^i)$ and $(C_{1a}^i,C_{2a}^i)$, are randomly chosen by both parties. Besides, $s\in Z_b^{\ast }$ and $t\in Z_a^{\ast }$ are selected by Alice and Bob respectively. 7. Alice calculates $C_b=E_b(s{t}_j(H_1-H_2))={(C_{2b}^j)}^{s{H}_1}{(C_{1b}^j)}^{-s}{r}_1^{N_b}\mathrm{mod}{N}_b^2=g_b^{s{t}_j(H_1-H_2)}{r}_1^{N_b}\mathrm{mod}{N}_b^2$, and sends $C_b$ to Bob. 8. Bob calculates $C_a=E_a(s_{i}t(H_1-H_2))={(C_{1a}^i)}^t{(C_{2a}^i)}^{-t{H}_2}{r}_2^{N_a}\mathrm{mod}{N}_a^2=g_a^{s_{i}t(H_1-H_2)}{r}_2^{N_a}\mathrm{mod}{N}_a^2$, and sends $C_a$ to Alice. 9. Alice calculates $m_a=C_a^{{\lambda }_a}\mathrm{mod}{N}_a^2$ with ${\lambda }_a$, Bob calculates $m_b=C_b^{{\lambda }_b}\mathrm{mod}{N}_b^2$ with ${\lambda }_b$, and publish $m_a$, $m_b$, respectively. 10. According to the ZKP, Alice proves ${\log }_{C_a}{m}_a={\log }_{g_a}u$, Bob proves ${\log }_{C_b}{m}_b={\log }_{g_b}\nu$. The party that fails to pass the ZKP is a malicious opponent. 11. If ZKP passes, Bob calculates $L(m_a)/L(u)$ to obtain $s_{i}t(H_1-H_2)$ then obtains $s_i(H_1-H_2)$. When $s_i(H_1-H_2)=0$, then $H_1-H_2=0$, that is, $H_1=H_2$. Alice calculates $L(m_b)/L(\nu )$ to obtain $s{t}_j(H_1-H_2)$, then obtains $t_j(H_1-H_2)$. When $t_j(H_1-H_2)=0$, similarly, $H_1=H_2$ can be obtained. In this case, there is $\frac{\langle A_1,B\rangle }{\left|A_1\right|}=\left|B\right|$. At this time, $\cos \theta =\frac{\langle A_2,B\rangle }{\begin{array}{cc}\left|A_2\right|& \left|B\right|\end{array}}=1$, that is, the angle between vector $A_1$ and vector $B$ is 0 or $\pi$. Since the two vectors are collinear, we can obtain that $A_1$ and $B$ are proportional. According to the judgment rule, Alice outputs $F(G,H)=0$, and the protocol ends. Otherwise, go to step 12. 12. Alice has ${H_1}^{\prime }$ and Bob has $H_2$. Both parties repeat steps 3–11. If ${H_1}^{\prime }=H_2$, Alice outputs $F(G,H)=0$. Otherwise, the graphics are not similar, and Alice outputs $F(G,H)=1$. The Protocol ends.

4.2. Correctness and Security Analysis

• When the parameters meet $(t_i\left|H_1-H_2\right|<N_b/2)\wedge (s_i\left|H_1-H_2\right|<N_a/2)$, the protocol is correct. Assuming that $H_1$, $H_2$, $s_i$, and $t_i$ are not more than $\omega$ bit, it is only necessary to make $N_s,N_t$ exceed $2\omega +1$ bit to meet the requirements. Steps 4–5 of Protocol 2 can ensure this.
• The first step in Protocol 2 is the process of both parties to preprocess their graphics to convert them into vectors. The private information in the graphics will not be disclosed.
• In step 2, Alice invokes Algorithm 1 without using the public key encryption algorithm, which achieves information theory security, hence it will not disclose information.
• In step 4, if Alice calculates $(C_{1a}^i,C_{2a}^i)$ with a different $H_1$, and Bob selects the wrong $(C_{1a}^i,C_{2a}^i)$ in step 6, this is equal to Alice entering false data. This is unavoidable under ideal conditions.
• In step 9, both parties cannot cheat. Since ZKP can only be passed when the published $m_a$ and $m_b$ are correct.
• Bob may cheat success. The details are as follows: Bob uses the unqualified $t_i$ to calculate $(C_{1b}^i,C_{2b}^i)$, and Alice did not find it in the verification and selected the $(C_{1b}^i,C_{2b}^i)$ calculated with unqualified $t_i$ in the subsequent steps. At this time, Alice will obtain the wrong conclusion. According to the above analysis, Bob’s most likely choice is to input a group of wrong data into $m$ groups $(C_{1b}^i,C_{2b}^i)$, because, at this time, the probability of successful deception is $1/m$. If Bob inputs more than $m/2$ groups of wrong $(C_{1b}^i,C_{2b}^i)$, he will be found during verification, and deception will fail. Even if Bob cheats successfully, he cannot obtain any private information belonging to Alice because there are two unknowns in the equation of $s_{i}t(H_1-H_2)$. The above analysis is the same for Alice, hence Protocol 2 has security [25].
• In Protocol 2, both parties have the same security. In addition, the final result is calculated separately, avoiding the situation that one party informs the wrong conclusion to the other party. In sum, Protocol 2 is anti-malicious.

