CN118802277A

CN118802277A - Image retrieval method, cloud server, first device and storage medium

Info

Publication number: CN118802277A
Application number: CN202410238955.4A
Authority: CN
Inventors: 张逸然; 耿慧拯
Original assignee: China Mobile Communications Group Co Ltd; Research Institute of China Mobile Communication Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; Research Institute of China Mobile Communication Co Ltd
Priority date: 2024-03-01
Filing date: 2024-03-01
Publication date: 2024-10-18

Abstract

The embodiment of the application provides an image retrieval method, a cloud server, first equipment and a storage medium, wherein the method is applied to the cloud server and comprises the following steps: the cloud server receives an encryption index, a first character polynomial function and an encryption image library which are sent by first equipment; receiving a first image retrieval request sent by second equipment; the first image retrieval request carries a first encryption trapdoor and a first encryption corner color value; judging whether a first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and a first role polynomial function; under the condition that the first user role is the first legal user role, determining a target image based on the encryption index, the first encryption trapdoor and the encryption image library, and sending the target image to the second device, so that a malicious user can be prevented from accessing the system, and the problem of image privacy disclosure is avoided.

Description

Image retrieval method, cloud server, first device and storage medium

Technical Field

The present invention relates to the field of cloud security technologies, and in particular, to an image retrieval method, a cloud server, a first device, and a storage medium.

Background

Image retrieval technology refers to technology that searches for images of interest to a user in a large-scale image, but image retrieval tasks consume a large amount of memory resources and computing resources. With the development of cloud technology, more and more image owners tend to upload images to cloud servers that are more memory and computationally intensive. In the image retrieval task based on the cloud environment, an image owner uploads an image dataset to the cloud, the image retrieval task is performed by the cloud, and a retrieval result is returned to a user.

However, the current image retrieval technology supporting privacy generally assumes that the user is honest and reliable, but in practical application, malicious users often exist, and the malicious users can disguise as legal users to access the system, steal images of image owners, and thus privacy disclosure is caused; and when verifying whether the inquiring user is a legal user, the inquiring user generally directly uploads the angular color value of the plaintext to cloud verification, and the cloud possibly collects a set of legal users, so that privacy disclosure is caused. Therefore, the current image retrieval method has the problem of image privacy disclosure, and further causes the security of image retrieval to be reduced.

Disclosure of Invention

The embodiment of the application provides an image retrieval method, a cloud server, first equipment and a storage medium, which can avoid the leakage of image privacy and further improve the security of image retrieval.

The technical scheme of the embodiment of the application is realized as follows:

In a first aspect, an embodiment of the present application provides an image retrieval method, where the method is applied to a cloud server, and the method includes:

receiving an encryption index, a first character polynomial function and an encryption image library which are sent by first equipment;

receiving a first image retrieval request sent by second equipment; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value;

Judging whether a first user role corresponding to the first encryption role value is a first legal user role or not based on the first encryption role value and the first role polynomial function;

And under the condition that the first user role is the first legal user role, determining a target image based on the encryption index, the first encryption trapdoor and the encryption image library, and sending the target image to the second device.

In a second aspect, an embodiment of the present application provides an image retrieval method, where the method is applied to a first device, and the method includes:

determining an encrypted user role set based on a legal user role set corresponding to the image set;

Determining a first character polynomial function based on the set of encrypted user characters;

And sending the first character polynomial function, the encryption index and the encryption image library to a cloud server so that the cloud server can determine a target image based on the first character polynomial function, the encryption index and the encryption image library.

In a third aspect, an embodiment of the present application provides a cloud server, where the cloud server includes: a receiving unit, a judging unit, a first determining unit, a first transmitting unit,

The receiving unit is used for receiving the encryption index, the first character polynomial function and the encryption image library which are sent by the first equipment;

the receiving unit is further used for receiving a first image retrieval request sent by the second device; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value;

The judging unit is used for judging whether the first user role corresponding to the first encryption role value is a first legal user role or not based on the first encryption role value and the first role polynomial function;

The first determining unit is configured to determine, when the first user role is the first legal user role, a target image based on the encryption index, the first encryption trapdoor, and the encrypted image library;

The first sending unit is configured to send the target image to the second device.

In a fourth aspect, an embodiment of the present application provides a cloud server, where the cloud server includes: a first processor and a first memory; wherein,

The first memory is used for storing a computer program capable of running on the processor;

the first processor is configured to execute the image retrieval method as described above when the computer program is run.

In a fifth aspect, an embodiment of the present application provides a first apparatus, including: a second determination unit, a second transmission unit,

The second determining unit is used for determining an encrypted user role set based on the legal user role set;

The second determining unit is further configured to determine a first role polynomial function based on the encrypted user role set;

The second sending unit is configured to send the first character polynomial function, the encryption index and the encrypted image library to a cloud server, so that the cloud server determines a target image based on the first character polynomial function, the encryption index and the encrypted image library.

In a sixth aspect, an embodiment of the present application provides a first apparatus, including: a second processor and a second memory; wherein,

The second memory is used for storing a computer program capable of running on the processor;

the second processor is configured to execute the image retrieval method as described above when the computer program is run.

In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, wherein the storage medium has stored thereon computer program code which, when executed by a computer, implements the image retrieval method as described above.

An eighth aspect, a computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the image retrieval method as described above.

The embodiment of the application provides an image retrieval method, a cloud server, first equipment and a storage medium, wherein the cloud server receives an encryption index, a first character polynomial function and an encryption image library which are sent by the first equipment; receiving a first image retrieval request sent by second equipment; the first image retrieval request carries a first encryption trapdoor and a first encryption corner color value; judging whether a first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and a first role polynomial function; determining a target image based on an encryption index, a first encryption trapdoor and an encryption image library and sending the target image to the second device under the condition that the first user role is the first legal user role; the first device determines an encrypted user role set based on a legal user role set corresponding to the image set; determining a first persona polynomial function based on the encrypted user persona set; the first character polynomial function, the encryption index and the encrypted image library are transmitted to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index and the encrypted image library. Therefore, the angle color value received by the cloud server is the first encryption angle color value and is not the plaintext angle color value, so that the problem of privacy disclosure possibly caused by uploading of plaintext characters is avoided, and the application provides a lightweight access control strategy, namely, authentication processing can be carried out on identity information of a first user character corresponding to the first encryption angle color value, the cloud server can judge whether the first user character corresponding to the first encryption angle color value is a first legal user character based on the first encryption angle color value and a first character polynomial function, and under the condition that the first user character is authenticated as the first legal user character, a target image can be determined based on the encryption index, the first encryption trapdoor and an encrypted image library, so that malicious users can be prevented from accessing a system, the problem of image privacy disclosure is further avoided, and the security of image retrieval is further improved.

