ISSN 23482370

Vol.06,Issue.10,
November-2014,
Pages:1105-1110
www.ijatir.org

Implementation of Encryption Method for Homomorphic Images

using DWT and MRA
SHAIK ABDUL SHAHID1, SHAIK KHAJAVALI2
1

PG Scholar, Dept of DECS, RISE Prakasam Group of Institutions, India.

Assistant Professor, Dept of ECE, RISE Prakasam Group of Institutions, India.

Abstract: Signal processing in the encrypted domain is a

new technology with the goal of protecting valuable signals
from insecure signal processing. In this paper, we propose a
method for implementing discrete wavelet transform (DWT)
and multi-resolution analysis (MRA) in homomorphic
encrypted domain. We first suggest a framework for
performing DWT and inverse DWT (IDWT) in the
encrypted domain, then conduct an analysis of data
expansion and quantization errors under the framework. To
solve the problem of data expansion, which may be very
important in practical applications, we present a method for
reducing data expansion in the case that both DWT and
IDWT are performed. With the proposed method, multilevel
DWT/IDWT can be performed with less data expansion in
homomorphic encrypted domain. We propose a new signal
processing procedure, where the multiplicative inverse
method is employed as the last step to limit the data
expansion. Taking a 2-D Haar wavelet transform as an
example, we conduct a few experiments to demonstrate the
advantages of our method in secure image processing. We
also provide computational complexity analyses and
comparisons. To the best of our knowledge, there has been
no report on the implementation of DWT and MRA in the
encrypted domain.
Keywords: Data Expansion, Discrete Wavelet Transform
(DWT), Homomorphic Encryption, Multiplicative Inverse
Method (MIM), Multi-Resolution Analysis (MRA), Secure
Signal Processing, Signal Processing In The Encrypted
Domain.
I. INTROCUTION
Signal processing in the encrypted domain, also referred
to as secure signal processing (SSP), has attracted
considerable attention in recent years [2]. This new
technology may promise two kinds of applications in future.
The first one is in the case when the owners and
manipulators of data are two different parties. For example,
in the scenario of network media distribution, the customer
may be asked to embed a watermark in the media to trace
illegal copies. Since plain media can be easily attacked by
the customer during watermarking, a solution is to embed
the watermark in the encrypted media, whose content is
protected by the cryptosystems. Signal processing
technology in the encrypted domain provides powerful tools

to make such secure implementation possible. The second

application is in privacy protection. For example, in the case
of a remote access system based on biometric data, the
users sensitive authentication information will be stored in
the server. If the server is untrustworthy or unsecure, the
users will face a serious problem of privacy leakage. Signal
processing in the encrypted domain, combined with
cryptographic protocols [3], [4], can provide an effective
solution to this problem. The server stores the users
encrypted information in the database. The user may simply
send out his or her encrypted information, and the server is
able to decide whether the person is enrolled in the database.
In this paper, we focus on signal processing in the encrypted
domain without considering the cryptographic protocols.
Cryptosystems play an important role in secure signal
processing, but not all cryptosystems are appropriate for
signal processing in the encrypted domain. The reason is
that most cryptosystems, such as data encryption standard
(DES) and advanced encryption standard (AES), do not
retain the algebraic relations among the plaintexts after
encryption. Special kinds of cryptosystems, the
homomorphic cryptosystems, are able to keep the algebraic
structure of the plaintext, and thus are particularly suitable
for this purpose. The existing homomorphic cryptosystems
can be divided into two categories, partially homomorphic
cryptosystems and fully homomorphic cryptosystems.
Partially homomorphic cryptosystems keep only one
algebraic structure of the plaintexts, such as the ElGamal
cryptosystem [5], the Paillier cryptosystem [6], and the
Damgrd-Jurik cryptosystem [7], while fully homomorphic
cryptosystems permit to compute additions and
multiplications homomorphically, allowing the computation
of any polynomials in the encrypted domain. For example,
Gentrys fully homomorphic encryption scheme [8] works
on binary values, which corresponds to the computation of
any logical circuits.
There have been some related works on signal processing
in the encrypted domain over the past few years. Bianchi et
al. [9] conducted an investigation on the implementation of
the discrete Fourier transform (DFT) as well as the fast
Fourier transform (FFT) on encrypted signals. A data
encrypting method, which packs several samples as a single

Copyright @ 2014 IJATIR. All rights reserved.