4.3. Security Proof

In steps 1–2 of Protocol 2, both parties convert their private graphics into vectors according to the transformation rules, without interacting with each other. Alice invokes Algorithm 1, whose security has been proved in Reference [32]. In step 2, both parties hash the private vector they hold to obtain $H_1$ and $H_2$ as the input of the next step. If the wrong $H_1$ and $H_2$ are provided, no one can obtain the correct conclusion, it is equal to the participant entering the false data, hence it will not be considered.

Theorem 1.

Protocol 2 (Marked as $\mathrm{\Pi }$) is Secure.

Proof of Theorem 1.

Based on Definition 1, to prove Theorem 1 under the malicious model, only the participants need to jointly convert the acceptable policy pair $\stackrel{—}{A}=(A_1,A_2)$ into the corresponding policy pair $\stackrel{—}{B}=(B_1,B_2)$ in the ideal protocol during the actual execution process. Ensure that other output information generated by $A_1$ and $A_2$ is indistinguishable from $B_1$ and $B_2$ when $\mathrm{\Pi }$ is executed. If both parties are malicious participants, the protocol cannot be secure, hence this paper assumes that one of them is honest. Two situations need to be considered: (1) $A_1$ is honest and $A_2$ is dishonest; (2) $A_2$ is honest and $A_1$ is dishonest.

Case one: In this case, $\mathrm{\Pi }$ is executed by $A_1$ in an honest manner, then:

$$REA{L}_{\mathrm{\Pi },\stackrel{—}{A}}(H_1,H_2)=\{F(H_1,A_2(H_2),A_2(C_{1a}^i,C_{2a}^i),m_a,S\}$$

(2)

$S$ represents the message sequence received by $A_2$ at ZKP.

In Case one, the assumed adversary $A_2$ in the actual protocol needs to be transformed into $B_2$ in the ideal model. That is, the output of $\stackrel{—}{B}=(B_1,B_2)$ should be indistinguishable from the $REA{L}_{{}_{\mathrm{\Pi },\stackrel{—}{A}(A,B)}}$ calculation (Note: $B_2$’s decision depends on $A_2$’s behavior).

Ideally, $B_1$ sends the real $H_1$ to a trusted third party (TTP) (after $B_1$ receives the message, TTP can send a message to $B_2$). The message dishonest $B_2$ sends to TTP relies on $A_2$’s strategy. $B_2$ sends $A_2(H_2)$ to TTP, and TTP sends $F(H_1,A_2(H_2))$ to $B_2$ ($B_1$ will also obtain this result). $B_2$ wants to use $F(H_1,A_2(H_2))$ to obtain $vie{w}_{B_2}^F(H_1,A_2(H_2))$, which is indistinguishable from the $vie{w}_{A_2}^{\prod }(H_1,A_2(H_2))$ obtained by $A_2$ in the real protocol, give $vie{w}_{B_2}^F({a_1}^{\prime },A_2({b_1}^{\prime }))$ to $A_2$ to obtain the output of $A_2$.

$B_2$ selects ${H_1}^{\prime }$ to satisfy $F({H_1}^{\prime },A_2(H_2))=F(H_1,A_2(H_2))$, that is, suppose $A_1$ inputs ${H_1}^{\prime }$, $B_2$ simulates $A_1$, and executes $\mathrm{\Pi }$ with $A_2$. In this process, the message sequence obtained by $B_2$ is recorded as $S^{\prime }$, which can be obtained as follows:

$$IDEA{L}_{F,\stackrel{—}{B}}(H_1,H_2)=\{F(H_1,A_2(H_2)),A_2(C_{1a}^{i^{\prime }},C_{2a}^{i^{\prime }}),{m_a}^{\prime },S^{\prime }\}$$

(3)