Drawings

Fig. 1 is a schematic diagram of an image retrieval method according to an embodiment of the present application;

FIG. 2 is a schematic diagram II of an image retrieval method according to an embodiment of the present application;

Fig. 3 is a schematic diagram III of an image retrieval method according to an embodiment of the present application;

FIG. 4 is a schematic diagram of an image retrieval system according to an embodiment of the present application;

Fig. 5 is a schematic diagram of a fourth image retrieval method according to an embodiment of the present application;

fig. 6 is a schematic diagram of a composition structure of a cloud server according to an embodiment of the present application;

Fig. 7 is a schematic diagram of a second component structure of the cloud server according to the embodiment of the present application;

fig. 8 is a schematic diagram of a first device according to an embodiment of the present application;

fig. 9 is a schematic diagram of a second component structure of the first device according to the embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. It is to be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to be limiting. It should be noted that, for convenience of description, only a portion related to the related application is shown in the drawings.

The image retrieval technology refers to a technology for searching for an image of interest of a user in a large-scale image, but an image retrieval task consumes a large amount of storage resources and computing resources; with the development of cloud technology, more and more image owners tend to upload images to cloud servers that are more memory and computationally intensive. In the image retrieval task based on the cloud environment, an image owner uploads an image dataset to the cloud, the image retrieval task is performed by the cloud, and a retrieval result is returned to a user. However, cloud servers are considered "honest and curious" in that they may honest perform image retrieval tasks, but may analyze stored images for more information, resulting in privacy leakage; and a malicious user may disguise as a legitimate user, resulting in privacy disclosure. Therefore, there is a need to study privacy-enabled image retrieval schemes based on access control.

The patent discloses a large-scale image safety retrieval method in a cloud environment. The image owner locally generates an encrypted image library and a security index and outsources the encrypted image library and the security index to a cloud server, and the cloud server can return and inquire the image most similar to the image without decryption when searching; the method combines a word bag model and a minimum hash principle, has higher efficiency in large-scale image security retrieval, but the scheme directly assumes that the user is completely trusted, does not consider the condition that the user belongs to a malicious user, and cannot avoid the condition that the malicious user steals the image privacy. The patent discloses an image security retrieval scheme based on shamir secret sharing in a cloud environment. In the offline stage, an image index is generated through a secret sharing technology and is packaged to a plurality of cloud servers for storage together with an encrypted image library. In the inquiry stage, the user generates image trapdoors and respectively sends the image trapdoors to the cloud servers, and the search results interested by the user are returned to the user through data interaction among the multiple servers; the method improves a safe multiparty calculation method, and can realize safe image retrieval in a multi-cloud server environment on the premise of not exposing the real Euclidean distance of the image. However, the method is initially intended to realize the secure retrieval of the multi-server image, does not consider the situation that the user is a malicious user, and cannot realize the authentication of the malicious user.

The current image retrieval method has the following problems: (1) Privacy-supporting image retrieval technologies generally assume that users are honest and reliable, but in practical applications, malicious users often exist, and the malicious users can disguise as legal users accessing a system and steal images of image owners, so that privacy disclosure is caused; (2) When verifying whether the inquiring user is a legal user, the inquiring user generally directly uploads the angular color value of the plaintext to cloud verification, and the cloud possibly collects a set of legal users, so that privacy is revealed; (3) When the set of legal users is updated, i.e. when the set of legal users is newly added or subtracted, it is often necessary for the image owner to regenerate the role polynomial and upload it to the cloud, increasing the burden on the image owner.

In order to solve the problem that the security of image retrieval is reduced due to the fact that the image privacy is revealed in the existing image retrieval method, the embodiment of the application provides an image retrieval method, a cloud server, first equipment and a storage medium, wherein the cloud server receives an encryption index, a first character polynomial function and an encryption image library which are sent by the first equipment; receiving a first image retrieval request sent by second equipment; the first image retrieval request carries a first encryption trapdoor and a first encryption corner color value; judging whether a first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and a first role polynomial function; determining a target image based on the encryption index, the first encryption trapdoor and the encrypted image library and transmitting the target image to the second device under the condition that the first user role is the first legal user role; the first device determines an encrypted user role set based on a legal user role set corresponding to the image set; determining a first persona polynomial function based on the encrypted user persona set; the first character polynomial function, the encryption index and the encrypted image library are transmitted to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index and the encrypted image library. Therefore, the angle color value received by the cloud server is the first encryption angle color value and is not the plaintext angle color value, so that the problem of privacy disclosure possibly caused by uploading of plaintext characters is avoided, and the application provides a lightweight access control strategy, namely, authentication processing can be carried out on identity information of a first user character corresponding to the first encryption angle color value, the cloud server can judge whether the first user character corresponding to the first encryption angle color value is a first legal user character based on the first encryption angle color value and a first character polynomial function, and under the condition that the first user character is authenticated as the first legal user character, a target image can be determined based on the encryption index, the first encryption trapdoor and an encrypted image library, so that malicious users can be prevented from accessing a system, the problem of image privacy disclosure is further avoided, and the security of image retrieval is further improved.

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application.

Example 1

The embodiment of the application provides an image retrieval method, which is applied to a cloud server, and fig. 1 is a schematic diagram of the image retrieval method provided by the embodiment of the application, as shown in fig. 1, the image retrieval method may include the following steps:

step 101, receiving an encryption index, a first character polynomial function and an encryption image library sent by a first device.

In an embodiment of the present application, the cloud server may receive the encryption index, the first role polynomial function, and the encrypted image library sent by the first device.