SHAIK ABDUL SHAHID, SHAIK KHAJAVALI

one, was proposed by Troncoso-Pastoriza et al. [10] and
MIM is also included, in order to show the advantage of
later generalized by Bianchi et al. [11]. Though the packing
MIM. The remainder of this paper is organized as follows.
method restricts the freedom of the packed samples, the
Section II Existing Method. In Section III, we describe Our
authors provide an approach to save storage space of the
Contributions. Section IV describes some experiments
encrypted signals. A Walsh-Hadamard transform-based
regarding watermarking on encrypted images. We conclude
image watermarking scheme was proposed in [12], which
our paper and provide suggestions for future work in
possesses the character of blind watermark extraction, in
Section V.
both the decrypted domain and the encrypted domain. In a
II. EXISTING METHOD
proposed a privacy-preserving face recognition system
In existing, embedded and/or extract Watermarking on
based on the Paillier cryptosystem presented a privacyencrypted image without being able to decrypt is a
preserving face recognition scheme which is efficient in
challenging problem. We firstly discuss the implementation
terms of communication and computation proposed a
of Walsh-hadamard transform (WHT) and its fast algorithm
system for the secure classification of electrocardiogram
in the encrypted domain, which is particularly suitable for
(ECG) signals with branching programs and neural
the Applications in the encrypted domain for its transform
networks. A privacy-preserving finger code authentication
matrix, consists of only integers. In changed the relations
among the adjacent transform coefficients, in using WHT
system was presented.
based image Watermarking Algorithm in the encryption
DWT is a commonly used mathematical tool in signal
domain. Due to the constrains of the encryption, extraction a
processing. With different wavelet bases and decomposition
Watermarking blindly from an encrypted image extraction
levels, DWT can extract different kinds of information from
both in the Decrypted Domain and encrypted Domain. On
digital media, and is therefore likely to be carried out in the
the implementation of the discrete Fourier transform (DFT)
encrypted domain. DWT in the encrypted domain is
as well as the fast Fourier transform (FFT) on encrypted
expected to be used as a building block in various
signals. A data encrypting method, which packs several
applications, for example, secure media watermarking,
samples as a single one, Due to the limitation of the
secure feature extraction and secure information retrieval.
encryption, it is very difficult, sometimes impossible, to
According to our knowledge, there has not been any report
transplant the existing mature watermark scheme to the
on DWT and multi-resolution analysis (MRA) in the
encrypted domain. Thus it is meaningful to design a new
encrypted domain. This paper addresses the issues of DWT
image watermark scheme under the constraints of the
and MRA in the homomorphic encrypted domain. Firstly,
Homomorphic encrypted domain.
we describe a framework for performing DWT and IDWT
in homomorphic encrypted domain. The framework can be
A. Walsh-Hadamard Transform in the Encrypted
used for general purpose operations on encrypted data. For
Domain
instance, pyramid algorithms can be implemented in the
WHT is used widely in the field of signal processing. The
encrypted domain by using our strategy. We then conduct
transform matrix of WHT contains only and no
the analysis of data expansion and derive an upper bound on
multiplications are required in the computation. Thus WHT
the accumulated error for decomposition and reconstruction.
is more efficient than other orthogonal transformations, such
Secondly, we propose a method, called the multiplicative
as DFT or DCT. Another advantage of WHT has is that
inverse method (MIM), to remove the quantization factor
WHT will not bring the quantization error in the encrypted
without decryption.
domain. WHT can therefore be perfectly reconstructed in
the encrypted domain.
The proposed method provides a solution to the problem
of data expansion. By using the proposed method, MRA can
B. Fast WHT in the Encrypted Domain
be implemented homomorphically in the encrypted domain
2D WHT is a separable transform, i.e., a 2D transform
with much less data expansion. We then discuss how to
which can be decomposed into two 1D transforms.
apply MIM to general applications of signal processing in
Specifically, performing 2D WHT on I (x, y) is equivalent
the encrypted domain. Finally, we provide computational
to performing 1D WHT on the each column of I (x; y) first
complexity analysis and performance comparisons. A
and then performing 1D WHT on the each row to the former
watermarking scheme based on the 2D discrete Haar
result. The fast algorithm follows the recursive definition of
wavelet transform is studied to demonstrate the correctness
the Hadamard matrix2. There are totally M log2M
of our proposed framework and method. As an extension of
additions/subtractions for the fast WHT. More specifically,
our previous work in, this paper includes a detailed analysis
every two coefficients are obtained at one stage from
of the computation complexity of DWT/IDWT in the
another two coefficients at the previous stage by using only
encrypted domain and MIM. The performance comparisons
addition or subtraction 1 and 2.
with and without MIM have been carefully studied. We
(1)
further investigate the usage and advantage of MIM. 1) We
propose an interesting signal processing procedure depicted,
(2)
where MIM is employed as the last step to limit the data
C. Blind Image Watermarking in the Encrypted Domain
expansion. 2) The performance of DWT with and without
International Journal of Advanced Technology and Innovative Research
Volume. 06, IssueNo.10, November-2014, Pages: 1105-1110