Since the ideal protocol and $\mathrm{\Pi }$ adopt the same encryption method, $(C_{1a}^i,C_{2a}^i)\stackrel{c}{\equiv }(C_{1a}^{i^{\prime }},C_{2a}^{i^{\prime }})$ and ${m_a}^{\prime }\stackrel{c}{\equiv }{m}_a$ are guaranteed; ZKP guarantees $S^{\prime }\stackrel{c}{\equiv }S$, therefore:

$$\{IDEA{L}_{F,\stackrel{—}{B}}(H_1,H_2)\}\stackrel{c}{\equiv }\{REA{L}_{\mathrm{\Pi },\stackrel{—}{A}}(H_1,H_2)\}$$

(4)

Case two: $A_1$ is dishonest. It is subdivided into two situations:

• $A_1$ terminates the protocol, and TTP will send $\perp$ to $A_2$, then: $REA{L}_{\mathrm{\Pi },\stackrel{—}{A}}(H_1,H_2)=\{A_1(C_{1b}^i{C}_{2b}^i),m_b,S,\perp \}$.
• The protocol is executed normally, and $A_2$ receives $F(A_1(H_1),H_2)$ from TTP. At this time:

  $$REA{L}_{\mathrm{\Pi },\stackrel{—}{A}}(H_1,H_2)=\{A_1(C_{1b}^i{C}_{2b}^i),m_b,S,F(A_1(H_1),H_2)\}$$

  (5)

$S$ represents the message sequence received by $A_1$ at ZKP.

$B_2$ executes $\mathrm{\Pi }$ in a semi-honest manner (because $A_2$ is honest). In Case two, $A_1$ and $B_1$ are indistinguishable and need to be proved. The proof method is to find a policy pair $\stackrel{—}{B}=(B_1,B_2)$ in the ideal model and ensure that the output of $\stackrel{—}{B}=(B_1,B_2)$ is indistinguishable from $REA{L}_{\mathrm{\Pi },\stackrel{—}{A}(H_1,H_2)}$.

$B_1$’s strategy depends on $A_1$’s behavior. The information $B_1$ will send to TTP is $A_1(H_1)$, and $B_1$ obtains $F(A_1(H_1),H_2)$. Ideally, $B_1$ uses $F(A_1(H_1),H_2)$ to try to obtain a $vie{w}_{B_1}^F(A_1(H_1),H_2)$, which is indistinguishable from the $vie{w}_{A_1}^{\prod }(A_1(H_1),H_2)$. $B_1$ can obtain $A_1$’s output by giving $vie{w}_{B_1}^F(A_1(H_1),H_2)$ to $A_1$. Make $B_1$ use $B^{\prime }$ that meets $F(A_1(H_1),{H_2}^{\prime })=F(A_1(H_1),H_2)$ as the input and execute $\mathrm{\Pi }$ with $A_1$.

The message sequence obtained by $B_1$ during protocol execution is marked as $S^{\prime }$, and the results are also divided into two cases:

• When $B_1$ asks TTP to not send results to $B_2$, there are:

  $$IDEA{L}_{F,\stackrel{—}{B}}(H_1,H_2)=\{A_1(C_{1a}^{i^{\prime }},C_{2a}^{i^{\prime }}),{m_a}^{\prime },S^{\prime },\perp \}$$

  (6)
• Otherwise, then:

  $$IDEA{L}_{F,\stackrel{—}{B}}(H_1,H_2)=\{A_1(C_{1b}^{i^{\prime }},C_{2b}^{i^{\prime }}),{m_b}^{\prime },S^{\prime },F(A_1(H_1),{H_2}^{\prime })\}$$

  (7)

In both cases, $A_2$ and $B_2$ have the same output. The same encryption algorithm is used for protocol execution in ideal and real situations, hence $(C_{1b}^i,C_{2b}^i)\stackrel{c}{\equiv }(C_{1b}^{i^{\prime }},C_{2b}^{i^{\prime }})$, $m_b^{\prime }\stackrel{c}{\equiv }{m}_b$, and the ZKP can guarantee $S^{\prime }\stackrel{c}{\equiv }S$, hence:

$$\{IDEA{L}_{F,\stackrel{—}{B}}(H_1,H_2)\}\stackrel{c}{\equiv }\{REA{L}_{\mathrm{\Pi },\stackrel{—}{A}}(H_1,H_2)\}$$

(8)

Therefore, Protocol 2 is secure. □

5. Protocol Efficiency Analysis

5.1. Computational Complexity Analysis

For the convenience of comparison, it is assumed that the vectors in references [22,23] and the protocol in this paper are both $N$-dimensional, and $M$ represents the modulus of the Paillier encryption scheme. Reference [23] and this paper use the same scalar product protocol, but the scalar product protocol called in this paper does not use any encryption algorithm, and its calculation amount is negligible.