It should be noted that, in the embodiment of the present application, the first device may be an entity device corresponding to the image owner, and the type of the first device is not specifically limited in the present application.

It should be noted that, in the embodiment of the present application, the first character polynomial function may be expressed by the following formula (1).

Wherein f (v) represents a first character polynomial function,Representing the root of the function, v represents the role of the user, c _i represents the coefficients of v ⁱ.

It should be noted that, in the embodiment of the present application, the encryption index may be expressed by the following formula (2).

Wherein, ii f _i‖²＝f_i,1 ²+f_i,2 ²+...+f_i,n ² represents the euclidean paradigm of f _i, c ₁,c₂,...,c_m is a coefficient of a role-based polynomial function, f _i,1,f_i,2,...,f_i,l represents a feature vector corresponding to the image m _i of the image library, i represents a sequence number of the image in the image library, and l represents a dimension of the feature.

It should be noted that, in the embodiment of the present application, the encrypted image library may be obtained by encrypting based on an image encryption algorithm, and the image encryption algorithm may be an advanced encryption algorithm (Advanced Encryption Standard, AES), and the type of the image encryption algorithm is not particularly limited in the present application.

102, Receiving a first image retrieval request sent by second equipment; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value.

In the embodiment of the application, the cloud server can receive the encryption index, the first character polynomial function and the encryption image library sent by the first equipment and can also receive the first image retrieval request sent by the second equipment; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value.

It should be noted that, in the embodiment of the present application, the second device may be a user device, and the type of the second device is not specifically limited in the present application.

It should be noted that, in the embodiment of the present application, the encryption trapdoor may be represented by the following formula (3).

Where v is the role of the querying user, β, α is a random positive number, q ₁,q₂,...,q_l represents the feature vector corresponding to the query image q _i, and l represents the dimension of the feature.

It should be noted that, in the embodiment of the present application, the first encryption angle color value may be obtained by encrypting the role of the user, for example, the role v of the user may be encrypted to generate the first encryption angle color value g ^v.

And step 103, judging whether the first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and the first role polynomial function.

In the embodiment of the application, the cloud server receives an encryption index, a first character polynomial function and an encryption image library which are sent by first equipment; a first image retrieval request sent by the second device; after the first image retrieval request carries the first encryption trapdoor and the first encryption angle color value, whether the first user role corresponding to the first encryption angle color value is a first legal user role can be judged based on the first encryption angle color value and the first role polynomial function.

It should be noted that, in the embodiment of the present application, when the cloud server determines whether the first user role corresponding to the first encryption angle color value is the first legal user role based on the first encryption angle color value and the first role polynomial function, the cloud server may input the first encryption angle color value to the first role polynomial function to obtain the output value; under the condition that the output value is a first preset value, judging the first user role as a first legal user role; and under the condition that the output value is not the first preset value, judging that the first user role is not the first legal user role.

It should be noted that, in the embodiment of the present application, the first preset value may be 0, and the size of the first preset value is not specifically limited in the present application.

Illustratively, in an embodiment of the present application, it is assumed that the first cryptographic corner color value isInputting the first encrypted character value into a first character polynomial function, namely the formula (1), and obtaining an output value; when the output value is 0, the first user role is determined to be the first legal user role, and when the output value is not 0, the first user role is determined not to be the first legal user role.

That is, in the embodiment of the present application, the cloud server may verify the user role, and if the user role belongs to a legal user, allow the image retrieval operation to be continued; if the user is not a legal user, the image retrieval operation is not allowed to be continued, so that the malicious user can be prevented from disguising as the legal user to access the system, the image of the image owner is stolen, and the image privacy disclosure is avoided.

It should be noted that, in the embodiment of the present application, after the cloud server determines whether the first user role corresponding to the first encryption angle color value is the first legal user role based on the first encryption angle color value and the first role polynomial function, the cloud server may determine the second role polynomial function based on the preset random number and the first role polynomial function.

In the embodiment of the present application, the preset random number may be any positive integer, and the size of the preset random number is not specifically limited in the present application.

It should be noted that, in the embodiment of the present application, the second role polynomial function may be represented by the following formula (4).

f^′(v)＝mf(v) (4)

Wherein m represents a preset random number, and f (v) represents a first character polynomial function.

It should be noted that, in the embodiment of the present application, the cloud server resets the first role polynomial function by using the preset random number, so as to update the role polynomial function every time of query, thereby preventing an attacker from stealing the legal user set according to the role polynomial function.

It should be noted that, in the embodiment of the present application, the cloud server may further receive a second image retrieval request sent by the second device; wherein the second image retrieval request carries a second encryption trapdoor and a second encryption angle color value; judging whether a second user role corresponding to the second encryption angle color value is a first legal user role or not based on the second encryption angle color value and a second role polynomial function; and determining the target image based on the encryption index, the second encryption trapdoor and the encrypted image library under the condition that the second user role is the first legal user role.

That is, in the embodiment of the present application, after receiving the second image retrieval request sent by the second device next time, the cloud server may determine, according to the updated second role polynomial function and the second encryption angle color value, whether the second user role corresponding to the second encryption angle color value is the first legal user role.

And 104, determining a target image based on the encryption index, the first encryption trapdoor and the encryption image library and sending the target image to the second device when the first user role is the first legal user role.

In the embodiment of the present application, after determining whether the first user role corresponding to the first cryptographic corner color value is the first legal user role based on the first cryptographic corner color value and the first role polynomial function, the cloud server may determine the target image based on the cryptographic index, the first cryptographic trapdoor, and the cryptographic image library and send the target image to the second device if the first user role is the first legal user role.

It should be noted that, in the embodiment of the present application, the encryption index includes N encryption index vectors, where N is a positive integer, and the number of the encryption index vectors is not specifically limited in the present application.

It should be noted that, in the embodiment of the present application, when the cloud server determines the target image based on the encryption index, the first encryption trapdoor, and the encryption image library, the cloud server may determine the target encryption index vector based on the first encryption trapdoor and the N encryption index vectors; the target image may then be determined based on the target encryption index vector and the encrypted image library.