Implementation of Encryption Method for Homomorphic Images using DWT and MRA
In order to embed a watermark on an encrypted image,
in large variation in the spatial domain 5. Thus the
we should tackle two challenging issues. The first one is
decrypted values are very likely to be greater than 255 or
how to achieve the goal of blind watermark exaction. Since
less than 0.
the original image is protected by the encryption, it is not
practical to involve the plain original image into the
(5)
extraction (fig 1).
(6)
{wj}will be compared with the embedding message {wj}by
using the BER metric to output the result that whether there
is a watermark in Iw;256(x; y)6.

Fig.1 The relationship between the reference positions

and the values ej and dj.
A. Watermark Embedding
The embedding domain, e.g. the spatial domain or the
transform domain, plays a crucial role in robust performance
and the visual quality of the watermarked image. In order to
make the watermark scheme more robust, we choose to
embed the watermark in the transform domain rather than
the spatial domain.
B. Watermark Extraction
For our watermark scheme, the watermark extraction can
be accomplished in either the plain domain or the encrypted
domain. That is, we can extract the watermark either from
the image IW; 256 (x; y) or from the encrypted image ~Iw
(x; y). After the watermark has been extracted, it will be
compared to the original watermark with some metrics. We
use the bit error rate (BER) to measure the difference
between the extracted watermark and the original one. If we
denote the extracted watermark by w0j , then the BER of
w0j and wj is given as 3.
(3)
C. Extraction in the Encrypted Domain
In order to extract the watermark from the encrypted
image, we segment ~IW (x, y) into non-overlapping blocks
of m *n. According to the sequence a, we select n blocks
from total (M=m) 2 blocks. We then apply WHT of size
m*m to all the selected blocks to output the encrypted
coefficients. Let us denote those encrypted coefficient
blocks by 4.
(4)

III. OUR CONTRIBUTIONS

A method of proposed technique for implementing
discrete wavelet transform (DWT) and multi-resolution
analysis (MRA) in Homomorphic encrypted domain. We
first suggest a framework for performing DWT and inverse
DWT (IDWT) in the encrypted domain, then conduct an
analysis of data expansion and quantization errors under the
framework. To solve the problem of data expansion, which
can be very important in practical applications, we present a
method for reducing data expansion in the case that both
DWT and IDWT are performed. With the proposed process,
multilevel DWT/IDWT can be performed with less data
expansion in Homomorphic encrypted domain. We propose
a new signal processing procedure, where the multiplicative
inverse method is employed as the last step to limit the data
expansion. Taking a 2-D Haar wavelet transform as an
example, we conduct a few experiments to demonstrate the
advantages of our method in secure image processing. We
also provide computational complexity analyses and
comparisons.
This paper addresses the issues of DWT and MRA in the
homomorphic encrypted domain. Firstly, we describe a
framework for performing DWT and IDWT in
homomorphic encrypted domain. The framework can be
used for general purpose operations on encrypted data. For
instance, pyramid algorithms can be implemented in the
encrypted domain by using our strategy. We then conduct
the analysis of data expansion and derive an upper bound on
the accumulated error for decomposition and reconstruction.
Secondly, we propose a method, called the multiplicative
inverse method (MIM), to remove the quantization factor
without decryption. The proposed method provides a
solution to the problem of data expansion. By using the
proposed
method,
MRA
can
be
implemented
homomorphically in the encrypted domain with much less
data expansion.
A. Paillier Cryptosystem
1. Probabilistic Homomorphic Cryptosystem
The homomorphic cryptosystem was first introduced as
a privacy homomorphic, which is defined as an encryption
function allowing one to operate the cipher texts without
decrypting them into plaintexts. Specifically, there exist two
algebraic operations corresponding to each other, one in
plaintext space and the other in cipher text space. If m1 and
m2 are any two plaintexts in homomorphic cryptosystems,
we have