In Reference [22], the complexity of the proposed SESIM scheme for encrypting $N$-dimensional vectors is $O(N)$, and the complexity of vector comparison is $O(2N)$, therefore its computational complexity is $O(3N)$. The protocol proposed in reference [23] is to judge the similarity of triangles, and its average computational complexity is $O(12h)$. In Reference [24], the complexity is $O\left(6h\right)$.

In Protocol 1 (protocol of graph shape similarity determination under the semi-honest model), the calculation amount of ordinary division can be ignored, hence the calculation complexity is $O(3h)$. In Protocol 2, three hash operations are performed and the complexity is $3h$. In steps 3–12, $(10m\lg M+2)$ modular multiplication operations are performed, hence the computational complexity of Protocol 2 is $O(h+m\lg M)$.

5.2. Communication Complexity Analysis

In Algorithm 1 (computing the scalar product), one round of communication was conducted. In Reference [22], the proposed scheme uses a large number of encapsulation functions and loop statements, and $N$ rounds of communication were conducted. In Reference [23], 12 rounds of communication were conducted in the worst case. In Reference [24], four rounds of communication were conducted. In Protocol 1, two rounds of communication were conducted. In Protocol 2, five rounds of communication were conducted on the average stage.

The overall performance of the proposed protocols is compared with other protocols, as shown in

Table 1. Performance Comparison.

Protocol	Computational Complexity	Rounds of Communication	Resist Malicious Attacks
Reference [22]	$O(3N)$	$N$	×
Reference [23]	$O(12h)$	12	×
Reference [24]	$O\left(6h\right)$	4	×
Protocol 1	$O(3h)$	2	×
Protocol 2	$O(h+m\lg M)$	5	√

$N$: Vector dimension in protocol. $M$: The modulus of the Paillier encryption scheme. $h$: The calculation complexity of one hash operation. $m$ represents that the module index generated by the participant has $m$ groups.

.

5.3. Experimental Simulation

To intuitively compare the complexity of the above protocols, Protocol 1 and Protocol 2 are experimentally simulated. The experimental environment consists of two servers, namely a proxy server and a cloud server. The proxy server is used to execute calculations. The experimental environment is as follows: Intel (R) Core (TM) i5-1135G7 CPU @ 2.4 GHz, 16 GB memory, and python environment with Keras library. The cloud server is used for storage. It uses Tencent cloud memory M6ce instance, with the third generation of Intel ^® Xeon ^® Scalable processor, 16 GB memory, 2.7 GHz main frequency, and 3.3 GHz core frequency.

First, different numbers of graphics are uploaded to the cloud through the proxy server. If a user requests to search for a graphic, the proxy server performs the calculation and returns similar graphics to the user without disclosing the graphic information. In addition, 10 graphics are randomly selected for retrieval, and the single execution time of the protocol when different numbers of images are stored in the cloud are recorded and averaged to draw Figure 3. Ignore the time of protocol preprocessing.

From Figure 3, Protocol 1 has the shortest execution time. Although the efficiency of Protocol 2 is lower than that of the protocol in Reference [22], only it can be applied to the malicious model, and its complexity is caused by the increased ZKP, cut-choose, and other operations. If these calculations are outsourced, the protocol efficiency will be improved.

The data holder stores 500 images in the cloud server and users randomly select 10-100 images from the detected images for retrieval. The accuracy of the experiment is shown in Figure 4.

From Figure 4, the performance of Protocol 2 is better than that of other schemes.

6. Conclusions

In the field of secure multi-party geometric computation, the judgment of graphic similarity is the basic module of many other geometric problems. The search for graphics in a CC environment is the basis for solving many practical problems. It has been applied in many fields, such as biometric recognition, medical image processing, personal image management, crime detection, and so on. However, in the actual retrieval process, there are internal attacks from the cloud and external attacks from some illegal elements, which very easily leads to the disclosure of sensitive information about graphics. To protect the user’s private information during the retrieval process, this paper designs the anti-malicious attack graphic similarity judgment system under the malicious model using the Paillier algorithm, ZKP, and cut-choose. In addition, the security and correctness of the protocol are also proved, and the experimental simulation and efficiency compared with the existing schemes are carried out. It can be seen from the analysis that although the calculation efficiency of this protocol is not the highest, the accuracy rate of this protocol is the highest, which is closer to the reality of malicious attacks by criminals and has practical value.

In this paper, an anti-malicious attack MPC protocol is constructed by using the cut-choose and ZKP, which solve the problem of graphic similarity judgment in cloud computing. In the future, we will solve other specific secure multi-party computation geometry problems. Additionally, research on how to securely outsource tedious calculations such as ZKP, and how to improve the efficiency of the protocol, will also be the focus of our future work.