For example, in an embodiment of the present application, the cloud server may calculate a product of the first encryption trapdoor and the N encryption index vectors, and an image corresponding to an encryption index (target encryption index) with the smallest product is an image of interest to the user, that is, a target image, and a calculation formula is shown in the following formula (5).

Where q represents an encryption trapdoor, f _i,r represents a certain encryption index vector, α represents a random positive number, and f (v) =0 since the user has been authenticated as a legitimate user.

It should be noted that, in the embodiment of the present application, the cloud server may receive role function information sent by the first device; wherein the character function information comprises a first character function and/or a second character function; the first character polynomial function may then be updated based on the character function information.

It should be noted that, in the embodiment of the present application, the first role function may be a function generated based on the newly added user role.

It should be noted that, in an embodiment of the present application, the second role function may be a function generated based on the reduced user roles.

Illustratively, in an embodiment of the present application, it is assumed that, after the cloud server receives the first role function transmitted by the first device, the first role polynomial function may be updated based on the first role function, and the updated role polynomial function is shown in the following formula (6).

f^′(v)＝f_new(v)f(v) (6)

Where f _new (v) denotes the first character function and f (v) denotes the first character polynomial function.

Illustratively, in an embodiment of the present application, it is assumed that, after the cloud server receives the second role function transmitted by the first device, the first role polynomial function may be updated based on the second role function, and the updated role polynomial function is shown in the following formula (7).

f^′(v)＝f(v)/f_r(v) (7)

Where f _r (v) represents a second role function.

That is, in the embodiment of the present application, the cloud server can update the first character function based on the received character function information without the first device regenerating the character function and uploading to the cloud server, thereby reducing the burden of the first device.

In summary, the cloud server receives the encryption index, the first character polynomial function and the encrypted image library sent by the first device; a first image retrieval request sent by the second device; after the first image retrieval request carries the first encryption trapdoor and the first encryption angle color value, whether the first user role corresponding to the first encryption angle color value is a first legal user role or not can be judged based on the first encryption angle color value and the first role polynomial function, namely, the cloud server can verify the user role, and if the user role belongs to a legal user, image retrieval operation is allowed to be continued; if the user is not a legal user, the image retrieval operation is not allowed to be continued, so that the malicious user can be prevented from disguising as the legal user to access the system, the image of the image owner is stolen, and the image privacy disclosure is avoided. The cloud server can also receive role function information sent by the first equipment; wherein the character function information comprises a first character function and/or a second character function; the first character polynomial function may then be updated based on the character function information without the first device regenerating the character polynomial function and uploading to the cloud server, thereby reducing the burden on the first device.

The embodiment of the application provides an image retrieval method, which is applied to a cloud server, wherein the cloud server receives an encryption index, a first character polynomial function and an encryption image library which are sent by first equipment; receiving a first image retrieval request sent by second equipment; the first image retrieval request carries a first encryption trapdoor and a first encryption corner color value; judging whether a first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and a first role polynomial function; and determining a target image based on the encryption index, the first encryption trapdoor and the encrypted image library and transmitting the target image to the second device under the condition that the first user role is the first legal user role. Therefore, the angle color value received by the cloud server is the first encryption angle color value and is not the plaintext angle color value, so that the problem of privacy disclosure possibly caused by uploading of plaintext characters is avoided, and the application provides a lightweight access control strategy, namely, authentication processing can be carried out on identity information of a first user character corresponding to the first encryption angle color value, the cloud server can judge whether the first user character corresponding to the first encryption angle color value is a first legal user character based on the first encryption angle color value and a first character polynomial function, and under the condition that the first user character is authenticated as the first legal user character, a target image can be determined based on the encryption index, the first encryption trapdoor and an encrypted image library, so that malicious users can be prevented from accessing a system, the problem of image privacy disclosure is further avoided, and the security of image retrieval is further improved.

Example two

Based on the above embodiment, a further embodiment of the present application provides an image retrieval method, which is applied to a first device, and fig. 2 is a schematic diagram of a second image retrieval method according to the embodiment of the present application, as shown in fig. 2, the image retrieval method may include the following steps:

Step 201, determining an encrypted user role set based on a legal user role set corresponding to the image set.

In an embodiment of the present application, the first device may determine the encrypted user role set based on a legal user role set corresponding to the image set.

Illustratively, in an embodiment of the present application, it is assumed that the role of user i may be represented by an integer v _i. The set of legitimate user roles corresponding to an image set may be represented as ε= { v ₁,v₂,...,v_m }, where m is represented as the total number of users that can access the data set.

In an exemplary embodiment of the present application, after determining the legal user role set corresponding to the image set, the first device may encrypt the legal user role set to generate an encrypted user role setWherein g represents a random integer.

Step 202, determining a first character polynomial function based on the encrypted user character set.

In an embodiment of the present application, after determining the encrypted user role set based on the legal user role set corresponding to the image set, the first device may determine the first role polynomial function based on the encrypted user role set.

Illustratively, in an embodiment of the application, the first device is generating an encrypted set of user rolesThereafter, the set of user roles can be encrypted basedAnd (3) determining a first character polynomial function, wherein the first character polynomial function is shown in the formula (1).

It should be noted that, in the embodiment of the present application, the first device may determine N corresponding feature vectors based on N images in the image set; wherein N is a positive integer; n encryption index vectors may then be determined based on the N feature vectors; the encryption index may then be determined based on the N encryption index vectors.

Illustratively, in an embodiment of the present application, the first device may determine N corresponding feature vectors f _i＝(f_i,1,f_i,2,...,f_i,l based on N images in the image set, i represents a sequence number of the image in the image library, l represents a dimension of the feature, and then may determine N encryption index vectors based on the N feature vectors, and further may determine an encryption index based on the N encryption index vectors, where the encryption index may be represented by the above formula (2).

It should be noted that, in the embodiment of the present application, in the case of adding the second legal user role, the first device may determine the third cryptographic corner color value based on the second legal user role; the first corner function may then be determined based on the third encrypted corner color value; in the case of reducing the third legitimate user role, the first device may determine a fourth cryptographic corner color value based on the third legitimate user role; a second role function may then be determined based on the fourth cryptographic corner color value; role function information can be sent to the cloud server; wherein the character function information includes a first character function and/or a second character function.