D. Extraction in the Decrypted Domain

Let us consider the case of extracting the watermark from
the decrypted watermarked image. Based on the analysis the
implementation of watermarking in the encrypted domain
will enlarge the plain value of the watermarked image. And
small modification of the transform coefficients may result
International Journal of Advanced Technology and Innovative Research
Volume. 06, IssueNo.10, November-2014, Pages: 1105-1110

SHAIK ABDUL SHAHID, SHAIK KHAJAVALI

(7)
Where D [] and E [] are the decrypting and encrypting
operators, respectively. Operators o and <> perform the
corresponding algebraic operations in the cipher text and the
plaintext spaces, respectively. The Paillier cryptosystem is a
public key cryptosystem which has been proved to be
semantically secure. It has an additive homomorphic
property. That is, for any two cipher texts, one can generate
cipher texts of the sum of the plaintext as long as the public
key is known (8), (9).
(8)
(9)

Fig.3. Value range comparison. l denotes the position of

the sample and x is the value of the sample.

IV. EXPERIMENTAL RESULTS

In this section, we investigate the use of our proposed
technique and MIM for image processing.

The upper bound Ux on the image is 255. Obviously, Ux is

much smaller than the value of (N 1) /2, so the
encryption can be carried out without error. We take this
encrypted image as the input signal and conduct the
following experiment. The quantization factor Q is chosen
as 264 for the wavelet filter coefficients. We first perform
five-level DWT on the input encrypted image and then
perform five-level IDWT on the encrypted DWT
coefficients. We show the encrypted reconstruction and its
decryption in Fig. 2(a), (b). The decrypted image looks like
a noisy image which is quite different from the plain image
that we expect to get. That is because the plain value of the
processed encrypted data exceeds the value of N and thus
decryption errors occur. By using MIM, we compute the
powers of the reconstruction data with an exponent ,
where is the inverse element of the expanding factor. The
processed result and its decrypted version are shown in Fig.
2(c), (d).

A. MIM in Secure Image Processing

The grey scale image Lena of 5125128 bits is
chosen as the plain signal. We exploit the 2D Haar wavelet
as the wavelet basis in the experiments and choose two large
prime numbers for the cryptosystem. The product of p and q
is more than 1024 bits.

Fig.2. 2D Haar wavelet transform on an encrypted

image. (a) Five level reconstruction with Q = 264. (b)
Decryption of the reconstruction. (c) Reconstruction
with MIM. (d) Decryption of the reconstruction with
MIM.

The decrypted image seems to be the same as the original

image Lena. In order to detail the differences between the
two images, we count the number of errors. The number of
errors is zero, meaning that the two images have the same
values at the same positions. Therefore we determine that
there is no distortion between the two images. We can still
use MIM to reduce the value range of the processed data
even if the recovery requirement is satisfied. Let us consider
the case when Q = 1. We perform MIM on the encrypted
reconstruction data. The decryption result is identical to that
in Fig. 2(d). In order to make a comparison, we apply a
logarithm function on the decryption with and without MIM
in Fig.3. The shapes of both curves are the same, while the
curve with MIM lies far below the other one. This means
MIM greatly reduces the value range of the processed data
in the encrypted domain.
B. Image Watermarking in the Encrypted Domain
In order to show how to use MIM in a general case, we
conduct an experiment of image watermarking in the
encrypted domain. We simplify the watermark embedding
model and implement it in the encrypted domain by using
the proposed DWT framework. With secure multi-party
computing technique, adaptive watermark schemes can be