In an embodiment of the present application, assuming that the newly added second legal user role is v _new, the first device may determine the third cryptographic angle color value based on the second legal user role v _new A first character function may then be determined based on the third encrypted character value, the first character function being as shown in equation (8) below.

Wherein, And represents a third cryptographic corner value, v represents the role of the user.

Illustratively, in an embodiment of the present application, in the case of reducing the third legitimate user role, assuming the reduced third legitimate user role is v _r, the first device may determine the fourth cryptographic corner color value based on the third legitimate user role v _r A second role function may then be determined based on the fourth cryptographic corner color value, the second role function being shown in equation (9) below.

Wherein, And a fourth encryption angle color value is represented, and v represents the role of the user.

Step 203, the first character polynomial function, the encryption index and the encrypted image library are sent to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index and the encrypted image library.

In an embodiment of the present application, after determining the first role polynomial function based on the encrypted user role set, the first device may send the first role polynomial function, the encryption index, and the encrypted image library to the cloud server, so that the cloud server determines the target image based on the first role polynomial function, the encryption index, and the encrypted image library.

It should be noted that, in the embodiment of the present application, the first device may encrypt the image library using an image encryption algorithm, and the encryption algorithm may be an advanced encryption algorithm (Advanced Encryption Standard, AES), and the present application does not specifically limit the type of the image encryption algorithm.

In summary, the first device may determine a legal user role set of the image set first, and then determine an encrypted user role set based on the legal user role set corresponding to the image set; the first role polynomial function can be determined based on the encryption user role set, namely, when the first role polynomial function is generated, the legal user role set can be encrypted, and the first role polynomial function, the encryption index and the encryption image library are sent to the cloud server, so that the cloud server determines the target image based on the first role polynomial function, the encryption index and the encryption image library.

The embodiment of the application provides an image retrieval method, which is applied to first equipment, wherein the first equipment determines an encrypted user role set based on a legal user role set corresponding to an image set; determining a first persona polynomial function based on the encrypted user persona set; the first character polynomial function, the encryption index and the encrypted image library are transmitted to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index and the encrypted image library. It can be seen that the first device can determine an encrypted user role set based on a legal user role set corresponding to the image set; then, a first role polynomial function can be determined based on the encryption user role set, namely, when the first role polynomial function is generated, the legal user role set can be encrypted, so that the privacy of the user role is ensured, and the first role polynomial function, the encryption index and the encryption image library are sent to the cloud server, so that the cloud server determines a target image based on the first role polynomial function, the encryption index and the encryption image library.

Example III

Based on the foregoing embodiments, a further embodiment of the present application provides an image retrieval method, where the method is applied to a cloud server and a first device, and fig. 3 is a schematic diagram three of the image retrieval method provided by the embodiment of the present application, and as shown in fig. 3, the image retrieval method may include the following steps:

step 301, the first device determines an encrypted user role set based on a legal user role set corresponding to the image set.

Step 302, the first device determines a first persona polynomial function based on the encrypted user persona set.

In an embodiment of the present application, assuming that the newly added second legal user role is v _new, the first device may determine the third cryptographic angle color value based on the second legal user role v _new A first character function may then be determined based on the third encrypted character value, the first character function being as shown in equation (8) above.

Illustratively, in an embodiment of the present application, in the case of reducing the third legitimate user role, assuming the reduced third legitimate user role is v _r, the first device may determine the fourth cryptographic corner color value based on the third legitimate user role v _r A second role function may then be determined based on the fourth cryptographic corner color value, the second role function being as shown in equation (9) above.

In step 303, the first device sends the first character polynomial function, the encryption index, and the encrypted image library to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index, and the encrypted image library.

Step 304, the cloud server receives a first image retrieval request sent by the second device; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value.

It should be noted that, in the embodiment of the present application, the encryption trapdoor may be represented by the above formula (3).

And 305, the cloud server judges whether the first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and the first role polynomial function.

It should be noted that, in the embodiment of the present application, the second role polynomial function may be represented by the above formula (4).

And 306, the cloud server determines a target image based on the encryption index, the first encryption trapdoor and the encryption image library and sends the target image to the second device when the first user role is the first legal user role.

For example, in the embodiment of the present application, the cloud server may calculate the product of the first encryption trapdoor and the N encryption index vectors, where the image corresponding to the encryption index (target encryption index) with the smallest product is the image of interest to the user, that is, the target image, and the calculation formula is shown in the above formula (5).

For example, in an embodiment of the present application, it is assumed that, after the cloud server receives the first role function sent by the first device, the first role polynomial function may be updated based on the first role function, where the updated role polynomial function is shown in the above formula (6).

For example, in the embodiment of the present application, it is assumed that, after the cloud server receives the second role function sent by the first device, the first role polynomial function may be updated based on the second role function, where the updated role polynomial function is shown in the above formula (7).

The embodiment of the application provides an image retrieval method, which is applied to a cloud server and first equipment, wherein the cloud server receives an encryption index, a first character polynomial function and an encryption image library which are sent by the first equipment; receiving a first image retrieval request sent by second equipment; the first image retrieval request carries a first encryption trapdoor and a first encryption corner color value; judging whether a first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and a first role polynomial function; determining a target image based on the encryption index, the first encryption trapdoor and the encrypted image library and transmitting the target image to the second device under the condition that the first user role is the first legal user role; the first device determines an encrypted user role set based on a legal user role set corresponding to the image set; determining a first persona polynomial function based on the encrypted user persona set; the first character polynomial function, the encryption index and the encrypted image library are transmitted to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index and the encrypted image library. Therefore, the angle color value received by the cloud server is the first encryption angle color value and is not the plaintext angle color value, so that the problem of privacy disclosure possibly caused by uploading of plaintext characters is avoided, and the application provides a lightweight access control strategy, namely, authentication processing can be carried out on identity information of a first user character corresponding to the first encryption angle color value, the cloud server can judge whether the first user character corresponding to the first encryption angle color value is a first legal user character based on the first encryption angle color value and a first character polynomial function, and under the condition that the first user character is authenticated as the first legal user character, a target image can be determined based on the encryption index, the first encryption trapdoor and an encrypted image library, so that malicious users can be prevented from accessing a system, the problem of image privacy disclosure is further avoided, and the security of image retrieval is further improved.

Example IV

Based on the above embodiment, a further embodiment of the present application provides an image retrieval method, where the method is applied to an image retrieval system model, and fig. 4 is a schematic diagram of the image retrieval system model according to the embodiment of the present application, and as shown in fig. 4, the image retrieval system model includes four entities: a cloud server, an image owner (first device), a user (second device); wherein the image owner (first device): the cloud server is provided with an image database, encrypts the image database and uploads the encrypted image database to the cloud server; it generates encryption index based on the image and uploads to the cloud server; setting an access control strategy for a system, generating a role polynomial (a first role polynomial function) and uploading the role polynomial to a cloud server for recognizing the access authority of a user; cloud server: storing an encryption database and an encryption index; it performs the image retrieval task, returning the final query result to the user (second device); the user: it generates an encryption trapdoor (first encryption trapdoor) based on the query image and uploads to the cloud server; after the cloud server performs the image retrieval task, it decrypts to obtain the image of interest (target image).

It should be noted that, in the embodiment of the present application, fig. 5 is a schematic diagram of an image retrieval method provided in the embodiment of the present application, as shown in fig. 5, the image retrieval method may include the following steps of 401, generating an encrypted role set (encrypted user role set) according to a legal user set (legal user role set), generating a role polynomial (first role polynomial function), encrypting an index, and uploading an encrypted image library to a cloud server by an image owner (first device); step 402, a user generates and uploads an encryption trapdoor (a first encryption trapdoor) and an encryption role (a first encryption angle color value) to a cloud server; step 403, the cloud server verifies the identity of the user (the first user role corresponding to the first encryption angle color value) according to the user role (the first encryption angle color value) and the role polynomial (the first role polynomial function), if the verification is successful, step 404 is performed, the cloud server finds the image (the target image) interested by the user according to the encryption trapdoor (the first encryption trapdoor) and the encryption index, and sends the image (the target image) interested by the user to the user; step 405, the user decrypts to obtain a plaintext image; if the verification fails, the process proceeds to step 406, where the search is terminated.

In the embodiment of the present application, the image owner (first device) performs the following procedure, step 1: a role-based polynomial function (first role polynomial function) is generated. It is assumed that the role of user i can be represented by an integer v _i. Let the legal set of roles (legal set of user roles) for a certain set of selectable images be denoted epsilon= { v ₁,v₂,...,v_m }, where m is denoted the total number of users that can access the data set. Access to the data set is only granted if the user's role belongs to the set. Encrypting the user's role set to generate an encrypted role set (encrypted user role set)Wherein g represents a random integer. For a selectable image set, its role polynomial (first role polynomial function) of the access control policy is as shown in formula (1) above; further, the coefficient set of the character polynomial is denoted as { c ₀,c₁,c₂,...,c_m }; step 2: generating an unencrypted index (plaintext index), wherein an image owner (first device) extracts features of an image m _i of an image library to obtain a feature vector f _i＝(f_i,1,f_i,2,...,f_i,l, i represents a serial number of the image in the image library, and l represents a dimension of the features; step 3: the image owner generates an encryption index, which can be expressed by the above formula (2); step 4: the image library is encrypted using an image encryption algorithm, such as the AES encryption algorithm, and the encrypted image library is uploaded to the cloud server along with an encryption index, a role-based polynomial function (first role polynomial function).

It should be noted that, in the embodiment of the present application, the flow executed by the user (second device) is as follows, step 1: encrypting the role v of the user to generate an encrypted role g ^v (a first encrypted corner color value) of the querying user; step 2: generating an unencrypted trapdoor (plaintext trapdoor), and extracting features of the query image q _i by a user to obtain a feature vector q _i＝(q₁,q₂,...,q_l, wherein l represents the dimension of the features; step 3: the user generates an encryption trapdoor, which can be represented by the above formula (3); step 4: the encryption trapdoor is uploaded to the cloud server along with the encryption character g ^v (first encryption angle color value).

It should be noted that, in the embodiment of the present application, the flow executed by the cloud server is as follows, step 1: and (3) role verification: the cloud server verifies the identity of the user based on the user's role. Taking the corner color value (first encryption corner color value) of the user as input, inputting the corner color value into a role polynomial function, wherein the first role polynomial function can be represented by the formula (1), and if 0 (first preset value) is output, indicating that the user (first user role) belongs to a legal user, and allowing the image retrieval operation to be continued; otherwise, the user (first user role) is not a legal user, and is not allowed to continue the image retrieval operation. After verification, the cloud generates a random number m (preset random number), and the random number is used for resetting a polynomial function (a first role polynomial function) to update the polynomial function every time of inquiry, so that an attacker is prevented from stealing legal user sets according to the polynomial function, and a new polynomial function (a second role polynomial function) is represented by the formula (4); step 2: similarity comparison: the cloud server calculates the product of all encryption trapdoors (first encryption trapdoors) and encryption indexes, and the image corresponding to the encryption index (target encryption index vector) with the minimum product is the image (target image) interested by the user, namely the query result; wherein, calculate the encryption trapdoorAnd a certain encryption indexThe calculation formula is shown as the formula (5), and step 3: and the cloud server returns the query result to the user, and the user decrypts the result to obtain the plaintext image.

In the embodiment of the present application, the comparison between the euclidean distance between the plaintext trapdoor and the plaintext index is shown in the following formula (10), and it is known that β >0, α >0Equivalent to dist ²(f_i,q)<dist²(f_j, q). Therefore, the smaller the product of the encryption trapdoor and the encryption index, the smaller the Euclidean distance between the plaintext trapdoor and the plaintext index, and the more similar the image corresponding to the plaintext index and the query image.

It should be noted that, in the embodiment of the present application, when a legal role is newly added or subtracted, a role polynomial updating method is given. Work of the intended owner (first device): when a legal role (a second legal user role) is added, assuming that the role of the newly added user (the second legal user role) is represented as v _new, generating a first role function by the image owner, wherein the first role function is shown in the formula (8) and is uploaded to a cloud server; when the legal character (third legal user character) decreases, assuming that the reduced user character (third legal user character) is represented as v _r, the image owner generates a second character function, which is shown in the above formula (9), and uploads it to the cloud server. Work of cloud server: when the legal character increases, a new character polynomial (updated character polynomial function) is shown in the above formula (6), and when the legal character decreases, a new character polynomial (updated character polynomial function) is shown in the above formula (7).