International Journal of Advanced Technology and Innovative Research

Volume. 06, IssueNo.10, November-2014, Pages: 1105-1110

Implementation of Encryption Method for Homomorphic Images using DWT and MRA
implemented in the encrypted domain. However, in nondecryption and the desired image. By using it is easy to
interactive cases, it is very difficult to obtain the local
obtain the final watermarked image (k).
information of the original image, due to the encryption. As
a solution, we employ Coxs watermarking scheme and
C. Investigating the Value of
implement it in the encrypted domain. Specifically, a
We can efficiently compute by using the Euclidean
random small value k, l is used instead of the local
algorithm. The value of mainly depends on four
amplitude factor to make the watermark invisible.
parameters, the quantization factor Q, the wavelet
Watermark embedding in the plaintext domain can be
reconstruction level , the cryptosystems modular N, and
described, where k, l is randomly chosen in {1, 2, . . . ,}
the dimension i of the input signal. We investigate the value
and is a specified small integer. The watermark signal {y
of for some popular rational filter wavelet bases,
(k, l)} is an integer value signal. In the encrypted domain,
including the Haar wavelet, the CDF 5/3 wavelet and the
watermark embedding can be carried out as
biorthogonal spline 1.3 wavelet. For convenience, the input
(10)
signal is assumed to be one dimensional. Since a 1024-bit
is a lengthy string, we compute the value of with a small
In our experiment, we use the same quantization factor Q
64
key cryptosystem, that is N = 106060113287377. In Table I,
= 2 for the Haar wavelet transform. A Gaussian noise is
we summarize the value of the expansion factor K and its
chosen as the watermark signal. After performing five-level
multiplicative inverse for some frequently used
DWT on the input encrypted image, we add the Gaussian
reconstruction levels.
noise as a watermark into the low frequency bands (LL) of
the five level coefficients (10). We perform five-level
TABLE I: EXPANDING FACTOR K AND ITS
IDWT on the modified results to obtain the watermarked
MULTIPLICATIVE INVERSE FOR THREE TYPES OF
WAVELET: THE HAAR WAVELET, THE CDF 5/3
WAVELET, AND THE BIORTHOGONAL SPLINE 1.3
WAVELET. THE MODULUS IS N = 106060113287377

V. CONCLUSION
In This paper has investigated the implementation of
DWT and MRA in a homomorphic encrypted domain and
tackled the problem of data expansion caused by
quantization. The main contributions are listed as follows.
1. We have proposed a framework to implement DWT
and MRA in the encrypted domain by using
homomorphic properties. Compared with plaintext
Fig.4. Image watermarking scheme based on Haar
DWT, DWT in the encrypted domain will expand the
Wavelet transform in the encrypted domain. (a)
plaint value of the processed data. We have derived an
Watermarking in the encrypted domain. (b) Decryption
upper bound on the expanded data, regardless of the
of watermarking in the encrypted domain. (c)
kind of wavelet.
Watermarking with MIM. (d) Decryption of
2.
For a class of wavelet transform, i.e., the rational filter
watermarking with MIM.
coefficients wavelet transforms, we have presented a
image in the encrypted domain. The encrypted version of
method to perform DWT/IDWT in the encrypted
the watermarked image and its decryption are shown in Fig.
domain without any quantization error. MIM is
4(a), (b). The decryption looks quite different from the
proposed to remove the expanding factor without
watermarked image as we expect. In order to recover the
decrypting. The proposed method improves the
desired watermarked image, we apply MIM to the encrypted
capacity of signal processing with the same
version of the watermarked image by means. The processed
cryptosystem parameters.
result and its decryption are shown in Fig. 4(c), (d). The
3. MIM has been applied to various signal processing
decryption looks the same as the expected watermarked
applications in the encrypted domain. We have shown a
image. In fact, there is only one scaling factor between the
comparison of the performance of MRA in the
encrypted domain with and without MIM. We have also
International Journal of Advanced Technology and Innovative Research
Volume. 06, IssueNo.10, November-2014, Pages: 1105-1110