Example five

Based on the foregoing embodiments, the embodiment of the present application provides a cloud server, fig. 6 is a schematic diagram of a composition structure of the cloud server, and as shown in fig. 6, the cloud server 10 includes: a receiving unit 11, a judging unit 12, a first determining unit 13, a first transmitting unit 14;

The receiving unit 11 is configured to receive an encryption index, a first role polynomial function, and an encrypted image library sent by a first device;

The receiving unit 11 is further configured to receive a first image retrieval request sent by the second device; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value;

The judging unit 12 is configured to judge whether the first user role corresponding to the first encryption role value is a first legal user role based on the first encryption role value and the first role polynomial function;

The first determining unit 13 is configured to determine a target image based on the encryption index, the first encryption trapdoor, and the encrypted image library, in a case where the first user role is the first legitimate user role;

the first transmitting unit 14 is configured to transmit the target image to the second device.

In an embodiment of the present application, further, fig. 7 is a schematic diagram of a second component structure of the cloud server, as shown in fig. 7, the cloud server 10 according to the embodiment of the present application may further include a first processor 15, a first memory 16 storing executable instructions of the first processor 15, further, the cloud server 10 may further include a first communication interface 17, and a first bus 18 for connecting the first processor 15, the first memory 16, and the first communication interface 17.

In an embodiment of the present application, the first Processor 15 may be at least one of an Application SPECIFIC INTEGRATED Circuit (ASIC), a digital signal Processor (DIGITAL SIGNAL Processor, DSP), a digital signal processing device (DIGITAL SIGNAL Processing Device, DSPD), a programmable logic device (ProgRAMmable Logic Device, PLD), a field programmable gate array (Field ProgRAMmable GATE ARRAY, FPGA), a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronics for implementing the above-described processor functions may be other for different devices, and embodiments of the present application are not particularly limited. The cloud server 10 may further comprise a first memory 16, which first memory 16 may be connected to the first processor 15, wherein the first memory 16 is adapted to store executable program code comprising computer operation instructions, the first memory 16 may comprise a high speed RAM memory, and may further comprise a non-volatile memory, e.g. at least two disk memories.

In an embodiment of the application, the first bus 18 is used to connect the first communication interface 17, the first processor 15 and the first memory 16 and the mutual communication between these devices.

In an embodiment of the application, the first memory 16 is used to store instructions and data.

Further, in the embodiment of the present application, the first processor 15 is configured to receive, by using a cloud server, an encryption index, a first role polynomial function, and an encrypted image library sent by a first device; receiving a first image retrieval request sent by second equipment; wherein the first image retrieval request carries a first encryption trapdoor and a first encryption angle color value; judging whether a first user role corresponding to the first encryption role value is a first legal user role or not based on the first encryption role value and the first role polynomial function; and under the condition that the first user role is the first legal user role, determining a target image based on the encryption index, the first encryption trapdoor and the encryption image library, and sending the target image to the second device.

In practical applications, the first Memory 16 may be a volatile Memory (RAM), such as a Random-Access Memory (RAM); or a nonvolatile Memory (non-volatile Memory), such as a Read-Only Memory (ROM), a flash Memory (flash Memory), a hard disk (HARD DISK DRIVE, HDD) or a Solid state disk (Solid-state-STATE DRIVE, SSD); or a combination of memories of the above kind and providing instructions and data to the first processor 15.

The embodiment of the application provides a cloud server, which receives an encryption index, a first character polynomial function and an encryption image library which are sent by first equipment; receiving a first image retrieval request sent by second equipment; the first image retrieval request carries a first encryption trapdoor and a first encryption corner color value; judging whether a first user role corresponding to the first encryption angle color value is a first legal user role or not based on the first encryption angle color value and a first role polynomial function; and under the condition that the first user role is the first legal user role, determining a target image based on the encryption index, the first encryption trapdoor and the encryption image library, and sending the target image to the second device. Therefore, the angle color value received by the cloud server is the first encryption angle color value and is not the plaintext angle color value, so that the problem of privacy disclosure possibly caused by uploading of plaintext characters is avoided, and the application provides a lightweight access control strategy, namely, authentication processing can be carried out on identity information of a first user character corresponding to the first encryption angle color value, the cloud server can judge whether the first user character corresponding to the first encryption angle color value is a first legal user character based on the first encryption angle color value and a first character polynomial function, and under the condition that the first user character is authenticated as the first legal user character, a target image can be determined based on the encryption index, the first encryption trapdoor and an encrypted image library, thereby a malicious user can be prevented from accessing a system, and the problem of image privacy disclosure is further avoided.

An embodiment of the present application provides a computer-readable storage medium having stored thereon a program which, when executed by a processor, implements the image retrieval method as described above.

Specifically, the program instructions corresponding to one image retrieval method in the present embodiment may be stored on a storage medium such as an optical disc, a hard disk, or a usb disk, and when the program instructions corresponding to one image retrieval method in the storage medium are read or executed by an electronic device, the method includes the steps of:

In an embodiment of the present application, further, fig. 8 is a schematic diagram of a composition structure of a first device, and as shown in fig. 8, the first device 20 includes: a second determination unit 21, a second transmission unit 22;

The second determining unit 21 is configured to determine an encrypted user role set based on a legal user role set;

The second determining unit 21 is further configured to determine a first role polynomial function based on the encrypted user role set;

The second sending unit 22 is configured to send the first character polynomial function, the encryption index, and the encrypted image library to a cloud server, so that the cloud server determines a target image based on the first character polynomial function, the encryption index, and the encrypted image library.

In an embodiment of the present application, further, fig. 9 is a schematic diagram of a second component structure of the first device, as shown in fig. 9, the first device 20 according to the embodiment of the present application may further include a second processor 23, a second memory 24 storing executable instructions of the second processor 23, further, the first device 20 may further include a second communication interface 25, and a second bus 26 for connecting the second processor 23, the second memory 24, and the second communication interface 25.

In an embodiment of the present application, the second Processor 23 may be at least one of an Application SPECIFIC INTEGRATED Circuit (ASIC), a digital signal Processor (DIGITAL SIGNAL Processor, DSP), a digital signal processing device (DIGITAL SIGNAL Processing Device, DSPD), a programmable logic device (ProgRAMmable Logic Device, PLD), a field programmable gate array (Field ProgRAMmable GATE ARRAY, FPGA), a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronics for implementing the above-described processor functions may be other for different devices, and embodiments of the present application are not particularly limited. The first device 20 may further comprise a second memory 24, which second memory 24 may be connected to the second processor 23, wherein the second memory 24 is adapted to store executable program code comprising computer operating instructions, which second memory 24 may comprise a high speed RAM memory, and may further comprise a non-volatile memory, e.g. at least two disk memories.

In an embodiment of the application, a second bus 26 is used to connect the second communication interface 25, the second processor 23 and the second memory 24 and the mutual communication between these devices.

In an embodiment of the application, the second memory 24 is used for storing instructions and data.

Further, in the embodiment of the present application, the second processor 23 is configured to determine an encrypted user role set based on a legal user role set corresponding to the image set; determining a first character polynomial function based on the set of encrypted user characters; and sending the first character polynomial function, the encryption index and the encryption image library to a cloud server so that the cloud server can determine a target image based on the first character polynomial function, the encryption index and the encryption image library.

In practical applications, the second Memory 24 may be a volatile Memory (RAM), such as a Random-Access Memory (RAM); or a nonvolatile Memory (non-volatile Memory), such as a Read-Only Memory (ROM), a flash Memory (flash Memory), a hard disk (HARD DISK DRIVE, HDD) or a Solid state disk (Solid-state-STATE DRIVE, SSD); or a combination of memories of the above kind and providing instructions and data to the second processor 23.

The embodiment of the application provides first equipment, which determines an encrypted user role set based on a legal user role set corresponding to an image set; determining a first persona polynomial function based on the encrypted user persona set; the first character polynomial function, the encryption index and the encrypted image library are transmitted to the cloud server, so that the cloud server determines the target image based on the first character polynomial function, the encryption index and the encrypted image library. It can be seen that the first device can determine an encrypted user role set based on a legal user role set corresponding to the image set; then, a first role polynomial function can be determined based on the encryption user role set, namely, when the first role polynomial function is generated, the legal user role set can be encrypted, so that the privacy of the user role is ensured, and the first role polynomial function, the encryption index and the encryption image library are sent to the cloud server, so that the cloud server determines a target image based on the first role polynomial function, the encryption index and the encryption image library.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of implementations of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block and/or flow of the flowchart illustrations and/or block diagrams, and combinations of blocks and/or flow diagrams in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks and/or block diagram block or blocks.

The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the present application.

Claims

1. An image retrieval method, wherein the method is applied to a cloud server, and the method comprises the following steps:

2. The method of claim 1, wherein the determining whether the first user role corresponding to the first encrypted role value is a first legitimate user role based on the first encrypted role value and the first role polynomial function comprises:

Inputting the first encryption angle color value into the first character polynomial function to obtain an output value;

judging that the first user role is the first legal user role under the condition that the output value is a first preset value;

and under the condition that the output value is not the first preset value, judging that the first user role is not the first legal user role.

3. The method according to claim 1 or 2, wherein after said determining, based on the first cryptographic corner color value and the first character polynomial function, whether the first user character corresponding to the first cryptographic character value is a first legitimate user character, the method further comprises:

And determining a second role polynomial function based on a preset random number and the first role polynomial function.

4. A method according to claim 3, characterized in that the method further comprises:

Receiving a second image retrieval request sent by the second equipment; wherein the second image retrieval request carries a second encryption trapdoor and a second encryption angle color value;

judging whether a second user role corresponding to the second encryption angle color value is the first legal user role or not based on the second encryption angle color value and the second role polynomial function;

And determining a target image based on the encryption index, the second encryption trapdoor and the encryption image library under the condition that the second user role is the first legal user role.

5. The method of claim 1, wherein the encryption index comprises N encryption index vectors, the N being a positive integer, the determining a target image based on the encryption index, the first encryption trapdoor, and the encrypted image library comprising:

determining a target encryption index vector based on the first encryption trapdoor and the N encryption index vectors;

The target image is determined based on the target encryption index vector and the encrypted image library.

6. The method according to claim 1, wherein the method further comprises:

Receiving role function information sent by the first equipment; wherein the character function information comprises a first character function and/or a second character function;

The first character polynomial function is updated based on the character function information.

7. An image retrieval method, the method being applied to a first device, the method comprising:

8. The method of claim 7, wherein the method further comprises:

Determining corresponding N feature vectors based on N images in the image set; wherein, N is a positive integer;

determining N encryption index vectors based on the N feature vectors;

The encryption index is determined based on the N encryption index vectors.

9. The method of claim 7, wherein the method further comprises:

under the condition of adding a second legal user role, determining a third encryption angle color value based on the second legal user role;

determining a first corner function based on the third cryptographic corner color value;

determining a fourth cryptographic corner value based on a third legitimate user role if the third legitimate user role is reduced;

Determining a second role function based on the fourth cryptographic corner color value;

sending role function information to the cloud server; wherein the character function information includes the first character function and/or the second character function.

10. A cloud server, the cloud server comprising: the device comprises a receiving unit, a judging unit, a first determining unit and a first transmitting unit;

11. A cloud server, the cloud server comprising: a first processor and a first memory; wherein,

the first processor being adapted to perform the method of any of claims 1-6 when the computer program is run.

12. A first device, the first device comprising: a second determination unit, a second transmission unit,

13. A first device, the first device comprising: a second processor and a second memory; wherein,

the second processor being adapted to perform the method of any of claims 7-9 when the computer program is run.

14. A computer readable storage medium, characterized in that the storage medium has stored thereon a computer program code which, when executed by a computer, performs the method of any of claims 1-6 or 7-9.

15. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the method according to any of claims 1-6 or 7-9.