SHAIK ABDUL SHAHID, SHAIK KHAJAVALI

given a detailed analysis of the computational
[9] T. Bianchi, A. Piva, and M. Barni, On the
complexity of DWT/IDWT and MIM in the encrypted
implementation of the discrete Fourier transform in the
domain.
encrypted domain, IEEE Trans. Inf. Forensics Security,
4. We have investigated 2D Haar wavelet transform in our
vol. 4, no. 1, pp. 8697, Mar. 2009.
experiments. An example of image watermarking based
[10] J. Troncoso-Pastoriza, S. Katzenbeisser, M. Celik, and
on Haar wavelet transform in the encrypted domain has
A. Lemma, A secure multidimensional point inclusion
also been studied. The experiment results demonstrate
protocol, in Proc. 9th ACM Workshop Multimedia
the validity of our framework and the advantages of the
Security, 2007, pp. 109120.
proposed method.
[11] T. Bianchi, A. Piva, and M. Barni, Composite signal
representation for fast and storage-efficient processing of
The technique described in this paper and the proposed
encrypted signals, IEEE Trans. Inf. Forensics Security, vol.
algorithm are suitable for secure multimedia applications,
5, no. 1, pp. 180187, Mar. 2010.
such as secure signal filtering, secure feature extraction,
[12] P. Zheng and J. Huang, Walsh-Hadamard transform in
secure face detection and secure watermarking. For
the homomorphic encrypted domain and its application in
example, one can design a privacy-preserving MRA-based
image watermarking, in Proc. 14th Inf. Hiding Conf., 2012,
face detection system by transplanting Violas face
pp. 240254.
detection scheme into the encrypted domain, with our DWT
and MRA framework and secure multi-party computation
technique. Future works will entail two aspects. One is to
address the issues regarding the storage and computation
overheads induced by the homomorphic encryptions. It is
necessary but very challenging to develop a method to
reduce the storage overhead. A fast algorithm to speed up
the computation in the encrypted domain is also very
important. The other may be to extend MIM be a
generalized method for other cryptosystems and other signal
transforms, for example, the DFT in the encrypted domain.
VI. REFERENCES
[1] Peijia Zheng, Student Member, IEEE, and Jiwu Huang,
Senior Member, IEEE, Discrete Wavelet Transform and
Data Expansion Reduction in Homomorphic Encrypted
Domain, IEEE Transactions on Image Processing, Vol. 22,
No. 6, June 2013.
[2] Z. Erkin, A. Piva, S. Katzenbeisser, R. Lagendijk, J.
Shokrollahi, G. Neven, and M. Barni, Protection and
retrieval of encrypted multimedia content: When
cryptography meets signal processing, EURASIP J. Inf.
Security, vol. 2007, pp. 120, Jan. 2007.
[3] A. Yao, Protocols for secure computations, in Proc.
23rd Annu. Symp. Foundations Computer Science, 1982,
pp. 160164.
[4] O. Goldreich, S. Micali, and A. Wigderson, How to
play ANY mental game, in Proc. 19th Annu. ACM Conf.
Theory Comput, 1987, pp. 218229.
[5] T. Elgamal, A public key cryptosystem and a signature
scheme based on discrete logarithms, IEEE Trans. Inf.
Theory, vol. 31, no. 4, pp. 469472, Jul. 1985.
[6] P. Paillier, Public-key cryptosystems based on
composite degree residuosity classes, in Proc. Adv.
Cryptology, 1999, pp. 223238.
[7] I. Damgrd and M. Jurik, A generalization, a
simplification and some applications of Pailliers
probabilistic public-key system, in Proc. Public-Key
Cryptography, 2001, pp. 119136.
[8] C. Gentry, Fully homomorphic encryption using ideal
lattices, in Proc. 41st Annu. ACM Symp. Theory Comput,
2009, pp. 169178.
International Journal of Advanced Technology and Innovative Research
Volume. 06, IssueNo.10, November-2014, Pages: 1105-1110